Is Microsoft Stealing People's Bookmarks? (schneier.com) 99
I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it's too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it? (Not that "user error" is a good justification. Any system where making a simple mistake means that you've forever lost your privacy isn't a good one. We see this same situation with sharing contact lists with apps on smartphones. Apps will repeatedly ask, and only need you to accidentally click "okay" once.) EDITED TO ADD: It's actually worse than I thought. Edge urges users to store passwords, ID numbers, and even passport numbers, all of which get uploaded to Microsoft by default when synch is enabled.
Also from one comment:
Ted November 17, 2021 8:29 AM It looks like Microsoft released some documentation on "Microsoft Edge -- Policies" for Enterprise on 11-9-21. It is only a 472 minute read, but there is some info on Forced Synching, for example: ForceSync Force synchronization of browser data and do not show the sync consent prompt https://docs.microsoft.com/en-...
Bet the EULA you clicked though let them do that (Score:2)
...with no legal ramifications.
Re:Bet the EULA you clicked though let them do tha (Score:4, Insightful)
Perhaps, but half the real point of an EULA is not to stop you from doing something, it's to permit them to do things. The EULA may not be enforceable, but it can make a dandy shield.
Re:Bet the EULA you clicked though let them do tha (Score:4, Informative)
Maybe in the US. The EU has sanctioned companies quite heavily for similar actions.
Microsoft had to release a special edition of Windows for the EU market (with less obnoxious media player and browser integration), so it's not unreasonable to believe they will be taken to task for this as well.
Not that it will mean anything for us in the States.
Re: (Score:1)
Re:think of the children (Score:1)
Microsoft management?
Is Microsoft Stealing People's Bookmarks? (Score:1)
MSS (Score:2)
Yes, Microsoft sucks.
Not surprising (Score:1)
You can expect to be rooked and reamed constantly with today's mainstream software. We had a chance to nip it in the bud 20 years ago, but most people didn't care and still don't care.
Too bad. Hope you got plenty of K-Y jelly.
free browser? (Score:3)
You are the product.
Re: (Score:2)
Oh this is subtle. I'm not sure if your post is stupid or an incredibly high brained remark on the stupidity of the "You are the product" meme considering that all browsers are free but not all treat the user with equal disrespect...
This is going to keep me up tonight.
Re: (Score:2)
Re: (Score:2)
It's not really free, you paid for it as part of the Windows licence.
Microsoft want to have their cake and eat it.
Re: (Score:2)
What does it cost to install Edge on Mac or Linux?
Re: (Score:2)
That's true I guess. Windows users subsidised development for you.
I wonder how many people actually install it on Mac and Linux though. I imaging at least 99.999% of users are on Windows, and most of them wish they could uninstall it.
Re: (Score:2)
Can't argue there.
Re: free browser? (Score:2)
Yup edge is the 1st thing I install on linux
Prefer it over chrome.
Thinking of shifting to brave, that's a lot better than edge/chrome on both linux/win11
Applicable questions for real users (Score:3)
Does Windows have a background process that runs even when you don't use Edge as a browser, that steals bookmarks from Brave?
Re:Applicable questions for real users (Score:5, Informative)
Re: (Score:2)
Wow, you weren't kidding.
https://www.tenforums.com/tuto... [tenforums.com]
Re: (Score:2)
Re:Applicable questions for real users (Score:5, Informative)
2) Immediately after creating your profile, turn off Edge ability to save payment info, address info, passwords and anything else
3) Disable run in the background
4) Disable Edge/Microsoft shopping helper bullshit
5) Disable Edge online synching
6) Download Firefox or Brave and do the same with it
7) Install the Floccus browser extension and point to your Nextcloud Bookmarks.
Re:Applicable questions for real users (Score:5, Informative)
Re:Applicable questions for real users (Score:4, Insightful)
Also check on Edge with every "update" as MS could undo all your settings.
I believe what you meant to say there is "MS WILL undo all your settings."
Re:Applicable questions for real users (Score:4, Insightful)
Kind of a sad state of affairs when you have to fist fight your own browser, probably after every update, just to browse the fucking net in peace. Remember when the internet was just about reading text?
Re: (Score:2)
Jesus, I feel like I'm agreeing with RMS. Not a position I ever thought I'd be in.
Re: (Score:3)
Have been using Firefox since the days of Mozilla.
Don't really have a problem with that browser (at least for my needs, with about 50 tabs open at any one time, and system running for days at a time without shutting down).
Maybe you should consider changing your browser to something else which is not Edge or Chrome? Those two are the only 2 big company controlled browsers I can think of, off hand. Not sure if Safari's marketshare is anything worth considering.
Re:Applicable questions for real users (Score:5, Interesting)
You don't have to fist fight anything. You could just do what most users do and completely and utterly ignore it. Settings, disabling, all that mumbo jumbo, most users (myself included) just don't bother. Has Edge copied my bookmarks? Don't know, don't care to check either. If you're concerned about privacy and are using windows, that's like buying a car with an internal combustion engine and trying desperately to figure out how you could convert it to be pulled by huskies.
Just use the right thing in the first place instead of fighting a losing war, or, just ignore that war raging on without you.
Re: (Score:1)
If you're concerned about privacy and are using windows, that's like buying a car with an internal combustion engine and trying desperately to figure out how you could convert it to be pulled by huskies.
Just use the right thing in the first place instead of fighting a losing war, or, just ignore that war raging on without you.
THIS.
It is a very straightforward approach to approach to 'personal' computing; either be your own OS and hardware Administrator by virtue of 'h4ving sk!llz' or you need to make the acquaintance of and/or hire one.
Either way, if your in-house geek is 'for real' about system security and privacy the conversation should at least include an option for QubesOS. (If your geek hasn't deployed it / hasn't heard of it, it might be because serious security geeks treat it like 'the first rule about fight club' - it
Re: (Score:2)
Very said indeed, but only if you're using a Microsoft product.
Use Apple. Use Linux. Use BSD. Heck, if you can, use OS/2. Don't have to fight with Microsoft about how I want to use my machine.
And it is *MY* machine.
Re: (Score:2)
8) Install a hardware firewall between your LAN and the outside world with rules to block all Microsoft address blocks.
Re: (Score:2)
Re: (Score:2)
Probably nothing of consequence anyway. And if their owners want to hang on to customers, they'll move somewhere like AWS.
Re: (Score:2)
Even better, learn to use WinGet. It's the new Windows package manager, similar to apt and the like on Linux.
For example, to remove the pointless widgets from Windows 11, open a Powershell administrator window and type
winget uninstall "windows web experience pack"
You can also install Firefox without needing to open Edge this way. There is also an open source tool "ThisIsWin11" (soon to be renamed) that makes it easy to tweak a lot of stuff. Stick it on the install media so you can run it right after install
Re:Applicable questions for real users (Score:5, Informative)
It automatically imports bookmarks from firefox and probably other chromium browsers as well on first launch. This is also done without permission.
Re: (Score:3)
This is also done without permission.
Nope. You just mashed the OK button without reading the screen. It asks, you just weren't paying attention.
Re: (Score:2)
IIRC, I end-tasked edgium after it opened without permission and presented this notice, as its presence prevented normal UI interactions. The notice doesn't come back, but it probably considered failure of the application as implicit acceptance as well.
I don't know what kind of madman would consider this forced UI takeover as adequate permission anyway, but like most of these blunt-force acceptance mechanisms it often doesn't work in the "normal" fashion just like the oodles of reports where people had the
Re: (Score:2)
IIRC, I end-tasked edgium after it opened without permission and presented this notice, as its presence prevented normal UI interactions.
Your UID is way too low to use a computer the way my mother uses it. When the computer asks you a question you answer it, you don't walk away and then complain when it made a decision for you.
I don't know what kind of madman would consider this forced UI takeover as adequate permission anyway
Someone who wanted an answer. I don't know what kind of a madman would end task the window rather than simply answering once and then never being bothered again. You're like the guy who consciously decided not to vote complaining about the person who won, except in this case you have even more power than that.
Honestly
sync or suck up? (Score:2)
The real question is: does MS have access to the data?
Well of course it does! It already has access to everything on the computer.
Now seriously: How does this sync work? Does it send an encrypted payload that is decryptable only on end user devices, as Firefox sync does? Or is it a plaintext dump?
Re: (Score:1)
Microsoft encrypting the data they're stealing from you to protect it from eavesdropping? You're funny.
Re: (Score:2)
Honestly thought (Score:2)
Or maybe they finally got caught?
This doesn't seem all that news worth in my opinion.
Re: (Score:2)
Yea, just wait until people not under NDA figure out how they've actually been keeping the lead in video game framerates. (Hint: It's illegal!)
Re:Honestly thought (Score:5, Interesting)
Google sneaks their way into stealing your private data by automatically logging into chrome when you use it with a google service. I suppose Microsoft would claim that since you're signed in with a windows cloud account they have the same implicit permission.
You've raised a good point though, nobody really knows what's contained in the windows telemetry data, but the allegations would be on the same level as bookmarks if not worse.
Re: (Score:2)
You've raised a good point though, nobody really knows what's contained in the windows telemetry data, but the allegations would be on the same level as bookmarks if not worse.
Yes we do. Microsoft has released all that information in response to EU requests: https://docs.microsoft.com/en-... [microsoft.com] Here you go, it's only 145 pages long. On the left hand side you can select different Windows versions as well and compare them. This just covers the base level telemetry which can't be disabled.
There's a summary available for organisations who don't want to read it all: https://docs.microsoft.com/en-... [microsoft.com]
I hate forced sync (Score:2)
I was an iPhone user and then switched to Android. How do you transfer your contact from iPhone to Android? The only option I could find was to upload csv (or some other format) to google cloud and then import it back. Unfortunately, I had too much private info on my phone (I never used to sync to Apple iCloud). This included dmv license, passport, bank account numbers, friends birthdates, kids birthdates and so on. So I had to clean up everything and then upload. A year later, moved back to iPhone (There w
Re: (Score:2)
"The only option I could find . . ."? I hope that you are joking. There are and have been MANY tools to do this without any cloud(s). Heck, even iTunes had a way.
I have personally used the iMobie products: AnyTrans (iPhone & Windows) and AnyDroid (Android & Windows).
I am not saying that the processes are perfect, but the tools exist.
Re: (Score:2)
If I don't trust googlecloud with my contacts, do you think I will trust some mobie-phobie app?
Even today, I am not sure if you can transfer iOS contacts to Android without internet (You hve Mac or Windows Computer, Android phone and iPhone and only apps from Google/Apple on them). Not sure if you can even do between two Android phones.
Re: (Score:2)
I hope that someone else can chime in . . .
Anyway, the processes/tools that I mentioned do NOT need an internet connection; they use USB/Lightning.
Copy iPhone Contacts to Your Mac using iTunes: https://becomethesolution.com/... [becomethesolution.com]
Export (Mac) contacts to vcf (vCard file): https://support.apple.com/guid... [apple.com]
Copy vcf to Android: WIndows/PC Android just connect USB and Windows will show the filesystem under Portable Devices (copy); Mac copy vcf to memory card (FAT32?) feed memory card to Android phone
Android can/wi
Re: (Score:2)
I am very sorry, but I must add the latest:
Switch from iPhone to Android: How to transfer iMessage, photos and more: https://www.cnet.com/tech/mobi... [cnet.com]
How do I transfer my data from my iOS device to my new Samsung Galaxy?: https://www.samsung.com/uk/sup... [samsung.com]
Re: (Score:2)
It's worse. The phone I had two years ago let me stay free of the internet and didn't constantly spam me with ads for this and that. The current model...well, it's implicit in what I already said.
Re: (Score:2)
Stick a microSD into your iPhone and transfer all the data to the card. Then put the card into your Android phone and copy it into your new phone.
What?
Apple iPhones don't have microSD card slots? Hmmm. I guess that is to make them more secure?
I assume you can still use an iPhone compatible thumb drive to do something similar though (even in 2013-2014) but maybe not.
Steal ? Really ? (Score:1, Informative)
What Microsoft (allegedly) did is something else : they looked over your shoulder and recorded what they saw. This is an invasion of privacy, not stealing.
Re: (Score:1)
An accurate statement, but if this is true then "video piracy" is also not stealing. Can't have it both ways.
Re: (Score:2)
Re:Steal ? Really ? (Score:5, Insightful)
What Microsoft (allegedly) did is something else: they looked over your shoulder and recorded what they saw. This is an invasion of privacy, not stealing.
Seems like stealing your privacy ...
Re: (Score:2)
Seems like stealing your privacy ...
They didn't steal your privacy. You gave it to them. You did read the EULA right? No one is forcing you at gunpoint to use Windows.
Re: (Score:2)
Sure, this argument comes up a lot, however although the data is copied and is still available therefore not "theft" (pushing glasses up bridge of nose with finger) in this example it has caused the loss of privacy. So: something is gone or damaged so its full quality is no longer available.
Some element of privacy has been stolen.
Re: (Score:2)
The stealing happens later when they access you bank account.
Re: (Score:2)
uhhh (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Why are they so confident that corporations will make the same convenience vs. privacy deal that individuals seem to have made?
Platform lock-in, perhaps? I'm self-employed, and I love Linux and use it exclusively unless I have no other choice. If even somebody in my position is forced to use Windows occasionally, how can any corporation whose operational infrastructure is based on Windows-only software switch platforms? Microsoft knows this and doesn't give a rat's ass about the wishes of its corporate clients.
It wouldn't surprise me at all for Microsoft to say "OK corporations, you can have your privacy and control back. The price
Re: (Score:2)
Re: (Score:1)
No option to opt out in advance. You can only turn it off after they've already got a full copy once, apparently.
Bookmarks? They could be sending... (Score:3)
If you're using Windows Home Edition, then you've already agreed to send "telemetry" to Microsoft servers. Forget bookmarks. Legally, they could be sending every single website you visit on ANY browser to the home server (under the guise of improving Windows, of course). Given that, it seems a little silly to worry about synching bookmarks in Edge. If you don't trust Microsoft with your data, then you definitely shouldn't be using Edge and probably shouldn't be using Windows.
Re: (Score:2)
I switched to MaCOS when Windows was still on Windows-7. I am glad I did. Windows-7 was the last classic Windows product. They messed up with 8 onwards.
Re: (Score:1)
Legally, they could be sending every single website you visit on ANY browser to the home server (under the guise of improving Windows, of course).
No, they could not, at least not within the EU. That kind of information is protected by the laws covering privacy of communication - and they can't get my legally binding consent (through EULA or any other means) to do that.
Re: (Score:2)
No, legally they can only send this data: https://docs.microsoft.com/en-... [microsoft.com] since this is the response to an EU regulator request if they sent other data back without updating that list first they'd be in breach of EU law.
At least that is what is sent over telemetry. If you have history syncing with your Microsoft account then you're sending them a list of every website you visit anyway.
Re: (Score:2)
Windows only has that level of telemetry if you give it permission to do so. You can turn off 90%* of the telemetry during initial setup of your Windows account and the rest can be turned off afterwards using third party tools.
*Ok, I pulled that number out of thin air but I'm confident that the actual percentage is rather high.
Your Windows OS does not belong to you (Score:3)
Friendly reminder:
It never will.
You cannot have that be different.
You chose your fate.
Re: (Score:3)
Comment removed (Score:3)
Re: (Score:1)
Re: (Score:2)
Not "suddenly", as required by law (GDPR) Google clearly informs the user that it will sync data before it actually does it. You can be signed in and not sync too.
Additionally, if you set a password for sync the Google cannot access the data anyway. You will be unable to view or manage your bookmarks on their website.
Re: (Score:2)
and suddenly it starts synchronizing your browser with the Google mothership
If you think that is what this story is about then I suggest you re-read TFS.
ForceSync is Enterprise Functionality (Score:2)
To enable ForceSync, you either have to use Group Policy, deploy Windows in kiosk mode, or manually set the registry key for it.
This should go without saying, but... If the user is expecting any privacy on corporate devices, they're wrong 99.9% of the time as a matter of law. Go ahead and sue an employer for breach of privacy on a company-owned computer if a lawyer will even take that case.
As intrusive as this "feature" is, ForceSync isn't relevant to personal, standalone machines.
Re: (Score:2)
As intrusive as this "feature" is, ForceSync isn't relevant to personal, standalone machines.
Right, because Microsoft scoops up whatever they want already, and the EULA permits them to do so.
Never store important info... (Score:2)
Comment removed (Score:3)
Re: (Score:2)
You don't ever explicitly turn it on
You don't unless you're one of those people who bash the okay button to make some window disappear.
For everyone else they ask permission on first login on each installed copy of Windows. Not sure how you missed that, but not ticking that option means your Onedrive will sit there empty as it should.
Re: (Score:2)
Re: (Score:2)
Because it didn't happen. I have no idea why you're lying about this, but you can knock that shit off now.
It's pretty trivial to prove that I'm not lying and there are plenty of screenshots you can lookup which shows the *MULTIPLE* ways Onedrive begs you to enable including a popup window on first run, a taskbar notification if you ignore the popup window, and a banner in the file explorer (you know, the one we actually discussed on Slashdot... presumably while you were busy clicking okay / X on any window you could find)
Now as to the real question, what's your deal? Are you lying or incompetent?
typical (Score:3)
"never trust Microsoft" has been a truth of the IT industry for half a century. So I sincerely hope not one person on the planet is surprised by this. It's more like "ah, there's the most recent shit they pull, ok."
Try to do something nice and look what happens. (Score:2)
Maybe it's time to stop using Windows? (Score:2)
After 31 years and just when I was starting to get good at mousing, Microsoft has to screw me. Do any good Steam games work on Ubuntu?
Uh, is this news? (Score:1)
Google's been doing this for YEARS with Chrome. Apple with Safari, too, if I'm not mistaken (or, at least it did way back in the me.com days). I don't have any account to sign-into Firefox with but, I'd guess it allows something similar.
I assumed that any browser that lets you associate an account to it will sync your bookmarks across devices.
I see that as a feature, not a threat, though, and certainly not "stealing." How can you "steal" a bookmark? Have you created NFTs
Telemetry (Score:1)