back to article GDPR for everyone, cries Microsoft: We'll extend Europe's privacy rights worldwide

Microsoft has said it will extend new privacy rights that become law in Europe this week to all its users worldwide. The promise was outlined in a blog post on Tuesday written by the Windows giant's new deputy general counsel, Julie Brill, who was until recently a commissioner at the Federal Trade Commission (FTC). "We've …

Privacy is good. Coming from a large tech company with no social media offerings (LinkedIn is debatable) that's no surprise to me. Now all they have to do is update Windows 10 to allow me to block all those secret phone back home reports that they do for 'customer improvements'.

58
2

This post has been deleted by its author

Silver badge

So.. no ads for Europe? I'm not a Win10 user but "friends" who do say they see ads on the "desktop".

Yeah... the phone home part is the catch... a big one in my mind. I've go a huge HOSTS file for Win7 which seems to have shut down most of it, but Win10 apparently ignores that file.

13
7
Anonymous Coward

GDPR's here, where's the Delete Win10 Slurped-Data Button?

Just like the old Birthday card joke:

Q: How many 'F's in PRESENT'?

A: You guessed it, no f'in present!

29
1
Anonymous Coward

"So.. no ads for Europe?"

....Ads aren't a problem as there's no personal info used to serve an ad ... *targetted* ads - that's where there's an issue.

18
1
Anonymous Coward

Coming from a large tech company with no social media offerings (LinkedIn is debatable)....

Windows Advertising ID

Nope, same as everyone else.

8
1
Silver badge

@Mark 85

I've not had time to test it myself yet but I'll pass on a tip I picked up on these hallowed pages - Pi hole. Out of the box that provides network level blocking of ads but you can add a list to also block telemetry.

https://pi-hole.net/

https://wally3k.github.io/

8
1
Bronze badge

Get a router than can block the traffic, like Asus running Merlin Firmware.

3
1
Anonymous Coward

Re: GDPR's here, where's the Delete Win10 Slurped-Data Button?

Like outlook.com (when a user knows all their login information), Microsoft will still lock you out of your account, then force you (under duress), to give a phone number to unlock the account. Microsoft even says this block is temporary but it doesn't get removed, with time.

Even a comment like this (against Microsoft) can be seen as an outlook.com policy violation.

It's much easier under the Investigatory Powers Act to track telephone metadata, to link accounts to real people. Is this one of those undemocratic #hashtag Amber Rudd (under the radar changes) to link social media email accounts to 'real people'? Seems so.

Rudd wanted anonymous emails accounts linked to telephone numbers, for this reason. It tracks you to a specific location too.

To remove 'slurp data'. Users have to give them even more information so they can link the 'slurp data' to a Microsoft.com account (job done), *before* they can delete it.

This is plain and simple, privacy-wash marketing bullshit by Microsoft, now the penny has dropped that users are becoming aware of how multi-nationals are using and processing their data.

7
3

This post has been deleted by its author

Now all they have to do is update Windows 10 to allow me to block all those secret phone back home reports that they do for 'customer improvements'.

PiHole is your friend.

Set it up on my home network, fired up a W10 machine and before I'd even got a browser window open the PiHole had black-holed no fewer than 40 DNS requests from that machine to <vortex-win.data.microsoft.com> and various similar microsoft subdomains.

Microsoft telemetry subdomains remain at the top of the most-blocked list.

Of course they might have a hardcoded IP in there (to bypass DNS filtering) as a last resort - I haven't got around to wiresharking that yet. The PiHole logs are fascinating though! You shouldn't have to of course, but it seems to work quite well.

8
2
Anonymous Coward

Re: GDPR's here, where's the Delete Win10 Slurped-Data Button?

Had a run in with Plex for similar reasons.

I dared to criticise their policy of adding Gobble & Feckbook slurp logins to what technically is my own server ever since the vulture capitalists took over and wanted their pound of flesh.

So I want to go the Plex box hosted on my own server, but to do that I have to effectively use a tracking page with slurpware.

Zero options to disable.

At least on the web page I can block the links, but not on the phone app.

I complained, had posts deleted, then got banned.

And there I was, a paying customer too, and couldn't even access the support forums.

Last time I give them a patch to fix their crap.

Bastards.

Off to Emby.

8
0
Silver badge

"(LinkedIn is debatable)"

I don't think so. LinkedIn is 100% a social network, and engages in most of the nefarious activities that come with social networks these days.

4
0
Len
Silver badge
Go

The Brussels Effect

A prime example of the Brussels Effect in action. Good on Microsoft for seeing this as a differentiator, who would have thunk it?

https://en.wikipedia.org/wiki/Brussels_effect

9
4
Silver badge
Pirate

Re: The Brussels Effect

Rubbish! When Britain exits the EU we will impose even more stringent data standards and the whole world will be forced to follow our standards! Bwahahaha!

It will be like a repeat of how Zuckerberg gave MEPs the finger yet honoured British MPs with his precious time. Eventually, academics will come to call call this the Hogwash Effect.

10
2
Silver badge

I'm wary of geeks bearing gifts

In short, what kind of trick it is?

15
1
Anonymous Coward

Re: I'm wary of geeks bearing gifts

No trick, just desperation. Incumbent panic has often been a trigger for a quantum leap in customer satisfaction.

AT&T used to be like all the other telcos in preventing customers from doing anything cool with their mobile devices. At a point in time they were on the back foot and struck a deal with Apple, and this event created the whole modern smartphone market as we know it.

When Sony dominated the market they used to be standards-avoiding bastards who forced you to buy their $200 Sony peripherals instead of $20 generic jobs. When their market share started going backwards, they broke with their proprietary OS competitors and went with Android TV.

MS has failed abysmally at mobile but are planning to try and re-enter that market, and are willing to do what the others won't to secure a following - to actually offer reasonable security controls.

8
4
Silver badge

Re: I'm wary of geeks bearing gifts

If there's one thing I wouldn't buy it's an Android TV.

Apart from the usual Android privacy problems, it's fairly unreliable on Sony's TVs. I don't know if that's down to Sony or Google.

7
2
Silver badge

Re: I'm wary of geeks bearing gifts

"...When Sony dominated the market they used to be standards-avoiding bastards who forced you to buy their $200 Sony peripherals instead of $20 generic jobs..."

This is one of a few reasons I will never buy Sony again if I can help it.

My wife and I had recently moved into our new house and she'd saved money to buy me a PS2 for Christmas.

Having just moved, and being fairly young, as you can imagine money wasn't exactly something we were awash with so to find out that I couldn't save my game unless I bought an expensive and proprietary storage card was a kick in the nuts.

Then there was the time I'd bought a second hand 8mm camcorder that failed. I took it into the local Sony repair centre where it languished for weeks and weeks and upon calling once a week, I'd be told different things. One day they forgot to put me on hold and I heard the guy I was speaking to say to his boss "i'ts that moaning c**t asking about his f***ing camcorder again...what bulls**t do I give him this time?" Needless to say my complaint was listened to at that point.

And of course, there are the things they've done since that don't directly impact me but are still disgusting behaviour...no we don't have to pay the additional tax on our PS3's m'lud as look - that little tick box means a version of Linux can go on and make it a general purpose computer...fast forward and if you want to be able to play online you need to accept this update that turns that functionality off.

Then there's the whole way they treated Geohot and his family.

The root kit.

The way they mishandled the major breach some years ago on PSNet or whatever it is called.

And so on.

Not a company I'd be particularly sad to see go, to be honest.

24
6

Re: I'm wary of geeks bearing gifts

"no we don't have to pay the additional tax on our PS3's m'lud as look - that little tick box means a version of Linux can go on and make it a general purpose computer...fast forward and if you want to be able to play online you need to accept this update that turns that functionality off."

I have the worlds first PS3 that was sold in the world with Linux pre-installed on it, and one of the first three that came to Australia (I think it was number 2 from memory, IBM brought in number 1, and an IBM employee number 3, we all met at linux.conf.au and compared notes, the IBM employee had to borrow mine for a talk, coz his hadn't arrived yet, I also gave a talk about it using mine). Been a long time since I turned it on, but Linux still works on it, coz I've not booted into the game OS or connected it to the 'net since Sony pushed out that notorious update.

Mine would have been the first, but it spent a month sitting in a snowed in warehouse before it arrived in Australia.

Amusingly enough, the USA versions (which mine was, coz the Aussie version hadn't been released yet) came with a free movie in the box. The Aussie versions gave you a different free movie if you sent in your serial number. I did so and ended up with both. B-)

3
0
Silver badge

Re: I'm wary of geeks bearing gifts

"The root kit."

This is when I stopped buying all things Sony. I can eventually get over being treated badly by a company, but I will never get over a company actively attempting to crack into my machines. When they did this, they demonstrated that they are to be treated exactly the same as any other criminal attacker. Some bridges, once burnt, can never be rebuilt.

5
0

If there's one thing I wouldn't buy it's an Android TV

Me neither, we have a couple of Panasonic 4k TV's which have a Firefox OS, there's still some slurp, but it goes direct to Panasonic and is blockable at the DNS level. The various UK 'on demand' providers are now requiring users to have an 'account' to get to know you better, two of them accept an email address of invalid@nowhere.com with no confirmation...

4
0
Silver badge

So will telemetry be switched off ?

I doubt it.

MS did release a tool that it claims decodes what is being sent, but since the tool is closed source ... who knows ? I'm OK with MS keeping much of its stuff closed source, but things like this absolutely demand open source. Fully specifying the byte-stream format would be another way of doing it.

14
3
Silver badge

Re: So will telemetry be switched off ?

"MS did release a tool that it claims decodes what is being sent"

Indeed, but that tool does not address the needs of those who object to their OS spying on them.

3
0
Anonymous Coward

MS: 'We believe privacy is a fundamental human right.'

Hardly!!!! :-

--------------

Microsoft is forcing Windows 10 Build 1709 onto users who opted out of data collection

https://www.theinquirer.net/inquirer/news/3028147/updategate-microsoft-is-forcing-windows-10-build-1709-to-users-who-opted-out

16
5

As per Pterry P, I’m surprised there wasn’t a crack of thunder when they told such an enormous fib.

12
5
Silver badge

First reaction: I think they've only read the bits they want to read. Granular permissions isn't one of those bits.

Second thoughts: They're flattering the EU hoping that it will avoid proceedings about the absence of granular permissions.

13
2

"But don't fear, the world hasn't flipped. Despite the headline, the post has nothing to do with giving US citizens more privacy rights and comprises little more than an attack on GDPR and Europe's dastardly plan to try to tell freedom-loving Americans what to do."

More than simple, just require all F-L Americans to store every part of their digital life out in the open, uploaded to a F-L corporation guaranteed to a free-market and patriotic certification by the F-L Kochs, which can display the information to any fee-paying F-L entity.

“The man who can keep a secret may be wise, but he is not half as wise as the man with no secrets to keep”

American, of course.

9
4
Trollface

Pair-a-Ducks

“The man who can keep a secret may be wise, but he is not half as wise as the man with no secrets to keep”

Do I have any secrets? Think I'd tell you that? Damn, I'm withholding information: seems I'm keeping a secret. But then it's not a secret, because you know I'm not telling you.

3
0

Re: Pair-a-Ducks

One obvious secret there, Anonymous Coward.

0
0
Silver badge

“The man who can keep a secret may be wise, but he is not half as wise as the man with no secrets to keep”

There isn't anyone who has no secrets to keep.

2
0
Silver badge

Please excuse my ignorance, but what is an "F-L" entity?

0
0

'Please excuse my ignorance, but what is an "F-L" entity?'

From the context of that post - Freedom-Loving entity. I think they just made that up for that post, so your ignorance is excused.

0
0
Terminator

Privacy "Fit for Purpose"

Among all other aspects of software.

Well the law in Australia states software must be "Fit for Purpose" along with other products, Microsoft along with all other companies "should" follow that law and distribute world wide on that issue like is says it will observe EU privacy judgements worldwide.

As for MS Remote control, as in a previous post That during a Defender scan I found a Remote Access Virus in a MS.Technet download .zip of a program that would extract my OEM keys from the BIOS (to help recover after System fail). Why would they need that I wonder aloud? Don't they have enough access already?

TO MS privacy is that assign a number to you device and don't use names, but can trace it back if they required. Using a system like that in Australia that showed people could be linked with anonymised health data. So no faith in privacy, it Abstinence I require.

5
8
404
Silver badge

Oh Yeah?

Prove it by making Windows 10 Enterprise available to the general public at your local Walmart/Staples/Amazon - Call it the Windows 10 Privacy Edition.

Lying bastards.

18
4

This post has been deleted by its author

"Microsoft has said it will...

... Microsoft has said it will extend new privacy rights that become law in Europe this week to all its users worldwide"

Um, well - until a US judge tells them not to. Or an Attorney. Or, um, a secret court so they can;t tell anyone they've been told not to. Or the mailman. Or their granny's cat's playtoy...

What, cynical? _Moi_?

13
4
Silver badge

Re: "Microsoft has said it will...

They might cave, but they did fight the US government for years when it demanded email data from one of it's Irish servers.

See elReg coverage eg

3
2
Facepalm

Re: "Microsoft has said it will...

They were fighting Uncle Sam due to legal reasons, not out of any concern for privacy. Had they been asked what they considered properly, they would've been tripping over themselves to hand over anything even remotely related.

4
0
Silver badge

Re: "Microsoft has said it will...

True, but in the email case, they were defending their own interests. That it also happened to benefit users was merely coincidental.

2
0

This post has been deleted by its author

Anonymous Coward

Msft Employee Perspective

I work at Microsoft. I'm not in PR, just a lowly worker bee.

That being said, I can confirm that there's really been a lot of work internally to make GDPR compliance the global norm.

In fact, it's so strict that we're running into issues paying vendors. When we share PII with a vendor, the vendor needs to build an API for any user deletion requests that Msft receives so that the vendor will confirm they've deleted it too. If they don't, no more cash from us, or no more PII sharing. If you think about it, even doing something as simple as a webinar registration will not be allowed.

There's also a LOT of new rules around storing PII. Since GDPR says that we HAVE TO delete any PII when requested, it is no longer permitted to make copies of PII in Excel files and share it internally. Everything has to be centralized, everything is logged, everything can be deleted on user request. Lots of new process to get email lists, privacy has to be involved from day 1 (or else your PO request will be denied).. things like that. Every employee has had to take GDPR training (globally).

I'm not saying I disagree on the Windows 10 stuff - lots of employees agree with you on this - but there's definitely lots of emphasis on GDPR being our new global standard. Personally, I like it.

I'm not a senior exec so don't ask me how the sausage gets made. Anon for obvious reasons.

31
2
Silver badge

Re: Msft Employee Perspective

But it's all for nought if on Windows itself the privacy options are opt-out and you must give up PII to use it.

10
7
Silver badge

Re: Msft Employee Perspective

"There's also a LOT of new rules around storing PII." (My emphasis)

One of the main rules in GDPR is the need for specific permission to collect anything beyond what's needed to process a transaction or what's legally required. It makes no difference having your own rules about storing information if you don't have the permission to acquire it. Couple that with the fact that the law in the US might be quite different to the law in Europe about what's legally required (and we note that MS welcomed the CLOUD Act) and it's still difficult to see how this makes MS GDPR compliant. My suspicion remains that by concentrating on what MS can do that doesn't greatly impinge on telemetry they're trying to deflect any EU investigation to the latter.

6
3
Silver badge

Re: Msft Employee Perspective

> Couple that with the fact that the law in the US might be quite different to the law in Europe about what's legally required

first, contrary to public opinion, courts are sensible, so if it really is required, and is not a far departure of items listed in GDPR, it likely will be let slide through; though I am quite curious of examples of PII data like this

second, there's a difference in having the data and sharing it willy-nilly: if they are required by US law to collect some data, they can, but that doesn't mean that the access to it has to be easy, that it can't be pseudoanonymised in storage, etc. "being required legally to collect data" is a "reasonable business need" in GDPR, but that means that this data can be used only for that specific law-complying purpose

and I fail to see how that's not an improvement

4
1
Silver badge

Re: Msft Employee Perspective

/sigh

It's amazing how people get GDPR so wrong...

The basic principles are:

1) Collect only the data necessary for the process, or processes, that the data is required for - do not collect other data "just because".

2) Only use the collected data for the process, or processes, that it was collected for.

3) Dispose of the data when it is no longer necessary to keep it.

There are six different permitted reasons for consent, the weakest one is explicit consent, i.e. an individual providing their details and specifically agreeing to the processing. Others, such as the collection of data for the provision of goods or services, are implicit and do not require that an individual specifically consents to their data being processed. The "right to erasure" is not all encompassing: if an individual explicitly gave consent then they can remove this consent at any time, which covers the explicit consent reason. However, if an individual provides data for goods or service then in many ways the "right to erasure" has little impact because an organisation is not required to delete factual records. An organisation should reduce the details held on the individual and to ensure that no further processing that affects the individual is performed, but that is different to complete erasure.

For example, if you run an online or mail-order shop, you do not have to delete all records of an individual that placed an order with you. You should delete, or at least reduce the information stored, after a defined period of time but that's it. On the other hand, if the same shop has a newsletter or something similar, then this is separate data consideration and this is entirely optional and an individual may require that their information is erased in this regard. Linking the purchase of an item to a subscription to such a newsletter in any way other than a very clear and optional opt-in is forbidden post GDPR, it's not permitted to make subscription to such a newsletter a requirement to the purchase.

9
0
Silver badge

Re: Msft Employee Perspective

"it is no longer permitted to make copies of PII in Excel files and share it internally."

That this was ever permitted, GDPR or not, is terrifying. No place I've ever worked would have allowed this.

1
0
Anonymous Coward

Microsoft is now the self-appointed white knight and priesthood of privacy rights

The irony of this amuses me immensely.

Nobody reads the EULAs anymore?

10
2
Anonymous Coward

Re: Microsoft is now the self-appointed white knight and priesthood of privacy rights

Nobody reads the EULAs anymore?

Oh, you mean the ones that

1) state clearly that you can't sue MS for any reason

2) Is not legal in many parts of the world.

Why would I bother to read the EULA from a scumbag company like Microsoft? I don't use their shit any more and fully intend to see out my remaining years doing the same.

This statement is nothing more than their version of the 'Emperors new clothes'.

MS is still a pig and putting lipstick on a pig does not alter that.

16
12
Anonymous Coward

Re: Microsoft is now the self-appointed white knight and priesthood of privacy rights

Not sure it's "lipstick on a pig" anymore, it's more a case of full-scale plastic surgery at this stage of the game.

5
3

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018