if I were
If I were a hacker I'd be working out how to take advantage of this little 'feature'.
Don't want Microsoft tracking you online and collecting data on your computing habits? Then you probably shouldn't install the Windows 10 Technical Preview, Redmond says. The interwebs were abuzz on Monday over concerns about the Terms of Use and Privacy Policy of Microsoft's newly released, not-even-beta-yet OS, with some …
This post has been deleted by its author
"Oh it's ok - it's in the EULA - that means they're allowed to do it, right?"
Let's see how quick the Google astroturfers on here are to claim that Microsoft are copying Google when it comes to EULA practices...
Actually, methinks this AC has a point as the EULA is liable to run into problems with privacy laws in a number of countries, my own included. Goodness knows that there have been enough security hack cases in places like the UK and Germany (the first ones that spring to mind) and legal shinanigans with various companies including Microsoft that would have made them cautious about this sort of thing. The EULA might have some legal standing but it is not above the law.
This post has been deleted by its author
There's nothing you can do, Dogged. Even when disconnected from the internet physically, Windows 10 uses the nearest unsecured wifi hotspot to get another connection. And, if your PC has no wifi adapter, it builds a "software only" version using secret kernel directives. You cannot and will not escape their jurisdiction! ;-)
>>"NO WAY am I willing to 'try out' a known keylogger."
I am. They've just provided me a way to Google-bomb Windows. I'm going to open Word and type Tony Blair and delete it in favour of "lying scum" a few thousand times. Heck, I think I can probably script that simulating keyboard events.
I'm picturing Cherie Blair typing a letter about her husband and the autocorrect just unexpectedly replaces his name. It makes me feel happy just picturing it.
If you don't want to assist in a test programme, then don't download a test version produced expressly for the purposes of testing.
This is not just a free version of Windows 10. It is not designed to be used in a live environment. If you are entering sensitive personal info into it then you are a moron who shouldn't be playing any part of a test cycle.
You miss the big problem.
It's closed-source proprietary software. In previous releases, you were not aware of built-in keylogging ability; when Windows 10 is finally released you will only have their word for it that something *which they are capable of doing* has been disabled.
I'm not prepared to go a single step down that line.
"What if I'm testing forward compatibility for our bespoke software products made for other people under which I am NDA'd and subject to the requrements of ISO27001?"
Then you can either not bother with the Technical Preview, or you can use it in a VM that has no network access, or you can hope that your NDA violation is anonymised by MS.
But whatever you choose, Microsoft were pretty clear in their announcements that the point of making the Tech Preview available to everyone for free is so that they can collect stats on your usage. The Windows 8 previews were all the same and Microsoft repeatedly defended the Win8 UI on the grounds that their "telemetry" contradicted the nay-sayers. There's no such thing as a free lunch and plenty of hints about how MS intend to benefit from your use of the preview. If you don't then read the EULA with some care, that's your problem.
Microsoft repeatedly defended the Win8 UI on the grounds that their "telemetry" contradicted the nay-sayers.
Their telemetry was severely broken then. Because pretty much all beta testers were complaining about Metro and were doing the registry hack thing to disable the hideous Start Screen until one of the releases outright removed that ability and rammed Metro up all the beta testers asses. That might have given MS the "wanted" telemetry, as nobody could do otherwise.
If you are entering sensitive personal info into it then you are a moron who shouldn't be playing any part of a test cycle.
So you are saying that you can't actually test whether this system is usable in any sort of real world situation?
You can only test whether it can connect to other test environments.
Perhaps someone might like to test whether it can connect to their FB account. Since FB won't allow you to have fake or test FB accounts then you are saying that it is not possible to test this part of W10.
"So you are saying that you can't actually test whether this system is usable in any sort of real world situation?"
Well, duh, YES! We are at least a year away from release, according to Microsoft's own timetable, the kernel reports itself as version 6.4 (so eff all major internal changes, then) and you haven't paid Microsoft any real money for the privilege.
"I smell pure evil here."
I don't. Here's the thing: Microsoft has never made it a secret when and/or how they're doing data collection. First, and foremost, its in the EULA and other official documentation which Microsoft has. Especially considering the fact that this is a beta / pre-release version (as such not yours) I think they got every right to do this. In fact; I can understand that collecting "usage data" would help them out.
But if you look at areas where data collection has become the standard, I'm now talking about mobile (smart)phones, then once again its Microsoft who turns out to be the gentleman.
When I got my Windows Phone and started using it I was first confronted with several questions which informed me that Microsoft would like me to enable data collection. This happened when using the virtual keyboard ("to improve the automated responses"), the search feature ("to better optimize the search results"), the OCR (text retrieval from pictures) feature, the photo scanning feature and the voice dictation feature.
In every case this was opt-in. I had to give them permission otherwise the data collection would be disabled.
I once discussed this with a friend who has a "different brand" of mobile phone. And guess what? It was all opt-out. Everything had been enabled by default and if you wanted it off you simply had to go over all the settings yourself.
Microsoft evil? For sure; they most certainly have their ways. But not in this case in my opinion.
This post has been deleted by its author
"Where as I can understand this in beta testing with full disclosure"
Microsoft calls it a "Technical Preview", but it's a beta by any other name, and they've been quite up front about collecting user data from it, provided anyone bothered to read the EULA they clicked 'Accept' on.
The office ribbon interface seems to have been based on very accurate user feedback and usage data, you can really tell. It's just that after gathering all this data, microsoft's elite team of crack programmers decided to use their amazing brains to make the interface as annoying as possible, with a "hide-the-useful-function" methodology that still haunts me today,
Does anyone actually use those stupid style things that take up half the bloody ribbon? Does anyone actually know how to make numbered paragraphs work?
Oh and exactly what usage data led to the decision to have the standard paragraph style with an extra several points of blank space "after" each paragraph, thus making it hard for the average user to work out how to actually type an address which doesn't look double spaced? I mean seriously.,.
If you aren't using styles, then why are you using a word processor? You could just an electronic typewriter with memory and be done. Styles make things so much neater and easier and more consistent. No one can use Word's paragraph numbering because it is broken - other programs get it right, but Word has always managed to bugger things up.
That said, the ribbon sucks. There is no order, the entries are all different sizes mixed all higgeldy piggeldy so that trying to find a specific item is like running your eyes across a bumpy road.
Oh yes, I get how to use the styles and numbered paragraphs in the ribbon. I had been using them for great effect in all my manuals since Word 6 for Windows 3.1.... So.... When they went and hid everything in plain sight in the bloody ribbon, it took me a real conscious effort to keep using the damned software trying to find all the options that used to be all clearly available in the format > styles menu... including googling for "how to deactivate the ribbon office 2007" and "activate real menu office 2007"....
The main reason for the implementation of the ribbon is to make an interface that once the majority of people get used to, have a lot of trouble changing platforms. It is mostly about locking people in.
The ribbon does not rely on a hierarchy of categories that you can navigate and interpret logically, instead it relies on a combination of spatial+muscle memory, ideal for people accustomed to treat computers like an old VCR, a TV or a toaster.
Follows the paradigm that if you want to make an interface easy, just add a dedicated button for each function. (Works only for <= 15 buttons)
So:
1) Is MS patent encumbered, if you implement it on your OS you can be sued.
2) Fixes the problem of the floating toolbars (a problem created by MS in the first place)
3) People have difficulties changing product if they get used to it.
So it is win win win... Windows!
I'm actually more worried about the industry reliance and assumption that you will use a computer running windows to set infrastructure up, and that a MS ecosystem is mandatory in every office to do absolutely anything.
Having never heard of a programme as explicitly set out as the present one I suspect that the user feed back on the ribbon was based on a more select, (in other words biased) sample of those who were in the know. A small sample of queries raised by users about the things they needed was in all likelihood rolled into a wish list. That was then rolled into a 'we must do it a new way list'. That was then proved in focus groups (Steven Jay Sinofsky's nearest and dearest?) and inflicted on the rest of the world.
When beta testing win8 I don't think I ever found the 'official way' to shut down. I might have tried several different approaches including trying *.bat files on the desktop and Alt F4, but the one the worked best was the big silver button (your mileage may vary) on the front of the machine. Unlike hunting and pecking with the mouse the silver button worked every time.
They have been honest, said they will collect data and hopefully avoid the dumb stupid errors of the past and advised you NOT to do mission critical work on the test machine as you may be copied, lose files, etc. Seriously those are very clear almost harsh disclaimers and advice. Anyone who cannot read, does not care or plain ignores the risks does not earn much sympathy from me.
I would still like to try the new product as Win8 was a total disaster for me with all the devices that it did not support. However, it would be on a non-live rig but otherwise still connected to my network - when I was happy to run it that way and once I have a suitable stand-alone PC.
Remember all the user data that Redmond said went into crafting the Office Ribbon UI? Where do you suppose it came from?
I thought they'd plucked it out of their arses. Seriously.
Word and Excel were excellent programs till the ribbon, an exemplary implementation of Pink Floyd's "I've got thirteen channels of shit on the T.V. to choose from"
For neo-luddites wanting the authentic 2003 functionality, there is a lovely new toolbar you can install, called Ubitmenu - which looks like another ribbon tab but its all you need. It's free for domestic use and about a fiver otherwise, and as usual be careful on the install as you won't want any other crap they might try and install with it.
I can understand the need to see how often the Ctrl, Alt, Alt GR and the Windows Key are pressed and even the ensemble of letter keys but I do not see the need to store or collect the individual letter keys.
This is simply wrong. This cannot be justified, we already know which words and letters are the most common, these are already established facts.
Letters include, Passwords, user names, bank codes etc... simply unjustifiable. And when people know this they will change their habits which will skew MS results...
Alsi if MS are doing it,m then the haxors will follow, they will simply hook and chain these "accepted" procedures.... fail.
...........or other security sensitive tasks on a pre-beta like this technical preview then they are frakking brain dead. As far as this particular case is concerned you have to choose (of your own free will) to download and install the TP, choose (of your own free will) to sign up for the insider program and finally not bother to read the EULA in order for this to come as a horrible shock. To sum up: Anyone who accepts an invitation from any example of BigCorp to become one of their "partners" without reading the small print very carefully indeed should not be allowed out of the house without a note from their mum.
@Arctic
As much as I agree with you, I digress that banking was a little bit extreme. But I can easilly imagine them logging into Github accounts, email accounts and possibly testing VPN connections which would be valid scenarios for testing.
...... "Github accounts, email accounts and possibly testing VPN connections which would be valid scenarios for testing."
Those are indeed valid points, however I am still concerned that people (who are either professional techies or enthusiastic amateurs) download this kind thing without reading the small print. If "geeks" do that kind of thing what hope do we have of ever persuading the "great unwashed" that one of the most important parts of good security is using some basic common sense. Installing this without reading the EULA is not much more impressive than those idiots who salivate and click the moment they see a "free porn" link.
And everyone knows it. They're even made to be intentionally hard to read to discourage users reading them, mainly because they're pretty much without fail full of illegal or unenforceable terms.
Which is largely OK, since in civilized parts of the world they're not contracts but simply a corporate wishlist and something to scare the users with.
The we will track your every move was high up in the EULA i managed to spot it strait away and stopped reading there and made a quick exit.
I don't mind them knowing what i do on it, which programs i use, how i navigate around the user interface etc I think this is reasonable its a good way of getting real useful data as its more accurate than just user feedback on a form. it is a technical preview for improving the software before release after all. BUT key logging of all my usernames and password is where i drew the line. and quit looking.
would have been more tempted to download it and run it on a VM but with Technet being dead (RIP) installing all the rest of the programs needed to test it as a "usual day" usage case is rather hindered without this additional software.
Never underestimate the self-inflicted damage that people are capable of! I got called in, once upon a time, on a consulting position for a company in which all of their printers had stopped working. Nothing wrong with and no change on the printers. Same with the network. Same with the client machines. The print server... inexplicably had been upgraded to a beta version of Windows Server that had no drivers for those printers. The owners refused to back-level because "newer is always better."
Sadly, this is not the only instance I have encountered use of beta software in production. On the plus side, it meant money in my pocket. I still felt like a physician must having to explain, "No, no. If you keep stabbing yourself, it will keep hurting."
"but I do not see the need to store or collect the individual letter keys."
Didn't it say it was for autocomplete?
As for passwords, this might depend upon what level of the UI is involved in the data collection, and how much access the OS has to parts of the UI - specifically if the input is being directed to an icon that is masking what is being typed, as much password icons do.
Well, Windows makes it very easy to add a keyboard hook (SetWindowsHookEx). Any program can do it.