@Rolo42 - even with that stance, you are still vulnerable to false positives. Which could have you on a no-fly list before you know it, for example. But then, if you take the trouble to go darker, then you expose yourself to targeted investigation (which may be algorithmically initiated). Evil choices abound.
A false positive still has to really look like a real positive. Internet habits alone aren't going to do that. In regards to "algorithmically initiated": these extreme measures can get one on the state's radar by denying the consequent, the blip is "too quiet".
Is there any hard evidence that a Microsoft backdoor has existed in all versions from 95 until present? I've only heard this in the form of FUD but never any actual proof. I'm also not sure what you mean by this event: "Or, do you remember that time when +4million Windows PC's were infected with a malware that used Tor for an attack, and Microsoft removed Tor for +1 million (or was it 2mi) Windows PC's?" When did that happen?
If by FUD you mean that 3rd KEY which read "NSA_KEY"? That even the top Microsoft criptographers were amused that it existed? http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1999.html http://blog.insecure.in/?p=1373 http://www.dailydot.com/technology/tor-botnet-microsoft-malware-remove/ There is also that episode where Windows updates where triggered even on PC's that had it disabled. http://www.informationweek.com/micr...ut-user-permission-apologizes/d/d-id/1059183? http://slated.org/windows_by_stealth_the_updates_you_dont_want There is absolutely no reason to blindly trust a company that has it's products' source code closed. Heck, even Sony installed a backdoor on hundreds of thousands of people back in 2005.
Windows update updated itself even when set to manual...potentially annoying but hardly "spyware-like behaviour". Still...going to complain about Microsoft killing a botnet? Even so, how is that "spying"? Those are all conjecture with the only fact of a registry entry named "NSAKEY"--not much to go on. It did mention the export law...which would be NSA's territory, not what citizens' browsing habits are. Yes the gov't worked with Microsoft in making an OS meet gov't requirements. The gov't works with all kinds of vendors to get standards-appropriate wares. If an auto-update, killing a botnet, and an interestingly-named registry key is all you have over the past 15 years, then I'd say that's evidence of absence and deny the consequent.
Speaking of updates, some people want things like: Control over automatic updates. Possibly handling critical security updates differently than non-security updates, possibly disabling *all* automatic updates including those marked as critical for security. The ability to pick and choose which updates are installed, possibly even avoiding some [non-security, new feature] updates forever The ability to reliably disable automatic update checks and the associated phone-home. Possibly via setting rather than firewall. If re-enabled or manually initiated, then the ability to catch up with updates without any having rolled off the available list simply due to time. The ability to manually download updates, as ISOs or some other format that allows for both local archiving and installation while offline The ability to acquire updates without having to register personal or business information, or create/use an online account and privacy factors into it for some of them. I've read a number of articles about the Windows 10 updating schemes. I'm inclined to focus most attention on Windows 10 Pro, for obvious reasons. The descriptions were such that I thought users who desire the above options might run into some issues when using Pro, and The Register made an interesting observation: Question for those who have spent more time investigating Windows 10: Which of the above five options do you think would be difficult to achieve under Pro?
1. We have that in Pro, though in Win10 it's isn't indefinite (probably people complaining that software isn't working and blaming Windows but not blaming their choice to skip .NET updates, etc., so it's likely a pragmatic limitation). It's just better that the Dell- and Best Buy-shoppers get their home version and Microsoft protect them (and the rest of us) from these users. 2. I'm on the fence with this one; what would be the purpose? Running outdated software is a security risk and since we're all connected, a risk incurred by one is shared by all 3. See #2 4. See #2 plus there is WSUS for environments that need it (and the whole enterprise being treated differently as it should) 5. Create an account...so what; you create your own e-mail address and it's not like any information you provide (name and, uhh...can't remember if it requires anything else) is verified. Everything needs an account these days (thanks, bot-users). Your account is where your keys will be stored and (if you choose) settings, which I like. "Privacy concerns" has crept to a scope that means a whole bunch of stuff not relevant to privacy. My only reservation about Wupdates is that they better be 99.99%+ reliable. re: the bold text. You don't read EULAs and other agreements much? That's standard fare to avoid litigation (or other user-complaints) about "you didn't give formal notice explaining every detail before deploying this update! Privacy! Human rights violations! Victim! ahhhh!!!". Additionally, being a former developer tired of getting bug reports from old versions of my software (I didn't have automatic updates at the beginning and that was the impetus for adding auto-update), I can see where Microsoft is coming from. Users are belligerent, know-it-all, self-centred, inconsiderate pains in the neck. Seriously...a lot of development time was wasted on those problems so I don't blame anyone for draconian update tactics--so long as they don't break a single thing in doing so.
I didn't mention "spyware-like", I mentioned BACKDOOR-like, which is exactly what that is. The user doesn't have control over the software: rather, the backdoor gives others control over that sofware. See above. That is *not* a simple registry key. _NSAKEY was a digital signature key present at ADVAPI32.DLL, a security and encryption driver, which can allow NSA to subvert any Windows user's security. I wouldn't think anyone would trust a hidden key named "amarildo" on their computer, I don't see why people don't make a big deal out of the NSA one, specially with the company's stained history. Not only that, but the US government is known for intruducing backdoors into routers, imposing National Security Letters to encryption companies, and much more. Lavabit, anyone? Trusting a closed-source software made in US is, to my knowledge, the worse possible action from a person who would even slightly be concerned about his/her privacy. You clearly don't see the relevance of any of those, so there's no point in me wasting my time trying to explain further.
Trusting that policy is redundant and, IMHO, useless. In the past Microsoft updated Windows 7 machines even though automatic updates were disabled. Why would they do differently this time with Windows 10 Pro? Plus, after the update incident Microsoft didn't state that they were not gonna do that anymore. They just said "sorry" for what happened.
I'm not sure I understand your logic. In the previous post you said "avoiding establised comapnies like Google and Microsoft", as if you were saying that they can be trusted. Later, when confronted with why they should NOT be trusted and that the history of autistici/riseup is good, your opinion chances, almost as if you work for both of them hehehehe. You seem confused there, again. Spying is essenssialy "gathering data without the person's consent". In the past there was a guy tapping your phone to see who you're calling to, who's calling you, what is the content of the conversations, where you're going, etc. Today it is: Skype, Facebook, Google, Microsoft, NSA, etc... almost all participants of the PRISM program gathering people's data. The worse part is that people don't read the EULA of what they're getting into. And when they do, they simply don't care. Yeah, people these days are way too dumb, allowing the Facebook app to see your calls, read your text messages, see through your webcam, listen to your microphone, readn any file of your SD card, and most of these without the user knowing when it happens. And the grand finale: to send data over the net without the user's consent. Boy, where are the brains of the people these days? As Mr. Mark Zuckerberg said: Those dumb ~ Snipped as per TOS ~, they trust me. People deserve to be treated as numbers.
If you are smart enough to disable the updates you are smart enough to run windows without them. My concern is for people who are less computer literate. I have had calls from friends asking why there computer is acting funny only to find they have gotten numerous pieces of malware because their antivirus stopped working. Having a system that automatically updates is far better for the masses than the risk of microsoft dialing home given the prevalence of keyloggers, etc. Remember if the NSA wants to specifically hack your computer they can. Look at the hacking squad and the numerous 0 day exploits they had. Think of how many the NSA has, even without the help of microsoft. It is bulk surveillance that good personal cyber security can avoid.
Yes, running outdated software is if fact a GREAT risk. However, this isn't the point in privacy. The user must have control over his software, regardgless if he/she wants to be secure or not. Microsoft shouldn't have the ability to get into people's computers and change their settings; the same way I don't want my TV manufacturer sending a guy over my house because they think my TV is not fully bolted to the wall. Not to mention I wouldn't want them knowing if my TV is securely bolted or not, it's MY house, my rules. Microsoft should at most tell the user why it's important to keep Windows updated, giving logical reasons that work from "antie" to "grandpa". If they still chose not to keep their systems up-to-date? It's their choice, not anybody else's.
If antie and grandpa can figure out how to disable updates they can make the choice. I can see where you are coming from but the lowest common denominator is a concern for me. Remember we all pay for the credit card fraud, etc that results. Personally I use Linux for almost everything, solves the privacy problem for me.
There aren't two classes of users, there are three: auntie and grandpa, experienced users, and "know-enough-to-be-dangerous". re: my opinion. It hasn't changed and I don't know how much more clear I can be: "PII" and "analytics" aren't the same thing and they shouldn't be used interchangeably. Google, et. al. wants to know which sites I visit so it can target its advertising; that is not spying. Likewise, "capability" is not interchangeable with "spying" either. Let's say the NSA can peek into anyone's machine or monitor all its communications (They've had that capability with all communications equipment--including POTS, so unless you go completely dark, you are susceptible to the gov'ts surveillance capability); it doesn't mean that they do and if and when they do, it doesn't mean there's a guy in a van with headphones and cameras watching you as most of it is automated--like an AV scanner that will prompt the user when it thinks there is a problem. Except for non-US-citizens, I don't know why the NSA garners so much attention where DHS, if anything, should be a cause for concern (depends on the demographic here). To make my position clear (and my opinions should be taken in my position's context): no government should be implicitly trusted--this is why we have the second amendment and why the context of that amendment refers to military-grade arms to keep the government from becoming a monarchy/tyranny and to supplement the gov'ts role in protecting its citizens from criminals [1], not to guard against a deer and buffalo revolution but to ensure a means of an American one. What this means is that so long as NSA, DHS, etc. perform their function (catch bad guys before they do bad things) without undue interference of it's citizens, we're OK. This is why I'm no fan of the Patriot Act; it's too much leeway that does cause interference (NSA backdoors do not). I agree with Franklin, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety" [1] [1] http://franklinpapers.org/franklin/framedVolumes.jsp?vol=6&page=238a
Strongly disagree with you on that one, knowing what sites people visit is incredibly personable and it is spying. Imagine you search for an article on cancer on google. Depending on how the algorithm works Google would add that to your profile for advertisers and potentially judge whether yourself or a family member had cancer. That profile can also be sold to credit reporting agencies (consider that credit agencies often act as data broker) and used to make a decision on your credit worthiness. Imagine the even worse situation of somebody ex-filtrating a large portion of Googles database, they would have enough to destroy a persons life in much the same way as the OPM breach. Google may want to know which sites I visit for advertising, but to gain that information they require PII. By the nature of being logged into Google they are collecting PII. On another note I wanted to add something. One thing I really love about this site is that we have really different opinions on things but the tone and politeness here is outstanding. I love this kind of debate even though we end up agreeing to disagree. Ok yes, Ronjor has to reel us in occasionally when we get a little out of control but that is normally because we get frustrated by some government agency or company.
You're redefining the term. It is not Personally Identifiable Information. You're also ignoring privacy statements and laws regarding the sale/sharing of various types of information and in your example, that would be a federal crime. Nothing personal here at all; we need the Dale Gribbles of the world to keep organisations in check and under scrutiny!
That I am not too sure on Rolo, I believe the sharing of health information is happening. We were offered marketing lists for people with specific health issues in Canada when I was still in pharamacy. I was told that because they didint get it from a healthcare setting they could sell it. If you provide it to a healthcare provider then it is restricted under confidentiality. I dont think privacy policies are much protection either; most privacy policies have some line about sharing information with third party partners or something similar. I am not a lawyer but generally assume the worst. The liquidation side of things also worries me as well; look at Radioshack selling the lists despite a privacy policy. The problem there is that there is nobody to file suit against. We have differing degrees of "tin foil hat itis" here
I didn't say there were. I mentioned "auntie" and "granpa" as an example of people who might not know enough about security, but are still entitled to have control over what their computers do. That is exactly what spying is. Not only by knowing what websites you visit, but by knowing where you are and where you've been, thanks to it's tracking programs on your smartphone, or by sending copies of your private e-Mails to it's servers so that they can be analized. "Being capable" and "actually doing" are not too far apart. A guy with a rocket launcher is capable of doing huge damage. Does that mean he is doing it? No, yet nobody would allow such guy to walk on the streets. And before my comparison is put into the table, it's not the damage I'm referring, but the "capable-doing" scenario. You're right, no government should be trusted. But you're wrong in assuming that you're somehow protected by your constitution. Your government, as well as mine (and 99.9% of others) are constantly violating the nation's contitution, the same way as Microsoft/Google are always violating their policies. You shouldn't trust any of them. The problem is that these organizations don't only do their jobs, they do more, including ilegal jobs like torture, spying on the US citizens, bombing inocents, etc.
Earlier in the thread, two privacy statements were mentioned. A somewhat detailed version for Windows 8.1, and a somewhat simplified version which may be/become a reference for Windows 10. It was suggested that users look for other/better sources applicable to Windows 10 after the OS is officially released. In the mean time, I decided to look at those two privacy statements that were mentioned and quickly compile a list of some of the topics addressed. It should not be considered authoritative or complete, one would want to factor in that Windows 8.1 and Windows 10 have commonalities as well as differences, the two statements approach subjects in a different way, etc. Still, I think it may help some readers to prime the pump so to speak. As in start to get a feel for some of the types of things that (Microsoft thinks) can have bearing on privacy and that they might want to investigate further.
Hopfully my computer won't break down. I don't want anything beyond WIN7. Windows 10 will be the final version of Windows ? http://www.techradar.com/news/softw...-confirms-there-will-be-no-windows-11-1293309 Windows 10 will never end, will it ? I just skimmed through this thread, but I woulnd't count on WIN 10 for real privacy. Not on the long run. It's just too huge, and ever expanding. It cannot be controlled. Maybe I'll switch to Apple or Linux when it's time. Oh, the days when we still had WIN 95 and 98
Then what the hell were you doing with your computer ? Mine may have crashed on occasion, but not often.
