Security researcher accuses Microsoft of 'sneaky data mining' in Windows 10
Ah, you can never get enough paranoia nowadays, can you? Security researcher Mike Patterson -- founder and CEO of security analytics organization Plixer -- says Microsoft's Windows 10 sends encrypted data from your machine every five minutes, and there’s basically very little you can do to stop it.
Even when he opted out of everything he could find, regarding data transfer, the OS still continued to do it. The weirdest part about it is that you can’t really determine what is being sent. The content was encrypted so that it is impossible to know what’s going out, essentially hiding this information from the end-user.
Patterson also said he discovered a group policy feature called Allow Telemetry, which determines how many telemetry details are being sent back to the company. The only way to eliminate this, according to Patterson, is to get Windows 10 Enterprise. Or, you can switch to another OS, I guess.
But Microsoft is not the only company doing this. McAffee is sending back data, and so is Plantronics, the researcher claims. "It’s unfortunate that many reputable brands are knowingly engaging in 'sneaky data mining' without providing upfront details to consumers", comments Rahul Kashyap, EVP and chief security architect at Bromium. "Moreover, it is important that users should absolutely be told -- how long this data will be stored, the security of the data and what will it be used for. Failing to comply is a breach of consumer trust. The impact of mining such user behavior can lead to users getting targeted by ads, mails, phone calls etc. and if it goes in the wrong hands -- it could lead to targeted attacks. The current trend is disturbing and cyber laws need to be enforced to protect unsuspecting consumers".
"This is actually a widespread problem; not only with software we install, but with many free web application as well", adds Andy Green, senior technical specialist at Varonis. "Far too many treat your data in the same way as Plantronics and McAfee. The core issue is the Terms of Service that we robotically click on. Since few of us read the Terms of Service, we as consumers are essentially signing a contract that allows the company to access behavioral and personal data. Typically, these ToS agreements say the company will not sell or share this data with third parties. That’s good. But it still means they are collecting it and there’s enough weasel language for them to get out of their claims that they restrict access. Of if you sign a ToS that allows ads, you’re now in dark area legally -- you’ve essentially given up an expectation of privacy. Consumers have some legal protections here (in the US) but often the ToS is written to get around the few relevant laws".
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.