Story 2015-01-27 2WSZ Microsoft admits Windows 10 preview has a keylogger

Microsoft admits Windows 10 preview has a keylogger

by
Anonymous Coward
in security on (#2WSZ)
Microsoft has admitted that the new Windows 10 operating system tracks keystrokes and examines audio input. The new operating system, currently a free download for users with Windows 7 and Windows 8 licences, not only tracks how long it takes to open different types of files, the make and model of device you're using, but it's also logging keystrokes and collecting voice recordings. Microsoft will not delete data already collected from Windows 10 users.
Reply 19 comments

Landmine (Score: 2, Interesting)

by Anonymous Coward on 2015-01-27 11:22 (#2WT0)

I was considering throwing this on a machine for testing. Keystroke logging? Audio capture? Even for a Dev build NFW. Who seriously thinks any of this is a good idea? No. Just, no. Not even for OS feedback. Hire some Testers Microsoft.

Re: Landmine (Score: 1)

by hairyfeet@pipedot.org on 2015-02-04 17:06 (#2WWP)

Oh lord here comes the bullshit, for those that care here are the facts...FACT its an ALPHA BUILD that is designed to catch bugs and let MSFT see what people like and use and what people avoid so they don't make another Windows Mist8ke Edition, it is NOT designed for daily use, THAT would be the Consumer Preview due in a couple months, okay? FACT it says quite clearly in the very large print EULA that you see upon installation EXACTLY what they are logging and again the WHY they are logging it, and as for the audio logging are you REALLY that out of the loop? One word......CORTANA! For those that do not know Windows 10 will come with Cortana which is a VOICE ACTIVATED assistant similar to Siri. Because she is voice activated there is plenty of things about your average audio they need to know like 1.- What level is the average background noise, 2.- what level most like their music at, 3.- What is a good level for Cortana as far as mikes go, 4.- How hot the average laptop or desktop mike is so they can have a safe level, and so on. This is common sense folks, gonna use voice commands? you gotta know this shit.

I urge the non tinfoil hatters to give it a go, I have it running on the weakest thing I currently have (I believe in testing an OS on weak hardware as if it runs good there? It'll run that much better with more resources) which is an AMD E350 netbook with 8GB of RAM and a 5400RPM 320GB drive. On Win 7 while it was okay once everything loaded getting it to that point was slllllooooowwwww as Xmas, Windows 10? WWWOOOOOOO HOOOOO BABY YEAH this baby boots nearly as fast as my hexacore desktop! Its punchy, responsive, hell I've used stripped down gamer builds of XP and 7 that wasn't THIS fast and responsive, its fricking great and that is with all the drivers running in compatibility mode!

OS or Spyware... whats the difference? (Score: 3, Insightful)

by powysbiker@pipedot.org on 2015-01-27 13:00 (#2WT1)

I wouldn't want to enter banking details etc on any machine with a key-logger whether supposedly innocuous or not. They say they'll share the data with selected partners... that makes it even worse, not only do they get it to call home with the data but then they broadcast it to all their mates.

Obnoxious (Score: 1)

by nightsky30@pipedot.org on 2015-01-27 23:49 (#2WT2)

They are really trying hard to match the likes of Sony with bundled malware, aren't they? I refuse to use their stuff. Haven't run a Windows box at home in years, and only ran one on the job because it was required of me.

Do you think they'll take the keylogger out of the final release, just disable it by default, or just comment out the code? I'm betting the second option as a backdoor.

Re: Obnoxious (Score: 0)

by Anonymous Coward on 2015-01-28 01:05 (#2WT3)

Backdoor. Why toss out useful code.

Don't really care (Score: 1)

by tanuki64@pipedot.org on 2015-01-28 16:15 (#2WT4)

Yep, from time to time I use Windows.... To start a game. Since I never play online, the first thing I do, is to disable the network in Windows. Thoroughly. No hassle with updates at inconvenient times. Malware? I don't care. Without network the worst thing that can happen is that a few game saves are destroyed. If I need to install something? I mount a partition under Linux and copy the setup or iso images on it. If I really need to be online to install something... Never happened before... I can enable network. In that case I might become part of a bot network... for 20-30 minutes? I could live with that. Personal data? Again only saves.

So I am not afraid of whatever ugly things can be found in Windows 10. On the other hand, I need a very compelling reason to change. With my use case I could still use XP without risk. The only reason I have Windows 8.1 is that I bought a new computer a few weeks ago. :-)

Re: Don't really care (Score: 0)

by Anonymous Coward on 2015-01-29 10:29 (#2WT9)

A few weeks? Give it a couple more days. My bet is that your new pc will either be flying out of a window or formatted.

Re: Don't really care (Score: 1)

by tanuki64@pipedot.org on 2015-01-29 12:58 (#2WTC)

why?

Re: Don't really care (Score: 2, Interesting)

by morgan@pipedot.org on 2015-01-29 14:48 (#2WTG)

Not the AC, but I'd say because Windows 8.1 has a bad reputation for ease of use and is known to enrage some people (even Microsoft fans).

Personally, as long as it's on a touch device, I really like 8.1. I have an HP Stream 7 tablet with it and it works great. I tried it on a traditional PC with a keyboard and mouse and it was a different story; I'll stick to Windows 7 until Windows 10 is released, and possibly beyond. Not quite "throwing my computer out the window", but it is definitely a huge step backwards in traditional PC interface design.

As for the keylogging in Windows 10 Preview, I thought Microsoft disclosed that on day one? I know that when I downloaded the Preview for testing, I had to read a disclosure about what information they gather and how they use it. It was right there in the disclosure. I was fine with it because I had no intention of using it to access my bank account, or my real Windows Live ID, or any of my other online accounts, and it lives in a VM that I have complete control over. Anyone who would use their real credentials when testing out alpha level software, especially an OS, especially one that tells you upfront it's logging keystrokes, isn't really a smart cookie.

Re: Don't really care (Score: 1)

by tanuki64@pipedot.org on 2015-01-30 21:43 (#2WV5)

Not the AC, but I'd say because Windows 8.1 has a bad reputation for ease of use and is known to enrage some people (even Microsoft fans).
From my initial post you can clearly see that I am not really in Windows user. But for the few things I do with it, I don't see a difference between Windows 7 and 8. On Windows 8 I had to change some settings so that I don't boot into the tile crap. But this was a one time effort, and even I was able to do it. No I get immediately into the desktop. I have the explorer to browse the file system, and when I have installed a game, I have an icon on the desktop. No difference to Windows 7 or XP at all. Ok, the start menu looks different. But the only time I see it, is when I shutdown the machine.

I am certainly no Windows lover, on the contrary, when I am forced to use it, it always feels like I am wearing boxing gloves. But I don't understand the Windows 8 hatred.

Re: Don't really care (Score: 1)

by morgan@pipedot.org on 2015-01-31 14:48 (#2WV8)

Sorry, I didn't mean to imply that you are a Windows or Microsoft fan, it was obvious in your original comment that you aren't. I just meant that 8.1 on the desktop can be so bad that even fans of the older Windows releases will shun it. Personally, as I said I like it on touch devices but feel it's not good enough on the desktop. From what I've read, 10 will fix all the things I don't like about 8.1 and improve the OS across all devices that run it. I hope that's true, but I'll definitely be giving each preview release a hard look in VMs before I commit to permanently upgrading my 7 key to 10.

Re: Don't really care (Score: 1)

by tanuki64@pipedot.org on 2015-01-31 15:58 (#2WV9)

Oh, I understood you. I just wanted to make sure that I am not a fanboi, who defends everything Microsoft excretes. However, I just don't see the big difference between Windows 7 and 8. At least in 8.1 you don't have to see the touch part. For gamers... no difference at all. For people who just surf the net with whatever browser? No difference at all. For people, who use some office suite? No difference at all.

Tell me, which special use case can now be done much worse than on Windows 7? A use case, which is so common, that really a noticeable percentage of the Windows users are bitten by it?

Re: Don't really care (Score: 1)

by morgan@pipedot.org on 2015-01-31 19:13 (#2WVB)

Probably nothing in general, however I've seen more than once a casual user get frustrated about being in classic desktop mode, downloading a file, let's say a PDF, and when they open it the desktop goes away and they are put in the horrid Metro version of Adobe Reader. That casual user will have no clue how to change the default to open it in classic Adobe Reader or Foxit Reader or any other alternative. They will just blindly, grudgingly accept the loss of functionality they had in Windows XP or 7 with classic desktop (non-touch-"enhanced") apps. Or clicking a URL in another program like Reader or their mail program, and instead of launching Firefox or Chrome or even desktop IE, it launches Metro IE, doesn't render properly, and they have no clue how to go back.

I could go on and on, but these are real world examples I've seen that completely break workflow with the abrupt shift to full screen apps. On a tablet it's not so bad since desktop mode is the red-headed stepchild on such a device; however, on a full desktop or even non-touch laptop with traditional keyboard and mouse, it's anything from annoying to frustrating to "screw this bullshit" level, depending on the user.

Re: Don't really care (Score: 1, Funny)

by Anonymous Coward on 2015-01-29 17:23 (#2WTK)

You're okay with them capturing audio and video and doing whatever they want with it? Ok, some people are that voyeuristic. I prefer a little privacy.

Re: Don't really care (Score: 3, Funny)

by Anonymous Coward on 2015-01-29 18:32 (#2WTM)

Use it to your advantage. Start googling "how to install linux" and make them worry.

Re: Don't really care (Score: 1)

by tanuki64@pipedot.org on 2015-01-30 21:34 (#2WV4)

No camera, no mic on my machine. And even if it was... how would they get the data, when I am never online?

Re: Don't really care (Score: 0)

by Anonymous Coward on 2015-02-06 16:41 (#2WXK)

ITYM exhibitionist. Voyeuristic are those watching.

overblown (Score: 2, Insightful)

by pete@pipedot.org on 2015-01-30 10:29 (#2WTZ)

I find this overblown, "microsoft admits..." - it was freely available knowledge, for those who actually read the terms when signing up to a Developer Technical Feedback Program...this isn't a free copy of windows; there is an expectation that your use will help improve the product. and its indicated in bold too.

Considering their target is 'Experts and IT pros', there is an expected, basic responsibility that lies with the user that A) you understood what you signed up for, B) you wouldn't be stupid enough to do anything private/critical on software released only for testing - its fundamentally insecure.

Its also not clear, when or where keystrokes are logged. Maybe its not a 24/7 thing, but based on specific interaction (windows key combos, etc.) - I don't know. I saw no mention of attempts to view the data captured. Anyone have technical insight?

Re: overblown (Score: 0)

by Anonymous Coward on 2015-02-06 16:46 (#2WXM)

That reasoning may apply to keystrokes, but it definitely does not apply to audio recordings. Not everything that is on audio is meant for that computer. What if you get a phone call during your tests, and talk about confidential stuff on the phone?