Posts Tagged ‘call home’

Whose machine or app is it anyways?

Friday, June 10th, 2016

If you deploy a modern OS, such as Windows 10, you may be surprised to learn that it’s calling home. A lot.

For example, here is a screen shot from my Windows 10 PC of the diagnostic settings, relating to what information the PC shares with Microsoft:

feedback-options-windows-10

Notice that there are 3 options, none of which is “stop doing that.”

I have no reason to believe this is unique to Microsoft. Apple MacOSX does it., Android and iOS on phones and tablets certainly monitor you and even some Linux distributions have telemetry features, though generally off by default / offered as a paid service.

Which begs the question — whose device is it? I bought the hardware, I either purchased the OS with the hardware or installed it separately, I *own* the system. What business does it have snooping on me and sending information to a third party?

I know there are legitimate reasons for this – aggregate health diagnostics, heat maps about apps that misbehave, surveillance to find malware, etc. That’s fine, but surely the default should be “off” and sending anything from my PC to some vendor’s servers should require my permission. That’s not the current state of affairs.

Which brings us to compilers. It’s been known for decades that you can insert malware and Trojan horses into compilers and create hard-to-detect compromise of systems.

It seems that Microsoft has recently, perhaps inadvertently, done something close to that. A recent release of Visual Studio inserts code into even the smallest, do-nothing programs to send telemetry home to Microsoft. (infoq.com). When caught, Microsoft confessed to doing this, claiming (probably rightly) that it was intended to be an innocuous performance tuning tool: (reddit.com).

This instance will be backed out, but Windows 10 remains a “call home” machine, as do smart phones and Mac’s.

I wonder what it will take to reverse this awful trend?