Microsoft Office collected actual content from users' applications

Chat about just about anything else
Post Reply
User avatar
xenopeek
Level 24
Level 24
Posts: 23193
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Microsoft Office collected actual content from users' applications

Post by xenopeek » Thu Nov 15, 2018 1:30 pm

Dutch government report says Microsoft Office telemetry collection breaks GDPR, as reported by ZDNet: https://www.zdnet.com/article/dutch-gov ... eaks-gdpr/
Investigators […] found that Office applications also collected actual content from users' applications, such as email subject lines and sentences from documents where the company's translation or spellchecker tools were used.
Affects both the desktop and online Office suite. What telemetry data was collected isn't documented and can't be opted out of. Microsoft is said to be already working on addressing these issues to avoid a huge fine.

For me, telemetry should be off by default and (seeing as this is a commercial product) one should be paid or otherwise compensated for participating in a user study.
Image

gm10
Level 13
Level 13
Posts: 4609
Joined: Thu Jun 21, 2018 5:11 pm

Re: Microsoft Office collected actual content from users' applications

Post by gm10 » Thu Nov 15, 2018 1:46 pm

Haha, the only thing unexpected about that is the scope, that surprised even me:
zdnet wrote:Investigators said that Microsoft collects up to 25,000 types of Office events,
This is why I avoid cloud-based applications where I can so I simply block Internet access completely unless an app really needs it. I don't care how much telemetry you collect if you cannot get it out. Not an option with software-as-a-service.

redlined
Level 4
Level 4
Posts: 315
Joined: Wed Jun 06, 2018 8:12 pm
Location: Mile High, Green State (Denver, CO:)

Re: Microsoft Office collected actual content from users' applications

Post by redlined » Thu Nov 15, 2018 2:13 pm

xenopeek wrote:
Thu Nov 15, 2018 1:30 pm
For me, telemetry should be off by default and (seeing as this is a commercial product) one should be paid or otherwise compensated for participating in a user study.
exactly! sadly, they will jump through hoops now that gdpr is in effect (only) to save from huge fines. US needs to follow suit in this, at least mandatory OPT-IN with explicit consent required, not assumed and/or hidden in double-speak legalese terms and conditions. I really enjoyed reviewing :roll: the tons of last minute privacy policy changes this past summer over gdpr compliance, told me enough about the various sites and services I use(d).

Would be nice to have some actual transparency in what exactly is collected and who exactly it is shared with and how long it is retained/used, regulated and enforced by law with huge fine potential! This deep pocketbook attack is the only way forward, imo, and away from this 'surveillance capitalism'... otherwise online privacy (and privacy in general) continues to becomes a pipe dream in this hyper-connected world, akin to global peace and equal opportunity, and that just sux :evil:
Moem kōan 42: Should tool manufacturers be required to fix their products so that you cannot use their saws to cut the tree branch that you're sitting on?

(The answer to the ultimate question of life, the universe and everything is... 42!!;)

User avatar
Moem
Level 17
Level 17
Posts: 7208
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Microsoft Office collected actual content from users' applications

Post by Moem » Thu Nov 15, 2018 2:36 pm

This is my surprised face: :|
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

rambo919
Level 3
Level 3
Posts: 185
Joined: Wed May 22, 2013 3:11 pm

Re: Microsoft Office collected actual content from users' applications

Post by rambo919 » Thu Nov 15, 2018 3:30 pm

From anyone other than a 1st world government this would probably be labeled a "conspiracy theory".....

ud6

Re: Microsoft Office collected actual content from users' applications

Post by ud6 » Sat Nov 17, 2018 4:52 am

Moem wrote:
Thu Nov 15, 2018 2:36 pm
This is my surprised face: :|
:lol: :lol: :lol:

Ironically though, users of other OSs (such as linux) may not be surprised, but I'd guess this is news to most Windows users :roll:

User avatar
Pierre
Level 17
Level 17
Posts: 7697
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: Microsoft Office collected actual content from users' applications

Post by Pierre » Sat Nov 17, 2018 8:21 am

in all reality, most of the Western Countries do need to adopt the EU style GDPR laws:
- especially this Country - Australia.
:mrgreen:
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

User avatar
kenetics
Level 5
Level 5
Posts: 702
Joined: Thu Dec 14, 2006 9:57 pm
Location: Somewhere on a Florida beach
Contact:

Re: Microsoft Office collected actual content from users' applications

Post by kenetics » Sat Nov 17, 2018 11:22 am

I wonder if they can collect information from a password protected document?
“Three o'clock is always too late or too early for anything you want to do.” 
― Jean-Paul Sartre

User avatar
thx-1138
Level 6
Level 6
Posts: 1276
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: Microsoft Office collected actual content from users' applications

Post by thx-1138 » Sat Nov 17, 2018 11:36 am

Theoritically, no, due to AES being used.
Practically, as with any crypto implementation in closed source products,
you never know if it is actually doing what they claim it should be doing (either due to mistakes or by purpose).

gm10
Level 13
Level 13
Posts: 4609
Joined: Thu Jun 21, 2018 5:11 pm

Re: Microsoft Office collected actual content from users' applications

Post by gm10 » Sat Nov 17, 2018 11:45 am

thx-1138 wrote:
Sat Nov 17, 2018 11:36 am
kenetics wrote:
Sat Nov 17, 2018 11:22 am
I wonder if they can collect information from a password protected document?
Theoritically, no, due to AES being used.
Practically, as with any crypto implementation in closed source products,
you never know if it is actually doing what they claim it should be doing (either due to mistakes or by purpose).
As long as you opened the document in Office the encryption hardly matters. So unless they specifically didn't collect telemetry when you were working on encrypted documents, which is unlikely, the answer is: of course they can and did.

User avatar
thx-1138
Level 6
Level 6
Posts: 1276
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: Microsoft Office collected actual content from users' applications

Post by thx-1138 » Sat Nov 17, 2018 11:50 am

gm10 wrote:
Sat Nov 17, 2018 11:45 am
As long as you opened the document in Office the encryption hardly matters.
Very nice & accurate addition to the above. Data gets decrypted on memory (even more, under untrusted system) = end of story.

User avatar
michael louwe
Level 9
Level 9
Posts: 2890
Joined: Sun Sep 11, 2016 11:18 pm

Re: Microsoft Office collected actual content from users' applications

Post by michael louwe » Sat Nov 17, 2018 12:18 pm

Playing the Devil's or M$'s Advocate, Win 10's Cloud-based AI and Digital Assistant/Cortana need to collect nearly all of the user's private info or data in order to be able to be artificially-intelligent and to digitally-assist the user as much as possible through machine-learning. It's part and parcel of using Win 10, except for Win 10 Ent LTSB. EU's GDPR may force M$ to issue a non-AI/non-Cortana Win 10 edition just for the EU market. Deja vu.? Will this be a good thing for the EU people in the long term.? In the future, devices in the homes, offices, highways, airports, etc may be inter-connected by AI to digitally-assist every user.
.
.
P S - Normally, Volume Licensing(= minimum 5 Win 10 Ent licenses) is required to obtain the LTSB edition. Seems, now people can buy just ONE Win 10 Ent LTSB license for about US$300. … https://community.spiceworks.com/topic/ ... sc-license - Explicit instructions for purchasing a Windows 10 LTSC license? (Oct 9, 2018)

Post Reply

Return to “Open chat”