But personal information leaving my private computer without my knowledge would be very close to to spyware.
Edit: Maybe I am to blind for sarcasm.
In any event it looks like that bridge is no longer for sale whole-hog. There were some fairly high bidders. A whole lot more people can enjoy the opportunity to participate through timesharing now though than ever before :)
And how does a perception of company trustworthiness correlate with telemetry ethics that don't infringe in some way on 'basic digital human rights' (as defined by GDPR et al, say)?
Yes, because there are many people on this site who also believe a packet being sent to microsoft = spying. A lot of these people grew up with or were influenced by people who grew before the prevelance of the internet when software engineering was still immature when programs typically didn't communicate with the internet on their own.
>do you base your impression on?
My impression is based off the employees who work there who I would trust wouldn't add things like taking webcam screenshots and sending them back to Microsoft to look at.
>how does a perception of company trustworthiness correlate with telemetry ethics
Consumers and businesses will lose trust in a business if the telemetry data is not anonymized properly and put under strict privacy controls.
I think you're really taking the piss now. Guess how much people trust MS (and the rest of Big Tech) these days.
[ * Only because an opinion may appear too far removed from a given perceived spectrum-threshold for 'reasonable reasoning'.. should not necessitate collapsing the contrasting input to some purely sarcastic/humorous telos, especially when this stochastically undermines one's own chances for being afforded the inversely congruent gesture]
Only spyware "communicate with the internet on their own". There is no reason a program shall connect to the internet without user requesting it.
e.g. funding SCO to pursue a campaign against Linux users and threatening to take them to court for using Linux: https://www.cnet.com/tech/tech-industry/fact-and-fiction-in-...
e.g. DOS ain't done til Lotus won't run: https://www.proudlyserving.com/archives/2005/08/dos_aint_don...
and many, many more: https://en.wikipedia.org/wiki/Criticism_of_Microsoft
That article debunks that this was ever a thing.
Obviously if you opt out (or rather, didn’t opt in) you shouldn’t be sending telemetry. But the line between a necessary network call and an optional one is often blurry.
It's all about privacy; and by privacy, I don't mean the "privacy" that often gets thrown around by Big Tech to mean "only we can see what you do". What I do on my computer is none of their business.
You can’t send the telemetry over http without revealing an ip, but obviously that ip can’t be stored as part of the telemetry data. That’s PII and not anonymous at all.
Important: if I collect anonymous telemetry you better trust me that it’s anonymous when I say it is. Because if you don’t trust me on that then you can’t run the software at all (if it’s a piece of software that relies on web requests in some form at least). Otherwise why would you even trust that my opt in is respected? You have to trust software vendors of software that makes http requests. It’s as simple as that. You can use open source or try to inspect packets. Or firewall the software. But if it does (for example) one update check on startup which is common, then it’s almost impossible to tell whether it contains telemetry data. Because even the bare minimum request “this is FooApp 2.9.1 are there any updates” contains important usage stats: it’s +1 for the use counter and +1 for the v2.9 use counter!
> But the line between a necessary network call and an optional one is often blurry.
What would be an example of a necessary network call that an ideal OS (i.e., one that cannot be easily compromised and does not require updates around the clock to correct programming mistakes) has to perform on its own?
If a company is interested in how users use their applications and desperately need our data for it, they may be interested in funding dedicated studies and appropriately compensating users that send their data, if it is so valuable for the company.
Syncing the clock with NTP?
So every app, instead of querrying the OS, shall make a network call, to get the time from an NTP server ?
So the claim that telemetry is used to improve products is simply a lie IMO.
The fact that telemetry is sent at all for no apparent reason and deliberately without clear consent is an ironic example of this. The fact that it's been happening more and more over the past decades as the OS'es evolved is another confirmation of it.
Still think it shouldn't be there by default - it reduces privacy and is a lame excuse not to do (paid) user studies.
Would it count as a paid user study if enabling telemetry for Windows knocked $10 off of the price of your computer?
I can’t decide if that’s a neat idea or dystopic. Which, historically, probably means it’s dystopic and that plenty of people are already doing it.
I think “traditional” paid user studies often suffer from the same sampling problems that make political polls and behavioral paid medical studies less useful (you’re not surveying the average voter; you’re surveying the average voter who likes to answer polls). But maybe the “$10 off” idea would capture a broad enough demographic as to be more useful.
You get sensitive data out of system settings, such as for instance health data: Does the user have a vision or hearing impairment, use assistive technologies etc.?
You need a good volume of data and you aren’t going to want to pay for it for one simple reason: you can get it for free and only a tiny group of users are going to be upset enough by this.
Not sure what the reference to “ideal OS” is about. I thought this was about windows in particular.
Necessary network calls would be related to updates, licensing etc. But the thing is: they would be going “home” to the exact same servers as telemetry AND they would easily contain the same payload.
it is called testing. _Testing_. But of course, testing sucks and it's expensive.
Those are not questions for which pre-release testing can provide answers.
I’m not weighing in on opt-in vs opt-out, or on anonymization. Just saying that testing doesn’t cover this niche.
(Separately, I think you’re largely wrong about testing as well: crash dump collection is about finding issues that pre-release testing wouldn’t find at any price. For things like OSes especially, the permutation space of hardware * software * user behavior is too large. While I’m sure a few companies use crash reporting as a crutch to support anemic QA programs, I do not think that many do.)
You mean you implement something even if nobody asked for it ? Wow.
The project really has some spare budget.
You can’t say how your users use your software through testing. Not by surveys/panels/interviews either.
But yes: alternatives are also morr expensive (which means it’s expensive for the end user). Users pay one way or another.
DHCP
I grew up sans DHCP with static IP assignments per device .. and still practice that on modern home networks and production networks.
The only DHCP calls here are made by foreign devices wanting an assigned address, which gets them on a narrow range on a side net.
Luckily static IP addresses can be set up by the majority of teenagers that just want to play Doom, etc.
At least that was the case decades ago .. is this now "deep knowledge" that necessitates that OS's have to use DHCP with no other option ?
Perhaps we have different understandings of the words "necessary" and "sufficient", etc.
...unless they're done asynchronously
Years ago when spyware was not the norm, there would be outrage if anyone caught some software sending as much as a single packet of data that was not legitimately initiated by the needs of the user/owner. We need to return to that mindset.
If it’s hard to disable, contains any PII or sensitive info (urls, file names) then it’s not OK.
I made mistake thinking it was user's software.
You didn’t answer the question: should it be somehow banned?
I don’t think anyone thinks it’s ok when it’s not done right (not anonymous, dark patterns for opt in/out, etc).
So it’s not a very interesting discussion to have since there is no one arguing for it.
Instead my argument is: when done right, anonymous telemetry isn’t “evil”. To be fair I don’t know if many argue it is either. There are a few absolutists that think not even opt-in telemetry is acceptable and that developers should do more expensive studies to find how their software is used. It’s really only those I disagree with.
Just from the top of my head: Telemetry means extra code, hence extra bugs and maintenance overhead. It costs you in extra ram/cpu/storage/network. The networking means NSA and friends have a beacon declaring a windows computer exists, and they probably can derive other facts from the message statistics. After Snowden, we should assume they have a backdoor and get the unencrypted data if they want.
All this assumes Microsoft has only the good of you as end user in mind, are not hackable, and can't be coerced by governements. All of this now and in the future.
'Done right' is not a good yardstick. There are tradeoffs needed, Microsoft decides which ones, and they decided the user has almost no voice in these tradeoffs, and doesn't even get to see te choices made. These tradeoffs are the interesting discussion.
Because it's not their fucking computer!
Nothing about this is necessary.
Nothing here is "blurry".
If a piece of software says “this will do X if you run it” and then it does X then I don’t see the complaint (yes I realize lots of software uses dark patterns or doesn’t say what it does, especially windows, but _in principle_ I don’t think anonymous telemetry with good clear opt out/in is evil).
People got used to where things were. That does no indicate good UX/UI.
people that use windows want simplicity (kids, old people, office worker that want get the job done etc)
Yeah the new settings is not advance but that's the point
Then why the fsck gets in my way ? Why 1px borders when i have to resize windows ? Why no place on the titlebar when one can click and drag on second monitor ? Why the stupid taskbar where some windows are hidden and others not. Why the stupid alt-tab where it rearanges the window stack ? Why ?
Good UX/UI is to constantly change things because users are idiots anyway. /s
Just because of incompetent modern design department "simplifying" everything to a point of unusability. Is windows supposed to be used for serious applications or is it just a consumer product for tech-illiterates? Microsoft doesn't seem to know. Why can I even buy a "enterprise" or "professional" version, this is clearly not intended to be used by me.
If you search on the internet where a settimg is hidden, sure.
the rest are one time settings only (or just using default settings from manufacturer)
I find that hard to believe.
And that users would like the start button to move to the center, the settings config GUI to change completely on every OS release and settings to be in 4 different places and that users don't want more than 1 taskbar row (win 11)? lol, yeah nahhh...
Like resizing windows ? Scrollbars ? Title bars ?
A big window telling you that office needs to update when you have work to do (it cannot wait till end of the day).
They rounded the buttons and the windows' corners some months ago, so it must be some use to this "telemetry".
There are frequently updates lists Windows telemetry IPs you can block using ipsets. But a Microsoft always seem to mix these IPs with legitimate services.
After finishing, like ~10-15 seconds later a "feedback gathering ..." alert popped up, and it was gone in like 5 more seconds. My complete guess is that the constant going back and forth between settings menus and apps triggered something and something got sent to goog. I don't know how I feel about it, but I think I'm mostly fine with that? It sounds like the kind of thing I'd want my products to improve on. In an ideal world I'd get a quick report about what was gathered, and have an option to accept/deny but... Dunno.
The standard for holding a belief isn't "can you prove it is not so?", but "on the balance of evidence, is it likely to be so?".
If you believe everything you can't disprove, you'll hold an awful lot of bizarre and contradictory beliefs.
In the past I have spent some time believing some things simply because I couldn't disprove them, it is not good for the soul.
He presented good evidence that big corporations are co-operating with the NSA, or something, but he didn't present any evidence at all that regular Linux distros are monitoring all your keystrokes. As far as I know.
How could you disprove that the Ubuntu ISO doesn’t do the same thing?
Does Ubuntu provide reproducible builds? How do you disprove that the source code isn’t for the thing that you’re downloading?
The (not so) revealing thing here is that this isn’t a technical problem, but that Microsoft has just completely lost the trust of people.
You can't even look at the Windows source code, so your question about reproducible builds seems to be moving the goalposts somewhat.
Also, is there something like "strace" on Windows?
Edit: just looked it up and Ubuntu doesn't enforce reproducible builds, although with their new "Monthly Snapshots", Canonical is moving towards reproducible build pipelines.
At the end of the day, it’s just about trust and reputation. I see no technical difference here for the ability to disprove random claims.
Also, Linux does make it much easier to determine your level of trust as the different components can be analysed/verified independently (although systemd is a bit of a monolith) whereas it's a lot trickier to isolate Windows components.
This is even more true on some other distros, eg Gentoo.
Without source and rights, Windows fails completely here.
IANAP, but I don't think everyone agrees with that framing. Epistemology is a big topic.
For me personally, based on the plethora of evidence given by other online platforms and applications, I think it's perfectly sane to assume that yes, your data is being slurped and logged. Maybe that's not a bad thing, maybe it is, but at this point I think that ship has sailed.
Can I prove it? No, mostly because the manufacturers have specifically designed it in such a way to be unprovable.
Yep, this is fine.
I'm not saying "don't believe anything you can't prove". I'm saying "don't believe everything you can't disprove".
Believe based on evidence, as you appear to be doing.
Windows is spying on your use of System Settings? Good evidence.
Linux process is spying on your keystrokes? No evidence.
I will put a big disclaimer here that I don't play online games really and some are just fecked due to certain anti cheats.
I love that Arch is a better gaming platform than Xbox these days.
Praise be to Valve / Steam for their massive (and ongoing) push to make gaming viable on Linux for a wider audience outside the "nerd" crowd runnin' WINE from commandline, and various "retro" / classic console emulators (and of course "indie" games). Love bein' able to click "Play" and most games these days just run (despite my bein' one of those "nerds" who ran games in WINE long before Valve ever did). :)
Mine too, but I'll let you in on a secret:
> Proton is a new tool released by Valve Software that has been integrated with Steam to make playing Windows games on Linux as simple as hitting the Play button within Steam.
Then click Compatibility and tick "Force the use of a specific Steam Play compatibility tool". Choose a recent version of Proton.
You only need to do this once and then try the game as normal. It's not guaranteed to work with everything but it's worth a shot.
I don't remember when I last encountered a game that didn't run. I'm sure those exist, mind. Perhaps I've just been lucky.
That looks like a version number...
Would like to see more of the captured data, because a simple "about" dialog, would also need to call some server to check, if it software is in the latest version. To display the "you have the latest version" label.
I've seen something similar occur for some popular Youtube videos, too. A video author will fire up some arbitrary Windows setup, which can come bundled with third-party software and use Bing for various things including weather in the taskbar and queries in the search bar, then open Wireshark to scaremonger with DNS queries, accusing Microsoft of spying just for requests made by the services/programs/features they have enabled in their install.
When often cursory lookups of the domains in search engines show what their purpose is and are contrary to such videos' alleged (and worse, guessed) purpose.
It's a problem as there are legitimate concerns with certain aspects of Windows software with non-privacy respecting defaults but for an average user it gets muddled with irrelevant/incomplete info that doesn't lead to high quality actionable results.
Michael Horowitz did this on 2021-10-22, and it returned the value 2021.1019.1.0.
Today, on 2025-06-07, it is publishing the value 2025.424.19.0. Which would be last April the 24th.
It's blazingly obvious that it's the last date that something downloadable got updated, with a version or sequence number of some kind. The zero in the final field is probably there because someone is using a 4-field version datatype. To publish a date.
* https://learn.microsoft.com/en-gb/dotnet/api/system.version....
* https://learn.microsoft.com/en-gb/dotnet/api/system.version....
* https://learn.microsoft.com/en-gb/dotnet/api/system.datetime...
* https://learn.microsoft.com/en-gb/dotnet/api/system.datetime...
It's maddening that they is a really capable OS sitting right underneath the layers of crap we have to deal with.
On a tangent I wonder a similar thing about nvidia/AMD carrying around decades worth of tweaks and fixes for old games within their GPU drivers (and matching that is a cost for entry for intel), could they shed a burden by opening that to projects like DXVK.
Your windows photos app has over 122 tables [0] of analysis on every picture on your machine. It does facial recognition and more and likely reports a lot of this back to ms. That’s just one app!
[0] https://www.reddit.com/r/Windows10/comments/8zk1yy/a_simple_...
The link you cite though was careful to avoid making claims that couldn't be substantiated. It lists only what is in the database locally and the telemetry section doesn't include image content/metadata but user interactions with the app itself.
Isn’t this the literal definition of FUD? Fear, Uncertainty, and Doubt.
I would like to hope the orange site approaches this topic with more substance. Do the analysis of network traffic to see what gets sent home. Decompile the binary to check it out for these sorts of things. Don’t just write your anti-MS fanfic and pretend that it’s something meaningful.
People and object detection are pretty baseline features for a photo management app these days IMHO. I like that my photos app automatically finds all the photos of my dog.
That requires facial detection.
I use it, my family uses it, my friends use it. Anecdotal data to be sure. But I think if barely anyone used it you wouldn’t see it as a base feature in almost every photo sharing app.
You won't find that here if Microsoft/Windows is in the title. HN will default to FUD on anything from Redmond.
How many here complaining about analysis in the photos app on Windows also sync all their photos to iCloud or Google Photos, which does the exact same thing? I bet it's a lot.
I’d also like to think we could have a better discussion on HN than “big number scary”. 122 tables sounds like a lot, sure. They could denormalise the whole dataset and keep it in one table, key/value store style. Would that be better? It’s a photo app with facial recognition. Stands to reason that it needs to store facial recognition data.
I'm not saying this is good, and I hope the EU mandates an effective OFF switch. But I don't see how Microsoft cares that you personally adjusted your screen brightness out of all the billions or so of data points they collect each day.
Maybe the NSA's permanent record programme has some use for this?
It's not telemetry. You just have to look at the junk that gets put in that huge banner across the top of the system settings to figure out what this is. It's not reporting you to Microsoft. It's reporting stuff from Microsoft to you.
2021.1019.1.0 is, as I pointed out at https://news.ycombinator.com/item?id=44209402, a date. It's publishing a date from earlier this year now, in 2025. It's the date that something downloadable from Microsoft changed to a newer version. And in fact there are several things that got updated on April the 24th that are likely candidates here. There were update candidates for what this could be on October the 19th of 2021. The most likely is updates to Windows Update itself.
As for Bing: Well in M. Horowitz's screenshot one can see that it's showing the prompt to have the "full customer experience". On other machines, you'll find that that area contains little icons about the statuses of Microsoft Rewards, Microsoft Edge, Microsoft OneDrive, Windows Update, and others. It's fairly obvious that the System Settings program has to make HTTP(S) queries to on-line services to show all of this stuff, including asking Bing how many Microsoft Rewards the user has earned. I wouldn't be surprised if it simply always did that, even if it never displayed the icon. And those queries involve DNS lookups.
System Settings is querying various WWW services for the little icons at the top of its window, and the very prompt to run through the "full customer experience" dance that we can see right there in the screenshot.
davydm•11h ago
On one hand, I get it - a lot of us ping google.com to quickly check the network - doesn't mean we're sending spy data to Google. On the other hand, it would be nice if this was more transparent, perhaps asking if it can perform the test.