[hedora]

They made it impossible to opt out of telemetry unless you buy enterprise licenses and run a domain controller.

Old Microsoft software had a simple toggle switch for this.

By default, windows 10 lets Microsoft engineers remotely log into your box and browse your filesystem. They say they only use it for diagnostic purposes, but I don’t see how that could be true unless they’re in violation of US law, which compels them to give the same access to law enforcement.

I’m not sure if you can opt out of that (or whether the opt out would survive a warrant).

I switched away from windows over this sort of thing. There were dozens of other objectionable things they were caught doing, and efforts to build windows 10 “decrappifiers” made it clear they were adding new telemetry every month, and laundering the data through sock puppet domains.

[Stratoscope]

> By default, windows 10 lets Microsoft engineers remotely log into your box and browse your filesystem.

I'd like to see a reputable source for that claim.

[hedora]

It looks like you can disable it, but “Full” telemetry (in Microsoft’s words) includes:

> Full: All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.

In the Windows 8 days, they claimed that engineers couldn’t silently pull individual files from machines without managerial approval. I can’t find the source. It was some old news article with an interview with a Microsoft manager.

Anyway, “All data necessary to identify and help to fix problems” pretty clearly implies they can pull whatever they want as they debug. I don’t see how they could implement that without exposing customers to warrant requests.

[Hawxy]

FYI what they're referring to is this: https://docs.microsoft.com/en-gb/windows/privacy/windows-dia...

This page outlines everything additional they recieve on the Full setting.

> In the Windows 8 days, they claimed that engineers couldn’t silently pull individual files from machines without managerial approval. I can’t find the source. It was some old news article with an interview with a Microsoft manager.

I recall reading something similar, but for Windows 10. AFAIK it said that engineers diagnosing a difficult problem can select a group of machines to receive raw telemetry from, after getting permission from managers + microsoft's privacy team. I have a feeling it was for insider builds only though.

[pbhjpbhj]

With provisos it seems right, they have remote support by default, no: https://winaero.com/blog/disable-remote-assistance-windows-1....

[Stratoscope]

That article is talking about Remote Assistance, which lets you explicitly grant temporary permission to someone you trust (not just a Microsoft engineer, but anyone you choose) - and you can see what they are doing because you're sharing your screen.

The GP comment seemed to imply that Microsoft engineers could log in remotely without your knowledge or consent.

[pbhjpbhj]

>"By default, windows 10 lets Microsoft engineers remotely log into your box and browse your filesystem."

This is correct, they AFAIK need a password/acceptance from the user, that's the proviso, but the original comment didn't say "without anyone knowing" (and as it's closed source none of us knows for sure). Their quoted claim is true it's just of very limited value.

This whole thread is going nowhere.

The first question should've been "yes, but can they do it without a password or user-acceptance". The answer is "we don't know" AFAIAA.