Archive

Archive for the ‘Technology’ Category

Interesting Links: Aug 20, 2015

August 20, 2015 5 comments

Here are links to a few interesting news articles I came across recently. They are about preliminary revelations from analyzing the first two data dumps from the Ashley Madison site hack.

Link 1: Ashley Madison subscribers include hundreds of government workers

The latest face-palm-worthy revelation from the Ashley Maddison hack comes courtesy of the Associated Press, which is reporting that hundreds of government employees—some with sensitive jobs in the White House, Congress, and law enforcement agencies—used Internet connections in their federal offices to pay membership fees for and use the dating website for cheating. The news organization pored over a massive trove of data the hackers made available earlier this week. By tracing the IP addresses of people who visited the site over more than five years, AP reporters determined the visitors included two assistant U.S. attorneys; an information technology administrator in the Executive Office of the President; a division chief, an investigator, and a trial attorney in the Justice Department; a government hacker at the Homeland Security Department; and another DHS employee who indicated he worked on an US counterterrorism response team.

Many federal customers appeared to use non-government email addresses with handles such as “sexlessmarriage,” ”soontobesingle” or “latinlovers.” Some Justice Department employees appeared to use pre-paid credit cards to help preserve their anonymity but connected to the service from their office computers. “I was doing some things I shouldn’t have been doing,” a Justice Department investigator told the AP. Asked about the threat of blackmail, the investigator said if prompted he would reveal his actions to his family and employer to prevent it. “I’ve worked too hard all my life to be a victim of blackmail. That wouldn’t happen,” he said. He spoke on condition of anonymity because he was deeply embarrassed and not authorized by the government to speak to reporters using his name. The AP’s analysis also found hundreds of transactions associated with Department of Defense networks, either at the Pentagon or from armed services connections elsewhere.

Link 2: Who Are The Lawyers, Law Profs, And Judges That Were Revealed In The Ashley Madison Hack?

Without further ado, here is a list of users who appear to be prestigious legal professionals:

At least 10 clerks and/or judges of federal district courts;
At least one federal appellate judge;
At least 10 Department of Justice employees;
At least three V10 partners, including one Cravath partner;
At least 10 Biglaw associates, including multiple attorneys at Baker & McKenzie; and
At least one law professor at an elite T14 law school.

Link 3: Family Values Activist Josh Duggar Had a Paid Ashley Madison Account

But data released online in the wake of the hack on Ashley Madison’s servers certainly seems to show otherwise. Someone using a credit card belonging to a Joshua J. Duggar, with a billing address that matches the home in Fayetteville, Arkansas owned by his grandmother Mary—a home that was consistently shown on their now-cancelled TV show, and in which Anna Duggar gave birth to her first child—paid a total of $986.76 for two different monthly Ashley Madison subscriptions from February of 2013 until May of 2015.

In July 2014*, he seems to have started a second account that was linked to his home in Oxon Hill, Maryland, where he spent his time lobbying against causes like same-sex marriage. The birthday listed in the data for Duggar’s first account is February 3, 1988, one month off Duggar’s actual birthday of March 3, 1988. The birthday listed for the second account is March 2, 1988. The two accounts overlap by a period of a few months. When he launched the second account, Duggar paid an initial fee of $250 that appears to have gone toward the purchase of an “affair guarantee”:Customers who buy 1,000 credits for $250 receive a money-back “affair guarantee,” if they don’t have an affair within three months. The second account, which was registered in July of 2014, was paid on a monthly basis until May of 2015. We’ve reached out to TLC, the Family Research Council, and a spokesman for the Duggar family for comment and will update if we hear back.

Link 4: Josh Duggar’s Apology: “I Have Been the Biggest Hypocrite Ever” [Updated]

The Duggar family just released a statement from Josh on their personal website in which Josh not only confirms the fact that he has been “unfaithful” to his wife, but he also confesses to having developed a “secret addiction” to pornography over the past several years. We already had evidence that Josh had at least been seeking out some sort of extramarital affair, but this is the first time we’ve head any mention of Josh’s porn habit.

Update 2:57 p.m.: Looks like Josh Duggar may have been a little hasty in his apology. The general idea is still there, but the letter itself has gone through several revisions since going up less than two hours ago. The first instance, as mentioned above, removed a reference to Satan, while the second revision removed any mention of pornography altogether. It’s hard to imagine that the letter wasn’t vetted by anyone before the Duggars put it up on their website—but given the few typos in the original, it’s certainly possible. Either way, Josh of all people should know by now that the internet never forgets. You can see all the changes made to the apology thus far below.

What do you think? Comments?

Interesting Links: Aug 18, 2015

August 18, 2015 4 comments

Here are links to a few interesting news articles I came across recently. They are about the supposedly “unexpected”, yet highly predictable, effects of “big data” -derived algorithms on the ability of societies to exploit and abuse its members.

In case you are wondering, my recent series of link-posts are a buildup to a few upcoming inter-connected series on issues such as mechanisms behind the ongoing and inevitable demise of modern nation-states.

Link 1: Digital Star Chamber

In a recent podcast series called Instaserfs, a former Uber driver named Mansour gave a chilling description of the new, computer-mediated workplace. First, the company tried to persuade him to take a predatory loan to buy a new car. Apparently a number cruncher deemed him at high risk of defaulting. Second, Uber would never respond in person to him – it just sent text messages and emails. This style of supervision was a series of take-it-or-leave-it ultimatums – a digital boss coded in advance. Then the company suddenly took a larger cut of revenues from him and other drivers. And finally, what seemed most outrageous to Mansour: his job could be terminated without notice if a few passengers gave him one-star reviews, since that could drag his average below 4.7. According to him, Uber has no real appeal recourse or other due process in play for a rating system that can instantly put a driver out of work – it simply crunches the numbers.

For wines or films, the stakes are not terribly high. But when algorithms start affecting critical opportunities for employment, career advancement, health, credit and education, they deserve more scrutiny. US hospitals are using big data-driven systems to determine which patients are high-risk – and data far outside traditional health records is informing those determinations. IBM now uses algorithmic assessment tools to sort employees worldwide on criteria of cost-effectiveness, but spares top managers the same invasive surveillance and ranking. In government, too, algorithmic assessments of dangerousness can lead to longer sentences for convicts, or no-fly lists for travellers. Credit-scoring drives billions of dollars in lending, but the scorers’ methods remain opaque. The average borrower could lose tens of thousands of dollars over a lifetime, thanks to wrong or unfairly processed data.

Link 2: US No-Fly List Uses ‘Predictive Judgement’ Instead of Hard Evidence

The Guardian reports that in a little-noticed filing before an Oregon federal judge, the US Justice Department and the FBI conceded that stopping U.S. and other citizens from traveling on airplanes is a matter of “predictive assessments about potential threats.” “By it’s very nature, identifying individuals who ‘may be a threat to civil aviation or national security’ is a predictive judgment intended to prevent future acts of terrorism in an uncertain context,” Justice Department officials Benjamin C Mizer and Anthony J Coppolino told the court. It is believed to be the government’s most direct acknowledgment to date that people are not allowed to fly because of what the government believes they might do and not what they have already done. The ACLU has asked Judge Anna Brown to conduct her own review of the error rate in the government’s predictions modeling – a process the ACLU likens to the “pre-crime” of Philip K Dick’s science fiction. “It has been nearly five years since plaintiffs on the no-fly list filed this case seeking a fair process by which to clear their names and regain a right that most other Americans take for granted,” say ACLU lawyers.

The Obama administration is seeking to block the release of further information about how the predictions are made, as damaging to national security. “If the Government were required to provide full notice of its reasons for placing an individual on the No Fly List and to turn over all evidence (both incriminating and exculpatory) supporting the No Fly determination, the No Fly redress process would place highly sensitive national security information directly in the hands of terrorist organizations and other adversaries,” says the assistant director of the FBI’s counterterrorism division, Michael Steinbach.

Link 3: Data-Crunching Could Kill Your Downtime At Work

How many of you are reading this at work? One of the unspoken perks of many white-collar jobs is that you can waste time while still appearing productive. Workplaces are aware that this goes on, and they police it to some extent by blocking Facebook or simply looking over your shoulder — but there’s only so much they can do. The new generation of workplace analytics software is starting to change that. “Employers of all types — old-line manufacturers, nonprofits, universities, digital start-ups and retailers — are using an increasingly wide range of tools to monitor workers’ efforts, help them focus, cheer them on and just make sure they show up on time.” This inevitably leads to the question: does cracking the whip more often actually increase productivity? To hear the makers of this software tell it, the value is almost limitless, and it will never be misused to micromanage your job. But the article lacks any independent support for that idea, and I’m sure many of you could provide examples where time-keeping software has only been a hindrance.

What do you think? Comments?

Interesting Links: Aug 13, 2015

August 13, 2015 5 comments

Here are links to a few interesting news articles I came across recently. They are about the the behavior of supposedly image conscious and “rational” large corporations.

Link 1: Lenovo used Windows anti-theft feature to install persistent crapware

Windows 8 and Windows 10 contain a surprising feature that many users will find unwelcome: PC OEMs can embed a Windows executable in their system firmware. Windows 8 and 10 will then extract this executable during boot time and run it automatically. In this way, the OEM can inject software onto a Windows machine even if the operating system was cleanly installed. The good news is that most OEMs fortunately do not seem to take advantage of this feature. The bad news is that “most” is not “all.” Between October 2014 and April of this year, Lenovo used this feature to preinstall software onto certain Lenovo desktop and laptop systems, calling the feature the “Lenovo Service Engine.”Lenovo’s own description of what the software did differs depending on whether the affected system is a desktop or a laptop. On desktops, the company claims that the software only sends some basic information (the system model, region, date, and a system ID) to a Lenovo server. This doesn’t include any personally identifying information, but the system ID should be unique to each device. Lenovo says that this is a one-time operation and that the information gets sent only on a machine’s first connection to the Internet.

For laptops, however, the software does rather more. LSE on laptops installs the OneKey Optimizer (OKO) software that Lenovo bundles on many of its machines. OneKey Optimizer arguably falls into the “crapware” category. While OKO does do some somewhat useful system maintenance—it can update drivers, for example—it also offers to perform performance “optimizations” and cleaning “system junk files,” which both seem to be of dubious value. Making this rather worse is that LSE and/or OKO appear to be insecure. Security issues, including buffer overflows and insecure network connections, were reported to Lenovo and Microsoft by researcher Roel Schouwenberg in April. In response, Lenovo has stopped including LSE on new systems (the company says that systems built since June should be clean). It has provided firmware updates for affected laptops and issued instructions on how to disable the option on desktops and clean up the LSE files.

Link 2: Even when told not to, Windows 10 just can’t stop talking to Microsoft

Windows 10 uses the Internet a lot to support many of its features. The operating system also sports numerous knobs to twiddle that are supposed to disable most of these features and the potentially privacy-compromising connections that go with them. Unfortunately for privacy advocates, these controls don’t appear to be sufficient to completely prevent the operating system from going online and communicating with Microsoft’s servers. For example, even with Cortana and searching the Web from the Start menu disabled, opening Start and typing will send a request to http://www.bing.com to request a file called threshold.appcache which appears to contain some Cortana information, even though Cortana is disabled. The request for this file appears to contain a random machine ID that persists across reboots.

Other traffic looks a little more troublesome. Windows 10 will periodically send data to a Microsoft server named ssw.live.com. This server seems to be used for OneDrive and some other Microsoft services. Windows 10 seems to transmit information to the server even when OneDrive is disabled and logins are using a local account that isn’t connected to a Microsoft Account. The exact nature of the information being sent isn’t clear—it appears to be referencing telemetry settings—and again, it’s not clear why any data is being sent at all. We disabled telemetry on our test machine using group policies. And finally, some traffic seems quite impenetrable. We configured our test virtual machine to use an HTTP and HTTPS proxy (both as a user-level proxy and a system-wide proxy) so that we could more easily monitor its traffic, but Windows 10 seems to make requests to a content delivery network that bypass the proxy. We’ve asked Microsoft if there is any way to disable this additional communication or information about what its purpose is. We were told “As part of delivering Windows 10 as a service, updates may be delivered to provide ongoing new features to Bing search, such as new visual layouts, styles and search code.

Link 3: Banned’ Article About Faulty Immobilizer Chip Published After Two Years

In 2012, three computer security researchers Roel Verdult, Flavio D. Garcia and Baris Ege discovered weaknesses in the Megamos chip, which is widely used in immobilizers for various brands of cars. Based on the official responsible disclosure guidelines, the scientists informed the chip manufacturer months before the intended publication, and they wrote a scientific article that was accepted for publication at Usenix Security 2013. However, the publication never took place because in June 2013 the High Court of London, acting at the request of Volkswagen, pronounced a provisional ban and ruled that the article had to be withdrawn. Two years ago, the lead author of a controversial research paper about flaws in luxury car lock systems was not allowed to give any details in his presentation at Usenix Security 2013. Now, in August 2015, the controversial article Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer that was ‘banned’ in 2013 is being published after all.

What do you think? Comments?

Interesting Links: Aug 11, 2015

August 11, 2015 Leave a comment

Here are links to a few interesting news articles I came across recently. They are about the security problems inherent in electronic devices.

Link 1: Meet RollJam, the $30 device that jimmies car and garage doors

Now, serial hacker Samy Kamkar has devised RollJam, a $30 device that steals the secret codes so attackers can use them to gain unauthorized access to a car or garage. It works against a variety of market-leading chips, including the KeeLoq access control system from Microchip Technology Inc. and the High Security Rolling Code generator made by National Semiconductor. RollJam is capable of opening electronic locks on cars from Chrysler, Daewoo, Fiat, GM, Honda, Toyota, Volvo, Volkswagen Group, Clifford, Shurlok, and Jaguar. It also works against a variety of garage-door openers, including the rolling code garage door opener made by King Cobra.

RollJam uses a clever hack to exploit this system whenever it’s within range of a key and lock. The device contains two radios. The first jams the airwaves to prevent the lock from receiving the rolling code sent by the electronic key. Since the car or garage door doesn’t unlock, a user almost certainly will press the lock or unlock button again. Once RollJam has collected the latter rolling code, it uses the second radio to broadcast the earlier rolling code to the lock. RollJam then stores the latter rolling code. Because the code was never received by the lock, it remains valid. By replaying it later—say, after the car owner has locked the car and walked away—RollJam is able to unlock the car or garage.

Link 2: Hackers Cut a Corvette’s Brakes Via a Common Car Gadget

At the Usenix security conference today, a group of researchers from the University of California at San Diego plan to reveal a technique they could have used to wirelessly hack into any of thousands of vehicles through a tiny commercial device: A 2-inch-square gadget that’s designed to be plugged into cars’ and trucks’ dashboards and used by insurance firms and trucking fleets to monitor vehicles’ location, speed and efficiency. By sending carefully crafted SMS messages to one of those cheap dongles connected to the dashboard of a Corvette, the researchers were able to transmit commands to the car’s CAN bus—the internal network that controls its physical driving components—turning on the Corvette’s windshield wipers and even enabling or disabling its brakes.

“We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies,” says Stefan Savage, the University of California at San Diego computer security professor who led the project. The result, he says, is that the dongles “provide multiple ways to remotely…control just about anything on the vehicle they were connected to.” In the video below, the researchers demonstrate their proof-of-concept attacks on a 2013 Corvette, messing with its windshield wipers and both activating and cutting its brakes. Though the researchers say their Corvette brake tricks only worked at low speeds due to limitations in the automated computer functions of the vehicle, they say they could have easily adapted their attack for practically any other modern vehicle and hijacked other critical components like locks, steering or transmission, too.

Link 3: Why ‘Smart’ Objects May Be a Dumb Idea

A fridge that puts milk on your shopping list when you run low. A safe that tallies the cash that is placed in it. A sniper rifle equipped with advanced computer technology for improved accuracy. A car that lets you stream music from the Internet.All of these innovations sound great, until you learn the risks that this type of connectivity carries. Recently, two security researchers, sitting on a couch and armed only with laptops, remotely took over a Chrysler Jeep Cherokee speeding along the highway, shutting down its engine as an 18-wheeler truck rushed toward it. They did this all while a Wired reporter was driving the car. Their expertise would allow them to hack any Jeep as long as they knew the car’s I.P. address, its network address on the Internet. They turned the Jeep’s entertainment dashboard into a gateway to the car’s steering, brakes and transmission.

The Internet of Things is also a privacy nightmare. Databases that already have too much information about us will now be bursting with data on the places we’ve driven, the food we’ve purchased and more. Last week, at Def Con, the annual information security conference, researchers set up an Internet of Things village to show how they could hack everyday objects like baby monitors, thermostats and security cameras. Connecting everyday objects introduces new risks if done at mass scale. Take that smart refrigerator. If a single fridge malfunctions, it’s a hassle. However, if the fridge’s computer is connected to its motor, a software bug or hack could “brick” millions of them all at once — turning them into plastic pantries with heavy doors.

What do you think? Comments?

Indie Horror Movie Inspired By Elliot Rodger’s Killing Spree: Del Playa

August 9, 2015 2 comments

I recently came across some news articles about an upcoming indie horror movie whose storyline has more than a passing resemblance to the Elliot Rodger saga, something that I have previously written about on this blog- Link 1, Link 2 and Link 3. Anyway, to make to long story short- this upcoming film (directed by a UCSB alumn) is receiving a lot of hate on social media from SJWs and others white LIEbrals who are offended by a movie they have not seen.

Somehow these people believe that nobody should be allowed to make a movie in which a young guy in a west coastal setting decides to exact revenge on girls who repeatedly ignore his modest romantic/sexual advances. I am willing to bet that more than a simple majority of these same people were not offended by a movie that celebrate an american soldier killing over 100 people in Iraq. Ironically, the actions depicted in the later movie are a far better fit for the definition of unprovoked premeditated multiple homicide than those shown in the former. Says a lot about the nature of society in the USA, doesn’t it?

Anyway, here is the YouTube trailer for ‘Del Playa’, which also happens to be the name of a street in Isla Vista, CA.

What do you think? comments?

Interesting Links: Aug 3, 2015

August 3, 2015 2 comments

Here are links to a few interesting news articles I came across recently. They are about first hints of the totally foreseeable disasters resulting from a reckless and short-sighted drive by many corporations to connect everything to the internet aka the “Internet of Things”.

Why do drug infusion pumps, basic and important aspects of automobile control systems or electronic sniper sights require a connection to the internet?

Link 1: FDA tells hospitals to ditch IV pumps that can be hacked remotely

The Food and Drug Administration “strongly encourages” hospitals to stop using Hospira’s Symbiq Infusion System, because it’s vulnerable to cyberattacks that would allow a third-party to remotely control dosages delivered via the computerized pumps. Unauthorized users are able to access the Symbiq system through connected hospital networks, according to the FDA and the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team. ICS-CERT reported the vulnerability on July 21st and the FDA released its own safety alert on Friday, July 31st. Thankfully, there are no reported incidences of the Symbiq system being hacked. Hospira does not sell the Symbiq system anymore, but it’s still available for purchase from some third-party retailers and the FDA warns against buying it. The network vulnerability would “allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies,” the organization says.

Link 2: OnStar hack remotely starts cars, GM working on a fix

Hacker Samy Kamkar unveiled his latest triumph this morning: OwnStar, a tiny box that acts as a Wi-Fi hotspot and intercepts commands sent from a driver’s OnStar RemoteLink app, allowing an unauthorized user to locate, unlock or start the vehicle. Simply place the box somewhere in an OnStar-connected car and wait for the driver to start up the RemoteLink app within range of the vehicle. The driver’s smartphone should automatically connect to OwnStar’s network and, voila, the hacker now has all of the car owner’s information (email, home address, final four digits on a credit card plus expiration date), and control of the car. GM has already issued one patch this morning aimed at securing the RemoteLink app, but it was unsuccessful, according to Kamkar. Kamkar never intended to wreak havok with OwnStar, he said in an interview with Wired. He wanted to expose a vulnerability in the OnStar app and help GM fix it — and it seems as if that’s precisely what’s happening. GM is working to patch the RemoteLink bug now and Kamkar says he’s in contact with the company as they fix it. He plans to reveal more technical details about OwnStar at Defcon 2015, which runs from August 6th to the 9th in Las Vegas.

Link 3: Fiat Chrysler recalls 1.4 million vehicles after remote hack

Fiat Chrysler Automobiles (FCA) will patch 1.4 million US vehicles following the reveal of a hacking method by Wired. The “voluntary safety recall” — which it seems will come in the form of a USB dongle — applies to vehicles equipped with 8.4-inch touchscreen in-car-entertainment systems. Affected cars include Jeep Grand Cherokee and Cherokee SUVs, Dodge Ram pickups and many others. If you’re concerned your vehicle may be affected, you can see the full list here. FCA is obviously acting fast to patch the problem, and it’s clear why. As Wired details, the hack makes it possible to “kill” the engine, remotely activate or disable the brakes, and keep tabs on a vehicle’s location. Full steering control is currently being worked on. The party responsible for the hack revealed it would “publish a portion of their exploit” openly on the web, timed to coincide with the Black Hat security conference in August. Although the company clearly accepts that the issues are serious, it notes that it’s “unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration.” It adds that it’s “conducting this campaign out of an abundance of caution.”

Link 4: Hackers Can Disable a Sniper Rifle—Or Change Its Target

At the Black Hat hacker conference in two weeks, security researchers Runa Sandvik and Michael Auger plan to present the results of a year of work hacking a pair of $13,000 TrackingPoint self-aiming rifles. The married hacker couple have developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit vulnerabilities in its software. Their tricks can change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing. In a demonstration for WIRED (shown in the video above), the researchers were able to dial in their changes to the scope’s targeting system so precisely that they could cause a bullet to hit a bullseye of the hacker’s choosing rather than the one chosen by the shooter. “You can make it lie constantly to the user so they’ll always miss their shot,” says Sandvik, a former developer for the anonymity software Tor. Or the attacker can just as easily lock out the user or erase the gun’s entire file system. “If the scope is bricked, you have a six to seven thousand dollar computer you can’t use on top of a rifle that you still have to aim yourself.”

What do you think? Comments?

Interesting Links: Aug 2, 2015

August 2, 2015 4 comments

Here are links to a few interesting news articles I came across today. They are about the extremely intrusive and almost inevitably exploitable features built into Window 10.

Link 1: The real price of Windows 10 is your privacy

Windows 10 is more closely tied to a Microsoft account than any previous version of the OS. This allows Microsoft to assign an ID number to users that can then be used to track them across different devices, services, and apps. This in turn can be used to deliver closely targeted ads to people. Microsoft has been pushing the mobile first, cloud first philosophy for some time now, and it becomes clear with Windows 10 that the love of the cloud is as much to do with the ability it gives Microsoft to gather useful data as it is about convenience for users.

Without wanting to venture into FUD territory, if you want an idea of just how Windows 10 can be used to gather data about you, take a trip to Privacy in Settings. The number of settings listed here is really quite lengthy — and just about all of them are enabled by default. The data is almost certain to be anonymized, but the setting labelled “Send Microsoft info about how I write to help us improve typing and writing in the future” will be of particular concern to anyone using their computer to conduct sensitive work. Then there is location data, the ability of apps to use your camera and microphone, and Cortana’s access to your contacts, calendar, and anything else you might care to mention. If this concerns you, go to the Speech, inking, & typing section of Privacy and hit the Stop getting to know me button.

Link 2: Windows 10- Microsoft under attack over privacy

Many of the complaints relate to the new personalised adverts embedded in Windows 10. When the OS is installed, Microsoft assigns the user a unique advertising ID, which it ties to the email address registered with the company. That email address is also associated with a raft of other services, such as the company’s productivity and communication programs, as well as app downloads and cloud-storage uploads. Using that information, Microsoft is able to personalise ads to the user, during both web surfing and, for newer apps downloaded from the Windows Store, app usage. Microsoft itself is leading the way on that front, even turning the in-built version of Solitaire (the card game that has been a staple of Windows installations since 1990’s Windows 3.0) into a freemium game, complete with unskippable video adverts.

Elsewhere, Windows 10 also harvests user information in order to teach the built-in personal digital assistant Cortana, Microsoft’s answer to Siri. To enable Cortana, the company says, it “collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device”. Users are given the option to opt out of most of the data collection, but critics say that isn’t enough. Alec Meer, of gaming website Rock Paper Shotgun, says: “Microsoft simply aren’t making it clear enough that they’re doing this, how it might affect you and how to opt out – despite chest-thumping, we’re-all-chums-here talk about how ‘real transparency starts with straightforward terms and policies that people can clearly understand’.

Link 3: Windows 10 is spying on almost everything you do – here’s how to opt out

Actually, here’s one excerpt from Microsoft’s privacy statement that everyone can understand: Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.

Link 4: Windows 10’s default privacy settings and controls leave much to be desired

My problem with these elements of Windows 10 boils down to this: It feels, once again, as if Microsoft has taken the seed of a good idea, like providing users with security updates automatically, and shoved the throttle to maximum. This new information opacity is present at so many levels, it feels more like a deliberate design decision than an accidental omission. Want to know what specific KB updates do? You’ll have to look them up manually. Want some information on how Windows Defender works in Windows 10? You won’t find much on Microsoft’s official pages for the operating system. Taken as a whole, it’s harder to configure many of these settings in the way you might want them, information is harder to come by, and Microsoft is sucking down more user data than ever. Despite the tone of this article, there are plenty of things I like about Windows 10 and I’m going to talk about them in future stories. Metro/Universal apps now play much nicer with Desktop applications. The Windows Store has been overhauled and has a better layout. DirectX 12 is a huge step forward for gaming, and an undoubted high point of the launch. There are a lot of things to like about this operating system, and I want to talk about them in turn. But as far as user privacy, intrusive settings, and the need to crawl under the hood to optimize settings that Microsoft used to give you options for? This, in my opinion, is where Windows 10 stumbles, and stumbles badly.

What do you think? Comments?

Follow

Get every new post delivered to your Inbox.

Join 117 other followers