I remember when buttons in the control panel did what the labels said they would do along with help buttons that opened local help documentation that was accurate, concise, clean, interlinked, organized, searchable, and instant. Now the buttons in Settings open bing search results page in Edge (even when not the default browser) that have 0 results.
It's not telemetry. You just have to look at the junk that gets put in that huge banner across the top of the system settings to figure out what this is. It's not reporting you to Microsoft. It's reporting stuff from Microsoft to you.
2021.1019.1.0 is, as I pointed out at https://news.ycombinator.com/item?id=44209402, a date. It's publishing a date from earlier this year now, in 2025. It's the date that something downloadable from Microsoft changed to a newer version. And in fact there are several things that got updated on April the 24th that are likely candidates here. There were update candidates for what this could be on October the 19th of 2021. The most likely is updates to Windows Update itself.
As for Bing: Well in M. Horowitz's screenshot one can see that it's showing the prompt to have the "full customer experience". On other machines, you'll find that that area contains little icons about the statuses of Microsoft Rewards, Microsoft Edge, Microsoft OneDrive, Windows Update, and others. It's fairly obvious that the System Settings program has to make HTTP(S) queries to on-line services to show all of this stuff, including asking Bing how many Microsoft Rewards the user has earned. I wouldn't be surprised if it simply always did that, even if it never displayed the icon. And those queries involve DNS lookups.
System Settings is querying various WWW services for the little icons at the top of its window, and the very prompt to run through the "full customer experience" dance that we can see right there in the screenshot.
Windows 10 spies on everything you do, and presumably windows 11 does to a greater degree.
Your windows photos app has over 122 tables [0] of analysis on every picture on your machine. It does facial recognition and more and likely reports a lot of this back to ms. That’s just one app!
Hm, the word “likely” is doing a lot of work there. If anything local storage of this stuff is encouraging, it suggests at least the possibility that this isn’t all living in the cloud. But it’s being interpreted as a negative with an unsubstantiated assumption about how the data is being used.
I’d also like to think we could have a better discussion on HN than “big number scary”. 122 tables sounds like a lot, sure. They could denormalise the whole dataset and keep it in one table, key/value store style. Would that be better? It’s a photo app with facial recognition. Stands to reason that it needs to store facial recognition data.
> Your windows photos app... does facial recognition and more and likely reports a lot of this back to ms. That’s just one app!
The link you cite though was careful to avoid making claims that couldn't be substantiated. It lists only what is in the database locally and the telemetry section doesn't include image content/metadata but user interactions with the app itself.
> more and likely reports a lot of this back to ms
Isn’t this the literal definition of FUD? Fear, Uncertainty, and Doubt.
I would like to hope the orange site approaches this topic with more substance. Do the analysis of network traffic to see what gets sent home. Decompile the binary to check it out for these sorts of things. Don’t just write your anti-MS fanfic and pretend that it’s something meaningful.
People and object detection are pretty baseline features for a photo management app these days IMHO. I like that my photos app automatically finds all the photos of my dog.
I disagree. I don’t want that feature. None of the photo apps I use by choice have it, and I’ve never once used it on iOS. It creates multiple albums for the same person anyway so it’s useless.
You not wanting it != table stakes for a photo app.
I use it, my family uses it, my friends use it. Anecdotal data to be sure. But I think if barely anyone used it you wouldn’t see it as a base feature in almost every photo sharing app.
It is how the default photos app for ios and android work and have worked for years. If you can't search by person or
by the content of the photo you're falling behind.
I would argue such feature only exists on big tech photo apps as an excuse to do facial recognition and eventually extricate such data trough whatever means. The benefit to the user is just a minor side effect.
I would argue that’s another example of FUD. It’s a useful feature a lot of people like. Similarly I find geotagging of photos tremendously useful. I don’t believe that feature was added to phones to extend the surveillance state, I believe it was added because a camera was combined with a GPS and it made logical sense.
Why is this downvoted? This is just true. You "totally into hacker stuff hackers" don't see it, but talk to any normal phone user on the streets and ask about his photo app.
Windows has info about everything. Even have a history of USB drives ever plugged into the system. Maybe all this for when someone gets in the crosshairs and an infiltrator squad can swoop up all the info to use against the individual.
Windows is basically ad/spyware, personally I only use it under sufferance for games and while doing so I remind myself constantly that I'm being watched/recorded and my computer is out of my control. So I play games, then log to Linux if I want to do anything real. Even then, do we know some rogue process isnt vacuuming up your keystrokes? Can still get a lot done without an internet connection I guess if you plan ahead.
Even with games nowadays you'd be surprised with the quality of gaming on Linux. I've got a laptop with a nvidia graphics card running linux, historically a problematic to say the least setup. I've only had one game I needed to tweak the startup settings for (other than forcing the use of proton), everything just kind of works now.
I will put a big disclaimer here that I don't play online games really and some are just fecked due to certain anti cheats.
Used to be that any two of those three things (Laptop, NVIDIA, Linux) together was enough to ensure endless hassle dinkin' with various things to get it all running somewhat halfway right. Nowadays it seems like most everything on Linux is pretty much real deal "plug-n-play" except the odd occasional AAA game publisher goin' all purposely anti-Linux with their DRM or anticheat.
Praise be to Valve / Steam for their massive (and ongoing) push to make gaming viable on Linux for a wider audience outside the "nerd" crowd runnin' WINE from commandline, and various "retro" / classic console emulators (and of course "indie" games). Love bein' able to click "Play" and most games these days just run (despite my bein' one of those "nerds" who ran games in WINE long before Valve ever did). :)
Maybe you know this, but steam does more than get games playing on Linux. They (Valve?) have a group that develops drivers for AMD gpus on Linux. Their contributions still may not ve limited to just that primarily, but if there wasn’t Valve it would seem we’d have a lot less to play on Linux at the very least.
A lot of their work on proton also gets upstreamed back into wine, so even for those not using proton, they're still benefiting quite a bit in recent years from all of the work Valve has done on that front.
Yeah Rust is non-functional for that reason sadly, but otherwise I'm loving my Linux life; most eveything else works great. Valve have done us a great service with Proton.
On a related note, not believing some things because you cannot prove them is a road to naivety.
For me personally, based on the plethora of evidence given by other online platforms and applications, I think it's perfectly sane to assume that yes, your data is being slurped and logged. Maybe that's not a bad thing, maybe it is, but at this point I think that ship has sailed.
Can I prove it? No, mostly because the manufacturers have specifically designed it in such a way to be unprovable.
The fact that our currently popular operating systems don't enable users to trivially 'disprove' such possibilities really shows how shitty they all are
Well apart from monitoring network traffic, with Ubuntu you can examine the source code for anything that you don't trust or dive into what system calls an application makes by using "strace".
Well you can try monitoring Windows network connections, but Microsoft do seem to love obfuscating it with connections to multiple different domains that they own.
You can't even look at the Windows source code, so your question about reproducible builds seems to be moving the goalposts somewhat.
Also, is there something like "strace" on Windows?
Edit: just looked it up and Ubuntu doesn't enforce reproducible builds, although with their new "Monthly Snapshots", Canonical is moving towards reproducible build pipelines.
The necessary technical and UI/UX difference would be capability-based (https://en.wikipedia.org/wiki/Capability-based_security) microkernels like Sel4 or Genode combined with high level user interfaces that allow one to monitor and control the rights and actual resource access and usage of programs
However, it is possible to audit the Ubuntu software against the source code which is something that you cannot do with Windows. That is a technical difference even if you don't acknowledge it.
Also, Linux does make it much easier to determine your level of trust as the different components can be analysed/verified independently (although systemd is a bit of a monolith) whereas it's a lot trickier to isolate Windows components.
I think that was also the common approach to paranoia about your privacy pre-Snowden. But he kind of ended that discussion for many, although denial or ignorance is probably better for your soul indeed.
He didn't end the discussion, he presented evidence. When you receive updated evidence you should update your beliefs.
He presented good evidence that big corporations are co-operating with the NSA, or something, but he didn't present any evidence at all that regular Linux distros are monitoring all your keystrokes. As far as I know.
To just wildly speculate about mass surveillance without evidence is just baseless conspiracy theories, you really have nothing to worry about. Hope that helps.
Many games I would like to play are Windows-only, so that kind of sucks, but then again, I installed Windows 11 just for this purpose. So not complaining, until my programs and games will stop working when Windows 13 (or whatever) comes out. I had to upgrade from Windows 9 to 11 because it became obsolete and unsupported.
> Proton is a new tool released by Valve Software that has been integrated with Steam to make playing Windows games on Linux as simple as hitting the Play button within Steam.
But it does not offer me a clickable "Play" button for exclusively Windows games, unfortunately. Or is this something else? Or perhaps I have to do some configuration of some sort? I am really not sure. It works for games that have Windows + Proton (icon / logo), but the games I want have only windows.
It works out of the box here? Steam supports running most "Windows-only" games on Linux without trouble; you may just have to select the Proton version once.
I don't remember when I last encountered a game that didn't run. I'm sure those exist, mind. Perhaps I've just been lucky.
It does, you'll probably have to enable proton in Steam settings. Also, in the store pages, you can see Steam Deck compatibility rating (and details about that) which means linux in practice. Some warnings regarding small text in some games don't apply to bigger displays, of course.
I was super pissed when epic announced dropping Linux support for Rocket League. Once it was done, I fell in love with Proton, it ran better than both the native Linux version, and the Windows version on Windows.
Would like to see more of the captured data, because a simple "about" dialog, would also need to call some server to check, if it software is in the latest version. To display the "you have the latest version" label.
This is United Statians being the victims of their own crazy date writing style again. (-:
Michael Horowitz did this on 2021-10-22, and it returned the value 2021.1019.1.0.
Today, on 2025-06-07, it is publishing the value 2025.424.19.0. Which would be last April the 24th.
It's blazingly obvious that it's the last date that something downloadable got updated, with a version or sequence number of some kind. The zero in the final field is probably there because someone is using a 4-field version datatype. To publish a date.
I wouldn't be surprised if the final zero is actually intentional; it would allow incrementing it if you need to publish more than one version on the same date. It's not likely to be needed, but if something is on fire and you absolutely need to push out a quick fix, having to figure out what version to call it is probably the last thing you want to have to worry about.
Never attribute to some deeply sophisticated planned ahead engineering, that which can be satisfactorily explained by the fact that it's a lot easier to serialize and deserialize a System.Version in an HTTP body, in a universal fashion that will work for every computer in whatever locale, than it is a System.DateTime plus a separate sequence number. (-:
This is a reasonable reaction to this. I pause when accusations jump immediately to spying as other explanations can exist without adding to FUD and noise online. It's not always difficult to find the purpose of something either with a bit more digging.
I've seen something similar occur for some popular Youtube videos, too. A video author will fire up some arbitrary Windows setup, which can come bundled with third-party software and use Bing for various things including weather in the taskbar and queries in the search bar, then open Wireshark to scaremonger with DNS queries, accusing Microsoft of spying just for requests made by the services/programs/features they have enabled in their install.
When often cursory lookups of the domains in search engines show what their purpose is and are contrary to such videos' alleged (and worse, guessed) purpose.
It's a problem as there are legitimate concerns with certain aspects of Windows software with non-privacy respecting defaults but for an average user it gets muddled with irrelevant/incomplete info that doesn't lead to high quality actionable results.
I saw this happening in 11 too, not surprisingly. It's become increasingly difficult to get Windows to stay quiet on the network, although a lot of other software is also guilty of this background noise.
There's a potentially interesting article here where the content of the network requests and responses is investigated to find out what's happening, but this article isn't that - it just knee-jerks into cranky allegations of sPyiNg.
This sounds like standard telemetry to me, probably only ever studied on aggregate and so fairly anonymised data.
I'm not saying this is good, and I hope the EU mandates an effective OFF switch. But I don't see how Microsoft cares that you personally adjusted your screen brightness out of all the billions or so of data points they collect each day.
Maybe the NSA's permanent record programme has some use for this?
The usual reason for this kind of telemetry is to figure out which features users are using and which they aren't. That guides decisions about what to invest in, what can more or less safely deprecated, and can even help with promotions.
And with all kinds of telemetry they collected, they managed to create the pinnacle of UI/UX redesign, as shown in the Settings Panels in Windows 11, right?
People are weirdly attached to Control Panel. What's better: Control Panel -> Network and Internet -> Network and Sharing Center -> Change Adapter Settings -> Properties on selected NIC -> IPv4 -> Properties to set a static IP or Settings -> Network and Internet -> Ethernet -> IP Assignment
People got used to where things were. That does no indicate good UX/UI.
The problem is that this doesn't let you configure X detail about the NIC, most users don't need to ever configure that so they don't have that option in their updated control panel. The problem is that sometimes people do need to configure X, Microsoft can't just say to people you can no longer configure X, if it's a necessity for some use-cases. Their solution is to just leave the old legacy control panel software laying around forever for those situations. And that's bad UX/UI and bad for security, to leave this ancient unmaintained code on everyone's system.
Just because of incompetent modern design department "simplifying" everything to a point of unusability. Is windows supposed to be used for serious applications or is it just a consumer product for tech-illiterates? Microsoft doesn't seem to know. Why can I even buy a "enterprise" or "professional" version, this is clearly not intended to be used by me.
I'm not sure that's directly on control panel so much as which windows version you pick to look at, over the years it's changed as they try to make it friendly to different audiences. In win2k it's not very deep to get at, by default there's network places on the desktop you can right click to skip a few steps. Similarly they could improve the win8+ settings app but presumably they think win11's version is the best they can offer.
Then why the fsck gets in my way ? Why 1px borders when i have to resize windows ? Why no place on the titlebar when one can click and drag on second monitor ? Why the stupid taskbar where some windows are hidden and others not. Why the stupid alt-tab where it rearanges the window stack ? Why ?
So you're saying that decades of telemetry have shown to Microsoft that users increasingly want MORE and more telemetry and no way to turn it off?
I find that hard to believe.
And that users would like the start button to move to the center, the settings config GUI to change completely on every OS release and settings to be in 4 different places and that users don't want more than 1 taskbar row (win 11)? lol, yeah nahhh...
Apart from the reason of ”if they spy on this, who knows what else” and ”I don’t want to waste resources on telemetry” what is the reason to not allow a vendor to see which settings page you visit?
Obviously if you opt out (or rather, didn’t opt in) you shouldn’t be sending telemetry. But the line between a necessary network call and an optional one is often blurry.
As to other reasons apart from the violation of privacy: Every network call adds additional latency and slows down interactions with the OS. Every data gathering feature adds additional complexity to the implementation, takes attention away from other implementation work that could be done instead, and increases the risk of adding further mistakes to the implementation. Personally, I would like OS and application vendors to work on improving security and correctness of their programs and reducing latency instead of adding data gathering features.
> But the line between a necessary network call and an optional one is often blurry.
What would be an example of a necessary network call that an ideal OS (i.e., one that cannot be easily compromised and does not require updates around the clock to correct programming mistakes) has to perform on its own?
If a company is interested in how users use their applications and desperately need our data for it, they may be interested in funding dedicated studies and appropriately compensating users that send their data, if it is so valuable for the company.
Have you developed large applications with/without anonymous usage data?
You need a good volume of data and you aren’t going to want to pay for it for one simple reason: you can get it for free and only a tiny group of users are going to be upset enough by this.
Not sure what the reference to “ideal OS” is about. I thought this was about windows in particular.
Necessary network calls would be related to updates, licensing etc. But the thing is: they would be going “home” to the exact same servers as telemetry AND they would easily contain the same payload.
No, sorry. Testing answers “does the feature work?”. Usage telemetry answers questions like “was the feature a good idea?” and “are enough users successfully using the feature to justify the cost of creating/maintaining it?”.
Those are not questions for which pre-release testing can provide answers.
I’m not weighing in on opt-in vs opt-out, or on anonymization. Just saying that testing doesn’t cover this niche.
(Separately, I think you’re largely wrong about testing as well: crash dump collection is about finding issues that pre-release testing wouldn’t find at any price. For things like OSes especially, the permutation space of hardware * software * user behavior is too large. While I’m sure a few companies use crash reporting as a crutch to support anemic QA programs, I do not think that many do.)
This and also it's pretty obvious that the main goal of both Microsoft and Google is NOT to make the OS better for its users.
So the claim that telemetry is used to improve products is simply a lie IMO.
The fact that telemetry is sent at all for no apparent reason and deliberately without clear consent is an ironic example of this. The fact that it's been happening more and more over the past decades as the OS'es evolved is another confirmation of it.
> for system settings specifically, I wonder what kind of ad targeting would you get out of that?
You get sensitive data out of system settings, such as for instance health data: Does the user have a vision or hearing impairment, use assistive technologies etc.?
Would it count as a paid user study if enabling telemetry for Windows knocked $10 off of the price of your computer?
I can’t decide if that’s a neat idea or dystopic. Which, historically, probably means it’s dystopic and that plenty of people are already doing it.
I think “traditional” paid user studies often suffer from the same sampling problems that make political polls and behavioral paid medical studies less useful (you’re not surveying the average voter; you’re surveying the average voter who likes to answer polls). But maybe the “$10 off” idea would capture a broad enough demographic as to be more useful.
In that case sure maybe not. However, most systems aren't run by deep experts but by regular users which expect a device to be plugged into a network and then have the capability to use the internet without user interference. That more or less necessitates DHCP.
The best way to think of it is the software must serve me, the owner of the computer, and nobody else.
Years ago when spyware was not the norm, there would be outrage if anyone caught some software sending as much as a single packet of data that was not legitimately initiated by the needs of the user/owner. We need to return to that mindset.
I think this is really simple: telemetry should be opt in, anonymous, and _in_ the interest of the user in the long term by the improvement of the software. Because it’s _not_ possible to get this information any other way through user studies etc.
If it’s hard to disable, contains any PII or sensitive info (urls, file names) then it’s not OK.
what is the reason to not allow a vendor to see which settings page you visit?
It's all about privacy; and by privacy, I don't mean the "privacy" that often gets thrown around by Big Tech to mean "only we can see what you do". What I do on my computer is none of their business.
Anonymous usage statistics means no one stores what _you_ do though. Obviously sending a url you visit or a file you open is way over the line. That’s about what you do. I think there is a difference between that and feature usage as counters only.
Yes if it can be deanonymized then it’s not anonymous. Almost a tautology that.
You can’t send the telemetry over http without revealing an ip, but obviously that ip can’t be stored as part of the telemetry data. That’s PII and not anonymous at all.
Important: if I collect anonymous telemetry you better trust me that it’s anonymous when I say it is. Because if you don’t trust me on that then you can’t run the software at all (if it’s a piece of software that relies on web requests in some form at least). Otherwise why would you even trust that my opt in is respected?
You have to trust software vendors of software that makes http requests. It’s as simple as that. You can use open source or try to inspect packets. Or firewall the software. But if it does (for example) one update check on startup which is common, then it’s almost impossible to tell whether it contains telemetry data. Because even the bare minimum request “this is FooApp 2.9.1 are there any updates” contains important usage stats: it’s +1 for the use counter and +1 for the v2.9 use counter!
I had written down many reasons but the onus should not be on people explaining why they don’t want to be tracked, in a society I’m happy to live in. Software is part of society.
But should developers not be allowed to have it in their software? So long as it has a label “this software sends usage stats, if you don’t like it don’t use it, or don’t opt in” should that be banned? Or is that acceptable?
If the user develops something they can do it however they want. It’s not “theirs” because it’s installed on their machine. They can’t even control how it runs on their machine short of sandboxing it. They can choose to run it as the developer wanted or not at all.
You didn’t answer the question: should it be somehow banned?
The shitty thing isn’t phoning home, the shitty thing is doing what’s not described on the label.
If a piece of software says “this will do X if you run it” and then it does X then I don’t see the complaint (yes I realize lots of software uses dark patterns or doesn’t say what it does, especially windows, but _in principle_ I don’t think anonymous telemetry with good clear opt out/in is evil).
Sorry, we didn't give you those options. You get to choose "yes" or "maybe later", but we're 100% going to be using your property. Love, Microsoft, Google, and every other tech company who thinks this is the proper form of consent <3
For the sake of argument, the only interesting discussion about telemetry is about whether it’s ok when done right.
I don’t think anyone thinks it’s ok when it’s not done right (not anonymous, dark patterns for opt in/out, etc).
So it’s not a very interesting discussion to have since there is no one arguing for it.
Instead my argument is: when done right, anonymous telemetry isn’t “evil”. To be fair I don’t know if many argue it is either.
There are a few absolutists that think not even opt-in telemetry is acceptable and that developers should do more expensive studies to find how their software is used. It’s really only those I disagree with.
'Done right' quickly becomes one of those no true scotsman arguments. Nothing in this world is fully done right.
Just from the top of my head: Telemetry means extra code, hence extra bugs and maintenance overhead. It costs you in extra ram/cpu/storage/network. The networking means NSA and friends have a beacon declaring a windows computer exists, and they probably can derive other facts from the message statistics. After Snowden, we should assume they have a backdoor and get the unencrypted data if they want.
All this assumes Microsoft has only the good of you as end user in mind, are not hackable, and can't be coerced by governements. All of this now and in the future.
'Done right' is not a good yardstick. There are tradeoffs needed, Microsoft decides which ones, and they decided the user has almost no voice in these tradeoffs, and doesn't even get to see te choices made. These tradeoffs are the interesting discussion.
Not having this info means you pay for unnecessary features, get bugs fixed slower, pay for expensive surveys or user studies etc. Sending it in and wasting some cpu/network may be the cheapest option. Because users are paying for it one way or another.
I have a similar anecdote about android. I was trying to change some setting, but my android phone has like 3 different places where settings can hide (the settings app, google settings app and vendor settings app). So anyway, I open one, search, open the other and so on. I must have opened and switched about 4 times, went through lots of menus, back and forth until I eventually found what I was looking for and changed the setting.
After finishing, like ~10-15 seconds later a "feedback gathering ..." alert popped up, and it was gone in like 5 more seconds. My complete guess is that the constant going back and forth between settings menus and apps triggered something and something got sent to goog. I don't know how I feel about it, but I think I'm mostly fine with that? It sounds like the kind of thing I'd want my products to improve on. In an ideal world I'd get a quick report about what was gathered, and have an option to accept/deny but... Dunno.
I'd love to have the inside insight on how MS see WINE and related products and how that compares to how they saw chromium versus Trident/EdgeHTML. I really wonder if windows by itself is a loss leader to other areas where they do make money and would love to stabilize the desktop side and outsource/"contribute" that to others to maintain, just so long as they could keep money coming in from office, user administration, support contracts, alongside the services side.
On a tangent I wonder a similar thing about nvidia/AMD carrying around decades worth of tweaks and fixes for old games within their GPU drivers (and matching that is a cost for entry for intel), could they shed a burden by opening that to projects like DXVK.
I ditched Windoze 15 years ago and never looked back. There's never been an easier time to do it than now. Even if you can't do something on Linux, whatever it is isn't worth it. There's so much to do in life that it's more about choosing what not to do. Wherever possible choose love and generosity over hatred and greed.
I wish there was a law which mandated update, service and telemetry servers were on different cidrs.
There are frequently updates lists Windows telemetry IPs you can block using ipsets. But a Microsoft always seem to mix these IPs with legitimate services.
It's normal for programs to reach out to the internet for purposes other than spying on the user. Microsoft is a trustworthy company that wouldn't deploy spyware within an app included in the OS.
Is this intentional devils advocacy for the sake of balancing an expected narrative? Outside of the rarely normative definition threshold as to what constitutes spyware or not, on what data / references (if any) do you base your impression on?
And how does a perception of company trustworthiness correlate with telemetry ethics that don't infringe in some way on 'basic digital human rights' (as defined by GDPR et al, say)?
Yes, because there are many people on this site who also believe a packet being sent to microsoft = spying. A lot of these people grew up with or were influenced by people who grew before the prevelance of the internet when software engineering was still immature when programs typically didn't communicate with the internet on their own.
>do you base your impression on?
My impression is based off the employees who work there who I would trust wouldn't add things like taking webcam screenshots and sending them back to Microsoft to look at.
>how does a perception of company trustworthiness correlate with telemetry ethics
Consumers and businesses will lose trust in a business if the telemetry data is not anonymized properly and put under strict privacy controls.
Overton window calculation usually starts at a minimum of two inputs without proximity requirements (except technical requirements like linguistics/ functional semantics)*
[ * Only because an opinion may appear too far removed from a given perceived spectrum-threshold for 'reasonable reasoning'.. should not necessitate collapsing the contrasting input to some purely sarcastic/humorous telos, especially when this stochastically undermines one's own chances for being afforded the inversely congruent gesture]
More like a plumber tasked with "modernizing" your bathroom, who as part of the process installs the camera surreptitiously precisely so you won't complain about compromised privacy.
In any event it looks like that bridge is no longer for sale whole-hog. There were some fairly high bidders. A whole lot more people can enjoy the opportunity to participate through timesharing now though than ever before :)
Considering the domains this is likely a network test, though it may be reporting the results of the connection to bing.com to cxcs, which apparently collects telemetry.
On one hand, I get it - a lot of us ping google.com to quickly check the network - doesn't mean we're sending spy data to Google. On the other hand, it would be nice if this was more transparent, perhaps asking if it can perform the test.
I remember when buttons in the control panel did what the labels said they would do along with help buttons that opened local help documentation that was accurate, concise, clean, interlinked, organized, searchable, and instant. Now the buttons in Settings open bing search results page in Edge (even when not the default browser) that have 0 results.
Has no-one figured this out in three years?
It's not telemetry. You just have to look at the junk that gets put in that huge banner across the top of the system settings to figure out what this is. It's not reporting you to Microsoft. It's reporting stuff from Microsoft to you.
2021.1019.1.0 is, as I pointed out at https://news.ycombinator.com/item?id=44209402, a date. It's publishing a date from earlier this year now, in 2025. It's the date that something downloadable from Microsoft changed to a newer version. And in fact there are several things that got updated on April the 24th that are likely candidates here. There were update candidates for what this could be on October the 19th of 2021. The most likely is updates to Windows Update itself.
As for Bing: Well in M. Horowitz's screenshot one can see that it's showing the prompt to have the "full customer experience". On other machines, you'll find that that area contains little icons about the statuses of Microsoft Rewards, Microsoft Edge, Microsoft OneDrive, Windows Update, and others. It's fairly obvious that the System Settings program has to make HTTP(S) queries to on-line services to show all of this stuff, including asking Bing how many Microsoft Rewards the user has earned. I wouldn't be surprised if it simply always did that, even if it never displayed the icon. And those queries involve DNS lookups.
System Settings is querying various WWW services for the little icons at the top of its window, and the very prompt to run through the "full customer experience" dance that we can see right there in the screenshot.
Windows 10 spies on everything you do, and presumably windows 11 does to a greater degree.
Your windows photos app has over 122 tables [0] of analysis on every picture on your machine. It does facial recognition and more and likely reports a lot of this back to ms. That’s just one app!
[0] https://www.reddit.com/r/Windows10/comments/8zk1yy/a_simple_...
Hm, the word “likely” is doing a lot of work there. If anything local storage of this stuff is encouraging, it suggests at least the possibility that this isn’t all living in the cloud. But it’s being interpreted as a negative with an unsubstantiated assumption about how the data is being used.
I’d also like to think we could have a better discussion on HN than “big number scary”. 122 tables sounds like a lot, sure. They could denormalise the whole dataset and keep it in one table, key/value store style. Would that be better? It’s a photo app with facial recognition. Stands to reason that it needs to store facial recognition data.
The qualifier that confused me was for every image. For what conceivable reason would they make 122 tables of analytics per image? ( ╹ ▽ ╹ )
> Your windows photos app... does facial recognition and more and likely reports a lot of this back to ms. That’s just one app!
The link you cite though was careful to avoid making claims that couldn't be substantiated. It lists only what is in the database locally and the telemetry section doesn't include image content/metadata but user interactions with the app itself.
Yep the post is also 7 years old. I suspect there is a lot more going on now, but I haven’t investigated in a while.
> more and likely reports a lot of this back to ms
Isn’t this the literal definition of FUD? Fear, Uncertainty, and Doubt.
I would like to hope the orange site approaches this topic with more substance. Do the analysis of network traffic to see what gets sent home. Decompile the binary to check it out for these sorts of things. Don’t just write your anti-MS fanfic and pretend that it’s something meaningful.
People and object detection are pretty baseline features for a photo management app these days IMHO. I like that my photos app automatically finds all the photos of my dog.
Why would it need to be performing facial analysis and have over 120 tables of information in the first place?
Automatic albums of people is table stakes for a photo management app. Everyone has it - Apple Photos, Google Photos, Immich, etc.
That requires facial detection.
I disagree. I don’t want that feature. None of the photo apps I use by choice have it, and I’ve never once used it on iOS. It creates multiple albums for the same person anyway so it’s useless.
You not wanting it != table stakes for a photo app.
I use it, my family uses it, my friends use it. Anecdotal data to be sure. But I think if barely anyone used it you wouldn’t see it as a base feature in almost every photo sharing app.
That’s like saying an AI co-pilot is table stakes for an operating system. It isn’t.
No, this actually provides utility
It is how the default photos app for ios and android work and have worked for years. If you can't search by person or by the content of the photo you're falling behind.
I would argue such feature only exists on big tech photo apps as an excuse to do facial recognition and eventually extricate such data trough whatever means. The benefit to the user is just a minor side effect.
I would argue that’s another example of FUD. It’s a useful feature a lot of people like. Similarly I find geotagging of photos tremendously useful. I don’t believe that feature was added to phones to extend the surveillance state, I believe it was added because a camera was combined with a GPS and it made logical sense.
Why is this downvoted? This is just true. You "totally into hacker stuff hackers" don't see it, but talk to any normal phone user on the streets and ask about his photo app.
Windows has info about everything. Even have a history of USB drives ever plugged into the system. Maybe all this for when someone gets in the crosshairs and an infiltrator squad can swoop up all the info to use against the individual.
Yep pretty sure the images will remain in the windows photos database, at least hashes and descriptions etc after you’ve deleted them
Windows is basically ad/spyware, personally I only use it under sufferance for games and while doing so I remind myself constantly that I'm being watched/recorded and my computer is out of my control. So I play games, then log to Linux if I want to do anything real. Even then, do we know some rogue process isnt vacuuming up your keystrokes? Can still get a lot done without an internet connection I guess if you plan ahead.
Even with games nowadays you'd be surprised with the quality of gaming on Linux. I've got a laptop with a nvidia graphics card running linux, historically a problematic to say the least setup. I've only had one game I needed to tweak the startup settings for (other than forcing the use of proton), everything just kind of works now.
I will put a big disclaimer here that I don't play online games really and some are just fecked due to certain anti cheats.
Used to be that any two of those three things (Laptop, NVIDIA, Linux) together was enough to ensure endless hassle dinkin' with various things to get it all running somewhat halfway right. Nowadays it seems like most everything on Linux is pretty much real deal "plug-n-play" except the odd occasional AAA game publisher goin' all purposely anti-Linux with their DRM or anticheat.
Praise be to Valve / Steam for their massive (and ongoing) push to make gaming viable on Linux for a wider audience outside the "nerd" crowd runnin' WINE from commandline, and various "retro" / classic console emulators (and of course "indie" games). Love bein' able to click "Play" and most games these days just run (despite my bein' one of those "nerds" who ran games in WINE long before Valve ever did). :)
You don't need Steam; you can just use Lutris, where you even have a Flatpak.
Maybe you know this, but steam does more than get games playing on Linux. They (Valve?) have a group that develops drivers for AMD gpus on Linux. Their contributions still may not ve limited to just that primarily, but if there wasn’t Valve it would seem we’d have a lot less to play on Linux at the very least.
A lot of their work on proton also gets upstreamed back into wine, so even for those not using proton, they're still benefiting quite a bit in recent years from all of the work Valve has done on that front.
Even installing Gentoo today feels like cheating compared to what it was like in the early 2000s. It really does mostly just work these days.
Wanted to play Helldivers with my boys from back home. They're on Xbox, I'm on Linux, guess who could play it?
I love that Arch is a better gaming platform than Xbox these days.
Yeah Rust is non-functional for that reason sadly, but otherwise I'm loving my Linux life; most eveything else works great. Valve have done us a great service with Proton.
Online games with ring 0 anticheats not working on Linux is a feature actually
> do we know some rogue process isnt vacuuming up your keystrokes?
The standard for holding a belief isn't "can you prove it is not so?", but "on the balance of evidence, is it likely to be so?".
If you believe everything you can't disprove, you'll hold an awful lot of bizarre and contradictory beliefs.
In the past I have spent some time believing some things simply because I couldn't disprove them, it is not good for the soul.
> The standard for holding a belief isn't "can you prove it is not so?", but "on the balance of evidence, is it likely to be so?".
IANAP, but I don't think everyone agrees with that framing. Epistemology is a big topic.
On a related note, not believing some things because you cannot prove them is a road to naivety.
For me personally, based on the plethora of evidence given by other online platforms and applications, I think it's perfectly sane to assume that yes, your data is being slurped and logged. Maybe that's not a bad thing, maybe it is, but at this point I think that ship has sailed.
Can I prove it? No, mostly because the manufacturers have specifically designed it in such a way to be unprovable.
> based on the plethora of evidence
Yep, this is fine.
I'm not saying "don't believe anything you can't prove". I'm saying "don't believe everything you can't disprove".
Believe based on evidence, as you appear to be doing.
Windows is spying on your use of System Settings? Good evidence.
Linux process is spying on your keystrokes? No evidence.
The fact that our currently popular operating systems don't enable users to trivially 'disprove' such possibilities really shows how shitty they all are
What is a way in which you could disprove this?
How could you disprove that the Ubuntu ISO doesn’t do the same thing?
Well apart from monitoring network traffic, with Ubuntu you can examine the source code for anything that you don't trust or dive into what system calls an application makes by using "strace".
How is this different for Windows? Can’t you monitor Windows network traffic as well?
Does Ubuntu provide reproducible builds? How do you disprove that the source code isn’t for the thing that you’re downloading?
The (not so) revealing thing here is that this isn’t a technical problem, but that Microsoft has just completely lost the trust of people.
even without reproducible builds, you (or someone you hire or someone who's motivated) can get the source and create a drop-in replacement.
This is even more true on some other distros, eg Gentoo.
Without source and rights, Windows fails completely here.
Well you can try monitoring Windows network connections, but Microsoft do seem to love obfuscating it with connections to multiple different domains that they own.
You can't even look at the Windows source code, so your question about reproducible builds seems to be moving the goalposts somewhat.
Also, is there something like "strace" on Windows?
Edit: just looked it up and Ubuntu doesn't enforce reproducible builds, although with their new "Monthly Snapshots", Canonical is moving towards reproducible build pipelines.
What is Ubuntu's source code worth for when you download precompiled binaries without checking if they were built with that source code?
That's your choice to do that and depending on your threat model, you may have some level of trust in Canonical to not screw over their customers.
I asked my original question very deliberately.
At the end of the day, it’s just about trust and reputation. I see no technical difference here for the ability to disprove random claims.
The necessary technical and UI/UX difference would be capability-based (https://en.wikipedia.org/wiki/Capability-based_security) microkernels like Sel4 or Genode combined with high level user interfaces that allow one to monitor and control the rights and actual resource access and usage of programs
However, it is possible to audit the Ubuntu software against the source code which is something that you cannot do with Windows. That is a technical difference even if you don't acknowledge it.
Also, Linux does make it much easier to determine your level of trust as the different components can be analysed/verified independently (although systemd is a bit of a monolith) whereas it's a lot trickier to isolate Windows components.
I think that was also the common approach to paranoia about your privacy pre-Snowden. But he kind of ended that discussion for many, although denial or ignorance is probably better for your soul indeed.
He didn't end the discussion, he presented evidence. When you receive updated evidence you should update your beliefs.
He presented good evidence that big corporations are co-operating with the NSA, or something, but he didn't present any evidence at all that regular Linux distros are monitoring all your keystrokes. As far as I know.
To just wildly speculate about mass surveillance without evidence is just baseless conspiracy theories, you really have nothing to worry about. Hope that helps.
Playing games on Linux nowadays works like a charm. I had no issues with any Steam or Epic sore games whatsoever.
Many games I would like to play are Windows-only, so that kind of sucks, but then again, I installed Windows 11 just for this purpose. So not complaining, until my programs and games will stop working when Windows 13 (or whatever) comes out. I had to upgrade from Windows 9 to 11 because it became obsolete and unsupported.
> Many games I would like to play are Windows-only
Mine too, but I'll let you in on a secret:
https://www.protondb.com/
> Proton is a new tool released by Valve Software that has been integrated with Steam to make playing Windows games on Linux as simple as hitting the Play button within Steam.
But it does not offer me a clickable "Play" button for exclusively Windows games, unfortunately. Or is this something else? Or perhaps I have to do some configuration of some sort? I am really not sure. It works for games that have Windows + Proton (icon / logo), but the games I want have only windows.
It works out of the box here? Steam supports running most "Windows-only" games on Linux without trouble; you may just have to select the Proton version once.
I don't remember when I last encountered a game that didn't run. I'm sure those exist, mind. Perhaps I've just been lucky.
It does, you'll probably have to enable proton in Steam settings. Also, in the store pages, you can see Steam Deck compatibility rating (and details about that) which means linux in practice. Some warnings regarding small text in some games don't apply to bigger displays, of course.
Right click on the game in your library and choose Properties.
Then click Compatibility and tick "Force the use of a specific Steam Play compatibility tool". Choose a recent version of Proton.
You only need to do this once and then try the game as normal. It's not guaranteed to work with everything but it's worth a shot.
Thanks, I will try that!
I was super pissed when epic announced dropping Linux support for Rocket League. Once it was done, I fell in love with Proton, it ran better than both the native Linux version, and the Windows version on Windows.
> it returned 2021.1019.1.0, whatever that means
That looks like a version number...
Would like to see more of the captured data, because a simple "about" dialog, would also need to call some server to check, if it software is in the latest version. To display the "you have the latest version" label.
This is United Statians being the victims of their own crazy date writing style again. (-:
Michael Horowitz did this on 2021-10-22, and it returned the value 2021.1019.1.0.
Today, on 2025-06-07, it is publishing the value 2025.424.19.0. Which would be last April the 24th.
It's blazingly obvious that it's the last date that something downloadable got updated, with a version or sequence number of some kind. The zero in the final field is probably there because someone is using a 4-field version datatype. To publish a date.
I wouldn't be surprised if the final zero is actually intentional; it would allow incrementing it if you need to publish more than one version on the same date. It's not likely to be needed, but if something is on fire and you absolutely need to push out a quick fix, having to figure out what version to call it is probably the last thing you want to have to worry about.
Never attribute to some deeply sophisticated planned ahead engineering, that which can be satisfactorily explained by the fact that it's a lot easier to serialize and deserialize a System.Version in an HTTP body, in a universal fashion that will work for every computer in whatever locale, than it is a System.DateTime plus a separate sequence number. (-:
* https://learn.microsoft.com/en-gb/dotnet/api/system.version....
* https://learn.microsoft.com/en-gb/dotnet/api/system.version....
* https://learn.microsoft.com/en-gb/dotnet/api/system.datetime...
* https://learn.microsoft.com/en-gb/dotnet/api/system.datetime...
This is a reasonable reaction to this. I pause when accusations jump immediately to spying as other explanations can exist without adding to FUD and noise online. It's not always difficult to find the purpose of something either with a bit more digging.
I've seen something similar occur for some popular Youtube videos, too. A video author will fire up some arbitrary Windows setup, which can come bundled with third-party software and use Bing for various things including weather in the taskbar and queries in the search bar, then open Wireshark to scaremonger with DNS queries, accusing Microsoft of spying just for requests made by the services/programs/features they have enabled in their install.
When often cursory lookups of the domains in search engines show what their purpose is and are contrary to such videos' alleged (and worse, guessed) purpose.
It's a problem as there are legitimate concerns with certain aspects of Windows software with non-privacy respecting defaults but for an average user it gets muddled with irrelevant/incomplete info that doesn't lead to high quality actionable results.
They will probably use collected telemetry data to build a third "control panel" to go along with already existing "control panels".
I saw this happening in 11 too, not surprisingly. It's become increasingly difficult to get Windows to stay quiet on the network, although a lot of other software is also guilty of this background noise.
There's a potentially interesting article here where the content of the network requests and responses is investigated to find out what's happening, but this article isn't that - it just knee-jerks into cranky allegations of sPyiNg.
This sounds like standard telemetry to me, probably only ever studied on aggregate and so fairly anonymised data.
I'm not saying this is good, and I hope the EU mandates an effective OFF switch. But I don't see how Microsoft cares that you personally adjusted your screen brightness out of all the billions or so of data points they collect each day.
Maybe the NSA's permanent record programme has some use for this?
The usual reason for this kind of telemetry is to figure out which features users are using and which they aren't. That guides decisions about what to invest in, what can more or less safely deprecated, and can even help with promotions.
And with all kinds of telemetry they collected, they managed to create the pinnacle of UI/UX redesign, as shown in the Settings Panels in Windows 11, right?
No, that statement was not about Windows, but about the argument for telemetry in general.
Is it still like the archeological dig that was Windows 10 settings?
settings panel is great, its modern and easy to use
People are weirdly attached to Control Panel. What's better: Control Panel -> Network and Internet -> Network and Sharing Center -> Change Adapter Settings -> Properties on selected NIC -> IPv4 -> Properties to set a static IP or Settings -> Network and Internet -> Ethernet -> IP Assignment
People got used to where things were. That does no indicate good UX/UI.
The problem is that this doesn't let you configure X detail about the NIC, most users don't need to ever configure that so they don't have that option in their updated control panel. The problem is that sometimes people do need to configure X, Microsoft can't just say to people you can no longer configure X, if it's a necessity for some use-cases. Their solution is to just leave the old legacy control panel software laying around forever for those situations. And that's bad UX/UI and bad for security, to leave this ancient unmaintained code on everyone's system.
Just because of incompetent modern design department "simplifying" everything to a point of unusability. Is windows supposed to be used for serious applications or is it just a consumer product for tech-illiterates? Microsoft doesn't seem to know. Why can I even buy a "enterprise" or "professional" version, this is clearly not intended to be used by me.
I'm not sure that's directly on control panel so much as which windows version you pick to look at, over the years it's changed as they try to make it friendly to different audiences. In win2k it's not very deep to get at, by default there's network places on the desktop you can right click to skip a few steps. Similarly they could improve the win8+ settings app but presumably they think win11's version is the best they can offer.
out of touch from reality
people that use windows want simplicity (kids, old people, office worker that want get the job done etc)
Yeah the new settings is not advance but that's the point
> office worker that want get the job done
Then why the fsck gets in my way ? Why 1px borders when i have to resize windows ? Why no place on the titlebar when one can click and drag on second monitor ? Why the stupid taskbar where some windows are hidden and others not. Why the stupid alt-tab where it rearanges the window stack ? Why ?
> That does no indicate good UX/UI.
Good UX/UI is to constantly change things because users are idiots anyway. /s
> settings panel is great, its modern and easy to use
If you search on the internet where a settimg is hidden, sure.
literally most user only need settings to restart wifi/internet, windows update and uninstall app
the rest are one time settings only (or just using default settings from manufacturer)
So you're saying that decades of telemetry have shown to Microsoft that users increasingly want MORE and more telemetry and no way to turn it off?
I find that hard to believe.
And that users would like the start button to move to the center, the settings config GUI to change completely on every OS release and settings to be in 4 different places and that users don't want more than 1 taskbar row (win 11)? lol, yeah nahhh...
> to figure out which features users are using and which they aren't
Like resizing windows ? Scrollbars ? Title bars ?
A big window telling you that office needs to update when you have work to do (it cannot wait till end of the day).
They rounded the buttons and the windows' corners some months ago, so it must be some use to this "telemetry".
Apart from the reason of ”if they spy on this, who knows what else” and ”I don’t want to waste resources on telemetry” what is the reason to not allow a vendor to see which settings page you visit?
Obviously if you opt out (or rather, didn’t opt in) you shouldn’t be sending telemetry. But the line between a necessary network call and an optional one is often blurry.
As to other reasons apart from the violation of privacy: Every network call adds additional latency and slows down interactions with the OS. Every data gathering feature adds additional complexity to the implementation, takes attention away from other implementation work that could be done instead, and increases the risk of adding further mistakes to the implementation. Personally, I would like OS and application vendors to work on improving security and correctness of their programs and reducing latency instead of adding data gathering features.
> But the line between a necessary network call and an optional one is often blurry.
What would be an example of a necessary network call that an ideal OS (i.e., one that cannot be easily compromised and does not require updates around the clock to correct programming mistakes) has to perform on its own?
If a company is interested in how users use their applications and desperately need our data for it, they may be interested in funding dedicated studies and appropriately compensating users that send their data, if it is so valuable for the company.
> What would be an example of a necessary network call that an ideal OS [...] has to perform on its own?
Syncing the clock with NTP?
> Syncing the clock with NTP?
So every app, instead of querrying the OS, shall make a network call, to get the time from an NTP server ?
I don't understand how you got that. The question was about network calls that an OS would perform on its own.
Have you developed large applications with/without anonymous usage data?
You need a good volume of data and you aren’t going to want to pay for it for one simple reason: you can get it for free and only a tiny group of users are going to be upset enough by this.
Not sure what the reference to “ideal OS” is about. I thought this was about windows in particular.
Necessary network calls would be related to updates, licensing etc. But the thing is: they would be going “home” to the exact same servers as telemetry AND they would easily contain the same payload.
> You need a good volume of data
it is called testing. _Testing_. But of course, testing sucks and it's expensive.
Testing?
You can’t say how your users use your software through testing. Not by surveys/panels/interviews either.
But yes: alternatives are also morr expensive (which means it’s expensive for the end user). Users pay one way or another.
No, sorry. Testing answers “does the feature work?”. Usage telemetry answers questions like “was the feature a good idea?” and “are enough users successfully using the feature to justify the cost of creating/maintaining it?”.
Those are not questions for which pre-release testing can provide answers.
I’m not weighing in on opt-in vs opt-out, or on anonymization. Just saying that testing doesn’t cover this niche.
(Separately, I think you’re largely wrong about testing as well: crash dump collection is about finding issues that pre-release testing wouldn’t find at any price. For things like OSes especially, the permutation space of hardware * software * user behavior is too large. While I’m sure a few companies use crash reporting as a crutch to support anemic QA programs, I do not think that many do.)
This and also it's pretty obvious that the main goal of both Microsoft and Google is NOT to make the OS better for its users.
So the claim that telemetry is used to improve products is simply a lie IMO.
The fact that telemetry is sent at all for no apparent reason and deliberately without clear consent is an ironic example of this. The fact that it's been happening more and more over the past decades as the OS'es evolved is another confirmation of it.
I generally agree, though for system settings specifically, I wonder what kind of ad targeting would you get out of that?
Still think it shouldn't be there by default - it reduces privacy and is a lame excuse not to do (paid) user studies.
> for system settings specifically, I wonder what kind of ad targeting would you get out of that?
You get sensitive data out of system settings, such as for instance health data: Does the user have a vision or hearing impairment, use assistive technologies etc.?
> (paid) user studies
Would it count as a paid user study if enabling telemetry for Windows knocked $10 off of the price of your computer?
I can’t decide if that’s a neat idea or dystopic. Which, historically, probably means it’s dystopic and that plenty of people are already doing it.
I think “traditional” paid user studies often suffer from the same sampling problems that make political polls and behavioral paid medical studies less useful (you’re not surveying the average voter; you’re surveying the average voter who likes to answer polls). But maybe the “$10 off” idea would capture a broad enough demographic as to be more useful.
> What would be an example of a necessary network call that an ideal OS
DHCP
Not strictly necessary though.
I grew up sans DHCP with static IP assignments per device .. and still practice that on modern home networks and production networks.
The only DHCP calls here are made by foreign devices wanting an assigned address, which gets them on a narrow range on a side net.
In that case sure maybe not. However, most systems aren't run by deep experts but by regular users which expect a device to be plugged into a network and then have the capability to use the internet without user interference. That more or less necessitates DHCP.
> However, most systems aren't run by deep experts ...
Luckily static IP addresses can be set up by the majority of teenagers that just want to play Doom, etc.
At least that was the case decades ago .. is this now "deep knowledge" that necessitates that OS's have to use DHCP with no other option ?
Perhaps we have different understandings of the words "necessary" and "sufficient", etc.
>Every network call adds additional latency and slows down interactions with the OS.
...unless they're done asynchronously
The best way to think of it is the software must serve me, the owner of the computer, and nobody else.
Years ago when spyware was not the norm, there would be outrage if anyone caught some software sending as much as a single packet of data that was not legitimately initiated by the needs of the user/owner. We need to return to that mindset.
I think this is really simple: telemetry should be opt in, anonymous, and _in_ the interest of the user in the long term by the improvement of the software. Because it’s _not_ possible to get this information any other way through user studies etc.
If it’s hard to disable, contains any PII or sensitive info (urls, file names) then it’s not OK.
what is the reason to not allow a vendor to see which settings page you visit?
It's all about privacy; and by privacy, I don't mean the "privacy" that often gets thrown around by Big Tech to mean "only we can see what you do". What I do on my computer is none of their business.
Anonymous usage statistics means no one stores what _you_ do though. Obviously sending a url you visit or a file you open is way over the line. That’s about what you do. I think there is a difference between that and feature usage as counters only.
If it can be correlated (e.g. via TLS fingerprinting or other identifying information such as IP address), it's not anonymous.
Yes if it can be deanonymized then it’s not anonymous. Almost a tautology that.
You can’t send the telemetry over http without revealing an ip, but obviously that ip can’t be stored as part of the telemetry data. That’s PII and not anonymous at all.
Important: if I collect anonymous telemetry you better trust me that it’s anonymous when I say it is. Because if you don’t trust me on that then you can’t run the software at all (if it’s a piece of software that relies on web requests in some form at least). Otherwise why would you even trust that my opt in is respected? You have to trust software vendors of software that makes http requests. It’s as simple as that. You can use open source or try to inspect packets. Or firewall the software. But if it does (for example) one update check on startup which is common, then it’s almost impossible to tell whether it contains telemetry data. Because even the bare minimum request “this is FooApp 2.9.1 are there any updates” contains important usage stats: it’s +1 for the use counter and +1 for the v2.9 use counter!
I had written down many reasons but the onus should not be on people explaining why they don’t want to be tracked, in a society I’m happy to live in. Software is part of society.
But should developers not be allowed to have it in their software? So long as it has a label “this software sends usage stats, if you don’t like it don’t use it, or don’t opt in” should that be banned? Or is that acceptable?
> in their software?
I made mistake thinking it was user's software.
If the user develops something they can do it however they want. It’s not “theirs” because it’s installed on their machine. They can’t even control how it runs on their machine short of sandboxing it. They can choose to run it as the developer wanted or not at all.
You didn’t answer the question: should it be somehow banned?
> what is the reason to not allow a vendor to see which settings page you visit?
Because it's not their fucking computer!
Nothing about this is necessary.
Nothing here is "blurry".
The shitty thing isn’t phoning home, the shitty thing is doing what’s not described on the label.
If a piece of software says “this will do X if you run it” and then it does X then I don’t see the complaint (yes I realize lots of software uses dark patterns or doesn’t say what it does, especially windows, but _in principle_ I don’t think anonymous telemetry with good clear opt out/in is evil).
Hey, while you're not at home I'm actually using your house as a bachellor pad. Since you're not in, it doesn't affect you, so why complain about it?
I think I’m going to opt out
Sorry, we didn't give you those options. You get to choose "yes" or "maybe later", but we're 100% going to be using your property. Love, Microsoft, Google, and every other tech company who thinks this is the proper form of consent <3
For the sake of argument, the only interesting discussion about telemetry is about whether it’s ok when done right.
I don’t think anyone thinks it’s ok when it’s not done right (not anonymous, dark patterns for opt in/out, etc).
So it’s not a very interesting discussion to have since there is no one arguing for it.
Instead my argument is: when done right, anonymous telemetry isn’t “evil”. To be fair I don’t know if many argue it is either. There are a few absolutists that think not even opt-in telemetry is acceptable and that developers should do more expensive studies to find how their software is used. It’s really only those I disagree with.
'Done right' quickly becomes one of those no true scotsman arguments. Nothing in this world is fully done right.
Just from the top of my head: Telemetry means extra code, hence extra bugs and maintenance overhead. It costs you in extra ram/cpu/storage/network. The networking means NSA and friends have a beacon declaring a windows computer exists, and they probably can derive other facts from the message statistics. After Snowden, we should assume they have a backdoor and get the unencrypted data if they want.
All this assumes Microsoft has only the good of you as end user in mind, are not hackable, and can't be coerced by governements. All of this now and in the future.
'Done right' is not a good yardstick. There are tradeoffs needed, Microsoft decides which ones, and they decided the user has almost no voice in these tradeoffs, and doesn't even get to see te choices made. These tradeoffs are the interesting discussion.
Not having this info means you pay for unnecessary features, get bugs fixed slower, pay for expensive surveys or user studies etc. Sending it in and wasting some cpu/network may be the cheapest option. Because users are paying for it one way or another.
I have a similar anecdote about android. I was trying to change some setting, but my android phone has like 3 different places where settings can hide (the settings app, google settings app and vendor settings app). So anyway, I open one, search, open the other and so on. I must have opened and switched about 4 times, went through lots of menus, back and forth until I eventually found what I was looking for and changed the setting.
After finishing, like ~10-15 seconds later a "feedback gathering ..." alert popped up, and it was gone in like 5 more seconds. My complete guess is that the constant going back and forth between settings menus and apps triggered something and something got sent to goog. I don't know how I feel about it, but I think I'm mostly fine with that? It sounds like the kind of thing I'd want my products to improve on. In an ideal world I'd get a quick report about what was gathered, and have an option to accept/deny but... Dunno.
Just like with IE, Microsoft will lose domination in the OS space for no other reason than it just gave up.
It's maddening that they is a really capable OS sitting right underneath the layers of crap we have to deal with.
I'd love to have the inside insight on how MS see WINE and related products and how that compares to how they saw chromium versus Trident/EdgeHTML. I really wonder if windows by itself is a loss leader to other areas where they do make money and would love to stabilize the desktop side and outsource/"contribute" that to others to maintain, just so long as they could keep money coming in from office, user administration, support contracts, alongside the services side.
On a tangent I wonder a similar thing about nvidia/AMD carrying around decades worth of tweaks and fixes for old games within their GPU drivers (and matching that is a cost for entry for intel), could they shed a burden by opening that to projects like DXVK.
I wouldn't be surprised if they periodically collect a list of all the window titles.
I ditched Windoze 15 years ago and never looked back. There's never been an easier time to do it than now. Even if you can't do something on Linux, whatever it is isn't worth it. There's so much to do in life that it's more about choosing what not to do. Wherever possible choose love and generosity over hatred and greed.
I wish there was a law which mandated update, service and telemetry servers were on different cidrs.
There are frequently updates lists Windows telemetry IPs you can block using ipsets. But a Microsoft always seem to mix these IPs with legitimate services.
How to tell if Microsoft has changed their ways or if they're just playing a long game of embrace extend extinguish.
It's normal for programs to reach out to the internet for purposes other than spying on the user. Microsoft is a trustworthy company that wouldn't deploy spyware within an app included in the OS.
That's sarcasm, HN. That's how sarcasm looks like.
This is true. It can't be considered spyware as long as the beneficiary is publically traded.
Is this intentional devils advocacy for the sake of balancing an expected narrative? Outside of the rarely normative definition threshold as to what constitutes spyware or not, on what data / references (if any) do you base your impression on?
And how does a perception of company trustworthiness correlate with telemetry ethics that don't infringe in some way on 'basic digital human rights' (as defined by GDPR et al, say)?
>for the sake of balancing an expected narrative?
Yes, because there are many people on this site who also believe a packet being sent to microsoft = spying. A lot of these people grew up with or were influenced by people who grew before the prevelance of the internet when software engineering was still immature when programs typically didn't communicate with the internet on their own.
>do you base your impression on?
My impression is based off the employees who work there who I would trust wouldn't add things like taking webcam screenshots and sending them back to Microsoft to look at.
>how does a perception of company trustworthiness correlate with telemetry ethics
Consumers and businesses will lose trust in a business if the telemetry data is not anonymized properly and put under strict privacy controls.
Consumers and businesses will lose trust in a business
I think you're really taking the piss now. Guess how much people trust MS (and the rest of Big Tech) these days.
Overton window calculation usually starts at a minimum of two inputs without proximity requirements (except technical requirements like linguistics/ functional semantics)*
[ * Only because an opinion may appear too far removed from a given perceived spectrum-threshold for 'reasonable reasoning'.. should not necessitate collapsing the contrasting input to some purely sarcastic/humorous telos, especially when this stochastically undermines one's own chances for being afforded the inversely congruent gesture]
You must not be aware of the long history of Microsoft being very untrustworthy and lying about how their software behaves.
e.g. funding SCO to pursue a campaign against Linux users and threatening to take them to court for using Linux: https://www.cnet.com/tech/tech-industry/fact-and-fiction-in-...
e.g. DOS ain't done til Lotus won't run: https://www.proudlyserving.com/archives/2005/08/dos_aint_don...
and many, many more: https://en.wikipedia.org/wiki/Criticism_of_Microsoft
>DOS ain't fine til Lotus won't run
That article debunks that this was ever a thing.
I’m not asking this rhetorically: Are you being sarcastic?
No. Deploying spyware would break the trust that consumers and businesses have with Microsoft.
I am not sure if this is sarcasm.
But personal information leaving my private computer without my knowledge would be very close to to spyware.
Edit: Maybe I am to blind for sarcasm.
Tbf you installed it so you've consented to it. It's like installing a security camera in your own bathroom and then complaining about privacy.
More like a plumber tasked with "modernizing" your bathroom, who as part of the process installs the camera surreptitiously precisely so you won't complain about compromised privacy.
In any event it looks like that bridge is no longer for sale whole-hog. There were some fairly high bidders. A whole lot more people can enjoy the opportunity to participate through timesharing now though than ever before :)
Considering the domains this is likely a network test, though it may be reporting the results of the connection to bing.com to cxcs, which apparently collects telemetry.
On one hand, I get it - a lot of us ping google.com to quickly check the network - doesn't mean we're sending spy data to Google. On the other hand, it would be nice if this was more transparent, perhaps asking if it can perform the test.