Deutsch
English
Just when you think you've seen everything - along comes Microsoft and amazes us. By now, it's common knowledge that Windows 10 likes to "phone home", but it's still worth taking a closer look at just how much (or how little) Redmond values data security. Think of it this way, if data security was a limbo pole, Microsoft has just made sure you'll bump your head. We've just gotten new details on how much data is sent by Windows 10 along with the conclusion that we've gone back in time to the year 2008.
Recently, the Internet Security Days event was held, a meeting where experts discuss the topic of data security. Unlike in the world of Apple, where missing ports are lauded by the media as true innovation, this event is covered by the special press only and hesitantly. You won't find any CEOs of multi-billion dollar companies but "only" experts there - which makes it harder to fit their news into the mainstream format. Shame, since they touch on issues that affect the (data) security and privacy of each and all of us.
Two repeating issues that still concern us in the year 2016 are: How much data is collected and how carelessly does it get send out? We all know Microsoft's mantra that data is only collected to improve the "user experience" - and to display a couple of ads. This might seem halfway plausible for some telemetry data (system usage and diagnosis) and Cortana only becomes useful once she has access to your personal data, if you intend to use her at all. But why does Microsoft need my WLAN key? In case one of their employees happens to stand below my balcony and needs to get online? Why do they have to know about the applications that are installed on each machine even if they never caused any errors that would require Microsoft to take action? If you're using a delicate file sharing program - they will immediately get wind of that.
Another mystery is why Office, beginning with Office 2013, sends entire document paths plus format type, title and author to their servers. That's news to me! When I save a document locally I expect it to stay there and not make its way into the cloud, this includes the title! Your Microsoft Edge web browsing history, it won't get any more private than that, also gets sent. And if you happen to use "Microsoft Hello", the feature that uses biometric data such as fingerprints or face recognition to log you in, that data is also sent to their servers. Naturally, we're assured that everything stays anonymous even though we're not given any details as to how they manage that. How long your data is saved is another company secret.
Until now, you basically had to trust in Microsoft's reticence but that's not the only risk any more. Windows 10 not only sends out a lot of data but it does so through insecure channels. The encryption mechanism employed is sub-standard because it doesn't detect forged certificates. Experts have already successfully launched man-in-the-middle attacks to intercept the data streams. But that's not all: Not only can they "listen in" but they can also manipulate the data. This means third parties could alter what you send into the cloud so that you'll receive the modified files the next time your PC syncs up. There are better alternative but Microsoft doesn't use them.
All this reckless data hogging has also lead to further investigation by several countries to determine whether Windows 10 is safe and legal to use in businesses and government facilities. Particularly EU countries that have strict regulations against spying on employees may find that Microsoft is in violation of their privacy laws. This poses an interesting question: Why are private consumers less protected than working people?
Participants of the Internet Security Days eventually arrived at the conclusion that Windows 10 employs data and security standards from before 2008. That's what you get for using insecure channels to send files into the cloud. Microsoft will have to answer the question of how much data is really required to provide a functioning, efficient system. If even government institutions, not exactly known for rapid response times, are starting to feel alarmed, things have definitely gone too far. Microsoft should acknowledge that - and act.
Think I'll cross off the Surface Pro 4 from my Christmas wish list! Maybe when I need to get a new computer it'll have to be a Mac/iPad
Think I'll cross off the Surface Pro 4 from my Christmas wish list! Maybe when I need to get a new computer it'll have to be a Mac/iPad.
Oh Dear they aint happy - do any have a fix? - or will just wait for continuing upgrades. Do notice some are from Computer - suggested gurus!
I suppose I should be indignant that Windows 10 could be mining my data and reporting it back to HQ. But, to be honest, I find it difficult to get too worked up about it.
I can't imagine that there is any information in my 'leaked' data that would act as anything other a highly effective cure for insomnia to anyone who decided to read it.
"... when Win 10 was released, Microsoft stated that this will be their system going forward and will only be updated but never replaced. So, based on that, you never have to worry about "Windows 27" or whatever".
Never believe a rumor until it has been Officially Denied!
TITANPOINTE
Ryan Gallagher, Henrik Moltke
November 16 2016, 7:40 p.m.
They called it Project X. It was an unusually audacious, highly sensitive assignment: to build a massive skyscraper, capable of withstanding an atomic blast, in the middle of New York City. It would have no windows, 29 floors with three basement levels, and enough food to last 1,500 people two weeks in the event of a catastrophe.
But the building’s primary purpose would not be to protect humans from toxic radiation amid nuclear war. Rather, the fortified skyscraper would safeguard powerful computers, cables, and switchboards. It would house one of the most important telecommunications hubs in the United States — the world’s largest center for processing long-distance phone calls, operated by the New York Telephone Company, a subsidiary of AT&T.
The building was designed by the architectural firm John Carl Warnecke & Associates, whose grand vision was to create a communication nerve center like a “20th century fortress, with spears and arrows replaced by protons and neutrons laying quiet siege to an army of machines within.”
Excerpt from “Project X,” a short film by Henrik Moltke and Laura Poitras, screening at the IFC Center starting Nov. 18. This article is the product of a joint reporting project between The Intercept and Field of Vision.
Construction began in 1969, and by 1974, the skyscraper was completed. Today, it can be found in the heart of lower Manhattan at 33 Thomas Street, a vast gray tower of concrete and granite that soars 550 feet into the New York skyline. The brutalist structure, still used by AT&T and, according to the New York Department of Finance, owned by the company, is like no other in the vicinity. Unlike the many neighboring residential and office buildings, it is impossible to get a glimpse inside 33 Thomas Street. True to the designers’ original plans, there are no windows and the building is not illuminated. At night it becomes a giant shadow, blending into the darkness, its large square vents emitting a distinct, dull hum that is frequently drowned out by the sound of passing traffic and wailing sirens.
For many New Yorkers, 33 Thomas Street — known as the “Long Lines Building” — has been a source of mystery for years. It has been labeled one of the city’s weirdest and most iconic skyscrapers, but little information has ever been published about its purpose.
It is not uncommon to keep the public in the dark about a site containing vital telecommunications equipment. But 33 Thomas Street is different: An investigation by The Intercept indicates that the skyscraper is more than a mere nerve center for long-distance phone calls. It also appears to be one of the most important National Security Agency surveillance sites on U.S. soil — a covert monitoring hub that is used to tap into phone calls, faxes, and internet data.
stills-seq-1
Early model of the entrance of 33 Thomas Street as designed by John Carl Warnecke & Associates.
Still from “Project X”
Documents obtained by The Intercept from the NSA whistleblower Edward Snowden do not explicitly name 33 Thomas Street as a surveillance facility. However — taken together with architectural plans, public records, and interviews with former AT&T employees conducted for this article — they provide compelling evidence that 33 Thomas Street has served as an NSA surveillance site, code-named TITANPOINTE.
Inside 33 Thomas Street there is a major international “gateway switch,” according to a former AT&T engineer, which routes phone calls between the United States and countries across the world. A series of top-secret NSA memos suggest that the agency has tapped into these calls from a secure facility within the AT&T building. The Manhattan skyscraper appears to be a core location used for a controversial NSA surveillance program that has targeted the communications of the United Nations, the International Monetary Fund, the World Bank, and at least 38 countries, including close U.S. allies such as Germany, Japan, and France.
It has long been known that AT&T has cooperated with the NSA on surveillance, but few details have emerged about the role of specific facilities in carrying out the top-secret programs. The Snowden documents provide new information about how NSA equipment has been integrated as part of AT&T’s network in New York City, revealing in unprecedented detail the methods and technology the agency uses to vacuum up communications from the company’s systems.
“This is yet more proof that our communications service providers have become, whether willingly or unwillingly, an arm of the surveillance state,” said Elizabeth Goitein, co-director of the liberty and national security program at the Brennan Center for Justice. “The NSA is presumably operating under authorities that enable it to target foreigners, but the fact that it is so deeply embedded in our domestic communications infrastructure should tip people off that the effects of this kind of surveillance cannot be neatly limited to non-Americans.”
The NSA declined to comment for this story
Oh, that’s reading material for the weekend. :) I’ve also recently read a report on that. It’s hard to make a house any more conspicuous unless you paint it pink.
Maybe one should not use - "cloud"
Participants of the Internet Security Days eventually arrived at the conclusion that Windows 10 employs data and security standards from before 2008. That's what you get for using insecure channels to send files into the cloud.
So how do we block MS from scavenging all our data?? I am seriously thinking of moving to Linux. I'm totally p****d off at MS wandering around my computer, loading God knows what - all under the guise of "updates to make Win 10 better". Not only are they thieves but also liars.
Thanks Sven, you have confirmed what I have been trying to tell 'Lovers Of Windows 10' since it started as a freebie and it has opened more and more weak security doors to collect information with each 'Update Release'.
The current God Of Business is money, more money and still more is to be made with lots of computer tricks, traps and monotonous advertising with hidden links to entrap the unwary.
I discovered several months ago that the U.S. Navy was still using Windows XP and paying Microsoft millions of dollars to keep supporting the 8,000 machines using the XP OS.
In Australia several government organisations are still using Windows XP, all great money-spinners for Microsoft.
I am not 'just a techie' I like to investigate the in-depth good or bad consequences of using any item inside computers' 'domains' and up to now I am less and less impressed with Windows 10 on a regular basis, and passing the same information to clients and others who ask for my advice.
Improve user experience? that is a laugh, they don't even read their own support community complaining about USB devices not working following windows 10 and or updates.
Unless you upload a document, *no copies will be saved in the cloud*. But if you use MS Office 2013 or newer, document titles, save paths and file format details will be sent to Microsoft.
Do I understand you correctly that what I thought was my only copy of a word (Outlook 2013) document on my local drive is not it is in the cloud, living a life of its own and available to others?
I have just commissioned a new high end custom laptop.
I installed Windows 7 Pro 64 bit, played with it for a while, scraped it off and installed Ubuntu.
What a surprise! Went on a treat, didn't ask too many stupid questions, and off we went. The network set up just like that...
On the desktop there was an icon labelled 'Simple Scan', so clicked it. It immediately went and with no prompting linked to my WiFi networked scanner and SCANNED! No drivers to load, no wittering, no messing me about, it JUST WORKED!
So I thought I'd try for a printer. It asked me whether I wanted local or network, I clicked 'Network'. It instantly found both my network printers and asked if I wanted the Kodak or the HP. I told it 'Kodak' within seconds, I had a functioning printer. So I sent it to sort the HP. Again about 3 seconds later I had a fully operational HP printer without having to enter the alligator infested swamp that is the HP driver site. Nor did I have to spend half a day uninstalling a screed of poorly written 'Value Added' applications of no use or value whatsoever because I'd overlooked an inconspicuous tick box several layers down.
I came to set up my email, typed my email address and password, and two seconds later - and I'm not exaggerating - it had set up my email client - which is by no means a standard one, found the right server, knew the different protocols and ticked the correct boxes.
Now, I have been playing with these things for some time - it is over half a century since I attempted to write my first FORTRAN program, and I have in my attic my original Windows SDK - no version number, just Windows - and I have never seen anything like that in my life. Up there is a genuine 'Science of Cambridge' MK 14 too, the first ever British microcomputer, with a mighty 256 bytes of RAM. Type a byte in hex on the minute keyboard, press 'store', press 'increment' and repeat... We worked at our computing in those days!
Then one of my clients appeared who had managed to pour a pint of beer into his laptop. It wasn't happy. So I took the HD out and when I had sobered it up - it was initially somewhat reluctant to co-operate - I plugged it into my Ubuntu box via a SATA to USB interface, fired up Libre Office which came free with the Ubuntu and went to his 'My Documents', he uses Office 10, incidentally. I was instantly able to read all his documents and spreadsheets, including in the latest M$ formats.
My point is, why can a free downloaded OS - which takes up far, far less space than any Windows since about Win98, manage to do all this without any problem? Even my household iMac can't manage that. the new OS needs no registry cleaner, no antivirus, it doesn't grind to a halt every couple of weeks and require hours of titivating, cleaning, defragging and whatever, it just WORKS, like a toaster.
Many years ago, I remarked that I looked forward to the day when I wouldn't have a single byte of M$ code in my establishment.
I can now see that day might actually dawn in the near future. Unfortunately my client base requires that I keep a few M$ machines about my person, but I'm looking to virtualise all of them onto the new laptop, using VM or the iMac using Parallels (interesting thing about that application is that can import a whole Windows machine, lock. stock and barrel, warts and all onto the iMac - very impressive indeed) which will save me a load of room on my shelves. Further, being virtual machines, backup is a doddle and I can't overlook any file whatsoever.
And on top of that, Ubuntu doesn't steal my personal data and give it to a totally insecure, rapacious company that appears to implement technology that is stuck in the 1970s that I wouldn't trust as far as I can spit upwind!
I previously had problems with Win 10 on an old computer so; when I purchased a new computer with Win 10 already loaded I thought my problems were at an end.
Not so!
Win 10 updated after about a month and caused me all sorts of problems. I wrote down three full pages of issue to share with anyone who was prepared to help.
I contacted my Anti-Virus software manufacturers as well as several other manufacturers of software that no longer worked or was DELETED by Win 10. All said it was not their problem but an issue with Microsoft.
Yet I could find no help on the Web and ended up calling in an outside Technician who spent 4 hours before he was able to define the problem and speak to MS. He then spend another hour on the line to MS to solve the problem.
I think this is a disgrace.
Why hasn't Microsoft followed up with a correction to their toxic update?
A former 15 year software developer with Microsoft who goes by the channel name of "Barnacules Nerdgasm" made a great YouTube video called "Stop Windows 10 Spying - Privacy & Security Matter" with details on what exactly they are syphoning off your PC and how to go about stopping it, without impacting your PCs performance or missing updates.
It is well worth the viewing. https://www.youtube.com/watch?v=u1kGMCfb2xw&t=1176s
Thank you!
Interesting article, I went over to windows 10 because a rather annoying little box kept popping up on my screen ALL THE TIME, so I thought got to be better than Windows 7 so did all the installing and Voila, I used all my internet usage in about 6 days of use, I then contacted my ISP and they told me what to do to turn off the security 'feature' After half of my programs refused point blank to work and by 64 bit system would not upgrade many of my drivers I basically had a useless computer ( only 12 months old). So decided to go back to windows 7, what an absolute mess, it totalled my hard drive, I have to really format and go from scratch, took me 2 full days and a 6 pack of valium, had to reload all of my programs and drivers, I lost all of my emails up to the point of changing back, a total mess, now all is working well and I downloaded 'never 10' and the box did not pop up any more and has been good since, thanks Microsoft.
Thanks for your article Sven.
I'm using Windows 7, which I think I'll keep using even after I get a new computer. Microsoft says in their advertising Windows 10 has additional security features. Hmm.
Microsoft never claimed they’d collect *less data* with Windows 10 and with good reason. :)
When does an operating system become an ex-operating-system and if the system is no longer considered to be functionally efficient then why is the manufacturer withdrawing the necessary support to compound the problem further without making any reference to its patrons? What kind of product are we buying ....how should we perceive this .."purchase" of ours?
Surely the product remains exactly what it was ....does the software wear out regradless of upgrades. Are we buying a contrivance that decays like a car or a item which stays unchanged and always has value like a ....gold bar. Why should any computer define the continued validity of the software it uses when it is licensed for only one machine. Why is this artificially promoted situation unchanged when you may have a Windows operating system with the license to be able to use on any computer capable of running the software?
It's all a dogs breakfast made to be indefinable and therefore a latterday gordian knot laying in wait to entrap anyone who challenges the greed driven presumptions and rabid suppositions it sucessfully harbours against every possible challenge. So much for a capitalist system supposedly regulated by democracy some joke on us ...nowadays it all looks just like the very worst kind of blackmail to me?.
As for security ....forget it ...when a system is as corrupt and venal as ours ...prevails..... security does not exist ....for "?us?" We live in a mousetrap ....and none dares so much as squeak...
I am a retired network administrator who worked professionally with every version of MS Windows from version 4 until the release of Windows 7. Since I retired I still dabble with computers on my home network. I gave Windows 8, 8.1 and 10 all a test run and the conclusion in all three cases was that were no noticeable advantages to upgrading from Windows 7 and many remarkable disadvantages. I am still very happily plugging away on my Windows 7 Professional workstation and reading articles like the one above reinforces my conclusion that Windows 10 is a definite no no.
Cortana only becomes useful once she has access to your personal data,
Having a Scottish accent all i can get cortanana to do is play music no matter what i say it plays music,
Reminds me of the film clip of the two Scots in a voice activated lift.
Thanks for the laugh. :) We also have various dialects in Germany that will confuse Cortana. She probably wouldn’t have understood my grandma also.
If you would like to get away form Windows and Office then try loading the Mint (Linux) operating system. Runs fine on my old machine. Has an open system version of Word, Excel and PowerPoint along with Access. Best part is that it is all FREE. And free from harassment too!
I abandoned Win 10 very quickly. My favourite computer, a laptop, is nearly 5 years old and running 7 Home Premium. Recently, I purchased a new powerful desktop unit, but had 7 Home Premium installed. What happens when 7 is no longer supported I will face at the time. (Considering the overwhelming popularity of this operating system, will Microsoft extend it's support? Probably not - they're too arrogant.) My main reason for posting is - this article is a very good reason why I always read these blogs!!!
Excellent article showing the pitfalls of our computer age. Whilst I understand the need for companies to have an idea what markets to aim for, what users want and need in their software and how to make profits to stay afloat; I am baffled as to how the average user protects themselves. With so many brilliant minds involved in the computing, security and information market, would it not be a best seller for some-one such as Ashampoo to develop a program that acts as a gate that checks your data and information going out to say Microsoft, Google and the other big companies; then translate it to common understandable language for you; and at set times of the day after asking for permission to release it, do you your bidding. I know I would buy it. There are pitfalls of course due to noy knowing who to trust but it has to be better than what is happening now.
Sven when Microsoft said it was free, they never said, free to do as they please on a persons computer.
I had Win10 on my computer and MS was using 50% of the RAM by consistently hammering on the hard drive(s). when I purchased Win7 it came with the email included. Strange how MS ripped it off my computer while saying it had ended its life cycle.
That would be the same as buying a TV to find out the ports stop working a year later. People would be outraged.
I hope the good people in Europe will get MS by the teeth for deliberately spying on users. Found a story, without using the other spy Google, about Russia dumping Win10 for government use. I ask other readers of your article to share it everywhere possible. Good work Sven.
Speaking to Roger Mew's comment, not disputing it but just sharing my very different experience, I have had Win 10 Home installed on an x64 laptop since July 2015 or so and have never gotten a blue screen or had any other issues. Just sayin.
As to Brian Wilding's comment, when Win 10 was released, Microsoft stated that this will be their system going forward and will only be updated but never replaced. So, based on that, you never have to worry about "Windows 27" or whatever".
@Brian Wilding -
- You are comparing support for an 8-year-old old car with a computer operating system that was released 15 years ago.
- The car costs many thousands of dollars, while the computer costs a few hundred, and the computer can be easily replaced.
- You are comparing an automobile which basically does the same thing as new cars (safe, reliable transportation) with a computer which must deal with ever-changing data infrastructure and security threats.
- You want data security, but don't want to upgrade to a system that can provide that security to a greater degree.
- You are asking for upgrades to programs for an operating system that is no longer secure, and no longer brings revenue to the manufacturer. Creating software for obsolete, insecure operating systems would leave the manufacturer liable for damages, and cause the company to lose revenue, creating software that very few people would purchase.