back to article Microsoft gives users options for Office data slurpage – Basic or Full

Microsoft is rolling out an update to Office products to introduce Windows 10-style telemetry data slurping. Or rather the software business has made it very clear to users it is doing so and they cannot opt out. With a certain piece of European legislation around the corner concerning privacy, the timing is interesting to say …

  1. }{amis}{ Silver badge
    Windows

    Dear Microsoft

    Please F*&%k off if I wish to send you debugging data when I have an issue I will, otherwise what happens on my hardware is my business, not yours.

    1. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Re: Dear Microsoft

        >Microsoft and Facebook are collaborating on a transatlantic cable - what about LinkedIN ??

        LinkedIn is Microsoft, keep up.

        1. This post has been deleted by its author

          1. Anonymous Coward
            Anonymous Coward

            Re: Dear Microsoft

            @shadmeister : very creepy indeed. But, apart from Microsoft and Facebook, you forgot the elephant in the room... The One that in the Darkness binds them, so to speak. You can use Linux/FOSS to avoid all MS telemetry and slurping, use various blockers to dump Facebook and their ilk in the bin, but what do you do with Google ? And I don’t mean just the search engine.

            1. This post has been deleted by its author

              1. ymjir

                Re: Dear Microsoft

                Double whammy, isn't it? They do all that, and yet still charge you full price for the OEMs. Pretty cheeky.

            2. JohnFen Silver badge

              Re: Dear Microsoft

              "what do you do with Google ?"

              Me? I block google at my router, and avoid using any Google service.

              1. Pen-y-gors Silver badge

                Re: Dear Microsoft

                @JohnFen

                Me? I block google at my router, and avoid using any Google service.

                But, to be fair, not really an option for 99.9% of the connected population. Google has some really, really useful services: maps, digitised books, search, mail and lots more - alternatives for some, not for others.

                1. JohnFen Silver badge

                  Re: Dear Microsoft

                  "not really an option for 99.9% of the connected population."

                  I disagree. It's absolutely an option for 99.9% of the population. Sure, you might have to give up some amount of convenience to do it, but it's still perfectly doable for everybody nonetheless.

                  1. doublelayer

                    Re: Dear Microsoft

                    "Google has some really, really useful services: maps, digitised books, search, mail and lots more - alternatives for some, not for others."

                    I agree for search and mail to some extent (I know we'd all like to have a personal mail server that we control entirely, but it's expensive and complex), but there are a lot of GPS solutions that work quite well. Google maps may be popular because it comes by default on android phones and can be installed on IOS for free, but apple has their maps for IOS not to mention the many satnav providers. I use a GPS app whose main asset to me was that everything was offline (I have a 3gb per month data cap, so that's useful), but now it also has the benefit of not sending data to people. I've never actually gotten any use out of google books. Every time I've looked for something, google gives me a paragraph and tells me the rest isn't available. Either it is, but only if I purchase through google play, or they have the book but I can't have it.

                    1. JohnFen Silver badge

                      Re: Dear Microsoft

                      "I know we'd all like to have a personal mail server that we control entirely, but it's expensive and complex"

                      I run my own mail server, and it's certainly not expensive -- essentially, it's the cost of a domain name registration. Unless you're doing something fancy with it, it's also not that complex. It's probably not something an ordinary user would be willing to do, but it's well within reach of a "power user". However, I'd recommend that if someone wants to do this and has little experience with such things, they should use one of the premade server images instead of setting up from scratch.

          2. Anonymous Coward
            Anonymous Coward

            Re: Dear Microsoft

            "Yes - i know, my point was that what is the information within LinkedIn being used for."

            I helped them comply with GDPR by "deleting" my profile.

            It was only used by sales tossers contacting me via it anyway.

            1. This post has been deleted by its author

            2. Vince

              Re: Dear Microsoft

              Weirdly enough I recently did the same, between Microsoft having my data via LinkedIn and the same utter crap being received via LinkedIn and absolutely nothing useful in years, I decided it had to go.

    2. ShelLuser
      Joke

      @Amis

      I can only imagine it now:

      Dear Amis,

      Thank you for sending us this very important data. Customer feedback is important to us, that's why we want to collect more! And, like you, we feel strongly about our environment. So what we do with our software is therefor also our business. That's what you pay us for after all!

      Looking forward to getting (much) more data from you!

      Your friend Cortana

    3. deadlockvictim Silver badge

      Re: Dear Microsoft

      If you want to use Microsoft products and are concerned about the slurp, then do it on a machine that is not online.

      Simple but disagreeable.

    4. bombastic bob Silver badge
      Devil

      Re: Dear Microsoft

      Libre Office and Open Office are looking a LOT better these days!

      I wonder if Corell, Lotus, and Word Perfect might resurrect something to compete, making "no slurp" their primary FEATURE?

      1. ymjir

        Re: Dear Microsoft

        Maybe there is hope for the world, I've had clients stating they prefer libre office over Microsoft Office, AND actively using libre for their day to day document needs. Shock horror, but Microsoft are doing more to damage their own product then the competition could ever dream of.

    5. Anonymous Coward
      Anonymous Coward

      Re: Dear Microsoft

      The LibreOffice alternative is looking better and better by the day.

      And to all those staying with MS; You're the character running forwards while going backwards, as you finally get minced by MS sausage machine conveyor belt. (Wallace and Gromit Style)

  2. Pen-y-gors Silver badge

    Firewalls?

    Could some kind soul work out what IP address(es) they're using, so that we can add a few new rules to the firewall.

    1. James O'Shea Silver badge

      Re: Firewalls?

      I'd kinda like to know if this would work, too...

    2. Anonymous Coward
      Anonymous Coward

      Re: Firewalls?

      The trouble with that approach is addresses can change.

      If you care that much about about your privacy, then you shouldn't be using Windows.

      1. }{amis}{ Silver badge
        Flame

        Re: Firewalls?

        I fixed that for you :

        If you care that much about your privacy, then you shouldn't be using Windows The Internet.

        1. Boothy

          Re: Firewalls?

          They are likely using hostname/s.

          If you know what those are for Office tracking, it can be added to the hosts file, assuming it doesn't stop other things from working of course.

          This is a good spot to look at....

          http://someonewhocares.org/hosts/

          although I've no idea if this Office info is blocked currently, but it does include Windows 10 reporting domains.. So if Office is using the same domain names, they too would be blocked.

        2. anonymous boring coward Silver badge

          Re: Firewalls?

          There used to be a time when writing a document on your own PC wasn't "using the internet".

        3. JohnFen Silver badge

          Re: Firewalls?

          By your logic here, if you really care about privacy then you would never leave the house and you would have no electricity, water, garbage collection, etc. service. To argue that if you don't have total privacy then you have no privacy at all nonsense.

          1. HolySchmoley
            Meh

            Re: Firewalls?

            @JohnFen

            >To argue that if you don't have total privacy then you have no privacy at all nonsense.

            A word to the wise (*), about privacy.

            Go away for 10 years.

            Find a techie guru.

            Study hard, think and meditate.

            Come back and apply as a junior, would-be techie.

            Serve 10 years apprenticeship.

            Post a new version of your comment, demonstrating your hard-won understanding.

            (*) Flattery in the guise of faux politeness.

      2. JWLong

        Re: Firewalls?

        Just use this free program to stop Windows 10 and NOW the Office slurp!

        https://www.safer-networking.org/spybot-anti-beacon/

        Two words of warning, if you use OneDrive disable blocking of it. And, if you KMS (Key Management System) anti-beacin may cause problems.

        Also, try this little nugget out: https://peerblock.en.uptodown.com/windows.

        And this nugget: http://winhelp2002.mvps.org/hosts.zip

        None of these slow down any of my boxes, YMMV...........

      3. Anonymous Coward
        Anonymous Coward

        Re: Firewalls?

        Not just this, but a lot of the addresses get tied into Essential (debateable) services like windows update. Its a sticky wicket.

    3. Doctor Syntax Silver badge

      Re: Firewalls?

      "Could some kind soul work out what IP address(es) they're using, so that we can add a few new rules to the firewall."

      By the time they've finished you'll probably need a lot more memory in your firewall, just to hold the rules.

    4. Nick Ryan Silver badge

      Re: Firewalls?

      Given previous form, Microsoft will use the same public IP addresses as vital services for utterly unwanted ones, making blocking near impossible.

      You only have to try and use IE browser in protected mode on a server and to access the KB links (linked to in Microsoft logs on a Microsoft OS) that don't work on the Microsoft KB website because

      (a) you need JavaScript enabled (no page, particularly a ****ing KB page should "require" JavaScript) and

      (b) there are many other random resources on the web page that also happen to be "required" for the page to load, or work.

      1. JohnFen Silver badge

        Re: Firewalls?

        "Microsoft will use the same public IP addresses as vital services for utterly unwanted ones"

        Ummm... what "vital" service does Microsoft offer? I can't think of a single one that would cause much trouble if I couldn't access it.

        1. Pen-y-gors Silver badge

          Re: Firewalls?

          @John Fen

          I can't think of a single one that would cause much trouble if I couldn't access it.

          Organisations or individuals who share files with you via OneDrive?

          Yes, alternatives are available, but this is someone else's choice, so I can't tell them they're idiots and doing it wrong.

          Security updates to Windows?

          1. JohnFen Silver badge

            Re: Firewalls?

            I wasn't counting services used by your employer, as that's your employer's equipment and data, not yours, therefore they get to make these decisions. But for personal use, what vital service does Microsoft provide?

            1. Tannin

              Re: Firewalls?

              "But for personal use, what vital service does Microsoft provide?"

              Well, for single people with no romantic prospects on the horizon, Microsoft provides a simple and very reliable way of getting screwed. Every day.

              1. Danny 14 Silver badge

                Re: Firewalls?

                you can also get your filters to block non-authenticated internet access. The updates and telemetry all use the "machine$" account, simply block access from that and not "username". whitelist your AV and other necessaries and voila! No leaky system.

        2. bombastic bob Silver badge
          Devil

          Re: Firewalls?

          Ummm... what "vital" service does Microsoft offer

          Well if you're a programmer and need MSDN stuff [for example] that might be considered "vital" to your profession.

          Otherwise, for 'mortals', I'd say "NOTHING".

      2. TheVogon Silver badge

        Re: Firewalls?

        "You only have to try and use IE browser in protected mode on a server and to access the KB links (linked to in Microsoft logs on a Microsoft OS) that don't work on the Microsoft KB website because"

        So it's protecting by default against poor admins. Servers should not have general internet access, and that you should not be using a browser on one to view stuff that could be done from a desktop with a standard account.

        If you really have to access such links from a server, simply add Microsoft.com to trusted sites. Which can easily be done on multiple boxes via Group Policy.

        Although I would suggest that servers should not have general internet access, and that you should not be using a browser on one to view stuff that could be done from a desktop with a standard account.

    5. usbac

      Re: Firewalls?

      I actually put this question to our Firewall vendor. We are a corporate customer with a paid support agreement. I put in a feature request to be able to block "Telemetry" from the various software companies. I asked for telemetry to be a category in their web blocker module. They already have a long list of categories like adult, hate speech, advertising, etc. Each category has various sub-categories. I thought that having telemetry as a category, and each slurping asshole company be a subcategory would be perfect.

      I knew they would never do it. The pressure from Microshaft, Adobe, etc. would be too much. I just wanted to see them squirm. At first their approach was to ignore the feature request. So when our sales rep called about a major upgrade and support agreement renewal, I told her that we are considering switching to PFSense, and oh, by the way, what about the feature request that wasn't ever answered?

      After that little poke, I did actually get an answer from a manager in software development. Their explanation was actually fairly legitimate. They agreed with the need for it, and confirmed that I'm not the first customer to ask for it. They gave me several good reasons why it's not workable. The first was the wack-a-mole problem of many (hundreds of) IP addresses that change constantly. Then, they said that Microshaft has tied Windows Update into the same servers that receive the telemetry. So, blocking the telemetry at the firewall would break Windows Update. There is a similar problem with Adobe they said. If you run Adobe's rent-ware Creative Suite (which we do), it will stop working if you block their telemetry.

      So, as long as we have to run the crap from Microshaft and Adobe, we are stuck. If I owned the company, we would be 100% open source. It's possible to run a company on open source, one just needs to have the balls to do it. For us, it's not even all that big of a stretch. Several of our major systems already run on Linux servers, and have both Windows and Linux clients. Others are web browser based, and the client doesn't matter. The killer apps for us are MS Outlook, and Adobe Creative Suite (which to be run on Macs - almost Linux). Man I wish there was an open source replacement for Outlook!

  3. Blockchain commentard
    Big Brother

    And this (and Windows 10 data slurping) isn't at all to find illegal copies of the software. No siree. Not abusing data privacy of millions to catch a few hundred, Hashtag 1984 !!!!!

  4. Anonymous Coward
    Anonymous Coward

    Corporate users?

    We use MS Office, and we are stuck with it (apparently). Since some of my colleagues work with rather... sensitive information, and since they are not allowed to share some of the data with others even inside the company, and none of us are allowed to share data with the outside world, I wonder (even if we have not yet encountered the nag screens):

    - we are not allowed to share data. AFAIK _any_ data.

    - the user has to press these buttons

    - and now the user seems to be actively in violation of our IT policy...

    What now? I just hope that somebody from legal or the IT security group runs into that before I do...

    1. Herring`

      Re: Corporate users?

      It does rather raise a question: is there a chance of any document data being sent to MS? Since they aren't being particularly transparent about it, it's hard to know (without sniffing the network traffic - and that only shows what they are sending now - not what they'll be sending 3 updates down the road).

      I wonder if the MoD use MS Office apps? Maybe if your MP isn't a complete tool (mine is) then it could be worth a letter.

      Meanwhile, the bank holiday weekend is a perfect time to send off as many SARs as you possibly can.

      1. revenant

        @Herring`- "is there a chance of any document data being sent to MS?"

        Yes. Under "Full", there is:

        Enhanced error reporting, including the memory state of the device when program crash occurs (which may unintentionally contain parts of a file you were using when the problem occurred)

        So at the very least, "Full" reporting must not be enabled (and I would say must be blockable administratively) in any environment where confidentiality is important.

        If it isn' t possible to block users from selecting "Full" then I suggest that Microsoft Office is not suitable for use in Business and Government environments.

        1. Anonymous Coward
          Anonymous Coward

          Re: @Herring`- "is there a chance of any document data being sent to MS?"

          Our company takes this thing seriously, more than "my 9 column table in a word document doesn't align", so we no longer use Windows. We tried to hold back on Win7 for as long as possible (not sure what we where waiting for), but decided the only path forward was Fedora (the cinnamon spin).

          In our industry, security trumps convenience.

          Why not LTSB? It's still not enough. The data capture code is still there, disabled by a single bit. A buggy update or accidental misconfiguration, and... boom! And let's face it, the data slurp is just the tip of the iceberg.

          1. arobertson1

            Re: @Herring`- "is there a chance of any document data being sent to MS?"

            I'm using Fedora Cinnamon too. Rock solid - only added Gnome Terminal as Cinnamon expects this and also Gnome Software Center which makes it easier to find software.

            Can't say I'm really surprised from Microsoft - so much for "Gmail Man" or "Scroogled". I stopped using Microsoft products years ago because of the data collection. LibreOffice works just as well - I have yet to find an incompatibility with Microsoft Office providing you install the MS core fonts in Linux.

            1. Wensleydale Cheese Silver badge
              Happy

              Fedora

              "I'm using Fedora Cinnamon too. Rock solid ..."

              Interesting thanks. I didn't realise Fedora was suitable for production.

              The last time I used Fedora (2012?) it was a bit too "bleeding edge" for my taste.

          2. Anonymous Coward
            Anonymous Coward

            Re: @Herring`- "is there a chance of any document data being sent to MS?"

            "Why not LTSB?"

            Because it's not for standard use - it's for things like standalone kiosks that will never get updated. It's for instance specifically stated as not for any use that requires MS Office. And Office Pro Plus 2019 wont run on it at all.

            "The data capture code is still there, disabled by a single bit."

            LTSB has the exact same telemetry features as the standard Windows 10 for Business release of the same time.

        2. Doctor Syntax Silver badge

          Re: @Herring`- "is there a chance of any document data being sent to MS?"

          "Enhanced error reporting, including the memory state of the device when program crash occurs (which may unintentionally contain parts of a file you were using when the problem occurred)"

          Translation: unintentionally = inevitably

        3. nagyeger
          Mushroom

          Re: @Herring`- "is there a chance of any document data being sent to MS?"

          Back in the days pre-Y2K, I was a postdoc researcher in space debris impact science, we had various bits of data about the properties of highly compressed metals we were using (for entirely peaceful purposes) that originally came from one of those ^^^ .

          The nice guys who let us play with their data would have been rather unhappy at the thought of, say, a (very strictly internal!) report that included such gems being exported to wherever MSoft decided to send it.

          I vaguely seem to remember that thermite was one of their recommended disk-disposal methods to ensure compliance with arms non-export / non-proliferation regulations, when more serious tools weren't available. Just imagine the help-desk call for that one.. Hello, I have reason to believe you've just slurped some nuclear secrets. Where do Uncle Sam's guys with the thermite need to go to ensure that it doesn't proliferate?

      2. Chris Hills

        Re: Corporate users?

        This is not something you can lobby your MP about. It's a simple market choice. If you do not like what the software does, go elsewhere. There are plenty of alternatives available, both free and commercial.

        1. Anonymous Coward
          Anonymous Coward

          Re: Corporate users?

          @Chris Hills If you work for a public organisation where confidentiality is paramount, you may well have tried to get rid of MS already. You will have failed because it is beyond the understanding of very important people that there is any alternative.

          The only thing you may be able to do is talk to your MP.

        2. anonymous boring coward Silver badge

          Re: Corporate users?

          "This is not something you can lobby your MP about. It's a simple market choice. If you do not like what the software does, go elsewhere."

          Obviously, the lobbying bit is about the state trying to get off their MS dependency. And in so doing, making MS change their ways, or go away.

        3. Wensleydale Cheese Silver badge

          Re: Corporate users?

          "This is not something you can lobby your MP about."

          It certainly is something you can lobby your MP about when so many government departments use the product.

      3. HolySchmoley

        Re: Corporate users?

        >It does rather raise a question: is there a chance of any document data being sent to MS?

        From https://support.office.com/en-us/article/diagnostic-data-in-office-f409137d-15d3-4803-a8ae-d26fcbfc91dd#ID0EAADAAA=Windows

        'Full data includes everything collected with Basic data, plus additional information that enables Microsoft to fix and improve its’ products for all users. The following list includes examples of the additional information Office collects at the Full level.

        ...'

        I don't know about your reading of the above statement, but mine is that some 'examples' follow but, as they are examples, anything and everything that we are not listing could also be collected at our discretion, to 'improve' products.

        I expect that most people on this forum, certainly programmers, can spot such deliberately misleading reassurances a mile off (For those who can't, do you work for a company like TSB?)

      4. tiggity Silver badge

        Re: Corporate users?

        @Herring "Maybe if your MP isn't a complete tool (mine is) then it could be worth a letter."

        Surely the vast majority of MPs are tools (I would say all, but not familiar with behaviour of every MP (as have a life) so cannot definitively say all)

    2. DailyLlama

      Re: Corporate users?

      Your IT guys just need to set up group policy correctly. My Windows 10 policy doesn't allow any telemetry to be sent back to M$. I'm guessing that the Office ADMX templates will be updated to reflect these changes too, and I'll just add them to the policy.

      1. Zippy's Sausage Factory
        Meh

        Re: Corporate users?

        "I'm guessing that the Office ADMX templates will be updated to reflect these changes too, and I'll just add them to the policy."

        That's the problem though - it's just a guess. There's no real reason that Microsoft would do that unless they get asked, specifically, by customers. And even then, what are the chances that those high-paying customers will receive special builds?

        Vapourware won't keep legal happy.

        1. Anonymous Coward
          Anonymous Coward

          Re: Corporate users?

          "There's no real reason that Microsoft would do that unless they get asked, specifically, by customers."

          They will.

          "And even then, what are the chances that those high-paying customers will receive special builds?"

          Close to zero - the Office 365 install that most use is regularly updated. They can easily add such a feature if not already there.

      2. ymjir

        Re: Corporate users?

        All well and good till Microsoft decide to deprecate the Group Policy Object in question, which they do have form for. From windows 1607 - 1803 The option to customise /turn off settings in the notification center, changed its name or was removed completely. This can make changing settings in GPO a bit useless at times when the target is constantly moving.

    3. Doctor Syntax Silver badge

      Re: Corporate users?

      "I just hope that somebody from legal or the IT security group runs into that before I do."

      If they don't run into it before make sure they do immediately afterwards.

    4. bombastic bob Silver badge
      Devil

      Re: Corporate users?

      What now?

      Abandon MS Orifice, particularly 'Virus Outbreak' (aka 'Microsoft Outlook') and switch to Libre Office.

      That's my suggestion. Don't worry, the cost savings and increased security/privacy will outweigh any "disadvantages" that might occur along the way. Once everyone gets used to it, you're all set!

  5. adnim Silver badge

    Simple crash dumps...

    Contain absolutely no memory contents and definitely none of the document contents one was working on when the crash occurred. So you are safe. No personal or private, personally identifiable or not, data is sent to MS.

    Me -> rides Unicorn off into a pink sunset.

    1. Baldrickk Silver badge

      Re: Simple crash dumps...

      Are dumps not a dump of memory so that the flaw can be found?

      What about when that flaw is directly related to a user's data?

      MS's descriptions of what is sent:

      At the Basic level we collect only data necessary to keep Office programs up to date, functioning properly and secure. Basic data includes information about the program itself, the proper function of Office, and basic error data. We collect the following data at the Basic level:

      - Connectivity and configuration data such as the version of Office in use; and the name, version, and publisher of any add-ins installed and being used in Office

      - Whether Office is ready for an update and if there are factors that may impede the ability to receive updates

      - Whether updates install successfully

      - Data about the reliability of the diagnostics collection system

      - Basic error reporting, which is health data about the Office programs running on your device; for example if a program such as Word hangs or crashes

      Full data includes everything collected with Basic data, plus additional information that enables Microsoft to fix and improve its’ products for all users. The following list includes examples of the additional information Office collects at the Full level.

      - Additional data about Office connectivity and configuration beyond that collected at the Basic level

      - Application usage, such as which Office programs are opened on a device, how long they run, which processes they use, and how quickly they respond to input

      - Enhanced error reporting, including the memory state of the device when program crash occurs (which may unintentionally contain parts of a file you were using when the problem occurred)

      - To help you get the most out of Office, we may tell you about features you may not know about or that are new

      Under Full, there is definitely potential for confidential information to be sent.

      1. FrogsAndChips Bronze badge

        Re: Simple crash dumps...

        @ Baldrickk

        Hmmm, "Unicorn" and "pink sunset" were not enough to trigger your sarcasm detector?

        Anyway, thanks for the detailed explanation.

      2. adnim Silver badge

        Re: Simple crash dumps...

        You are correct, have an up vote.

        I will down vote myself for not being sarcastic enough ;-)

    2. HolySchmoley

      Re: Simple crash dumps...

      >Contain absolutely no memory contents

      Really?

      So perhaps they contain information made up by an AI reading a bedtime story?

      Last time I used computers the place where they do stuff (process) with stuff (data) was in memory. Perhaps you could explain what 'crash dumps' contain that doesn't come from memory?

      1. adnim Silver badge

        Re: Simple crash dumps...

        @ HolySchmoley

        "Perhaps you could explain what 'crash dumps' contain that doesn't come from memory?"

        The Unicorn I rode into a pink sunset for one.

        I guess subtle sarcasm is lost on you, and a few others too :-)

  6. Anonymous Coward
    Anonymous Coward

    Linux and Libreoffice, no data slurping required.

  7. Pascal Monett Silver badge
    Mushroom

    Basic or Full ?

    What about NONE ?

    1. Fading Silver badge

      Re: Basic or Full ?

      Or the more likely options of full or “basic” aka full with a something to hide flag attached.......

    2. Anonymous Coward
      Anonymous Coward

      Re: Basic or Full ?

      What about the "Fuck the Hell No" option.

      With MS doing this and Canonical now slurping god knows what from Linux our options for a slurp free life are getting more and more limited. The world truly is coming to an end.

      1. Dave K Silver badge

        Re: Basic or Full ?

        If you check, you can see exactly what Canonical collect (if you enable it), as they'll let you view the data they collect, and it's pretty minimal stuff. They're a world apart from MS here...

        1. Anonymous Coward
          Anonymous Coward

          Re: Basic or Full ?

          "If you check, you can see exactly what Canonical collect (if you enable it), as they'll let you view the data they collect, and it's pretty minimal stuff. They're a world apart from MS here..."

          Erm, no.

          https://blogs.windows.com/windowsexperience/2018/01/24/microsoft-introduces-new-privacy-tools-ahead-of-data-privacy-day/

          1. Fungus Bob Silver badge

            Re: Basic or Full ?

            Erm, yes.

            The link you posted was for something only available to "Windows Insiders", whatever those are.

            1. Anonymous Coward
              Anonymous Coward

              Re: Basic or Full ?

              "The link you posted was for something only available to "Windows Insiders", whatever those are."

              Becoming a Windows insider just means ticking a box under Windows Update to get advance builds.

              And Erm, nope - it was generally released back in April so you no longer need to be an insider to get it.

              1. Fungus Bob Silver badge

                Re: Basic or Full ?

                Still worlds apart. You can *completely* opt out of data collection in Ubuntu. The information collected is easily readable by a human. You cannot opt out of data collection in Windows and the information collected is not easily human readable - the screenshots of the data viewer look like something only a programmer could decipher. Hardly understandable by Grandma.

                Worlds apart on what data is collected too. Ubuntu would collect this:

                *Ubuntu Flavour

                * Ubuntu Version

                * Network connectivity or not

                * CPU family

                * RAM

                * Disk(s) size

                * Screen(s) resolution

                * GPU vendor and model

                * OEM Manufacturer

                * Location (based on the location selection made by the user at install). No IP information would be gathered

                * Installation duration (time taken)

                * Auto login enabled or not

                * Disk layout selected

                * Third party software selected or not

                * Download updates during install or not

                * LivePatch enabled or not

                * Popcon would be installed. This will allow us to spot trends in package

                usage and help us to focus on the packages which are of most value to our users.

                * Apport would be configured to automatically send anonymous crash reports without user interruption.

                The list of stuff Windows collects exceeds the word limit on Reg comment posts.

  8. LDS Silver badge

    "no personal data has been *deliberately* collected"

    Still, they could collect personal data anyway in crash dumps or other telemetry information, none of those data are essential to deliver the service, and that's not compliant with GDPR.

    If ever my installation starts to nags me, I think I'll send a request to stop it and delete any personal data they could have collected - I just have to wait for tomorrow...

    1. Anonymous Coward
      Anonymous Coward

      Re: "no personal data has been *deliberately* collected"

      "Still, they could collect personal data anyway in crash dumps or other telemetry information, none of those data are essential to deliver the service, and that's not compliant with GDPR."

      It is compliant if a) you agree to it, and / or b) the data is effectively anonymised, or c) inadvertently collected data is deleted as soon as it is identified.

  9. Michael H.F. Wilkinson Silver badge

    GDPR compliance?

    Methinks the EU may well cry foul over this one. I'll stick with LibreOffice and LaTeX, thanks all the same

  10. James O'Shea Silver badge

    will this work?

    How about simply disconnecting from the network whenever a MS Office app is running? Unless something in the background calls home as soon as the network is reconnected, MS _can't_ slurp a damn thing... can they?

    Failing that, wouldn't tightening up the firewall rules block slurpage?

    1. elDog Silver badge

      Re: will this work?

      Unplugging temporarily from the network does (I think) stop the flow of telemetry. However you can guess that it is being buffered for later transmittal when the circuit is restored.

      Blocking IPs at the firewall might work as long as you had the full list of them that could be used. I'm sure MS invested in many blocks of IPs way back when and can switch them around as needed. After all, that's how the other data pirates do it.

  11. Charlie Clark Silver badge

    Mac

    Microsoft Word 2016 for MAC, no option to send NO diagnostic data.

    True, but you can simply close the window. It's a breach of European law for Microsoft to start collecting data through a one-sided change in the T&C's, ie. explicit consent still applies. Idiots will have to roll this back.

    1. Anonymous Coward
      Anonymous Coward

      Re: Mac

      "It's a breach of European law for Microsoft to start collecting data through a one-sided change in the T&C's, ie. explicit consent still applies."

      Only for PERSONAL data as defined in EU law.

      1. Charlie Clark Silver badge
        Go

        Re: Mac

        Only for PERSONAL data as defined in EU law.

        Nah, this is contract law. And, as I said it would have to be rolled back. And it was.

        1. Anonymous Coward
          Anonymous Coward

          Re: Mac

          "Nah, this is contract law. And, as I said it would have to be rolled back. And it was."

          And contract law allows for terms that allow contracts to be changed.

  12. 0laf Silver badge
    Trollface

    IP address in some circumstance is personal information.

    Dear Microsoft I think a chat with the UK ICO or the EU Article 29 group might be in order.

    1. Charlie Clark Silver badge

      No need for a chat, someone is going on the naughty step for this.

      Actually, I've just had an update for MS Office 2016 for Mac which now has simple "yes" and "no" options.

  13. Anonymous Coward
    Anonymous Coward

    "Invasive" or "Very Invasive"

    I think instead of complaining about the unacceptable amount of privacy invasion, people should ask themselves: why are they putting up with it? How many pokes in the eye do people need?

    There's no point whinging about it, it falls upon deaf ears. Either stop using it, or suck it up (and so will they).

    1. John Sanders
      Windows

      Re: "Invasive" or "Very Invasive"

      I've been saying it for years, MS says assume the position and people bend over.

      Anything so they don't have to think.

  14. Milton Silver badge

    It's a subtle plan

    MS would find it too humiliating to ditch its core products and simply switch over to Linux and other FOSS, so it is instead getting us to do the dirty deed for them. They must have swung a long way from Ballmer's stupid tosh about destroying Linux.

    Making Win10 (everything from W8 onwards) a steaming pile of manure was the start. But to make these OSs even more repugnant, spyware was included. Then, noticing that people were still stupid enough to pay money for Office, even the crippled mouthbreathing 365 version, they've had to poison those products as well, in a further bid to alienate customers. Perhaps if there are still holdouts next year the crappy Ribbon interface will swell to half the screen, or be rendered in bright purple ... anything to get rid of customers.

    There are a few folks loitering here to downvote any post mentioning Linux and LibreOffice (I hope that's a remunerative activity) so please do so now, while I point out that the open-source combination—

    • Has all the features the vast majority of people actually need and use

    • Is free

    • Doesn't contain uncheckable proprietary code

    • Doesn't spy on you

    • Doesn't require an internet connection

    • Doesn't trash your system after ambushing it with a largely useless "update"

    • Doesn't try to kidnap you into anyone's "ecosystem"

    —and a no-brainer for anyone not trapped in the world of corporate idiocy.

    Given the last decent (and in fact, pretty good) version of Windows was Win7, it'll be interesting to see, when support for that finally ceases in a couple of years, how many people will finally ditch MS and all its parasitic attempts to ensnare, trap and exploit customers. I don't underestimate the power of laziness, stupidity, complacency and wilful victimhood to keep people gormlessly pedalling the MS treadmill, but I'll be surprised if the end of Win7 doesn't cause a fairly spectacular spike in migration to Linux and FOSS.

    Now, vote ↓ happily!

    1. Luke Worm

      Re: It's a subtle plan

      I can upvote only once, what a pity.

    2. Anonymous Coward
      Anonymous Coward

      Re: It's a subtle plan

      All my exposure to Microsoft now is just two products:

      1) Windows 10, which came on my new machine. Was using Windows Vista previously until the old machine gave up its ghost.

      2) Office 2007, volume enterprise license, which requires no activation.

      I have already stopped using Hotmail/Outlook long ago. Stopped using Skype (MSN Messenger had previously merged into Skype). Never used a Microsoft browser. Never cared for Onedrive. Never played XBox, Minecraft. Don't have a Linkedin account. Never installed Swiftkey on my phone. No Kin, Zune, Bing, Windows phones.

      My only beef with Linux is that I have tons of stuff in NTFS partitions, and I want to keep the NTFS formatting. I am inclined towards getting a Mac in future. I'm still using Windows because of legacy win32 and vintage gaming stuff, including but not limited to emulators. And I don't want to run everything through WINE.

      1. Martin an gof Silver badge

        Re: It's a subtle plan

        My only beef with Linux is that I have tons of stuff in NTFS partitions, and I want to keep the NTFS formatting.

        I dual boot W7/OpenSuse at work. All my "data" is on NTFS discs and is accessible from both OSes, though OpenSuse doesn't by default mount the NTFS units.

        M.

    3. Anonymous Coward
      Anonymous Coward

      Re: It's a subtle plan

      • Has all the features the vast majority of people actually need and use

      Still lacks many features many people need to use,

      • Is free

      Who cares? Do you work for free? Are your pocket money too little?

      • Doesn't contain uncheckable proprietary code

      Windows code can be accessed if you have the requirements to access it

      • Doesn't spy on you

      Like Ubuntu which is starting its telemetry as well? Or just look at how Android and Chormebooks spy on you as well...

      • Doesn't require an internet connection

      Sure, you never need updates... c'mon!

      • Doesn't trash your system after ambushing it with a largely useless "update"

      I've seen Linux systems trashed by updates as well.

      • Doesn't try to kidnap you into anyone's "ecosystem"

      No, it's just try to kidnap you into the GPL ecosystem - which is just nasty as the Windows one.

      Choices are good. Forcing everybody into a single choice like Linux and its GPL ecosystem is bad as well, even if it's free. Actually, often there are *less* choices under Linux because there's no incentive to competition, so everybody just uses the same services, applications and tools - a huge lock-in.

      1. John Sanders

        Re: It's a subtle plan

        >> No, it's just try to kidnap you into the GPL ecosystem - which is just nasty as the Windows one.

        And when I got to this point I realized you're just a troll.

    4. Anonymous Coward
      Anonymous Coward

      Re: It's a subtle plan

      Unfortunately you are making the assumption that a significant amount of people give a shit, and give enough of a shit to do something about it.

      Unless Linux is an option from new the vast majority of users will never change from what they are provided initially. Changing operating system = new PC to them.

      And Linux (which I like don't get me wrong) can be an utter shit to fix if it doesn't work.

      You'd maybe, maybe, get people to switch to something like ChromeOS or iOS if you told them it was the same as their phone / tablet that they like.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's a subtle plan

        an utter shit to fix if it doesn't work.

        At least it's fixable.

    5. Anonymous Bullard

      Re: It's a subtle plan

      By the way, LibreOffice supports the ribbon (aka "Notebook bar") : https://www.omgubuntu.co.uk/2017/02/how-to-enable-libreoffice-ribbon-notebook-bar, and it's slightly customisable.

      You can even have the menu, toolbars, and ribbon at the same time. They did it right: you get to choose.

    6. Anonymous Coward
      Anonymous Coward

      Re: It's a subtle plan

      >>They must have swung a long way from Ballmer's stupid tosh about destroying Linux.

      If you were not aware, Windows 10 can now run Linux apps and userland without a Linux kernel. Server 2019 is likely to do the same with containers. Embrace and replace still seems to be the approach.

  15. Wibble

    Little Snitch anyone?

    It's staggering just how many domains MS use in their 'products'.

  16. Anonymous Coward
    Anonymous Coward

    SatNad the data mining whore.

    Is anyone surprised?

    This is the time to wean yourself off Microsoft products wherever possible.

    Whatever diagnostic data Microsoft is harvesting, it sure isn't for improving the reliability of its patches.

  17. ShelLuser

    In other news...

    My Office 2010 (I never bothered to upgrade because I failed to see the need) is still running nicely on Windows 7. I got several security updates not too long ago and everything simply works.

    No slurping, no messages, just my trusty VBA powered Office environment.

    1. This post has been deleted by its author

  18. johnnyblaze

    Why not NONE?

    Basically, if MS in any way valued the security and confidentiality of the people who use their software, they would provide a NONE option, and would also make all settings opt-in rather than opt-out. But, the only thing they value is the data they collect, and the more of it the better. MS are truly pond-slime these days, and probably at least as untrustworthy as Facebook (and I personally think Zuckerberg should be expelled from humanity and cast away on a space rock)

    1. Christian Berger Silver badge

      Re: Why not NONE?

      "Basically, if MS in any way valued the security and confidentiality of the people who use their software, they would provide a NONE option,"

      If they did so, the Windows ecosystem would look a _lot_ different. They would be running regular massive code audits. They would strive to make their systems simpler instead of re-inventing the wheel every few months. They would depreciate and remove VBA from their office products.

      However why should they do so? The remaining users of their software are either forced to use it, or they obviously don't care about security and confidentiality.

  19. skalamanga

    if I am ever forced to give information without the option opting out, I will try my damned hardest to make suure that information is invalid!

    1. Anonymous Coward
      Anonymous Coward

      So that's your excuse for using the computer incorrectly.

      Windows users...

  20. Huw D

    <rant>

    $PRODUCT-X blah, blah, blah = $DEVIL.

    You should all be using $PRODUCT-Y because = $DEITY.

    If you don't you're a $WOSSNAME.

    </rant>

    Right, that's a shedload of the Internet covered...

  21. Anonymous Coward
    Anonymous Coward

    Dear Microsoft, THANK YOU

    No, seriously, thanks. Thanks for making it so much easier to finally rip this crap root & branch out of our organisation as I can now add GDPR compliance as an argument why we should spend LESS on Office software. There are substantial barriers against deploying LibreOffice in an Enterprise:

    - the split LibreOffice installer is basically utter tripe in any other language than American (which is <> English);

    - the stubborn refusal to support the entry method for accented characters on MacOS (which is <> English), which we countered by buying NeoOffice (als takes care of the first issue, but only on MacOS).

    But, thanks to GDPR and the promised fines, the Microsoft data slurp has now reached the point where even the C-suite is getting cold feet, and we've been asked for alternatives.

    So, once again, thanks. I've been waiting for this for quite some time - and it means more budget left for beer :)

    1. Anonymous Coward
      Anonymous Coward

      Re: Dear Microsoft, THANK YOU

      MacOS (which is <> English)

      Unintentional, but still accurate as we use that in multiple languages too..

  22. fobobob

    Coming from Microsoft, sounds like it could be read "almost all" or "all".

  23. WolfFan Silver badge

    Damn, but they're idiots

    Apple has for over a decade, rigged things so that when there's a problem the users get a little dialog box _asking_ them if they want to send info to Apple. If they click on 'yes', the data goes. If 'no', nothing is sent. If you click on the right buttons on the dialog, Apple will specify just what info goes. Apple collects the info anonymously, unless you put something identifiable into the comments section yourself. See http://i.i.cbsi.com/cnwk.1d/i/tim/2012/05/10/TextEditLocationCrashReport.png for an example.

    Microsoft copies EVERY FUCKING THING THAT APPLE DOES, after a few years delay. WHY ON EARTH COULDN'T THEY JUST COPY THIS, TOO?

    Oh. Yes. I can think of a reason why. Cretins. They're cretins. And they've made their last sale around here.

    1. Anonymous Coward
      Anonymous Coward

      Re: Damn, but they're idiots

      When the Microsoft leadership transitioned from Ballmer to SatNad, the folks at Redmond figured out that selling data and subscriptions is a far better business model than peddling new versions of the same software every few years. It's all about the CLOUD (Microsoft's computers) now.

      This is in part due to the paranoia at seeing declining PC sales and Microsoft's failure to break into the mobile phone market. Microsoft needed to 'reinvent' itself.

      That's why Windows 10 is the way it is; masquerading as a mea culpa for Windows 8 but in reality a data slurping platform to manifest this brave new business model.

      On the enterprise side of things, Microsoft is copying Amazon and Google. The only aspect I see Microsoft copying Apple is opening retail stores and peddling the Surface devices, taking aim at iPads and MacBooks and Macs. On the gaming front, it's battling Sony and Nintendo when it comes to consoles, and battling Steam for the digital content distribution rights (the latest Age of Empires game is a Microsoft app store exclusive) of PC games.

      The takeaway from this is Microsoft is too big and has its fingers in too many pies. There is a lack of focus (purchased Linkedin?). Microsoft has an identity crisis.

  24. Anonymous Coward
    Anonymous Coward

    Is this only happening on Office 365?

    I've not had any reports of users seeing this on our on premise version of Office 2016. Also is there any patch associated with this change?

  25. Christian Berger Silver badge

    Remember when people claimed that if you pay for a service your data is protected?

    Seriously what a naive idea. Any company will always opt for getting more money and/or data out of their user if they can.

    1. Christian Berger Silver badge

      It's actually even worse

      We now have App-Stores where softare manufacturers can charge money in arbitrary increments. Even the Apps you pay for sell your data or display advertisements.

  26. Anonymous Coward
    Anonymous Coward

    so how the F*&K is that GDPR compliant

    so how are MS getting around GDPR on this and windows 10 spying?

    1. Anonymous Coward
      Anonymous Coward

      Re: so how the F*&K is that GDPR compliant

      "so how are MS getting around GDPR on this and windows 10 spying?"

      GDPR applies only to personal data, so likely not this Office slurping and personal data can still be grabbed with informed consent.

  27. anonymous boring coward Silver badge

    I guess we'll have to thank Google and MS for creating that dystopian world that we see in some cool films. I'm still in two minds about what's worse: psyco replicants or ads that follow you everywhere.

  28. MrKrotos

    Calling all DEVs!!!!!!!

    Will someone please create a "MSlurpPump" tool to share with us all to run on spare machines that pumps craps in to MS' servers. If enough people run it, it WILL have an effect!

    If I could code I would have already started it :P

  29. JohnFen Silver badge

    Just Microsoft being Microsoft

    Microsoft is a huge, nasty company who doesn't give a shit what you want. Your best option is to avoid using their products when at all possible. If you lie down with dogs, after all...

  30. a_yank_lurker Silver badge

    GPDR Fines

    If I have the fine correct, the EU could fine Slurp 4% of their world-wide gross which would be a tidy sum. It should catch the eye of various feral regulators as this would hit the P/L statements very hard. As I remember, if you have any European customers/activity you are subject to GPDR. Get hit once for Bloat and Orifice and that could total 8% of their gross.

    1. Christian Berger Silver badge

      Re: GPDR Fines

      You forget something, Microsoft is an US company, if they refuse to pay, they refuse to pay. Nobody is going to do the thing they should have done 20 years ago and ban their products if they don't pay.

      1. anonymous boring coward Silver badge

        Re: GPDR Fines

        "Nobody is going to do the thing they should have done 20 years ago and ban their products if they don't pay."

        Sure we are.

  31. Mark 85 Silver badge

    The Full level does a bit more, giving Microsoft carte blanche to nag helpfully inform users about functions and features that might be of interest.

    Microsoft, via its support website, was at pains to point out that no personal data has been deliberately collected, and there is no way to identify a netizen from the slurped information.

    These two statements seem to be contradicting each other. Which is it? Anonymous or identifiable for all the helpful features?

  32. Boris the Cockroach Silver badge
    Mushroom

    Well it looks like

    the next PC purchased for use at Roach towers will be a dual boot win10/ linux mint thing (mostly likely from Novatech) with the majority of the time spent in mint.... and win10 for gaming only.

    If only because I want the the only data m$ slurps from me to be about how many kerbals I've just killed....

    KSP icon......

  33. This post has been deleted by its author

  34. Anonymous Coward
    Anonymous Coward

    At Microsoft, this is what self-delusion looks like:

    COMPARE A: To B:

    ---------------------------

    A:

    "Microsoft Chairman Thompson expressed distaste for companies whose ad-financed businesses share or sell user data, while declining to comment on Facebook Inc. specifically. “Many of them make money off ads and they have used that as kind of a leverage point,” he said of user data. “At Microsoft, we don’t believe in that.”

    ----------------------------

    https://www.bloomberg.com/news/articles/2018-04-30/if-microsoft-finds-another-linkedin-deal-chairman-is-all-in

    ----------------------------

    B:

    ....."When we talk about why we're upgrading the Windows 10 install base, why is that upgrade free? MS CFO asked during a meeting with Wall Street analysts. These are all new monetization opportunities once a PC is sold. Microsoft's strategy is to go low on consumer Windows licenses, hoping that that will boost device sales, which will in turn add to the pool of potential customers for 'Advertising'".....

    ....."CEO Nadella has referred to the customer revenue potential as 'lifetime value' in the past -- and did so again last week during the same meeting with Wall Street -- hinting at Microsoft's strategy to make more on the back end of the PC acquisition process. The more customers, the more money those customers will bring in as they view 'Ads'".....

    https://www.computerworld.com/article/2917799/microsoft-windows/microsoft-fleshes-out-windows-as-a-service-revenue-strategy.html

    1. anonymous boring coward Silver badge

      Re: At Microsoft, this is what self-delusion looks like:

      "“Many of them make money off ads and they have used that as kind of a leverage point,” he said of user data. “At Microsoft, we don’t believe in that.”"

      Someone (a big Chairman, no less) at MS said that in 2018? That's quite funny! Can't be very up to speed with what MS is up to.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019