Discussion in 'privacy general' started by citoshi, Aug 28, 2015.
LOL, he does have a point.
Hey, Microsoft is just updating Windows with all the latest malware tricks
User-controlled PCs were an accident
He always does
Which came first Cryptolocker or Bitlocker?
Is that a trick question?
But OK, I'll bite. Which came first? And why does it matter?
My point is that providers want to control devices.
Only meant as a bit of humor over Microsoft picking up on Malware tricks.
OK, my sense of humor glitched
Or my joke telling sucks.
If you trust close-sourced software for privacy, you gotta get your brain checked. There is always a possibility someone has a privacy-invading backdoor in a close-sourced OS like Windows or Apple. Linux is the way to go if you want privacy on your computer.
Dont get me wrong, I love Linux my self, but I hear this often about Linux: "you can check open source for your self". But isnt it a fact that 99% av all linux users rely on a few who actually can read the code? Is it a fact that there always is some linux nerd that audits every single line of code of the OS and software and alerts everyone if there is something suspicious? My guess there are a few, the same way there are a few that alerts the community when Windows does something. The average Linux user has to rely on other people, as do the average windows user. The ONLY way to be 100% sure and safe is to learn the programming language, and learn it good, and analyze every single line of code. Or write your own OS.
Indeed, I would have thought, that OpenSSL's bug pretty much confirmed, that it is a nonsense. And OpenSSL is a tiny bit of code compared to linux.
The difference between Windows and open source is that the OpenSSL bugs were found. If Windows ran OpenSSL they might of never been found.
We all know Windows is a pile of garbage and spyware. I doubt Linus Torvalds is going to put spyware in the Linux kernel. It wont happen.
Windows is about money. Open source has never been about the money. It's an idea. A moral choice. A ethical choice. The right choice.
Unfortunately security testing is something that cannot be done by many computer scientists. Even if a programmer knows what a piece of code is doing it might still contain vulnerabilities. When auditing software for bugs and vulnerabilities one for example has to look for things that are not there, like certain types of validation, these are things that cannot always be detected using static analysis tools.
Personally I am not convinced that open source is more secure than closed source software. Having skilled engineers and a large testing capacity might be more important.
Agree, surely open sourced could be adjusted either more easier.
All these news and websites suggesting windows is malware or spyware sound like they are trying to get fame and fortune or more hits to their websites, they ain't no snowden !
I don't think we will ever get concrete evidence suggesting windows has spyware, malware or has a backdoor since if we did MS would loose their entire customer base the next day.
I would also imagine after 20 years of windows we have yet to see any LE stand up in court and say Ms have confirmed this individual with this machine id, bios, hardware or windows cd key is this person and did x,z,y.
Till either of the 2 above occur I feel MS are safe but would never trust them outright, I would not trust linux also !
I disagree with the statement.
Look at the case of Skype (a Microsoft company). After the acquisition Microsoft cooperated willingly to allow NSA access Skype communications. Add to this Outlook.com encrypted chats. Hmmmmm sounds like they created backdoors to me. http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
I would be shocked if microsoft did not have a deal going where it was enticed to generate more information for Prism.
FYI. To have a balanced discussion, here's the Statement from Microsoft about response to government demands for customer data, pertaining to the posted article link at that time.
I can see your point of view JRViejo.
There are two sides to this discussion. I dont think that anybody would deny that Microsoft can provide access to user data upon request of a valid warrant. If this warrant is limited to a specific individual I do not have a problem. The privacy implications of this type of access are limited.
The problem though is in the other type of privacy infringements from broad FISA court orders. The evidence from the Snowden files indicates that Microsoft cooperated with the NSA while Microsoft denies this. The problem with the denial is that FISA court orders would limit their ability to talk about this openly.
Changing back to the topic of Windows 10. It appears that Windows 10 generates far more personal information that is sent back to Microsoft (to provide services). We can take the word of Microsoft that it does not provide this data to the NSA. However given the scope of Prism it is not a stretch to conclude that the NSA could intercept and decrypt this data.
The core problem I have with Windows 10 (yes I am a user, at least for now) is that turning off all of the privacy infringing services still results in material being sent back to Microsoft. Questions have also been raised that host file blocks may not work either.
Personally I believe the cooperation was willing. The evidence to support this is far from conclusive but I believe the argument can be made.
Windows tends to require valid licenses. So each install has an ID. And that software ID is associated with the money trail for buying the license, and also with hardware IDs needed for verification. If privacy (let alone anonymity) matters, that's just unworkable.
As far as I know, there's nothing like that for Linux or *BSD. Repositories could collect such information, of course. But that would get outed, sooner or later.
Skype is an interesting case. Before MS acquired it, it offered to the average person very secure voice communication because it was encrypted and transmitted via a decentralized peer to peer network. Putting such power in the masses that was formerly the reserve of VIPs made it a ripe target for acquisition by a corporation like Microsoft. They might of had tacit support and encouragement to do so from agencies of the US and other governments. Not only was Skype relatively secure, it was insanely popular which meant there was a huge mass of world wide communication that was difficult for governments to tap and monitor.
In any case, privacy concerns aside, Microsoft has pretty much ruined Skype from a performance and reliability perspective. Nothing like a phone app that fails to ring when someone calls you and has voice quality issues when it does connect. When I deleted my Skype account, I had to temporarily disable the MVPS hosts file in my system because the Microsoft chat support domain, "Liveperson.net" and all its subdomains are blocked by MVPS. That should tell you something right there. My experiences with MS Skype which led me to dump it and permanently delete my account have made me even more wary of Windows 10.
i pity that guy, his cyberlife is a pain
My feeling is that the essential problem is that of MS adding facilities to their OS communicating with the cloud (which generate way more data exposure), coupled with their incorporation in the US.
While MS may indeed try to restrict access to individual warranted demands (as it should be), they have also either facilitated or been compelled to give bulk access which can be abused, and the problems noted above with Skype and OS fingerprinting.
The case of the US court demanding MS hand over a foreign citizen's email on a server in Ireland illustrates the chilling problem. They could do the exact same thing with the telemetry data. I won't be having with that.
With skype yes you are most right, even taking away the NSA talk we know MS have handed over skype usernames, ips, chat logs etc during sub/LE request. They have done the same for emails, onedrives and cloud services but this is usually when another organization has tipped off the LE. I guess in some situations it depends on what software or services you choose to use.
One could use linux and still use hotmail or onedrive cloud services and still find themselves in the same problem with LE.
Still great discussions regarding Microsoft and its privacy concerns.
I believe the NSA/CIA/FBI all had a huge influence in Microsoft buying Skype. I would put money on Skype being 100% compromised now.
Separate names with a comma.