Do you know Windows spys on you?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

It's quite an emotive subject, and I'm sure that the 'does it/doesn't it' debate will continue for a while.

But of course, the intersting question is 'why?'

Now, if my PC tracks changes I make, that's fine by me. That way I can roll back a dodgy installation, undo a cocked-up document format or even use system restore to fix the mess that the latest security update has caused.

Or is it something that has been built in 'just in case'? Did the marketing people attend one of the development meetings and say 'well, this shaw looks purdy, but we all needin some kind of gizmo for tracking deemo-grafik usage, y'all'.

Or is it so that Bill can sit in his lair, type in his personal pin number (it's 1234, by the way) and find out what Gav's top score is in Doom.

Well, that is meant to be flippant, but the real point is that surely the evil nature of the intrusion is related to the intent with which is implemented.

The other thing to remember is that when Gary Glitter popped his computer into PC World it didn't matter if his OS had been secretly tracking his moves, they just had to open 'My Pictures'. And that's the real point at the end of the day...

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Bluerinse,

I can only speak to what I know about Debian. There are databases that track where files are stored and what software is installed, but these are legitimate functions. dpkg and apt use the installed software database to help keep track of dependency issues. The file database is used by utilities such as "locate" to help users find files, and to help the system keep track of itself as everything in Linux is a file.

"locate" can find files extremely fast. I can run a search for *.pdf, or any other file extension, and "locate" will return all files with that extension in a second or two.

As an aside on the file database in Linux. This is something that most people should probably take a look at. In Debian there is a cron job scheduled to update this database early every morning when many people have their computers turned off. I never shut my lab computers down so this isn't an issue at home, but at work I was using "locate" to find files and it wasn't reporting files I knew to be on the hard drive so I got to doing some looking around. There is an "updatedb" command that updates the database so I ran it and all my recent files turned up when running "locate". So, I changed the timing on the cron job and it solved the problem.... (I'm running Sid, the development release, so I think somethings probably broken as the job should run at boot, or soon thereafter, if the computer is shut down during the scheduled time.)

I don't believe there is any other tracking done by the OS itself. If there were you could bet the screams of outrage by the security and privacy conscious Linux community would be heard loud and long.... There are simply too many eyes looking at the code for someone to slip user tracking in and no one notice.

Debian does have a program you can install called popularity contest IIRC that reports software usage to the Debian developers so they can make decisions as to what to keep in the distro and what to deprecate, but it is not a default install. It is something you have to voluntarily choose to do.

 

Well, this is one reason I asked in my second post on this thread if someone could find an innocuous reason for the system to have an encrypted file that tracks every url and every application ever opened and time stamps them.

Tracking file creation, modification, and last access time have legitimate reasons for existing. Tracking software installation is a legitimate function. Tracking every time a user ever opens an application or visits a url, and then keeping that information forever, is a horse of another color. I can see no legitimate reason for it. If the tracking is truly innocuous why isn't this data made easily available to the user? Why isn't there a way for a user to easily access this data? Why encrypt it?

Inquiring minds want to know....

 

lmao!!! the userassist registry key? that's your big revelation?

let me ask you a question. i'm sure you are aware of the windows option "personalized menus". it's that thing in the operating system, as well as in several applications, that after a while starts to hide certain unused links, shortcuts, documents, and what not. well now, do you know how windows knows which of these you don't use often?

good job, freddy. you have just exposed a windows feature.

 

I've now had a moment to skim through the URLs that freddy posted.

IMHO none of these are as black as might be supposed, and all have ways to be dealt with.

The second URL, with it's very long thread seems to me to be the standard result of an OS quirk - and nobody on that thread (I admit I haven't read to the end yet) seems to have noticed. Note that this quirk is in most OSes, unless you take steps to deal with it. Basicaly it is this: What happens when you delete a file?

Most of us are aware that the file can be recovered if you do this quickly enough. When you delete the sectors that comprise the file are released back to the OS, but are otherwise unchanged. If another app requests them but fails to write to them then the original data will still be there, but possibly garbled as the sector order might be different.

Win2k and XP are supposed to deal with this problem (I believe - but am willing to be corrected) by having a process where sectors are zeroed out before being passed to the app requesting them.

But consider OE and IE, which is what that thread seems to be about. Those two are effectively the same app, so does this zeroing work for it? I've looked in my .dbx files and see nothing that I wouldn't expect there. But I've only used OE as an experiment recently for a cert, and I rarely use IE.

I'd be interested in others thoughts on this.

And I'm not panicing yet!

Harry.