What I want is Little Snitch on steroids built into the OS where every process, including all native ones, including UI apps, are blocked from network connectivity by default, and the user gets an easy monitor of outgoing traffic with TLS/SSL inspection built in (you'd need some OS API to enable that).
Kind of like granular oauth permissions, apps should have to declare which outgoing they have, a description/why, and allow inspection of the actual traffic.
What Adobe CC, Google Chrome, MS Office, and macOS/Windows itself do with this background network connectivity is completely out of control and abusive to the user. They get away with it because the vast majority of users are non-technical and don't realize it's happening.
I've profiled and decrypted the background traffic on a stock Android install and the volume was also appalling. Getting macOS to 0 background traffic involved blackholing large Apple IP blocks at the router, whereas some of their processes use random IPs from these ranges and don't use DNS.
Just as the general public doesn't have the awareness or ability to fight for their privacy rights I doubt any of this will ever be remedied.
On Linux there is OpenSnitch that does its job nicely, although I experienced some occasional desktop slowdowns even after training it to open everything for trusted programs.
I still recall the old days of Windows when I tried Kerio Personal Firewall and realized how much software already phoned home two decades ago. That was the last wake up call that pushed me into getting rid of closed source software, possibly also hardware, especially when they connect to the internet.
Probably the closest thing these days is to use the cgroup match extension, together with something that makes sure separate apps are moved to their own cgroup. But that cgroup would be under a separate parent cgroup for each user so it's not ideal.
I expect NFQUEUE or some EBPF magic is a better way to do things - you don't want to be constantly adding/removing per-process iptables rules.
The owner module can control outbound communication by uid/gid. [1] There are no modules to handle things by PID AFAIK. This can however be accomplished by SELinux and Apparmor custom rules but that is a loaded topic.
Firejail [2] and Bubblewrap [3] can put limits on application capabilities and/or take away network access. Firejail has default policies for many applications, all of which can be overridden by user configurations in their home directory. Firejail leverages Linux Capabilities and AppArmor. For example, when I launch VLC even if it were configured to pull down album information, it could not. If one day they added default-enabled telemetry to VLC it would go nowhere.
A round-about and heavy handed way to manage communications by PID would be to isolation applications in their own VM or container and map the VM or container to a unique user or group.
From what I understand opensnitch use ebpf to match where the exiting packets are going. TCP being TCP, it is easy to know where the incoming answer will be delivered to as well.
Not sure if this would work also for connectionless protocols such as UDP.
That is, if I open a socket and send some datagrams to an external address:port to exfiltrate users data, then close the socket and exit, I don't think it would be able to tell which program did that, unless it detects it live.
OoenSnitch can, but it's not implemented O:) (only as a PoC)
But does it have any sense?
Usually you block inbound connections, allowing only certain services. If a rogue process starts listening on a local port, you could display a warning alert, and as inbound connections are already blocked you'd be safe (as long as you trust netfilter...) and you wouldn't need to ask the user to perform an action.
The slowdowns are because it still has to hold every connection until it can check which program it is coming from and whether that program is trusted or not, even when the same program creates multiple connections.
To get around the slowdowns, I made an alternative program called picosnitch which only monitors connections since I just stop using anything I don't trust or move it to a sandbox. It also uses BPF, has fairly low CPU usage, and some other features for improved reliability and detection of programs.
I second OpenSnitch, I haven't face any shutdowns due to it yet. For those coming from LittleSnitch on macOS might have to look into the finer details of the connection in the Allow/Deny dialog on OS to get the best results.
Slowdowns, not shutdowns, luckily:)
The desktop (XFCE under Debian if that helps) just hung for a while like it was waiting for me to allow some rules, but didn't show the requester to do so, also the timings were random, could have been from 2 seconds to 5 or more.
> Keep in mind, simplewall is not a control UI over Windows Firewall, and does not interact in any level with Windows Firewall.
> It works over Windows Filtering Platform (WFP) which is a set of API and system services that provide a platform for creating network filtering applications. Windows Filtering Platform is a development technology and not a firewall itself, but simplewall is the tool that uses this technology.
Even if it was a wrapper over Windows Firewall, why would that make you trust the filtering less? Like even if it was running fully custom ring 0 code, there's still also Windows kernel code running at the same level. Microsoft could make the kernel interfere however they want.
Like how MS ignored the hosts file if you tried to use it to block windows update. Ultimately MS has final say on what you're allowed to do on windows and they can force updates that disable or enable any kind of behavior they want. It's their system.
If you don't trust MS, don't use windows or at least never ever let connect to the internet. In a fight between you wanting to keep your privacy and an OS designed and determined to exploit you for profit, you will always lose.
I'm to the point of getting a separate hardware firewall and putting that between my computer and home network. But when you do that, you won't be able to tie activity back to an application... maybe the new nextgen firewalls can if you install some sort of agent on the computer? Idk....
I briefly experimented with using such an agent to communicate with a separate hardware firewall and found it was not worth the effort for myself and a better solution was just sandboxing anything I don't trust in a VM, since escaping a VM is harder than compromising the local agent to mask the traffic as coming from something else.
I'm using malwarebytes windows firewall control and it does block itself. I'm constantly dealing with Windows 10 crying over defender not being able to update itself and popups that I may have a virus that is blocking defender from calling home.
I believe the Mac OS networking APIs go a little bit of the way there - in Lulu, an open source alternative to Little Snitch, the connection prompts tend to contain (and let you filter) by the URL visited (including the query after the domain name). This isn't done through TLS interception, but I believe it's through the network extension API on MacOS receiving the URL requested, as long as the request comes through the regular APIs.
It's a long time since I looked, but I think some apps (mainly ones not using native APIs) only showed the hostname, rather than full URL/API endpoint path.
This also didn't show you the content, or method type (POST vs GET), but to do that you'd really need to start doing proper SSL inspection as you suggested.
Since 2014 I don't trust my macs. There is no Apple computer without LS installed on in my company. Actually, if LS is not available, I will not use Apple computers at all. Period.
Not OP, but for me the answer to your question is: is a tool I need. I _could_ use Windows, and absolutely not Linux/BSD (for the programs/tools I need for work), and, frankly, I don't think Windows is better.
Yes, I know that's not completely true. I _could_ use Linux (I even used Solaris on a notebook for 2 years in the past and I survived) but the cost in terms of effort, lost productivity would be higher than I'm ready to pay. It's a rational choice.
It's complicated, but the 2013-2014 years were when the bulk of the Snowden leaks were hitting the internet, and people were starting to dig up really suspicious stuff relating to all big tech companies, not just Apple. However, Apple was still among the companies compliant with PRISM, the NSA's newly established surveillance/tracking effort that also roped in Microsoft, Google, AOL and any other major service provider you can think of.
The implications of this are unclear. I like blowing these claims out of proportion, but in reality we genuinely have no idea what this means. It could simply signal that Apple is complicit with benign cloud-storage security procedures enforced by the USA. It could also mean that the US has carte-blanche access to iCloud data and decryption keys. You're free to draw your own conclusions, but the surrounding context seems to imply that Apple has an under-the-table relationship with our government (as does most of the tech industry, surprise surprise).
Oh, and I don't really know/care if LS is harmful. You should be aware that it's not going to outsmart Apple if they want to collect your info, though. They have kernel-level networking access, which companies like Microsoft have abused in the past to collect telemetry on crafty users. It's probably not harmful, per-se, but your perception of it as an impassible wall might be.
LS is not the only solution that I use. But is a good start and limits the telemetry baked into the macOS significantly.
On my Debian installs, I use Open Snitch.
https://bit.ly/3t6VSCk
If worrying about closed-source threat models is something you spend a significant portion of your time doing, you shouldn't be using MacOS in the first place.
I believe, even if I have not tried yet to do this, that you can do this in Linux if you create one or more virtual network interfaces in some namespaces, and you ensure that only that interface or those interfaces get IP addresses.
Then any program that is not run inside the namespace with configured virtual network interfaces can see only unconfigured interfaces, so it will not be able to open and connect sockets.
The Internet browser and any other program that needs network access, e.g. a NTP server, DHCP client, e-mail client etc., can be run inside the namespace with an IP-configured network interface.
The same could be done in FreeBSD by using a jail for the programs that need network access.
Obviously, this would not be enough to prevent network access for a program that would be aware of this configuration and would try to circumvent it, because such a program could list the network namespaces and try to execute itself, or another helping program, inside the network namespace. For complete isolation, all the programs for which network access is not desired would have to be executed inside a distinct namespace. That requires a more complex configuration.
> What I want is Little Snitch on steroids built into the OS where every process, including all native ones, including UI apps, are blocked from network connectivity by default, and the user gets an easy monitor of outgoing traffic with TLS/SSL inspection built in (you'd need some OS API to enable that).
If you want to you can do that with Linux.
Sure you'd need to use the CLI, and a combination of tools but you can pinpoint every packet to an associated process and if you add your self made cert to trusted certs, then you can decrypt TLS as well in most cases.
For this to work well, all your apps need to run with not being able to do their own TLS, but to various (reasonable) reasons a lot of applications today do their own TLS.
You also don't want to add self-signed certificates, but grab the traffic _before_ it gets encrypted IMHO.
In some cases it's still quite viable, like if they dynamic link to OpenSSL (or similar) you could create a facade which allows grabbing traffic.
But things get problematic when it's statically compiled in and not open source.
Additionally there are quite a bunch of use-cases where the encryption is not TLS, like e.g. with some WebRTC applications it's not uncommon to have an encrypted channel we could access to a broker server but in that channel E2E encrypted messages are send e.g. using libsodium statically compiled in.
> You also don't want to add self-signed certificates, but grab the traffic _before_ it gets encrypted IMHO.
that would be ideal but self signed + added to trusted store works
> Additionally there are quite a bunch of use-cases where the encryption is not TLS, like e.g. with some WebRTC applications it's not uncommon to have an encrypted channel we could access to a broker server but in that channel E2E encrypted messages are send e.g. using libsodium statically compiled in.
yeah youre right.
In other cases the only options we have are ld_preload to catch encryption lib. If that doesnt work we can still use ptrace to capture syscalls but encryption will be done in userspace so capturing network activity wont help us with encryption.
Like the other guy said, the info we can gather is still useful.
Reverse engineering + modyfing the binary is a possibility too but it gets complicated fast, especially if they intentionally try to protect it. I feel this isnt really an issue with jvm or interpreted langauges but with the others its hard especially if theyre statically linked. C/C++ have good enough decompilers that its still possible, I don't know about Go/Rust tho.
While i partially agree, even DNS query/http headers (I'm not sure if that is encrypted with ssl?) Could be useful here. Told the software not to connect to cloud, still connects to cloud. Enough reason to complain.
Nah, you can't. The issue is the "easy monitor outgoing traffic with TLS/SSL" part.
It is not impossible but it is far from easy. If the application uses statically linked SSL client (as it should if it is commercially distributed) then you have to modify the application (for example in memory) to get a copy of everything that gets written to the SSL stream.
You know how you can do Ctrl+Shift+K in Firefox to open up the browser console and inspect all the bits of the page, see the code (and fuck with it), see all the network traffic, and so on? I dream of being able to do that for arbitrary applications. Imagine having a Super+Ctrl+Shift+K that opened an OS-level GUI showing all the pertinent details of the running program.
I believe the parent commenter is aware of that - they’re describing their wish for a tool that makes monitoring native application requests easy and transparent, similar to the experience of using browser devtools with web apps.
Yeah, this is a strange take to me. Akin to catching the fox guarding your hen house eating the hens and reacting by having the fox install and monitor a security camera for the hen house. The problem is still the fox and he'll just turn the camera off when he wants the hens.
How do you know there are no outside efforts to log linux activities? There's a lot of source code to go through and is it possible there are callbacks even within OSS that most people are not aware of?
Well at least with open source, you CAN verify it. There are people and companies who do audit
You're replacing a big and unstoppable problem with a smaller one that can be mitigated
I don’t need to go through all the source code myself. The fact that Apple itself, for example, relies on Linux for most of its servers and has not raised any alarms about bits of Linux phoning home is a pretty powerful heuristic that it’s relatively safe.
Multiply that by all the multibillion dollar other companies, the tens of thousand open source focused smaller and large companies, the hobbyists, the enthusiasts, the CS professors, the CS undergrad and grad students, the PHD candidates who would be thrilled to discover a flaw on the basis of which they could write their thesis, etc. and I think one can have a fair degree of confidence.
There’s still a decent chance something would be missed. But it’s much smaller than the chance that the proprietary OS owners, whom we know for a fact phone home and have been trying to collect increasing amounts of data, are sending stuff we may not know about.
> The fact that Apple itself relies on Linux for most of its servers is a pretty powerful heuristic that Linux is relatively safe [paraphrased by me]
Many world-class companies depend on Windows, so does that mean you think Windows is safe?
An individual does not have the same access to custom tools, and teams of competent people, that ensure their usage of the Linux ecology is secure.
A recent example: I was investigating using CloudFlare Functions, because I think CloudFlare has world-class security and that “serverless” product avoids many security issues I might have with other solutions. Yet one setup step suggested piping in a script from curl to shell (commonly suggested for install steps!). Even worse, https://github.com/cloudflare/wrangler2 is their CLI tool to help development, and Wrangler is based on the node ecology, which is completely insecurable as an individual developer IMHO (trillion dollar companies can probably secure the dev environment). I use a VM to provide some sandboxing, but it still leaves me feeling icky.
At least its possible _in principal_ and many people out there can at least look at the code even if you can't dig through yourself. With Windows or OSX you're just out of luck.
> Kind of like granular oauth permissions, apps should have to declare which outgoing they have,
Just like PayPal. There's a table you can bring up that lists everyone you ever engaged with on paypal for recurring pricing, and deactivate them.
I've wanted exactly what you describe for years. Little Snitch taught me that there's just too much data that isn't organized properly. Even if you get down to the app level (like PowerPoint), it is still transceiving a lot of data. How do you tell what is necessary and what is dubious telemetry?
> with TLS/SSL inspection built in (you'd need some OS API to enable that).
I'm not sure of that. Provided you can add a cert to your OS, you should be able to get away with a piece of protocol downgrade network gear that you can then pipe to a different (ideally, offline other than UDP receive) computer for analysis.
You'd need to disable HSTS, but other than that I think it should be the solution you're looking for. Oh, and for good measure, ethernet cable instead of wifi.
You "just" need the key to the encrypted traffic. You don't have to change the handshake/negotiation, you just want a copy of the key so you can decrypt the traffic.
In TLS, the client authenticates server, then they both agree to use a key for the session; the OS can get a hold of this key (this is usually a bad move because then any captured traffic frames could be later decrypted).
I was just thinking about this- pair that with a iPad that sits on refrigerator and shows your grocery list and family calendar. Then it blocks your smart tv from sending data out and allows family to keep organized. Does 3 things very well and that’s it
Why not just disable the network interface and see what stops working.
Why not set the Windows computer's gateway to a computer that the user can properly control, i.e., do not give the Windows computer direct access to the internet.
Windows is an OS that was created before the public had access to the internet.
It worked just fine "offline", i.e., connected to a LAN but not an internet.
Same for the Mac.
To be honest, I cannot think of many PowerPoints that needed internet access, at least not in the fields I have worked in.
Obviously, "tech" companies want personal computers to be online for every waking moment of their owner's day. Neverthless it is in fact possible to "block", i.e., not assent to, much of this outgoing transfer of personal data/metadata to "tech" companies at the user's expense. I have been doing it for over 20 years. With few exceptions, I inspect all HTTPS traffic that I allow over the networks I control. The "tech" companies gathering this data do not pay for the user's internet or cellular service. The user covers the cost of the data transfer.
Change begins with the people who know how to make it. For example, it is not difficult to stop PowerPoint from phoning home. Why go along with it. But when those with the requisite knowledge year after year make statements on HN how it is futile to thwart any personal data mining because it is not 100% "perfect" solution,^1 I have been seeing these comments on HN for many years, then it is arguable this becomes a self-fulfilling prophecy.
The "majority of people", "general public", etc., do not know they have a choice. They will use whatever is presented to them. What happens when those who do know there is a choice go along with what "tech" companies present to them. They are in no position to blame "the majority".
Certainly, those working at or investing in "tech" companies would welcome a lax attitude toward avoiding data collection. "Nothing is going to change because no one cares." Tell that to Zuckerberg after Apple prsented its customers with the means to "block" some of Facebook's data collection.
We could go to our EU representatives and ask for them to make it mandatory. Though I suspect it'll go down the same way as the GDPR, at least at first.
We really just need a clarification/ruling that ANY telemetry is not essential to providing a service and thus requires informed consent before it can be collected and consent cannote be required to use the service. And then enforcement against all these applications.
I don't think adding technical layers to block these data leaks is going to work long term.
What indication is there that Microsoft wants to keep this traffic secret? The OP was able to detect and inspect this traffic with standard network monitoring software.
This is a one paragraph claim that doesn't provide resources to show that their claim has basis. It could very well be entirely accurate, but there's no information contained here to know one way or the other.
For example there have been numerous claims made previously that link ANY network traffic to a supposed invasion of privacy, but once you delve into the underlying traffic it isn't nearly as nefarious as it initially seemed.
This article is telling you to "open up the network monitor of your choice" but network traffic and CONTENT are apples Vs. oranges, and yet we're meant to draw conclusions from that? We're meant to know Microsoft are taking your slide's content whole-hog? Isn't that yet to be determined?
Yes. OP's post doesn't present any evidence that those packets being sent actually contain your personal data. Show us some data from an actual packet or GTFO.
I've raised this point repeatedly in different orgs. It's met with some combination of indifference and lack of understanding and not-my-responsibility-ism, but I'm sure that this will eventually blow up hard in some company's face - like 9-digit settlement for breach of contract, or worse things like breach of export control laws.
Enterprise data security on the "MS Office level" at this point is like driving 60 mph on a road with no lane dividers. You just pray that you never meet a drunk driver or someone texting in oncoming traffic who suddenly swerves into your lane. You pray that none of your employees click the wrong button and bankrupt the company.
The entire Department of Defense runs on PowerPoint, along with all of their contractors. It is not at all uncommon to produce slide decks that are either classified or covered by ITAR; this is a disaster waiting to happen.
No. DOD/Gov projects can be hosted in completely secure locations, and Azure for Government follows all the required standards. Office365/Sharepoint supports FedRAMP High. Most agencies are in the process of finishing migrations so that both their desktop and online apps use the same data in secure cloud installations.
Sometimes classified leaks onto unclassified networks via human mistake, coincidence, or ignorance. I've literally seen classified PowerPoint slides marked unclassified due to ignorance. This situation requires security to confiscate all machines the data may have leaked to.
Oh, I've absolutely seen similar, and I don't doubt it's extremely commonplace.
But Microsoft generally supports policies for enforced disabling features like the one referenced in the post. Similarly, data exfiltration from managed to non-managed devices is an entire cottage industry. And generally that's why govt employees are expected to use separate, locked down devices where their compliance-obsessed (hopefully, but not always in practice) admin has total root.
And I don't believe you're implying this, but certainly I don't think it makes sense for companies to _not_ build internet/cloud-connected experiences and features just because there's a possibility that govt officials won't follow their own security policies and best practices.
ITAR regulated information isn't only on the SIPR/High side.
From the perspective of Classified Data this SHOULD not be a problem, but I highlight the "SHOULD" because sometimes these barriers get crossed unintentionally. Mission briefings, etc. may accidentally leak info, and those are almost all PowerPoint.
For the ITAR data though, that's absolutely not only on isolated networks.
Powerpoint is the raison d'etre of an entire class of middling bureaucrats. They'll fight tooth and nail to protect their turf and preserve their role in society.
Did you read the article? I find your jaded sense of cynicism to be different than critical thought. I don't see any proof in the article posted about its claims. It's just very easy to get jaded, cynical people to support the right headlines on social media. Hacker News, be better.
I can't believe how many companies in general are leaking massive amounts of sensitive data to Microsoft. With Outlook alone MS much have an incredible amount of data on nearly every business and an unprecedented amount of insight into what they are doing.
Windows 10 has only made the problem worse. The last desktop PC I got from my company's IT department had windows 10 on it and it was configured to send every last keypress to MS. Why they had the Windows 10 keylogger enabled I'll never understand, but at least it was easy enough to disable.
Doctors routinely need to present cases to each other. It often involves pictures of the patient and other identifying information that is essential to describe the case in detail. They need some way to do this.
Any healthcare institution is going to have a Business Associate Agreement[1] with Microsoft. OneDrive is one of the allowed/suggested ways to transmit PHI where I work.
HIPAA is prescriptive, not descriptive. It does not lay out specific standards to reach. Only overly vague and broad guidelines. Because of this the industry has more or less developed its own best practices that should be good enough.
What this means is that healthcare providers have annual audits performed by third parties who check compliance with these "best practices" which may or may not have any relation to what the lawmakers intended. Its ultimately about checking boxes. yada yada security is hard. You can't write a law that describes a security posture and expect to be relevant for more than a year at most.
Wouldn't it be easier to ban putting HIPAA protected information into a PowerPoint? We don't ban telephones just because an employee can read patient records over the phone.
Of course putting ePHI in PowerPoint presentations should be against policy. The thing is, when it does happen, it's almost always inadvertent. Unfortunately, the "oops, my bad" defense isn't valid against violations of the HIPAA privacy rule.
Yeah. The HIPAA data needs to be encrypted and you have to report everyone who has access and you need patient permission to share. HIPAA is bad, but ITAR violations put you in jail!
There are a lot of roads in the US with a 55MPH speed limit and no lane dividers. In many states, all rural roads with no posted speed-limit have an assumed speed limit of 55MPH. People drive 60 on such roads all the time.
Largely true, but worth noting that each state has its own speed limit. Vermont, for instance, sets the state non-highway speed limit at 50MPH, so you'll almost never find 55MPH undivided roads in that state. Colorado, on the other hand, has undivided roads with 65MPH speed limits. Much of the Midwest and the East Coast tend to set their limits at 55MPH, though.
the bar to drive in Germany is significantly higher than in the united states. Requirements for getting a drivers license in America is ridiculously lenient because the American lifestyle is completely car centric. taking someone's license away is tantamount to sentencing someone to poverty.
The Autobahn has a recommended speed of 130 km/h. OP was talking about Landstraßen having a speed limit of 100 km/h. The two are very different kinds of roads. The Autobahn does have concrete dividers and hard shoulders for example. It also has a much more predictable design compared to a Landstraße.
Not so funny considering that more than half of fatal car accidents in Germany happen on exactly those streets (744 in 2021). Followed by Bundesstraßen (606 in 2021), which only sometimes have dividers and are usually limited to 100 km/h as well.
In compare, on the Autobahn, which always has dividers but often has no speed limit at all and is not below 100 km/h under normal circumstances there were "only" 318 deaths.
It's worth pointing out that Landstraßen often have trees next to them for cosmetic and "noise reduction" purposes (the latter has no significant effect, although many people believe in it). They are also not necessarily illuminated and can have crossings or sharp turns in addition to nearby wildlife and houses.
In many cases the roads are also used by cyclists or agricultural vehicles which many drivers feel compelled to overtake, which can be dangerous because of limited vision and the need to switch onto a lane that may contain oncoming traffic.
Compared to the Autobahn, Landstraßen are chaotic and often dangerous, not just for the people driving on it.
Does comparing raw number of deaths here make sense without taking into account the total distance travelled / time spent per person on these different kinds of roads? Not to mention other factors like e.g. how tired/inebriated/distracted the average person using these roads is, which is unlikely to be the same for short distance and long distance travel.
Also 744 < 606 + 318 so it doesn't even seem to be "more than half" even with some road types missing.
"Unless I’m misunderstanding and lane dividers mean the printed lines."
Well, we also have plenty of really narrow roads on the countryside, with no lane divider, no printed lines and - no speed limit, where you could do 100 km/h, as well.
(And well, some people do, but if you crash, it would be also legally your fault, for not having the adequate speed, even if there is no formal speed limit. Which is a nice counterexample to the usual, everything is forbidden unless it is explicitely allowed mentality)
Yeah, my point is not that such roads don't exist, they are relatively common, as you say.
My point is that your only "defense" against oncoming drivers on such roads is to pray that they stay in their own lane. This mostly works because people are mostly sober and undistracted and not malicious. It is kind of terrifying when you start to think about it.
Depends. In Germany we try to set the speed limit at the speed you should be driving in clear and dry (or slightly wet) conditions. In Sweden in the other hand I've seen roads where no sane person should be going the posted speed limit
+1 for the export control stuff, even if I think it might be worse for MS than for the actual customer. At least I hope...
Edit: As was pointed out elsewhere, the phoning home stuff can be turned off at org level. So MS will not be affected by any fallout of potential export control violations.
This kind of thing in particular should make banks' compliance departments more nervous than usual - Powerpoint is a really key tool for deal teams, and the behaviour is here might just be obscure enough to be missed by people tasked with stopping price-sensitive information slipping out the door.
I am surprised you believe the vast majority of power point users would be handling information that could even breach export laws, or that even the majority of users are making power points to present to people of other nations...
I bet that is less than .01% of all power points created in the world
After the issues with Github Copilot and copyrighted code, my mind is drawn towards similar inadvertent leaking of proprietary information via a model trained on that information.
There's a pervasive lack of precision in privacy discussions. There's a difference between a network request that does some computation on the server side, one that does the same but may log errors and increment counters, and one that actually stores the data temporarily or for a long time. And in the last case, there's a difference between the data being nigh-impossible for internal employees to access (perhaps only used as input for other automated systems), and data with few controls. What about the ability of the user to invoke a delete for all their data on the server side? There's so many dimensions.
This is not a useless feature. I can imagine it might help someone make a better presentation. We have to weigh the potential privacy implications against that.
And asking the user to consent for every little thing isn't the solution either. It's so annoying to be pin-pricked by dialogs. At work, this sorta thing should be decided at the organization level, by setting appropriate fine-grained org policies for Office.
Do you make the same differentiation when it comes to what Chinese companies may collect from the computers of American companies? Especially this part:
> there's a difference between the data being nigh-impossible for internal employees to access (perhaps only used as input for other automated systems), and data with few controls.
This bias is very apparent in most of western media.
A Chinese software vendor could do as much as sending your keystrokes for autocomplete you bet it will be front page news on Reddit and here with every comment reminding me about Xinjiang and 1989.
But Microsoft could upload the entirety of your hard drive and we would find apologists like OP rationalizing away the behavior.
I’m not convinced either governments are not in kahoots with private companies.
> A Chinese software vendor could do as much as sending your keystrokes for autocomplete you bet it will be front page news on Reddit
Yes? It’s not like it’s a double standard or remotely hypocritical to hold a US corporation or the US government to different standards than a Chinese counterpart.
> There's a pervasive lack of precision in privacy discussions. There's a difference between a network request that does some computation on the server side, one that does the same but may log errors and increment counters, and one that actually stores the data temporarily or for a long time. And in the last case, there's a difference between the data being nigh-impossible for internal employees to access (perhaps only used as input for other automated systems), and data with few controls.
This seems like less of a "precision" issue and more of a "transparency and accountability" issue. Do you know how long this information is stored by Microsoft? Where it is stored? Who has access? What the process is for requesting that data is deleted or even for opting-out of it's collection? An opt-in prompt is a great place for organizations to provide access to resources that answer these questions.
When we don't have the answers to the questions, (or don't trust the organization providing the answers to be truthful), we should assume the worst case, not the best as you seem to be implying.
> And asking the user to consent for every little thing isn't the solution either.
Prompts/permission can have varying and nested levels of granularity. This is absolutely not an excuse for not providing opt-in for data collection. (Edit: E.G. You can simply ask "Allow Us to Collect Data: Always, Never, Sometimes" and then you only need to show additional prompts if they select "Sometimes". If you are seeing to many people saying "Never" then you can do a better job of explaining the benefits/features, but you can't just ethically ignore the wishes of the user.)
I see no problem with organizations pre-deciding this for their employees, (thus no need for a prompt), but this doesn't remove the need for individuals and members of less organized organizations to have the ability to not have their data collected.
Yes, it helps Microsoft, and it helps The Powers That Be advance their goal of total information awareness to maximize their security and power and be unaccountable. As a bonus, the harm it does to users is hard to see and hard to reason about, so the genuine proponents and their useful-idiot accomplices throughout the tech (and political) world have been very weakly opposed in advancing the pervasive surveillance agenda.
This seems blindingly obvious? They use a cloud powered feature, then complain that information is sent to the cloud? According to this help article using designer for the first time will request permissions.
The blog post CLAIMS to not be using that feature, so charitably they could be talking about something different.
Who knows though? They provide so little information and I have no particular reason to trust them without some kind of evidence. I'm flagging this article since all we can do is speculate.
The future of personal computing is really dark these days. I just attended an apple event for education and government. The amount of data tracking and the standardization/normalization of this behavior is dystopian.
What happened to computers being just fun and a source of exploration and freedom?
Microsoft, Gooogle, Apple all constantly push their cloud based accounts … where everything is tracked.
> What happened to computers being just fun and a source of exploration and freedom?
Having this experience isn't any harder than it was in the old days, it's just that there are so many more people participating in computing in some form that it's harder to find the people who truly own their computing experience.
The companies that made "personal computing" easy enough for the masses want to profit off of that, and they've settled on strip mining data and robbing user control as the best way to make money. This leaves their mass-marketed version of "personal computing" a hollow shell of the original, but it doesn't remove the original.
You can still install a privacy-friendly Linux or BSD with only FOSS software. You can still self-host your data and retain full control and privacy. What you can't do is benefit from the ease of use that mass-market computing provides while still retaining full individual control.
Friendly reminder that Apple shares their iCloud data (users' docs, pictures, messages, etc.) with the Chinese government in exchange for market access:
I think it's worth clarifying that this is just Chinese users, though that was probably clear to most. The Chinese and rest-of-the-world iClouds are completely separate.
It's very comforting to know that they treat the data of their Chinese users with such respect. For a company that insists on privacy being a human right, they sure do seem to have a flexible definition of human!
On the other hand, Atlassian’s stock lost 66% of its value, and it could be because investors notice that converting people to the Cloud is not currently working.
Atlassian should have better bet on their Server solutions, but they really really wanted to be a cloud operator. “For strategic reasons.” Maybe for governmental reasons, who knows.
It's a contentious issue in AppSec where most vendors want you to upload source code to their cloud for anything other than the most basic of scans. There are SLAs for how long the vendors can retain the source code they scan, but many clients are not aware of how much of these scans are performed manually behind the scenes by humans and how few of the vendors have their compliance audited. The possibility of a vendor failing to properly secure your source code is risky enough on its own, but it being accompanied by detailed reports of the security vulnerabilities in the code should cause some hair to stand on end.
> It's a contentious issue in AppSec where most vendors want you to upload source code to their cloud for anything other than the most basic of scans.
Write the source code in some Assembler language (or even binary code ;-) ). Or use some obscure programming language that the vendor cannot scan, thus having a reason not to upload it.
In case you weren't being tongue in cheek, the purpose of the scan is to find security vulnerabilities so they can be rectified. If the scan cannot understand the code, it can't find the vulns that need remediation. Unfortunately, you don't even need to pick an obscure language. Almost all vendors of SAST products are chronically behind schedule on supporting the latest versions of languages and frameworks, and some of the biggest names have significant gaps in which commonly used languages they support.
> it could be because investors notice that converting people to the Cloud is not currently working
Given the barn storming financial performance of other cloud operators and Atlassian's impressive record in (un)reliability, I think investors are quite aware that converting people to the cloud is going swimmingly most places that aren't Atlassian.
That was never a thing. It was always an illusion for the advancement of artificial intelligence.
Why do you think they are going so hard on the Semantic Web shit? It's not for the disabled - it's for the blind, deaf and dumb AI that needs the entire content of the web to train on.
I'd too be interested in further analysis (eg: ruling out false alarms, such as some update check) so that I can say to others with more certainty that something is of potential concern, rather than it being shot down later if someone does a more rigorous analysis.
Just because one could say a company has done controversial things before doesn't mean there's no benefit in verifying claims.
I mean, it's fine if one is personally satisfied with not explicitly having evidence of the specific alleged data collection here, but speaking from experience when the time comes and people inevitably prod further for sources and only hand-wavy arguments can be produced I've found it's not the strongest/most compelling result for motivating a potential change of behavior.
Anyone here could believe this is occurring and it wouldn't likely surprise them but actually knowing concretely can have the effect of changing things. Consider the difference between people assuming various things about the NSA pre-Snowden vs post leaks and how it affected change (or at the least a better basis for it).
Obtaining user data should be a horrifying prospect for companies. They should obsessively work for alternative ways to not need it for their goals. And when they need it, to be ridiculously careful about it. (you could substitute "user data" for "application state" here)
But it's not because there aren't sufficient consequences. Memory leaks don't properly crash the company as they should.
> Memory leaks don't properly crash the company as they should.
Typically, companies just worry about about liability leaks. Which they take seriously enough to dedicate a lot of lawyer time to plugging redundantly with innocuously vague disclosure wording, terms of service wording, difficult to find and inconvenient to use opt-out tools, etc.
I suspect you mean data leaks, in the context of your comment. But memory leaks should be a thing of the past also - they hint at the quality of the underlying code.
This doesn't bother me too much (but it would if I worked at a different company - I'd have concerns over company secrets). It's the browsing history which is by default sent to GOOG/MSFT which bugs me. On by default, and I'd swear I've seen it get reset on Chrome.
Chrome:
Settings > Sync and Google Services > Make searches and browsing better
Edge:
Settings > Privacy, Search and services > Personalize your web experience
This.
I've installed Linux+LO for years to a lot of people (also a couple times when it was in the earlier StarOffice incarnation, can't recall if under Windows or OS/2, certainly not Linux), being extremely clear on one thing: "this is not Microsoft Office, it's not as powerful as Microsoft Office and you may find some incompatibilities here and there (that was true especially during the old times), but the features 99% of users need are all here. Keep it for a while, and if it doesn't work for you, I'll install your Microsoft Office back for free and you lose nothing".
It was a success almost everywhere, but it's extremely important for "normal" users to be comfortable with the different tool; remember that we value privacy, Open Source, etc. they don't. If something that they don't perceive as important requires a change in their workflow, they'll refuse that, so I don't even talk them about different file formats and just set it up to read/write in MS Office formats from scratch.
> but the features 99% of users need are all here.
I cannot believe this, in particular for the comparison Excel vs. LibreOfice Calc: the latter is used insanely actively in the finance and insurance industries, thus any proper user sampling should bias towards these industries. On the other hand: users in these industries know Excel really well and use very advanced features of it.
I have performed logistic regression in Calc, by using the Solver feature to find coefficients, after multiplying the input with them, passing the output to a sigmoid, and computing the mean squared error.
I suspect anything more advanced than this would be better worth implementing as a script, rather than using Excel.
The main arguments for Excel, that I suspect, would be better collaboration features (like comments and sharing and such), and better integration with other MS tools (Outlook etc.).
But even then, perhaps a script or Jupyter Notebook would be easier to work with (for diffs and version control that are not vendor-locked).
>
The main arguments for Excel, that I suspect, would be better collaboration features (like comments and sharing and such), and better integration with other MS tools (Outlook etc.).
No, the main argument why Excel is used in the finance and insurance industries is that many users know Excel really well.
That is true, but let's not forget that the userbase that needs only basic spreadsheet functions or simply a tool for writing text documents is vastly superior. One of my accountants used StarOffice like 20 years ago, and I recently serviced a business consultant office in which all machines had OpenOffice (installed before the LibreOffice split). Excel is for sure a monster feature-wise, but outside of certain niches the need of all those features is really low, then again many Office users didn't even know about its existence since all they need is to read and write text documents.
I used libre office for years, but I switched for 2 reasons.
1: the export to docx had problems, and most publications require your submissions to be in docx format;
2: it gets laggy with large documents. This lag becomes distracting when writing novels. Seems to start around page 20-50 and gets worse and worse as you go.
I wish I had better alternatives to suggest.
I wish that publishers would stop demanding we submit our files in docx format.
I hadn't noticed LibreOffice lags any worse than MS-office. But, if you haven't tried, for anything bigger than a chapter or so, do yourself a favour and try a "proper" typesetting system - LaTeX, SILE, or the like.
There will be a learning curve but I find my attention stays on the content, as I'm not continually distracted by the format issues that are better delayed until the text is complete.
You'll want a reasonable text editor with spell checker, preferably one that knows to ignore formatting commands. Note you will end up with PDF output - if you really have to submit docx, my condolences!
To be fair I haven't used Writer much. I've used Calc a lot.
LO Writer can export to PDF when you need to preserve formatting. But if it needs to also be editable, I guess ODT is the only way. Maybe in light of the recent events you can convince your publishers.
About performance, you might want to give AbiWord a try also.
One possible reason is that the actual data that's being sent is a lot less nefarious than is being implied.
I've seen people vehemently argue that merely checking if a new version is available amounts to horrible invasive unethical tracking. You might want to turn that off for the truly paranoid situations, and that's fair, but it's of course completely different than "sends all your data".
I don't have a Windows machine and I certainly don't have PowerPoint, so I can't actually check anything myself. But I see a lot of confirmation biasing going on in this thread, and I bet most people didn't check anything either. All I can give this article is a shrug.
> I've seen people vehemently argue that merely checking if a new version is available amounts to horrible invasive unethical tracking. You might want to turn that off for the truly paranoid situations, and that's fair, but it's of course completely different than "sends all your data".
Hahaha, I've been there. And in an open-source code base, no less! We were using a closed-source library to actually send the version data up to the telemetry service we were using, but the payload and how we were handing it to that library were clearly defined in our own source. We even had to request a correction to a major IT news outlet because they had some vague language about "and no one could possibly know what kind of telemetry $BigCorp is sending, and it can't even be disabled". Both were demonstrably false: the payload was visible in OSS, and we had a well-documented env variable that you could use to disable the version telemetry before you first start of the application (which was linked from the graphical installers as well).
In this case, I think the entire content payload is probably being sent up--if you've ever used this PowerPoint feature, it's clear that they're suggesting icons and themes based on the words in your slide--but there's a clear as day prompt explaining what's going on when you first enable the feature.
I'd _prefer_, of course, that Microsoft figure out how to bring the model onto the device so you _don't_ have to go off-box. Google managed to pull this off with the Now Playing feature on their newer Pixel devices[1]. But it is really hard, and I do somewhat understand the business aspect of "that's our secret sauce, we don't want to give it away".
"Telemetry" is not "sending the contents of your documents" (or at least, not necessarily so). This comment kind of demonstrates my point about the complete lack of nuance in these conversations.
And to reply to your reply:
> That’s exactly what telemetry is
The common understanding of telemetry is sending metadata about how people are using software. That is, things like "this button was clicked", "this feature was used", etc. That is my understanding of the word anyway.
Either way, this is a bit of a boring semantic discussion; my point is just that there is nuance to these things, and that this article doesn't really tell us anything concrete beyond "the network is used". Well, okay ... but for what, exactly? Because that does matter.
That’s what it meant a few years ago to me as well. But has expanded in practice. Yes this is too much focus on a single word.
The article states that text content is being sent, and that it makes sense according to the touted feature. Enough details given what we already know, though stingy.
More info would be useful to folks less familiar with the subject however the core issue here is somewhat old news.
Microsoft and Google have OneDrive and Google Drive where most slide decks are stored anyway so in some ways this is barely newsworthy, on the other hand I guess if someone purposefully selected Office instead of Google slides for their presentations and thought using an offline app which doesn't save the files to their OneDrive would keep them secret might get surprised by this feature.
I can't say whether the blog is correct or not, as I haven't seen the actual network traffic, but there are privacy controls that the author probably hasn't configured [1]. If it was configured correctly, Designer wouldn't even be available. So it's not as though every user of PowerPoint will have their data collected by Microsoft.
Still, Designer should display a notice that this is happening on first use (and until the user checks “Don’t show this anymore”, and maybe auto-turn that on again once a year), because a normal user doesn’t necessarily realize that this is happening. You shouldn’t have to be an IT/Office expert to have your privacy being respected.
This is literally what it does today: the first time you use Designer or some other "intelligence" feature you get prompted to confirm that you're okay sending your data to Microsoft to use the feature, with a link to privacy policy and everything.
I guess since we all use MS mostly for business purposes we don't care so much about privacy. It's something our managers sign off on, in the name of security, features and really nice value for money. But oh boy, do they know a lot about us and our businesses. I mean, my office apps have "LinkedIn services" on by default [0], so they are linking all the things to all the things.
Yes, unless Microsoft doesn't ask for consent in whatever country the author is from. There's a consent popup that you need to click through that informs you that the content of your slides are shared with Microsoft. This is part of "intelligent services" in case you're looking for the details.
The author should be able to turn this feature off easily, but yes, they did consent to this. They just might have done so months ago and forgotten about it.
The text on that page is extraordinarily misleading, if indeed "Connected experiences" are sending your data to MS servers. Nothing on the page is explicit about the apps sending your data to MS, the only hint that this is happening is the footnote that these "Connected experiences" do not work if you are not connected to the Internet.
For example, here is the description of the first type of such experiences:
> Connected experiences that analyze your content
> Connected experiences that analyze your content are experiences that use your Office content to provide you with design recommendations, editing suggestions, data insights, and similar features. For example, PowerPoint Designer or Translator.
> The following table provides a list of connected experiences that analyze your content and also provides links to more information about them.
They are going to quite long lengths to avoid mentioning where the data is analyzed.
The consent popup that shows up before you enable these features explicitly talks about sending document content to Microsoft. Their privacy policy is unreadable just like any other big tech company's is, but I don't think a normal user who's actually read the popup before clicking "OK" can miss that document content is being sent to Microsoft.
I think it's safe to say that nobody reads consent popups and just clicks okay to make the magical prompts disappear but there's only so much you can do when you offer online stuff in your offline program. I don't think it's reasonable to expect three or four popups that say "are you really really really sure?" before enabling such a feature, especially since everything is probably being synced to Onedrive anyway.
Furthermore, the target audience of the page I've linked isn't general end users, it's for administrators managing company wide Office installs. I don't have Office installed so I don't have the exact link the prompts try to direct you to, but there's probably a better privacy page that you can find from within an Office install.
At least in some countries, it legally may not constitute actual consent if the text is so unintelligible to a normal user that they don’t understand what exactly they’re consenting to. And we all know that most users just click “Agree” without understanding what exactly they’re agreeing to because that’s the only way they can get their work done.
"To provide these services, Microsoft needs to be able to collect your search terms and document content" seems pretty explicit to me. This is what the Office settings say underneath the checkbox
Another prompt ends in "Office will use your searches and document content to support and improve the Intelligent Services to you."
The individual popups seem to follow a simple "what is it, what are some examples of it, what are you consenting to" structure. Any less details and you have no idea what you're agreeing to, any more details and you'll quickly lose people in the "EULA too long" problem.
I disagree that agreeing is the only way people will get their work done. There are many ways to translate text and the "let me design a PowerPoint for you" feature is nothing more than a nice to have. There are plenty of offline themes to choose from and individual themes to download without ever enabling this setting.
Is there any way to tell if your company has opted in? Mine makes a huge show of classifying Office documents and barking about the policies of what can be shown to outside people. It would be hilarious to find out that they've done this, and are letting Microsoft slurp up all the stuff that would get us fired if we sent it to an outside email address.
When I click "Design Ideas" (rightmost icon in Home ribbon), I get a prompt that says "This experience is unavailable. Your organization's admin has turned off the service required to use this experience."
This is despite both the Privacy -> "Turn on Optional connected experiences" and
"Automatically show me design ideas" options being modifiable by me (and give the same results whether enabled or not), so I guess the Group Policy options are more fine grained.
In options (under General), I see there's a tick box for the feature, and it is checked. I have a button that says "Designer," and it seems to work. Nice! Next time someone in IT tells me something as moronic as "all web application authentication code must be written in C," or that "SAML authentication happens by adding a key to the HTTP header," -- both of which have actually happened -- I'll have a nice redirection to share.
PowerPoint has a feature where it uses machine learning to suggest layout and design changes for your content. This feature most likely can be turned off, but of course it needs some data on what's on your slide to suggest changes.
I hope this submission is flagged and removed. Just because you don't like Microsoft doesn't mean such misrepresentation is okay.
> I hope this submission is flagged and removed. Just because you don't like Microsoft doesn't mean such misrepresentation is okay.
I don't think we know the motivation of the submitter and we should not assume any motivation beyond introducing the link to the community to consider and discuss the content.
The article is very brief and seems to highlight that the designer suggestion needs to submit your slide content to make the suggestion. The question as to whether we consented suggests that we have (through the usual click through), but, to me, it is really asking something like 'do we understand the implications of our decision to consent?'.
I don't see anything being misrepresented nor do I infer there is some sort of anti-Microsoft (nor anti-anyone/anything) in the article. It does seem to suggest there is something for people to consider in that we often 'consent' without really thinking through the outcomes of what is supposed to be our willing, informed consent.
Too often we split into binary extremes when we should really take time to be thoughtful and considerate of questions being posed and where that consideration takes us and helps us to find insights and opportunities to improve ourselves. I encourage people to not automatically jump to our 'team position' (whatever that is).
I don't really care that it has a feature that's the reason they're sending data off to Microsoft, I care that they're sending data off to Microsoft and it's not blatantly obvious to the user.
Funny, I would have read that page and said that it was blatantly not obvious what was going on except that the privacy policy call out was a red flag. I wouldn't have thought anything of it needing to be enabled, lots of features are things that you might not want enabled by default. And having a privacy policy is definitely a red flag but it still doesn't say "we're going to send the content of your slides to Microsoft for processing".
In short, I pretty strongly disagree. I think that if you had a hundred users look at that page or click through enabling the feature, and then asked afterwards how many of them thought that the feature was going to send their slides to Microsoft, at least 50 of them would be very surprised.
That is a help page guiding the user on how to use the feature. Of course it’s going to be “hidden” when turning on the feature is the smallest step to using it.
If to use the feature you are explicitly asked to turn it on, with an option to view a privacy policy, that is “blatantly obvious”. It isn’t hidden or buried under a dozen other settings when you install PowerPoint, it’s done at time of use.
How, exactly, would you want it to be more obvious? A big red box every time the feature is mentioned in the help site? Be realistic here; in terms of user consent this is perfectly fine.
> If to use the feature you are explicitly asked to turn it on, with an option to view a privacy policy, that is “blatantly obvious”.
I disagree.
> How, exactly, would you want it to be more obvious? A big red box every time the feature is mentioned in the help site?
Yes, more or less. I would be perfectly happy with a single red box at the top that says this feature sends the contents of your slide to Microsoft. I am not okay with linking to a privacy policy that nobody's going to read and pretending that that's informed consent.
> Yes, more or less. I would be perfectly happy with a single red box at the top that says this feature sends the contents of your slide to Microsoft.
As a user I'd like the ability to opt-in/out of this. I much prefer a privacy policy that captures all of it for the app. Otherwise, I have red boxes showing up non-stop using most apps. Can you imagine the sheer number of red boxes you'd get for Netflix the first few times you use it!
> As a user I'd like the ability to opt-in/out of this. I much prefer a privacy policy that captures all of it for the app. Otherwise, I have red boxes showing up non-stop using most apps. Can you imagine the sheer number of red boxes you'd get for Netflix the first few times you use it!
Of course it's impractical in today's environment, but I think we'd be in a much better place if we'd established early on the idea that a piece of software that massively violates your privacy (which is to say, all of them, nowadays) comes laden with a terrifying number of red boxes when you read its privacy policy.
IT has disabled the feature for us, and quick googling didn't turn up any screen shots, so I can't see the prompt myself, but given how it is described it doesn't seem adequate to me. When software asks permission it needs to say what it is asking permission for. Something like: "This feature will send your slide contents to Microsoft's cloud servers to search for relevant design ideas. See our Privacy Policy for more information on how we protect your data". It doesn't need red flashing lights, but the user shouldn't have to dig around to determine what/why the program is asking confirmation.
Okay, I found a screenshot of the request[1], and I don't think it is clearly communicating to the user what they are agreeing to. On the good side, they do clearly describe which information is involved (search terms and document content), but on the bad side it isn't clear about what is being done with that information. In particular, for over 20 years Microsoft had used "Office" to mean a piece of software running on your own computer, so saying that "Office" needs to "collect" information doesn't clearly convey the idea that your documents being sent over the internet.
> The first time you try out Designer, it may ask your permission to get design ideas for you.
I don't know the wording for the dialog itself, so I will comment on this wording instead.
Asking permission to "get design ideas for you" is absolutely wrong. They are asking permission for the wrong thing. They should be asking permission to "collect content from your slides". They can then explain that the upside is that in return you get access to design ideas.
Depending on the context of the dialog an appropriate wording would be something along the lines of this: "In order to access design ideas, up-to-date slide contents need to be regularly sent to Microsoft servers. <Agree> <Cancel>".
edit:
- Would you like some chocolate sprinkles with that ice cream?
- Sure!
- Cool, <while sprinkling chocolate on your ice cream> it will cost $100 and your left kidney.
This statement asks for permission to fetch data, not to upload my data.
Uploading data based on this statement is a blantant violation of customer expectations, so obvious you don't need to be neither a ux expert nor a lawyer to see it, you just need to read carefully.
I am genuinely curious as to why the MacOS version says "The first time you try out Designer, it asks your permission to get design ideas for you." and the Windows version says "The first time you try out Designer, it may ask your permission to get design ideas for you."
Can Microsoft use some other setting in Windows as justification for bypassing the permission step?
When you turn on the feature it is VERY specific that it sends the data to external servers. There's a disclaimer and everything, right in front of the user.
Now, is it a glaring red pop-up? No. But IT department's can also choose to disable the feature if they don't want their company to use it.
Right; when I saw title I assumed Designer was going to be the context. I've also observed that Designer only works when I'm online, so I figured out that it uses external servers to generate suggestions.
I suppose it could/should be more obvious/explicit on the Designer pane itself, something like "This is an online feature that uses Microsoft's servers to generate recommendations", or a more user-friendly language.
Note however that the article is light on details; does it send a full content of slides? Some hash of text and images? A non-identifiable abstraction of layers involved? This could be done well or poorly.
(I don't think the submission should be flagged FWIW, but I agree that it's not of good enough quality to deserve great ranking; but that's of course subjective:)
"Automatically show me design ideas" is a pretty visible option in Preferences (looking at my Mac here, can check Windows later, but I remember turning that off on my new laptop since I just never _use_ the suggestions and they came up when I was traveling and on slow Wi-Fi).
I also believe it can be managed by policy.
MS FTE here, I have no direct awareness of how the feature works and am not affiiliated with Office - but I'm sad that something meant to _help_ people (if this raises hackles, I don't want to see what the OP says about the accessibility checks) is used to bludgeon my colleagues publicly.
If that is the feature in question, neither the app itself, nor the online help shown when clicking "About PowerPoint Designer" give any indication that your slide contents data will be sent to MS.
Have you actually used the thing? Again, I'm an MS FTE and not privy to the internals, but it gives you _layouts_ with your local text filled in. It's a visual template suggestion engine, it doesn't _need_ your text to work.
I don't think he implied that your data gets sent out.
We don't really know yet if your data/powerpoint content is sent to Microsoft, or if Powerpoint just goes out and looks for layouts, fonts, etc. without communicating any of your text.
So you agree that Microsoft sends the content of your Powerpoint slides (and, by extension, all DoD powerpoint slides, since they're notorious users of the application) to Microsoft?
> and, by extension, all DoD powerpoint slides, since they're notorious users of the application
This is a pretty huge exaggeration here. Closed rooms exists and are used when appropriate.
And just because something is enabled in the consumer version by default does not imply it's enabled and available in enterprise settings. Last time I dug through the office GPO templates - basically every phone home feature was easily disabled on an org level if desired.
Further - what do you think something like Google Slides is doing with your data? It's ALL stored on Google's servers by default.
The article has a low signal-to-noise ratio. It is just a single paragraph claim that doesn't delve into anything nor inform its audience of anything. Why shouldn't it be flagged?
If this claim was posted as a HN comment without citation or further explanation it would likely get flagged, why are submissions held to a LOWER standard?
> Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
Happened the other day on HN. "Imagine we could use this to stream movies to astronauts on their way to Mars" / "well... you know local storage is a thing, right?".
I don't have a link to that exchange handy, but this for the first time drove home to me the realization that we have a whole generation of people brought up on Internet streaming services, who may not even realize that it's not only possible for the media to be stored locally on their machines, but it's in fact the natural state for data.
Joking aside I think we are getting close, Photon did a lot to bridge with Windows in terms of gaming, GUI is often times at least on par with Windows/MacOS, if not better (obviously thats subjective), and reliability/performance has already been there for a while.
That being said, I still think theres more work to do, and arguably the hardest work is ahead.
Linux is on par with Windows kind of but not really. It's a little ghetto
For example, desktop environments are just wonky and buggy most the time, random games don't work, WINE is the worst piece of software on the planet, drivers suck, other random weird issues.
> For example, desktop environments are just wonky and buggy most the time, random games don't work, WINE is the worst piece of software on the planet, drivers suck, other random weird issues.
When was the last time you have tried linux? With exception of wine, which on its pure form is indeed annoying, nothing else is true. Gnome/KDE/Cinnamon are just fine (not my cup of tea but far from buggy/wonky). I have no problem gaming even on i3. For driver on many distro you can check a box to install the proprietary Nvidia driver.
You can use lutris to easy the pain of wine, and if you use proton on steam you are just have to click install like windows. You can check here the compatibility:
Also let's not pretend that windows is walk in the park. I have had my share of problems with drives/games not working on windows as well. That is just the nature of trying to run games on PC. It ain't never gonna be as easy as on consoles.
> desktop environments are just wonky and buggy most the time
Of course it depends on the DE ou're using, but I'd encourage you to give it another shot. This was certainly the case at one time, but I tried Fedora earlier this year and was shocked by how stable the UX is. Not even in the "wow, this is nowhere near as buggy as it used to be" way. I can't speak for all distros, and I do know some which are less than perfect, but Fedora at least was certainly an eye-opener.
> random games don't work, WINE is the worst piece of software on the planet, drivers suck
I get why you, as the end user, wouldn't care about excuses, but to be fair none of these are entirely the fault of linux because they're trying to get things to work that the original developer didn't intend to run on linux.
It'd be like blaming Microsoft for MacOS apps not working on Windows, or visa versa. Again, as the end user thats not really your problem, if you need to run a piece of software and the OS doesn't run it, it doesn't really matter why, but I don't think this is an example of buggy software on the side of linux devs.
It's true though. The Steam Deck is amazing, most games just work.
I agree that the GUI part is subjective. I find even the jankiest of Linux DEs to be better than Windows 10 and 11. I still find macOS quite superior, and the one area where this is not going to change any time soon is the cohesion of UI/UX between different apps and the OS.
Performance is unbeatable on Linux. Reliability depends a lot on the hardware and distro. This fragmentation makes it less approachable "on the desktop".
Glad you mentioned fragmentation, I couldn't think of the word for it and decided it best not start describing it, or you start getting into things like whether or not the distro-specific package manager is truly the best way of handling things (not saying its not), which in many eyes is heresy to even bring up.
Cohesion is without a doubt better on MacOS, though again linux is getting closer. A small thing I wish I didn't notice as much as I did is the "top bar" on not-so-well built electron apps. Apps like VSCode and Electron handle this really well, but others don't (Simplenote is the only one that comes to mind). On Windows, this results in a really very striking white top bar, fine if you use a light theme, not so much for dark theme. On linux, or at least gnome, the top bar (whilst being a bit too big for my liking) much more seamlessly integrates with the rest of the OS.
I think i've finally reached that point where the latest trend just doesn't make sense to me. In this day and age of ever increasing connectivity and bandwidth offline first web applications just don't make sense. Take an offline-first app running in your browser and then cover the address bar and buttons with a sheet of paper, now you have an Electron app. Why not just use Electron if a desktop/unconnected webapp is what you want to do? Actually, i suppose if the front-end guys just wanted to get rid of the back-end guys then an offline first trend would be a way to further that along haha.
quite the opposite. the next era will be online-only SaaS apps accessed via rented thin clients tied to your real identity.
and your dangerous general purpose legacy hardware will not save you from that, as it will be impossible to access the internet with a device that doesn't disclose your identity. to combat disinformation and hate speech, of course.
Plus there are policies which allow admins to block PowerPoint Designer, as well as all Office 365 "Intelligent Services" (or "Intelligence Services", depending on your POV).
> If you’re on a work account, your admin may have enabled or disabled it already with GPO/MDM.
It has to be a global Office 365 setting, my computer is not in the domain, I’m the only admin for it. That’s why I’m asking where the setting for the permission is, so I can have a look at it (I’m secondary admin for the O365 account) and potentially disable it.
> If the user has an Office 365 (or Microsoft 365) subscription and is signed in with a work or school account, or if the user has Office LTSC Standard for Mac 2021 or Office Standard 2019 for Mac, then the user can't turn off connected experiences that analyze content.
If I have one hope for the future, it's that 'accepting' click-through corporate EULAs containing unconscionable terms that few read will no longer be considered consent.
And that the user may not have capacity to consent.
That seems the salient issue today with regards to children and social
media. Most of the giant social media companies profit from
participants who cannot legally enrol.
By "participants who cannot legally enrol," do you mean minors? I'm not tracking what the Venn diagram between those people and those who "may not have the capacity to consent" is.
But Dogbert's comment actually deserves a bit more than "try using
common sense instead of set theory" :)
I tried thinking of classes of adults who lack capacity, other than
the mentally unfit, senile or criminally insane.
There's a lot of young people who are "deemed to consent" (the passive
weasel-words of filthy scoundrels) in higher education. I've written
about Turnitin in the Times and the "very dodgy circumstances" in
which students are inducted into university and then find themselves
coerced into tacit agreement to use tools which massively violate
their privacy and other rights. The same applies to Microsoft products
where institutions block choice and force students use insecure
products that they would refuse if exercising their better judgement.
Many companies have gotten their first fines already. Hundreds of millions of shareholder value down the drain because they blatantly ignored the rules.
No, most companies don't get a massive fine in the first round, but I already see enough have gotten then that even Google now allows me to opt out with a single click :-}
GDPR technically does have real teeth, to the extent that one really shouldn't want to raise the ire of an EU Data Protection Authority. Unfortunately, enforcement to date, and the resulting fines, have been lackluster at best. When will people learn that disincentives like fines and such have to actually hurt to be effective in changing the behavior of corporations?
I wonder what the NSA or any other of these three-letter agencies think about that, I can remember much of the leaked information consisting of Powerpoint slides.
This post seems to lack any useful information to come to the conclusion of "phoning home the content of PowerPoint slides". That said, if you use the tool in question, you'll notice that it only suggests layouts and these seem to be fairly generic. They don't seem to take into account the content so much as how the content is laid out.
This could be as "simple" as Microsoft phoning home with the layout of the data (bullets vs title vs paragraph of text) combined with perhaps hash codes of any topical features (things that indicate technology vs food).
I've never been "surprised" by the feature the way I am with Github Copilot where it sometimes feels like it's reading my mind. The Designer is just a simple way to click a button and get back 5+ recommendations on how you can layout the data.
Without some kind of evidence, my explanation is just as valid as the blog. That which can be asserted without evidence can be dismissed without evidence.
Well that's cool, it's just like Copilot but for confidential and proprietary information! I wonder if I can get a sneak peek into my competitor's quarterly reports using this suggestion feature...
Just because it is phoning home data doesn't mean automatically it's sending your data - more than likely it's a block of stuff representing what is your data, because nobody wants to traffic in your copy/pasted email FW:FW:FW:FW graphic at 6MB you use on every slide for your company logo. It's just not practical to me, and if you don't like that generic thing, well, disable Design suggestions. Pretty sure there's a switch for that somewhere. Usually there is with Microsoft.
Paint: having Admin rights when you can find it since Windows 95
This is a fascinating multi-faceted problem...there is the outright concern of how much of the data is being exposed, but there is also a much more subtle action at play.
It appears that MS is using our data to continuously train their large DL networks to provide these recommendations...so what is to prevent a bad actor from cunningly constructing an asset that may trick the recommender into leaking insights from another company (or possibly poisoning the network itself)? These adversarial attacks have been well documented in academia.
What I am kinda waiting ( and it is coming ) is for someone to find out that Excel actually gathers all interesting data under guise of automatic analysis ( ala copilot ). The financial sector will tremble as almost the entire human population existing in the spreadsheets in one form or another ( as long as they are on o365_v2 ) will have their data harvested daily and banks will be unlikely do anything about it.
Oh, look. We don't need enter Jenkins account. Everything auto populates. And we did not even map it yet...
About ten years ago, I worked at a company where we were prohibited from using any Microsoft products at all — in the name of security.
When I tell Windows-centric tech people that these days, they can't wrap their brains around it. There is no institutional memory of Microsoft's dumpster fire days.
How about Grammarly? Or G-suite? They have access to most of the companies out there. I find it terrifying people use Grammarly and it has access to every piece of confidential word written.
Grammarly should absolutely be banned. Their privacy policy is horrible.
I'd suggest companies look into LanguageTool's "On-Premise" commercial offering or run the Java-based server themselves (with N-Grams). Is it as good as Grammarly? Nope, but it is "90%" as good and significantly more private.
G-Suite is a super interesting case in that you literally cannot use the product without handing over your data to Google. It certainly seems like companies would hate that, particularly those with data protection obligations. Google does theoretically require a Business Associate Agreement (BAA) if your use case is subject to HIPAA and you intend to store or transmit PHI using their services, but I don't know how they detect or enforce that. [1]
Since when does complying with data protection mean "you must own your entire tech stack and run it on prem"? Google[0] states that they don't use your data for anything more than running the service, and there are multiple pages detailing how they secure data on their servers from both employees[1] and attackers[the rest of the document].
Microsoft and confidentiality of your data are two incompatible concepts.
Microsoft is basically the editor of a set of tools designed to make employees more productive. As long as you use Microsoft products with this in mind, there's no ambiguity: you give Microsoft the data you work on, and it gives you productivity in return.
Unless you are the actual CEO of a company involved in trade secrets (or a defense organization), you shouldn't care about Microsoft snitching the content of your slides, and everything else you write or see, to its own servers on the justification that it will make your experience better.
It's not worth entering the debate, and if you accuse Microsoft you will probably need to accuse its competitors.
Just remember to keep out of anything Microsoft when you process anything strictly personal, and you will be more than fine.
P.s.: I almost forgot to answer your question. Yes, you approved this. And again, if it's not your company, your boss very likely approved it and wouldn't even consider the effort of looking into this, so it's not your business. Literally.
This isn't a black/white issue. How about we let each person evaluate it for themselves? I find this feature useful, but if I were a sysadmin, I'd probably block it. Not because I don't trust MS, but just that it opens up a vector that I would not want to manage.
Big presentations at conferences may involve designers but there are surely many internal meetings at many levels that have a lot of PowerPoint and no designers.
It's not just PowerPoint, but other Microsoft products too. Their browser (Edge) is known for being on constant phone home, close doesn't really mean close, self-update without user interaction, odd settings that cause privacy problems, after it updates itself makes changes to settings without user permissions or breaking various security-related extensions, etc...
It's a pattern of general disrespect for user privacy and exploitation of unaware users for corporate and 3rd party entity benefit. Look no further than Microsoft's Copilot, which is in the spotlight, and arguably has no respect for users copyright.
That PowerPoint (and other Office products) are phoning home users data, should be of no surprise whatsoever.
On Windows there is Glasswire[0] for blocking applications that phone home. Just find the offending process and block it. It's not a perfect solution though as Windows 10/11 has hundreds of things that phone home and blocking them has unintended side effects (things crash randomly if they can't talk to the Internet).
I use "simplewall" [1], a firewall to windows. What I like about it is you get a popup window every time a new program want to send data out, then you could block or accept it or temporary accept it. It's crazy how many programs that wants to talk to the internet constantly.
Office itself is a cloud service nowadays. That phoning home feature is part of the online saving so that you can resume work from a browser or contribute collaboratively with other users across the network like a google docs, but on the desktop.
Microsoft Office is, in general, straight up spyware now. It reports usage statistics back to your boss. Marietta can now see exactly how long YT's mom took to read that toilet paper memo, and make disciplinary decisions accordingly.
how was it determined that it is phoning home the content of the slides? One thing is to exchange network packets with a remote server, and another thing is to claim that it's leaking slide content.
Well, you do agree to license Microsoft any intellectual property you create with their software, for free, in perpetuity. So it’s kind of on YOU if you still use their products.
I don't have PowerPoint on my computer so I don't know if it works without Internet connection. Can someone tell me what happens if there is no network access?
While this isn't acceptable, millions enjoy sharing the content of their documents every day with Google, with a document suite running on their servers.
So, what is the best way to game the system? Make many offensive Power Point presentations or silly layouts and hope the system starts to recommend them to others?
>Another way that insider trading can occur is if non-company employees—such as those from government regulators or accounting firms, law firms, or brokerages—gain material nonpublic information from their clients and use that information for their personal gain.
I know it's sarcasm, but you don't have to have "big secrets" in order to want privacy. Everyone knows what you're doing in the restroom, doesn't mean you're ok to going to a see-through public restroom.
Kind of like granular oauth permissions, apps should have to declare which outgoing they have, a description/why, and allow inspection of the actual traffic.
What Adobe CC, Google Chrome, MS Office, and macOS/Windows itself do with this background network connectivity is completely out of control and abusive to the user. They get away with it because the vast majority of users are non-technical and don't realize it's happening.
I've profiled and decrypted the background traffic on a stock Android install and the volume was also appalling. Getting macOS to 0 background traffic involved blackholing large Apple IP blocks at the router, whereas some of their processes use random IPs from these ranges and don't use DNS.
Just as the general public doesn't have the awareness or ability to fight for their privacy rights I doubt any of this will ever be remedied.