Microsoft Office collected actual content from users' applications

[xenopeek]

Dutch government report says Microsoft Office telemetry collection breaks GDPR, as reported by ZDNet: https://www.zdnet.com/article/dutch-gov ... eaks-gdpr/

Investigators […] found that Office applications also collected actual content from users' applications, such as email subject lines and sentences from documents where the company's translation or spellchecker tools were used.

Affects both the desktop and online Office suite. What telemetry data was collected isn't documented and can't be opted out of. Microsoft is said to be already working on addressing these issues to avoid a huge fine.

For me, telemetry should be off by default and (seeing as this is a commercial product) one should be paid or otherwise compensated for participating in a user study.

[gm10]

Haha, the only thing unexpected about that is the scope, that surprised even me:

Investigators said that Microsoft collects up to 25,000 types of Office events,

This is why I avoid cloud-based applications where I can so I simply block Internet access completely unless an app really needs it. I don't care how much telemetry you collect if you cannot get it out. Not an option with software-as-a-service.

[redlined]

For me, telemetry should be off by default and (seeing as this is a commercial product) one should be paid or otherwise compensated for participating in a user study.

exactly! sadly, they will jump through hoops now that gdpr is in effect (only) to save from huge fines. US needs to follow suit in this, at least mandatory OPT-IN with explicit consent required, not assumed and/or hidden in double-speak legalese terms and conditions. I really enjoyed reviewing the tons of last minute privacy policy changes this past summer over gdpr compliance, told me enough about the various sites and services I use(d).

Would be nice to have some actual transparency in what exactly is collected and who exactly it is shared with and how long it is retained/used, regulated and enforced by law with huge fine potential! This deep pocketbook attack is the only way forward, imo, and away from this 'surveillance capitalism'... otherwise online privacy (and privacy in general) continues to becomes a pipe dream in this hyper-connected world, akin to global peace and equal opportunity, and that just sux

[Moem]

This is my surprised face:

[rambo919]

From anyone other than a 1st world government this would probably be labeled a "conspiracy theory".....

[ud6]

This is my surprised face:

Ironically though, users of other OSs (such as linux) may not be surprised, but I'd guess this is news to most Windows users

[Pierre]

in all reality, most of the Western Countries do need to adopt the EU style GDPR laws:
- especially this Country - Australia.

[kenetics]

I wonder if they can collect information from a password protected document?

[thx-1138]

Theoritically, no, due to AES being used.
Practically, as with any crypto implementation in closed source products,
you never know if it is actually doing what they claim it should be doing (either due to mistakes or by purpose).

[gm10]

I wonder if they can collect information from a password protected document?

Theoritically, no, due to AES being used.
Practically, as with any crypto implementation in closed source products,
you never know if it is actually doing what they claim it should be doing (either due to mistakes or by purpose).

As long as you opened the document in Office the encryption hardly matters. So unless they specifically didn't collect telemetry when you were working on encrypted documents, which is unlikely, the answer is: of course they can and did.

[thx-1138]

As long as you opened the document in Office the encryption hardly matters.

Very nice & accurate addition to the above. Data gets decrypted on memory (even more, under untrusted system) = end of story.

[michael louwe]

Playing the Devil's or M$'s Advocate, Win 10's Cloud-based AI and Digital Assistant/Cortana need to collect nearly all of the user's private info or data in order to be able to be artificially-intelligent and to digitally-assist the user as much as possible through machine-learning. It's part and parcel of using Win 10, except for Win 10 Ent LTSB. EU's GDPR may force M$ to issue a non-AI/non-Cortana Win 10 edition just for the EU market. Deja vu.? Will this be a good thing for the EU people in the long term.? In the future, devices in the homes, offices, highways, airports, etc may be inter-connected by AI to digitally-assist every user.
.
.
P S - Normally, Volume Licensing(= minimum 5 Win 10 Ent licenses) is required to obtain the LTSB edition. Seems, now people can buy just ONE Win 10 Ent LTSB license for about US$300. … https://community.spiceworks.com/topic/ ... sc-license - Explicit instructions for purchasing a Windows 10 LTSC license? (Oct 9, 2018)