Hacker News new | ask | show | jobs
by Terr_ 7 hours ago
> spyware

The privacy-destroying "telemetry" continues to transmute from a theoretical problem to a realistic concern too.

For example, many printers puts forensic marks onto pages identifying their serial number, while MS/Apple log all your device serial numbers, which in turn is subject to seizure/threats/theft.

The upshot is you can't print an "anonymous" flyer stating I Dislike The Regime without the risk that thugs of said regime will be outside your door later.

> memory ‘live sampling’

"Citizen, the signature of a Wrongthink picture was detected in your telescreen..."
1 comments
gadflyinyoureye 6 hours ago
I'm. Lt sure why this is down voted. ICE showed up at a woman's door trying to force her to take down a benign social media post.

What is stopping similar authoritarians from cracking down using these kind of features and registrations?

https://newrepublic.com/post/212340/ice-poll-worker-election...

link
Grombobulous 5 hours ago
The printer thing seems pretty unrelated, and I don’t think there’s much evidence that simply logging in to your system with your Microsoft account has anything to do with telemetry of the actual content of your computer.

You can obviously send a lot of personal data through Microsoft services that use that account, but merely logging in that way doesn’t seem to just upload your life to Microsoft, either.

link
Terr_ 3 hours ago
> The printer thing seems pretty unrelated

It's a simple example of how the arcane telemetry they demand is actually far more dangerous to you than it first appears.

This is incredibly common when it comes to security and privacy issues, where it's not immediately obvious how things can be abused. (The truly obvious things tend to get fixed, after all.)

> I don’t think [...] your Microsoft account has anything to do with telemetry

My brother in tech, I think you're blinding yourself out of forlorn hope here.

Microsoft has spent over a decade increasing the mandatory "telemetry", which contains a complete profile all your computer hardware with serial numbers plus all the software you run and when you run it [0]. The same company has consistently made it harder and harder for anyone to not sign up for an account in order to even install the OS.

They already collect the data in a very deliberate and strategic way. What you ought to be seeking is evidence they don't keep it.

[0] https://arxiv.org/abs/2002.12506

link
Grombobulous 3 hours ago
I appreciate the fact that you sent over a very good paper.

After reading it, I am still not sure I see how this is particularly alarming information. I can see how it would help a forensic investigator who has physical access to the device.

The most personal aspect seems to be the list of installed and removed programs, which I would agree is stepping across boundaries of privacy.

The paper notes that this whole studied telemetry package is part of the telemetry service you can opt out of.

The rest seems to be device identifiers and connected devices. They mention that the device identifiers could lead to having part of an encryption key but that part of the paper seemed really vague. My takeaway from that section was that maybe it could lead an investigator to knowing which specific piece of hardware to use in order to decrypt something, but they’d likely need physical access to that hardware.

I get the impression is that the intent here is for an IT department or Windows developers to be able to respond to cyberattacks and deal with malware and the like. The paper you linked made that aspect pretty clear.

The printer thing is a good example, but again, just too unrelated to this particular subject. At least, in my opinion.

link