• Microsoft's legal ambiguity is to cover their butt from regular consumer lawsuits, I don't think its malicious.
• As far as real NSA spying goes, we already know Microsoft pretty much sends NSA everything the NSA asks for, even without EULAs.

Wouldn't it make sense to connect those two dots? NSA forces MS to become an international snitch, so they add such a clause into their EULA in case anyone challenges them on it?

I'm certainly not concerned about Microsoft's private security forces storming my house and taking me off to a black site...

First they came...
The only thing necessary for the triumph of evil is for good men to do nothing.

That's not my point (as I'm fairly sure you are aware).

Yes, people are being dragged off to blacksites. But it's not Microsoft's jackboots doing the dragging.

How about instead of getting our knickers in a twist over the vague wording of a EULA (and honestly, have you ever read a EULA that *wasn't* vaguely worded?), we focus on the groups that we know to be doing evil things with our data? I'd sure like to see a concerted effort to unseat the politicians who sanctioned the NSA, CIA, etc. to spy on their own citizens. Or to stop the current attempt to hand out IP rights over to the corporate tribunals of the Trans-Pacific Partnership.

There are enough *actual* bogeymen in the room, without inventing new ones.

How about instead of getting our knickers in a twist over the vague wording of a EULA (and honestly, have you ever read a EULA that *wasn't* vaguely worded?), we focus on the groups that we know to be doing evil things with our data? There are enough *actual* bogeymen in the room, without inventing new ones.

What's the difference? MS has been dragged into the NSA and is now a part of it. We know they've been recruited by the boogeymen to use their powers for nefarious purposes.

If you want to stand up against the boogeyman and say that this state of affairs is not acceptable, then you'd start by not inviting them into your home. We know that MS is working for them as a malware delivery agent. So if we don't agree with the existence of this new "Stasi 2.0" then we should refuse to participate in it -- which is a choice that we do actually have.

Wouldn't it make sense to connect those two dots? NSA forces MS to become an international snitch, so they add such a clause into their EULA in case anyone challenges them on it?

Microsoft has been working with the CIA since at least the mid-90s.
We've been partially aware of that CIA partnership since the early 2000's.
We've been fully aware of how far it goes (with the NSA) since the Snowden leaks two years ago.

Microsoft's EULA is not indicative of any new nefarious CIA or NSA partnership. It's possible they are covering their butts of the existing and ongoing NSA partnerships which have been in place since at least Vista onward, and partially in-place since Win98 or earlier.

More likely, Microsoft's EULA is covering their consumer-focused butts for Microsoft's consumer-focused business strategy. It's possible (and likely) that they are stepping up their invasions-of-privacy with Win10, but from what we've seen so far, Microsoft's "increase" still puts them behind Facebook's and Apple's and Google's race to the bottom. Heck, all three of them five years ago was invading privacy worse that Microsoft is with Win10 (at least from what I see).

This is not to say we should embrace Microsoft's "spying" with open arms, but just to take a step back and look at the entire playing field, and temper the drama with some additional thought. We should complain, we should talk about, we should create negative PR for Microsoft. But when discussing it intelligently with each other, we should remind ourselves that - from what we know - Microsoft is the tamest of the junkyard dogs when it comes to exploiting and invading our privacy, and - from what we don't know, and extrapolating off of our guesses - Microsoft still comes out smelling better than most.

I was worried about Win10 at first, so I did some research before installing, and now I'm mostly satisfied, though there's still some doubts.

Microsoft has a bunch of flaws. Microsoft has done many malicious and questionable things. But from what glimpses we've seen of the company behind the curtain, Microsoft repeatedly fails to exploit their consumers in any ways except heavy-handed clumsy ones. As far as heartless business strategies go, Microsoft still has a lot to learn from Google/Apple/Facebook. They are behind the times and trying to play catch-up; though they are getting up to speed pretty quickly.

Leastwise, that's my perspective from bits and pieces of information over the years. It's not that I trust Microsoft's morals, it's that I trust they'll track record of unfocused strategies and corporate in-fighting, as well as everyone and their mother keeping their eyes on Microsoft. This "trust" is, I know the Microsoft dog is on a chain, or at least looks like it is, so I better keep my good eye on Google so I don't get attacked from behind (since I don't really use Facebook or Apple products/services).

Unless Microsoft's ham-fisted actions and clumsiness over the past twenty years has been some elaborate ploy (including the parts where their clumsiness costs them multiple billions of dollars), then I feel Microsoft as a corporation lacks the finesse to pull of some real subtle secret behind-the-scenes attack against consumers, without us hearing it shouted from the rooftops. That said, I have real respect and admiration for Microsoft's engineers. It's the company's bureaucracy that restrains it - something that Google and Apple don't have restraining them.

Microsoft itself is my greatest protection from Microsoft.
The public's (the intelligent subset of it) awareness and loathing towards Microsoft is another not-to-be-underestimated guardian.
The Federal government's anti-trust and oversight eyes on Microsoft are a third lesser-protection.

They don't. If you can get past the rampant paranoia you'd see that they send "your keystrokes" to their server to perform interactive searches from the start menu. Google also do this.

Again, the difference is that Google only does that when you type something in the search field on their website (and they can't even do that if you have scripting disabled). Google does not control your computer. Microsoft does, and they do send those keystrokes out even when you are not explicitly entering them somewhere which clearly communicates "this is going online" via its interface.
By default, it even does that when you search for local files on your computer. Yes, you can presently turn this "feature" off... for now. But you cannot remove the functionality. The code is in place, it is loaded and ready to send at any time, you cannot disable or remove it, and Microsoft or some haphazard malware may re-enable it at any time. Microsoft is also demonstrably monitoring which programs you launch.

There is no doubt that MS is collecting program usage statistics, it's undeniable. Every program you run, they know. Since it's a "feature" of the start screen to give app recommendations based on that, it's hardly possible without collecting that data, too (though they could store it locally only).

They send "your files" to their servers in the form of metrics, statistics, and analytics. To send more would be illegal regardless of eula, a contract cannot ever violate local law.

Their EULA and privacy statement explicitly said, and still says, that they may and will do so. It has been reworded since the first release to sound a lot less threatening when you quickly read over it, but if you carefully read you will notice that it is basically still the same.

Yes, the text now contains references to OneDrive and Outlook in one place, and in another place -- there are several independent ones, three or four -- it states "when you use online services" (which sounds like all concerns were just paranoia) but it also says that Windows no longer is a local operating system but is working as online cloud-based system. In other words, they're saying "only under these conditions... which is incidentially exactly how Windows works".

The words "with your consent" appear all over. That sounds good, because after all if you consent, there's nothing wrong with it! But following "with your consent" there is always an "or if we deem it neccessary" or "if it's in Microsoft interest" in the small print.

Regardless of what the EULA/PS state what they may do or might do, or what you or me or anyone else might read into it, they demonstrably send crash reports which include memory snapshots, and make it obscure, hard, or impossible to turn this feature off (depending on which version you have).
They do that now. Not maybe, or possibly, but now. Yes, Windows XP did that already, but you could permanently disable it rather trivially.

Not to mention the EU would make mincemeat of Microsoft's European arms if they ever tried such a thing as here in Europe we have proper data privacy laws that value the customer not the company...

In theory, but not in practice. In reality, you get very little out of those nice petty laws. In 2013, the GEZ and their accomplices the registry offices committed a documented 65 million breaches of privacy in Germany. You'd think someone would have to face consequences, but no. The data security assignee looked at it, and shrugged. It's not even considered "wrong", and they're still doing it.

Also, the expectance clauses TTIP will do away with consumer rights int the EU anyway. Basically, according to TTIP, if an US company does business in the EU and things don't go as they like because the law gets in their way, they are able to sue the country for compensation. It's hard to believe not only that the commissioners would agree to such a thing or that they even continue negotiations after that (seeing how you cannot possibly be serious if you have claims like this). But of course they're all corrupt.
The agreement is not signed yet, nor ratified, but that is only a matter of time -- so don't rely too much on a "proper law" being in place.

if you are going to get paranoid about "How someone might use data in the future", well there is another paranoid theory for you: You refuse to use services that collect data to be added into 'the net', and you skillfully work around the system such that there is next to no data entry on you. Suddenly you find that the banks don't want to deal with you, no one wants to hire you, and then men in vans with cameras and telephoto lenses start following you around... Why? Because you're now outside the system, there is no data on you, and you've clearly gone out of your way to hide some kind of activity... So you're probable some kind of criminal and no one wants to deal with your kind...

Unluckily, that is not at all paranoid. It's not even unlikely. Which is another good reason why it's even more important to reduce the amount of data that is generated.

In some places, people already give you a strange look when you pay cash. Because you know, only criminals and terrorists pay cash. I heard (though I'm inclined to believe it was a hoax since it's just too absurd, even for Sweden...) that in Sweden you risk being arrested by the police when you pay cash.

I'm not even going to mention how being on LinkedIn is as important for finding a job as having diploma and work experience... and if you don't use Facebook, you must certainly be either and oddball or a terrorist.

I heard (though I'm inclined to believe it was a hoax since it's just too absurd, even for Sweden...) that in Sweden you risk being arrested by the police when you pay cash.

I wouldn't doubt it.

http://www.thelocal.se/20070813/8168

'm not even going to mention how being on LinkedIn is as important for finding a job as having diploma and work experience... and if you don't use Facebook, you must certainly be either and oddball or a terrorist.

I've purposefully avoided all social media, and have 0 searchable footprint, and it's never been an issue for me.

'm not even going to mention how being on LinkedIn is as important for finding a job as having diploma and work experience... and if you don't use Facebook, you must certainly be either and oddball or a terrorist.

I've purposefully avoided all social media, and have 0 searchable footprint, and it's never been an issue for me.

Eh, linkedin depends on the industry. Almost everyone in gamedev is on there (along with all the recruiters you want to know), but in other industries it has no penetration at all. FB can also backfire when jobhunting if you have embarrassing things set to public

As for zero searchable footprint, do you live in Georgia, conq, and work in the public service? (c'mon 1 in 50 chance...)

I heard (though I'm inclined to believe it was a hoax since it's just too absurd, even for Sweden...) that in Sweden you risk being arrested by the police when you pay cash.

A few years ago a friend was detained for 12 hours by homeland security (thus missing his flight), when he attempted to purchase an airline ticket in cash for the same day. He paid cash because his employer pays him cash, and the flight for the same day was to reach a funeral (which he also missed). Apparently only terrorists buy tickets in cash the same day - which is beyond nonsensical, since most successful terror attacks appear to be carefully planned well in advance.

Living with no digital footprint in this day and age is increasingly complicated, and I'd say nigh-on impossible for someone working in tech.

As far as corporations who do evil, I'm actually inclined to give Apple credit for their stance on spying. It's always hard to judge how sincere such a stance really is, but they've stayed resolutely on-message since the Snowden leaks began.

if you are going to get paranoid about "How someone might use data in the future", well there is another paranoid theory for you: You refuse to use services that collect data to be added into 'the net', and you skillfully work around the system such that there is next to no data entry on you. Suddenly you find that the banks don't want to deal with you, no one wants to hire you, and then men in vans with cameras and telephoto lenses start following you around... Why? Because you're now outside the system, there is no data on you, and you've clearly gone out of your way to hide some kind of activity... So you're probable some kind of criminal and no one wants to deal with your kind...

Unluckily, that is not at all paranoid. It's not even unlikely. Which is another good reason why it's even more important to reduce the amount of data that is generated.

In some places, people already give you a strange look when you pay cash. Because you know, only criminals and terrorists pay cash. I heard (though I'm inclined to believe it was a hoax since it's just too absurd, even for Sweden...) that in Sweden you risk being arrested by the police when you pay cash.

I'm not even going to mention how being on LinkedIn is as important for finding a job as having diploma and work experience... and if you don't use Facebook, you must certainly be either and oddball or a terrorist.

Actually I do agree that the "Lack of Data" isn't at all paranoid, and mostly phrased that for a dramatic effect. Have you tried getting a sizeable bank loan with no credit history? Not a bad credit score, but going into a bank to ask to borrow a sizeable amount of money when you have no banking history and nothing comes up on a credit report? You could be making more than enough to meet all your repayment obligations, but they're going to reject your application in the vast majority of cases if there is no credit history even if they would have accepted someone with relatively poor history.

Poor credit history is obviously better than bad credit history, but seems far too many people are surprised to find out that it is also generally vastly superior to having no history at all. You can't do risk management when you have no data to work with after all.