Does Windows 10's telemetry include sending *.doc files if Word crashed?
I'm reading through the extensive description on which data is acquired by Microsoft's telemetry 1 including the following paragraph:
User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files
I was wondering whether Microsoft actually gathers data from a Word document, in case word crashes (hope on being wrong on this one).
Is Microsoft getting the 'whole' file, only a paragraph or am I misreading that part of the documentation?
privacy data-leakage windows-10
edited Mar 4 at 8:24
usr-local-ΕΨΗΕΛΩΝ
1,393518
asked Mar 1 at 6:53
VoodooCodeVoodooCode
503126
add a comment |
I'm reading through the extensive description on which data is acquired by Microsoft's telemetry 1 including the following paragraph:
User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files
I was wondering whether Microsoft actually gathers data from a Word document, in case word crashes (hope on being wrong on this one).
Is Microsoft getting the 'whole' file, only a paragraph or am I misreading that part of the documentation?
privacy data-leakage windows-10
edited Mar 4 at 8:24
usr-local-ΕΨΗΕΛΩΝ
1,393518
asked Mar 1 at 6:53
VoodooCodeVoodooCode
503126
3
I don't think .doc files are very common these days. Isn't it a 1990s thing? (.docx today?)
– Peter Mortensen
Mar 1 at 15:12
8
Note that this document is specific to what may be gathered for full-level diagnostic data. If you've set your diagnostic data level to basic, this data is not subject to being gathered by telemetry. docs.microsoft.com/en-us/windows/privacy/…
– Xander
Mar 1 at 15:50
2
Do not forget about malware scanners, they normally explicitely ask to transfer suspicious content if cloud scanning/intelligence is activated.
– eckes
Mar 2 at 0:59
add a comment |
I'm reading through the extensive description on which data is acquired by Microsoft's telemetry 1 including the following paragraph:
User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files
I was wondering whether Microsoft actually gathers data from a Word document, in case word crashes (hope on being wrong on this one).
Is Microsoft getting the 'whole' file, only a paragraph or am I misreading that part of the documentation?
privacy data-leakage windows-10
edited Mar 4 at 8:24
usr-local-ΕΨΗΕΛΩΝ
1,393518
asked Mar 1 at 6:53
VoodooCodeVoodooCode
503126
I'm reading through the extensive description on which data is acquired by Microsoft's telemetry 1 including the following paragraph:
User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files
I was wondering whether Microsoft actually gathers data from a Word document, in case word crashes (hope on being wrong on this one).
Is Microsoft getting the 'whole' file, only a paragraph or am I misreading that part of the documentation?
privacy data-leakage windows-10
privacy data-leakage windows-10
edited Mar 4 at 8:24
usr-local-ΕΨΗΕΛΩΝ
1,393518
asked Mar 1 at 6:53
VoodooCodeVoodooCode
503126
edited Mar 4 at 8:24
usr-local-ΕΨΗΕΛΩΝ
1,393518
asked Mar 1 at 6:53
VoodooCodeVoodooCode
503126
edited Mar 4 at 8:24
usr-local-ΕΨΗΕΛΩΝ
1,393518
edited Mar 4 at 8:24
usr-local-ΕΨΗΕΛΩΝ
1,393518
edited Mar 4 at 8:24
usr-local-ΕΨΗΕΛΩΝ
1,393518
1,393518
asked Mar 1 at 6:53
VoodooCodeVoodooCode
503126
asked Mar 1 at 6:53
VoodooCodeVoodooCode
503126
asked Mar 1 at 6:53
VoodooCodeVoodooCode
503126
503126
3
I don't think .doc files are very common these days. Isn't it a 1990s thing? (.docx today?)
– Peter Mortensen
Mar 1 at 15:12
8
Note that this document is specific to what may be gathered for full-level diagnostic data. If you've set your diagnostic data level to basic, this data is not subject to being gathered by telemetry. docs.microsoft.com/en-us/windows/privacy/…
– Xander
Mar 1 at 15:50
2
Do not forget about malware scanners, they normally explicitely ask to transfer suspicious content if cloud scanning/intelligence is activated.
– eckes
Mar 2 at 0:59
add a comment |
3
I don't think .doc files are very common these days. Isn't it a 1990s thing? (.docx today?)
– Peter Mortensen
Mar 1 at 15:12
8
Note that this document is specific to what may be gathered for full-level diagnostic data. If you've set your diagnostic data level to basic, this data is not subject to being gathered by telemetry. docs.microsoft.com/en-us/windows/privacy/…
– Xander
Mar 1 at 15:50
2
Do not forget about malware scanners, they normally explicitely ask to transfer suspicious content if cloud scanning/intelligence is activated.
– eckes
Mar 2 at 0:59
3
3
I don't think .doc files are very common these days. Isn't it a 1990s thing? (.docx today?)
– Peter Mortensen
Mar 1 at 15:12
I don't think .doc files are very common these days. Isn't it a 1990s thing? (.docx today?)
– Peter Mortensen
Mar 1 at 15:12
8
8
Note that this document is specific to what may be gathered for full-level diagnostic data. If you've set your diagnostic data level to basic, this data is not subject to being gathered by telemetry. docs.microsoft.com/en-us/windows/privacy/…
– Xander
Mar 1 at 15:50
Note that this document is specific to what may be gathered for full-level diagnostic data. If you've set your diagnostic data level to basic, this data is not subject to being gathered by telemetry. docs.microsoft.com/en-us/windows/privacy/…
– Xander
Mar 1 at 15:50
2
2
Do not forget about malware scanners, they normally explicitely ask to transfer suspicious content if cloud scanning/intelligence is activated.
– eckes
Mar 2 at 0:59
Do not forget about malware scanners, they normally explicitely ask to transfer suspicious content if cloud scanning/intelligence is activated.
– eckes
Mar 2 at 0:59
add a comment |
2 Answers
2
active
oldest
votes
Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.
To actually see what's being reported you can give yourself permissions for
%ProgramData%MicrosoftDiagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.
What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.
At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in Diagnosis and https as the transmission way.
Their EULA states:
Finally, we will access, disclose and preserve personal data,
including your content (such as the content of your emails, other
private communications or files in private folders), when we have a
good faith belief that doing so is necessary to: comply with
applicable law or respond to valid legal process, including from law
enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or
serious injury of anyone; 3. operate and maintain the security of our
services, including to prevent or stop an attack on our computer
systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive
information indicating that someone is using our services to traffic
in stolen intellectual or physical property of Microsoft, we will not
inspect a customer's private content ourselves, but we may refer the
matter to law enforcement.
Conclusion: they can and will do it at will.
edited Mar 1 at 9:30
Esa Jokinen
3,3291119
answered Mar 1 at 7:43
OvermindOvermind
4,574718
16
While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
– Adriano Repetti
Mar 1 at 13:08
39
the file[s] are encrypted which is a very suspicious thing.Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.
– brichins
Mar 1 at 15:52
10
@DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
– Chris Hayes
Mar 1 at 20:11
10
@DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
– brichins
Mar 1 at 20:39
11
This encryption is in no way suspicious; rather, it is evidence that whoever designed this process built a proper threat model, analyzed it appropriately, and correctly implemented good mitigations against likely vulnerabilities.
– Eric Lippert
Mar 2 at 1:38
|
show 12 more comments
Memory dumps often have document contents
It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.
answered Mar 1 at 19:17
PeterisPeteris
6,50111828
Yes, memory dumping is a specific case.
– Overmind
Mar 4 at 6:28
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204530%2fdoes-windows-10s-telemetry-include-sending-doc-files-if-word-crashed%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.
To actually see what's being reported you can give yourself permissions for
%ProgramData%MicrosoftDiagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.
What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.
At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in Diagnosis and https as the transmission way.
Their EULA states:
Finally, we will access, disclose and preserve personal data,
including your content (such as the content of your emails, other
private communications or files in private folders), when we have a
good faith belief that doing so is necessary to: comply with
applicable law or respond to valid legal process, including from law
enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or
serious injury of anyone; 3. operate and maintain the security of our
services, including to prevent or stop an attack on our computer
systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive
information indicating that someone is using our services to traffic
in stolen intellectual or physical property of Microsoft, we will not
inspect a customer's private content ourselves, but we may refer the
matter to law enforcement.
Conclusion: they can and will do it at will.
edited Mar 1 at 9:30
Esa Jokinen
3,3291119
answered Mar 1 at 7:43
OvermindOvermind
4,574718
16
While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
– Adriano Repetti
Mar 1 at 13:08
39
the file[s] are encrypted which is a very suspicious thing.Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.
– brichins
Mar 1 at 15:52
10
@DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
– Chris Hayes
Mar 1 at 20:11
10
@DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
– brichins
Mar 1 at 20:39
11
This encryption is in no way suspicious; rather, it is evidence that whoever designed this process built a proper threat model, analyzed it appropriately, and correctly implemented good mitigations against likely vulnerabilities.
– Eric Lippert
Mar 2 at 1:38
|
show 12 more comments
Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.
To actually see what's being reported you can give yourself permissions for
%ProgramData%MicrosoftDiagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.
What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.
At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in Diagnosis and https as the transmission way.
Their EULA states:
Finally, we will access, disclose and preserve personal data,
including your content (such as the content of your emails, other
private communications or files in private folders), when we have a
good faith belief that doing so is necessary to: comply with
applicable law or respond to valid legal process, including from law
enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or
serious injury of anyone; 3. operate and maintain the security of our
services, including to prevent or stop an attack on our computer
systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive
information indicating that someone is using our services to traffic
in stolen intellectual or physical property of Microsoft, we will not
inspect a customer's private content ourselves, but we may refer the
matter to law enforcement.
Conclusion: they can and will do it at will.
edited Mar 1 at 9:30
Esa Jokinen
3,3291119
answered Mar 1 at 7:43
OvermindOvermind
4,574718
16
While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
– Adriano Repetti
Mar 1 at 13:08
39
the file[s] are encrypted which is a very suspicious thing.Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.
– brichins
Mar 1 at 15:52
10
@DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
– Chris Hayes
Mar 1 at 20:11
10
@DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
– brichins
Mar 1 at 20:39
11
This encryption is in no way suspicious; rather, it is evidence that whoever designed this process built a proper threat model, analyzed it appropriately, and correctly implemented good mitigations against likely vulnerabilities.
– Eric Lippert
Mar 2 at 1:38
|
show 12 more comments
Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.
To actually see what's being reported you can give yourself permissions for
%ProgramData%MicrosoftDiagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.
What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.
At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in Diagnosis and https as the transmission way.
Their EULA states:
Finally, we will access, disclose and preserve personal data,
including your content (such as the content of your emails, other
private communications or files in private folders), when we have a
good faith belief that doing so is necessary to: comply with
applicable law or respond to valid legal process, including from law
enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or
serious injury of anyone; 3. operate and maintain the security of our
services, including to prevent or stop an attack on our computer
systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive
information indicating that someone is using our services to traffic
in stolen intellectual or physical property of Microsoft, we will not
inspect a customer's private content ourselves, but we may refer the
matter to law enforcement.
Conclusion: they can and will do it at will.
edited Mar 1 at 9:30
Esa Jokinen
3,3291119
answered Mar 1 at 7:43
OvermindOvermind
4,574718
Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.
To actually see what's being reported you can give yourself permissions for
%ProgramData%MicrosoftDiagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.
What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.
At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in Diagnosis and https as the transmission way.
Their EULA states:
Finally, we will access, disclose and preserve personal data,
including your content (such as the content of your emails, other
private communications or files in private folders), when we have a
good faith belief that doing so is necessary to: comply with
applicable law or respond to valid legal process, including from law
enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or
serious injury of anyone; 3. operate and maintain the security of our
services, including to prevent or stop an attack on our computer
systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive
information indicating that someone is using our services to traffic
in stolen intellectual or physical property of Microsoft, we will not
inspect a customer's private content ourselves, but we may refer the
matter to law enforcement.
Conclusion: they can and will do it at will.
edited Mar 1 at 9:30
Esa Jokinen
3,3291119
answered Mar 1 at 7:43
OvermindOvermind
4,574718
edited Mar 1 at 9:30
Esa Jokinen
3,3291119
edited Mar 1 at 9:30
Esa Jokinen
3,3291119
edited Mar 1 at 9:30
Esa Jokinen
3,3291119
3,3291119
answered Mar 1 at 7:43
OvermindOvermind
4,574718
answered Mar 1 at 7:43
OvermindOvermind
4,574718
answered Mar 1 at 7:43
OvermindOvermind
4,574718
4,574718
16
While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
– Adriano Repetti
Mar 1 at 13:08
39
the file[s] are encrypted which is a very suspicious thing.Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.
– brichins
Mar 1 at 15:52
10
@DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
– Chris Hayes
Mar 1 at 20:11
10
@DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
– brichins
Mar 1 at 20:39
11
This encryption is in no way suspicious; rather, it is evidence that whoever designed this process built a proper threat model, analyzed it appropriately, and correctly implemented good mitigations against likely vulnerabilities.
– Eric Lippert
Mar 2 at 1:38
|
show 12 more comments
16
While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
– Adriano Repetti
Mar 1 at 13:08
39
the file[s] are encrypted which is a very suspicious thing.Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.
– brichins
Mar 1 at 15:52
10
@DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
– Chris Hayes
Mar 1 at 20:11
10
@DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
– brichins
Mar 1 at 20:39
11
This encryption is in no way suspicious; rather, it is evidence that whoever designed this process built a proper threat model, analyzed it appropriately, and correctly implemented good mitigations against likely vulnerabilities.
– Eric Lippert
Mar 2 at 1:38
16
16
While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
– Adriano Repetti
Mar 1 at 13:08
While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
– Adriano Repetti
Mar 1 at 13:08
39
39
the file[s] are encrypted which is a very suspicious thing. Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.– brichins
Mar 1 at 15:52
the file[s] are encrypted which is a very suspicious thing. Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.– brichins
Mar 1 at 15:52
10
10
@DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
– Chris Hayes
Mar 1 at 20:11
@DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
– Chris Hayes
Mar 1 at 20:11
10
10
@DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
– brichins
Mar 1 at 20:39
@DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
– brichins
Mar 1 at 20:39
11
11
This encryption is in no way suspicious; rather, it is evidence that whoever designed this process built a proper threat model, analyzed it appropriately, and correctly implemented good mitigations against likely vulnerabilities.
– Eric Lippert
Mar 2 at 1:38
This encryption is in no way suspicious; rather, it is evidence that whoever designed this process built a proper threat model, analyzed it appropriately, and correctly implemented good mitigations against likely vulnerabilities.
– Eric Lippert
Mar 2 at 1:38
|
show 12 more comments
Memory dumps often have document contents
It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.
answered Mar 1 at 19:17
PeterisPeteris
6,50111828
Yes, memory dumping is a specific case.
– Overmind
Mar 4 at 6:28
add a comment |
Memory dumps often have document contents
It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.
answered Mar 1 at 19:17
PeterisPeteris
6,50111828
Yes, memory dumping is a specific case.
– Overmind
Mar 4 at 6:28
add a comment |
Memory dumps often have document contents
It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.
answered Mar 1 at 19:17
PeterisPeteris
6,50111828
Memory dumps often have document contents
It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.
answered Mar 1 at 19:17
PeterisPeteris
6,50111828
edited Mar 1 at 19:34
answered Mar 1 at 19:17
PeterisPeteris
6,50111828
answered Mar 1 at 19:17
PeterisPeteris
6,50111828
answered Mar 1 at 19:17
PeterisPeteris
6,50111828
6,50111828
Yes, memory dumping is a specific case.
– Overmind
Mar 4 at 6:28
add a comment |
Yes, memory dumping is a specific case.
– Overmind
Mar 4 at 6:28
Yes, memory dumping is a specific case.
– Overmind
Mar 4 at 6:28
Yes, memory dumping is a specific case.
– Overmind
Mar 4 at 6:28
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204530%2fdoes-windows-10s-telemetry-include-sending-doc-files-if-word-crashed%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
I don't think .doc files are very common these days. Isn't it a 1990s thing? (.docx today?)
– Peter Mortensen
Mar 1 at 15:12
8
Note that this document is specific to what may be gathered for full-level diagnostic data. If you've set your diagnostic data level to basic, this data is not subject to being gathered by telemetry. docs.microsoft.com/en-us/windows/privacy/…
– Xander
Mar 1 at 15:50
2
Do not forget about malware scanners, they normally explicitely ask to transfer suspicious content if cloud scanning/intelligence is activated.
– eckes
Mar 2 at 0:59