back to article Microsoft faces Dutch crunch over Windows 10 private data slurp

Yet another European nation is turning up the heat on Microsoft for extracting heaps and heaps of telemetry and other intelligence from Windows 10 PCs. This time, it's privacy authorities in the Netherlands who are calling out Redmond for its hog-wild harvesting of data from machines that run Windows 10 Home and Pro. The Dutch …

SVV
Bronze badge

Irony

"Microsoft president Brad Smith reckons North Korea was behind the WannaCry malware that infected the country's national health service earlier this year."

And some company in Redmond, USA was behind the Windows 10 malware that infected the country's PCs earlier this year.

86
5
Anonymous Coward

Blaming North Korea?

This is why people despise Microsoft: the way it does its business, the way it lies about the unpalatable aspects of it.

41
2
Silver badge
WTF?

Re: Irony

Why can't Micro-shaft JUST COME CLEAN on what they're collecting on everyone?

/me hears crickets chirping in Redmond

22
3
Silver badge
Devil

Re: Blaming North Korea?

"This is why people despise Microsoft: the way it does its business, the way it lies about the unpalatable aspects of it."

and the way they act like an evil dictatorship...

Maybe it _IS_ the 'NorKs' after all! [or their equivalent]

They certainly aren't acting like a CAPITALIST organization any more.

8
2
Anonymous Coward

Re: Blaming North Korea?

This is why people despise Microsoft: the way it does its business, the way it lies about the unpalatable aspects of it.

To be honest, what annoys me more are the people that keep advocating it against all rhyme and reason in wholly inappropriate circumstances. There are better options out that that offer more bang for the buck, provided you start a backbone based on open standards. The sheer amount of effort and risk to keep a Microsoft based infrastructure alive is a massive waste of money and resources.

We've now helped set up a number of new companies who are all extremely dependent on good security to protect their customers, and once we'd gone over what they needed to handle security and how to deal with crossing the US border repeatedly, they realised why we ourselves abandoned anything made by Adobe and Microsoft several years ago. They're all quite happy with what we created for them, their lawyers like the way we made the security provable and the investors like that we didn't waste money in both CAPEX and OPEX when we did all of it.

Ethics may not matter to big setups, but in any kind of industry where you're close to clients it becomes an integral part of your business capital, which in turn informs your procurement standards.

We no longer need Microsoft, and we're very happy with that. It saves us money, we have no worries about customer risk and we're already well past the requirements for GDPR compliance..

36
3

Re: Blaming North Korea?

So what happens when you need to open a very formatted MS Office documents. At some point or other a customer or supplier will send one over that can't be opened very well by OOo or Libre Office and you are back to square one.

3
23

Re: Blaming North Korea?

So what happens when you need to open a very formatted MS Office documents.

Yes, the Microsoft Office software is good, if rather expensive. Particularly Outlook. I can certainly understand why medium-to-large businesses use it, and why it drives them to run Windows. Personally, I have MS Office running under PlayOnLinux for use when I absolutely need it, but I acknowledge that it took some effort.

Most consumers, however, do not need MS Office installed on their PC and are perfectly happy with LibreOffice and/or online tools. Small businesses have to make the choice: LibreOffice and Thunderbird (maybe combined with web-based tools) are probably fine for their needs. Unfortunately I think it is other tools (payroll, accounting, tax & HR software, SEO and marketing tools, photo & video processing, etc) plus cheap and easy support (local PC company) which drive them to use Windows.

8
2
Joke

Re: Blaming North Korea?

"Those who would give up essential Liberty, to purchase a little temporary Convenience, deserve neither Liberty nor Convenience".

19
2
Silver badge
Gimp

Re: Blaming North Korea?

"So what happens when you need to open a very formatted MS Office documents." (sic)

Send it back, tell them it's broken, and to use a decent open document format.

23
2
Silver badge

Re: Blaming North Korea?

> Unfortunately I think it is other tools (payroll, accounting, tax & HR software, SEO and marketing tools, photo & video processing, etc) plus cheap and easy support (local PC company) which drive them to use Windows

So, you mean common sense then.

People are not in business to avoid MS, they are in business for whatever their business is.

I work at a business with a fair few Linux boxes and Windows boxes, the people that really need it have O365 with full Office, the rest of us use the web apps with Outlook on the Windows machines.

Almost everything was done with money-saving in mind, no network, no servers, no phones, just WiFi, Google Drive and Skype.

Yet they still buy O365.

That says it all really.

2
5
Silver badge

Re: Irony

Why can't Micro-shaft JUST COME CLEAN on what they're collecting on everyone?

That could be fixed by the Dutch legislators insisting that Microsoft provide a tool that will show everything that has been slurped in the last couple of months -- complete with an explanation of what the tool shows.

After all: it is (supposedly) your Personal Computer and thus you should be able to find out anything that relates to you or the operation of the PC.

12
1
Anonymous Coward

Re: Irony

"Essentially, we're told, the operating system does not make it clear what information is beamed back to headquarters and why"

Well sort of true, but it does obviously offer a link to a webpage that explains pretty clearly if you can be bothered to read a couple of pages of privacy info...

0
9
Anonymous Coward

Re: Blaming North Korea?

>>>The sheer amount of effort and risk to keep a Microsoft based infrastructure alive is a massive waste of money and resources.

Not when you look at the reality. In the vast majority of circumstances, Microsoft is a lower risk and has a lower TCO than the alternatives. If there was a better solution, people would be migrating en mass but in reality Microsoft's market share is still growing in most areas other than mobile! Particularly where it matters like in cloud - where Microsoft actually overtook Amazon AWS in revenue last quarter and are growing much faster!

At the most well known site that tried an OSS alternative - Munich - it's has been such a disaster they are desperately investigating migrating back to Microsoft..

0
16
Anonymous Coward

Re: Blaming North Korea?

So what happens when you need to open a very formatted MS Office documents. At some point or other a customer or supplier will send one over that can't be opened very well by OOo or Libre Office and you are back to square one.

Part of what is mandatory training for our people is understanding the concept of styles in word processors, and the notion that a word processor is not DTP. This whole nonsense about "not looking the same" only came about because people started to use word processors as layout tools without the smallest notion of what that entails - naturally enthusiastically encouraged by Microsoft as it created another lock-in of their users, and even provided pressure to upgrade (or did you really think that subsequent versions of Word formatted differently by accident?).

For a start, we focus on content, not layout, so we disabuse new staff quickly from such notions, which they may have picked up in previous employment. Next, we teach them about styles, why they exist and the massive benefit in using them over localised formatting. For a letter it's less important, but if you get into reports over 10 pages it is VITAL that users know the difference between structure, content and formatting. In other words, we teach them document creation and editing from a publishing perspective, which removes any dependency on Microsoft Office. It also helps people understand Apple's "Pages" in the unlikely event they would want to try that, because that's actually DTP with word processing added - the reverse of MS Word - which makes it harder for beginners to use than it ought to be (which is why Numbers is even weirder: that's DTP with a spreadsheet in it, which doesn't work for most people).

That said, there IS a valid argument for MS Office, and that is for people who use very complex Excel spreadsheets. However, we don't have those because of our auditing requirements. Anything that complex is costly, complex to maintain and hard to audit which conflicts with the transparency demands of our business model.

When we interface with customers, we tend to work with content. If a customer needs a Microsoft editable document instead of the PDFs we tend to export, it means we're working on content. Worst case, we'll install LibreOffice for them. LO is free and it's platform independent which means it renders on all platforms the same, provided you have the right fonts available - and that's a matter of embedding them in the document using "File - Properties - Font" and ticking the 'embed fonts in document' box.

We're old hats at IT - we've seen all the tricks MS has used over the years to further people's addiction to its product. Once you have seen through that, it gets very hard to trust them any further and the upside of a desire to do without is that it saves you a lot of grief, time and resources. That it saves money is just a bonus, but our business is based on trust and Microsoft blew that years ago.

12
1
Anonymous Coward

Re: Blaming North Korea?

Not when you look at the reality. In the vast majority of circumstances, Microsoft is a lower risk and has a lower TCO than the alternatives.

Sure. That's why we keep helping private banks to convert to Mac & Linux. This is the crux: TCO is only better with MS is you avoid adding wasted time and resources on patching, the extra software required to keep it safe online and to prevent it from snooping on your business, the large variance of hardware out there which is fun for an end users but unhelpful if that forces you to keep stock, international support and supply. As soon as you start being honest about TCO, Microsoft becomes an option to avoid.

Apropos risk: we work with rather high levels of security and compliance. There is no way anyone would touch a Microsoft product in that context because of all the undeclared snooping. Add to that the breach risk of an OS that seems to be solely composed of zero day problems and your risk calculation is also out of the window, and that's before we have addressed the licensing games they play to get you to license in excess of what you need. There is simply no way we will go near Microsoft products again.

The only thing Windows is good for is gaming. That's exactly right for a toy operating system. For serious business use, not so much.

10
2
Silver badge

Re: Blaming North Korea?

(payroll, accounting, tax & HR software, SEO and marketing tools, photo & video processing, etc)

All available with tools on Linux that're close to if not as good as the paid versions. Eg Gimp which, while true it maybe only has 90% of the functionality of Photoshop etc (actually I think the % is higher), it doesn't have either the cost or lock-in - no Gimp user has been unable to work because Adobe's activation servers are throwing a hissy fit. (I quite amazed a friend of mine who taught me some tricks with Photoshop, and I was able to do them in Gimp later - unfortunately she needs the proper colour management which Gimp lacks (what she sees on her screen must match what comes out the printer exactly - her office, lighting, placement of lights/furniture etc etc are all set up to keep the screen the same at all times), but most of what she does can be done in Gimp.

I've done plenty of SEO stuff without resort to any "special" tools. You really don't have to spend that much on it despite what some claim (and given the quick and high rankings my sites received for the appropriate searches, I think I must've done fairly well)

Some very good video tools in Linux, and of course payroll etc etc are also there as well.

As to "cheap and easy support", having to pay someone to come in and fix your computer every few months when another set of forced patches bork your machine, and you lose hours (sometimes days) of productivity while your machines are dead... Backups are wonderful, if you have the time and money and skills to use them. Otherwise they're as dead as your computer till you can get someone to restore from the latest issue.

VM's would probably do for most SMB's if they really have to have Windows to run something; spin it up to run the tool then shut it down when done, and with snapshotting rolling back to a working version can be quick and easy. (No Charles9, we're not talking professional gamers or people who have some special hardware, we're talking machines doing secretarial etc work, which hopefully you won't be doing on the same machine that runs your expensive CnC or controls the MRI etc etc ;) )

7
1
Silver badge
WTF?

Re: Blaming North Korea?

Not when you look at the reality. In the vast majority of circumstances, Microsoft is a lower risk and has a lower TCO than the alternatives.

Right. So when I see my Dr next week, see he's using W8+, and take him to court under the NZ Privacy act (he's passing my medical notes to a 3rd party without having obtained my consent nor even notified me that he is doing it) how would that save him money?

When your machine is down because of the latest patch "whoops" from MS (remember everyone BELOW enterprise gets them forced, not much choice), and you can't do your work, how is that saving money?

When you have to have the latest 0day exploit cleaned, or someone sends you a word document with malware in it (which STILL is an issue in 2017!), losing not only the productivity but also the cost of getting the machine fixed, how is that saving you?

When you lose your machine to the latest ransomware, and in your in-experienced attempts to recover also lose your backups, where is the savings from MS in that?

Has been proven time and again, MS's TCO is far higher than anything else, both in costs of acquiring, costs in lost time, costs in lives lost early due to stress and so on (probably a fair few suicides where the latest MS screw up has been enough to tip someone over the edge, and I know there have been cases of people suffering heart attacks when they've been infected and lost their business data).

How is it you can sleep with yourself trying to defend this stuff?

7
1
Anonymous Coward

Re: Blaming North Korea?

All available with tools on Linux that're close to if not as good as the paid versions

We still have a need for commercial desktop software, so we've gone for macOS and that has things like Affinity Photo, Affinity Designer and Polarr for graphics, and OmniGraffle as *much* better replacement for Visio (think Visio before Microsoft got its grubby paws on it, and then with an actual *improved* UI and with much better looking output).

As bonus, macOS works very well with Linux and BSD although I recall a small hiccup when using Linux NFS resources (we forgot to add the "-o resvport" switch :) ).

5
0
Anonymous Coward

Re: Blaming North Korea?

How is it you can sleep with yourself trying to defend this stuff?

Maybe the fact that he's only sleeping with himself is a hint?

:p

2
1
Anonymous Coward

Re: Blaming North Korea?

So what happens when you need to open a very formatted MS Office documents

We send it back with a note that we only support government standards and that we're happy to help converting them..

:)

9
1
Anonymous Coward

Re: Blaming North Korea?

Yes, the Microsoft Office software is good, if rather expensive. Particularly Outlook.

Good? Its usability was shot the moment they added the ribbon, it still confuses itself with unpaired formatting codes it introduces itself because it does not default to "paste as text" and it's so prone to featuritis that staff loses a lot of time every time they need to do something slightly more complicated than a 2 page letter.

Powerpoint has been flagged as just about the worst tool to convey information effectively and Outlook 2016 still contains a bug that hands off your login data to hosts that you never even specified in its setup. The only software that is hard to replace is Excel.

Last but not least, it's *cough* "open" *cough* file format is so convoluted that they have even abandoned it themselves after they bribed it into an ISO standard.

7
1
Silver badge
Thumb Up

Re: Blaming North Korea?

How is it you can sleep with yourself trying to defend this stuff?

Maybe the fact that he's only sleeping with himself is a hint?

I was going to comment along the lines of that but... :)

2
1
Silver badge

Re: Irony

"Why can't Micro-shaft JUST COME CLEAN on what they're"

Because people won't like it and want it stopped.

A better question is Why can't Micro-shaft give users a simple option to turn it *ALL* off and the answer is they are collecting personal information to monetise and pay for the Windows 10 crap they rammed down people's throats for free.

What other reason could there be?

2
0
Anonymous Coward

Re: Blaming North Korea?

"We send it back with a note that we only support government standards and that we're happy to help converting them.."

And by far the best software that fully supports the ODF standards is - Microsoft Office!

0
5
Anonymous Coward

Re: Blaming North Korea?

And by far the best software that fully supports the ODF standards is - Microsoft Office!

Honestly? Still trying to peddle that myth?

1 - MS Office is still trying to shake off the code from the disaster called MSOOXML

2 - OpenOffice and LibreOffice grew up alongside ODF as a standard. If you see what MS made of its own standard it's clear they have no idea what one is or how to follow one. Also quite evident in the inability of Outlook to work with well documented open standards such as caldav and carddav.

3 - I've tried. Nope, no ODF write on macOS Office 2016.

The nice thing about LO is that it is directly supported on Windows, macOS, Linux and can in a pinch be compiled for other platforms. About the only issue with LO is that it does not use the accent entry system in macOS - which is addressed by its Open Source nature: a derivative called NeoOffice DOES do that, and has gone even further with macOS integration - all for the princely sum of €15 per annum.

2
0
Anonymous Coward

Data Proection - GDPR

Given that GDPR coming into force next year on the 25th May is designed to harmonise Data Protection Regulations across Europe with standards enforced by the European Data Protection Board and Microsoft Windows 10 already been found to be in contravention of Data Protection Laws. GDPR requirements are fundamentally stricter with that key phase "Security by Design" and with strengthening of Data Subject rights.

Are employers who force employees to use Windows 10 based computers under GDPR in contravening the Data Subject Rights as the data collected by Microsoft has nothing to do with the operation of employers operations?

33
1
Silver badge

Re: Data Proection - GDPR

It's an interesting question. Not just Windows, but also a whole host of SaaS offerings that are somewhat liberal with their "privacy" policy.

10
0
Anonymous Coward

Re: Data Proection - GDPR

Are employers who force employees to use Windows 10 based computers under GDPR in contravening the Data Subject Rights as the data collected by Microsoft has nothing to do with the operation of employers operations?

That's not just a question for Microsoft use - ANY use of US based services will be subject to that question. Why do you think outfits like Oracle and Google flooded Brussels with lobbyists?

13
1
Anonymous Coward

Re: Data Proection - GDPR

"Are employers who force employees to use Windows 10 based computers under GDPR in contravening the Data Subject Rights as the data collected by Microsoft has nothing to do with the operation of employers operations?"

Corporate versions don't send the same telemetry back to MS.

0
4
Anonymous Coward

Re: Data Proection - GDPR

Corporate versions don't send the same telemetry back to MS.

Thus:

(a) why are corporates entitled to more privacy than individuals?

(b) why not provide the corporate version to EU users and solve the problem quickly?

Easy, no?

9
1
Silver badge
Linux

Re: Data Proection - GDPR

Corporate versions don't send the same telemetry back to MS.

How many "seats" do you need to get those versions? Is my Dr's office going to have enough at ~10 staff? My mechanic at 3 staff? The place I get my hair cut at 5 staff (including the temps)? What about the big engineering firm around the corner - 100 staff BUT only a small few Windows computers for the office staff?

What about the charities that get some volume licensing, but often only have a few seats? I know a place that works with some people who've had some very nasty experiences in life, where the computers handle extremely sensitive material - do their dozen or so machines get any protection, or would they be sending stuff off to MS? (thankfully I won them over to the side of light, they run Linux with Libre Office, and only those machines that have to be online even have a network connection, no wireless to snoop on either, they're the sort of place you want to know the personal data is secure - last thing they want is MS's "typing history" slurping the name, address, and statement from one of their clients!).

3
1
Paris Hilton

Re: Data Proection - GDPR

> Corporate versions don't send the same telemetry back to MS.

Not technically true. Corporate (Enterprise) versions can be configured to not send back the telemetry, but its on by default just like the home version.

The intrusiveness of Windows 10 is frankly shocking. The entire OS is compromised as far as I am concerned. Microsoft are really slowly shafting themselves in attempting to compete with Google. Instead of distinguishing themselves, and building on what really has the potential to be a decent OS, they fucked it up just as it was becoming pretty solid. Users want security and reliability and ease-of-use. Microsoft had a reputation for flaky software (blue screens) and they were just beginning to turn this around when they started this deep spyware crap. Together with their forced Windows 10 update games they have really damaged their customer base.

Done right, Windows would have had nothing to worry about from competition with Google. If they had leaned a little more towards Apple (polish their customer facing business more) they could sit happily on the "world's OS" title. Yes, they may have to cede the phone platform, but PCs aren't going anywhere, not for decades.

Instead they gambled on freeware/spyware/user-as-data-source model and I think they have fucked themselves now long term. The user's data simply isn't worth that much, assuming they can even legally extract it.

Paris because my Balmer/Gates/Satya icons seem to be missing.

7
1
Anonymous Coward

Re: Data Proection - GDPR

"That's not just a question for Microsoft use - ANY use of US based services will be subject to that question"

Well with Microsoft at least you have about 9 different EU regions you can choose to store your data in. Not including several EU based government and military options.

0
0
Anonymous Coward

Re: Data Proection - GDPR

"How many "seats" do you need to get those versions?"

100. Below that it's not exactly challenging to set a GPO on each PC to turn data collection off if it's an issue.

0
2
Anonymous Coward

Re: Data Proection - GDPR

"Not technically true. Corporate (Enterprise) versions can be configured to not send back the telemetry, but its on by default just like the home version."

No that's not correct. By default in enterprise versions the only telemetry sent back is things like crash dumps. And you can easily turn that off.

0
2
Bronze badge

Too Late....

Hi,

Though the investigation is welcome, it is too late.

Any changes to the system will for many prove to be paying lip service, as there will always be the nagging doubt that data is sent back, and a "Microsoft" representative can access your PC remotely without your knowledge.

Any business which wants to keeps its data and confidential designs, technological advances etc. safe, just cannot trust Microsoft. The same for the general public too.

But then, so many people are just not aware or bothered. I wonder when the "Watergate" moment will occur, if ever.

Regards,

Shadmeister.

55
2
Silver badge

Re: Too Late....

"can access your PC remotely without your knowledge."

Someone called yesterday from "MS security" and tried to access my computer ( with my knowledge but not my cooperation I might add)

So I did the usual :

"Oh, it's switched off"

"It takes a long time to boot" {fill & switch on kettle}

"Are you still there ?"

"Yes it does take a time", {make drink}

"Silly me it's off at the switch"

"No, nearly there now"

"OK which key do you want me to press?"

""The Windows key - which one is that ?"

" No, can't see that - where is it on the keyboard ?"

"Wait a minute I can't find my glasses "

"3rd in from bottom left ?"

"No still can't see it - the only key there has a penguin on it "{ which it does- came already installed as well}

"No, it's not a real penguin - what would I be doing with a live, or indeed stuffed penguin on my keyboard - the cat's bad enough" { quite a lot of swearing, and suggestions what I could do with it}..............

If I've got time I'll go off to answer the door for a while as well...

47
1
Bronze badge
Linux

Re: Someone called yesterday from "MS security"

@Chemist

I know him. He's the one that ends the conversation with "MøTHERF*CKER!!" after he realizes he is wasting his time.

12
0
Trollface

Re: Too Late....

I've sometimes wondered what would happen if you played the Windows 95 Microsoft Sound, a bit of dial up networking and then the AOL "You've Got Mail" sound at them. They're all on Youtube so they're easy to find. "Sorry about this. I don't use my computer very much."

14
0
Silver badge
Happy

Re: Too Late....

I have a US Robotics 56k modem (which I realised I actually can't use anymore, since Swisscom tore out their copper earlier this year), and it had an impressively loud speaker (built-in fax / answering machine!)

Would have been just the thing for trolling "Microsoft" employees.

4
0
Bronze badge

Re: Someone called yesterday from "MS security"

I'm fond of getting them in the karma, I ask if their mothers know they scam people for a living. I asked one guy recently if he was happy scamming people for a living and instead of the usual 'we don't scam people' spiel he said yes. I thanked him for being honest and we parted as friends.

5
1
Silver badge

Re: Someone called yesterday from "MS security"

He's the one that ends the conversation with "MøTHERF*CKER!!" after he realizes he is wasting his time.

Upload recording to the 'tubes please!

1
1
Facepalm

Same old story

Bury some nasty cack in the software, when it's well and truly ubiquitous and it can't easily be removed, apologise to whomever is whinging about it. Make minor changes but state it can't be "undone" without destroying something everyone uses, make a token payment to shut up the other party and continue to slurp the private data!

27
1
Silver badge
Big Brother

Re: Same old story

Make minor changes but state it can't be "undone" without destroying something everyone uses,

I'd suggest if they're getting fined say $50 per breach they'd quickly find a way to fix it (each breach being each type of data contained in each lot of stuff sent back (or would be collected to be sent back - attempting a crime is much the same as committing it y'know, especially if forces outside your control stop you).

So, machine details $50, "typing history" $50, software run $50, software changed (updates etc) $50, documents accessed $50, documents sent $50 - just for one session there's $300 in fines. I might run the machine for half an hour at breakfast, shut it down for a while, kids come home from school and look something up then shut it down, then I come home from work and turn it on - 3 sessions = $900, and the machine's only had 2hours use for the day)

Make them pay until it is fixed. Not some paltry fine that is less than the revenue they gain from breaking the law, but something that costs them. And if they delay, jail time - and let the yanks know if they don't extradite MS exces then the yanks will have a harder time convincing anyone else to extradite other criminals back to US.

MS do this knowing it is against the law. Make them pay till they're willing to comply. It's not like their lawyers would've misinformed them and they went into it innocently. They knew this is illegal in many countries, and they knowingly chose to break those laws.

5
0
Silver badge

Likewise, Microsoft says it will work with the agency to come with a solution, though Redmond also took issue with some of the DPA's findings.

Precisely how difficult is it to just turn it off / remove it from the OS / give the user the option to opt-in, rather than forcibly give them no real options to turn it off.

MS - do you really think we are that dumb ?

32
1
Anonymous Coward

I think that they, correctly, assume that most people don't care and that saddens me.

35
1
Bronze badge

MS - do you really think we are that dumb ?

You're still buying their software so my guess is yes, you are that dumb.

2
9
Silver badge

@Alumoi,

You claim to know what I run - wow !

If you look at previous posts, you will find that I've been Windows free for several years. There are plenty of good alternatives in Linux and Apple land. The only windows I have are double-glazed.

People are voting with their feet and MS are still trying their hardest to lock people in.

Homework for Microsoft - Research how you measure customer satisfaction. As a tip - when you can't even give it away, then you've lost.

9
0
Anonymous Coward

"I think that they, correctly, assume that most people don't care"

This.

It's pretty easy to massively reduce what it sends if you actually care. To reduce it to zero takes slightly more effort but is still reasonably easily achievable.

1
3

This post has been deleted by its author

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017