This goes along with the news that Windows 10 backs up your drive encryption key by default, and that Microsoft can use it to decrypt your data. In "good faith", of course.
See http://thenextweb.com/microsoft/2015/07/29/wind-nos/ ; "Windows 10 automatically encrypts the drive its installed on and generates a BitLocker recovery key. That’s backed up to your OneDrive account." Together with the ToS: "We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services."
> We will access, disclose and preserve personal data, including [...] files in private folders
I don't see any language that restricts that to their cloud offerings. It's in the privacy statement that covers windows too.
So unless i'm missing something they're granting themselves the right to disclose your harddrive to government agencies or their own legal department on a good-faith basis.
Every company that has access to your encryption keys can be prompted to give them up with a warrant.
You can keep them from having the key. That's one way around it. Using hardware of some kind (and there are multiple.)
You are also free to use another solution that might meet your strict requirements to personally review the encryption, filesystem, device driver, and memory management code of your operating system to verify it's operating to your specifications. There have literally never been so many options for the privacy minded person with the time to pour through a metric ton of C code.
I believe that you are mistaken. Could they turn over your BitLocker recovery key to the authorities that would then use it to decrypt your HDD that they have already taken from you? Yes.
Are they going to reach out over the internet and take your data? No. They are not going to do that. I follow this stuff really closely. I promise I haven't seen or heard of a capability where they can remotely take data from your machine and turn it over to the government.
There are two approaches: give someone a pile of power over you and trust them not to abuse it, or never give them that power in the first place. Given the repeated demonstrations of what can and does go wrong with the former...
What kind of fee do you have in mind for not using their contract of adhesion? Unless I'm buying thousands of copies of the OS I doubt I can even get that negotiation started.
Some of it's pay as you go, oddly enough. But you are largely correct that more money equals more access to these kinds of things.
There is a company in China that paid them to install Office 365 in their data center. There is an amount of money that will make them install it in your data center, too.
I just think that there has never been more choice for end users and a lot of this stuff about privacy is disingenuous. There are a group of people that wouldn't be happy even if MS released their own version of TAILS and hosted part of the Tor network. (It would be "embrace, extend, extinguish!"..."Tor is part sponsored by the Navy...I be MS gives your Tor traffic directly to the NSA."...It's really not hard to imagine the BS.)
One other thing. A "pile of power over you"...that's not helping, man. They have some commercial legal arrangement that you don't particularly care for. They can't come and kick you in the shin and torture you. They can't beat you to death and plant a weapon on you or anything. We are talking about an issue that is squarely within middle and upper class privilege in an industry that literally could not exist without government defense funding.
Take, for instance, Richard Stallman is an Alumn of Harvard and MIT. There literally can't be a place that is more establishment. So all of that "freedom" is about being able to use an expensive commercial product that was developed with RnD money from the DOD...but somehow it's morally wrong to not ship source code to a compiler? Can you see where I'm coming from here? The moralizing is pretty arbitrary.
Furthermore, if they did give your content to the Government because of a national security letter how is that abuse of power? Should they not comply with the law? I disagree with a lot of the laws that have been passed in support the war efforts of the last decade, but that's kind of the way that democracy works. I lost, but I still have to live by the rules.
I just think that the privacy absolutism that everyone keeps bringing up isn't reasonable. Even Bruce Schneier says that the way that you actually change these things is through the political process.
Power is a boot on your neck. This is more of an inconvenience.
Leaving aside the tangent in your comment (we were talking about governments having access to your encrypted data, not about Free Software)...
> Furthermore, if they did give your content to the Government because of a national security letter how is that abuse of power? Should they not comply with the law?
I fully expect that they would have little choice in doing so if they received a warrant from a government with jurisdiction over them. (Though I'd also be unsurprised if they did so even if asked without a warrant.) I don't want them to have anything to give if asked.
> I just think that the privacy absolutism that everyone keeps bringing up isn't reasonable.
Different people value their privacy differently. If you don't value it as much, feel free to trade it for things you consider more valuable. Don't assume everyone else wants to make the same trade you do, though.
I'm not advocating absolutism. You should be able to have as much or as little privacy as you want, which may even mean different amounts of privacy in different contexts.
> Power is a boot on your neck. This is more of an inconvenience.
The government having full access to the contents of your encrypted drive is an "inconvenience"? I'd hate to know what you consider an abuse of privacy, then.
The whole point of encryption is to keep unauthorized people from having access to your data.
The point is that they're granting themselves the permission to do so if anyone ever deemed it necessary and that the user has to agree to their terms to use windows.
So you're basically signing away your rights to privacy. Not based on due process but on "good faith belief".
Someone at microsoft thought there is a need to do that to cover their legal asses. They would only think that in case they anticipated needing it in the future.
You are completely free to not use it. I'm not trying to be a smart-a here. There have never been more options for end users.
You aren't signing away your rights to privacy without due process...that's your part to evaluate. "Is this useful enough to me that it's worth agreeing to this?"
Also, this is version dependent. The TOS for an individual consumer is different than a developer with an MSDN license, and a business with a volume agreement. Do you have different privacy requirements? Are you willing to pay for them? If they can't make money with the product that they built in the manner that they came up with then it isn't illegal, or really even remotely morally odious, for them to ask for a different payment arrangement.
Now. Do I like everything about life in a capitalist national security state? No way. But do I whine when some vendor doesn't do exactly what I want when I'm really not event scratching the surface of enough money to get their attention? Seriously, man.
YOU installed their software. You didn't have to. No one forced you to. Don't like the TOS? Call them and schedule a meeting to talk about coming up with a different arrangement...they will want money for that, but you can certainly have it.
The truth is that there is jack all that I or anyone else can say to you that would change your mind about any of this.
Also, I'm not willing to grant that you are reading the TOS correctly...so there's that point. No offense, but its pretty dense and things that are probably pretty reasonable come across as a privacy invasion to people that are really sensitive on the subject.
I did? I never said so. I'm just looking at their Privacy Statement and find questionable clauses there.
> Also, I'm not willing to grant that you are reading the TOS correctly
I did say that's a possibility from the start. But as long as nobody shows that it's not possible that my reading is not how a lawyer or judge would read it I remain deeply skeptical about it.
OK. What I'm trying to say is that backing up to OneDrive is optional. You get the choice. You can protect the key with a TPM or a smart card...It's not an all or nothing thing. You have options there, if you are interested.
The other thing is that it sounds like a lot of privacy minded people can't trust BitLocker despite any number of assurances from MS or code reviews by third parties. AND THAT'S OK. Use something else.
EDIT: I forgot to mention that if you are an admin or just operate your own AD installation you can store the key in Active Directory. The behavior is version specific, I think.
EDIT EDIT: I believe that the TOS you are talking about is specifically referring to online services. I don't have time to stop and read it right now, but I think that you are misconstruing the intent.
> OK. What I'm trying to say is that backing up to OneDrive is optional. You get the choice. You can protect the key with a TPM or a smart card...It's not an all or nothing thing. You have options there, if you are interested.
Except that the default is both insecure and privacy-violating.
It's insecure by a standard that you are setting. If they can demonstrate an audit log of every admin who has escalated their permission to logon to the container of your data and access it, including the files they accessed, would that be good? (Because they do that.)
Again privacy-violating by your, arguably, very narrow standard. I'm sorry friend, but you are stating these things as if there's no question as to what you say.
More accurately, you might say that there are higher privacy and audit-ability standards that you would require for your given situation or application. I wouldn't be able to argue with that at all.
If they can demonstrate an audit log of every admin who has escalated their permission to logon to the container of your data and access it, including the files they accessed, would that be good? (Because they do that.)
They are legally prevented from showing you such an audit log if a National Security Letter is involved.
And -unless there have recently been great strides in the NSL gag order battle- they are legally prevented from indicating to you that you or your data has been targeted by an NSL.
Read this warning on release day, went to read this myself and haven't found such statement neither in ToS, nor in Privacy Policy.
This paragraph (about private communications and files in private folders) seems to be gone from their Privacy Policy. Google cache confirms it was present (in PP, not ToS), but I suppose MS spotted had this insane statement and removed in a hurry - or hid somewhere else, deeper in small fine print and with another wording.
(Or maybe I had totally missed something, scrolling through the document and my browser's search function malfunctioned.)
Did you expand the sections in the Privacy Statement [1]? Open the page in Firefox or Chrome, hit F12 to get to the browser console, then run this to expand all the sections:
$('.learnMoreLabel').click()
If you search the page for "disclose", you'll see that that exact wording is no longer present, but very similar wording is in the "Reasons We Share Personal Data" and "Skype - Partner companies" sections.
I can see that one as a default for non-nefarious reasons. If you make it easy for non-specialist users to encrypt their machine, and there is no way for technical support to recover their data, you're going to inevitably end up with angry users. What's not as clear to me is whether you can change the default.
For most users, this protects them to a useful level. Most users don't think losing a password is a big deal and would be very upset to learn their data is lost because they forgot. That's an anti-feature.
The number of people that'll be protected from leaving their laptop in a taxi, or home burglary, or selling/trading-in a device, or just snoopy relatives or acquaintances, etc. is large and MS absolutely made the right call here. Otherwise, you'd have "experts" giving advice to disable this feature or suffer data loss.
Also, if they use OneDrive to back stuff up (like they should!), the security damage is already done as most juicy files will be unencrypted in MS's hosting and still subject to warrants.
> For most users, this protects them to a useful level. Most users don't think losing a password is a big deal and would be very upset to learn their data is lost because they forgot. That's an anti-feature.
"Would you like to store a backup for your drive encryption password on Microsoft OneDrive? If you choose not to do so, and you forget your password, all of your data will be lost. [Yes/No]"
And none of that warrants a ToS that says they can use that backup for anything other than helping you recover your data.
> Also, if they use OneDrive to back stuff up (like they should!), the security damage is already done as most juicy files will be unencrypted in MS's hosting and still subject to warrants.
Hence why client-side-encrypted backups are a good idea.
>"Would you like to store a backup for your drive encryption password on Microsoft OneDrive? If you choose not to do so, and you forget your password, all of your data will be lost. [Yes/No]"
You know when most people care about whether or not they can recover their data? It's not when someone asks them a Yes/No question, it's when they can't recover their data. And responding with "Well, remember 2 years ago when you clicked 'No'?" Doesn't really help.
Which is a great reason why we should be seeking better authentication systems than memorizing random passwords. Or providing people with another means of backup; for instance, provide options to both "back up via print" and "back up to USB device", in both cases providing something you could then store in a secure location.
Which the Bitlocker stuff already does, when you run it manually. I suspect not with devices that come pre-encrypted - Surfaces, etc.
I was going to say that the most likely thing folk have done is try to back up their key on the drive they encrypt - but last time I tried that due to not being on a network, I think the Bitlocker wizard refused to let me.
Then, don't make it a [Yes/No] question, make it an [Okay] with a barely noticeable "Change Advanced Settings" link; much like the dialog that the TFA complains about.
I want to encrypt my drive, but ensure that the encryption keys never leave systems that I physically control.
I sure as hell don't want to encrypt my drive a second time because the default setting (that I could only change later, when I'm actually using the computer) for the drive encryption software was to upload the drive crypto key to The Cloud.
It's dangerous to ask Joe Sixpack a question like this and accept a simple y/n answer. When people are installing software they are rushing thru w/o thinking.
What the software could do is put something like this on the screen:
DO NOT STORE A BACKUP OF MY PASSWORD
and force the user to opt-out by literally typing all those characters exactly like that:
DO NOT STORE A BACKUP OF MY PASSWORD
At least that way it isn't an unthinking, rote response. Maybe also force them to type
I UNDERSTAND ALL MY DATA WILL BE LOST
Anyway, that would probably only help about half of them. The other half won't care until, as you point out, they can't access their data.
Of course you did. Large companies have no vested interest in building systems that do the "right thing" for you as defined by tech types like us who are arguably more sensitive on this subject than most people.
They are building services that take your information and try to do something interesting enough with it to make it worthwhile...and why is it on by default? Because they want to make money off of the new features and deep integration with your information.
This isn't news. But it certainly may be another excuse to have the exact same conversation that nothing will come from.
Never mind that data generated and collected from cell phone usage will always make the privacy impinging features of your laptop look tame in comparison.
Never mind that the only way to stop companies from doing this is through the political processes that everyone seems to have written off.
EDIT: Downvoting because someone disagrees with the principal argument of the post is lame. Cheers.
Something like Cortana could have been built to work locally, using your own resources. But it wasn't. This was an opportunity to say "we're not like Siri and Google Now, we respect your privacy", but instead they built something just like them.
I imagine the resource costs would be too high to really make that worthwhile. The choice is probably between bad privacy settings, a bad personal assistant, or bad battery life and disk usage. Microsoft chose the option that would likely upset the smallest group of people.
I don't buy it. My Windows 10 machines will be Ivy Bridge, Broadwell, and soon Skylake-powered desktop processors running with gobs of excess computing capacity. Voice recognition should be feasible with this hardware, as it has been in the past with Windows 7 and Windows 8's often-ignored voice transcription feature. Furthermore, even if the performance were slightly worse, I would gladly sacrifice some performance for local execution with local data.
Now, I expect that such a local agent would need to have quite a bit of fine-grained control to satisfy privacy concerns (e.g., do you agree to allow me to send your query about films in your zip code to the MSN Movies site to get showtimes?) But I feel the actual processing of the day-to-day personal assistant features is not only eminently feasible on my desktop, but most likely also on my Surface or laptop.
The cloud is pernicious and voracious, its dominion grows quickly enough without needlessly exaggerating the necessity of offloading computation like this. Local computing devices—especially those that conventionally run Windows (desktop PCs and laptops)—are extremely capable.
Cortana is a cloud agent not because of requisite processing power. Illusory local processing deficiency is just a convenient justification for why it doesn't run locally.
But then, I am a strong advocate of personal compute servers and mainstreaming secure private networks. So I am obviously fringe in today's culture that embraces the centralized cloud.
You know they sell things like the Surface 3 using an Intel i3 processor, and still sell Windows tablets with Atom processors, right? Just because you have a 12-core i7 with 320GB of RAM doesn't mean every Windows machine does.
Well, like I said, Windows 7 and 8 had voice transcription support built-in and it worked well on my old computers from 2009, with plenty of CPU capacity to spare. I expect a modern i3 would probably match my desktop i7 from '09.
I agree with you with everything except the expectation of performance of your desktop - you're underestimating the ever-growing bloat. Faster hardware is just an excuse for businesses to include more useless shi^H^H^Hvalue-added features and a way to speed up their delivery by caring about performance even less.
WRT cloud, we've already reached the point of ridicule with the new generation of Internet-connected hardware. So many useless webapps (er, "value-added cloud analytics platforms") and so many devices sitting centimeters from each other but communicating all the way around the world. There is absolutely no engineering reason for it to look that way - it's all just attempts to milk users by making them depend on cloud services.
For now. This crap is going to get a lot harder to avoid when the Intel SGX instructions are widely deployed and it becomes possible to extend the lockdown from SecureBoot to the kernel and kernel-authorized apps.
I suggest fighting it now, while it is still just an annoyance.
processors running with gobs of excess computing capacity
You're right about the CPU. However, it's possible that good voice recognition also requires gigabytes of data. That wouldn't work so well for a tablet. Or maybe there is some custom hardware (like DSP chips) in the data center that is used? I don't know, I'm just playing devil's advocate.
I do agree with your sentiments. I'm not about to opt in to this garbage. I came of age in the era of the mainframe and I despised the lack of personal control. I won't willingly return to that. Today's cloud is just yesterday's mainframes and time-sharing by another name.
But the entire point of the service was to use data mining techniques so that you could use natural language directives to say "add a reminder to my team's calendar to update some presentation in O365, etc"...
Maybe you don't find it that useful, but I think that a lot of people would. It will, in a future release, be genuinely useful. It's getting there.
Josh, maybe you don't get how difficult Speech Recognition is now that it comes as standard in your smartphone, but they use Google/Apple (delete as appropriate) servers for a reason. There's a reason people were amazed at the response time of Cortana - local speech recognition that doesn't hog the processor is a big deal.
And connecting to O365 calendars offline? Is that not a stupid concept?
I'm well aware of how phones handle speech recognition; there are reasons they do so via services that have little to do with the computational difficulty of speech recognition. It's not by any means necessary to upload raw voice data to a server and process it there, especially if we're talking about full computers rather than just phones.
> And connecting to O365 calendars offline? Is that not a stupid concept?
I said "local", not "offline". Though in any case, you should likely have a locally synced cache of your calendar for efficiency and the ability to read it offline. Web apps are quite capable of working while offline.
Last time I checked, and it was few years ago, analyzing voice locally was much faster than what phones do today - because well, mobile networks have latency. The round-trip to cloud and back itself can easily take a second.
> And connecting to O365 calendars offline? Is that not a stupid concept?
Did we enter a new era where using your calendar offline is considered a special case ? I would assume there are few people who actively modify the same calendar, and it's pretty easy to tell a user when they modify a calendar offline meaning that it's not synchronized on other devices; is there really a need for making calendars online first ?
That's actually how it works. You give it permission to use your O365 account. You give it permission to use your location either at setup or in the config settings at a later date.
A whole host of the Cortana functionality is local that interacts with online services via API's that you authorize.
I don't think that really anything that I say is going to change your mind, but you could check out some of the video's on Channel9 where they go into it in detail. Some of it's pretty good and if you use headphones you can't hear your co-workers talk about stuff that makes you want to slap someone.
The claim that started this thread was that Cortana needed this data to be supplied to Microsoft, as controlled by the privacy settings mentioned in the linked article. If Cortana or similar services don't actually need this data, great; then they shouldn't ask for it or need to have privacy settings that allow it to be sent to Microsoft.
I made a similar suggestion in a somewhat related topic concerning browsers and was told this is bad UX so it shouldn't be done. Informing people of what's going on and giving them power over their choices is bad UX. Somehow.
UX people can't seem to agree on much of anything. On environments where permissions must be explicitly granted (like iOS), I've seen articles saying to go both ways: "ask for everything right at the start", and "ask immediately before use".
> UX people can't seem to agree on much of anything.
It's almost as if "UX people" isn't referring to "UX person." Go to Stack Overflow and the vast majority of questions have multiple answers, as if "programmer people" can't agree on much of anything.
There are dialogs and UI hints that come up when the service is first accessed. Is it enough to placate someone who is seriously concerned with online privacy...probably not. It meets the minimum requirements to not be too sneaky.
Granted most individuals may not be concerned with these intrusions-by-design, but businesses dealing with sensitive information - or who simply have a vested interest in security - may see this as a reason to forgo the Microsoft Office suite altogether, which is one of Microsoft's few stable revenue streams after all these years.
businesses actually can get a very different deal when it comes to data "sovereignty" issues.
it's really consumers who have the least leverage. If you want an arrangement where your data is encrypted with keys that you store in a tamer proof hardware module you can. It's priced differently, but you certainly can have that. (It's not all that expensive in the scheme of things.)
Exactly. I work for defense attorneys, and they deal with a huge amount of private, protected, highly-confidential data. I honestly don't know how we can keep implementing Microsoft solutions... have been debating switching everything over to Mac.
It's not wrong or evil or even criminally negligent to want programs that you write to work as intended. With new systems that have fancy machine learning based features developers face the difficulty that making an accurate training data set is impossible, especially at the scale at which Microsoft ships its software. Cortana's abilities to be smart assistant all involve polling the data mentioned in the post, sure you can disable all of them and be blissfully disconnected from network assisted features like her and better handwriting recognition. It's a choice and by default there isnt any harm in leaving most of those options enabled, the average user will only benefit from the interaction. It's okay to be conscious about where you're sending your data but its just ridiculous to frame each new feature released by company as morally wrong or "having no vested interest in doing the right thing".
God forbid we become slaves to the evil corporations. /s
I didn't mean to make it sound that way. I actually agree with you completely. I was trying to write for my audience there...my point was just that obviously they will want to gain something from the relationship as well.
You and I are in complete agreement on the subject...I just fell into hyperbole...
That's the thing, though. I find the constant kvetching about privacy the most cynical thing. None of these posts are news, new information, or even a new take on existing information.
All of these companies capture the data to improve their recognition, heuristics, and machine learning algorithms. The pay off is that their services are vastly improved.
Ever wonder how Google was able to catch up and perhaps surpass Microsoft, IBM, and everyone else in the Voice Recognition field so quickly? It wasn't because they came up with some revolutionary algorithm overnight. It was because they very quickly amassed an archive of transcribed audio samples. How did they do that? Very cleverly with Google 411.
If you ever used Google 411 you might have noticed it worked slightly differently from regular 411. You spoke your query, the voice recognition software spoke back what it thought you said and asked if that was correct. If you said no, or it couldn't understand your reply, it connected you to an operator who first listened to what you'd said and then repeated the confirmation process with you again whilst inputting what you actually said into the system. This created a transcribed audio sample that Google could use as a test case for their voice recognition software. This allowed them to iterate much faster than other companies.
How do they spy on you? There's no suspicious network traffic leaving my Mac. They might collect info about Siri queries or downloaded apps, but they're certainly not logging keystrokes from OS X or iOS.
I think you're assuming they're doing something they're not.
Microsoft is capturing text input and handwriting from touch input interfaces the same way Google's Android keyboard , Swype, or Swift Key do to improve predictive input, spelling correction/suggestions, personal dictionaries etc. Remember Windows 10 is touch enabled operating system like iOS or Android.
I'm not as familiar with the Apple Keyboard but I would be surprised if it didn't do that too in some form. Their Quick Type feature states it performs heuristics locally but it doesn't mention other aspects. Their policy states they don't collect personal information or conversation history but that doesn't mean they aren't capturing corrections or things they deem to be non-personal but sound pretty personal to me (e.g. occupation, language, zip code, area code, unique device identifier). Remember how researchers were able to identify Netflix users based on lesser anonymized meta-data? That non-personal information sounds pretty damn personal in comparison.
I hope you're not using a 3rd party keyboard on iOS with Full Access enable because if so then you agree to the same thing Microsoft is asking for.
I'm surprised you're ok with Apple recording Siri Queries and sharing them with Walk N’Talk Technologies who has humans listening to them but you're opposed to Microsoft doing anything similar in Cortona. How do you feel about Google Now? Did you ever use Google 411 because that was just a quick way to get a massive archive of audio samples.
> Their policy states they don't collect personal information or conversation history but that doesn't mean they aren't capturing corrections or things they deem to be non-personal but sound pretty personal to me
> Their policy states ... but that doesn't mean they aren't capturing corrections or things they deem to be non-personal but sound pretty personal to me
> sound pretty personal to me
It's pretty clear actually. What you may think about situation may have zero factual grounding. You'll need to provide some citations and references instead of just saying what you think or feel the situation may be.
You're wrong though about it having zero factual grounding. They collect data, like everyone else, this is a fact. They state that openly in their privacy policy, they even go so far as to define what they consider personal vs non-personal information. We also know that that Siri collects and transmits a bunch of this "non-personal" information to a 3rd party for analysis.
On their QuickType page they say "your conversation data is kept only on your device, so it’s always private." That's a lie because iMessage and your keyboard Dictionary are synced to iCloud which isn't your device. That doesn't mean that it's in Apples hands or they can access it but it's not a factually true statement either. They're also careful to say "conversation data" and not something more general like "anything you input into your keyboard".
I'm not suggesting Apple does anything more invasive than anyone, I'm just suggesting they don't do anything less based on what's observed.
> That's a lie because iMessage and your keyboard Dictionary are synced to iCloud which isn't your device.
Is it opt-in or opt-out ? Because I use iCloud for Safari bookmark sync only and it never bugged me for syncing anything. Local iTunes encrypted backup is fine.
Define spying? Most of Apple's services are opt-in as opposed to opt-out. iTunes and Siri are where most the data collection happens. In OS you also have device location services, map data collection but most points are easily controlled.
Well, the innocent definition is to keep watch over and the sinister definition requires hostile intent. Either way, it can be considered spying. The problem is that the innocent spying today can easily turn into hostile spying tomorrow, with little or no notice.
I use a local account on Windows 8 (which is pretty much configured to run like Windows 7) but that completely keeps me from being able to use the Windows Store and therefore any of those universal apps.
I'm sure if I choose the same option in Windows 10 a large part of the OS will be completely closed off.
Not that you're missing out, not being able to access the universal apps. Hell, Skype even pulled a 180, got rid of their universal app and went back to regular, ol' desktop apps.
Uh, no they didn't. The Universal app is still there and was updated a month ago. They've always had both Universal and Desktop apps available, especially since there are people on Win7 and below that wouldn't be able to run the Universal app.
Edit: Apparently they deprecated it inside the app itself, not in the store. I've kept the message above.
Maybe that was the update? Granted, I haven't used the Universal app in a long time because it's not nearly comparable in featureset to the desktop one. It'd be nice if there were update logs more than "General fixes" but oh well.
You should be able to log in directly into the Store without associating that account to your local account. That should be the default in 8/8.1, I don't know if it applies in 10 but it's exactly how you can get universal apps while on a domain account.
I wouldn't hold my breath over MSFT software market place. They are notorious at dropping support for this as soon as they feel it doesn't enable them to capture more market share.
I could not agree more. I run Fedora on my desktop, and iOS and OS X on my iPhone and MacBook respectively. When I read posts like this, I can't help but think "How long will it be until I'm unable to do any compute without being tied to an online account?". Most people (including myself) have no idea what is going on in their smartphone, tablet or desktop PC. I can trust Fedora somewhat more, but as an exercise, leave tcpdump running on your OS X device and the amount of non-local network chatter is unbelievable.
Furthmore, why is it when you delete a photo from your iPhone it can persist on iCloud for up to 30 days?
Likewise, why is it when I restore my iPhone and set it up from scratch it starts to download 100MB + of data over WiFi? [1]
[1]. When I setup my iPhone from scratch (Apple ID, iCloud disabled), it hammered my WiFi at the full RX rate of my DSL line for approx. 10 minutes. That's 4Mbps * 60 * 10 = 2400Mbits = 300MB. I made sure that my iPhone was the only device connected to my WiFi. What could be in that 300MB of data? I should proxy all traffic from my WiFi to my DSL modem via another PC and do tcpdump on that!
I don't intend on leaving any of these on when I install Windows 10 but some of these seem to correspond directly with the whole "Cortana as personal assistant" thing. And there is whole separate system for controlling what Cortana knows about you.
Okay. Good to know. So, when
I decide to upgrade from Windows
XP, I will install the legal DVD
I have of Windows 7 and stay with
that for years!
No Windows 8, 10, etc. for me until
Microsoft makes some fantastically strong and
solid statements about compatibility
with old software, security, and privacy.
The "security" of newer Windows is mostly anti-user, anti-freedom. XP doesn't enforce code signing, and SFP is only advisory, so you can run whatever you want, hack and customise the OS code easily to get it to behave how you want. Most of the exploits that gave XP a bad name in the early days were from IE in its default configuration, which basically no one on XP will be using now.
It takes time to get bugs get discovered and fixed. There's a lot of new code in these newer versions and I bet they'll be uncovering more bugs in it as time goes on, some of which won't be applicable to XP because the code isn't even present.
As for "privacy"... XP most certainly does not phone home with anywhere near the amount of info that Win10 collects, as this article shows.
I'd be more inclined to say "Worried about security and privacy...but still wants to upgrade to Windows 10?"
My next jump after XP will likely be some form of Linux with WINE - with everything that can phone home removed.
Have anything specific except for
Flash or macros for Word? There
is the recent 15 or so year old
problem, so far never seen in practice,
having to do with fonts or some such.
Otherwise, what's insecure about XP?
Or more secure about 7, 8, 8.1, or 10?
Sure, using XP means I'm not cool, but
what about actual security?
Or are the crucial parts of XP really
much different than those of
7? I doubt it. Until the XP support
stopped, the same malware scanning and
repair software worked for XP and 7.
> Otherwise, what's insecure about XP? Or more secure about 7, 8, 8.1, or 10?
Windows XP had no UAC and most users were surfing as admin, which was inherently more insecure. Also, XP does not have a bunch of security features the newer Windows had, see http://superuser.com/a/739204. And now without the updates, since security issues are not patched, the system should be open to all kinds of drive-by attacks and whatever was found in the last months. I do not have a list of them.
I read the link and got nothing out of it.
I don't even know what the acronyms mean.
I don't understand "drive by attacks": My
XP computer has nothing wireless, not
even the
keyboard or the mouse. Wireless,
essentially everything about everything
wireless looks to me like a gigantic
security problem. Right: I have no
smartphone; I have a cell phone someone
gave me, but I've never used it and
intend never to use it.
I see no
panel trucks outside looking at whatever
radiation my equipment giving off.
I really don't get the suggestion in the
link that somehow XP is vulnerable just from
being connected to the Internet.
I don't have much software listening
on IP ports -- I shut down that stuff.
I don't use Internet Explorer except
rarely at Microsoft sites. I use
Firefox and have Java disabled.
I don't let data from untrusted sources
execute at software. Really, I rarely
download any software, not plug-ins,
macros, or anything else.
The link says that most XP users run
as Administrator. Well, I don't.
I have to run as Administrator
for some of my software development,
but otherwise I run as an ordinary user.
People used to worry about opening
e-mail attachments. I never did or would do
such a thing. I run Outlook
only in text mode; I never let Outlook
trigger the processing of HTML or display
an image.
My version of Flash is a bit old and,
that means that Flash never runs
except when I explicitly permit it to
run, and I only do that on no doubt
fairly safe Web sites.
I permit Acrobat to see a PDF file only
from no doubt highly trusted sources.
I fail to see just why my computer is
so vulnerable. All evidence is that
my computer is safe enough to date.
Windows XP does support the Microsoft
High Performance File System (HPFS),
and it has capabilities and
access control lists (ACLs) which,
going all the way back to Multics,
IBM's Resource Access Control Facility
(RACF), parts of SQL Server, etc.,
are relatively good ideas for security.
In time I will convert over to
Windows Server anyway, make use
of ACLs, use virtual machines,
maybe some version of containers, etc.
I don't read removable media from
untrusted sources. I never use
thumb drives.
For CDs and DVDs,
I tell Windows over and over, "take
no action".
There is a suspicion that once Microsoft
noticed, say, way back in Windows 95, that
their code was awash in security holes,
they first saw the bad news and, later,
noticed some good news: Fix the bugs
but use bug fixes as a way to get users
to upgrade to new software, with more
bugs to be fixed, to get people to
upgrade to more software, etc. Generally
Microsoft wants users of Windows to
have to keep returning to Microsoft
and paying money. Gee, my processor is
from AMD and I don't have to keep
interacting with them and paying money.
Considering this suspicion, why should
I rush to Windows 7, 8, 8.1, 10
with a lot of new software and bugs?
I look at Satya's face and I know
that I can't read it or understand
him. I can't trust Satya.
Really my big concern on upgrading
is the weeks and weeks and weeks
of barbed wire enemas I will have to
go through, clicking, guessing,
struggling, clicking, clicking,
clicking, over and over, for
hours and hours at a time,
days, weeks, months, screaming
in anger, literally, until my
throat is sore, literally,
as I've
done too often in the past,
just to get back to
a system as usable as I have now.
E.g., now I have my main boot partition
backed up so that I can restore it.
If that partition gets infected,
then I will just restore my most recent
backup, which has been apparently solid,
stable, and secure now for about three years.
I know how to do the restore and have
done it and tested it. And I have
two other partitions I can boot
from to do the restore.
So, how would
I do such things with 7, 8, ...?
Will Microsoft tell me? Nope. They
just want to suggest that they
can solve all my problems by
migrating m...
Drive by attacks in that context does not mean wireless. It means exactly what you think is not the case: That just by being in the Internet you are vulnerable. Exploits like http://www.computerworld.com/article/2488674/malware-vulnera... get patched in Windows 7+, but they stay as a gaping hole in your OS. Nothing you described helps just a bit against that.
> My version of Flash is a bit old and, that means that Flash never runs except when I explicitly permit it to run, and I only do that on no doubt fairly safe Web sites.
That does not help. There were flash-exploits for which the click to activate function of browsers were useless against.
> I have a copy of Office 2003 -- with lots of patches, and that's fine with me.
Office 2003 is not supported anymore as well and might contain equally big security bugs (I did not look that up). You open word documents with it, you might be infected.
If you want to stay on a secure system for years where the UI does not change, you will have to migrate to Linux with one of the custom Window Managers like Openbox.
The link was for a lot of versions of IE,
some of which don't run on XP. I try not
to use IE. Sometimes I had to use it at
some Microsoft Web sites. Okay.
Mozilla will let me install a new version of
Firefox, but Microsoft won't let me install
a new version of IE or let me patch an
old version of IE. Bummer.
I'd be reluctant to let my 2003 copy
of Word open a file from an untrusted
source. I do next to nothing with Word.
Occasionally I run the 2003 version of
Excel: I generate the data outside of
Excel using whatever software I write
and then pull the data into Excel for
graphing. I don't try to use Excel files
from other people.
So, Flash can hurt even if I don't run it!
Wow. Looks like Adobe worked really hard
to help the hackers.
Does Microsoft really want the their
security holes fixed?
Gee, in a big company, how can people
pass around Word, Excel, and HTM files?
One infected file, and many of the
computers in the company can get infected.
Whatever happened to the idea that a program
that reads data checks to see if the
data is okay and makes sure that
bad data can't cause the program to
hurt anything? That was the
long the implicit, expected standard, right?
If someone can send me a DOC file for
Word and, reading that file, Word
infects my computer, then Word is junk,
and Microsoft writes junk software.
Bill and Satya need to get on the case
here.
Microsoft's infected toxic-ware?
It's been a long time, Microsoft --
time to fix this stuff.
On time sharing, it was the case
that any user could write and run
any software at all with no damage
to the operating system or to any other
user. Why is it possible at all to
run software as a user on Windows and
hurt Windows? Bummer.
Microsoft,
we need some guarantees, or at least
strong assurances with, say, a
major bounty program, that such things
just are not possible. How about
a bounty of $1 for the first bug and
for each subsequent bug double the
bounty? How 'bout that Bill?
Risk your fortune or fix the bugs?
You have four and a half years before Windows 7 "End of extended support" occurs on January 14, 2020. You might want to transition straight to linux or OSX.
Depends on how old. What I'm running
and like would not have run on
Windows 3.1 or PC/DOS but did run
on Windows NT SP3 and Windows 2000.
But maybe some of that software would
have run into problems on Vista.
Maybe Microsoft wants to assume that I
will do my typing into Word or Outlook
or Excel. No I won't. I type into
my favorite text editor KEDIT. I keep
my e-mail in files maintained with KEDIT
and use Outlook only to send and receive, that
is, handle the POP3 interactions. Maybe
Microsoft believes that, sure, I will
do my word whacking with Word. No I won't;
I use Knuth's TeX and, then, PDF.
Microsoft thinks I like their efforts
at GUIs -- I hate nearly all GUI efforts
and make heavy use of command lines in
text windows. The command lines run
scripts I wrote.
I make relatively little and light
use of the features of XP and
still less use of Microsoft's
applications. So, my security
is not very vulnerable to
any remaining security holes
in XP.
Upon seeing these options in the installation, I thought I downloaded beta version that needs these for feedbacks
Realizing I have installed retail version, I regretted my decision now I will read the all EULA for the firet time in my lifetime to see what it gets without asking. And probably I will just keep windows for games only.
Games that run on OSX and Linux are the exception. Granted, there are now very high quality offers unheard of in the past (Kerbal Space Program, to mention one).
If you are on OSX, you have access to a bigger selection of games (Elite: Dangerous, for instance, or EVE Online - both using Wine). On Linux, good luck. Steam improved things a little, but it's still an oasis in the wasteland.
"Just" need to convince devs to port their code to yet another platform ..... sic. Let's see how long MSFT and Valve can pretend they cannot get along.
Microsoft is in bed with the NSA and could care less about the privacy of end users. I would argue they develop cloud technologies for the sole purpose of pleasing the goons in surveillance state. They want your data...all of it.
Windows is now essentially a personalized, cloud-based operating system with the primary interface as a personal assistant, so I expected to see all these things as defaults. The advanced features just couldn't work without it. I'm glad there's at least an opt-out, but I do think that Windows needs an OS-wide incognito mode, just a simple switch to record or not record data.
I generally use that on my browser for when I hand my laptop to someone else and don't want their activity polluting my history, but now there's the risk of the entire OS learning someone else's habits when they just need to use the computer and don't want to log in. Sometimes, guest accounts are too restrictive.
I do like having the option of a personalized experience, and Microsoft is generally one of the most restrictive companies when it comes to sharing data. With their push toward more personal cloud services, I hope they will take special care to maintain that record, although everyone knows that certain groups like government have ways of getting whatever they want if it's available.
Hopefully, some of the fine-grained permissions of Windows Phone will soon carry over to the unified platform for those who want it, but either way, I would still do any especially sensitive work on Debian or a similar system.
but now there's the risk of the entire OS learning someone else's habits when they just need to use the computer
They already do pollute the OS history with their behaviours. Examples would be the DNS cache, the thumbnail database and the temp directory. Most people just don't know about these or look at them. But they can be very revealing. The problem I have is that the OS is so ready to upload things. I don't want my OS to upload anything at all, unless I command it to do so.
I've been waiting for this comment, I can see how the first set of customization options really seem like they'd help with the personal assistant. It would be interesting to get a full audit of where your data goes and what they can use it for (training your personal assistant, improving their algorithms, responding to Govt data requests, improving ads, etc).
As for incognito, can you sign into windows as guest now? Or even have multiple accounts on the same pc? If so you could create a guest/dummy account if you are interested in giving the personal assistant pure data.
It's still possible to create a local guest account, but that means giving up a lot of settings that I might want to maintain on the regular account, and it's a hassle to have to log out and in again just because I don't want to record something. Maybe I want to plan a surprise trip for someone who also uses the computer or get information about a strange rash that might be nothing without making that part of my permanent record. Maybe I want to let someone else use software which requires an account, like edit a file on Adobe CS or fix a bug inside Visual Studio, without having everything they do become part of my profile.
Yeah there should definitely be a "Hey Cortana, off the record,..." query mode.
I'm a bit conflicted now. My girls are 7 & 9 and they've been using Microsoft Accounts. With the final Win10 build having all this (none of these settings worked a few months ago), it looks like I've got a lot of reading and explaining to do for them.
This is a great suggestion. I'm getting sick of having to open incongito mode on Chrome unless I want Google Now to happily repeat whatever I was looking at later. Uh, I don't need reminders for sales on hemorrhoid medicine or news alerts about the side effects of MDMA. I don't need that popping up where others can see it.
Some kind of "off the record" mode would be invaluable for voice interfaces. Hell, it would be nice if there was a check box under the Google search box as well, but I imagine Google would never make it too easy to avoid their data mining. I feel like we never had the proper privacy conversation we needed to have with companies like MS, Google, Facebook, etc. I think some level of easy to use yet strict segregation between what I consider my public life and my private life should be cooked-in, and enabled by default, into all this software.
I agree completely. The split between public and private life is so natural that we sometimes forget how important it is. Sometimes people need to be able to experiment and access information privately so they can think it over without being judged. It leads more genuine expressions in public life, even in simple ways. Maybe I want to experiment with listening to all the worst pop music to see if there's something in there I like without my music player thinking I love all of it.
Absolutely. Or take for example my friend, who's a literary translator - she sometimes has to research online the most outlandish and obscure subjects, which have no bearing on her own interests...
> I'm getting sick of having to open incognito mode on Chrome unless I want Google Now to happily repeat whatever I was looking at later.
Isn't that what incognito mode is for? If don't want your searches in cards at all, you completely opt-out of the cards that are strictly based on your search history. Ctrl+Shift+N seems like a small, reasonable step to go off the record. What is the alternative?
Why are you complaining about having to wear a bag over your head whenever you go out to pick up your prescriptions or meet your mistress, citizen? It's a small, reasonable step to go off the record. What is the alternative?
Hyperbole much? You can still simply not log in to Chrome and/or Google Search. But if you want to be logged in by default, then you'll have to tell the browser when you occasionally don't, no?
Most people don't intend to log in to Google Search, as far as they're concerned they're logged in to their email account. This is why Google got in so much trouble in France and the EU over the past couple of years.
This. I don't use gmail, but I use youtube. And when you've logged into youtube, you've logged into your "Google Account". So you can't have youtube open in one tab, and not have your history from other (non-incognito) tabs logged (modulus some tweaking of various preferences that aren't obvious or intuitive).
There's no reason why they couldn't to the same thing Mozilla does: a) have a pretty clear account thing for "sync", b) have a pretty clear page for opt/in out on what to sync, c) Have working self-host sync solution, d) have an open source sync solution so you can easily see what's going on, and how things are encoded/stored.
I mean, if you wanted to be sure you wouldn't get caught with your mistress, you basically would have to wear a bag on your head, no? Or at least her meet her indoors. You certainly wouldn't complain about invasion of privacy when your wife's friend sees you with the mistress on a date.
Here's the thing - I want my history to be available and searchable to me, because I often want to go to a page I visited previously. However, I'd prefer if others couldn't read it and I wasn't showed ads based on that. At the moment, Firefox provides a good browser that doesn't profile me or share my history with "trusted third parties".
For the US market, the way you frame the concern is the legal reality for Microsoft...parents who will blame Microsoft when information about their children passes online...are why there are no privacy guarantees in Microsoft's new policy. It's just too easy for a lawyer to convince a trier of fact that Microsoft "should have known".
Sure. The way around that is to simply not allow users under 13 to have an account. If a user lies about his age in order to get an account, Microsoft is no longer liable.
Yep. We use fake birthdays for my kids' accounts. First it is an opportunity to explain to them that you simply don't need to answer questions truthfully just because a form asks. There's zero benefit to being truthful here; only potential downsides. Same with real name.
Second I explained that under 13 means stuff won't work, so let's add 10 years or so to make sure they don't have trouble.
I don't think Cisco's routers or Youtube's CDN or the typical iPad application have that capability. Stuff gets cached and logged automatically. Microsoft is a big target for lawsuits.
If you don't have any Windows-only applications keeping your younger-than-double-digit children on Windows, well then now is your chance to put them on anything-other-than-Windows.
My own children are still using computers with Windows 7. They play Spore (Windows only), Sims 3 (Windows only) Minecraft (Java, so playable anywhere), Osu! (no idea, really), and a couple of other games. I have no intention of upgrading Windows on their computers past 7. Take a look at your options, you might be surprised how easily Windows is replaced with anything else.
My son, who mostly plays Minecraft, does not understand why many of his friends use Apple PCs. The "render distance" and framerate in Minecraft on our home PC (running Windows 8.1) is twice that of his friends, and our PC cost half what a similar Apple costs.
As a parent, I'm also not sure if an equivalent of Family Safety exists on other platforms. Windows sends me weekly overviews of our kids PC use and blocks inappropriate content. Also, our kids log into their own profiles, I don't give them Administrator level access, they have to aks me if they want to install something.
On my desk now I have two MBPs and one windows PC. The macs are for work, the PC is for games (and occasional windows testing). I use the same kb/mouse/monitor for all 3.
After being out of the PC scene for 10+ years -- and as a rabid apple fan -- let me say this: PC gaming is AWESOME. Games I'd only played on Mac before come to new life on a proper gaming PC. That said I would probably go into a different line of work if I had to use Windows as my primary dev box.
This performance disparity between OS X and Windows for gaming may finally be diminished now that Apple’s bringing Metal from iOS to OS X (far faster than using OpenGL):
I still think Win2k was a great operating system and I wish I could go back to it, but you do eventually have to upgrade. I eventually had to upgrade Win2k to Win7 because of the many performance benefits and the lack of support for the OS.
Even though I personally hate literally almost every new feature of Windows 10 and the design of the entire OS, I'm still running it, simply because I get much better performance out of it than I do on Win7 - and I can generally customize my UX.
MSFT has done this by buying itself into the graphic API market long ago. Since then the last two main graphic hardware vendor have been poorly receptive to develop drivers for any other platform.
Hopefully, Valve OS's initiative might bend this and allow the Linux world to be at least on par with MSFT when it comes to graphic drivers. Considering that from the three main console out there, both the Playstation and the Nintendo are using a flavor or another of OpenGL, there is some hope for the future of alternative to MSFT outside the office and MSFT centric software development.
Linux Mint has many usability features similar to Win 7, is free/free, and I've not had any issues with Win games ( wine / etc ) - plus they can learn command line & packages!
My girls are 7 & 9 and they've been using Microsoft Accounts.
Well, maybe Child Protective Services should be involved? They intervene when children walk home alone from the park, perhaps they'll start to intervene when children are raised to use Microsoft products? http://www.usatoday.com/story/news/nation/2015/04/13/parents...
Just kidding, of course. But my daughters are now 14 and 17 and I don't think they know how to use Microsoft products. We've been on OS X for about 10 years.
So maybe CPS should investigate me? Am I doing my kids a dis-service by not exposing them to the dominant OS?
One of the best things ive done is to shift my kids onto Linux computers. They really enjoyed "Tux" the built in Mario like game featuring the Linux penguin and it helped them connect with the 'Linux brand'. Now when my kids are wanting to install more advanced things they are naturally exploring package management and typing into the terminal to get a new thing going. Wish I'd had better Unix terminal exposure as a child.
It's possible to do all this personalization without giving away your data to advertisers. Unfortunately Microsoft chose not to.
Why do people seem to gloss over the fact that we can implement these technologies without losing privacy? e.g. voice recognition has been possible on home computers for decades now. You don't need the cloud for it.
I mean, you have to admit that desktop-based recognition is just not as good as cloud-based offerings. This is true across the board, having more data and power available will give better results.
Sure, but desktop-based recognition has been improving all the time and may well be good enough. It still doesn't mean we have to lose our privacy just because a slightly better technology might be out there.
Not nearly as fast as cloud recognition has. Especially with all three of the big companies having serious cloud-based recognition offerings and focusing on them.
And seriously, Cortana would be useless without the cloud aspect. Half the things it does revolve around connecting your digital life together by accessing various things about you. Without the cloud, it's literally just Windows 8 search.
How is that? Desktop systems respond quickly, cloud systems often respond after a second - it takes time for data to do a round-trip over crappy mobile connection. Mobile latency is a big thing.
I agree wrt. Cortana (and Siri, Google Now) - most of the things you use them for will require Internet access. But there are still a lot of things that you could do with voice that shouldn't require a network connection, and we're missing the ability now. Not to mention you have zero customization options for cloud-based recognition. I could make good ol' MS Speech API recognize pretty much anything I wanted it to. No problem making it recognize a limited subset of two languages at the same time. With cloud-based systems, if the voice recognition doesn't like my accent, I'm out of luck.
I was referring to the improving part. joosters said desktop recognition has been improving, I meant that cloud has been improving faster. Which is true, all the big companies are focusing on cloud-based recognition. The improvements might eventually come to desktop recognition systems, but even that's not a guarantee given where the focus seems to be.
> Why do people seem to gloss over the fact that we can implement these technologies without losing privacy? e.g. voice recognition has been possible on home computers for decades now. You don't need the cloud for it.
The experience is not quite the same. We have voice recognition since at least late 90's but you have to spend long hours training (> 20 hrs) in order to have a decent result (not even comparable). The fact that is cloud based now enable the software to fit better to different accents and pronounciations.
Another thing is that personalization is not really possible in today devices if you want more than 3hrs battery.
I had better results in late 2000s with less than an hour of training MS Speech API than I have with Google Now today. Either off-line speech recognition isn't that bad or my English really sucks.
I don't know about Google Now. But Cortana does have way better results than local MS Speech API. My english does suck, so it is very impressive to me that Cortana got me right most of the time.
Maybe I'm not using it right, but Cortana on my Lumia 640 Windows Phone seems to blow Google Now right out of the water in terms of capability and usability except for punctuation in voice recognition.
On the other hand, generally I'm pretty impressed with just the voice recognition/transcription by Google on my Android phones (exception: "ferociously"). Transcriptions in Google Voice on the other hand are, hm, marginally good enough to often get a general gist of a call before I return it, but if I need the actual details of the message there's no choice but to listen to it. This includes calls made by me, from my phone that I also do voice recognition on, into a Google Voice number that I use for some tracking.
It is interesting that the transcriptions in the web interface show how confident they are of the quality for each word by how dark the word is.
It's a big, really big dataset, and things get far better the more data you have. In order to even have it, let alone keep it up to date, a significant amount of space and memory would be needed.
That dataset contains languages and accents that are not relevant to me. It could easily be culled to a size where it's no compromise on language+region of birth alone.
It's multiple gigabytes for a single language and accent. I wasn't even talking about the full dataset across languages.
You don't seem to understand the size requirements for getting a good dataset. Don't you think Microsoft would have loaded up the dataset if it was easy and cheap? They didn't have a desktop cloud-based recognition service until literally yesterday, so they had many, many years to include this magical dataset that solves all your problems without cannibalizing another one of its products. They didn't because it's not feasible right now. In the future? Maybe, hell, probably.
>It's multiple gigabytes for a single language and accent.
I have 602 GB free on my first hard drive, 519 free on my second, 699 on my third, 1.06TB free on my forth, 405GB free on my fifth and 46 free on my 6th.
If Microsoft would be kind enough to release it to me, I think I can probably find a corner to squeeze it into.
>Don't you think Microsoft would have loaded up the dataset if it was easy and cheap?
No, I don't. Microsoft wants our voice data, it's extremely valuable to them. They've figured out that there's gullible people like you who will swallow the "it can't be moved onto a local computer" tale hook, line and sinker, and thus give it to them for free.
> That dataset contains languages and accents that are not relevant to me.
You are assuming that they have a different model for each language and region, which I don't think is true since Cortana understand my foreign accent besides of being using USA as a region (Canadian version works really well too).
> I have 602 GB free on my first hard drive, 519 free on my second, 699 on my third, 1.06TB free on my forth, 405GB free on my fifth and 46 free on my 6th.
Good for you, but I don't have that many free space. Gee, I only have 20Gb free on my laptop. I think you might be bias about your situation but not everyone has +1Tb of free space waiting to be used for a voice command.
My colleague wrote his diploma thesis with a voice recognition software (the market leader) because he sucks at typing. Desktop voice recognition can't be that bad.
I have second hand commercial support with a leader software in the market (that is I had coworkers doing the commercial support) and the amount of bugs and trickery some users had to go through with it makes you wonder how they can sell any copy at all.
We had speech recognition back in the 1990s on computers less powerful than a Raspberry Pi V1. We're talking 200-400mhz 32-bit Intel boxes. So yes, the cloud dependency is very dubious.
If leveraging a lot of data allows for better speech recognition, why can't your computer access a remote speech recognition data set that stores and shares the results of its machine learning algorithms rather than uploading actual audio data? Instead of sending actual audio, send and receive very non-personalized non-specific derived model data to/from a repository somewhere (or even peer to peer).
And why not have all the features that can be done locally be done locally. If it's possible for my computer to understand me entering an apportionment, why should that go to a MS sever to be stored forever?
How do you think your computer can understand 'entering an appointment'?
There's a lot more that goes into understanding than JUST speech recognition. First of all, speech recognition by itself isn't exactly trivial, and that's become more and more obvious as we've seen the smallest accent mess with the digital assistants on all the major phones. Yes, technically, Dragon Naturally Speaking existed a decade ago and worked somewhat, but needed a LOT of training, and was dumb as a brick. It doesn't compare.
But beyond that, understanding the meaning of the spoken word is difficult too. Yes, NLTs exist, and they can be very good, but you really need something that a team is administering. They can identify pain points and do regular updates to help... things like an odd band name that is ALWAYS misunderstood, some odd combination of words that confuses a question with a 911 call, etc., otherwise you're just going to end up frustrated.
I should also mention that a digital assistant really needs the power of a full search engine behind it. This allows for auto-correction of mispronounced words, but it also allows near-instant lookups for relevant information. If this was running on your local machine, not only will the processing be slow for some things, it will also be more limited in it's ability to fully process all possible meanings, and it will need to be updated CONSTANTLY.
These companies, by putting the language processing in the cloud, are throwing teams and hardware at the problem, and yet they STILL have embarrassing difficulties when it comes to actually understanding sometimes. Consider that for a moment... hundreds, even thousands of servers running the latest software for processing natural language for multi-millions of people aren't capable of getting your meaning 100% of the time.
Incidentally, I realize that there some open source projects out there that do some rudimentary voice recognition and processing, however they suffer from the same issues addressed above and are MUCH more limited in many many ways. Many of them still make use of cloud-based services for processing the audio, btw. The one advantage, I will say, is that you have to ability to add your own custom commands and actions, which the major systems obviously don't allow.
Not sure if you're being facetious or not but if you were right then we would just do it on our existing phones now.
In the 90s we had slow voice recognition that took a long time to train, that would only ever work for a single user, in a silent room... If it worked at all... Which wasn't very common.
> Not sure if you're being facetious or not but if you were right then we would just do it on our existing phones now.
The point is, some of us don't believe that this was an engineering choice.
> In the 90s we had slow voice recognition that took a long time to train, that would only ever work for a single user, in a silent room... If it worked at all... Which wasn't very common.
And in the 2000s we had fast voice recognition that took a little bit of time to train and that would work over a crappy microphone with loud music playing in the room, all of that running along other software on a $500 PC. I know because in 2007 I made my own Star Trek-like (with proper computer sound and voice feedback) voice recognition system I used to control music that was played on Hi-Fi speakers. It took me like 20 minutes to train it and it worked pretty much flawlessly from anywhere in the room. The voice was captured by a crappy mic I soldered myself from parts and placed on a wardrobe.
And the single-user-only mode? That's actually a feature, not a bug.
... on a Pentium I, using 1990s machine learning algorithms, sure.
Nobody's answered my question as to why The Cloud is the magic pixie dust that solves this problem, and why it could not be solved locally with modern compute power and modern ML techniques.
Because many people speak similarly. If a number of people who speak similarly can train it, it can learn how you will say words that you haven't even said to it yet if a number of other people already have.
Machine learning algorithms haven't changed that much since the 90s, what's changed is the amount of data we have access to, and the amount of data we can process.
When you're training it yourself the data is what's limited. The fact that we can process more data doesn't matter if we don't have access to more data because you can't speak any faster.
But if you have millions of people speaking to it, then we can take advantage of the fact that we can process so much more data.
There are several tremendous advantages to server-based speech recognition.
Firstly, the models (particularly the language models) needed for state of the art performance are huge. It's not atypical for papers to discuss using a billion n-grams, for example ( https://wiki.inf.ed.ac.uk/twiki/pub/CSTR/ListenTerm1201415/s... ). That's several gigabytes of memory and storage at the very least, and you'd need a copy of that for every spoken language you'd want to support. Plus you need to keep that up to date with new words and phrases; it's much easier to keep models fresh on a server than on everyone's computer.
Power and CPU time are also a concern. Big beefy server farms can have trouble keeping up with state of the art speech recognition algorithms; a laptop, tablet or phone is going to struggle, especially when running off a battery, is at a huge disadvantage.
But the biggest advantage to server-based speech recognition is indeed that more data is critical to improving accuracy and performance. There's no data like more data. And you don't just need more data, you need a lot more data. You can get big gains from just doing unsupervised training on 20 million utterance rather than 2 million: http://static.googleusercontent.com/media/research.google.co... There's simply no way you're going to get anything like 20 million utterances without getting data from millions of real world users.
The large data size affects the training, but the model itself is pretty small now (after some hard work on Google's part).
The thing everyone seems to be missing is that Android's (English) voice recognizer is offline[1]. While you can use the online model I suspect that is more about continual update of the model (so it understands new words and changing accents etc) rather than recognition.
>We had speech recognition back in the 1990s on computers less powerful than a Raspberry Pi V1. We're talking 200-400mhz 32-bit Intel boxes. So yes, the cloud dependency is very dubious.
And did you ever use it? Forget sentences, it used to even struggle on a handful of keywords. Even now offline recognition are way far behind the online ones. I have pocket sphinx installed on my raspberry pi and even in a quiet room it has false positives with just a list of 10 keywords. Ohh what I would do to have an offline recognition system that is on par with Cortana/Siri/Google Now.
Hear hear. Of course the cloud is not necessary for good speech recognition. There is no magic there, it's just servers running against a corpus that gets updated often. No reason why this couldn't be done locally, and text queries sent out for non-local requests (such as, what's the weather gonna be).
But I gotta say, I have the feeling that the pendulum is gonna swing back pretty soon. I'm noticing more and more (regular) people being fed up and creeped out with the massive harvesting that Google, Facebook and Microsoft are doing. Opportunity awaits!
I mean more of my problem has to do with the fact that it's an open door than what they will actually do. It doesn't say they will send audio data, it at most says "associated input data" which for all I know could be a database from their algorithms, or it could be a live 24/7 stream from my webcam and audio device.
I guess the thing is that some things are not acceptable, and whether there's a disclaimer or not, people aren't going to like it if we find out that all of our audio is being recorded and uploaded to Microsoft. But it's not, not as far as anyone can tell yet.
But again, we're only worried because they're what, giving us the option to opt out? I mean, if they wanted to they could just go ahead and stick somewhere in the privacy policy something like "from time to time microsoft will upload certain input data for improvement of service quality, depersonalized information may be sent to partners." down in paragraph 24.c.iii. Or they could just not mention it at all.
The question is are you willing to trust the OS. I mean, hell, Ubuntu Linux went and sent all of your search information to Amazon without even giving you the option to opt out in the install process at one point. It could be disabled, but unless you knew about it in advance there was no option to do so. And Ubuntu is open source.
I can see use cases for it, and one actually ties into the location services. Say you're from a region with a specific accent. If the system can tell how you speak, and how other people speak around you, it might be able to create an accent subset for you based on the collective data from all of those speakers. It might be able to guess from a few sentences and your location that you're Glaswegian and start to understand you, not because you trained it, but because across the region many people have trained it a bit. Then with the location to tie the regional accent together, even if you're in the US once you've spoken a few phrases it might be able to identify you as belonging to that regional language group.
But uploading of all spoken data to Microsoft would be silly, not just because it would piss people off, but because it wouldn't be something you could hide, and it would end up being quite a lot of data that's really not that useful.
But could it be possible? Sure. But they could also do it without tipping you off or giving you the ability to opt out.
Skepticism of heavy tracking is absolutely justified, so I want to address that first. I've read Richard Stallman's blog for the last 15 years, and he has had a lot of good thoughts about it. I think everyone should have access to privacy, but I don't think everything should be private.
Games are a good example. Nobody would expect a baseball player to object to tracking statistics. That's a big part of what makes the game. Online gaming is the same way. Tracking achievements adds to the fun for a lot of people.
But there are also larger social issues where tracking can be beneficial. We live in a world with a lot of diversity and an increasing amount of information. People get overwhelmed and tend to revert to tribal thinking, attacking anything that doesn't fit their group's perspective. I don't know if people on their own could ever get over this type of behavior in a world that's impossible to keep up with without taking mental shortcuts and relying on summaries of what's happening.
Personalized deep learning is an attempt to create a relatively neutral arbiter of all this information, distill it into something useful based not only on the user's behavior but also the aggregate of everyone's behavior. The algorithms don't just learn from what you like but have the potential to uncover interests and information that you might never be able to access outside your bubble.
Cortana brings that kind of aggregate information gathering to your desktop. It's an early example, and it needs lots and lots of data to learn, and the more diverse the data set it can analyze, the closer it can be to doing its job of feeding relevant information.
Windows 10 is also meant to be an Internet of Things OS. Lots of companies are working on connected devices that depend on syncing with your account. A common example for today is telling Cortana to remind you to pick up milk when you're at the store. The reminder goes to your account, and when your phone detects you're at the store, it reminds you to pick up milk.
Of course, there are people who are going to try to use this to sell you things, but that's always been the case. The hope of people working on these things is that it can bring you actually relevant suggestions instead of just the products with the largest advertising budgets. Old advertising models were very centralized and only the largest ones could really win. Personalized advertising might be able to bring the smaller but more relevant products to your attention.
Personally, I don't like advertising, and I'm not especially excited about this part of it, but that's definitely the monetary angle for it. The part that does excite me is the possibility that we can start to break down some of the communication barriers between people, get people outside of their bubbles, and bring relevant information to people based on large trends instead of isolated social groups.
There's plenty to be skeptical about here. Money tends to push things in directions that only benefit the ones with money. Microsoft and all the other IoT companies have a lot to prove before their products can be considered actually relevant for people. There's a good chance most of them will be no better than the old way of doing things. But there's a lot of potential there too.
Privacy should always be an option, but having a public online life can be good for people too.
If you do go through the installation/setup screen you will see that you have now a "advertizing ID". This made me feel edgy and I cannot shake the memory of the tattoo on the victim's forearm from the Nazi solution of its undesirable population, powered by no less than state of the art technical solution, provided by a top technical solution provider at the time.
> Personalized deep learning is an attempt to create a relatively neutral arbiter of all this information, distill it into something useful based not only on the user's behavior but also the aggregate of everyone's behavior. The algorithms don't just learn from what you like but have the potential to uncover interests and information that you might never be able to access outside your bubble.
That's an interesting statement considering how most recommender systems tend to suggest things related to your interests, further keeping you within the confines of your bubble. How is Cortana different?
"Windows is now essentially a personalized, cloud-based operating system with the primary interface as a personal assistant."
Who wanted that for desktop computers or laptops? This is not going to fly with business customers. Microsoft has already bombed twice in the business space, with Windows Vista and Windows 8. This looks like another bomb.
Windows 7 is still pretty good, and it will probably be the main Microsoft desktop OS for years to come, despite what Microsoft wants.
Who wanted that for desktop computers or laptops? This is not going to fly with business customers.
...nor with some private customers. Microsoft seems to be overlooking that not all nations are so happy about "the cloud" as the average American seems to be. Germany for one, where I currently live, is much more sceptical of sharing personal data -- potentially motivated by some of its 20th century history.
But all that aside, a lot of people only used their computer occasionally, say to write a letter (again, Germany, a lot of bureaucracy still requires paper letters over here). Transparently syncing documents with an external server that you have absolutely no control over is really nothing such a user wants.
And yet to do your tax online in Germany you'll have to use Elster which is Windows only. Telling them I'll sign my pdfs with SHA-256 didn't help... So back to cellulose data carriers
We were spun a load of marketing disguised as listening and attention. This turned out to be exactly what Microsoft wanted which was another aggressive move against customers both business and consumer. Despite all this the noise and confusion and dubious love for the products is shining out of the arses of every non technical news source.
What did we expect?
I've left the party now. Closed my MS accounts, cancelled MSDN and AP subs, rolled out CentOS 7 on my laptop and have moved the remaining windows dependencies I have to a VM. If you don't like it, now is the time to make it known.
This is after using MS products since about 1993. No more loyalty or milking.
The software industry is moving away from the model of servitude to a vendor. Good riddance.
Now if can only do the same with Google and Android, we'd be all set. Why does Google get a get out of jail for free card in this? Android is like the spying on everything you do operating system. Your location, your voice, your pictures, your passwords, I mean fuck... There is nothing Android doesn't know about you that it doesn't share with Google and on request the US government.
Google are just as bad. I've moved to a dumbphone and an IMAP mailbox at an independent company. I tried Android but that was pretty much impossible to keep control of (Moto G 2, Android 5.0)
I'm using Nokia 106. Calls. Texts. Nothing else. I turn it off at 6pm and on at 9am.
Doesn't have data, GPS, Bluetooth or WiFi so that's not a problem. The best it gives is rough triangulation data from cell towers but I can leave it at home and do nefarious things to my own heart's content if I so desire (not that I intend to).
OK, thanks. My wife has just bought a cheap Nokia 103 (she's used Nokias for ages) and I was surprised that it had Bluetooth. It showed up on the laptop I was using at the time, but I couldn't find any way to connect to it. (They didn't pair.)
I checked and it did have Bluetooth on the Nokia 103 menu.
Are you really this paranoid? You must be loads of fun at parties. It's interesting though because your British government is tracking your phone, your texts and watching you as you traverse London on CCTV. But luckily Microsoft doesn't know about your affinity for Yorkshire Terriers and love of Bass Ale.
Don't get me wrong, I value privacy, but all things in moderation, including paranoia. I personally don't think most peopke's lives are that controversial to be so concerned about their privacy that they'll avoid the grid altogether lest some lewd fact trickle out amongs the billions of other lewd facts trickling out about everyone.
I spent a number of years working for nefarious defence contractors so the paranoia is somewhat justified. My paranoia is clearly required as I've been responsible for the security architecture at a number of financial companies and have a lot of experience dealing with both the human and technology aspects of data.
Safety in numbers is only valid if it's difficult to discern facts from the flock. But it's not. The technology logs and correlates specific data for fast retrieval rather than collecting noise and then discerning the signal later on.
Oh and I'd never drink Bass; maybe an Abbots or two ;)
> I personally don't think most peopke's lives are that controversial to be so concerned about their privacy that they'll avoid the grid altogether lest some lewd fact trickle out amongs the billions of other lewd facts trickling out about everyone.
This sounds suspiciously like 'nothing to hide nothing to fear'.
I don't think batou is being overly paranoid at all. Especially not with the last year or more of news.
If anything, this is massive tech company overreach on the part of Microsoft, Apple and especially Google and Facebook.
More protection in law is what is needed, not for people to suck it up and accept it.
> Your location, your voice, your pictures, your passwords,
However, it will ask you first about that. And it is not actually Android, it is Google Play Services. For snitching your pictures, you have to download an extra app by yourself.
If you don't like that and you don't want to say 'no' when asked, use Cyanogen without Gapps. That way, you'll get non-spying vanilla Android. (That means without Play Store too).
Use it with a throwaway Google account to download apps from the Play Store, then use adb to install them on your device. This works fine for apps which don't rely on specific Google libraries or services being installed on your device.
It's a little better if your device can run Cyanogen. Not great, but a little better.
I'm hopeful that Firefox OS and perhaps Ubuntu/Full GNU/Linux on phones will help. Canonical hasn't got a perfect record when it comes to privacy or openness -- but if they manage to invest the resource to develop a truly open stack that works on real hardware, I expect people to make other distributions that do pretty much whatever one wants.
Why does Google get a GOoJF card? Well, they don't.
I'm going to ditch Android for a free-er OS when I have the money, although if possible I want to get a [Fairphone](https://www.fairphone.com/) (tl;dr 1. no shady business practices/exploitation, 2. modular with replaceable parts (bonus points for having an integrated protective case), 3. Fairphone V2 will be 100% Free Software (or at least, the firmware/drivers will be), 4. costs $800 as a result).
I'm actually really interested in seeing the Fairphone be a thing.
You were always free to not use new MS operating systems. Nobody forced you to make any MS accounts or use Window 8,10 or whatever, so if you installed Windows 8 and didn't like it, that doesn't make MS evil, just don't use it. Anyone who inclined to use CentOS as their daily driver probably was never going to like MS OS's anyway. You probably only ever installed it just to find out what you hate about it.
I'm actually not free to not use it. I have to test our product on these systems and therefore I will need at least a virtual machine instance of it. I have no option not to use a Microsoft account because the majority of the functionality has shifted to behind the privacy wall.
Actually I installed it to test our desktop windows product against it as well as our web application in Edge.
This was a decider for us: do we move it to Windows Runtime or move it to Qt/JavaFX, to the web or something else?
We're evaluating Qt and JavaFX going forwards.
As I said I've been using Windows since 1993 as my primary operating system. I've used Unix (Solaris, HPUX, Linux, FreeBSD, OpenBSD) over the years but never in a desktop capacity.
Also one of our clients, a big financial company has rolled out RHEL6 as a desktop platform instead of windows 8/10. They are not trend-setters either.
That's pretty specious. Your work requires you to use it. So presumably you'll only be testing on your VM instance. And if you are using at work, then use the Enterprise version, which doesn't use a Microsoft account whatsoever. And lets you control all of these privacy concerns, including telemetry.
You bitching that your job requires you to test a product against Windows in a VM is not the same as Microsoft holding you personally hostage to give up all your personal information, however you try to spin it.
We have to test against the lowest common denominator so we're not using Enterprise or VL for this nor are the machines domain members.
The privacy policy changes violate our network AUP, security policy and compliance with a number of regulations. We handle confidential financial, insurance and medical data.
That's where the catch-22 is. There is no possiblity for us to use this and remain in compliance.
Not only that, every version of windows since 8 has called home. There is a lot of traffic outgoing from our network we block from machines. And that is with a heavily locked down GPO and custom WIM deployment.
The argument "Don't use it if you don't like it." certainly applies to many things, but when a company gets to the scale of Microsoft, Google, Apple, etc, the context is not the same. It seems reasonable to hold these behemoths to a higher standard than scrappy startups.
This argument is specious at best. We must hold all parties involved to the same level of standard as any, at all levels because a breach of trust at any size is seriously damaging to the consumer. It doesn't matter about the size of the Corp.
I think it matters, if only because it's more efficient to complain about the big corporations that everyone is familiar with than about some unknown startup few people care about.
If you only have limited time and energy for activism, you have to go for the bigger targets (to make it easy to collaborate with other activists) or go for the most local targets (because you may have a comparative advantage).
One is having approximately equivalent alternatives. If something is wrong with a particular kind of chewing gum, I can easily switch to the next brand over. But when that's not the case, standards should be higher, because normal market forces no longer constrain players in the same way.
The other is the size of the potential impact. If one corner-store merchant keeps their credit card receipts in a box under the counter, it's a much smaller problem than, say, Target or Home Depot keeping them in a poorly secured network.
You were always free to not use new MS operating systems.
Are you also free not to have your private information (personal data, trade secrets, whatever it might be) given to Microsoft by others you interact with who do use Microsoft's new operating systems?
I don't know about no-one. I have three laptops, one desktop, one media PC, one server, one tablet, and one phone. The cloud movement has been helpful to say the least.
Obviously I don't speak for everyone, but I think "no one wanted it" is a stretch.
No one wanted this implementation. There are plenty of ways of solving exactly the problems without the amorphous concept of the cloud without introducing any burden on the user.
I have a 3 desktops, 2 laptops, a NAS and 2 servers and have solved the problems transparently without any cloud services.
> Absolutely no one wanted it. No one asked for it.
How so? Billions of people choose to pay for services/software with their privacy these days. Microsoft isn't to blame for that. If anything they were really late to the party
I'm not sure, it really depends in Microsoft's execution of the vision.
Over the years, if they really make Cortana useful and seamles pdates and systems maintenance the default due to the new "cloud" nature of Windows, they might see a similar adoption or switching pattern as SaaS solutions have seen in business.
At this point most traditional or slow businesses still using licensed software with local IT admins are being outcompeted by more agile competition using SaaS solutions.
Then again, what alternative do corporates have? They could stick to an older version of Windows, and become less competitive (assuming Microsoft pulls it off), or switch to Linux, which is doubtfl for most office workers (though our entire devshop uses now Linux ultrabooks).
i also suspect that they are slashing their cash cow (corporate users among them) for the vague promise to be like google and facebook (the promise of add dollars).
>Who wanted that for desktop computers or laptops?
I did. Linux and OSX are still available for whoever wants them. You can stick with Windows 7 if you want, that's just fine. I like Cortana. I like my software knowing what I like and what I'm interested in. It makes my life easier, which is what computers were invented for.
I can see why some people might not, and to be fair I use Linux on my work laptop because the work I do demands it. I would never put my client data on a Windows machine.
But like I can see your side of the argument, you have to be able to see that some other people want personalization and learning and all that. Pandora and Apple Music are both heavily tailored that way. Google Now on your phone knows everything you do. Netflix can find videos for you to watch based on what you've watched before. Amazon will recommend purchases to you based on what you like. Hell, half the people on this site build these systems. You know how many machine learning articles there are on the front page every week?
So who wanted that? I did. And so did several million other people. For the people who don't want it, I mean it's not even really opt-out. They ask you up front do you want the default or do you want to pick your own privacy settings. If you still don't trust it, Windows 7, OSX, and Linux are right there, just a click away.
This should be an optional feature. Not a feature that's the default of most computers on the planet. It's fine that you wanted it, and it's fine that it's available. It's not cool that it's the default on anything.
As far as I can tell, it is an optional feature. It's the default option, but still an option. On top of that, a fair argument could be made that most people who don't care enough to change their privacy settings probably do prioritize convenience over maximal privacy, so this might even be a reasonable default.
This. Majority of people don't care about having any of these privacy issues on their cell phones which infact is far more capable and something you always keep next to you. Heck I have even seen hackers here recommend ChromeOS, an operating system where everything lives on the cloud. Even though I am cautious about my privacy, I have come to learn that most are not and there is nothing wrong with it. It is just not something that bothers them enough to care about. Privacy is not black and white, some try to maintain an absolute fence while others are willing to trade some for convenience in return.
Some is fine, all is mentally deficient. Chrome OS is mentally deficient. In the current environment being okay with sharing every single detail of your computing with a big marketing company is not a smart thing to do.
It's a fine line for sure. I recently recommended ChromeOS for my mother. Her problem is that she runs programs that compromise her OS. The malware I've removed from my parent's computer is hugely invasive and it is usually tied to her account. Given the choice of Google having some of her privacy details or some unknown crackers, I'd much rather have her expose that information to some cooperation that has public scrutiny over how they handle that data.
Heh, I got one for my wife, cause all she used her computer for was Facebook. Who gives a shit if Google gets all that stuff now too, Facebook already had it in their datacenter.
No. That's not a fair argument at all. Just because someone is scared away by an "option" screen like this:
> you get presented with a customize wizard. The first screen has a large chunk of text on it, a large and clearly visible button to proceed using the default settings, and a small hard to see text link that lets you choose your own setting values instead of the defaults.
> Everything about this screen is urging me to just accept the default configuration and get on with life.
Doesn't mean those people "don't care enough" about their privacy. Those people are my parents and my friends and I know that they do.
We know our computers, we can fight back, many people cannot. I believe that when a piece of software tries to provide "sensible defaults" for people that fear they might break stuff, or simply not understand the "advanced options", that those defaults should be SAFE and TRUSTWORTHY.
Windows 10 obviously breaks that trust, and the people who can't spend an hour digging through advanced options (for many reasons) are just pounded into submission against systems they feel slowly slip from their control.
I do not consent to you and others giving Microsoft (or Google or Facebook etc…) all the personal information this necessarily reveals about me when you accept their terms and have any electronic interactions with me.
I appreciate what you're trying to say, but ultimately... Sucks to be you. If you don't want others to share that data, you'll have to stop interacting with them.
And let me guess, they don't have your phone number memorized; they probably save your phone number in their phone's contacts list alongside your name, which is automatically backed up in the cloud in either Google Contacts or iCloud depending on what phone they use.
Expecting your friends not to use cloud services seems a bit unreasonable and unenforceable. Are you really going to tell all your friends they should write down or memorize your phone number instead of storing it in their phone?
Oh, uh, I thought you were talking about your name.
Microsoft collects your friends' names so it can spell their names correctly when you use speech-to-text or related features. I thought that's what you were objecting to. What kind of data are you talking about?
While your name and phone number are public, the list of people who have your phone number saved is not public. These companies can effectively map who you associate with only by looking at other people's phones. They can profile you by association, and that is very wrong.
At some point privacy is no longer a choice, not a real choice anyway. You get to chose between participating in society or keeping your privacy. It shouldn't have to be this way, but it is.
If you really are as charming in real life as you are online, people might indeed accede to your quaint insistence on anachronistic media, until they don't.
Personally, I require that all my so-called friends communicate with me in morse code over short wave radio. It works a treat.
I think its probably pretty good advice to follow: If you don't want someone posting revenge porn after you break up, don't give them nude photos/videos. Its always a risk you either accept or avoid.
There is a clear moral distinction to be drawn between people who use Windows 10 knowing that it might be sharing some data with Microsoft, so its algorithms can streamline certain everyday tasks and those who maliciously upload their exes' sex tapes to the Internet without their consent.
There are huge differences here on at least three crucial dimensions: intent of the sharer, the audience with whom it is shared, and the sensitivity of the data shared.
This is specifically in the context of your windows 10 install uploading data about me, without you asking me if that's ok. My wifi password over wifi sense, for example.
Yes. I understand that this is about "my" Windows 10 install sharing data about "you." I should have been more clear (and, unfortunately, the editing window has closed so I can't clarify). But if you re-read my comment with this in mind (as I had intended) it remains the case that while this a Bad Thing, and I see the analogy to revenge porn, it also is radically different in degree from revenge porn on several morally significant dimensions.
That's not your consent to give. If you tell me your name, I'm free to repeat that to whoever I want. If you aren't ok with public information being re-broadcasted, don't go outside.
Actually in the UK it is covered by the Data Protection Act. Interesting times ahead. If you knowingly or unknowningly give personal information away without my consent this is illegal.
I would challenge you to show something conclusive that states that I am forbidden by law from stating "I know this person. His name is batou." while pointing at you.
And yet your original post was in response to this:
"If you tell me your name, I'm free to repeat that to whoever I want. If you aren't ok with public information being re-broadcasted, don't go outside."
to which you said:
"Actually in the UK it is covered by the Data Protection Act. Interesting times ahead. If you knowingly or unknowningly give personal information away without my consent this is illegal."
What you're saying now and what you said then are two different contexts.
He wasn't broadcasting his name in the first place; only you had the information (in the limited knowledge of the context). In case you are using this for anything damaging to him or for profit, that is what the Data Protection Act covers. That suddenly his name becomes public knowledge has little to do with this law.
So if someone were to ask your computer "Do you know any trade unionists?" and it were to reply "I know this person. His name is batou.", and you weren't covered by the Schedule 3 exceptions, that would be an offence. This is an attempt at preventing employment blacklists.
That's been considered the foundation of privacy laws in the US. Europe generally has stricter laws -- for instance in Norway, until recently, it was technically illegal to keep an electronic[1] list of names and phone numbers of parents in a school class, or an electronic membership list for a club (esp: minor members).
That's now changed, and the requirement for being granted a "data license" are less stringent -- most electronic record keeping is legal -- everyone being granted a pre-emptive licence of sorts. However, that license is subject to things like a) being responsive in giving out/responding to requests to correct data, to show what data you have on an individual to that individual, and b) making a reasonable effort to keep the data safe.
Breach of those can lead to fines, and the revocation of the implicit license -- meaning you're not allowed to keep such electronic records any more.
Understandably Germany have a stronger emphasis on privacy, being a) a fascist dictatorship under Hitler recently, and b) half of Germany being under the Stasi also recently.
Why people in the US aren't more afraid of personal data ending up in privately held data banks where they are subject to National Security Letters, hackers, anti-union organizations working with big business, anti-native American rights activists and whatever else -- I don't know.
Maybe most people think that the next group to be frozen out of the job market won't be communist but Muslims -- and, hey, I don't know any Muslims -- so why should I be worried?
[1] Note the electronic bit. This is due to how trivial it is to link digital data, and how trivial it is to copy/get hold of a copy without the original missing etc.
If you aren't ok with public information being re-broadcasted, don't go outside.
Rights and freedoms that you can only exercise by giving up any semblance of normal life are no rights and freedoms at all. The idea that the moment you step outside of your home or go on-line you forfeit any right to the slightest respect for your privacy and we should just accept this is silly.
And if you think the only people who care are a few internet warriors, please consider the likes of Google's Glass and Street View, where some people have felt strongly enough about the invasions to resort to actual criminal violence in response, and some entire countries have clamped down on the surveillance in response to public concerns.
In any case, with many of these systems, we aren't talking about public information. We're talking about technologies that systematically abuse friendships and commercial relationships by getting one party to tell the technology operators information about another party without that other party's knowledge or consent and potentially even if that information had been given in confidence.
So you agree that you have no such rights and freedoms. That seems like the practical view. The alternative is the path of craziness, filled with things like the "right to be forgotten".
So you agree that you have no such rights and freedoms.
No, I think that just because we can do something, it doesn't mean we should.
In a literal sense, you have no rights or freedoms that you are not prepared to protect with your life. You can lose anything else to someone willing to try hard enough to take it from you. Fortunately, in civilised societies, we do not generally require everyone to die to defend basic human rights that most of us think are worth protecting. Instead we adopt laws and punish those who would break them.
The alternative is the path of craziness, filled with things like the "right to be forgotten".
And as you can probably guess, I support the basic idea of the right to be forgotten as well. I have no problem with requiring companies that specialise in providing easy access to data -- and that make huge amounts of money because of the immense volumes of data they deal with -- to make it harder to access information about, say, victims of abuse or mistaken identity. When the statistics came out about who was really making use of the right to be forgotten ruling in Europe, contrary to all the naysayers, it mostly wasn't people like criminals and politicians who arguably invited negative publicity.
That said, I have no problem with reducing the profile of criminals with spent convictions either, nor those who have done things that were not criminal but which society frowned upon at some point in history. A society that never forgets, full of people who want to hold everything someone ever did against them for all eternity, is not a healthy society. I believe most people can be rehabilitated even after a dark past, and the evidence about how successful different legal systems around the world are at preventing recurrence of damaging behaviour overwhelmingly supports that position as well.
I'm not talking about public information. I'm talking about private communication between you and I. Like truly private, private where you are happy to keep our communication confidential. Except now you have to have the technical know-how and proactive burden of keeping it confidential because Microsoft (and Google in other cases etc) sweep up everything you do.
In other words, if you consent to Microsoft tracking you, it means I cannot trust you in private communication even if you would otherwise be trustworthy person.
This is completely distinct concern from what is true public information.
Not indefinitely. It will get EOL'ed, and at that point it might not be possible to opt-out of the upgrade.
Which isn't bad given that MS isn't going to keep supporting W7 forever: It's a genuinely bad thing to have unpatched OSes with known security holes (zero-decade, I suppose?) out in the hands of non-technical users. That kind of thing was moderately acceptable when Average Windows User was behind a dial-up line, but those are going away, too.
Not indefinitely. It will get EOL'ed, and at that point it might not be possible to opt-out of the upgrade.
It's always possible to opt out of the upgrade with Windows 7. I have a perpetual licence to use it, and I can turn off any automatic updates that would break it.
The worst that will happen, short of Microsoft as a business going under or similarly dramatic changes, is that I will only enjoy free security updates from Microsoft until the end of the guaranteed support period (still several years away) and then I will have to use alternative means to secure my systems against any remaining threats.
As demonstrated by the large organisations still on XP, one of those means may simply be paying more money to Microsoft to continue supporting an older platform you want to keep using.
a genuinely bad thing to have unpatched OSes with known security holes
If the OS is popular enough, once they get known, they will be fixed by the community if not MS. Look up "Windows 98SE Unofficial Service Pack" and "KernelEx". In fact the 98SE community is still very much alive... and has added support for a lot of things that MS didn't.
Gradually, I predict the same will happen with XP, and possibly 7 when MS stops supporting it.
I like my software knowing what I like and what I'm interested in. It makes my life easier, which is what computers were invented for.
Philosophical question: is it really your life, if your software may be subtly persuading you in a different direction than what you would've taken if it hadn't been making the suggestions to influence you?
There is no doubt it will make things easier for you if all you do is effectively accept and follow everything others want you to with no resistance. However, that's not what I'd consider "your life" anymore.
How's that different from listening to any other human you interact with? Is it somehow worse because it's a computer rather than a human? That's the kind of bigotry that gets you robot uprisings.
Your mind is wired by evolution to assess, evaluate and react to human behavior. It is equipped to defend you another humans' attempts to influence your behavior for their own ends when you interact with them in person. Software that you run daily should be able to bypass those built-in protections in a more subtle and personalized manner than traditional advertising or propaganda could ever dream of. In an untrained mind it won't meet resistance but the mind can be trained; the "bigotry against 'robots'" (really, human organizations acting at a distance) on the part of humans who read enough stories like this one emerges as a result and is completely justified.
And if it is by evolution, that immediately presents the trivial solution that we will naturally evolve to relate better to machines, making this a nonissue.
> Philosophical question: is it really your life, if your software may be subtly persuading you in a different direction than what you would've taken if it hadn't been making the suggestions to influence you?
No less so than if your friends, family, coworkers, and society at large may be subtly persuading you in a different direction than what you would've taken if they hadn't been making the suggestions to influence you.
Does only the hermit truly own his own life?
> There is no doubt it will make things easier for you if all you do is effectively accept and follow everything others want you to with no resistance.
While that may be a danger to keep in mind, that's not what's being suggested. In fact, I'd argue much the opposite is being suggested.
Instead of being told what we want and adapting to our corporate overlords, would it not be preferable to communicate what we want, and have the companies adapt to us instead? To service our wants and needs?
>No less so than if your friends, family, coworkers, and society at large may be subtly persuading you in a different direction than what you would've taken if they hadn't been making the suggestions to influence you.
In spite the fact that in the case of friends, family, coworkers I can be the one persuading them in a different direction and I also know a bit about them (you cannot suggest that in the case of person-company relationship both are as strong in influencing each other, maybe in large numbers of people protesting and that's a huge maybe):
The thing is, there are 5 billion people on Earth but far less operating systems. So, when they tell you "my way or the highway" while at the same time more products support their way, you'll eventually end up stuck somewhere in the past, like the old nut in the hut living on top of a mountain, while everyone is throwing their personal data to Microsoft and friends telling me that it's going to be ok because "the functionality provided is convenient". Which makes zero sense.
This discussion is such a deja vu. I had this exact back and forth with a colleague the other day (them on the give-away-all-data side). I have a reply based on this comment, thank you.
> In spite the fact that in the case of friends, family, coworkers I can be the one persuading them in a different direction and I also know a bit about them (you cannot suggest that in the case of person-company relationship both are as strong in influencing each other, maybe in large numbers of people protesting and that's a huge maybe)
Companies, in many ways, strike me as amazingly straightforward to manipulate. So easily swayed by the almighty dollar that such trite as "the customer is always right" gets dolled out as actual management policy at times.
We block company ads, our eyes scan past the ads that remain, we spam-list their emails and rip into them on our various review sites when they wrong us.
Companies realize, though, that talk is cheap, and see through our bullshit a little better. And, sadly, there's very little self control by consumers at times.
> you'll eventually end up stuck somewhere in the past, like the old nut in the hut living on top of a mountain
It's not so bad here. I don't even have a Facebook account. There's enough ad blocking options out there to kill several news companies several times over. That's before installing a proper separate firewall box.
> while everyone is throwing their personal data to Microsoft and friends telling me that it's going to be ok because "the functionality provided is convenient". Which makes zero sense.
It makes zero sense if you lack agency and choice. You have an opt out. It makes zero sense if you provide what you didn't will to. Opt ins are superior, I'll certainly grant. It makes zero sense if you haven't recognized the full ramifications and potential impact of sharing the data you share. They don't know what they're getting into.
But it also makes zero sense to dismiss "convenient functionality" as a reasonable rationale to give data freely, by choice, if you understand the impact and potential ramifications of it. There's a reason this stuff works. Ignoring that merely blinds you to the beast, and robs you of taking as much advantage of it, or to defend against it's detriments.
> No less so than if your friends, family, coworkers, and society at large may be subtly persuading you in a different direction than what you would've taken if they hadn't been making the suggestions to influence you.
I'd add to that list things like Toxoplasma gondii.[1] Who knows, maybe it is the viruses controlling us all. Maybe there are behaviour modifying viruses that cause little to no overt symptoms of infection, or maybe the viruses are changing the DNA of bacteria that impact all living creatures microbiomes. Scary stuff.
There's a danger of looking at things from within the tech bubble. Perspective is everything and I'm not convinced mainstream will be so accepting when the privacy concerns gain greater visibility. The same drive that is making ad blockers a concern will probably come into play. It'll take one successful hack for reality to set in for many. I personally don't want that type of personalization or targeting.
> I can see why some people might not, and to be fair I use Linux on my work laptop because the work I do demands it. I would never put my client data on a Windows machine.
How do you handle business e-mail ? Only on the linux laptop ? Is the windows device only for personal and entertainment purposes ?
Correct. I have all my work stuff on my work laptop and the Windows desktop is just for Netflix and games and reddit and stuff that happens when I'm done with work. In fact I can't even have business emails on my personal computer because you need to be connected to my work's VPN to get email and you can't connect to the VPN with Windows without getting in serious trouble.
> But like I can see your side of the argument, you have to be able to see that some other people want personalization and learning and all that. Pandora and Apple Music are both heavily tailored that way. Google Now on your phone knows everything you do. Netflix can find videos for you to watch based on what you've watched before. Amazon will recommend purchases to you based on what you like. Hell, half the people on this site build these systems. You know how many machine learning articles there are on the front page every week?
But that's the thing, right ? People want their computers to be more intelligent, reactive, adapted to their needs. They don't want Google, MS or Apple to know everything about them. How did the first came to automatically imply the second ?
Apple, Google, MS and others could deliver the same products (software that learn user behaviour and adapt accordingly) without sacrificing privacy, invading personal space and storing private documents on the cloud in order to parse it to deliver relevant ads.
Machine learning should keep on trying to be machine learning and not solely data scraping for marketing tuning and exploitation.
What does it bring me that MS or Google knows my search terms of the day ? I want my quad-core CPU to know that when I browse HN it should automatically split the screen in half and open my media player to listen to radio music because that's what I do most morning. Why do I have to do that by hand ? Can't it know or guess my routine by now ?
Or is all the tech just a glorified lexical parser to fine tune ads to increase their efficiency ?
It's not just about advertising. By looking at customer data in aggregate you can learn more about behaviour patterns and support the things your customers might be interested in doing. Buying products is one of the things you might be interested in doing.
That said, this whole thing gives me the creeps and I'm glad I'm no longer a Microsoftie.
"By looking at customer data in aggregate you can learn more about behaviour patterns and support the things your customers might be interested in doing."
That could be done locally, without sharing the private data. The local computing agent can then look up in the public (like the pool of those who deliberately published content for all to see) for information that may be of interest to the user. That would have been a moral solution to please everyone. What we see happening now is a nightmare!
It could be done locally, but in order to not share any data with the server you'd need to run the analysis (with all of the associated data) on the local machine, which unless I'm missing something would add some non-trivial constraints, e.g.
- Getting research-grade analysis code up to local-install quality levels, keeping that code updated
- Bandwidth and HDD space for large datasets
- The additional load on the CPU, memory, battery, and messaging that to the customer
- The legal and privacy implication of all that opt-in data being transferred and processed on thousands of opt-out customers' machines
- The need to have an entirely duplicated system because some people would rather opt-in and not have to run all this stuff run on their already-creaking-under-the-weight-of-windows-and-outlook-and-word-and-antivirus laptop
Maybe I'm misunderstanding something, but from this view I can understand why they didn't want to do it this way
Frankly, I don't buy it when it's on Google, FB or MS scale. Their incentives is to maximize profits, not the user's happiness, wants or needs. Sometimes the later might help optimize the first but it's not the objective behind all the scraping.
Those improvements could be done with much less intruding anyway (be it for the sake of it or because johnny hacker is going to release those data someday).
> Apple, Google, MS and others could deliver the same products [...] without sacrificing privacy [..]
Could they? My amateur understanding is that a lot of today's success in machine learning is due mainly to having enormous amounts of data to work with.
When I look at Google Now, for example, I can't imagine a way to build it without collecting an ocean of detailed personal data. Or your example of finding common behaviors and having computers do the right thing: that gets much, much easier if you have the daily behavior data of 10m people so you can start extracting concepts like "typical morning routine", testing recognizers for that, and having them not do anything in low-confidence situations.
I would be very wary of using windows 10 as a company. If they are sending all key strokes that a user types, then any illusion of privileged information between company and customer goes out of the window. It makes me wonder how the legal team of companies would say if they caught the magnitude of data being leaked through default enabled services.
I might well be remembering this incorrectly, but wasn't that a part of the Insider Only pre-release EULA?
I've not checked to see if it's in the more recent release EULA, but the assumption was that it was there for the beta diagnostics as opposed to the day-to-day use.
> Who wanted that for desktop computers or laptops?
Everyone who is switching over to cloud connected OSs on their tablets and smartphones.
Why should I have to reinstall and resetup every new computer? My contacts have been following me around on my phone for 8 years now, why the heck shouldn't they be just as accessible from my PC?
My favorites, they should always be there. Chrome does a great job of this, it is nice that Microsoft has decided to catch up.
Windows 8 had some of this, having wallpapers, theme colors, and OneDrive follow me around already made my computers all seem closer together, now just a little bit more is happening.
There is so much common sense in this. If I schedule an appointment while I am at home for me to leave work early to go pick up my cat from the vet, it should show on my work PC because that damn well makes sense.
All this does is bring Windows fully into the 21st century.
> Windows 7 is still pretty good, and it will probably be the main Microsoft desktop OS for years to come, despite what Microsoft wants.
About 6 hours ago I was apprehensive about Windows 10. Now I'm using it and it is lightening fast and responsive.
I agree that these features all make sense but there is no reason for the invididual's data to have to travel hundreds or thousands of miles through third party servers during a synchronization. It should be no harder than pairing two Bluetooth devices together and then the data will move directly between these devices, or at least encrypted through a third party router. The internet was designed to be decentralized but it's not working that way due to business interests.
do you realize, as many others here and everywhere else, do not care a bit about some cloud or anything else? I can install my computers on my own, thank you. the whole discussion about people justifying is a bit ridiculous, to be honest.
why don't you all pro-MS or pro-let's-lose-privacy people don't get a single thing - as per moral standards, any kind of option should be disabled by default (meaning 95% or more people on this planet will never enable it) and you should chose only enable that if you will? It could be the first screen welcoming you on first start of OS, whatever. not even having an option to disable it on cheaper windows is just plain wrong & smells cheap, again in moral sense. As we all know, corporations, any kind, are not high on morality these days. Increasing shareholder value at all costs and similar is the mantra. that google and others are doing it doesn't make it any more right (i have all these things like google one disabled on my phone anyway, at least that's what I like to think :))
As to why we want to not use it, I do believe Mr. Snowden made a point or two in the past.
We're making a choice based on a button with a one sentence dumbed down description. But what is the full legally binding extent of what we're agreeing to with each click?
Nobody knows. "We share with our partners". What's being shared? Who are the partners? Who are their partners that will also have access? What's being done with it? Am I personally identifiable?
Etc. Even if they wrote a page for each box, which they haven't, it will still be pointless because there is probably some other waiver in the 300 page EULA.
On the contrary businesses would prefer an OS where they will have to pay much less fee each year than paying one large amount occasionally. Vista and Windows 8 were needless OS which did not offer any value. Windows 10 on other hand has a lot to offer to both consumers and businesses.
> This is not going to fly with business customers.
If businesses fall too far behind adopting modern software/features their employees are familiar with using on personal devices they will have to accept reduced productivity.
What are you talking about? From the article, the "get going fast" picture displays the settings you're agreeing to when using the express settings. It's one page of content. And clicking on "customize" gives you more detail.
I mean, I agree with the article that the layout is definitely pushing people who don't care to just pressing "agree", but if you care about privacy, it's not like it's hidden from you.
> I do think that Windows needs an OS-wide incognito mode, just a simple switch to record or not record data.
Sounds like switching to a guest account. Not as quick as a simple "toggle data recording" button, but that functionality is definitely already in Windows.
What do you mean by that? Not only you can't set any access rights for applications (they get what they ask for and you can either accept all or not install the application), but the OS also synchronizes your main account's contacts and calendar to THE CLOUD without asking you, telling you, and even without a way to opt out of it.
MS is so aggressively international, I can imagine that they might cave to subpoenas from other governments. So now my home country plus at least the rest of the G8 can request my data.
it is not acceptable, just some people here favor their little convenience (ie saying something instead of few taps on screen) over long term privacy. heck, some even defend targeted ads. Sad thing is, mainstream users won't even know about these things coming.
what i like about the situation - it might actually make some bigger organizations turn away from what MS can offer. biggest issue are usually Win-only or IE-only intranet apps, but with proper management steering, changes (in the way technology for apps is chosen) can be done. Now just to have proper substitute for Active directory, and it's game over for their OS there.
They can technically do anything they want with the input you provide. Personally I would never trust an opaque operating system even if they provided clear details as to what the configuration options are and how they are used.
People want to be connected, join social networks, download apps, be able to control their appliances from across the ocean, carry devices loaded with sensors everywhere they go--and on top of all it, they want privacy.
IIRC, that's what Apple is trying to do: they'll provide all kinds of cloud services, but in a way that they know as little as possible about the content beyond what's vital to providing the relevant service.
Apple is trying to sell hardware, which a robust encrypted cloud experience tied to that hardware will do.
Microsoft is trying to make money from the operating system; since they're giving it away for free, they have to sell commercial access to third parties (ads in the Start menu? really?).
Google, well, I assume they're out to mine as much data as possible, whether or not it's user-specific.
Not actually true. Windows 10 is not free, and Microsoft is not giving away the operating system.
What Microsoft is doing is giving consumers a free upgrade on Win7/8 PCs where the operating system has already been paid for.
This is basically the strategy already used by Apple and Google (Android): once you have bought the OS (bundled with the hardware) then you get updates free.
Except that Apple makes its money off hardware sales, and Google makes money off data mining ... for both, the operating system is just a means to an end, a cost center required to support the separate profit centers. Microsoft is, however, has the OS as its primary product.
This looks like all the same sort of stuff Google defaults you into on Android. I mean, not that it's any better because of that, but this is the state of things now. You're not going to find better unless you install FOSS. Unless you're ready to go full-in on one of the BSDs or a Linux-that-isn't-Ubuntu, navigating the waters of figuring out how to get a phone that has all the features you want with such an OS, figuring out how to do all the work you need to do, then you're in for a penny, in for a pound.
Apple, Google, Facebook, Twitter, LinkedIn, the FBI, NSA, CIA, DHS, they all have my data already. Thanks to OPM, the Russians and Chinese probably have my data now, too. What does it matter if Microsoft has it? They probably already have it. Maybe it's even better to make sure everyone has my data, rather than allowing it to be used as a competitive advantage by one or a small set of corporations. Cat's out of the bag. Horses have left the stable. Whatever other metaphors you want to throw in there.
So decide, and decide now: either go full-in on FOSS, or shut up and eat your cookie. Otherwise, this exercise hasn't been about privacy, it's been about anti-Bill-Gates-and-Steve-Ballmer-Microsoft sentiment.
If there are reasonable opt-outs, then you can have your cake and eat it without jumping ship to Linux/FOSS. (And, to a lesser extent, you might face the same problems there, e.g. with Ubuntu)
The problem is that with all platforms, the opt outs are hard to find and, even worse, hard to even know when the opt outs even exist.
Opting out still leaves all the non-technical people who don't know about or understand the opt-out to whatever abuse MS (et al) wants to put in the OS?
Worse, you are still financially supporting these decisions by either buying the OS or adding to the usage counts. By "opting out" while still using the OS, you're still asking for more of this crap in the future.
Excuse me if I just don't fully comprehend your argument, but isn't FOSS an orthogonal issue to this? After all, even if software is open source, that doesn't stop it from mining your data. You just know that they are doing so. I suppose you can remove that feature, but it seems you're also able to disable the features here as well.
In any case, I'm all for FOSS but it doesn't seem to be a solution to this problem, which admittedly, is not even really a problem to everyone.
Yes, I agree that it's not really a problem for everyone. The issue isn't actually privacy. The issue is "find a reason to bash on MS for this month".
Now, I think the incentive structures for FOSS projects are a little different such that the FOSS environment isn't going to converge on the idea of collecting such data. But clearly, throw any sort of system that wants to make money into the mix, coupled with the fact that users just refuse to pay for software anymore, and every giganto corp from Mozilla to Canonical are going to independently come to the same conclusion of collecting this sort of data.
The problem is not that privacy is important. The problem is that privacy isn't as important to people as not having to pay cash for software. So the people who are complaining about this are never going to be happy with anything Microsoft does. Either MS collects too much data, or they are tone-deaf to the market and aren't keeping up with cutting edge features. Either MS "hides" non-default settings, or they are falling behind in the state of the art of UI design.
I mean, Apple or Google wouldn't have even given you the little link that people have been complaining about as "hidden", even though it's right there on the screen. They would have expected you to hunt the setting down in some settings dialog somewhere. What MS has done here is standard MS UI design theory, has been for over two decades.
But it's cool to bash on MS. And the only way such people are going to be satisfied and stay consistent, is to completely bail out of any software where anyone involved has a need to make income.
apple and google are scumbag corporations (not only) when it comes to privacy... so is it OK if another big corp joins them? you basically say yes, I say NO.
"Now, I think the incentive structures for FOSS projects are a little different such that the FOSS environment isn't going to converge on the idea of collecting such data. But clearly, throw any sort of system that wants to make money into the mix, coupled with the fact that users just refuse to pay for software anymore, and every giganto corp from Mozilla to Canonical are going to independently come to the same conclusion of collecting this sort of data."
Making money from either advertising or additional services are definitely incentives.
The other one worth mentioning is that trying to make platforms popular with users drives integrating on-line services as well as using more information from the user to deliver advanced services. At the moment local applications are at a disadvantage compared to on-line ones because they don't have as much data to do clever things with: Gmail vs Thunderbird is a good example. General users want the convenience of services like digital assistants - and while some of it can be done with local processing, some cannot.
One big advantage I get from my Mac OS over FOSS solutions is that they have an incentive to constantly improve their product. Do you know a single professional designer using a FOSS Illustrator? How about the FOSS version of Keynote? Or the FOSS version of Final Cut and Logic? FOSS isn't the answer to every question. FOSS is like a city bus; reliable enough, cheap enough for everyone and goes mostly where you want to go despite the occasional smell or sleeping vagrant sprawled across the seats. However, it certainly doesn't compare to driving your own Mercedes.
FOSS is certainly great, but it isn't the end all be all, despite utopian hippie delusions to the contrary.
I dont' know why so many people are surprised by the Cortana data vacuum. Doesn't Siri send everything you say to it to Apple or a "trusted partner"? Why would Cortana be any different?
The keylogger and Start menu ads are just creepy though. I shouldn't have to opt-out of targeted ads INSIDE MY OS.
That ad doesn't really fit the grid in the start menu, which seems odd to me. Microsoft was fairly gung ho about the grid in the Win8 start screen, and I'd assume here too since it's supposed to reflow automatically in between tablet and desktop mode.
The new XBox 1 update I installed yesterday has placed a "Featured" column on the main interface with ads. Think a start menu folder with links to sponsored web pages/apps.
To be fair, Apple needs that messaging for Siri because they outsource the speech recognition to a 3rd party (Nuance, I think). It's not like your phone is doing all of that legwork locally. I'll bet it's the same deal with Google Now and Cortana.
There's also a difference in perception between Apple's "trusted partners" and MS and Google's "trusted partners". Since MS and Google make a large amount of money from selling you to others, I just instantly assume that they're sharing my data with advertisers. Since I pay for all my Apple stuff and they repeatedly say that they don't sell my data, I assume that "trusted partners" means companies they've outsourced speech recognition to, or whatever, and that it won't ever be used for tracking or advertising.
Isn't MS closer to Apple than Google in terms of how it makes money? You pay directly for all or most of its stuff. Also, I thought Google sold your eyeballs to advertisers but not your data nor how it figured that it were your eyeballs that were most fit for the ad.
(I guess for some ads, the very fact that it thought your eyeballs were fit for them already discloses more about you than you'd like... and I'd guess that at least some ads placed by Google would be able to figure out whom they were shown to. But other than that, isn't data collected by Google kept secret from everybody else? It'd make sense from a business standpoint apart from any other considerations; better keep the competitive advantage, and better keep exactly what you know a secret from users as well as competitors.)
> Google sold your eyeballs to advertisers but not your data nor how it figured that it were your eyeballs that were most fit for the ad.
This is exactly correct, and it's why I prefer trusting Google with my data over anyone else. I'd rather have my eyeballs bought and sold by a company who's only competitive advantage is the fact that only they have my data.
Microsoft has Bing and their own advertising platform, with a tight partnership with Yahoo. Bing is now tightly integrated within Windows since version 8, ads and all. It's really irrelevant how much money Microsoft makes from this when they are in the same business.
Also, I interacted with Google's AdX and others and I must say that Google's AdX is much more restrictive in the user data exposed. The identifiers they give are completely unreliable for tracking users and they don't even give away the full IP. They are also doing a good job in reviewing the content being served on the client side, they detect if you're setting cookies or doing other things that are against their policy and their approval process is a pain in the ass. Other competing platforms, like MoPub (now owned by Twitter), are much more relaxed.
The general rule of thumb in the ads space - the bigger you are, the more eyes are watching you, this is why smaller players are breaking the rules with the purpose of grabbing as much land as possible before going public.
Bing has also been the default for Apple's Siri for a couple years? They may be growing their own search engine to support Siri, but I'd be interested to know if there are any identifiers passed to Bing for those searches... Trusted Partners and all.
You've had targeted ads on your XBox homescreen for a long time; a core OS feature of the iPhone is the app store, which features targeted ads. When app discovery becomes a part of the OS, advertising seems to naturally follow.
"Send typing and inking data to Microsoft to improve the recognition and suggestion platform"
"Typing data" sounds like keylogging. If it's what it sounds like, that's really emphatically not okay; that would include all passwords and the contents of all emails sent.
Would someone with actual knowledge care to chime in and say what data is actually sent? If it turns out that Windows 10 really is sending keystrokes to Microsoft by default, it seems likely to cause a significant backlash from Microsoft's business and government customers.
While it would be a little reassuring to find out what Windows 10 is currently sending, you should note that as the privacy agreement sounds like keylogging, Microsoft are claiming the right to start keylogging even if they don't quite do that now.
Also, enterprise editions of Windows apparently have more opt-outs... regular editions cannot opt out of all data collection. (sorry, can't find the page that I read this on)
Based on the wording, it sounds like it's autocomplete data — "I suggested this for what they typed or handwrote, but they chose this instead."
If so, it probably wouldn't include passwords (since password fields intentionally disable this kind of feature), and it shouldn't include the full contents of emails, just telemetry on how they were typed.
But Microsoft really ought to have explanations so we don't have to guess, and they ought to know that. I'm assuming this is on their itinerary and the documentation department is just lagging.
IE and other browsers configured to use Bing have done this for a while. I discovered it while packet sniffing for something else and seeing HTTP requests for the things I was typing in the Address Bar.
I can't say I'm surprised, though saddened, to see this elsewhere in the OS.
Anything that uses web-supported auto-complete (your browsers, for one, regardless of search engine) must do this. There's literally no other way to ask the internet "What are the possible endings/meanings of what I've typed" without providing what you've typed, letter by letter.
Text correction doesn't require hitting the web, but learning about how people make typos does require some targeted data collection (typing followed by deletion and retyping, likely)
I wager what that means is if you hand-write and then type the same text, Windows will/can send the typed & hand-written version to a server, where it can be used to improve the handwriting recognition, either for that specific user or for everybody everywhere.
The problem is there's no like "more info" icon you can click to get an explanation of what it means.
It's important to remember that it doesn't matter what MS is doing today. What matters is what the force-updated version will do in the future. Or did everybody forget that you cannot prevent updates in this version?
Think about this... If more things forced auto-updates, we might not have been forced to support ie6 for so damn long. It's a trade off. Instant security patches, instant support for new standards, etc, all without having to worry about all of those users who just will not press that "update" button. Sounds like a pretty decent plan to me.
I would be fairly surprised if Microsoft didn't re-display TOS after each update, so feel free to keep an eye out. If you really really care about this kind of thing, then I might suggest avoiding products that are tightly integrated with private entities as a general rule.
Instant security patches, instant support for new standards, etc
...as well as instantly "brick" a significant number of machines out there. At least the user has a chance of correlating something breaking with a recent update if he/she explicitly did so. MS have screwed up Windows updates before, and I don't believe they'll suddenly start getting it perfect now.
> I would be fairly surprised if Microsoft didn't re-display TOS after each update, so feel free to keep an eye out.
And my options as a user are then what exactly? Accept the new TOS or have the device rendered unusable and lose access to all my data? That's definitely the basis for an unbiased, informed decision.
This is more of a rhetorical question, but why does every modern OS and browser need to try and become a computing leviathan? Why can't my hammer ever be happy just driving nails? I don't need a hammer that cooks waffles.
I haven't paid for a hammer since I was in college and Hammer XP was $5. I keep buying nails that come with Hammer Home Edition and setting up servers with Hammer LTS and replacing Hammer Explorer with HammerFox. All free.
I'm not Microsoft's target client because I'm a pathological customer. Every home MS desktop user is a pathological customer. They know that.
Whether they don't right this second doesn't matter. Their terms of service say they can. If they decided it was unthinkable that they would ever do this, they could have written their TOS to be less overreaching. But they didn't do that. Therefore they think it's a possibility (if in fact they are not already doing it. Are you so sure? How do you know?)
They also didn't specifically preclude the possibility of commandeering my computer by pushing an update that'll force me to mine bitcoin for them, but I can be pretty damn sure that's not going to happen.
But let me rephrase anyway: I'll bet everything in my pocket that Windows 10 does not, nor will they ever, keylog every stroke and send it back to Microsoft servers for storage.
I can be sure of this the same way I'm sure about many other things I have no definite proof of -- I see nothing remotely resembling evidence that this might take place.
The license agreement should be set up such that installing a bitcoin miner is not allowed despite not being explicitly mentioned. Same for key logging.
Companies need to get out of the habit of writing terms of service that permit the world.
Windows 10's Term & Condition is wide enough to encompass what ever MSFT might come up in the future to track and catalog you as a good, willing, consumer. MSFT has stated that Windows 10 should be the last version of the OS in the current retail format, and therefore, technically, any update/upgrade will still be considered as Windows 10.
MSFT might not want to log everything you write on their OS, but who knows what they will deemed acceptable tomorrow under the same EULA?
there is a lot of pissed off people who are seeing their desktop/notebook OS of choice (for whatever reasons, be it work, gaming etc.) fall into same old bullsh*t category that scumbags from Apple and Google went into (yes, privacy stuff, nothing more, nothing less). by having these on by default, or not changeable in simpler versions of OS at all, effectively most of the planet will get surveillance build in.
Err, no, thank you. Every single system/cloud is hackable, and given enough time, it will get hacked. I think plenty of proofs around us. Tell me, why should I be OK with this? I don't want their tiny functional enhancements for this price. In fact, i don't want them at all. I am never commanding my computer by voice, as is neither 99% of computer users (not only because english isn't their native language), and I see nothing cool nor interesting in it (just one example out of many).
personally, sticking to Win 7 till games will work on them. and if i move, i am pretty sure there will be completely disconnected offline cracked version, if the rest of the system will actually be worth it.
i had the impression lately Microsoft is doing some properly good stuff, but this showed that no, they are just same scumbags as they were 20 years ago, when they gave many people plenty of reasons to hate them. Methods and situations changed a bit, not so much questionable morals.
Why are you so sure about that? And what do you think they're actually doing? I'm not privy to any inside information or anything, but that screenshot seemed to be saying they are; I don't see why they would say so if they're actually not. If they were doing something less extreme, why wouldn't they say that instead?
Microsoft's privacy policy reflects the fact that Microsoft has to comply with the most conservative interpretation of the most restrictive privacy regulations from the set of all privacy regulations found anywhere in the world. It amounts to "Microsoft does not guarantee privacy." The reason is that Microsoft cannot make such a guarantee because of the diversity and strength of privacy regulations.
I'm not saying that strong privacy regulations are a bad thing or that Microsoft's policy is a good thing. Just that Microsoft's policy reflects reality where competitors and activists and politicians are inclined to use privacy regulations for purposes orthogonal to any actual concern about privacy. The connected world is full of caches and Microsoft does not control them. Users can do stupid things that Microsoft cannot prevent.
Agree with the terms and use Windows. Don't use Windows if you disagree. The website hosting the blog runs google-analytics by default. It doesn't ask my permission. It runs Disqus by default. It doesn't ask my permission. The privacy badger ate too many cookies and died years ago. Microsoft is late to the wake.
This might be the first time you'll need a firewall to protect yourself from internal attacks by the OS itself. I don't think I'll be updating to windows 10 any time soon.
595 comments
[ 2.6 ms ] story [ 178 ms ] threadBitlocker keys can be backed up to onedrive if you want, but you can also store them in a TPM or a smartcard (physical or virtual).
I don't see any language that restricts that to their cloud offerings. It's in the privacy statement that covers windows too.
So unless i'm missing something they're granting themselves the right to disclose your harddrive to government agencies or their own legal department on a good-faith basis.
You can keep them from having the key. That's one way around it. Using hardware of some kind (and there are multiple.)
You are also free to use another solution that might meet your strict requirements to personally review the encryption, filesystem, device driver, and memory management code of your operating system to verify it's operating to your specifications. There have literally never been so many options for the privacy minded person with the time to pour through a metric ton of C code.
I'm talking about the data itself. Sitting on my harddrive, as it is.
As I understand it microsoft is saying that they could siphon data from my computer if they deemed it necessary.
Maybe that's an adversarial reading of their privacy statement[1]. But it clearly speaks of accessing files in private folders.
[1]: https://www.microsoft.com/en-us/privacystatement/default.asp...
Are they going to reach out over the internet and take your data? No. They are not going to do that. I follow this stuff really closely. I promise I haven't seen or heard of a capability where they can remotely take data from your machine and turn it over to the government.
You don't have to use agree to it. It's a trade off.
If you have different requirements they are more than willing to come up with a different arrangement with you. (Yes, for a fee.)
They aren't the government. They are an overblown bubble gum factory. It's up to you if you chew or not. And there have never been so many flavors!
There is a company in China that paid them to install Office 365 in their data center. There is an amount of money that will make them install it in your data center, too.
I just think that there has never been more choice for end users and a lot of this stuff about privacy is disingenuous. There are a group of people that wouldn't be happy even if MS released their own version of TAILS and hosted part of the Tor network. (It would be "embrace, extend, extinguish!"..."Tor is part sponsored by the Navy...I be MS gives your Tor traffic directly to the NSA."...It's really not hard to imagine the BS.)
Take, for instance, Richard Stallman is an Alumn of Harvard and MIT. There literally can't be a place that is more establishment. So all of that "freedom" is about being able to use an expensive commercial product that was developed with RnD money from the DOD...but somehow it's morally wrong to not ship source code to a compiler? Can you see where I'm coming from here? The moralizing is pretty arbitrary.
Furthermore, if they did give your content to the Government because of a national security letter how is that abuse of power? Should they not comply with the law? I disagree with a lot of the laws that have been passed in support the war efforts of the last decade, but that's kind of the way that democracy works. I lost, but I still have to live by the rules.
I just think that the privacy absolutism that everyone keeps bringing up isn't reasonable. Even Bruce Schneier says that the way that you actually change these things is through the political process.
Power is a boot on your neck. This is more of an inconvenience.
> Furthermore, if they did give your content to the Government because of a national security letter how is that abuse of power? Should they not comply with the law?
I fully expect that they would have little choice in doing so if they received a warrant from a government with jurisdiction over them. (Though I'd also be unsurprised if they did so even if asked without a warrant.) I don't want them to have anything to give if asked.
> I just think that the privacy absolutism that everyone keeps bringing up isn't reasonable.
Different people value their privacy differently. If you don't value it as much, feel free to trade it for things you consider more valuable. Don't assume everyone else wants to make the same trade you do, though.
I'm not advocating absolutism. You should be able to have as much or as little privacy as you want, which may even mean different amounts of privacy in different contexts.
> Power is a boot on your neck. This is more of an inconvenience.
The government having full access to the contents of your encrypted drive is an "inconvenience"? I'd hate to know what you consider an abuse of privacy, then.
The whole point of encryption is to keep unauthorized people from having access to your data.
So you're basically signing away your rights to privacy. Not based on due process but on "good faith belief".
Someone at microsoft thought there is a need to do that to cover their legal asses. They would only think that in case they anticipated needing it in the future.
You aren't signing away your rights to privacy without due process...that's your part to evaluate. "Is this useful enough to me that it's worth agreeing to this?"
Also, this is version dependent. The TOS for an individual consumer is different than a developer with an MSDN license, and a business with a volume agreement. Do you have different privacy requirements? Are you willing to pay for them? If they can't make money with the product that they built in the manner that they came up with then it isn't illegal, or really even remotely morally odious, for them to ask for a different payment arrangement.
Now. Do I like everything about life in a capitalist national security state? No way. But do I whine when some vendor doesn't do exactly what I want when I'm really not event scratching the surface of enough money to get their attention? Seriously, man.
Obviously the premise of this discussion is that you install their software.
IF you install windows 10 THEN you agree to their terms of service which includes granting them access to your private files.
YOU installed their software. You didn't have to. No one forced you to. Don't like the TOS? Call them and schedule a meeting to talk about coming up with a different arrangement...they will want money for that, but you can certainly have it.
The truth is that there is jack all that I or anyone else can say to you that would change your mind about any of this.
Also, I'm not willing to grant that you are reading the TOS correctly...so there's that point. No offense, but its pretty dense and things that are probably pretty reasonable come across as a privacy invasion to people that are really sensitive on the subject.
I did? I never said so. I'm just looking at their Privacy Statement and find questionable clauses there.
> Also, I'm not willing to grant that you are reading the TOS correctly
I did say that's a possibility from the start. But as long as nobody shows that it's not possible that my reading is not how a lawyer or judge would read it I remain deeply skeptical about it.
The other thing is that it sounds like a lot of privacy minded people can't trust BitLocker despite any number of assurances from MS or code reviews by third parties. AND THAT'S OK. Use something else.
EDIT: I forgot to mention that if you are an admin or just operate your own AD installation you can store the key in Active Directory. The behavior is version specific, I think.
EDIT EDIT: I believe that the TOS you are talking about is specifically referring to online services. I don't have time to stop and read it right now, but I think that you are misconstruing the intent.
Except that the default is both insecure and privacy-violating.
Again privacy-violating by your, arguably, very narrow standard. I'm sorry friend, but you are stating these things as if there's no question as to what you say.
More accurately, you might say that there are higher privacy and audit-ability standards that you would require for your given situation or application. I wouldn't be able to argue with that at all.
They are legally prevented from showing you such an audit log if a National Security Letter is involved.
> It applies to Bing, Cortana, MSN, Office, OneDrive, Outlook.com, Skype, Windows, Xbox and other Microsoft services that display this statement.
> References to Microsoft services in this statement include Microsoft websites, apps, software and devices.
Seems to cover the Windows OS too.
This paragraph (about private communications and files in private folders) seems to be gone from their Privacy Policy. Google cache confirms it was present (in PP, not ToS), but I suppose MS spotted had this insane statement and removed in a hurry - or hid somewhere else, deeper in small fine print and with another wording.
(Or maybe I had totally missed something, scrolling through the document and my browser's search function malfunctioned.)
[1]: https://www.microsoft.com/en-us/privacystatement/default.asp...
The number of people that'll be protected from leaving their laptop in a taxi, or home burglary, or selling/trading-in a device, or just snoopy relatives or acquaintances, etc. is large and MS absolutely made the right call here. Otherwise, you'd have "experts" giving advice to disable this feature or suffer data loss.
Also, if they use OneDrive to back stuff up (like they should!), the security damage is already done as most juicy files will be unencrypted in MS's hosting and still subject to warrants.
"Would you like to store a backup for your drive encryption password on Microsoft OneDrive? If you choose not to do so, and you forget your password, all of your data will be lost. [Yes/No]"
And none of that warrants a ToS that says they can use that backup for anything other than helping you recover your data.
> Also, if they use OneDrive to back stuff up (like they should!), the security damage is already done as most juicy files will be unencrypted in MS's hosting and still subject to warrants.
Hence why client-side-encrypted backups are a good idea.
You know when most people care about whether or not they can recover their data? It's not when someone asks them a Yes/No question, it's when they can't recover their data. And responding with "Well, remember 2 years ago when you clicked 'No'?" Doesn't really help.
I was going to say that the most likely thing folk have done is try to back up their key on the drive they encrypt - but last time I tried that due to not being on a network, I think the Bitlocker wizard refused to let me.
I sure as hell don't want to encrypt my drive a second time because the default setting (that I could only change later, when I'm actually using the computer) for the drive encryption software was to upload the drive crypto key to The Cloud.
Or am I misunderstanding your question?
You're quite right in your response to the GP.
It's dangerous to ask Joe Sixpack a question like this and accept a simple y/n answer. When people are installing software they are rushing thru w/o thinking.
What the software could do is put something like this on the screen:
and force the user to opt-out by literally typing all those characters exactly like that: At least that way it isn't an unthinking, rote response. Maybe also force them to type Anyway, that would probably only help about half of them. The other half won't care until, as you point out, they can't access their data.They are building services that take your information and try to do something interesting enough with it to make it worthwhile...and why is it on by default? Because they want to make money off of the new features and deep integration with your information.
This isn't news. But it certainly may be another excuse to have the exact same conversation that nothing will come from.
Never mind that data generated and collected from cell phone usage will always make the privacy impinging features of your laptop look tame in comparison.
Never mind that the only way to stop companies from doing this is through the political processes that everyone seems to have written off.
EDIT: Downvoting because someone disagrees with the principal argument of the post is lame. Cheers.
Because Cortana would be useless without it and that's a big user-facing feature of Windows 10.
Now, I expect that such a local agent would need to have quite a bit of fine-grained control to satisfy privacy concerns (e.g., do you agree to allow me to send your query about films in your zip code to the MSN Movies site to get showtimes?) But I feel the actual processing of the day-to-day personal assistant features is not only eminently feasible on my desktop, but most likely also on my Surface or laptop.
The cloud is pernicious and voracious, its dominion grows quickly enough without needlessly exaggerating the necessity of offloading computation like this. Local computing devices—especially those that conventionally run Windows (desktop PCs and laptops)—are extremely capable.
Cortana is a cloud agent not because of requisite processing power. Illusory local processing deficiency is just a convenient justification for why it doesn't run locally.
But then, I am a strong advocate of personal compute servers and mainstreaming secure private networks. So I am obviously fringe in today's culture that embraces the centralized cloud.
WRT cloud, we've already reached the point of ridicule with the new generation of Internet-connected hardware. So many useless webapps (er, "value-added cloud analytics platforms") and so many devices sitting centimeters from each other but communicating all the way around the world. There is absolutely no engineering reason for it to look that way - it's all just attempts to milk users by making them depend on cloud services.
You can't firewall it off, but you can learn how it actually works and just turn it off.
For now. This crap is going to get a lot harder to avoid when the Intel SGX instructions are widely deployed and it becomes possible to extend the lockdown from SecureBoot to the kernel and kernel-authorized apps.
I suggest fighting it now, while it is still just an annoyance.
You're right about the CPU. However, it's possible that good voice recognition also requires gigabytes of data. That wouldn't work so well for a tablet. Or maybe there is some custom hardware (like DSP chips) in the data center that is used? I don't know, I'm just playing devil's advocate.
I do agree with your sentiments. I'm not about to opt in to this garbage. I came of age in the era of the mainframe and I despised the lack of personal control. I won't willingly return to that. Today's cloud is just yesterday's mainframes and time-sharing by another name.
Maybe you don't find it that useful, but I think that a lot of people would. It will, in a future release, be genuinely useful. It's getting there.
And connecting to O365 calendars offline? Is that not a stupid concept?
> And connecting to O365 calendars offline? Is that not a stupid concept?
I said "local", not "offline". Though in any case, you should likely have a locally synced cache of your calendar for efficiency and the ability to read it offline. Web apps are quite capable of working while offline.
Worth mentioning: Windows 10 is not just for "full computers."
Did we enter a new era where using your calendar offline is considered a special case ? I would assume there are few people who actively modify the same calendar, and it's pretty easy to tell a user when they modify a calendar offline meaning that it's not synchronized on other devices; is there really a need for making calendars online first ?
A whole host of the Cortana functionality is local that interacts with online services via API's that you authorize.
I don't think that really anything that I say is going to change your mind, but you could check out some of the video's on Channel9 where they go into it in detail. Some of it's pretty good and if you use headphones you can't hear your co-workers talk about stuff that makes you want to slap someone.
I really like the direction they are headed.
It's almost as if "UX people" isn't referring to "UX person." Go to Stack Overflow and the vast majority of questions have multiple answers, as if "programmer people" can't agree on much of anything.
it's really consumers who have the least leverage. If you want an arrangement where your data is encrypted with keys that you store in a tamer proof hardware module you can. It's priced differently, but you certainly can have that. (It's not all that expensive in the scheme of things.)
God forbid we become slaves to the evil corporations. /s
You and I are in complete agreement on the subject...I just fell into hyperbole...
:)
Ever wonder how Google was able to catch up and perhaps surpass Microsoft, IBM, and everyone else in the Voice Recognition field so quickly? It wasn't because they came up with some revolutionary algorithm overnight. It was because they very quickly amassed an archive of transcribed audio samples. How did they do that? Very cleverly with Google 411.
If you ever used Google 411 you might have noticed it worked slightly differently from regular 411. You spoke your query, the voice recognition software spoke back what it thought you said and asked if that was correct. If you said no, or it couldn't understand your reply, it connected you to an operator who first listened to what you'd said and then repeated the confirmation process with you again whilst inputting what you actually said into the system. This created a transcribed audio sample that Google could use as a test case for their voice recognition software. This allowed them to iterate much faster than other companies.
Microsoft is capturing text input and handwriting from touch input interfaces the same way Google's Android keyboard , Swype, or Swift Key do to improve predictive input, spelling correction/suggestions, personal dictionaries etc. Remember Windows 10 is touch enabled operating system like iOS or Android.
I'm not as familiar with the Apple Keyboard but I would be surprised if it didn't do that too in some form. Their Quick Type feature states it performs heuristics locally but it doesn't mention other aspects. Their policy states they don't collect personal information or conversation history but that doesn't mean they aren't capturing corrections or things they deem to be non-personal but sound pretty personal to me (e.g. occupation, language, zip code, area code, unique device identifier). Remember how researchers were able to identify Netflix users based on lesser anonymized meta-data? That non-personal information sounds pretty damn personal in comparison.
I hope you're not using a 3rd party keyboard on iOS with Full Access enable because if so then you agree to the same thing Microsoft is asking for.
I'm surprised you're ok with Apple recording Siri Queries and sharing them with Walk N’Talk Technologies who has humans listening to them but you're opposed to Microsoft doing anything similar in Cortona. How do you feel about Google Now? Did you ever use Google 411 because that was just a quick way to get a massive archive of audio samples.
> Their policy states ... but that doesn't mean they aren't capturing corrections or things they deem to be non-personal but sound pretty personal to me
> sound pretty personal to me
It's pretty clear actually. What you may think about situation may have zero factual grounding. You'll need to provide some citations and references instead of just saying what you think or feel the situation may be.
On their QuickType page they say "your conversation data is kept only on your device, so it’s always private." That's a lie because iMessage and your keyboard Dictionary are synced to iCloud which isn't your device. That doesn't mean that it's in Apples hands or they can access it but it's not a factually true statement either. They're also careful to say "conversation data" and not something more general like "anything you input into your keyboard".
I'm not suggesting Apple does anything more invasive than anyone, I'm just suggesting they don't do anything less based on what's observed.
Is it opt-in or opt-out ? Because I use iCloud for Safari bookmark sync only and it never bugged me for syncing anything. Local iTunes encrypted backup is fine.
Yet.
Seriously, it's not like every contract they have is public information (nor am I saying it should).
I'm sure if I choose the same option in Windows 10 a large part of the OS will be completely closed off.
Edit: Apparently they deprecated it inside the app itself, not in the store. I've kept the message above.
Furthmore, why is it when you delete a photo from your iPhone it can persist on iCloud for up to 30 days?
Likewise, why is it when I restore my iPhone and set it up from scratch it starts to download 100MB + of data over WiFi? [1]
[1]. When I setup my iPhone from scratch (Apple ID, iCloud disabled), it hammered my WiFi at the full RX rate of my DSL line for approx. 10 minutes. That's 4Mbps * 60 * 10 = 2400Mbits = 300MB. I made sure that my iPhone was the only device connected to my WiFi. What could be in that 300MB of data? I should proxy all traffic from my WiFi to my DSL modem via another PC and do tcpdump on that!
No Windows 8, 10, etc. for me until Microsoft makes some fantastically strong and solid statements about compatibility with old software, security, and privacy.
Oh no.
The "security" of newer Windows is mostly anti-user, anti-freedom. XP doesn't enforce code signing, and SFP is only advisory, so you can run whatever you want, hack and customise the OS code easily to get it to behave how you want. Most of the exploits that gave XP a bad name in the early days were from IE in its default configuration, which basically no one on XP will be using now.
It takes time to get bugs get discovered and fixed. There's a lot of new code in these newer versions and I bet they'll be uncovering more bugs in it as time goes on, some of which won't be applicable to XP because the code isn't even present.
As for "privacy"... XP most certainly does not phone home with anywhere near the amount of info that Win10 collects, as this article shows.
I'd be more inclined to say "Worried about security and privacy...but still wants to upgrade to Windows 10?"
My next jump after XP will likely be some form of Linux with WINE - with everything that can phone home removed.
Otherwise, what's insecure about XP? Or more secure about 7, 8, 8.1, or 10?
Sure, using XP means I'm not cool, but what about actual security?
Or are the crucial parts of XP really much different than those of 7? I doubt it. Until the XP support stopped, the same malware scanning and repair software worked for XP and 7.
Windows XP had no UAC and most users were surfing as admin, which was inherently more insecure. Also, XP does not have a bunch of security features the newer Windows had, see http://superuser.com/a/739204. And now without the updates, since security issues are not patched, the system should be open to all kinds of drive-by attacks and whatever was found in the last months. I do not have a list of them.
I don't understand "drive by attacks": My XP computer has nothing wireless, not even the keyboard or the mouse. Wireless, essentially everything about everything wireless looks to me like a gigantic security problem. Right: I have no smartphone; I have a cell phone someone gave me, but I've never used it and intend never to use it. I see no panel trucks outside looking at whatever radiation my equipment giving off.
I really don't get the suggestion in the link that somehow XP is vulnerable just from being connected to the Internet. I don't have much software listening on IP ports -- I shut down that stuff. I don't use Internet Explorer except rarely at Microsoft sites. I use Firefox and have Java disabled.
I don't let data from untrusted sources execute at software. Really, I rarely download any software, not plug-ins, macros, or anything else.
The link says that most XP users run as Administrator. Well, I don't. I have to run as Administrator for some of my software development, but otherwise I run as an ordinary user.
People used to worry about opening e-mail attachments. I never did or would do such a thing. I run Outlook only in text mode; I never let Outlook trigger the processing of HTML or display an image.
My version of Flash is a bit old and, that means that Flash never runs except when I explicitly permit it to run, and I only do that on no doubt fairly safe Web sites.
I permit Acrobat to see a PDF file only from no doubt highly trusted sources.
I fail to see just why my computer is so vulnerable. All evidence is that my computer is safe enough to date.
Windows XP does support the Microsoft High Performance File System (HPFS), and it has capabilities and access control lists (ACLs) which, going all the way back to Multics, IBM's Resource Access Control Facility (RACF), parts of SQL Server, etc., are relatively good ideas for security.
In time I will convert over to Windows Server anyway, make use of ACLs, use virtual machines, maybe some version of containers, etc.
I don't read removable media from untrusted sources. I never use thumb drives. For CDs and DVDs, I tell Windows over and over, "take no action".
There is a suspicion that once Microsoft noticed, say, way back in Windows 95, that their code was awash in security holes, they first saw the bad news and, later, noticed some good news: Fix the bugs but use bug fixes as a way to get users to upgrade to new software, with more bugs to be fixed, to get people to upgrade to more software, etc. Generally Microsoft wants users of Windows to have to keep returning to Microsoft and paying money. Gee, my processor is from AMD and I don't have to keep interacting with them and paying money.
Considering this suspicion, why should I rush to Windows 7, 8, 8.1, 10 with a lot of new software and bugs?
I look at Satya's face and I know that I can't read it or understand him. I can't trust Satya.
Really my big concern on upgrading is the weeks and weeks and weeks of barbed wire enemas I will have to go through, clicking, guessing, struggling, clicking, clicking, clicking, over and over, for hours and hours at a time, days, weeks, months, screaming in anger, literally, until my throat is sore, literally, as I've done too often in the past, just to get back to a system as usable as I have now.
E.g., now I have my main boot partition backed up so that I can restore it. If that partition gets infected, then I will just restore my most recent backup, which has been apparently solid, stable, and secure now for about three years. I know how to do the restore and have done it and tested it. And I have two other partitions I can boot from to do the restore.
So, how would I do such things with 7, 8, ...? Will Microsoft tell me? Nope. They just want to suggest that they can solve all my problems by migrating m...
> My version of Flash is a bit old and, that means that Flash never runs except when I explicitly permit it to run, and I only do that on no doubt fairly safe Web sites.
That does not help. There were flash-exploits for which the click to activate function of browsers were useless against.
> I have a copy of Office 2003 -- with lots of patches, and that's fine with me.
Office 2003 is not supported anymore as well and might contain equally big security bugs (I did not look that up). You open word documents with it, you might be infected.
If you want to stay on a secure system for years where the UI does not change, you will have to migrate to Linux with one of the custom Window Managers like Openbox.
Thanks for a definition of "drive by".
The link was for a lot of versions of IE, some of which don't run on XP. I try not to use IE. Sometimes I had to use it at some Microsoft Web sites. Okay.
Mozilla will let me install a new version of Firefox, but Microsoft won't let me install a new version of IE or let me patch an old version of IE. Bummer.
I'd be reluctant to let my 2003 copy of Word open a file from an untrusted source. I do next to nothing with Word.
Occasionally I run the 2003 version of Excel: I generate the data outside of Excel using whatever software I write and then pull the data into Excel for graphing. I don't try to use Excel files from other people.
So, Flash can hurt even if I don't run it! Wow. Looks like Adobe worked really hard to help the hackers.
Does Microsoft really want the their security holes fixed?
Gee, in a big company, how can people pass around Word, Excel, and HTM files? One infected file, and many of the computers in the company can get infected.
Whatever happened to the idea that a program that reads data checks to see if the data is okay and makes sure that bad data can't cause the program to hurt anything? That was the long the implicit, expected standard, right?
If someone can send me a DOC file for Word and, reading that file, Word infects my computer, then Word is junk, and Microsoft writes junk software. Bill and Satya need to get on the case here.
Microsoft's infected toxic-ware? It's been a long time, Microsoft -- time to fix this stuff.
On time sharing, it was the case that any user could write and run any software at all with no damage to the operating system or to any other user. Why is it possible at all to run software as a user on Windows and hurt Windows? Bummer.
Microsoft, we need some guarantees, or at least strong assurances with, say, a major bounty program, that such things just are not possible. How about a bounty of $1 for the first bug and for each subsequent bug double the bounty? How 'bout that Bill? Risk your fortune or fix the bugs?
Ref: http://windows.microsoft.com/en-us/windows/lifecycle
But maybe some of that software would have run into problems on Vista.
Maybe Microsoft wants to assume that I will do my typing into Word or Outlook or Excel. No I won't. I type into my favorite text editor KEDIT. I keep my e-mail in files maintained with KEDIT and use Outlook only to send and receive, that is, handle the POP3 interactions. Maybe Microsoft believes that, sure, I will do my word whacking with Word. No I won't; I use Knuth's TeX and, then, PDF.
Microsoft thinks I like their efforts at GUIs -- I hate nearly all GUI efforts and make heavy use of command lines in text windows. The command lines run scripts I wrote.
I make relatively little and light use of the features of XP and still less use of Microsoft's applications. So, my security is not very vulnerable to any remaining security holes in XP.
Can someone still using XP really claim to care about security?
There has been some focus on porting older games to OS X and Linux in the past year or two, so the situation is constantly improving.
If you mainly play AAA games, then you're stuck with Windows, but there are definitely some good games out there right now for non-Windows users.
Games that run on OSX and Linux are the exception. Granted, there are now very high quality offers unheard of in the past (Kerbal Space Program, to mention one).
If you are on OSX, you have access to a bigger selection of games (Elite: Dangerous, for instance, or EVE Online - both using Wine). On Linux, good luck. Steam improved things a little, but it's still an oasis in the wasteland.
AAA games are still mostly locked to Windows.
If you want to play PC games you pretty much HAVE to have Windows save for a few titles that alos work on Linux/OSX.
This is why I'm hoping Steam OS becomes a viable replacement for a desktop gaming machine in the future.
I generally use that on my browser for when I hand my laptop to someone else and don't want their activity polluting my history, but now there's the risk of the entire OS learning someone else's habits when they just need to use the computer and don't want to log in. Sometimes, guest accounts are too restrictive.
I do like having the option of a personalized experience, and Microsoft is generally one of the most restrictive companies when it comes to sharing data. With their push toward more personal cloud services, I hope they will take special care to maintain that record, although everyone knows that certain groups like government have ways of getting whatever they want if it's available.
Hopefully, some of the fine-grained permissions of Windows Phone will soon carry over to the unified platform for those who want it, but either way, I would still do any especially sensitive work on Debian or a similar system.
They already do pollute the OS history with their behaviours. Examples would be the DNS cache, the thumbnail database and the temp directory. Most people just don't know about these or look at them. But they can be very revealing. The problem I have is that the OS is so ready to upload things. I don't want my OS to upload anything at all, unless I command it to do so.
As for incognito, can you sign into windows as guest now? Or even have multiple accounts on the same pc? If so you could create a guest/dummy account if you are interested in giving the personal assistant pure data.
Is it? I haven't tried the release build yet but this was removed from the preview.
I'm a bit conflicted now. My girls are 7 & 9 and they've been using Microsoft Accounts. With the final Win10 build having all this (none of these settings worked a few months ago), it looks like I've got a lot of reading and explaining to do for them.
Some kind of "off the record" mode would be invaluable for voice interfaces. Hell, it would be nice if there was a check box under the Google search box as well, but I imagine Google would never make it too easy to avoid their data mining. I feel like we never had the proper privacy conversation we needed to have with companies like MS, Google, Facebook, etc. I think some level of easy to use yet strict segregation between what I consider my public life and my private life should be cooked-in, and enabled by default, into all this software.
Isn't that what incognito mode is for? If don't want your searches in cards at all, you completely opt-out of the cards that are strictly based on your search history. Ctrl+Shift+N seems like a small, reasonable step to go off the record. What is the alternative?
There's no reason why they couldn't to the same thing Mozilla does: a) have a pretty clear account thing for "sync", b) have a pretty clear page for opt/in out on what to sync, c) Have working self-host sync solution, d) have an open source sync solution so you can easily see what's going on, and how things are encoded/stored.
Second I explained that under 13 means stuff won't work, so let's add 10 years or so to make sure they don't have trouble.
My own children are still using computers with Windows 7. They play Spore (Windows only), Sims 3 (Windows only) Minecraft (Java, so playable anywhere), Osu! (no idea, really), and a couple of other games. I have no intention of upgrading Windows on their computers past 7. Take a look at your options, you might be surprised how easily Windows is replaced with anything else.
As a parent, I'm also not sure if an equivalent of Family Safety exists on other platforms. Windows sends me weekly overviews of our kids PC use and blocks inappropriate content. Also, our kids log into their own profiles, I don't give them Administrator level access, they have to aks me if they want to install something.
After being out of the PC scene for 10+ years -- and as a rabid apple fan -- let me say this: PC gaming is AWESOME. Games I'd only played on Mac before come to new life on a proper gaming PC. That said I would probably go into a different line of work if I had to use Windows as my primary dev box.
http://www.imore.com/metal-os-x-so-huge-i-no-longer-need-mac...
As a Java application, Minecraft runs perfectly fine on any operating system.
As for your parental controls, if you wish to apply them you can do the exact same thing on any GNU/Linux platform.
Even though I personally hate literally almost every new feature of Windows 10 and the design of the entire OS, I'm still running it, simply because I get much better performance out of it than I do on Win7 - and I can generally customize my UX.
Hopefully, Valve OS's initiative might bend this and allow the Linux world to be at least on par with MSFT when it comes to graphic drivers. Considering that from the three main console out there, both the Playstation and the Nintendo are using a flavor or another of OpenGL, there is some hope for the future of alternative to MSFT outside the office and MSFT centric software development.
I would drop Windows in a heartbeat if that happened. There is no other reason keeping me using it other than games.
worth the time it takes to check it out, imo...
Well, maybe Child Protective Services should be involved? They intervene when children walk home alone from the park, perhaps they'll start to intervene when children are raised to use Microsoft products? http://www.usatoday.com/story/news/nation/2015/04/13/parents...
Just kidding, of course. But my daughters are now 14 and 17 and I don't think they know how to use Microsoft products. We've been on OS X for about 10 years.
So maybe CPS should investigate me? Am I doing my kids a dis-service by not exposing them to the dominant OS?
Why do people seem to gloss over the fact that we can implement these technologies without losing privacy? e.g. voice recognition has been possible on home computers for decades now. You don't need the cloud for it.
2. ???
3. Profit.
And seriously, Cortana would be useless without the cloud aspect. Half the things it does revolve around connecting your digital life together by accessing various things about you. Without the cloud, it's literally just Windows 8 search.
How is that? Desktop systems respond quickly, cloud systems often respond after a second - it takes time for data to do a round-trip over crappy mobile connection. Mobile latency is a big thing.
I agree wrt. Cortana (and Siri, Google Now) - most of the things you use them for will require Internet access. But there are still a lot of things that you could do with voice that shouldn't require a network connection, and we're missing the ability now. Not to mention you have zero customization options for cloud-based recognition. I could make good ol' MS Speech API recognize pretty much anything I wanted it to. No problem making it recognize a limited subset of two languages at the same time. With cloud-based systems, if the voice recognition doesn't like my accent, I'm out of luck.
The experience is not quite the same. We have voice recognition since at least late 90's but you have to spend long hours training (> 20 hrs) in order to have a decent result (not even comparable). The fact that is cloud based now enable the software to fit better to different accents and pronounciations.
Another thing is that personalization is not really possible in today devices if you want more than 3hrs battery.
On the other hand, generally I'm pretty impressed with just the voice recognition/transcription by Google on my Android phones (exception: "ferociously"). Transcriptions in Google Voice on the other hand are, hm, marginally good enough to often get a general gist of a call before I return it, but if I need the actual details of the message there's no choice but to listen to it. This includes calls made by me, from my phone that I also do voice recognition on, into a Google Voice number that I use for some tracking.
It is interesting that the transcriptions in the web interface show how confident they are of the quality for each word by how dark the word is.
Microsoft could ship their pre-trained dataset with the computer, or make it available as a download. They choose not to.
It's a big, really big dataset, and things get far better the more data you have. In order to even have it, let alone keep it up to date, a significant amount of space and memory would be needed.
You don't seem to understand the size requirements for getting a good dataset. Don't you think Microsoft would have loaded up the dataset if it was easy and cheap? They didn't have a desktop cloud-based recognition service until literally yesterday, so they had many, many years to include this magical dataset that solves all your problems without cannibalizing another one of its products. They didn't because it's not feasible right now. In the future? Maybe, hell, probably.
I have 602 GB free on my first hard drive, 519 free on my second, 699 on my third, 1.06TB free on my forth, 405GB free on my fifth and 46 free on my 6th.
If Microsoft would be kind enough to release it to me, I think I can probably find a corner to squeeze it into.
>Don't you think Microsoft would have loaded up the dataset if it was easy and cheap?
No, I don't. Microsoft wants our voice data, it's extremely valuable to them. They've figured out that there's gullible people like you who will swallow the "it can't be moved onto a local computer" tale hook, line and sinker, and thus give it to them for free.
Why are you doing that? Grow some cynicism.
You are assuming that they have a different model for each language and region, which I don't think is true since Cortana understand my foreign accent besides of being using USA as a region (Canadian version works really well too).
> I have 602 GB free on my first hard drive, 519 free on my second, 699 on my third, 1.06TB free on my forth, 405GB free on my fifth and 46 free on my 6th.
Good for you, but I don't have that many free space. Gee, I only have 20Gb free on my laptop. I think you might be bias about your situation but not everyone has +1Tb of free space waiting to be used for a voice command.
I never said storage is the limiting factor, in fact, I even said you need a significant amount of "space and memory".
They should have called it "Clippy's Revenge"
I don't know much about Windows 10, so I'm curious what features you are referring to that require heavy tracking like this.
If leveraging a lot of data allows for better speech recognition, why can't your computer access a remote speech recognition data set that stores and shares the results of its machine learning algorithms rather than uploading actual audio data? Instead of sending actual audio, send and receive very non-personalized non-specific derived model data to/from a repository somewhere (or even peer to peer).
And why not have all the features that can be done locally be done locally. If it's possible for my computer to understand me entering an apportionment, why should that go to a MS sever to be stored forever?
There's a lot more that goes into understanding than JUST speech recognition. First of all, speech recognition by itself isn't exactly trivial, and that's become more and more obvious as we've seen the smallest accent mess with the digital assistants on all the major phones. Yes, technically, Dragon Naturally Speaking existed a decade ago and worked somewhat, but needed a LOT of training, and was dumb as a brick. It doesn't compare.
But beyond that, understanding the meaning of the spoken word is difficult too. Yes, NLTs exist, and they can be very good, but you really need something that a team is administering. They can identify pain points and do regular updates to help... things like an odd band name that is ALWAYS misunderstood, some odd combination of words that confuses a question with a 911 call, etc., otherwise you're just going to end up frustrated.
I should also mention that a digital assistant really needs the power of a full search engine behind it. This allows for auto-correction of mispronounced words, but it also allows near-instant lookups for relevant information. If this was running on your local machine, not only will the processing be slow for some things, it will also be more limited in it's ability to fully process all possible meanings, and it will need to be updated CONSTANTLY.
These companies, by putting the language processing in the cloud, are throwing teams and hardware at the problem, and yet they STILL have embarrassing difficulties when it comes to actually understanding sometimes. Consider that for a moment... hundreds, even thousands of servers running the latest software for processing natural language for multi-millions of people aren't capable of getting your meaning 100% of the time.
Incidentally, I realize that there some open source projects out there that do some rudimentary voice recognition and processing, however they suffer from the same issues addressed above and are MUCH more limited in many many ways. Many of them still make use of cloud-based services for processing the audio, btw. The one advantage, I will say, is that you have to ability to add your own custom commands and actions, which the major systems obviously don't allow.
In the 90s we had slow voice recognition that took a long time to train, that would only ever work for a single user, in a silent room... If it worked at all... Which wasn't very common.
The point is, some of us don't believe that this was an engineering choice.
> In the 90s we had slow voice recognition that took a long time to train, that would only ever work for a single user, in a silent room... If it worked at all... Which wasn't very common.
And in the 2000s we had fast voice recognition that took a little bit of time to train and that would work over a crappy microphone with loud music playing in the room, all of that running along other software on a $500 PC. I know because in 2007 I made my own Star Trek-like (with proper computer sound and voice feedback) voice recognition system I used to control music that was played on Hi-Fi speakers. It took me like 20 minutes to train it and it worked pretty much flawlessly from anywhere in the room. The voice was captured by a crappy mic I soldered myself from parts and placed on a wardrobe.
And the single-user-only mode? That's actually a feature, not a bug.
If we did it that way, then Marketing couldn't datamine their customers lives to find better ways to extract money out of them.
Nobody's answered my question as to why The Cloud is the magic pixie dust that solves this problem, and why it could not be solved locally with modern compute power and modern ML techniques.
Machine learning algorithms haven't changed that much since the 90s, what's changed is the amount of data we have access to, and the amount of data we can process.
When you're training it yourself the data is what's limited. The fact that we can process more data doesn't matter if we don't have access to more data because you can't speak any faster.
But if you have millions of people speaking to it, then we can take advantage of the fact that we can process so much more data.
Firstly, the models (particularly the language models) needed for state of the art performance are huge. It's not atypical for papers to discuss using a billion n-grams, for example ( https://wiki.inf.ed.ac.uk/twiki/pub/CSTR/ListenTerm1201415/s... ). That's several gigabytes of memory and storage at the very least, and you'd need a copy of that for every spoken language you'd want to support. Plus you need to keep that up to date with new words and phrases; it's much easier to keep models fresh on a server than on everyone's computer.
Power and CPU time are also a concern. Big beefy server farms can have trouble keeping up with state of the art speech recognition algorithms; a laptop, tablet or phone is going to struggle, especially when running off a battery, is at a huge disadvantage.
But the biggest advantage to server-based speech recognition is indeed that more data is critical to improving accuracy and performance. There's no data like more data. And you don't just need more data, you need a lot more data. You can get big gains from just doing unsupervised training on 20 million utterance rather than 2 million: http://static.googleusercontent.com/media/research.google.co... There's simply no way you're going to get anything like 20 million utterances without getting data from millions of real world users.
... and people think sentient AI is on the horizon. :P
The large data size affects the training, but the model itself is pretty small now (after some hard work on Google's part).
The thing everyone seems to be missing is that Android's (English) voice recognizer is offline[1]. While you can use the online model I suspect that is more about continual update of the model (so it understands new words and changing accents etc) rather than recognition.
[1] http://stackoverflow.com/questions/17616994/offline-speech-r...
And did you ever use it? Forget sentences, it used to even struggle on a handful of keywords. Even now offline recognition are way far behind the online ones. I have pocket sphinx installed on my raspberry pi and even in a quiet room it has false positives with just a list of 10 keywords. Ohh what I would do to have an offline recognition system that is on par with Cortana/Siri/Google Now.
But I gotta say, I have the feeling that the pendulum is gonna swing back pretty soon. I'm noticing more and more (regular) people being fed up and creeped out with the massive harvesting that Google, Facebook and Microsoft are doing. Opportunity awaits!
I mean more of my problem has to do with the fact that it's an open door than what they will actually do. It doesn't say they will send audio data, it at most says "associated input data" which for all I know could be a database from their algorithms, or it could be a live 24/7 stream from my webcam and audio device.
I guess the thing is that some things are not acceptable, and whether there's a disclaimer or not, people aren't going to like it if we find out that all of our audio is being recorded and uploaded to Microsoft. But it's not, not as far as anyone can tell yet.
But again, we're only worried because they're what, giving us the option to opt out? I mean, if they wanted to they could just go ahead and stick somewhere in the privacy policy something like "from time to time microsoft will upload certain input data for improvement of service quality, depersonalized information may be sent to partners." down in paragraph 24.c.iii. Or they could just not mention it at all.
The question is are you willing to trust the OS. I mean, hell, Ubuntu Linux went and sent all of your search information to Amazon without even giving you the option to opt out in the install process at one point. It could be disabled, but unless you knew about it in advance there was no option to do so. And Ubuntu is open source.
I can see use cases for it, and one actually ties into the location services. Say you're from a region with a specific accent. If the system can tell how you speak, and how other people speak around you, it might be able to create an accent subset for you based on the collective data from all of those speakers. It might be able to guess from a few sentences and your location that you're Glaswegian and start to understand you, not because you trained it, but because across the region many people have trained it a bit. Then with the location to tie the regional accent together, even if you're in the US once you've spoken a few phrases it might be able to identify you as belonging to that regional language group.
But uploading of all spoken data to Microsoft would be silly, not just because it would piss people off, but because it wouldn't be something you could hide, and it would end up being quite a lot of data that's really not that useful.
But could it be possible? Sure. But they could also do it without tipping you off or giving you the ability to opt out.
Games are a good example. Nobody would expect a baseball player to object to tracking statistics. That's a big part of what makes the game. Online gaming is the same way. Tracking achievements adds to the fun for a lot of people.
But there are also larger social issues where tracking can be beneficial. We live in a world with a lot of diversity and an increasing amount of information. People get overwhelmed and tend to revert to tribal thinking, attacking anything that doesn't fit their group's perspective. I don't know if people on their own could ever get over this type of behavior in a world that's impossible to keep up with without taking mental shortcuts and relying on summaries of what's happening.
Personalized deep learning is an attempt to create a relatively neutral arbiter of all this information, distill it into something useful based not only on the user's behavior but also the aggregate of everyone's behavior. The algorithms don't just learn from what you like but have the potential to uncover interests and information that you might never be able to access outside your bubble.
Cortana brings that kind of aggregate information gathering to your desktop. It's an early example, and it needs lots and lots of data to learn, and the more diverse the data set it can analyze, the closer it can be to doing its job of feeding relevant information.
Windows 10 is also meant to be an Internet of Things OS. Lots of companies are working on connected devices that depend on syncing with your account. A common example for today is telling Cortana to remind you to pick up milk when you're at the store. The reminder goes to your account, and when your phone detects you're at the store, it reminds you to pick up milk.
Of course, there are people who are going to try to use this to sell you things, but that's always been the case. The hope of people working on these things is that it can bring you actually relevant suggestions instead of just the products with the largest advertising budgets. Old advertising models were very centralized and only the largest ones could really win. Personalized advertising might be able to bring the smaller but more relevant products to your attention.
Personally, I don't like advertising, and I'm not especially excited about this part of it, but that's definitely the monetary angle for it. The part that does excite me is the possibility that we can start to break down some of the communication barriers between people, get people outside of their bubbles, and bring relevant information to people based on large trends instead of isolated social groups.
There's plenty to be skeptical about here. Money tends to push things in directions that only benefit the ones with money. Microsoft and all the other IoT companies have a lot to prove before their products can be considered actually relevant for people. There's a good chance most of them will be no better than the old way of doing things. But there's a lot of potential there too.
Privacy should always be an option, but having a public online life can be good for people too.
If you do go through the installation/setup screen you will see that you have now a "advertizing ID". This made me feel edgy and I cannot shake the memory of the tattoo on the victim's forearm from the Nazi solution of its undesirable population, powered by no less than state of the art technical solution, provided by a top technical solution provider at the time.
That's an interesting statement considering how most recommender systems tend to suggest things related to your interests, further keeping you within the confines of your bubble. How is Cortana different?
Who wanted that for desktop computers or laptops? This is not going to fly with business customers. Microsoft has already bombed twice in the business space, with Windows Vista and Windows 8. This looks like another bomb.
Windows 7 is still pretty good, and it will probably be the main Microsoft desktop OS for years to come, despite what Microsoft wants.
...nor with some private customers. Microsoft seems to be overlooking that not all nations are so happy about "the cloud" as the average American seems to be. Germany for one, where I currently live, is much more sceptical of sharing personal data -- potentially motivated by some of its 20th century history.
But all that aside, a lot of people only used their computer occasionally, say to write a letter (again, Germany, a lot of bureaucracy still requires paper letters over here). Transparently syncing documents with an external server that you have absolutely no control over is really nothing such a user wants.
Onedrive on Windows 10 explicitly asked me "what folders do you want to sync?" when it first popped up.
We were spun a load of marketing disguised as listening and attention. This turned out to be exactly what Microsoft wanted which was another aggressive move against customers both business and consumer. Despite all this the noise and confusion and dubious love for the products is shining out of the arses of every non technical news source.
What did we expect?
I've left the party now. Closed my MS accounts, cancelled MSDN and AP subs, rolled out CentOS 7 on my laptop and have moved the remaining windows dependencies I have to a VM. If you don't like it, now is the time to make it known.
This is after using MS products since about 1993. No more loyalty or milking.
The software industry is moving away from the model of servitude to a vendor. Good riddance.
That said, all that data harvested and used to customize the interface for you is indeed convenient.
Doesn't have data, GPS, Bluetooth or WiFi so that's not a problem. The best it gives is rough triangulation data from cell towers but I can leave it at home and do nefarious things to my own heart's content if I so desire (not that I intend to).
PS Are you sure it doesn't have Bluetooth?
I checked and it did have Bluetooth on the Nokia 103 menu.
Don't get me wrong, I value privacy, but all things in moderation, including paranoia. I personally don't think most peopke's lives are that controversial to be so concerned about their privacy that they'll avoid the grid altogether lest some lewd fact trickle out amongs the billions of other lewd facts trickling out about everyone.
Safety in numbers is only valid if it's difficult to discern facts from the flock. But it's not. The technology logs and correlates specific data for fast retrieval rather than collecting noise and then discerning the signal later on.
Oh and I'd never drink Bass; maybe an Abbots or two ;)
This sounds suspiciously like 'nothing to hide nothing to fear'.
I don't think batou is being overly paranoid at all. Especially not with the last year or more of news.
If anything, this is massive tech company overreach on the part of Microsoft, Apple and especially Google and Facebook.
More protection in law is what is needed, not for people to suck it up and accept it.
However, it will ask you first about that. And it is not actually Android, it is Google Play Services. For snitching your pictures, you have to download an extra app by yourself.
If you don't like that and you don't want to say 'no' when asked, use Cyanogen without Gapps. That way, you'll get non-spying vanilla Android. (That means without Play Store too).
Use it with a throwaway Google account to download apps from the Play Store, then use adb to install them on your device. This works fine for apps which don't rely on specific Google libraries or services being installed on your device.
I'm hopeful that Firefox OS and perhaps Ubuntu/Full GNU/Linux on phones will help. Canonical hasn't got a perfect record when it comes to privacy or openness -- but if they manage to invest the resource to develop a truly open stack that works on real hardware, I expect people to make other distributions that do pretty much whatever one wants.
I'm going to ditch Android for a free-er OS when I have the money, although if possible I want to get a [Fairphone](https://www.fairphone.com/) (tl;dr 1. no shady business practices/exploitation, 2. modular with replaceable parts (bonus points for having an integrated protective case), 3. Fairphone V2 will be 100% Free Software (or at least, the firmware/drivers will be), 4. costs $800 as a result).
I'm actually really interested in seeing the Fairphone be a thing.
Actually I installed it to test our desktop windows product against it as well as our web application in Edge.
This was a decider for us: do we move it to Windows Runtime or move it to Qt/JavaFX, to the web or something else?
We're evaluating Qt and JavaFX going forwards.
As I said I've been using Windows since 1993 as my primary operating system. I've used Unix (Solaris, HPUX, Linux, FreeBSD, OpenBSD) over the years but never in a desktop capacity.
Also one of our clients, a big financial company has rolled out RHEL6 as a desktop platform instead of windows 8/10. They are not trend-setters either.
You bitching that your job requires you to test a product against Windows in a VM is not the same as Microsoft holding you personally hostage to give up all your personal information, however you try to spin it.
We have to test against the lowest common denominator so we're not using Enterprise or VL for this nor are the machines domain members.
The privacy policy changes violate our network AUP, security policy and compliance with a number of regulations. We handle confidential financial, insurance and medical data.
That's where the catch-22 is. There is no possiblity for us to use this and remain in compliance.
Not only that, every version of windows since 8 has called home. There is a lot of traffic outgoing from our network we block from machines. And that is with a heavily locked down GPO and custom WIM deployment.
If you only have limited time and energy for activism, you have to go for the bigger targets (to make it easy to collaborate with other activists) or go for the most local targets (because you may have a comparative advantage).
One is having approximately equivalent alternatives. If something is wrong with a particular kind of chewing gum, I can easily switch to the next brand over. But when that's not the case, standards should be higher, because normal market forces no longer constrain players in the same way.
The other is the size of the potential impact. If one corner-store merchant keeps their credit card receipts in a box under the counter, it's a much smaller problem than, say, Target or Home Depot keeping them in a poorly secured network.
Are you also free not to have your private information (personal data, trade secrets, whatever it might be) given to Microsoft by others you interact with who do use Microsoft's new operating systems?
Obviously I don't speak for everyone, but I think "no one wanted it" is a stretch.
I have a 3 desktops, 2 laptops, a NAS and 2 servers and have solved the problems transparently without any cloud services.
How so? Billions of people choose to pay for services/software with their privacy these days. Microsoft isn't to blame for that. If anything they were really late to the party
Over the years, if they really make Cortana useful and seamles pdates and systems maintenance the default due to the new "cloud" nature of Windows, they might see a similar adoption or switching pattern as SaaS solutions have seen in business.
At this point most traditional or slow businesses still using licensed software with local IT admins are being outcompeted by more agile competition using SaaS solutions.
Then again, what alternative do corporates have? They could stick to an older version of Windows, and become less competitive (assuming Microsoft pulls it off), or switch to Linux, which is doubtfl for most office workers (though our entire devshop uses now Linux ultrabooks).
Good luck with that one.
I did. Linux and OSX are still available for whoever wants them. You can stick with Windows 7 if you want, that's just fine. I like Cortana. I like my software knowing what I like and what I'm interested in. It makes my life easier, which is what computers were invented for.
I can see why some people might not, and to be fair I use Linux on my work laptop because the work I do demands it. I would never put my client data on a Windows machine.
But like I can see your side of the argument, you have to be able to see that some other people want personalization and learning and all that. Pandora and Apple Music are both heavily tailored that way. Google Now on your phone knows everything you do. Netflix can find videos for you to watch based on what you've watched before. Amazon will recommend purchases to you based on what you like. Hell, half the people on this site build these systems. You know how many machine learning articles there are on the front page every week?
So who wanted that? I did. And so did several million other people. For the people who don't want it, I mean it's not even really opt-out. They ask you up front do you want the default or do you want to pick your own privacy settings. If you still don't trust it, Windows 7, OSX, and Linux are right there, just a click away.
> you get presented with a customize wizard. The first screen has a large chunk of text on it, a large and clearly visible button to proceed using the default settings, and a small hard to see text link that lets you choose your own setting values instead of the defaults.
> Everything about this screen is urging me to just accept the default configuration and get on with life.
Doesn't mean those people "don't care enough" about their privacy. Those people are my parents and my friends and I know that they do.
We know our computers, we can fight back, many people cannot. I believe that when a piece of software tries to provide "sensible defaults" for people that fear they might break stuff, or simply not understand the "advanced options", that those defaults should be SAFE and TRUSTWORTHY.
Windows 10 obviously breaks that trust, and the people who can't spend an hour digging through advanced options (for many reasons) are just pounded into submission against systems they feel slowly slip from their control.
Sucks to be you if your relationships, be they business or personal, are as fragile as a volatile technology.
Expecting your friends not to use cloud services seems a bit unreasonable and unenforceable. Are you really going to tell all your friends they should write down or memorize your phone number instead of storing it in their phone?
What we talk about isn't.
Microsoft collects your friends' names so it can spell their names correctly when you use speech-to-text or related features. I thought that's what you were objecting to. What kind of data are you talking about?
At some point privacy is no longer a choice, not a real choice anyway. You get to chose between participating in society or keeping your privacy. It shouldn't have to be this way, but it is.
Personally, I require that all my so-called friends communicate with me in morse code over short wave radio. It works a treat.
After all, if you don't want others to share the data, you shouldn't interact with them.
There are huge differences here on at least three crucial dimensions: intent of the sharer, the audience with whom it is shared, and the sensitivity of the data shared.
The ramifications of the destruction of anonymity and privacy affect everyone whether or not we understand enough right now to get this.
Also, "sucks to be all these people who would benefit from interacting with me but where I may stop interacting".
This is not a problem that is a personal, individual problem. This is a social problem. Period.
The content of our communications is the matter under consideration i.e the content of the envelope.
"If you tell me your name, I'm free to repeat that to whoever I want. If you aren't ok with public information being re-broadcasted, don't go outside."
to which you said:
"Actually in the UK it is covered by the Data Protection Act. Interesting times ahead. If you knowingly or unknowningly give personal information away without my consent this is illegal."
What you're saying now and what you said then are two different contexts.
https://ico.org.uk/for-organisations/guide-to-data-protectio...
Refers to Schedule 2: http://www.legislation.gov.uk/ukpga/1998/29/schedule/2
Additionally, there are "Sensitive" personal data: http://www.legislation.gov.uk/ukpga/1998/29/section/2
So if someone were to ask your computer "Do you know any trade unionists?" and it were to reply "I know this person. His name is batou.", and you weren't covered by the Schedule 3 exceptions, that would be an offence. This is an attempt at preventing employment blacklists.
http://groups.csail.mit.edu/mac/classes/6.805/articles/priva...
That's been considered the foundation of privacy laws in the US. Europe generally has stricter laws -- for instance in Norway, until recently, it was technically illegal to keep an electronic[1] list of names and phone numbers of parents in a school class, or an electronic membership list for a club (esp: minor members).
That's now changed, and the requirement for being granted a "data license" are less stringent -- most electronic record keeping is legal -- everyone being granted a pre-emptive licence of sorts. However, that license is subject to things like a) being responsive in giving out/responding to requests to correct data, to show what data you have on an individual to that individual, and b) making a reasonable effort to keep the data safe.
Breach of those can lead to fines, and the revocation of the implicit license -- meaning you're not allowed to keep such electronic records any more.
Understandably Germany have a stronger emphasis on privacy, being a) a fascist dictatorship under Hitler recently, and b) half of Germany being under the Stasi also recently.
Why people in the US aren't more afraid of personal data ending up in privately held data banks where they are subject to National Security Letters, hackers, anti-union organizations working with big business, anti-native American rights activists and whatever else -- I don't know.
Maybe most people think that the next group to be frozen out of the job market won't be communist but Muslims -- and, hey, I don't know any Muslims -- so why should I be worried?
[1] Note the electronic bit. This is due to how trivial it is to link digital data, and how trivial it is to copy/get hold of a copy without the original missing etc.
Rights and freedoms that you can only exercise by giving up any semblance of normal life are no rights and freedoms at all. The idea that the moment you step outside of your home or go on-line you forfeit any right to the slightest respect for your privacy and we should just accept this is silly.
And if you think the only people who care are a few internet warriors, please consider the likes of Google's Glass and Street View, where some people have felt strongly enough about the invasions to resort to actual criminal violence in response, and some entire countries have clamped down on the surveillance in response to public concerns.
In any case, with many of these systems, we aren't talking about public information. We're talking about technologies that systematically abuse friendships and commercial relationships by getting one party to tell the technology operators information about another party without that other party's knowledge or consent and potentially even if that information had been given in confidence.
No, I think that just because we can do something, it doesn't mean we should.
In a literal sense, you have no rights or freedoms that you are not prepared to protect with your life. You can lose anything else to someone willing to try hard enough to take it from you. Fortunately, in civilised societies, we do not generally require everyone to die to defend basic human rights that most of us think are worth protecting. Instead we adopt laws and punish those who would break them.
The alternative is the path of craziness, filled with things like the "right to be forgotten".
And as you can probably guess, I support the basic idea of the right to be forgotten as well. I have no problem with requiring companies that specialise in providing easy access to data -- and that make huge amounts of money because of the immense volumes of data they deal with -- to make it harder to access information about, say, victims of abuse or mistaken identity. When the statistics came out about who was really making use of the right to be forgotten ruling in Europe, contrary to all the naysayers, it mostly wasn't people like criminals and politicians who arguably invited negative publicity.
That said, I have no problem with reducing the profile of criminals with spent convictions either, nor those who have done things that were not criminal but which society frowned upon at some point in history. A society that never forgets, full of people who want to hold everything someone ever did against them for all eternity, is not a healthy society. I believe most people can be rehabilitated even after a dark past, and the evidence about how successful different legal systems around the world are at preventing recurrence of damaging behaviour overwhelmingly supports that position as well.
In other words, if you consent to Microsoft tracking you, it means I cannot trust you in private communication even if you would otherwise be trustworthy person.
This is completely distinct concern from what is true public information.
Not indefinitely. It will get EOL'ed, and at that point it might not be possible to opt-out of the upgrade.
Which isn't bad given that MS isn't going to keep supporting W7 forever: It's a genuinely bad thing to have unpatched OSes with known security holes (zero-decade, I suppose?) out in the hands of non-technical users. That kind of thing was moderately acceptable when Average Windows User was behind a dial-up line, but those are going away, too.
It's always possible to opt out of the upgrade with Windows 7. I have a perpetual licence to use it, and I can turn off any automatic updates that would break it.
The worst that will happen, short of Microsoft as a business going under or similarly dramatic changes, is that I will only enjoy free security updates from Microsoft until the end of the guaranteed support period (still several years away) and then I will have to use alternative means to secure my systems against any remaining threats.
As demonstrated by the large organisations still on XP, one of those means may simply be paying more money to Microsoft to continue supporting an older platform you want to keep using.
If the OS is popular enough, once they get known, they will be fixed by the community if not MS. Look up "Windows 98SE Unofficial Service Pack" and "KernelEx". In fact the 98SE community is still very much alive... and has added support for a lot of things that MS didn't.
Gradually, I predict the same will happen with XP, and possibly 7 when MS stops supporting it.
So do I, but I don't like my software vendors knowing it too.
Philosophical question: is it really your life, if your software may be subtly persuading you in a different direction than what you would've taken if it hadn't been making the suggestions to influence you?
There is no doubt it will make things easier for you if all you do is effectively accept and follow everything others want you to with no resistance. However, that's not what I'd consider "your life" anymore.
Your mind is wired by evolution to assess, evaluate and react to human behavior. It is equipped to defend you another humans' attempts to influence your behavior for their own ends when you interact with them in person. Software that you run daily should be able to bypass those built-in protections in a more subtle and personalized manner than traditional advertising or propaganda could ever dream of. In an untrained mind it won't meet resistance but the mind can be trained; the "bigotry against 'robots'" (really, human organizations acting at a distance) on the part of humans who read enough stories like this one emerges as a result and is completely justified.
And if it is by evolution, that immediately presents the trivial solution that we will naturally evolve to relate better to machines, making this a nonissue.
No less so than if your friends, family, coworkers, and society at large may be subtly persuading you in a different direction than what you would've taken if they hadn't been making the suggestions to influence you.
Does only the hermit truly own his own life?
> There is no doubt it will make things easier for you if all you do is effectively accept and follow everything others want you to with no resistance.
While that may be a danger to keep in mind, that's not what's being suggested. In fact, I'd argue much the opposite is being suggested.
Instead of being told what we want and adapting to our corporate overlords, would it not be preferable to communicate what we want, and have the companies adapt to us instead? To service our wants and needs?
There is a difference between those and MS.
So I challenge you: How? In what way? Does it meaningfully change the calculus of your total life ownership? Why?
In spite the fact that in the case of friends, family, coworkers I can be the one persuading them in a different direction and I also know a bit about them (you cannot suggest that in the case of person-company relationship both are as strong in influencing each other, maybe in large numbers of people protesting and that's a huge maybe):
The thing is, there are 5 billion people on Earth but far less operating systems. So, when they tell you "my way or the highway" while at the same time more products support their way, you'll eventually end up stuck somewhere in the past, like the old nut in the hut living on top of a mountain, while everyone is throwing their personal data to Microsoft and friends telling me that it's going to be ok because "the functionality provided is convenient". Which makes zero sense.
Companies, in many ways, strike me as amazingly straightforward to manipulate. So easily swayed by the almighty dollar that such trite as "the customer is always right" gets dolled out as actual management policy at times.
We block company ads, our eyes scan past the ads that remain, we spam-list their emails and rip into them on our various review sites when they wrong us.
Companies realize, though, that talk is cheap, and see through our bullshit a little better. And, sadly, there's very little self control by consumers at times.
> you'll eventually end up stuck somewhere in the past, like the old nut in the hut living on top of a mountain
It's not so bad here. I don't even have a Facebook account. There's enough ad blocking options out there to kill several news companies several times over. That's before installing a proper separate firewall box.
> while everyone is throwing their personal data to Microsoft and friends telling me that it's going to be ok because "the functionality provided is convenient". Which makes zero sense.
It makes zero sense if you lack agency and choice. You have an opt out. It makes zero sense if you provide what you didn't will to. Opt ins are superior, I'll certainly grant. It makes zero sense if you haven't recognized the full ramifications and potential impact of sharing the data you share. They don't know what they're getting into.
But it also makes zero sense to dismiss "convenient functionality" as a reasonable rationale to give data freely, by choice, if you understand the impact and potential ramifications of it. There's a reason this stuff works. Ignoring that merely blinds you to the beast, and robs you of taking as much advantage of it, or to defend against it's detriments.
I'd add to that list things like Toxoplasma gondii.[1] Who knows, maybe it is the viruses controlling us all. Maybe there are behaviour modifying viruses that cause little to no overt symptoms of infection, or maybe the viruses are changing the DNA of bacteria that impact all living creatures microbiomes. Scary stuff.
1. https://en.wikipedia.org/wiki/Toxoplasma_gondii
Reference: https://en.wikipedia.org/wiki/Filter_bubble
But how many people will?
How do you handle business e-mail ? Only on the linux laptop ? Is the windows device only for personal and entertainment purposes ?
But that's the thing, right ? People want their computers to be more intelligent, reactive, adapted to their needs. They don't want Google, MS or Apple to know everything about them. How did the first came to automatically imply the second ?
Apple, Google, MS and others could deliver the same products (software that learn user behaviour and adapt accordingly) without sacrificing privacy, invading personal space and storing private documents on the cloud in order to parse it to deliver relevant ads.
Machine learning should keep on trying to be machine learning and not solely data scraping for marketing tuning and exploitation.
What does it bring me that MS or Google knows my search terms of the day ? I want my quad-core CPU to know that when I browse HN it should automatically split the screen in half and open my media player to listen to radio music because that's what I do most morning. Why do I have to do that by hand ? Can't it know or guess my routine by now ?
Or is all the tech just a glorified lexical parser to fine tune ads to increase their efficiency ?
That said, this whole thing gives me the creeps and I'm glad I'm no longer a Microsoftie.
That could be done locally, without sharing the private data. The local computing agent can then look up in the public (like the pool of those who deliberately published content for all to see) for information that may be of interest to the user. That would have been a moral solution to please everyone. What we see happening now is a nightmare!
It could be done locally, but in order to not share any data with the server you'd need to run the analysis (with all of the associated data) on the local machine, which unless I'm missing something would add some non-trivial constraints, e.g.
- Getting research-grade analysis code up to local-install quality levels, keeping that code updated
- Bandwidth and HDD space for large datasets
- The additional load on the CPU, memory, battery, and messaging that to the customer
- The legal and privacy implication of all that opt-in data being transferred and processed on thousands of opt-out customers' machines
- The need to have an entirely duplicated system because some people would rather opt-in and not have to run all this stuff run on their already-creaking-under-the-weight-of-windows-and-outlook-and-word-and-antivirus laptop
Maybe I'm misunderstanding something, but from this view I can understand why they didn't want to do it this way
Those improvements could be done with much less intruding anyway (be it for the sake of it or because johnny hacker is going to release those data someday).
Sure, although user happiness (broadly) drives market share so they need to maximise that to maximise profit.
Could they? My amateur understanding is that a lot of today's success in machine learning is due mainly to having enormous amounts of data to work with.
When I look at Google Now, for example, I can't imagine a way to build it without collecting an ocean of detailed personal data. Or your example of finding common behaviors and having computers do the right thing: that gets much, much easier if you have the daily behavior data of 10m people so you can start extracting concepts like "typical morning routine", testing recognizers for that, and having them not do anything in low-confidence situations.
I've not checked to see if it's in the more recent release EULA, but the assumption was that it was there for the beta diagnostics as opposed to the day-to-day use.
Everyone who is switching over to cloud connected OSs on their tablets and smartphones.
Why should I have to reinstall and resetup every new computer? My contacts have been following me around on my phone for 8 years now, why the heck shouldn't they be just as accessible from my PC?
My favorites, they should always be there. Chrome does a great job of this, it is nice that Microsoft has decided to catch up.
Windows 8 had some of this, having wallpapers, theme colors, and OneDrive follow me around already made my computers all seem closer together, now just a little bit more is happening.
There is so much common sense in this. If I schedule an appointment while I am at home for me to leave work early to go pick up my cat from the vet, it should show on my work PC because that damn well makes sense.
All this does is bring Windows fully into the 21st century.
> Windows 7 is still pretty good, and it will probably be the main Microsoft desktop OS for years to come, despite what Microsoft wants.
About 6 hours ago I was apprehensive about Windows 10. Now I'm using it and it is lightening fast and responsive.
Computing as an appliance, imagine some day logging into any machine in the world and having it setup just as you like.
why don't you all pro-MS or pro-let's-lose-privacy people don't get a single thing - as per moral standards, any kind of option should be disabled by default (meaning 95% or more people on this planet will never enable it) and you should chose only enable that if you will? It could be the first screen welcoming you on first start of OS, whatever. not even having an option to disable it on cheaper windows is just plain wrong & smells cheap, again in moral sense. As we all know, corporations, any kind, are not high on morality these days. Increasing shareholder value at all costs and similar is the mantra. that google and others are doing it doesn't make it any more right (i have all these things like google one disabled on my phone anyway, at least that's what I like to think :))
As to why we want to not use it, I do believe Mr. Snowden made a point or two in the past.
We're making a choice based on a button with a one sentence dumbed down description. But what is the full legally binding extent of what we're agreeing to with each click?
Nobody knows. "We share with our partners". What's being shared? Who are the partners? Who are their partners that will also have access? What's being done with it? Am I personally identifiable?
Etc. Even if they wrote a page for each box, which they haven't, it will still be pointless because there is probably some other waiver in the 300 page EULA.
If businesses fall too far behind adopting modern software/features their employees are familiar with using on personal devices they will have to accept reduced productivity.
It would be fine if they were defaults if you actually saw them.
I mean, I agree with the article that the layout is definitely pushing people who don't care to just pressing "agree", but if you care about privacy, it's not like it's hidden from you.
Great point...
Where's that utopian future where we bounce between a dozen purpose-built VMs, each customized to the task we're doing?
https://www.qubes-os.org/
Sounds like switching to a guest account. Not as quick as a simple "toggle data recording" button, but that functionality is definitely already in Windows.
What do you mean by that? Not only you can't set any access rights for applications (they get what they ask for and you can either accept all or not install the application), but the OS also synchronizes your main account's contacts and calendar to THE CLOUD without asking you, telling you, and even without a way to opt out of it.
Citation needed?
Really? You expected what is basically a built-in keylogger?
No way.
Nope.
Nice job design devils.
what i like about the situation - it might actually make some bigger organizations turn away from what MS can offer. biggest issue are usually Win-only or IE-only intranet apps, but with proper management steering, changes (in the way technology for apps is chosen) can be done. Now just to have proper substitute for Active directory, and it's game over for their OS there.
Sigh...I can still smell the sharpie ink and wet postage drying on the back of a manila envelope.
These are fun and interesting times.
Apple is trying to sell hardware, which a robust encrypted cloud experience tied to that hardware will do.
Microsoft is trying to make money from the operating system; since they're giving it away for free, they have to sell commercial access to third parties (ads in the Start menu? really?).
Google, well, I assume they're out to mine as much data as possible, whether or not it's user-specific.
What Microsoft is doing is giving consumers a free upgrade on Win7/8 PCs where the operating system has already been paid for.
This is basically the strategy already used by Apple and Google (Android): once you have bought the OS (bundled with the hardware) then you get updates free.
Who's going to pay for that?
Apple, Google, Facebook, Twitter, LinkedIn, the FBI, NSA, CIA, DHS, they all have my data already. Thanks to OPM, the Russians and Chinese probably have my data now, too. What does it matter if Microsoft has it? They probably already have it. Maybe it's even better to make sure everyone has my data, rather than allowing it to be used as a competitive advantage by one or a small set of corporations. Cat's out of the bag. Horses have left the stable. Whatever other metaphors you want to throw in there.
So decide, and decide now: either go full-in on FOSS, or shut up and eat your cookie. Otherwise, this exercise hasn't been about privacy, it's been about anti-Bill-Gates-and-Steve-Ballmer-Microsoft sentiment.
The problem is that with all platforms, the opt outs are hard to find and, even worse, hard to even know when the opt outs even exist.
Worse, you are still financially supporting these decisions by either buying the OS or adding to the usage counts. By "opting out" while still using the OS, you're still asking for more of this crap in the future.
In any case, I'm all for FOSS but it doesn't seem to be a solution to this problem, which admittedly, is not even really a problem to everyone.
Now, I think the incentive structures for FOSS projects are a little different such that the FOSS environment isn't going to converge on the idea of collecting such data. But clearly, throw any sort of system that wants to make money into the mix, coupled with the fact that users just refuse to pay for software anymore, and every giganto corp from Mozilla to Canonical are going to independently come to the same conclusion of collecting this sort of data.
The problem is not that privacy is important. The problem is that privacy isn't as important to people as not having to pay cash for software. So the people who are complaining about this are never going to be happy with anything Microsoft does. Either MS collects too much data, or they are tone-deaf to the market and aren't keeping up with cutting edge features. Either MS "hides" non-default settings, or they are falling behind in the state of the art of UI design.
I mean, Apple or Google wouldn't have even given you the little link that people have been complaining about as "hidden", even though it's right there on the screen. They would have expected you to hunt the setting down in some settings dialog somewhere. What MS has done here is standard MS UI design theory, has been for over two decades.
But it's cool to bash on MS. And the only way such people are going to be satisfied and stay consistent, is to completely bail out of any software where anyone involved has a need to make income.
Making money from either advertising or additional services are definitely incentives.
The other one worth mentioning is that trying to make platforms popular with users drives integrating on-line services as well as using more information from the user to deliver advanced services. At the moment local applications are at a disadvantage compared to on-line ones because they don't have as much data to do clever things with: Gmail vs Thunderbird is a good example. General users want the convenience of services like digital assistants - and while some of it can be done with local processing, some cannot.
FOSS is certainly great, but it isn't the end all be all, despite utopian hippie delusions to the contrary.
The keylogger and Start menu ads are just creepy though. I shouldn't have to opt-out of targeted ads INSIDE MY OS.
http://i.imgur.com/tdkFeiQ.png
According to these screen shots, this guy got skincare product ads in his start menu.
I can't verify because I noped out of anything that smelled like ads right from the get-go. Also, classic shell.
!!!EDIT: I know it looks shopped, which is why I said I couldn't verify it. Windows Store app ads are quite real though.
"Its awesome living in a mansion! According to this picture, this is what my mansion looks like"
"!!!EDIT: I know I don't own a mansion, but other people do and this is what it would look like if I had one."
(I guess for some ads, the very fact that it thought your eyeballs were fit for them already discloses more about you than you'd like... and I'd guess that at least some ads placed by Google would be able to figure out whom they were shown to. But other than that, isn't data collected by Google kept secret from everybody else? It'd make sense from a business standpoint apart from any other considerations; better keep the competitive advantage, and better keep exactly what you know a secret from users as well as competitors.)
This is exactly correct, and it's why I prefer trusting Google with my data over anyone else. I'd rather have my eyeballs bought and sold by a company who's only competitive advantage is the fact that only they have my data.
Also, I interacted with Google's AdX and others and I must say that Google's AdX is much more restrictive in the user data exposed. The identifiers they give are completely unreliable for tracking users and they don't even give away the full IP. They are also doing a good job in reviewing the content being served on the client side, they detect if you're setting cookies or doing other things that are against their policy and their approval process is a pain in the ass. Other competing platforms, like MoPub (now owned by Twitter), are much more relaxed.
The general rule of thumb in the ads space - the bigger you are, the more eyes are watching you, this is why smaller players are breaking the rules with the purpose of grabbing as much land as possible before going public.
At least for me I tend to trust MS (at least the new MS) more than I do apple or even google.
Well, today is Thursday. That other stuff was from Tuesday. Tomorrow it will be something else about somebody else.
"Typing data" sounds like keylogging. If it's what it sounds like, that's really emphatically not okay; that would include all passwords and the contents of all emails sent.
Would someone with actual knowledge care to chime in and say what data is actually sent? If it turns out that Windows 10 really is sending keystrokes to Microsoft by default, it seems likely to cause a significant backlash from Microsoft's business and government customers.
Also, enterprise editions of Windows apparently have more opt-outs... regular editions cannot opt out of all data collection. (sorry, can't find the page that I read this on)
If so, it probably wouldn't include passwords (since password fields intentionally disable this kind of feature), and it shouldn't include the full contents of emails, just telemetry on how they were typed.
But Microsoft really ought to have explanations so we don't have to guess, and they ought to know that. I'm assuming this is on their itinerary and the documentation department is just lagging.
Can you explain how you got to this from what you asserted before? Autocomplete data should be more than enough to get that content.
I can't say I'm surprised, though saddened, to see this elsewhere in the OS.
Text correction doesn't require hitting the web, but learning about how people make typos does require some targeted data collection (typing followed by deletion and retyping, likely)
The problem is there's no like "more info" icon you can click to get an explanation of what it means.
It's important to remember that it doesn't matter what MS is doing today. What matters is what the force-updated version will do in the future. Or did everybody forget that you cannot prevent updates in this version?
I would be fairly surprised if Microsoft didn't re-display TOS after each update, so feel free to keep an eye out. If you really really care about this kind of thing, then I might suggest avoiding products that are tightly integrated with private entities as a general rule.
...as well as instantly "brick" a significant number of machines out there. At least the user has a chance of correlating something breaking with a recent update if he/she explicitly did so. MS have screwed up Windows updates before, and I don't believe they'll suddenly start getting it perfect now.
And my options as a user are then what exactly? Accept the new TOS or have the device rendered unusable and lose access to all my data? That's definitely the basis for an unbiased, informed decision.
I'm not Microsoft's target client because I'm a pathological customer. Every home MS desktop user is a pathological customer. They know that.
Far more people never consider it and just let their new faster computer have a different OS.
It's intellectually dishonest to think that's what s going on, because it ruins the conversation about what they're actually doing.
But let me rephrase anyway: I'll bet everything in my pocket that Windows 10 does not, nor will they ever, keylog every stroke and send it back to Microsoft servers for storage.
I can be sure of this the same way I'm sure about many other things I have no definite proof of -- I see nothing remotely resembling evidence that this might take place.
Companies need to get out of the habit of writing terms of service that permit the world.
MSFT might not want to log everything you write on their OS, but who knows what they will deemed acceptable tomorrow under the same EULA?
and as we don't know what is in your pocket, the bet is off. :)
Err, no, thank you. Every single system/cloud is hackable, and given enough time, it will get hacked. I think plenty of proofs around us. Tell me, why should I be OK with this? I don't want their tiny functional enhancements for this price. In fact, i don't want them at all. I am never commanding my computer by voice, as is neither 99% of computer users (not only because english isn't their native language), and I see nothing cool nor interesting in it (just one example out of many).
personally, sticking to Win 7 till games will work on them. and if i move, i am pretty sure there will be completely disconnected offline cracked version, if the rest of the system will actually be worth it.
i had the impression lately Microsoft is doing some properly good stuff, but this showed that no, they are just same scumbags as they were 20 years ago, when they gave many people plenty of reasons to hate them. Methods and situations changed a bit, not so much questionable morals.
I'm not saying that strong privacy regulations are a bad thing or that Microsoft's policy is a good thing. Just that Microsoft's policy reflects reality where competitors and activists and politicians are inclined to use privacy regulations for purposes orthogonal to any actual concern about privacy. The connected world is full of caches and Microsoft does not control them. Users can do stupid things that Microsoft cannot prevent.
Agree with the terms and use Windows. Don't use Windows if you disagree. The website hosting the blog runs google-analytics by default. It doesn't ask my permission. It runs Disqus by default. It doesn't ask my permission. The privacy badger ate too many cookies and died years ago. Microsoft is late to the wake.