Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Software News (https://www.overclock.net/forum/226-software-news/)
-   -   [ZDNet] Dutch government report says Microsoft Office telemetry collection breaks GDPR (https://www.overclock.net/forum/226-software-news/1713656-zdnet-dutch-government-report-says-microsoft-office-telemetry-collection-breaks-gdpr.html)

tpi2007 11-18-2018 12:09 PM

[ZDNet] Dutch government report says Microsoft Office telemetry collection breaks GDPR
 
Quote:

Investigators said they've identified the "large scale and covert collection of personal data" through Office's built-in telemetry collection capabilities. They said Microsoft engages in this telemetry collection covertly and without properly informing users.

The report said investigators didn't find any official documentation about what information Microsoft collects through Office and no way of turning Office telemetry off, raising a serious privacy concern for all current Office users, regardless of geographical location.

Investigators admitted that Microsoft collected functional and diagnostics data that is usually a standard practice among software developers, but they also found that Office applications also collected actual content from users' applications, such as email subject lines and sentences from documents where the company's translation or spellchecker tools were used.
Quote:

Further, the investigation also found that Office telemetry collection is also far more expansive than the one in Windows 10.

Investigators said that Microsoft collects up to 25,000 types of Office events, data which is made available to up to 30 engineering teams. In contrast, Windows 10 is known to collect up to 1,200 event types, data that is shared with up to only 10 engineering teams.
Quote:

Dutch investigators said they've already been in contact with Microsoft about their findings. According to the report, Microsoft has already rolled out a "zero exhaust" telemetry collection setting for Office users to address issues #1 and #2, from above. ZDNet was unable to identify this setting, at this moment, and is unclear if this option has been made available to all users, globally.
Source.




It appears to be serious enough for Microsoft to swiftly provide an option to apparently disable telemetry (if that is what "zero exhaust" actually means), something they were never willing to do for Windows 10 for more than three years now.

TK421 11-18-2018 01:40 PM

Doesn't give a date of when will the update to disable telemetry be pushed out :|

essanbee 11-18-2018 01:59 PM

Big surprise when we find out that "zero exhaust" telemetry collection still collects way too much information.

Xyxox 11-18-2018 02:15 PM

LibreOffice.

Problem solved.

xJumper 11-18-2018 06:12 PM

Quote:

Originally Posted by Xyxox (Post 27721498)
LibreOffice.

Problem solved.

I used it 90% of the time, but when a real office suite monkey at work hands me some really intense Excel sheet or something it'll have some functions Libre Office won't do.

I had a feeling there was some telemetry going on with Office, surprising since I have a legit Professional Plus 2016 license I paid out the rear for. Gonna be looking into this ASAP. It's getting ridiculous just how in your face MS is getting with their data collection especially off users who have paid in full for products.

Quote:

Originally Posted by essanbee (Post 27721470)
Big surprise when we find out that "zero exhaust" telemetry collection still collects way too much information.

That's a pretty common theme with MS. You can turn everything off, set every privacy ticker to ON, run powershell scripts that clean stuff out, block this or that, use group policy, edit the registry, use hosts files, use whatever anti-spying software you want. Windows 10 still leaks out information, it actively ignores certain MS owned entries to hosts files or settings in the OS.

matthew87 11-18-2018 07:56 PM

Quote:

Originally Posted by tpi2007 (Post 27721318)
Source.




It appears to be serious enough for Microsoft to swiftly provide an option to apparently disable telemetry (if that is what "zero exhaust" actually means), something they were never willing to do for Windows 10 for more than three years now.

Personally, it sounds like a media beat up.

I'm all for privacy and don't use Chrome, Edge or other such browsers for that reason and i'm also highly critical of Windows 10 and its advertising ID and marketing tactics.

But in this case, it sounds to me it's not so much Microsoft 'spying on your emails' as simply the spell checker that's used in Outlook and Word (Thus emails and documents as mentioned in the article). This isn't a case of Microsoft having Office send the subject heads of your emails or names of your documents back to their servers to invade your privacy, but rather it's tied into spell check / auto correct and they want the data to further refine and improve the service and its behaviour for customers and tailor it to specific regions.

What next, Microsoft just remove all forms of spell check in Europe?

If this concerns people how exactly do they feel about gmail.

JackCY 11-18-2018 08:30 PM

Quote:

Originally Posted by Xyxox (Post 27721498)
LibreOffice.

Problem solved.

Good luck with that. Even x64 variant of M$ Office breaks compatibility, let alone completely different programs.

Telemetry? What? Just block it in a firewall.

8051 11-18-2018 09:04 PM

Quote:

Originally Posted by JackCY (Post 27721788)
Good luck with that. Even x64 variant of M$ Office breaks compatibility, let alone completely different programs.

Telemetry? What? Just block it in a firewall.

How are you going to differentiate legitimate IP packets going to out to say, Windows Update, from telemetry data?

umeng2002 11-18-2018 11:06 PM

What government or other important organization would use these products? They have to know that US intelligence agencies have totally infiltrated large US tech companies - either through official cooperation or rogue employees.

You think it's a coincidence that "telemetry" started popping up in a ton of programs, certain drivers, and Windows 10 and back ported to W7 right when the intelligence and LEA started complaining about full disk encryption and the general increase in encryption use. Any data, including metadata is gold. Have spellcheck turned on and accidentally typed a password in a wrong dialog box? Now there is a good chance M$ and their friends have your password to some encrypted files or user accounts.

How many attorney-client privileges were violated with their spell checker sending back full sentences or large parts of a whole legal document or email correspondence?

Xyxox 11-19-2018 05:51 AM

Quote:

Originally Posted by xJumper (Post 27721704)
I used it 90% of the time, but when a real office suite monkey at work hands me some really intense Excel sheet or something it'll have some functions Libre Office won't do.

I had a feeling there was some telemetry going on with Office, surprising since I have a legit Professional Plus 2016 license I paid out the rear for. Gonna be looking into this ASAP. It's getting ridiculous just how in your face MS is getting with their data collection especially off users who have paid in full for products.

That will happen with the real users of the Office Suite. The vast majority of MS Office users do not even use 10% of the functionality built into the application suite making LibreOffice a fine alternative. BTW, most of those functions your real office suite monkey uses are also present in LibreOffice, but LibreOffice implements in adherence to the XML standards while Microsoft, as history has shown time and again, extends those standards in their proprietary formats.

Quote:

Originally Posted by JackCY (Post 27721788)
Good luck with that. Even x64 variant of M$ Office breaks compatibility, let alone completely different programs.

This is because of the old Microsoft standard of not adhering to standards. The adage of "embrace and extend" has never gone away.

Quote:

Originally Posted by JackCY (Post 27721788)
Telemetry? What? Just block it in a firewall.

This will work in an Enterprise environment so long as all updates are handled via AD Group Policy and there are strictly adhered to policies and procedures to insure the security related updates are implemented in a timely fashion.. Otherwise you won't be able to distinguish between calls for updates and the telemetry data at the firewall,


All times are GMT -7. The time now is 05:27 AM.

Powered by vBulletin® Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.