back to article Microsoft gives users options for Office data slurpage – Basic or Full

Microsoft is rolling out an update to Office products to introduce Windows 10-style telemetry data slurping. Or rather the software business has made it very clear to users it is doing so and they cannot opt out. With a certain piece of European legislation around the corner concerning privacy, the timing is interesting to say …

Page:

  1. }{amis}{ Silver badge
    Windows

    Dear Microsoft

    Please F*&%k off if I wish to send you debugging data when I have an issue I will, otherwise what happens on my hardware is my business, not yours.

    1. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Re: Dear Microsoft

        >Microsoft and Facebook are collaborating on a transatlantic cable - what about LinkedIN ??

        LinkedIn is Microsoft, keep up.

        1. This post has been deleted by its author

          1. Anonymous Coward
            Anonymous Coward

            Re: Dear Microsoft

            @shadmeister : very creepy indeed. But, apart from Microsoft and Facebook, you forgot the elephant in the room... The One that in the Darkness binds them, so to speak. You can use Linux/FOSS to avoid all MS telemetry and slurping, use various blockers to dump Facebook and their ilk in the bin, but what do you do with Google ? And I don’t mean just the search engine.

            1. This post has been deleted by its author

              1. ymjir

                Re: Dear Microsoft

                Double whammy, isn't it? They do all that, and yet still charge you full price for the OEMs. Pretty cheeky.

            2. JohnFen Silver badge

              Re: Dear Microsoft

              "what do you do with Google ?"

              Me? I block google at my router, and avoid using any Google service.

              1. Pen-y-gors Silver badge

                Re: Dear Microsoft

                @JohnFen

                Me? I block google at my router, and avoid using any Google service.

                But, to be fair, not really an option for 99.9% of the connected population. Google has some really, really useful services: maps, digitised books, search, mail and lots more - alternatives for some, not for others.

                1. JohnFen Silver badge

                  Re: Dear Microsoft

                  "not really an option for 99.9% of the connected population."

                  I disagree. It's absolutely an option for 99.9% of the population. Sure, you might have to give up some amount of convenience to do it, but it's still perfectly doable for everybody nonetheless.

                  1. doublelayer Silver badge

                    Re: Dear Microsoft

                    "Google has some really, really useful services: maps, digitised books, search, mail and lots more - alternatives for some, not for others."

                    I agree for search and mail to some extent (I know we'd all like to have a personal mail server that we control entirely, but it's expensive and complex), but there are a lot of GPS solutions that work quite well. Google maps may be popular because it comes by default on android phones and can be installed on IOS for free, but apple has their maps for IOS not to mention the many satnav providers. I use a GPS app whose main asset to me was that everything was offline (I have a 3gb per month data cap, so that's useful), but now it also has the benefit of not sending data to people. I've never actually gotten any use out of google books. Every time I've looked for something, google gives me a paragraph and tells me the rest isn't available. Either it is, but only if I purchase through google play, or they have the book but I can't have it.

                    1. JohnFen Silver badge

                      Re: Dear Microsoft

                      "I know we'd all like to have a personal mail server that we control entirely, but it's expensive and complex"

                      I run my own mail server, and it's certainly not expensive -- essentially, it's the cost of a domain name registration. Unless you're doing something fancy with it, it's also not that complex. It's probably not something an ordinary user would be willing to do, but it's well within reach of a "power user". However, I'd recommend that if someone wants to do this and has little experience with such things, they should use one of the premade server images instead of setting up from scratch.

          2. Anonymous Coward
            Anonymous Coward

            Re: Dear Microsoft

            "Yes - i know, my point was that what is the information within LinkedIn being used for."

            I helped them comply with GDPR by "deleting" my profile.

            It was only used by sales tossers contacting me via it anyway.

            1. This post has been deleted by its author

            2. Vince

              Re: Dear Microsoft

              Weirdly enough I recently did the same, between Microsoft having my data via LinkedIn and the same utter crap being received via LinkedIn and absolutely nothing useful in years, I decided it had to go.

    2. Anonymous Coward
      Joke

      @Amis

      I can only imagine it now:

      Dear Amis,

      Thank you for sending us this very important data. Customer feedback is important to us, that's why we want to collect more! And, like you, we feel strongly about our environment. So what we do with our software is therefor also our business. That's what you pay us for after all!

      Looking forward to getting (much) more data from you!

      Your friend Cortana

    3. deadlockvictim Silver badge

      Re: Dear Microsoft

      If you want to use Microsoft products and are concerned about the slurp, then do it on a machine that is not online.

      Simple but disagreeable.

    4. bombastic bob Silver badge
      Devil

      Re: Dear Microsoft

      Libre Office and Open Office are looking a LOT better these days!

      I wonder if Corell, Lotus, and Word Perfect might resurrect something to compete, making "no slurp" their primary FEATURE?

      1. ymjir

        Re: Dear Microsoft

        Maybe there is hope for the world, I've had clients stating they prefer libre office over Microsoft Office, AND actively using libre for their day to day document needs. Shock horror, but Microsoft are doing more to damage their own product then the competition could ever dream of.

    5. Anonymous Coward
      Anonymous Coward

      Re: Dear Microsoft

      The LibreOffice alternative is looking better and better by the day.

      And to all those staying with MS; You're the character running forwards while going backwards, as you finally get minced by MS sausage machine conveyor belt. (Wallace and Gromit Style)

  2. Pen-y-gors Silver badge

    Firewalls?

    Could some kind soul work out what IP address(es) they're using, so that we can add a few new rules to the firewall.

    1. James O'Shea Silver badge

      Re: Firewalls?

      I'd kinda like to know if this would work, too...

    2. Anonymous Coward
      Anonymous Coward

      Re: Firewalls?

      The trouble with that approach is addresses can change.

      If you care that much about about your privacy, then you shouldn't be using Windows.

      1. }{amis}{ Silver badge
        Flame

        Re: Firewalls?

        I fixed that for you :

        If you care that much about your privacy, then you shouldn't be using Windows The Internet.

        1. Boothy

          Re: Firewalls?

          They are likely using hostname/s.

          If you know what those are for Office tracking, it can be added to the hosts file, assuming it doesn't stop other things from working of course.

          This is a good spot to look at....

          http://someonewhocares.org/hosts/

          although I've no idea if this Office info is blocked currently, but it does include Windows 10 reporting domains.. So if Office is using the same domain names, they too would be blocked.

        2. anonymous boring coward Silver badge

          Re: Firewalls?

          There used to be a time when writing a document on your own PC wasn't "using the internet".

        3. JohnFen Silver badge

          Re: Firewalls?

          By your logic here, if you really care about privacy then you would never leave the house and you would have no electricity, water, garbage collection, etc. service. To argue that if you don't have total privacy then you have no privacy at all nonsense.

          1. HolySchmoley
            Meh

            Re: Firewalls?

            @JohnFen

            >To argue that if you don't have total privacy then you have no privacy at all nonsense.

            A word to the wise (*), about privacy.

            Go away for 10 years.

            Find a techie guru.

            Study hard, think and meditate.

            Come back and apply as a junior, would-be techie.

            Serve 10 years apprenticeship.

            Post a new version of your comment, demonstrating your hard-won understanding.

            (*) Flattery in the guise of faux politeness.

      2. JWLong

        Re: Firewalls?

        Just use this free program to stop Windows 10 and NOW the Office slurp!

        https://www.safer-networking.org/spybot-anti-beacon/

        Two words of warning, if you use OneDrive disable blocking of it. And, if you KMS (Key Management System) anti-beacin may cause problems.

        Also, try this little nugget out: https://peerblock.en.uptodown.com/windows.

        And this nugget: http://winhelp2002.mvps.org/hosts.zip

        None of these slow down any of my boxes, YMMV...........

      3. Anonymous Coward
        Anonymous Coward

        Re: Firewalls?

        Not just this, but a lot of the addresses get tied into Essential (debateable) services like windows update. Its a sticky wicket.

    3. Doctor Syntax Silver badge

      Re: Firewalls?

      "Could some kind soul work out what IP address(es) they're using, so that we can add a few new rules to the firewall."

      By the time they've finished you'll probably need a lot more memory in your firewall, just to hold the rules.

    4. Nick Ryan Silver badge

      Re: Firewalls?

      Given previous form, Microsoft will use the same public IP addresses as vital services for utterly unwanted ones, making blocking near impossible.

      You only have to try and use IE browser in protected mode on a server and to access the KB links (linked to in Microsoft logs on a Microsoft OS) that don't work on the Microsoft KB website because

      (a) you need JavaScript enabled (no page, particularly a ****ing KB page should "require" JavaScript) and

      (b) there are many other random resources on the web page that also happen to be "required" for the page to load, or work.

      1. JohnFen Silver badge

        Re: Firewalls?

        "Microsoft will use the same public IP addresses as vital services for utterly unwanted ones"

        Ummm... what "vital" service does Microsoft offer? I can't think of a single one that would cause much trouble if I couldn't access it.

        1. Pen-y-gors Silver badge

          Re: Firewalls?

          @John Fen

          I can't think of a single one that would cause much trouble if I couldn't access it.

          Organisations or individuals who share files with you via OneDrive?

          Yes, alternatives are available, but this is someone else's choice, so I can't tell them they're idiots and doing it wrong.

          Security updates to Windows?

          1. JohnFen Silver badge

            Re: Firewalls?

            I wasn't counting services used by your employer, as that's your employer's equipment and data, not yours, therefore they get to make these decisions. But for personal use, what vital service does Microsoft provide?

            1. Tannin

              Re: Firewalls?

              "But for personal use, what vital service does Microsoft provide?"

              Well, for single people with no romantic prospects on the horizon, Microsoft provides a simple and very reliable way of getting screwed. Every day.

              1. Danny 14 Silver badge

                Re: Firewalls?

                you can also get your filters to block non-authenticated internet access. The updates and telemetry all use the "machine$" account, simply block access from that and not "username". whitelist your AV and other necessaries and voila! No leaky system.

        2. bombastic bob Silver badge
          Devil

          Re: Firewalls?

          Ummm... what "vital" service does Microsoft offer

          Well if you're a programmer and need MSDN stuff [for example] that might be considered "vital" to your profession.

          Otherwise, for 'mortals', I'd say "NOTHING".

      2. TheVogon Silver badge

        Re: Firewalls?

        "You only have to try and use IE browser in protected mode on a server and to access the KB links (linked to in Microsoft logs on a Microsoft OS) that don't work on the Microsoft KB website because"

        So it's protecting by default against poor admins. Servers should not have general internet access, and that you should not be using a browser on one to view stuff that could be done from a desktop with a standard account.

        If you really have to access such links from a server, simply add Microsoft.com to trusted sites. Which can easily be done on multiple boxes via Group Policy.

        Although I would suggest that servers should not have general internet access, and that you should not be using a browser on one to view stuff that could be done from a desktop with a standard account.

    5. usbac

      Re: Firewalls?

      I actually put this question to our Firewall vendor. We are a corporate customer with a paid support agreement. I put in a feature request to be able to block "Telemetry" from the various software companies. I asked for telemetry to be a category in their web blocker module. They already have a long list of categories like adult, hate speech, advertising, etc. Each category has various sub-categories. I thought that having telemetry as a category, and each slurping asshole company be a subcategory would be perfect.

      I knew they would never do it. The pressure from Microshaft, Adobe, etc. would be too much. I just wanted to see them squirm. At first their approach was to ignore the feature request. So when our sales rep called about a major upgrade and support agreement renewal, I told her that we are considering switching to PFSense, and oh, by the way, what about the feature request that wasn't ever answered?

      After that little poke, I did actually get an answer from a manager in software development. Their explanation was actually fairly legitimate. They agreed with the need for it, and confirmed that I'm not the first customer to ask for it. They gave me several good reasons why it's not workable. The first was the wack-a-mole problem of many (hundreds of) IP addresses that change constantly. Then, they said that Microshaft has tied Windows Update into the same servers that receive the telemetry. So, blocking the telemetry at the firewall would break Windows Update. There is a similar problem with Adobe they said. If you run Adobe's rent-ware Creative Suite (which we do), it will stop working if you block their telemetry.

      So, as long as we have to run the crap from Microshaft and Adobe, we are stuck. If I owned the company, we would be 100% open source. It's possible to run a company on open source, one just needs to have the balls to do it. For us, it's not even all that big of a stretch. Several of our major systems already run on Linux servers, and have both Windows and Linux clients. Others are web browser based, and the client doesn't matter. The killer apps for us are MS Outlook, and Adobe Creative Suite (which to be run on Macs - almost Linux). Man I wish there was an open source replacement for Outlook!

  3. Blockchain commentard Silver badge
    Big Brother

    And this (and Windows 10 data slurping) isn't at all to find illegal copies of the software. No siree. Not abusing data privacy of millions to catch a few hundred, Hashtag 1984 !!!!!

  4. Anonymous Coward
    Anonymous Coward

    Corporate users?

    We use MS Office, and we are stuck with it (apparently). Since some of my colleagues work with rather... sensitive information, and since they are not allowed to share some of the data with others even inside the company, and none of us are allowed to share data with the outside world, I wonder (even if we have not yet encountered the nag screens):

    - we are not allowed to share data. AFAIK _any_ data.

    - the user has to press these buttons

    - and now the user seems to be actively in violation of our IT policy...

    What now? I just hope that somebody from legal or the IT security group runs into that before I do...

    1. Herring` Silver badge

      Re: Corporate users?

      It does rather raise a question: is there a chance of any document data being sent to MS? Since they aren't being particularly transparent about it, it's hard to know (without sniffing the network traffic - and that only shows what they are sending now - not what they'll be sending 3 updates down the road).

      I wonder if the MoD use MS Office apps? Maybe if your MP isn't a complete tool (mine is) then it could be worth a letter.

      Meanwhile, the bank holiday weekend is a perfect time to send off as many SARs as you possibly can.

      1. revenant

        @Herring`- "is there a chance of any document data being sent to MS?"

        Yes. Under "Full", there is:

        Enhanced error reporting, including the memory state of the device when program crash occurs (which may unintentionally contain parts of a file you were using when the problem occurred)

        So at the very least, "Full" reporting must not be enabled (and I would say must be blockable administratively) in any environment where confidentiality is important.

        If it isn' t possible to block users from selecting "Full" then I suggest that Microsoft Office is not suitable for use in Business and Government environments.

        1. Anonymous Coward
          Anonymous Coward

          Re: @Herring`- "is there a chance of any document data being sent to MS?"

          Our company takes this thing seriously, more than "my 9 column table in a word document doesn't align", so we no longer use Windows. We tried to hold back on Win7 for as long as possible (not sure what we where waiting for), but decided the only path forward was Fedora (the cinnamon spin).

          In our industry, security trumps convenience.

          Why not LTSB? It's still not enough. The data capture code is still there, disabled by a single bit. A buggy update or accidental misconfiguration, and... boom! And let's face it, the data slurp is just the tip of the iceberg.

          1. arobertson1

            Re: @Herring`- "is there a chance of any document data being sent to MS?"

            I'm using Fedora Cinnamon too. Rock solid - only added Gnome Terminal as Cinnamon expects this and also Gnome Software Center which makes it easier to find software.

            Can't say I'm really surprised from Microsoft - so much for "Gmail Man" or "Scroogled". I stopped using Microsoft products years ago because of the data collection. LibreOffice works just as well - I have yet to find an incompatibility with Microsoft Office providing you install the MS core fonts in Linux.

            1. Wensleydale Cheese Silver badge
              Happy

              Fedora

              "I'm using Fedora Cinnamon too. Rock solid ..."

              Interesting thanks. I didn't realise Fedora was suitable for production.

              The last time I used Fedora (2012?) it was a bit too "bleeding edge" for my taste.

          2. Anonymous Coward
            Anonymous Coward

            Re: @Herring`- "is there a chance of any document data being sent to MS?"

            "Why not LTSB?"

            Because it's not for standard use - it's for things like standalone kiosks that will never get updated. It's for instance specifically stated as not for any use that requires MS Office. And Office Pro Plus 2019 wont run on it at all.

            "The data capture code is still there, disabled by a single bit."

            LTSB has the exact same telemetry features as the standard Windows 10 for Business release of the same time.

        2. Doctor Syntax Silver badge

          Re: @Herring`- "is there a chance of any document data being sent to MS?"

          "Enhanced error reporting, including the memory state of the device when program crash occurs (which may unintentionally contain parts of a file you were using when the problem occurred)"

          Translation: unintentionally = inevitably

        3. nagyeger
          Mushroom

          Re: @Herring`- "is there a chance of any document data being sent to MS?"

          Back in the days pre-Y2K, I was a postdoc researcher in space debris impact science, we had various bits of data about the properties of highly compressed metals we were using (for entirely peaceful purposes) that originally came from one of those ^^^ .

          The nice guys who let us play with their data would have been rather unhappy at the thought of, say, a (very strictly internal!) report that included such gems being exported to wherever MSoft decided to send it.

          I vaguely seem to remember that thermite was one of their recommended disk-disposal methods to ensure compliance with arms non-export / non-proliferation regulations, when more serious tools weren't available. Just imagine the help-desk call for that one.. Hello, I have reason to believe you've just slurped some nuclear secrets. Where do Uncle Sam's guys with the thermite need to go to ensure that it doesn't proliferate?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019