Virtual Trust

For your sakes, I’m a little worried about something regarding Windows.

First, let me remind you of the terminology: “telemetry” is the word for what your Windows computer sends to Microsoft for analysis. On the one hand, Windows collects a lot of specific details about your hardware, the software you add or remove, all the files you create and save or delete, how you use the software, and in particular they way you interact with the Internet with all the places you visit. But if your computer sent all of that detail to Microsoft, their servers would be overwhelmed. Rather, Windows reduces that stuff to statistical data. They say it’s anonymized — that it can’t be traced to you individually — but I’ll let you decide if that’s true.

Notice something: Encryption does not protect your privacy on this stuff. The analysis is based on your keystrokes, where you move your mouse and everything that comes and goes on the clipboard. So long as Windows is actually running, even your virtual machines are subject to this detailed analysis. It’s recorded somewhere on your system, though probably not in raw form, because that’s just too much stuff. Your hard drive space would disappear in a couple of months of normal use if it were raw data. Either way, practical reality prevents Windows sending too much detail because Microsoft has no way to process more than a certain limited amount. That limited amount is the telemetry data.

I am skeptical, not only of their assertion that it is anonymized, but also skeptical that they would work very hard to guard this telemtry data. You might be aware that Microsoft is currently fighting the US Department of Justice over a demand that MS provide emails stored on servers in Ireland. Can a warrant served to a US based company apply to data housed under another jurisdiction? The implications are beyond guessing. Despite the rhetoric about protecting customer privacy, the real issue is that if the DOJ wins this case, Microsoft will lose billions of dollars in business. Nobody will trust them even in the typical superficial sense. This alone could also generate a general move away from Windows itself as an operating system.

Naturally, I would say that’s a good idea, but for a different reason. The telemetry data is all stored on servers in the US; it’s already understood to be within reach of the US government. How hard is it to imagine that some kind of algorithm could identify key items of interest to a legal system that has already shown a penchant for persecuting folks over perfectly legitimate and innocent behavior? Innocence is no defense against the most unconscionable harassment; I know this from personal experience. The question is more a matter of whether any government agent decides to take an interest in what you are doing for any reason at all. Some things you might do are obviously a cop-caller, but there is a broad area of activity that seems to garner only capricious enforcement interest. Prosecution is demonstrably uneven and unfair, and largely opaque to our analysis.

So we are in a pernicious police state, but the state so far is a little short of the resources to make life entirely dreary for everyone. That Windows telemetry stuff is a new threat vector for the crazy oppression, but it’s also an open door to non-government threats. How could anyone imagine MS can protect this telemetry system against criminal hackers? Microsoft is notorious for inserting backdoors intentionally for their own convenience, and in virtual space, only time and effort keeps those doors hidden from others. You can be sure the NSA knows about them already, and their alleged wizardry stands against some very obvious bungling.

Oh, and the telemetry has been inserted into both Win7 and Win8 for those who decline the upgrade to Win10. I’ve already posted links to ways you can remove the current “updates” by which this was done, but who’s to say MS won’t find a way to slip them in again? All they have to do is bundle those changes with some essential security fix. They’ve done that before. Win10 already forces you to accept whatever updates MS pleases to send you, and I am waiting for that policy to be applied to Win7 and Win8.

Am I the only one who predicts this will all turn out a disaster for the billions of Windows users in the world? By the way, I’m predicting the DOJ will win some part of their case against Microsoft. Even if they don’t, you should be aware that virtual space recognizes no political boundaries. Get used to thinking that way, because human efforts to constrain the Internet under national laws is a silly joke.

This entry was posted in computers and tagged , , , , , , . Bookmark the permalink.