Windows 10 Express Spying Settings

The default privacy settings for Windows 10 anger me. Hiding the fact that you will be collecting everything a user types, says, or searches for on the Internet behind a big, obvious “Express Settings” button (which most users are likely to click during the setup process) and providing only a tiny text link to “Customize” these very important choices is just sneaky and wrong. Providing a way to turn all this tracking off is great, but such overt trickery makes me wonder if switching these settings to off really does anything at all. Some users might be happy to hear that Windows 10 offers bitlocker disk encryption, but at least in the Home version your private key gets uploaded to a Microsoft server which pretty much makes using it a non-starter for me.

windows10_setup

If you’re one of the folks who need to use this operating system, you can find out what privacy settings Microsoft makes available to you by reviewing the stories linked below but understand that with every update these options may (and likely will) change. There is no guarantee that any of these settings will actually do what you might expect them to do because with any closed source, proprietary software there is no way for a third party to audit the code directly. All that a concerned person can do is poke around with network tools and infer.

The Apple upgrade mill rings the juice out of me

A recent job reminded me of why I no longer buy Apple products. The client calls to say they just got a new iPhone and are having problems getting a custom ringtone onto it. OK, sounds simple so I run over on lunch. Client had gone to a local AT&T store when their old phone gave up the ghost. AT&T store guy asks client for the password for their Apple iCloud account so they can set up the new phone. Client doesn’t remember it, OK, no problem – they ask for the client’s email password so they can reset the iCloud account and get into it to set it up. Client doesn’t remember it since I had set it up a long time ago and its saved on the phone and MacBook at home. Note: client has all the passwords written down but didn’t realize they would need that info and so didn’t bring it. AT&T store guy resets both account passwords, sets up the phone and the email account on the iPhone with the new passwords. Client hadn’t yet realized that all other devices tied to his account no longer worked since the new passwords had only been set up on the new iPhone.

Figuring this out upon my arrival I proceed to explain that we really need to reset these passwords again to something we control. The passwords chosen by the AT&T store were obviously default passwords they use for all clients they set up and so, are fairly insecure. Also, the client doesn’t want to run the risk of having the phone hacked into by someone connected to the store someday, right? It wasn’t as easy as I hoped given that iCloud forces you to use security questions and AT&T guy had changed them and not told the client? Selecting appropriate security answers and passwords and getting them all written down on the (previously forgotten) sheet of paper for the client as well as setting them on all the client’s devices took most of “lunch”.

Now, on an android device there are lots of ways to get a custom ringtone (or any file) onto the phone. Plugging an android phone into a computer you can usually just copy the file over to it (if your computer and android device are set up properly for this) or you could just email yourself the file and save it to the android device from the email. Apple on the other hand wants to ensure that any and all media files are passed through their “DRM managment system” (iTunes) to ensure that you didn’t steal that file you created yourself which pleases their Corporate Media Partners.

I had originally gone over to this client expressly to set up a ringtone so I plugged the iPhone into the client’s MacBook and fired up iTunes only to be greeted by an error message: “This iPhone cannot be used because it requires a newer version of iTunes” OK, so not a big deal – I downloaded the latest version of iTunes and went to install it but was met with a second error message because the new version of iTunes required a newer version of OSX than was already on the MacBook. At this point I realized I couldn’t finish the job right away, and made arrangements to come back later that evening..

The client purchased his MacBook in 2013 with OSX 10.8 and has been very happy with it. Certain third party software on the Mac required that version and since upgrading to a new version of an OS is sort of a drastic measure to take when everything is working fine, he/we opted to stay at 10.8 over the last couple years even though newer versions had come out. The new phone forced the issue, and I started the upgrade. Even though the update was free, when you are using an existing Apple ID, Apple requires you to enter a credit card for the Apple store to work even for a free download. This is horrible thing, and its reason enough for me to never use Apple again but thats the way it works. Supposely you can get around it by creating another Apple ID at the time of purchase and selecting None as the payment method, but what a hassle – we opted to just put in a card.

…and, it didn’t work. Thats right, for whatever reason a corporate AMEX didn’t work and we tried it several times. We ended up using a personal VISA card to complete the “free” purchase of an OS upgrade. Speaking as a Linux user, the idea of paying for an OS upgrade at all is sort of anethema, but to be forced to fork up a credit card number over the internet for a FREE upgrade is just plain ridiculous. The download took about an hour, and the actual upgrade somewhat less and it went fairly smoothly. After a reboot I only had one issue with keychain errors which kept popping up on the screen about it and I couldn’t close them all. It was disheartening and annoying until I found that all I had to do was delete a folder (the one named with a long series of digits) from ~/Library/Keychains and reboot.

Once OSX was upgraded on the MacBook and running, I could finally install the latest iTunes (thankfully a painless process), connect the iPhone (again thankfully the cable wasn’t some new proprietary connector the MacBook didn’t have), drag the ringtone over to the phone in iTunes… Whoops! iTunes recognized there was an important OS update for the (brand new) iPhone! Downloading that took some more time, and then applying that update took some more and restarting the iPhone and then I could finally attempt to copy one single goddamn file to the fucking iPhone once again.

As hinted at earlier, the OS update broke a vital piece of software which was purchased for and ran well under OSX 10.8 but would not run under OSX 10.12 at all. This required the purchase, download and install of a newer version of this large software. Not a fault of Apple, but this software’s authentication process was a bit arcane and took over an hour to complete properly. This software tested, the client wanted to print out a sample of a test document we created with the software …and the printer would no longer function. Luckily, Apple’s print dialog was smart enough to recognize that it needed new drivers and provided a helpful button to update the driver. It didn’t even require a reboot and started printing immediately after the driver was updated. Thank heavens for small favors.

While I’m not personally interested in being on the Apple upgrade mill, I do really appreciate the rest of you that are.

[update 161121]

In response to the very good point about this situation largely being brought upon the user by not keeping up with updates to the OS over time on G+, I feel I should add the following here:

In this case, the user is not particularly computer savvy, wouldn’t do updates on their own and would not pay for this kind of basic maintenance to be performed by yours truly. That said, the expensive third party software would have had to have been re-bought several times over by this time. I also find it interesting, actually, that just as every business person is now expected to be able to do all those things secretaries used to do now all computer users are expected to be their own IT staff. Generally I find most folks are doing those additional tasks about as well as you might expect. Very few can type as fast or as accurately as my grandmother did, and most folks can’t stand doing updates and dealing with the inevitable fallout thereof. As you pointed out, when otherwise brilliant people are not concerned enough about those things that IT folk care so much about they are indeed “sternly chastised” about it.

Windows 7 updates stuck

If you have older machines that are running Windows 7 you may have run into an issue where Windows Update gets stuck at the Preparing to install screen (seemingly forever). I’ve been able to get past this issue just by stopping the Windows update service, then applying the “July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1” (see KB 3172605 below) though its possible thats because I already have applied a bunch of other patches so your mileage may vary. Also, it appears this may cause some issues with bluetooth so be aware of that if you use BT (my machines do not). There is a good article about the issue on InfoWorld by Woody Leonhard from back at the end of July.

KB 3172605
https://support.microsoft.com/en-us/kb/3172605

Comey is a backdoor man

FBI Chief Comey blames Snowden for releasing info, ignores the fact that mass spying on Americans was illegal and anti-American and so the FBI’s actions essentially were the catalyst for the mass adoption of encryption to begin with. Wants the US to have an “adult” conversation about how math should work – sounds like a child whining that his homework is too hard. With all the hacks and leaks over the last couple years talking about making encryption weaker (or outlawing software that protects folks) seems ridiculous. There should probably be some minimum requirements for becoming the FBI director which are more rigorous than going to the right school and getting a degree in theology. Comey is a lawyer, not a technologist and it shows.

http://www.dailydot.com/layer8/comey-crypto-war-business-model/