Microsoft gives users options for Office data slurpage – Basic or Full Microsoft is rolling out an update to Office products to introduce Windows 10-style telemetry data slurping. Or rather the software business has made it very clear to users it is doing so and they cannot opt out. With a certain piece of European legislation around the corner concerning privacy, the timing is interesting to say …
This post has been deleted by its author
This post has been deleted by its author
@shadmeister : very creepy indeed. But, apart from Microsoft and Facebook, you forgot the elephant in the room... The One that in the Darkness binds them, so to speak. You can use Linux/FOSS to avoid all MS telemetry and slurping, use various blockers to dump Facebook and their ilk in the bin, but what do you do with Google ? And I don’t mean just the search engine.
This post has been deleted by its author
@JohnFen
Me? I block google at my router, and avoid using any Google service.
But, to be fair, not really an option for 99.9% of the connected population. Google has some really, really useful services: maps, digitised books, search, mail and lots more - alternatives for some, not for others.
"Google has some really, really useful services: maps, digitised books, search, mail and lots more - alternatives for some, not for others."
I agree for search and mail to some extent (I know we'd all like to have a personal mail server that we control entirely, but it's expensive and complex), but there are a lot of GPS solutions that work quite well. Google maps may be popular because it comes by default on android phones and can be installed on IOS for free, but apple has their maps for IOS not to mention the many satnav providers. I use a GPS app whose main asset to me was that everything was offline (I have a 3gb per month data cap, so that's useful), but now it also has the benefit of not sending data to people. I've never actually gotten any use out of google books. Every time I've looked for something, google gives me a paragraph and tells me the rest isn't available. Either it is, but only if I purchase through google play, or they have the book but I can't have it.
"I know we'd all like to have a personal mail server that we control entirely, but it's expensive and complex"
I run my own mail server, and it's certainly not expensive -- essentially, it's the cost of a domain name registration. Unless you're doing something fancy with it, it's also not that complex. It's probably not something an ordinary user would be willing to do, but it's well within reach of a "power user". However, I'd recommend that if someone wants to do this and has little experience with such things, they should use one of the premade server images instead of setting up from scratch.
This post has been deleted by its author
I can only imagine it now:
Dear Amis,
Thank you for sending us this very important data. Customer feedback is important to us, that's why we want to collect more! And, like you, we feel strongly about our environment. So what we do with our software is therefor also our business. That's what you pay us for after all!
Looking forward to getting (much) more data from you!
Your friend Cortana
Maybe there is hope for the world, I've had clients stating they prefer libre office over Microsoft Office, AND actively using libre for their day to day document needs. Shock horror, but Microsoft are doing more to damage their own product then the competition could ever dream of.
They are likely using hostname/s.
If you know what those are for Office tracking, it can be added to the hosts file, assuming it doesn't stop other things from working of course.
This is a good spot to look at....
http://someonewhocares.org/hosts/
although I've no idea if this Office info is blocked currently, but it does include Windows 10 reporting domains.. So if Office is using the same domain names, they too would be blocked.
@JohnFen
>To argue that if you don't have total privacy then you have no privacy at all nonsense.
A word to the wise (*), about privacy.
Go away for 10 years.
Find a techie guru.
Study hard, think and meditate.
Come back and apply as a junior, would-be techie.
Serve 10 years apprenticeship.
Post a new version of your comment, demonstrating your hard-won understanding.
(*) Flattery in the guise of faux politeness.
Just use this free program to stop Windows 10 and NOW the Office slurp!
https://www.safer-networking.org/spybot-anti-beacon/
Two words of warning, if you use OneDrive disable blocking of it. And, if you KMS (Key Management System) anti-beacin may cause problems.
Also, try this little nugget out: https://peerblock.en.uptodown.com/windows.
And this nugget: http://winhelp2002.mvps.org/hosts.zip
None of these slow down any of my boxes, YMMV...........
Given previous form, Microsoft will use the same public IP addresses as vital services for utterly unwanted ones, making blocking near impossible.
You only have to try and use IE browser in protected mode on a server and to access the KB links (linked to in Microsoft logs on a Microsoft OS) that don't work on the Microsoft KB website because
(a) you need JavaScript enabled (no page, particularly a ****ing KB page should "require" JavaScript) and
(b) there are many other random resources on the web page that also happen to be "required" for the page to load, or work.
@John Fen
I can't think of a single one that would cause much trouble if I couldn't access it.
Organisations or individuals who share files with you via OneDrive?
Yes, alternatives are available, but this is someone else's choice, so I can't tell them they're idiots and doing it wrong.
Security updates to Windows?
"You only have to try and use IE browser in protected mode on a server and to access the KB links (linked to in Microsoft logs on a Microsoft OS) that don't work on the Microsoft KB website because"
So it's protecting by default against poor admins. Servers should not have general internet access, and that you should not be using a browser on one to view stuff that could be done from a desktop with a standard account.
If you really have to access such links from a server, simply add Microsoft.com to trusted sites. Which can easily be done on multiple boxes via Group Policy.
Although I would suggest that servers should not have general internet access, and that you should not be using a browser on one to view stuff that could be done from a desktop with a standard account.
I actually put this question to our Firewall vendor. We are a corporate customer with a paid support agreement. I put in a feature request to be able to block "Telemetry" from the various software companies. I asked for telemetry to be a category in their web blocker module. They already have a long list of categories like adult, hate speech, advertising, etc. Each category has various sub-categories. I thought that having telemetry as a category, and each slurping asshole company be a subcategory would be perfect.
I knew they would never do it. The pressure from Microshaft, Adobe, etc. would be too much. I just wanted to see them squirm. At first their approach was to ignore the feature request. So when our sales rep called about a major upgrade and support agreement renewal, I told her that we are considering switching to PFSense, and oh, by the way, what about the feature request that wasn't ever answered?
After that little poke, I did actually get an answer from a manager in software development. Their explanation was actually fairly legitimate. They agreed with the need for it, and confirmed that I'm not the first customer to ask for it. They gave me several good reasons why it's not workable. The first was the wack-a-mole problem of many (hundreds of) IP addresses that change constantly. Then, they said that Microshaft has tied Windows Update into the same servers that receive the telemetry. So, blocking the telemetry at the firewall would break Windows Update. There is a similar problem with Adobe they said. If you run Adobe's rent-ware Creative Suite (which we do), it will stop working if you block their telemetry.
So, as long as we have to run the crap from Microshaft and Adobe, we are stuck. If I owned the company, we would be 100% open source. It's possible to run a company on open source, one just needs to have the balls to do it. For us, it's not even all that big of a stretch. Several of our major systems already run on Linux servers, and have both Windows and Linux clients. Others are web browser based, and the client doesn't matter. The killer apps for us are MS Outlook, and Adobe Creative Suite (which to be run on Macs - almost Linux). Man I wish there was an open source replacement for Outlook!
We use MS Office, and we are stuck with it (apparently). Since some of my colleagues work with rather... sensitive information, and since they are not allowed to share some of the data with others even inside the company, and none of us are allowed to share data with the outside world, I wonder (even if we have not yet encountered the nag screens):
- we are not allowed to share data. AFAIK _any_ data.
- the user has to press these buttons
- and now the user seems to be actively in violation of our IT policy...
What now? I just hope that somebody from legal or the IT security group runs into that before I do...
It does rather raise a question: is there a chance of any document data being sent to MS? Since they aren't being particularly transparent about it, it's hard to know (without sniffing the network traffic - and that only shows what they are sending now - not what they'll be sending 3 updates down the road).
I wonder if the MoD use MS Office apps? Maybe if your MP isn't a complete tool (mine is) then it could be worth a letter.
Meanwhile, the bank holiday weekend is a perfect time to send off as many SARs as you possibly can.
Yes. Under "Full", there is:
Enhanced error reporting, including the memory state of the device when program crash occurs (which may unintentionally contain parts of a file you were using when the problem occurred)
So at the very least, "Full" reporting must not be enabled (and I would say must be blockable administratively) in any environment where confidentiality is important.
If it isn' t possible to block users from selecting "Full" then I suggest that Microsoft Office is not suitable for use in Business and Government environments.
Our company takes this thing seriously, more than "my 9 column table in a word document doesn't align", so we no longer use Windows. We tried to hold back on Win7 for as long as possible (not sure what we where waiting for), but decided the only path forward was Fedora (the cinnamon spin).
In our industry, security trumps convenience.
Why not LTSB? It's still not enough. The data capture code is still there, disabled by a single bit. A buggy update or accidental misconfiguration, and... boom! And let's face it, the data slurp is just the tip of the iceberg.
I'm using Fedora Cinnamon too. Rock solid - only added Gnome Terminal as Cinnamon expects this and also Gnome Software Center which makes it easier to find software.
Can't say I'm really surprised from Microsoft - so much for "Gmail Man" or "Scroogled". I stopped using Microsoft products years ago because of the data collection. LibreOffice works just as well - I have yet to find an incompatibility with Microsoft Office providing you install the MS core fonts in Linux.
"Why not LTSB?"
Because it's not for standard use - it's for things like standalone kiosks that will never get updated. It's for instance specifically stated as not for any use that requires MS Office. And Office Pro Plus 2019 wont run on it at all.
"The data capture code is still there, disabled by a single bit."
LTSB has the exact same telemetry features as the standard Windows 10 for Business release of the same time.
"Enhanced error reporting, including the memory state of the device when program crash occurs (which may unintentionally contain parts of a file you were using when the problem occurred)"
Translation: unintentionally = inevitably
Back in the days pre-Y2K, I was a postdoc researcher in space debris impact science, we had various bits of data about the properties of highly compressed metals we were using (for entirely peaceful purposes) that originally came from one of those ^^^ .
The nice guys who let us play with their data would have been rather unhappy at the thought of, say, a (very strictly internal!) report that included such gems being exported to wherever MSoft decided to send it.
I vaguely seem to remember that thermite was one of their recommended disk-disposal methods to ensure compliance with arms non-export / non-proliferation regulations, when more serious tools weren't available. Just imagine the help-desk call for that one.. Hello, I have reason to believe you've just slurped some nuclear secrets. Where do Uncle Sam's guys with the thermite need to go to ensure that it doesn't proliferate?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
