back to article Windows 10's 'built-in keylogger'? Ha ha, says Microsoft – no, it just monitors your typing

Don't want Microsoft tracking you online and collecting data on your computing habits? Then you probably shouldn't install the Windows 10 Technical Preview, Redmond says. The interwebs were abuzz on Monday over concerns about the Terms of Use and Privacy Policy of Microsoft's newly released, not-even-beta-yet OS, with some …

Page:

  1. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      if I were

      If I were a hacker I'd be working out how to take advantage of this little 'feature'.

      1. Michael Thibault
        Devil

        Re: if I were

        >If I were a hacker I'd be working out how to take advantage...

        There's a fine line between smart'n'lazy and smart'n'evil.

    2. Anonymous Coward
      Anonymous Coward

      Re: Class action law suit

      Oh it's ok - it's in the EULA - that means they're allowed to do it, right?

      Anyway, the software isn't yours, it's licensed to you - just like the data you put in it. It's all theirs.

      1. RyokuMas
        Facepalm

        Re: Class action law suit

        "Oh it's ok - it's in the EULA - that means they're allowed to do it, right?"

        Let's see how quick the Google astroturfers on here are to claim that Microsoft are copying Google when it comes to EULA practices...

      2. Chika

        Re: Class action law suit

        Actually, methinks this AC has a point as the EULA is liable to run into problems with privacy laws in a number of countries, my own included. Goodness knows that there have been enough security hack cases in places like the UK and Germany (the first ones that spring to mind) and legal shinanigans with various companies including Microsoft that would have made them cautious about this sort of thing. The EULA might have some legal standing but it is not above the law.

    3. This post has been deleted by its author

    4. tony2heads
      Big Brother

      Re: Class action law suit

      Your hat is heated by ohmic dissipation of the massive mind control rays!

      On a serious note: I downloaded this and was planning on trying this out until I read about this keylogger.

      NO WAY am I willing to 'try out' a known keylogger.

      1. dogged

        Re: Class action law suit

        I am. I just run it offline.

        1. mark jacobs
          Megaphone

          Re: Class action law suit

          There's nothing you can do, Dogged. Even when disconnected from the internet physically, Windows 10 uses the nearest unsecured wifi hotspot to get another connection. And, if your PC has no wifi adapter, it builds a "software only" version using secret kernel directives. You cannot and will not escape their jurisdiction! ;-)

      2. h4rm0ny

        Re: Class action law suit

        >>"NO WAY am I willing to 'try out' a known keylogger."

        I am. They've just provided me a way to Google-bomb Windows. I'm going to open Word and type Tony Blair and delete it in favour of "lying scum" a few thousand times. Heck, I think I can probably script that simulating keyboard events.

        I'm picturing Cherie Blair typing a letter about her husband and the autocorrect just unexpectedly replaces his name. It makes me feel happy just picturing it.

    5. Just Enough
      Facepalm

      Re: Class action law suit

      If you don't want to assist in a test programme, then don't download a test version produced expressly for the purposes of testing.

      This is not just a free version of Windows 10. It is not designed to be used in a live environment. If you are entering sensitive personal info into it then you are a moron who shouldn't be playing any part of a test cycle.

      1. spodzone

        Re: Class action law suit

        You miss the big problem.

        It's closed-source proprietary software. In previous releases, you were not aware of built-in keylogging ability; when Windows 10 is finally released you will only have their word for it that something *which they are capable of doing* has been disabled.

        I'm not prepared to go a single step down that line.

        1. Anonymous Coward
          Anonymous Coward

          Re: Class action law suit

          "It's closed-source proprietary software"

          And Open Source is so good at protecting personal - say SSL - secured data isn't it?! LOL.

          1. Anonymous Coward
            Anonymous Coward

            Re: Class action law suit

            say SSL

            That was accidental, due to a bug - that can be proved, because it's open source.

            Big difference. Microsoft's offerings are insecure mostly by design. This is why they're so desperate to throw mud at the likes of Google.

      2. Inertia

        Re: Class action law suit

        What if I'm testing forward compatibility for our bespoke software products made for other people under which I am NDA'd and subject to the requrements of ISO27001?. Clot. Sensitive information goes further than my Amazon login.

        1. Donn Bly
          FAIL

          Re: What if I'm testing forward compatibility for our bespoke software

          If you are testing your software with sensitive, non-anonymized data, then it is your fault for violating the NDA and the ISO security standards.

        2. Ken Hagan Gold badge

          Re: Class action law suit

          "What if I'm testing forward compatibility for our bespoke software products made for other people under which I am NDA'd and subject to the requrements of ISO27001?"

          Then you can either not bother with the Technical Preview, or you can use it in a VM that has no network access, or you can hope that your NDA violation is anonymised by MS.

          But whatever you choose, Microsoft were pretty clear in their announcements that the point of making the Tech Preview available to everyone for free is so that they can collect stats on your usage. The Windows 8 previews were all the same and Microsoft repeatedly defended the Win8 UI on the grounds that their "telemetry" contradicted the nay-sayers. There's no such thing as a free lunch and plenty of hints about how MS intend to benefit from your use of the preview. If you don't then read the EULA with some care, that's your problem.

          1. Daniel B.

            Re: Class action law suit

            Microsoft repeatedly defended the Win8 UI on the grounds that their "telemetry" contradicted the nay-sayers.

            Their telemetry was severely broken then. Because pretty much all beta testers were complaining about Metro and were doing the registry hack thing to disable the hideous Start Screen until one of the releases outright removed that ability and rammed Metro up all the beta testers asses. That might have given MS the "wanted" telemetry, as nobody could do otherwise.

      3. Dazed and Confused
        Facepalm

        Re: Class action law suit

        If you are entering sensitive personal info into it then you are a moron who shouldn't be playing any part of a test cycle.

        So you are saying that you can't actually test whether this system is usable in any sort of real world situation?

        You can only test whether it can connect to other test environments.

        Perhaps someone might like to test whether it can connect to their FB account. Since FB won't allow you to have fake or test FB accounts then you are saying that it is not possible to test this part of W10.

        1. Ken Hagan Gold badge
          Facepalm

          Re: Class action law suit

          "So you are saying that you can't actually test whether this system is usable in any sort of real world situation?"

          Well, duh, YES! We are at least a year away from release, according to Microsoft's own timetable, the kernel reports itself as version 6.4 (so eff all major internal changes, then) and you haven't paid Microsoft any real money for the privilege.

      4. rdpayne

        Re: Class action law suit

        Like my 86 year old mom even knew she was installing a new operating system, NOT. She still doesn't know that she has a new operating system, has NO IDEA that she accepted a EULA.

        FUCK microsoft

    6. Anonymous Coward
      Windows

      @tinfoilhat

      "I smell pure evil here."

      I don't. Here's the thing: Microsoft has never made it a secret when and/or how they're doing data collection. First, and foremost, its in the EULA and other official documentation which Microsoft has. Especially considering the fact that this is a beta / pre-release version (as such not yours) I think they got every right to do this. In fact; I can understand that collecting "usage data" would help them out.

      But if you look at areas where data collection has become the standard, I'm now talking about mobile (smart)phones, then once again its Microsoft who turns out to be the gentleman.

      When I got my Windows Phone and started using it I was first confronted with several questions which informed me that Microsoft would like me to enable data collection. This happened when using the virtual keyboard ("to improve the automated responses"), the search feature ("to better optimize the search results"), the OCR (text retrieval from pictures) feature, the photo scanning feature and the voice dictation feature.

      In every case this was opt-in. I had to give them permission otherwise the data collection would be disabled.

      I once discussed this with a friend who has a "different brand" of mobile phone. And guess what? It was all opt-out. Everything had been enabled by default and if you wanted it off you simply had to go over all the settings yourself.

      Microsoft evil? For sure; they most certainly have their ways. But not in this case in my opinion.

      1. This post has been deleted by its author

    7. phuzz Silver badge
      Facepalm

      Re: Class action law suit

      "Where as I can understand this in beta testing with full disclosure"

      Microsoft calls it a "Technical Preview", but it's a beta by any other name, and they've been quite up front about collecting user data from it, provided anyone bothered to read the EULA they clicked 'Accept' on.

    8. Phil Kingston

      phil-kingston@outlook.com

      To be fair, they've made it ridiculously abundantly clear it's not for production use.

      Anyone using it as a main OS is taking some big risks.

  2. Chairo
    Facepalm

    Figures

    I always wondered on what kind of strange user data Microsoft based their ribbon interface on. So it was based on the behaviour patterns of people playing around with beta software? Interesting approach...

    1. Anthony Hegedus Silver badge
      FAIL

      Re: Figures

      The office ribbon interface seems to have been based on very accurate user feedback and usage data, you can really tell. It's just that after gathering all this data, microsoft's elite team of crack programmers decided to use their amazing brains to make the interface as annoying as possible, with a "hide-the-useful-function" methodology that still haunts me today,

      Does anyone actually use those stupid style things that take up half the bloody ribbon? Does anyone actually know how to make numbered paragraphs work?

      Oh and exactly what usage data led to the decision to have the standard paragraph style with an extra several points of blank space "after" each paragraph, thus making it hard for the average user to work out how to actually type an address which doesn't look double spaced? I mean seriously.,.

      1. Brewster's Angle Grinder Silver badge
        Gimp

        Re: Figures

        "Does anyone actually use those stupid style things that take up half the bloody ribbon?"

        I use Libre Office.

        We need an icon for smugness.

        1. Lionel Baden
          Coat

          Re: Figures

          We need an icon for smugness.

          use the linux penguin ;)

          Ill just go get my coat and RUN !!!!

      2. Anonymous Coward
        Anonymous Coward

        Re: Figures

        Is this the very same statistics that concluded: "people hardly use their start menu, so let's make it full-screen!"

      3. Anonymous Coward
        Anonymous Coward

        Re: Figures

        If you aren't using styles, then why are you using a word processor? You could just an electronic typewriter with memory and be done. Styles make things so much neater and easier and more consistent. No one can use Word's paragraph numbering because it is broken - other programs get it right, but Word has always managed to bugger things up.

        That said, the ribbon sucks. There is no order, the entries are all different sizes mixed all higgeldy piggeldy so that trying to find a specific item is like running your eyes across a bumpy road.

      4. Primus Secundus Tertius

        Re: Figures

        So you type the address in "No spacing" style and the body text in "Normal". That's what those "stupid style things" are for. And for headings, of course.

      5. bpfh
        Mushroom

        Re: Figures

        Oh yes, I get how to use the styles and numbered paragraphs in the ribbon. I had been using them for great effect in all my manuals since Word 6 for Windows 3.1.... So.... When they went and hid everything in plain sight in the bloody ribbon, it took me a real conscious effort to keep using the damned software trying to find all the options that used to be all clearly available in the format > styles menu... including googling for "how to deactivate the ribbon office 2007" and "activate real menu office 2007"....

      6. John Sanders

        Re: Figures

        The main reason for the implementation of the ribbon is to make an interface that once the majority of people get used to, have a lot of trouble changing platforms. It is mostly about locking people in.

        The ribbon does not rely on a hierarchy of categories that you can navigate and interpret logically, instead it relies on a combination of spatial+muscle memory, ideal for people accustomed to treat computers like an old VCR, a TV or a toaster.

        Follows the paradigm that if you want to make an interface easy, just add a dedicated button for each function. (Works only for <= 15 buttons)

        So:

        1) Is MS patent encumbered, if you implement it on your OS you can be sued.

        2) Fixes the problem of the floating toolbars (a problem created by MS in the first place)

        3) People have difficulties changing product if they get used to it.

        So it is win win win... Windows!

        I'm actually more worried about the industry reliance and assumption that you will use a computer running windows to set infrastructure up, and that a MS ecosystem is mandatory in every office to do absolutely anything.

    2. Richard Jones 1
      Holmes

      Re: Figures

      Having never heard of a programme as explicitly set out as the present one I suspect that the user feed back on the ribbon was based on a more select, (in other words biased) sample of those who were in the know. A small sample of queries raised by users about the things they needed was in all likelihood rolled into a wish list. That was then rolled into a 'we must do it a new way list'. That was then proved in focus groups (Steven Jay Sinofsky's nearest and dearest?) and inflicted on the rest of the world.

      When beta testing win8 I don't think I ever found the 'official way' to shut down. I might have tried several different approaches including trying *.bat files on the desktop and Alt F4, but the one the worked best was the big silver button (your mileage may vary) on the front of the machine. Unlike hunting and pecking with the mouse the silver button worked every time.

      They have been honest, said they will collect data and hopefully avoid the dumb stupid errors of the past and advised you NOT to do mission critical work on the test machine as you may be copied, lose files, etc. Seriously those are very clear almost harsh disclaimers and advice. Anyone who cannot read, does not care or plain ignores the risks does not earn much sympathy from me.

      I would still like to try the new product as Win8 was a total disaster for me with all the devices that it did not support. However, it would be on a non-live rig but otherwise still connected to my network - when I was happy to run it that way and once I have a suitable stand-alone PC.

      1. bonkers

        Re: Figures

        Remember all the user data that Redmond said went into crafting the Office Ribbon UI? Where do you suppose it came from?

        I thought they'd plucked it out of their arses. Seriously.

        Word and Excel were excellent programs till the ribbon, an exemplary implementation of Pink Floyd's "I've got thirteen channels of shit on the T.V. to choose from"

        For neo-luddites wanting the authentic 2003 functionality, there is a lovely new toolbar you can install, called Ubitmenu - which looks like another ribbon tab but its all you need. It's free for domestic use and about a fiver otherwise, and as usual be careful on the install as you won't want any other crap they might try and install with it.

  3. Khaptain Silver badge
    FAIL

    Key Strikes Yes - Letters NO

    I can understand the need to see how often the Ctrl, Alt, Alt GR and the Windows Key are pressed and even the ensemble of letter keys but I do not see the need to store or collect the individual letter keys.

    This is simply wrong. This cannot be justified, we already know which words and letters are the most common, these are already established facts.

    Letters include, Passwords, user names, bank codes etc... simply unjustifiable. And when people know this they will change their habits which will skew MS results...

    Alsi if MS are doing it,m then the haxors will follow, they will simply hook and chain these "accepted" procedures.... fail.

    1. Arctic fox
      Headmaster

      Frankly speaking Khaptain if anyone is doing their banking............

      ...........or other security sensitive tasks on a pre-beta like this technical preview then they are frakking brain dead. As far as this particular case is concerned you have to choose (of your own free will) to download and install the TP, choose (of your own free will) to sign up for the insider program and finally not bother to read the EULA in order for this to come as a horrible shock. To sum up: Anyone who accepts an invitation from any example of BigCorp to become one of their "partners" without reading the small print very carefully indeed should not be allowed out of the house without a note from their mum.

      1. Khaptain Silver badge

        Re: Frankly speaking Khaptain if anyone is doing their banking............

        @Arctic

        As much as I agree with you, I digress that banking was a little bit extreme. But I can easilly imagine them logging into Github accounts, email accounts and possibly testing VPN connections which would be valid scenarios for testing.

        1. Arctic fox

          @Khaptain I take your point with regard to..........

          ...... "Github accounts, email accounts and possibly testing VPN connections which would be valid scenarios for testing."

          Those are indeed valid points, however I am still concerned that people (who are either professional techies or enthusiastic amateurs) download this kind thing without reading the small print. If "geeks" do that kind of thing what hope do we have of ever persuading the "great unwashed" that one of the most important parts of good security is using some basic common sense. Installing this without reading the EULA is not much more impressive than those idiots who salivate and click the moment they see a "free porn" link.

          1. Vociferous

            No one ever reads the EULA.

            And everyone knows it. They're even made to be intentionally hard to read to discourage users reading them, mainly because they're pretty much without fail full of illegal or unenforceable terms.

            Which is largely OK, since in civilized parts of the world they're not contracts but simply a corporate wishlist and something to scare the users with.

            1. chivo243 Silver badge
              Headmaster

              Re: No one ever reads the EULA.

              Ahhh, that is why the font is size 3 or 4, so no one who actually wants to read it can?!!

              1. dogged

                Re: No one ever reads the EULA.

                > that is why the font is size 3 or 4

                That's funny, the Win10 EULA I got was 10-point Verdana.

                Did you get a different version?

                1. chivo243 Silver badge

                  Re: No one ever reads the EULA.

                  No, didn't get Win10. I was generalizing for all EULA's - they are all pretty effin small for my old eyes, and usually too long for my short attention span.

            2. Anonymous Coward
              Anonymous Coward

              Re: No one ever reads the EULA.

              The we will track your every move was high up in the EULA i managed to spot it strait away and stopped reading there and made a quick exit.

              I don't mind them knowing what i do on it, which programs i use, how i navigate around the user interface etc I think this is reasonable its a good way of getting real useful data as its more accurate than just user feedback on a form. it is a technical preview for improving the software before release after all. BUT key logging of all my usernames and password is where i drew the line. and quit looking.

              would have been more tempted to download it and run it on a VM but with Technet being dead (RIP) installing all the rest of the programs needed to test it as a "usual day" usage case is rather hindered without this additional software.

      2. Robert Helpmann??
        Childcatcher

        Re: Frankly speaking Khaptain if anyone is doing their banking............

        Never underestimate the self-inflicted damage that people are capable of! I got called in, once upon a time, on a consulting position for a company in which all of their printers had stopped working. Nothing wrong with and no change on the printers. Same with the network. Same with the client machines. The print server... inexplicably had been upgraded to a beta version of Windows Server that had no drivers for those printers. The owners refused to back-level because "newer is always better."

        Sadly, this is not the only instance I have encountered use of beta software in production. On the plus side, it meant money in my pocket. I still felt like a physician must having to explain, "No, no. If you keep stabbing yourself, it will keep hurting."

    2. heyrick Silver badge

      Re: Key Strikes Yes - Letters NO

      "but I do not see the need to store or collect the individual letter keys."

      Didn't it say it was for autocomplete?

      As for passwords, this might depend upon what level of the UI is involved in the data collection, and how much access the OS has to parts of the UI - specifically if the input is being directed to an icon that is masking what is being typed, as much password icons do.

      1. Anonymous Bullard

        Re: Key Strikes Yes - Letters NO

        Well, Windows makes it very easy to add a keyboard hook (SetWindowsHookEx). Any program can do it.

    3. Chris 3

      Re: Key Strikes Yes - Letters NO

      Hmmm, I can see how it would be useful to (for example) capture strings that were typed into the help box, or into command lines.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like