Was there ever any doubt about the direction they were going?Kai wrote:...Hopefully now i can ditch windows completely as i'm not happy about this news that Microsoft plans on adding all the Windows 10 spyware to both windows 7 and 8.
Added: Here's the reference where I learned about this change.
What has changed is that free software can pay by turning customers into products you can resell. The fact that people paid for something in the past does not exempt them from contributing to current revenue enhancement schemes. Privacy policies amount to declarations of intent that "we respect your privacy, and we'll still respect it in the morning." It is not clear that these place any meaningful restrictions on those who issue them to prevent resale of data to people who will use these in ways nobody has considered. (This protects the company selling that data from charges of criminal intent. Without criminal intent there can be no crime. Civil suits are based on specific harms like torts. When the trail of events is long and twisty, not to mention hidden by non-disclosure agreements, the chances of recovering damages are virtually zero.)
If you check your EULA you will see that M$ can change the terms at will. This is less an agreement between independent people than an oath of fealty.
Those who rely on assurances of anonymity should be aware that a modern researcher with computer access to public records was able to identify about 97% of those who contributed anonymous data to the original Kinsey report, and none of them used Facebook.
This doesn't let other companies off the hook. Google also collects a great deal of data about your on-line habits. It is clear they are reselling information to advertisers which result in targeted ads. Google also provides a good bit of free software like Chrome and Android, for which source is available. A big difference between Google and M$ is that M$ demands you accept an agreement stating you won't even think about how their software works. If you happen to figure anything out, you are forbidden to tell anyone.
They specifically rule out reverse engineering (which was used to construct BASIC interpreters, MSDOS and the ubiquitous non-IBM BIOS) and even work-arounds to defeat limitations of the software. (At one time, when M$ didn't have networking, something called NETBIOS provided a workaround for IBM machines that M$ was happy to have available. This would be legally impossible today.)
From the beginning M$ was built around grabbing all the intellectual property which was not nailed down and defended by packs of vicious attorneys, with every aspect of business protected by non-disclosure agreements. When they wanted to do something dodgy with potential blowback they always worked through other companies that could be folded up without harming M$.
This has recently become an issue with the discovery that National Security Letters can be used to compel a company to release data to the NSA, FBI, etc. while preventing even disclosure of the fact that such things exist.
If you take a look at the available text of contracts between businesses in different countries working with M$ you will find that these declare they always comply with the laws of that country. The laws of, for example, China, Russia (or even France or Germany) are likely to be firm on the subject of making data available to organs of state security.
So if a Chinese company (to choose a random example) signs a non-disclosure agreement with M$, and later provides the Chinese government with full source for Windows, and a list of zero-day exploits, M$ is off the hook. Likewise, if that company inserts code in the version of Windows on machines it ships making them vulnerable to hacking, once again this has nothing to do with M$.
We have heard about U.S. companies inserting backdoors in networking equipment the NSA could exploit. The subject of backdoors in Chinese networking equipment remains open.
The entire M$ empire was built around acquisition of intellectual property, non-disclosure agreements and limitation of legal liability. What seemed harmless in a U.S. context now has become questionable. The whole subject of what this means in other legal environments is largely unexplored.
The underlying philosophy has been that it is OK for the "right people" to hold all kinds of secrets about devices we use, and how we use them, so long as they prevent the "wrong people" from finding out. The whole subject of security was essentially non-existent at the beginning, and has proceeded along the lines of "security through obscurity" ever since. The shoe which has not dropped is the extent to which M$ created a system vulnerable to exploitation, more by incompetence than intent, while actively cooperating with what they considered "the right people".
This has failed to such a remarkable extent that someone (allegedly Chinese) now has the SF 86 forms filled out by millions of people applying for U.S. security clearances. If you haven't had any contact with this subject you would be amazed at the intrusive nature of those questions. It appears that nobody is able to protect large collections of highly-sensitive information adequately. On the other hand, efforts to limit the collection of such information in a wide range of far less obvious contexts have been remarkably ineffectual.
You can find discussion of the problem in books like Data and Goliath by Bruce Schneier. A U.S. police perspective can be found in the book Future Crimes by Marc Goodman.
Unfortunately, the first example Goodman uses is the hack attack on Mat Honan of Wired. This took place in 2012, and cost him $1,690 just for partial data recovery from an SSD. We won't calculate the cost of the time and effort. He had the advantage of personal contacts all over the high-tech industries. He was using Apple devices, knowing full well the vulnerabilities of Windoze.
Hey Marc, 2012 is no longer the future.
Both Goodman and Schneier give M$ remarkably little blame for creating a situation ripe for exploitation. I wonder how much of their inside information came with NDAs attached. Even without these, I'm sure many of their sources would dry up if they exposed some information they have.
Schneier makes a serious error of omission by not noticing that Edward Snowden made a big mistake if he thought the governments of China or Russia were defenders of individual privacy and freedom of expression. As it happens, we just passed an important milestone concerning the subject in Russia. Here's a link to a source with a detectable bias. Unfortunately, what they say can be confirmed via other sources.
The relationship between M$ and a wide range of security companies in different legal environments needs to be explored. What have they provided these companies, without ever mentioning the tacit assumption that this information will go straight to organs of state security?
Perhaps, you feel that you can trust Russia's FSB more than the NSA, CIA or FBI. You will definitely need to trust them, because they are deep in the Internet security business.
With this information in hand, the surprising breach of Kaspersky's systems assumes a different character. We are already far into the era of cyber warfare between nation states.