[Cryptography] Windows... Your choice but make it informed.
bear at sonic.net
Wed Jul 29 13:41:50 EDT 2015
What Microsoft is up to these days...
Short version: "All your data are belong to us."
This is about Windows 10, not the one you probably
have installed on your machine now. Anyway it's where
MS is apparently going.
Crypto Relevance: If you turn on device encryption,
the new Windows automatically encrypts the drive and
backs it up to Bitlocker. And then backs up your
Bitlocker key to your OneDrive account. In the clear.
And their new "non-privacy agreement" gives them
permission to vacuum up and use whatever is on your
OneDrive account. What could possibly go wrong?
The rest of this is privacy-relevant, not specifically
cryptographic. But it shows what your cryptography
protects (or more accurately doesn't) in the new
When you log in, it immediately syncs all your settings
*and data* to the company's servers. Including such gems
as browser history, saved app data, documents, mobile
hotspot passwords, wi-fi network names and passwords....
Also, there's a virtual assistant. Remember Clippy?
It's gotten much better. Now it's called 'Cortana'
because everybody got used to hating it when it was
still Clippy. Know why it's gotten so much better?
from the new non-privacy agreement....
> To enable Cortana to provide personalized experiences
> and relevant suggestions, Microsoft collects and uses
> various types of data, such as your device location,
> data from your calendar, the apps you use, data from
> your emails and text messages, who you call, your
> contacts and how often you interact with them on your
> Cortana also learns about you by collecting data about
> how you use your device and other Microsoft services,
> such as your music, alarm settings, whether the lock
> screen is on, what you view and purchase, your browse
> and Bing search history, and more.
... and more. Don't you just love that? "And more."
Geez, what else could they possibly collect? You know
what? I think I still hate Clippy.
I also like the bit about Windows generating a unique
"advertising id" for every user on every device, and
automagically sharing it with every advert you encounter
online, in email, or anywhere else. Just, you know, so
every advertiser in the world, and anybody else who
accesses that service, knows exactly who you are and
exactly what other websites you've ever visited,
whether or not you delete cookies or do any of that
other inconvenient "privacy" behavior. Don't you just
love knowing that when you access your company website
all the advertisers (and your boss too if she cares)
will know about the porno site you visited last
Wednesday? Don't you just love the idea of the
"personalized" ads that might pop up during a demo
of a new web app, when everybody in the conference
room can see your screen?
Uh, guys? Considering as Windows users no longer
control their own passwords, even their wi-fi and
network passwords, and pretty much can't no matter
how sensitive anything they're working on might be
without going through a lot of pretty non-obvious
contortions and registry editing and settings changes,
which judging from past behavior will probably get
silently undone during some service pack or patch
or other "upgrade", from now on Windows users get
their own segment on my networks. I'm firewalling
them off from everything important.
More information about the cryptography