[HN Gopher] Text entered into Windows' Run dialogue gets sent to...
___________________________________________________________________
Text entered into Windows' Run dialogue gets sent to Microsoft's
telemetry
Author : NKosmatos
Score : 128 points
Date : 2021-09-20 20:20 UTC (2 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| musicale wrote:
| Helpful for passwords and other information you might want to
| share.
| p1necone wrote:
| So, what's everyone's favorite desktop/workstation Linux distro
| as of 2021?
|
| Edit: Anyone tried using NixOS as a desktop OS? I like the idea
| of scripting my setup.
| messo wrote:
| I'm a long time arch user, but recently installed the latest
| Fedora on an old lenovo x220 an was impress by how polished it
| is and how fast it runs! Flatpaks makes it super easy to
| install the latest version of both free and non-free software,
| which always was a pain to acomplish on Fedora a couple of
| years ago.
|
| Fedora may be the best options for new linux users who do not
| want to customize everything, but just wants a clean, fast and
| polished "works-out-of-the-box" experience.
|
| I'll keep my higly cusomized arch (sway) install for my
| programming needs for now, but will probably choose Fedora for
| my "personal" laptop where I do some light video and photo
| editing.
| amanzi wrote:
| Four replies so far, all different. I'll add a fifth: Pop_OS!
|
| Edit - now 9 replies, all different. Great to see so much
| choice!
| boardwaalk wrote:
| I'm using ArchLinux with MATE. It pretty much got out of my way
| and I don't even think about it...
| trelane wrote:
| Pop has been pretty good on my gaming PC (is a Thelio, so
| probably not coincidence. :)
|
| Really depends on what you want. (I run Gentoo otherwise, but
| that's probably not everyone's preference. ;)
| Shadonototra wrote:
| manjaro with XFCE +
| https://github.com/davekeogh/xfce4-docklike-plugin (check the
| original repo for the screenshots)
| vorpalhex wrote:
| I've been using ElementaryOS, coming from MacOS. Have to
| install a package to be able to tweak it and replaced the file
| manager with nautilus, otherwise fine.
| mistrial9 wrote:
| LUbuntu currently
| outworlder wrote:
| > Anyone tried using NixOS as a desktop OS?
|
| Yes! Works great actually.
|
| Even running Windows-based games on Steam with Proton. All my
| hardware worked out of the box(including my Wifi6 module) -
| only tweaking I had to do was for Vulkan with my GPU. Even
| then, not that difficult and instructions are in their wiki.
|
| I have little reason to run Windows now. Only software I really
| miss is Fusion 360.
| mappu wrote:
| Debian with KDE
|
| It's a major distro with excellent security support, it's
| completely non-commercial, and KDE has a traditional GUI layout
| with all the optional trimmings (snap to window edges,
| thumbnail previews in taskbar etc)
| iceychris wrote:
| I'm using NixOS with i3 as my daily driver, can recommend.
| hpoe wrote:
| Ubuntu with i3.
| LeoPanthera wrote:
| I love how many different answers there are to this.
|
| I run openSUSE (with KDE) pretty much for one reason - the
| repos available are completely comprehensive. They have
| everything I ever need in them, even some pretty obscure stuff,
| and because it's a rolling distro everything is up to date.
|
| The amazing YaST graphical configuration tool is a nice bonus.
| brian-armstrong wrote:
| Mint with XFCE is quite nice
| mithusingh32 wrote:
| Regolith-linux
|
| It's a ubuntu based with a i3 desktop manager but with newer
| perfect configurations out of the box.
| smoldesu wrote:
| +1 for this, _particularly_ if you 've never tried i3 but
| still want to know what the workflow feels like. I run
| Regolith on my homelab and it works like a charm!
| AA-BA-94-2A-56 wrote:
| Another mail in the coffin. Why should I use Windows, when Linux
| is catching up and not using these horrific anti-patterns?
| hypothesis wrote:
| What's interesting is the fact that telemetry is a feature at
| this point (how old is Windows 10?) and you can't win a fight
| against a core OS feature. Why are people still trying to fight
| this?
| blibble wrote:
| I like Windows 10
|
| it having un-disablable telemetry and mandatory updates finally
| made me switch to Linux everywhere
|
| otherwise it's no longer My Computer... it's Satya's
| trangus_1985 wrote:
| You've always been able to turn it off with group policy and
| disabling the reporting service. It still bugs me, on
| principle, that you can't easily disable it even on the Pro
| edition.
| hypothesis wrote:
| That's like trying to disable all those similar things in
| Firefox. But you can't really, not unless you stop updating
| it, because you'll miss something at some point. And that's
| not even an 'evil corp' we're talking here.
| trangus_1985 wrote:
| I've had it disabled for years, without it reporting home.
| So far, Microsoft seems to respect group policy and
| disabled services on Pro edition.
| gruez wrote:
| >So far, Microsoft seems to respect group policy on Pro
| edition
|
| the group policy description explicitly says it does not
| respect it unless you're using enterprise or education.
|
| > [...]
|
| >If you enable this setting, you can decide what level of
| diagnostic data to send to Microsoft, including:
|
| >- 0 (Security). Sends only a minimal amount of data to
| Microsoft, required to help keep Windows secure. Windows
| security components, such as the Malicious Software
| Removal Tool (MSRT) and Windows Defender may send data to
| Microsoft at this level, if enabled. Setting a value of 0
| applies to devices running Enterprise, Education, IoT, or
| Windows Server editions only. Setting a value of 0 for
| other editions is equivalent to setting a value of 1.
|
| >- 1 (Basic). Sends the same data as a value of 0, plus a
| very limited amount of diagnostic data, such as basic
| device info, quality-related data, and app compatibility
| info. Note that setting values of 0 or 1 will degrade
| certain experiences on the device.
|
| > [...]
|
| Disabling the relevant service might stop it regardless,
| but it's definitely not the group policy.
| hammyhavoc wrote:
| Because a lot of people are forced to use Windows 10 and for
| whatever reason cannot use a Linux distro even with Looking
| Glass?
| hypothesis wrote:
| Are we talking about 'at work' scenario? Which is probably
| fine, because that's a business decision.
|
| It would be prudent not to use company equipment for anything
| personal anyway.
| jimbob45 wrote:
| Interestingly, the people least likely to disable Windows
| telemetry are the people MS is most likely to want to hear from
| because they're the least capable of solving their own issues in
| Windows and thus represent the most pressing needs for
| development to fix.
| gentleman11 wrote:
| How did the pr people ever spin it so that we call "keyloggers"
| and "spyware" simple "telemetry" now? Let's call it what it is
| moksly wrote:
| I'm wonder how it remains legal in the EU. Legislation really
| needs to step up on these things.
|
| It's an American company that's keeping taps on something like
| 600 million European citizens. I don't care what sort of
| "license agreement" it comes with, that's just not ok.
| tgsovlerkhgsel wrote:
| Legislation exists, enforcement is what's missing.
| inyorgroove wrote:
| There are tools for this, don't go alone (block telemetry via
| hosts file): https://github.com/builtbybel/privatezilla
| inyorgroove wrote:
| Also, I block MS telemetry hosts on my router's dns server:
| https://github.com/crazy-max/WindowsSpyBlocker/blob/master/d...
| air7 wrote:
| One of the relies makes sense to me: it's because the win10
| search bar is also a web search and this is intended
| functionality, normal for search bars. they send a new request
| every time you type a character i assume for predictive search
| and fast results. you can also see this in bing for sure.
| JacobLinney wrote:
| search bar != run dialogue
| NobodyNada wrote:
| This isn't the search bar though, it's the "run" window
| (Win+R), which has no search functionality and is more-or-less
| equivalent to typing a command in Command Prompt.
| anigbrowl wrote:
| It has search functionality. I slightly mistyped something
| the other day and was mystified to see the correct answer in
| a mini browser window while Windows itself was failing to
| match it up with the software I had installed and run every
| day. You can also just start typing search queries and it
| will try to launch MS Edge as soon as you hit enter.
| bob1029 wrote:
| Edit: Deleted my original posting. Getting some pretty hostile
| vibes on basic attempts to contribute to this thread.
| jaywalk wrote:
| What does that have to do with the Run dialog?
| [deleted]
| 1970-01-01 wrote:
| Microsoft is somewhat transparent about it:
|
| Inking, typing, and speech utterance data
|
| This type of Optional diagnostic data includes details about the
| voice, inking, and typing input features on the device.
|
| Samples of the content you type, write, or dictate on the device.
| Details about status of transcribing input into text
|
| https://privacy.microsoft.com/en-us/data-collection-Windows
| thesuperbigfrog wrote:
| "Who controls your computer? Is it you?"
|
| "Either the user controls the software, or the software controls
| the users":
|
| https://youtu.be/Ag1AKIl_2GM?t=57
| newsbinator wrote:
| This is actually a huge deal because if others are anything like
| me, I paste into the run dialog to strip text formatting, before
| copying it elsewhere.
|
| Haven't used Windows in a decade so not sure if there's a better
| way now.
| chinathrow wrote:
| Ctrl-Shift-v in many applications e.g. Word.
| Mesmoria wrote:
| In many places, but not word (sadly).
| banana_giraffe wrote:
| No built in better way I know of, but I have
| ; Type in the clipboard ^!v:: MyClip =
| %clipboard% StringReplace, MyClip, MyClip, `r, , All
| SendRaw %MyClip% return
|
| in my AutoHotkey script for a long time now to let me hit Ctrl-
| Alt-V and have it type in the text of whatever's in the
| clipboard. (Type instead of paste to get around random
| situations where the clipboard won't do what I want)
| farkanoid wrote:
| It makes me happy that others do this too, I make use of pretty
| much any plaintext field in proximity to strip formatting
| NKosmatos wrote:
| I use the address bar of the browser to quickly strip
| formatting :-)
| strombofulous wrote:
| FYI, chrome/edge have similar behavior in their omnibox.
|
| If you ever find the time, open up fiddler and keep it
| visible on a second monitor while you browse. You'll be
| amazed by how much data is sent back to microsoft/Google.
|
| I'm not sure if other chromium browsers also do this, I know
| ungoogled chromium doesn't.
| thrashh wrote:
| Shouldn't be surprising if autocomplete results appear
| immediately after typing in the box.
|
| They didn't magically appear from thin air for sure.
| im3w1l wrote:
| At least the address bar lets you know it gets uploaded by
| displaying search autocompletes
| m463 wrote:
| "Haven't used Windows in a decade so not sure if there's a
| better way now."
|
| no, not running windows in a decade is still the better way.
|
| only sort of joking. I run windows 7 and haven't upgraded.
| eptcyka wrote:
| Windows 7 is horribly insecure now. Please reconsider.
| gruez wrote:
| Normally yes, but you can pirate the extended support
| updates, which last until 2023.
| userbinator wrote:
| FUD. MS gathers more information about you than ever.
| eptcyka wrote:
| Both of those statements can be true.
| userbinator wrote:
| It's downright fearmongering --- classic MS-style --- to
| say something is "horribly insecure" when it has has been
| around for over a decade and all the major bugs have
| already been found.
|
| Nevermind the fact that everyone is almost always behind
| a NAT and are basically unreachable for attackers to
| exploit remotely.
|
| If anything, the _newer_ versions of Windows are
| "horribly inescure" because they contain so many "unknown
| unknowns". But that wouldn't fit the narrative MS wants
| to propagate...
| jfrunyon wrote:
| > and all the major bugs have already been found
|
| Excuse me while I die of laughter.
|
| People are still finding bugs which existed in _XP_.
| Which was supported for 12 years and was released 20
| years ago.
|
| 7 was supported for 11 years and was released 12 years
| ago.
|
| > Nevermind the fact that everyone is almost always
| behind a NAT and are basically unreachable for attackers
| to exploit remotely.
|
| Sure, except that the vast majority of malware doesn't
| come from a remote attack.
| kube-system wrote:
| Plenty of new CVEs are in code that has been around for
| decades. For an example recently in the news:
| https://msrc.microsoft.com/update-
| guide/vulnerability/CVE-20...
| gruez wrote:
| > It's downright fearmongering --- classic MS-style ---
| to say something is "horribly insecure" when it has has
| been around for over a decade and all the major bugs have
| already been found.
|
| Have they? We just had printernightmare (CVE-2021-34527)
| a few months ago. In certain configurations you can even
| get RCE.
| eptcyka wrote:
| I wouldn't use an Android phone for anything safety
| critical if it was more than 6 months behind the latest
| security patches. Why would it be any different for
| Windows?
|
| Of course, we can play the asterisk game and expressly
| state that if the machine is not connected to the
| internet and not used to browse the web, then it's
| probably safe. Or if you like browse the web in a VM. I
| still have to wonder if the patches for these kinds of
| issues[1] get backported to Windows 7.
|
| As to the appeal for age, I think software ages seafood
| in terms of security. Just because it's been deployed for
| years doesn't mean that there aren't vulnerabilities
| lurking in that code. Although I will concede that as
| Windows 7 loses users, the payoff for finding a
| vulnerability will decrease too.
|
| [1]:
| https://www.sentinelone.com/labs/cve-2021-3438-16-years-
| in-h...
| spywaregorilla wrote:
| Have all the insecurities been patched? There's pretty
| much only downsides to unpatched, known vulnerabilities
| vs. unknown vulnerabilities with the slight exception
| that you'd be a little more justified assuming you're
| safe when you're not. The likelihood of suffering a loss
| is much higher.
| jlokier wrote:
| From the article, I'm under the impression Windows 11 is
| horribly insecure now.
|
| Which security issues are worse?
|
| A built-in cloud command logger is quite bad if you don't
| know it's there, and is a security risk even if you know.
|
| Some people occasionally enter things like private URLs,
| tokens, UUIDs, pathnames and query value onto the command
| line. Which is fine if they're the sort of thing that's ok
| in your local, private command history. Not so much if it's
| sent upstream.
| kevin_thibedeau wrote:
| The same problem exists on Linux when copying from browser to
| LibreOfice.
| fendy3002 wrote:
| I usually gedit it first
| bojan wrote:
| I just use Notepad for that.
| gruez wrote:
| notepad pros:
|
| * doesn't send your text to the botnet
|
| * works with multiline text
|
| cons:
|
| * isn't 2 keys (win-R) away. I personally had to type win + N
| + O + T + E + P until it showed up, then hit enter.
| jfrunyon wrote:
| Personally, I just type Win+R and then `no`, down, enter.
| jenny91 wrote:
| The mothership only got "notep" :/
| gnu8 wrote:
| Not great because when they see how many people use
| Notepad, they're going to replace it with a piece of shit
| like they did with the snipping tool and Freecell.
| contravariant wrote:
| That con is why I've used Authotkey to bind notepad to
| win-N.
| hdjjhhvvhga wrote:
| > * isn't 2 keys (win-R) away.
|
| Unless it's always on - an Alt-Tab away. I use Notepad++
| for that, it comes in handy with seemingly infinite undos
| and autosave.
| temac wrote:
| > notepad pros: > * doesn't send your text to the botnet
|
| hm, yet? And are we even sure about that? Who expect that
| what you type in the Run dialog being spied on and sent to
| MS? Is this even documented anywhere?
|
| At this point I'm considering all MS softwares have become
| mainly hardcore spyware, with maybe some secondary legacy
| functions remaining (but in lots of cases being stripped
| slowly, while getting more bloated at the same time).
| userbinator wrote:
| I've always used a Notepad, but now I wonder whether _that_
| also phones home in the newer versions of Windows...
| wbkang wrote:
| Isn't this the clipboard history? Did anyone verify this claim
| independently? It's incredibly hard to believe they would upload
| plain text for 'telemetry'.
| aaron695 wrote:
| Why can we not see what our computers are sending over the
| internet?
|
| If you say Wireshark then you are the problem.
|
| It would need to be in something as easy as Task Manager.
|
| Ideally you could also just set a token string that if it _ever_
| gets sent over the internet you 'd get a immediate flag. Then
| just shove it everywhere. And let the worlds users work it out.
|
| I assume it's a technical issue.
| adamrezich wrote:
| if they're gonna do this you'd think they'd have the courtesy to
| spiffy up the ancient dialog a bit at least
| marcodiego wrote:
| Nice! Let's use it to tell them what we think about it!
___________________________________________________________________
(page generated 2021-09-20 23:01 UTC)