[HN Gopher] Text entered into Windows' Run dialogue gets sent to... ___________________________________________________________________ Text entered into Windows' Run dialogue gets sent to Microsoft's telemetry Author : NKosmatos Score : 128 points Date : 2021-09-20 20:20 UTC (2 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | musicale wrote: | Helpful for passwords and other information you might want to | share. | p1necone wrote: | So, what's everyone's favorite desktop/workstation Linux distro | as of 2021? | | Edit: Anyone tried using NixOS as a desktop OS? I like the idea | of scripting my setup. | messo wrote: | I'm a long time arch user, but recently installed the latest | Fedora on an old lenovo x220 an was impress by how polished it | is and how fast it runs! Flatpaks makes it super easy to | install the latest version of both free and non-free software, | which always was a pain to acomplish on Fedora a couple of | years ago. | | Fedora may be the best options for new linux users who do not | want to customize everything, but just wants a clean, fast and | polished "works-out-of-the-box" experience. | | I'll keep my higly cusomized arch (sway) install for my | programming needs for now, but will probably choose Fedora for | my "personal" laptop where I do some light video and photo | editing. | amanzi wrote: | Four replies so far, all different. I'll add a fifth: Pop_OS! | | Edit - now 9 replies, all different. Great to see so much | choice! | boardwaalk wrote: | I'm using ArchLinux with MATE. It pretty much got out of my way | and I don't even think about it... | trelane wrote: | Pop has been pretty good on my gaming PC (is a Thelio, so | probably not coincidence. :) | | Really depends on what you want. (I run Gentoo otherwise, but | that's probably not everyone's preference. ;) | Shadonototra wrote: | manjaro with XFCE + | https://github.com/davekeogh/xfce4-docklike-plugin (check the | original repo for the screenshots) | vorpalhex wrote: | I've been using ElementaryOS, coming from MacOS. Have to | install a package to be able to tweak it and replaced the file | manager with nautilus, otherwise fine. | mistrial9 wrote: | LUbuntu currently | outworlder wrote: | > Anyone tried using NixOS as a desktop OS? | | Yes! Works great actually. | | Even running Windows-based games on Steam with Proton. All my | hardware worked out of the box(including my Wifi6 module) - | only tweaking I had to do was for Vulkan with my GPU. Even | then, not that difficult and instructions are in their wiki. | | I have little reason to run Windows now. Only software I really | miss is Fusion 360. | mappu wrote: | Debian with KDE | | It's a major distro with excellent security support, it's | completely non-commercial, and KDE has a traditional GUI layout | with all the optional trimmings (snap to window edges, | thumbnail previews in taskbar etc) | iceychris wrote: | I'm using NixOS with i3 as my daily driver, can recommend. | hpoe wrote: | Ubuntu with i3. | LeoPanthera wrote: | I love how many different answers there are to this. | | I run openSUSE (with KDE) pretty much for one reason - the | repos available are completely comprehensive. They have | everything I ever need in them, even some pretty obscure stuff, | and because it's a rolling distro everything is up to date. | | The amazing YaST graphical configuration tool is a nice bonus. | brian-armstrong wrote: | Mint with XFCE is quite nice | mithusingh32 wrote: | Regolith-linux | | It's a ubuntu based with a i3 desktop manager but with newer | perfect configurations out of the box. | smoldesu wrote: | +1 for this, _particularly_ if you 've never tried i3 but | still want to know what the workflow feels like. I run | Regolith on my homelab and it works like a charm! | AA-BA-94-2A-56 wrote: | Another mail in the coffin. Why should I use Windows, when Linux | is catching up and not using these horrific anti-patterns? | hypothesis wrote: | What's interesting is the fact that telemetry is a feature at | this point (how old is Windows 10?) and you can't win a fight | against a core OS feature. Why are people still trying to fight | this? | blibble wrote: | I like Windows 10 | | it having un-disablable telemetry and mandatory updates finally | made me switch to Linux everywhere | | otherwise it's no longer My Computer... it's Satya's | trangus_1985 wrote: | You've always been able to turn it off with group policy and | disabling the reporting service. It still bugs me, on | principle, that you can't easily disable it even on the Pro | edition. | hypothesis wrote: | That's like trying to disable all those similar things in | Firefox. But you can't really, not unless you stop updating | it, because you'll miss something at some point. And that's | not even an 'evil corp' we're talking here. | trangus_1985 wrote: | I've had it disabled for years, without it reporting home. | So far, Microsoft seems to respect group policy and | disabled services on Pro edition. | gruez wrote: | >So far, Microsoft seems to respect group policy on Pro | edition | | the group policy description explicitly says it does not | respect it unless you're using enterprise or education. | | > [...] | | >If you enable this setting, you can decide what level of | diagnostic data to send to Microsoft, including: | | >- 0 (Security). Sends only a minimal amount of data to | Microsoft, required to help keep Windows secure. Windows | security components, such as the Malicious Software | Removal Tool (MSRT) and Windows Defender may send data to | Microsoft at this level, if enabled. Setting a value of 0 | applies to devices running Enterprise, Education, IoT, or | Windows Server editions only. Setting a value of 0 for | other editions is equivalent to setting a value of 1. | | >- 1 (Basic). Sends the same data as a value of 0, plus a | very limited amount of diagnostic data, such as basic | device info, quality-related data, and app compatibility | info. Note that setting values of 0 or 1 will degrade | certain experiences on the device. | | > [...] | | Disabling the relevant service might stop it regardless, | but it's definitely not the group policy. | hammyhavoc wrote: | Because a lot of people are forced to use Windows 10 and for | whatever reason cannot use a Linux distro even with Looking | Glass? | hypothesis wrote: | Are we talking about 'at work' scenario? Which is probably | fine, because that's a business decision. | | It would be prudent not to use company equipment for anything | personal anyway. | jimbob45 wrote: | Interestingly, the people least likely to disable Windows | telemetry are the people MS is most likely to want to hear from | because they're the least capable of solving their own issues in | Windows and thus represent the most pressing needs for | development to fix. | gentleman11 wrote: | How did the pr people ever spin it so that we call "keyloggers" | and "spyware" simple "telemetry" now? Let's call it what it is | moksly wrote: | I'm wonder how it remains legal in the EU. Legislation really | needs to step up on these things. | | It's an American company that's keeping taps on something like | 600 million European citizens. I don't care what sort of | "license agreement" it comes with, that's just not ok. | tgsovlerkhgsel wrote: | Legislation exists, enforcement is what's missing. | inyorgroove wrote: | There are tools for this, don't go alone (block telemetry via | hosts file): https://github.com/builtbybel/privatezilla | inyorgroove wrote: | Also, I block MS telemetry hosts on my router's dns server: | https://github.com/crazy-max/WindowsSpyBlocker/blob/master/d... | air7 wrote: | One of the relies makes sense to me: it's because the win10 | search bar is also a web search and this is intended | functionality, normal for search bars. they send a new request | every time you type a character i assume for predictive search | and fast results. you can also see this in bing for sure. | JacobLinney wrote: | search bar != run dialogue | NobodyNada wrote: | This isn't the search bar though, it's the "run" window | (Win+R), which has no search functionality and is more-or-less | equivalent to typing a command in Command Prompt. | anigbrowl wrote: | It has search functionality. I slightly mistyped something | the other day and was mystified to see the correct answer in | a mini browser window while Windows itself was failing to | match it up with the software I had installed and run every | day. You can also just start typing search queries and it | will try to launch MS Edge as soon as you hit enter. | bob1029 wrote: | Edit: Deleted my original posting. Getting some pretty hostile | vibes on basic attempts to contribute to this thread. | jaywalk wrote: | What does that have to do with the Run dialog? | [deleted] | 1970-01-01 wrote: | Microsoft is somewhat transparent about it: | | Inking, typing, and speech utterance data | | This type of Optional diagnostic data includes details about the | voice, inking, and typing input features on the device. | | Samples of the content you type, write, or dictate on the device. | Details about status of transcribing input into text | | https://privacy.microsoft.com/en-us/data-collection-Windows | thesuperbigfrog wrote: | "Who controls your computer? Is it you?" | | "Either the user controls the software, or the software controls | the users": | | https://youtu.be/Ag1AKIl_2GM?t=57 | newsbinator wrote: | This is actually a huge deal because if others are anything like | me, I paste into the run dialog to strip text formatting, before | copying it elsewhere. | | Haven't used Windows in a decade so not sure if there's a better | way now. | chinathrow wrote: | Ctrl-Shift-v in many applications e.g. Word. | Mesmoria wrote: | In many places, but not word (sadly). | banana_giraffe wrote: | No built in better way I know of, but I have | ; Type in the clipboard ^!v:: MyClip = | %clipboard% StringReplace, MyClip, MyClip, `r, , All | SendRaw %MyClip% return | | in my AutoHotkey script for a long time now to let me hit Ctrl- | Alt-V and have it type in the text of whatever's in the | clipboard. (Type instead of paste to get around random | situations where the clipboard won't do what I want) | farkanoid wrote: | It makes me happy that others do this too, I make use of pretty | much any plaintext field in proximity to strip formatting | NKosmatos wrote: | I use the address bar of the browser to quickly strip | formatting :-) | strombofulous wrote: | FYI, chrome/edge have similar behavior in their omnibox. | | If you ever find the time, open up fiddler and keep it | visible on a second monitor while you browse. You'll be | amazed by how much data is sent back to microsoft/Google. | | I'm not sure if other chromium browsers also do this, I know | ungoogled chromium doesn't. | thrashh wrote: | Shouldn't be surprising if autocomplete results appear | immediately after typing in the box. | | They didn't magically appear from thin air for sure. | im3w1l wrote: | At least the address bar lets you know it gets uploaded by | displaying search autocompletes | m463 wrote: | "Haven't used Windows in a decade so not sure if there's a | better way now." | | no, not running windows in a decade is still the better way. | | only sort of joking. I run windows 7 and haven't upgraded. | eptcyka wrote: | Windows 7 is horribly insecure now. Please reconsider. | gruez wrote: | Normally yes, but you can pirate the extended support | updates, which last until 2023. | userbinator wrote: | FUD. MS gathers more information about you than ever. | eptcyka wrote: | Both of those statements can be true. | userbinator wrote: | It's downright fearmongering --- classic MS-style --- to | say something is "horribly insecure" when it has has been | around for over a decade and all the major bugs have | already been found. | | Nevermind the fact that everyone is almost always behind | a NAT and are basically unreachable for attackers to | exploit remotely. | | If anything, the _newer_ versions of Windows are | "horribly inescure" because they contain so many "unknown | unknowns". But that wouldn't fit the narrative MS wants | to propagate... | jfrunyon wrote: | > and all the major bugs have already been found | | Excuse me while I die of laughter. | | People are still finding bugs which existed in _XP_. | Which was supported for 12 years and was released 20 | years ago. | | 7 was supported for 11 years and was released 12 years | ago. | | > Nevermind the fact that everyone is almost always | behind a NAT and are basically unreachable for attackers | to exploit remotely. | | Sure, except that the vast majority of malware doesn't | come from a remote attack. | kube-system wrote: | Plenty of new CVEs are in code that has been around for | decades. For an example recently in the news: | https://msrc.microsoft.com/update- | guide/vulnerability/CVE-20... | gruez wrote: | > It's downright fearmongering --- classic MS-style --- | to say something is "horribly insecure" when it has has | been around for over a decade and all the major bugs have | already been found. | | Have they? We just had printernightmare (CVE-2021-34527) | a few months ago. In certain configurations you can even | get RCE. | eptcyka wrote: | I wouldn't use an Android phone for anything safety | critical if it was more than 6 months behind the latest | security patches. Why would it be any different for | Windows? | | Of course, we can play the asterisk game and expressly | state that if the machine is not connected to the | internet and not used to browse the web, then it's | probably safe. Or if you like browse the web in a VM. I | still have to wonder if the patches for these kinds of | issues[1] get backported to Windows 7. | | As to the appeal for age, I think software ages seafood | in terms of security. Just because it's been deployed for | years doesn't mean that there aren't vulnerabilities | lurking in that code. Although I will concede that as | Windows 7 loses users, the payoff for finding a | vulnerability will decrease too. | | [1]: | https://www.sentinelone.com/labs/cve-2021-3438-16-years- | in-h... | spywaregorilla wrote: | Have all the insecurities been patched? There's pretty | much only downsides to unpatched, known vulnerabilities | vs. unknown vulnerabilities with the slight exception | that you'd be a little more justified assuming you're | safe when you're not. The likelihood of suffering a loss | is much higher. | jlokier wrote: | From the article, I'm under the impression Windows 11 is | horribly insecure now. | | Which security issues are worse? | | A built-in cloud command logger is quite bad if you don't | know it's there, and is a security risk even if you know. | | Some people occasionally enter things like private URLs, | tokens, UUIDs, pathnames and query value onto the command | line. Which is fine if they're the sort of thing that's ok | in your local, private command history. Not so much if it's | sent upstream. | kevin_thibedeau wrote: | The same problem exists on Linux when copying from browser to | LibreOfice. | fendy3002 wrote: | I usually gedit it first | bojan wrote: | I just use Notepad for that. | gruez wrote: | notepad pros: | | * doesn't send your text to the botnet | | * works with multiline text | | cons: | | * isn't 2 keys (win-R) away. I personally had to type win + N | + O + T + E + P until it showed up, then hit enter. | jfrunyon wrote: | Personally, I just type Win+R and then `no`, down, enter. | jenny91 wrote: | The mothership only got "notep" :/ | gnu8 wrote: | Not great because when they see how many people use | Notepad, they're going to replace it with a piece of shit | like they did with the snipping tool and Freecell. | contravariant wrote: | That con is why I've used Authotkey to bind notepad to | win-N. | hdjjhhvvhga wrote: | > * isn't 2 keys (win-R) away. | | Unless it's always on - an Alt-Tab away. I use Notepad++ | for that, it comes in handy with seemingly infinite undos | and autosave. | temac wrote: | > notepad pros: > * doesn't send your text to the botnet | | hm, yet? And are we even sure about that? Who expect that | what you type in the Run dialog being spied on and sent to | MS? Is this even documented anywhere? | | At this point I'm considering all MS softwares have become | mainly hardcore spyware, with maybe some secondary legacy | functions remaining (but in lots of cases being stripped | slowly, while getting more bloated at the same time). | userbinator wrote: | I've always used a Notepad, but now I wonder whether _that_ | also phones home in the newer versions of Windows... | wbkang wrote: | Isn't this the clipboard history? Did anyone verify this claim | independently? It's incredibly hard to believe they would upload | plain text for 'telemetry'. | aaron695 wrote: | Why can we not see what our computers are sending over the | internet? | | If you say Wireshark then you are the problem. | | It would need to be in something as easy as Task Manager. | | Ideally you could also just set a token string that if it _ever_ | gets sent over the internet you 'd get a immediate flag. Then | just shove it everywhere. And let the worlds users work it out. | | I assume it's a technical issue. | adamrezich wrote: | if they're gonna do this you'd think they'd have the courtesy to | spiffy up the ancient dialog a bit at least | marcodiego wrote: | Nice! Let's use it to tell them what we think about it! ___________________________________________________________________ (page generated 2021-09-20 23:01 UTC)