Ggthjy

The effects of magnetism in radio transmissions

Would these multi-classing house rules cause unintended problems?

Can I become debt free or should I file for bankruptcy? How do I manage my debt and finances?

What is the in-universe cost of a TIE fighter?

What is better: yes / no radio, or simple checkbox?

A minimum of two personnel "are" or "is"?

Can an insurance company drop you after receiving a bill and refusing to pay?

Process to change collation on a database

Why zero tolerance on nudity in space?

What is the wife of a henpecked husband called?

What is this metal M-shaped device for?

Show that the following sequence converges. Please Critique my proof.

Why did this image turn out darker?

Does Improved Divine Smite trigger when a paladin makes an unarmed strike?

Disable the ">" operator in Rstudio linux terminal

Help Me simplify: C*(A+B) + ~A*B

How do I say "Brexit" in Latin?

What to do when being responsible for data protection in your lab, yet advice is ignored?

Why are the books in the Game of Thrones citadel library shelved spine inwards?

Do authors have to be politically correct in article-writing?

Does Windows 10's telemetry include sending *.doc files if Word crashed?

Why avoid shared user accounts?

Is a debit card dangerous for an account with low balance and no overdraft protection?

Groups acting on trees

Does Windows 10's telemetry include sending *.doc files if Word crashed?

What are the privacy and security implications of Windows TelemetryDoes Windows 10 leak information about your IP address?LastPass Secure Notes Leak? - Is Spell Check and Typing Telemetry of LP Secure Notes a Significant Leak in Windows 10 Edge ExtensionWhere does Windows 10 save Keyboard input?Blocking Windows 10 telemetry destinations with Windows FirewallHow can I prevent all Windows 10 Telemetry?Stopping, editing, then sending packets in Windows 10Does Windows Subsystem for Linux provide additional security (VM-like isolation) over running native Windows programs?Does Windows Update modify Hosts file?How does Windows knows a particular software is an AV?

44

10

I'm reading through the extensive description on which data is acquired by Microsoft's telemetry 1 including the following paragraph:

User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files

I was wondering whether Microsoft actually gathers data from a Word document, in case word crashes (hope on being wrong on this one).

Is Microsoft getting the 'whole' file, only a paragraph or am I misreading that part of the documentation?

data-leakage windows-10

share|improve this question

edited 12 hours ago

Peter Mortensen

69849

asked 21 hours ago

VoodooCodeVoodooCode

323126

New contributor

VoodooCode is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I don't think .doc files are very common these days. Isn't it a 1990s thing? (.docx today?)
  
  – Peter Mortensen
  12 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  Note that this document is specific to what may be gathered for full-level diagnostic data. If you've set your diagnostic data level to basic, this data is not subject to being gathered by telemetry. docs.microsoft.com/en-us/windows/privacy/…
  
  – Xander
  12 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Do not forget about malware scanners, they normally explicitely ask to transfer suspicious content if cloud scanning/intelligence is activated.
  
  – eckes
  2 hours ago
  

  
  
  
  

add a comment | 

44

10

I'm reading through the extensive description on which data is acquired by Microsoft's telemetry 1 including the following paragraph:

User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files

I was wondering whether Microsoft actually gathers data from a Word document, in case word crashes (hope on being wrong on this one).

Is Microsoft getting the 'whole' file, only a paragraph or am I misreading that part of the documentation?

data-leakage windows-10

share|improve this question

edited 12 hours ago

Peter Mortensen

69849

asked 21 hours ago

VoodooCodeVoodooCode

323126

New contributor

VoodooCode is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I don't think .doc files are very common these days. Isn't it a 1990s thing? (.docx today?)
  
  – Peter Mortensen
  12 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  Note that this document is specific to what may be gathered for full-level diagnostic data. If you've set your diagnostic data level to basic, this data is not subject to being gathered by telemetry. docs.microsoft.com/en-us/windows/privacy/…
  
  – Xander
  12 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Do not forget about malware scanners, they normally explicitely ask to transfer suspicious content if cloud scanning/intelligence is activated.
  
  – eckes
  2 hours ago
  

  
  
  
  

add a comment | 

I'm reading through the extensive description on which data is acquired by Microsoft's telemetry 1 including the following paragraph:

User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files

I was wondering whether Microsoft actually gathers data from a Word document, in case word crashes (hope on being wrong on this one).

Is Microsoft getting the 'whole' file, only a paragraph or am I misreading that part of the documentation?

data-leakage windows-10

share|improve this question

edited 12 hours ago

Peter Mortensen

69849

asked 21 hours ago

VoodooCodeVoodooCode

323126

New contributor

VoodooCode is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 12 hours ago

Peter Mortensen

69849

asked 21 hours ago

VoodooCodeVoodooCode

323126

New contributor

VoodooCode is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 12 hours ago

Peter Mortensen

69849

asked 21 hours ago

VoodooCodeVoodooCode

323126

New contributor

VoodooCode is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited 12 hours ago

Peter Mortensen

69849

edited 12 hours ago

Peter Mortensen

69849

asked 21 hours ago

VoodooCodeVoodooCode

323126

New contributor

VoodooCode is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 21 hours ago

VoodooCodeVoodooCode

323126

2 Answers
2

active

oldest

votes

39

Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.

To actually see what's being reported you can give yourself permissions for
%ProgramData%MicrosoftDiagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.

What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.

At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in Diagnosis and https as the transmission way.

Their EULA states:

Finally, we will access, disclose and preserve personal data,
including your content (such as the content of your emails, other
private communications or files in private folders), when we have a
good faith belief that doing so is necessary to: comply with
applicable law or respond to valid legal process, including from law
enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or
serious injury of anyone; 3. operate and maintain the security of our
services, including to prevent or stop an attack on our computer
systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive
information indicating that someone is using our services to traffic
in stolen intellectual or physical property of Microsoft, we will not
inspect a customer's private content ourselves, but we may refer the
matter to law enforcement.

Conclusion: they can and will do it at will.

share|improve this answer

edited 18 hours ago

Esa Jokinen

1,983613

answered 20 hours ago

OvermindOvermind

4,056717

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  
  While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
  
  – Adriano Repetti
  14 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  
  Is it a serious question? Because it'd be a HUGE law infringement, and - on the contrary of cloud services - they distribute the evidence (virtually anyone can inspect the decompiled source code). Given that MS is not an anonymous developer hidden somewhere in world...there are MUCH more chances that any on-line service is misusing your data (oh well, they actually tell you that they do then...) or just some obscure desktop (or mobile...) app...
  
  – Adriano Repetti
  14 hours ago
  

  
  
  
  


• 
  
  
  

  
  16
  

  
  
  
  
  
  

  
  
  the file[s] are encrypted which is a very suspicious thing. Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.
  
  – brichins
  12 hours ago
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  @DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
  
  – Chris Hayes
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  @DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
  
  – brichins
  7 hours ago
  

  
  
  
  

 | 
show 10 more comments

12

Memory dumps often have document contents

It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.

share|improve this answer

edited 8 hours ago

answered 8 hours ago

PeterisPeteris

5,92811726

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

VoodooCode is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204530%2fdoes-windows-10s-telemetry-include-sending-doc-files-if-word-crashed%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

39

Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.

To actually see what's being reported you can give yourself permissions for
%ProgramData%MicrosoftDiagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.

What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.

At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in Diagnosis and https as the transmission way.

Their EULA states:

Finally, we will access, disclose and preserve personal data,
including your content (such as the content of your emails, other
private communications or files in private folders), when we have a
good faith belief that doing so is necessary to: comply with
applicable law or respond to valid legal process, including from law
enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or
serious injury of anyone; 3. operate and maintain the security of our
services, including to prevent or stop an attack on our computer
systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive
information indicating that someone is using our services to traffic
in stolen intellectual or physical property of Microsoft, we will not
inspect a customer's private content ourselves, but we may refer the
matter to law enforcement.

Conclusion: they can and will do it at will.

share|improve this answer

edited 18 hours ago

Esa Jokinen

1,983613

answered 20 hours ago

OvermindOvermind

4,056717

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  
  While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
  
  – Adriano Repetti
  14 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  
  Is it a serious question? Because it'd be a HUGE law infringement, and - on the contrary of cloud services - they distribute the evidence (virtually anyone can inspect the decompiled source code). Given that MS is not an anonymous developer hidden somewhere in world...there are MUCH more chances that any on-line service is misusing your data (oh well, they actually tell you that they do then...) or just some obscure desktop (or mobile...) app...
  
  – Adriano Repetti
  14 hours ago
  

  
  
  
  


• 
  
  
  

  
  16
  

  
  
  
  
  
  

  
  
  the file[s] are encrypted which is a very suspicious thing. Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.
  
  – brichins
  12 hours ago
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  @DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
  
  – Chris Hayes
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  @DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
  
  – brichins
  7 hours ago
  

  
  
  
  

 | 
show 10 more comments

39

Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.

To actually see what's being reported you can give yourself permissions for
%ProgramData%MicrosoftDiagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.

What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.

At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in Diagnosis and https as the transmission way.

Their EULA states:

Finally, we will access, disclose and preserve personal data,
including your content (such as the content of your emails, other
private communications or files in private folders), when we have a
good faith belief that doing so is necessary to: comply with
applicable law or respond to valid legal process, including from law
enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or
serious injury of anyone; 3. operate and maintain the security of our
services, including to prevent or stop an attack on our computer
systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive
information indicating that someone is using our services to traffic
in stolen intellectual or physical property of Microsoft, we will not
inspect a customer's private content ourselves, but we may refer the
matter to law enforcement.

Conclusion: they can and will do it at will.

share|improve this answer

edited 18 hours ago

Esa Jokinen

1,983613

answered 20 hours ago

OvermindOvermind

4,056717

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  
  While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
  
  – Adriano Repetti
  14 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  
  Is it a serious question? Because it'd be a HUGE law infringement, and - on the contrary of cloud services - they distribute the evidence (virtually anyone can inspect the decompiled source code). Given that MS is not an anonymous developer hidden somewhere in world...there are MUCH more chances that any on-line service is misusing your data (oh well, they actually tell you that they do then...) or just some obscure desktop (or mobile...) app...
  
  – Adriano Repetti
  14 hours ago
  

  
  
  
  


• 
  
  
  

  
  16
  

  
  
  
  
  
  

  
  
  the file[s] are encrypted which is a very suspicious thing. Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.
  
  – brichins
  12 hours ago
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  @DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
  
  – Chris Hayes
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  @DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
  
  – brichins
  7 hours ago
  

  
  
  
  

 | 
show 10 more comments

Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.

To actually see what's being reported you can give yourself permissions for
%ProgramData%MicrosoftDiagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.

What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.

At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in Diagnosis and https as the transmission way.

Their EULA states:

Finally, we will access, disclose and preserve personal data,
including your content (such as the content of your emails, other
private communications or files in private folders), when we have a
good faith belief that doing so is necessary to: comply with
applicable law or respond to valid legal process, including from law
enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or
serious injury of anyone; 3. operate and maintain the security of our
services, including to prevent or stop an attack on our computer
systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive
information indicating that someone is using our services to traffic
in stolen intellectual or physical property of Microsoft, we will not
inspect a customer's private content ourselves, but we may refer the
matter to law enforcement.

Conclusion: they can and will do it at will.

share|improve this answer

edited 18 hours ago

Esa Jokinen

1,983613

answered 20 hours ago

OvermindOvermind

4,056717

share|improve this answer

edited 18 hours ago

Esa Jokinen

1,983613

answered 20 hours ago

OvermindOvermind

4,056717

edited 18 hours ago

Esa Jokinen

1,983613

edited 18 hours ago

Esa Jokinen

1,983613

answered 20 hours ago

OvermindOvermind

4,056717

answered 20 hours ago

OvermindOvermind

4,056717

12

Memory dumps often have document contents

It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.

share|improve this answer

edited 8 hours ago

answered 8 hours ago

PeterisPeteris

5,92811726

add a comment | 

12

Memory dumps often have document contents

It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.

share|improve this answer

edited 8 hours ago

answered 8 hours ago

PeterisPeteris

5,92811726

add a comment | 

Memory dumps often have document contents

It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.

share|improve this answer

edited 8 hours ago

answered 8 hours ago

PeterisPeteris

5,92811726

share|improve this answer

edited 8 hours ago

answered 8 hours ago

PeterisPeteris

5,92811726

answered 8 hours ago

PeterisPeteris

5,92811726

answered 8 hours ago

PeterisPeteris

5,92811726