Now

Windows 10 Home and Pro has, right now, two levels of data collection, Basic and Full. When a computer is in Basic mode, Microsoft says Win 10 takes a note of the state of your hardware and its specifications, your internet connection quality, records of crashes and hangs by software, any compatibility problems, driver usage data, which apps you’ve installed and how you use them, and other bits and pieces.

In Full mode, shedloads more is sent over. It includes everything at the Basic level plus records of events generated by the operating system, and your “inking and typing data.” Engineers, with permission from Microsoft’s privacy governance team, can obtain users’ documents that trigger crashes in applications, so they can work out what’s going wrong. The techies can also run diagnostic tools remotely on the computers, again with permission from their overseers.
And next

In the Creators Update, aka Windows 10 version 1703, all this information will be collected in Basic mode. A lot of it is to help Microsofties pinpoint the cause of crashes and potential new malware infections, although it includes things like logs of you giving applications administrator privileges via the UAC, battery life readings, firmware version details, details of your hardware down to the color and serial number of the machine, which cell network you’re using, and so on.

Then there’s the information collected in Full mode, which includes everything in Basic plus your user settings and preferences, your browser choice, lists of your peripherals, the apps you use to edit and view images and videos, how long you use the mouse and keyboard, all the applications you’ve ever installed, URLs to videos you’ve watched that triggered an error, URLs to music that triggered an error, time spent reading ebooks, text typed in a Microsoft web browser’s address and search bar, URLs visited, visited webpage titles, the words you’ve spoken to Cortana or had translated to text by the system, your ink strokes, and more.

Source: Put down your coffee and admire the sheer amount of data Windows 10 Creators Update will slurp from your PC

This is just ridiculous!

The US House of Representatives has just approved a “congressional disapproval” vote of privacy rules, which gives your ISP the right to sell your internet history to the highest bidder.

The measure passed by 215 votes to 205.

This follows the same vote in the Senate last week. Just prior to the vote, a White House spokesman said the president supported the bill, meaning that the decision will soon become law.

This approval means that whoever you pay to provide you with internet access – Comcast, AT&T, Time Warner Cable, etc – will be able to sell everything they know about your use of the internet to third parties without requiring your approval and without even informing you.

Your ISP already knows quite a lot about you: your name and address, quite possibly your age, and a host of other personally identifiable information such as your social security number. That’s on the customer information side. On the service side, they know which websites you visit, when, and how often.

That information can be used to build a very detailed picture of who you are: what your political and sexual leanings are; whether you have kids; when you are at home; whether you have any medical conditions; and so on – a thousand different data points that, if they have sufficient value to companies willing to pay for them, will soon be traded without your knowledge.

Source: Your internet history on sale to highest bidder: US Congress votes to shred ISP privacy rules

This is just incredible, even in Trumpland: rape and pillage the peons!

Set up a VPN!

The ability for companies to follow you from one platform to another — from your phone to your laptop to a physical store — is called cross-device tracking, and for businesses that want to market and sell stuff to you, it is basically the holy grail.

With robust tracking, a company can follow you basically from the moment you wake up and check social media feeds on your phone, through your commute, to work, back through the evening, and once more to your bed at night.
[…]
To get there, the FTC recently held a workshop on Cross-Device tracking, and has now published a report [PDF] highlighting some key facts about this increasingly popular practice.

Source: 5 Things We’ve Learned About How Companies Track You Online And Off – Consumerist

These same organizations also employ the use of social media analytics in order to reach the best target audience. Many of the tracked pieces of information helps them in this regard. More accurate advertising is very beneficial to them for obvious reasons.

1. You don’t need always to be logged in to be tracked.
2. Cross-device tracking can actually improve account security.
3. Companies are not at all transparent about tracking practices.
4. Consumers have very little control.
5. The industry is working on some voluntary self-regulation… sort of.

A U.S. judge has ordered Google to comply with search warrants seeking customer emails stored outside the United States, diverging from a federal appeals court that reached the opposite conclusion in a similar case involving Microsoft Corp (MSFT.O).

U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.

The judge said this was because there was “no meaningful interference” with the account holder’s “possessory interest” in the data sought.

“Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,” Rueter wrote.

Source: Google, unlike Microsoft, must turn over foreign emails: U.S. judge

I guess Rueter finds that invasion of privacy is no meaningful interference.

California electronics maker Vizio will cough up $2.2m after its smart TVs spied on millions of people.

America’s trade watchdog, the FTC, said today the payment will settle a complaint filed by the state of New Jersey accusing Vizio of violating privacy regulations: the biz had collected the viewing habits of 11 million television sets throughout the country without warning or permission.

According to the state attorney general’s federal complaint [PDF], from February 2014 to March 2016, Vizio noted down exactly what its customers were watching and then resold all those records as summaries to third parties – which were mostly advertising companies.

The usage data was not only collected while customers were watching over-the-air or cable TV broadcasts, but also when they were watching DVDs or streaming video from websites and over-the-top services like Netflix.

Vizio harvested surveillance on people and their families so precise, it knew exactly what you were watching, second by second, and even took copies of the watched video, according to prosecutors. Additionally, we’re told, Vizio resold summaries of personal information about its customers it had gathered, including age, marital status, and household income, to advertisers without consent.

Source: Vizio coughs up $2.2m after its smart TVs spied on millions of families • The Register

No mention of the records having to be destroyed though?

Previously, tourists, travelers and visa holders were warned they may have to hand over their online account names and handles so their public profiles can be studied by border agents and immigration officials.

Now Kelly wants to take that further, by demanding passwords from some visa applicants so g-men can log into Twitter, Facebook, online banking accounts, and so on, and rummage around for any eyebrow-raising non-public posts, messages and transactions. If you refuse, you can’t come in.

“We want to say ‘what kind of sites do you visit and give us your passwords,’ so we can see what they do,” Kelly explained, in response to a question from Representative Clay Higgins (R-LA).

“We want to get on their social media with passwords – what do you do, what do you say. If they don’t want to cooperate then they don’t come in. If they truly want to come to America they’ll cooperate, if not then ‘next in line’.”
[…]
Kelly said this invasive vetting of people’s online personas and accounts could take weeks or months, and that applicants would just have to wait until it was done. Representative Higgins said he agreed, and was anxious for Homeland Security and others to start trawling through people’s social media pages. Higgins said handing over such credentials should be mandatory.

Source: Want to come to the US? Be prepared to hand over your passwords if you’re on Trump’s hit list • The Register

The 4th reich keeps getting scarier.

Phone numbers, browser histories, and social media posts are all examples of the sort of data that could be mined from those entering the US under Trump’s “extreme vetting” policy, Department of Homeland Security secretary John Kelly said today.

As Talking Points Memo reported, Kelly held a press conference this afternoon to discuss the president’s new (and massively unpopular) travel ban. When pressed to explain what the “extreme vetting” part of the order could involve, Kelly answered, “It might be certainly an accounting of what websites they visit.” He stressed, however, that the new rules—whatever form they may take—are still “under development.”

“It might be telephone contact information [and] social media,” he continued. “We have to be convinced that people that come here, there’s a reasonable expectation that we don’t know who they are and what they’re coming here for and what their backgrounds are.”

Source: Trump’s ‘Extreme Vetting’ for US Visitors Could Involve Social Media Posts and Browser Histories

Secret FBI rules allow agents to obtain journalists’ phone records with approval from two internal officials — far less oversight than under normal judicial procedures. The classified rules, obtained by The Intercept and dating from 2013, govern the FBI’s use of national security letters, which allow the bureau to obtain information about journalists’ calls without going to a judge or informing the news organization being targeted.

Source: Secret Rules Make It Pretty Easy for the FBI to Spy on Journalists

NEW YORK — The U.S. government quietly began requesting that select foreign visitors provide their Facebook, Twitter and other social media accounts upon arriving in the country
[…]
Since Tuesday, foreign travelers arriving in the United States on the visa waiver program have been presented with an “optional” request to “enter information associated with your online presence,” a government official confirmed Thursday. The prompt includes a drop-down menu that lists platforms including Facebook, Google+, Instagram, LinkedIn and YouTube, as well as a space for users to input their account names on those sites.
[…]
“There are very few rules about how that information is being collected, maintained [and] disseminated to other agencies, and there are no guidelines about limiting the government’s use of that information,” said Michael W. Macleod-Ball, chief of staff for the American Civil Liberties Union’s Washington office.
“The choice to hand over this information is technically voluntary,” he said. “But the process to enter the U.S. is confusing, and it’s likely that most visitors will fill out the card completely rather than risk additional questions from intimidating, uniformed officers — the same officers who will decide which of your jokes are funny and which ones make you a security risk.”

Opponents also worry that the U.S. change will spark similar moves by other countries.

“Democratic and non-democratic countries — including those without the United States’ due process protections — will now believe they are more warranted in demanding social media information from visitors that could jeopardize visitors’ safety,” said Internet Association general counsel Abigail Slater. ”The nature of the DHS’ requests delves into personal information, creating an information dragnet.”

Source: U.S. government begins asking foreign travelers about social media

The 4th Reich in action again.

Previously, when the NSA passed data it collected through its secretive, advanced, and sometimes illegal methods, an NSA analyst would strip the data that pertained to innocent people, and would only pass on what they deemed necessary. Now, when the NSA shares information with another intelligence agency, it will pass on the raw data, with no redactions. This means that employees and analysts at the 16 other federal intelligence agencies will now see raw, unfiltered data collected by the NSA.

The New York Times neatly summed up the changes: “Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.”
Setup Timeout Error: Setup took longer than 30 seconds to complete.

Patrick Toomey, a staff attorney at the American Civil Liberties national security project, slammed the sharing of raw data between agencies, noting that it’s all collected without a warrant.

Source: Way More People Will Now Have Access to the NSA’s Raw, Unfiltered Data

Microsoft offers two settings – on and almost off – and a dashboard of collected data

Source: New Windows 10 privacy controls: Just a little snooping – or the max

Incredibly MS just won’t listen and even more incredibly, I’m seeing a lot of windows 10 machines 🙁

https://www.theguardian.com/technology/2016/dec/28/amazon-refuses-to-let-police-access-suspects-echo-recordings
Just to remind you, the more smart devices you have, the more they listen to you. It’s just a totalitarian state away from being used against you. 

Now, instead of plugging in an address, you can sync up your contacts and choose a friend’s name. The lucky buddy will receive a request from Uber—via push notification if they’re an Uber user, and via text message if they’re not—to provide their location. If they accept, their location is then transmitted to the driver, and it becomes the user’s destination. In other words, if you often find yourself out on the town but too wasted to figure out where to tell your friends to meet you, this feature was made for you.

Of course, any feature that asks for a location is bound to bring up privacy issues, particularly for people who didn’t even sign up for the app in the first place. Uber, however, is dismissive of these concerns.

“We have an entire privacy team that thinks through these questions,” a spokesperson told Gizmodo.

The spokesperson told us that location requests are “static,” and expire after half an hour. For non-Uber users, the company claims the requests disappear after the allotted time; For Uber users, the app will maintain records of where they went, but not who they sent the request to. The spokesperson added that a user must give his or her location every time.

But given Uber’s previous privacy hijinks, these assurances ring just a tad hollow. Earlier this month, the app rolled out a different update that asked users for permission to track them even when they weren’t using the app. A few days later, it was hit with a lawsuit filed by a former employee who claimed that workers used the app to peep on celebrities and former lovers. The lawsuit was particularly troubling given that Uber claimed several years ago that it had already dealt with the problem.

Source: Uber’s Latest Update Is Even Creepier Than Its Last One