82

I'm reading through the extensive description on which data is acquired by Microsoft's telemetry 1 including the following paragraph:

User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files

I was wondering whether Microsoft actually gathers data from a Word document, in case word crashes (hope on being wrong on this one).

Is Microsoft getting the 'whole' file, only a paragraph or am I misreading that part of the documentation?

Improve this question
3
  • 3
    I don't think .doc files are very common these days. Isn't it a 1990s thing? (.docx today?)
    – Peter Mortensen
    Commented Mar 1, 2019 at 15:12
  • 8
    Note that this document is specific to what may be gathered for full-level diagnostic data. If you've set your diagnostic data level to basic, this data is not subject to being gathered by telemetry. docs.microsoft.com/en-us/windows/privacy/…
    – Xander
    Commented Mar 1, 2019 at 15:50
  • 2
    Do not forget about malware scanners, they normally explicitely ask to transfer suspicious content if cloud scanning/intelligence is activated.
    – eckes
    Commented Mar 2, 2019 at 0:59

2 Answers 2

Reset to default
68

Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.

To actually see what's being reported you can give yourself permissions for %ProgramData%\Microsoft\Diagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.

What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.

At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in \Diagnosis and https as the transmission way.

Their EULA states:

Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3. operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer's private content ourselves, but we may refer the matter to law enforcement.

Conclusion: they can and will do it at will.

Improve this answer
17
  • 17
    While the answer is actually "yes, they could" the EULA snippet you cited has nothing to do with that. To investigate a crash has NOTHING to do with 1,4. Also note that crash data is an opt-in while for points mentioned in EULA you basically give them the rights to do what they want but only in those very specific circumstances (that "...at will" is incredibly misleading, IMHO).
    – Adriano Repetti
    Commented Mar 1, 2019 at 13:08
  • 40
    the file[s] are encrypted which is a very suspicious thing. Why? They're copies of documents you already own and control, and the OS can already read them and extract diagnostic (and personal) data if they so choose. It makes perfect sense to encrypt private data before sending it over the internet. The fact that they're sending it is suspicious, but not the encryption.
    – brichins
    Commented Mar 1, 2019 at 15:52
  • 10
    @DavidSchwartz Encrypting it at rest is useful if the user deletes the original file, in which case they wouldn't expect to have a readable copy of it sitting on their disk still.
    – Chris Hayes
    Commented Mar 1, 2019 at 20:11
  • 10
    @DavidSchwartz Encryption at rest is nearly always a good thing, especially (as in this case) if the contents are a) unknown but potentially sensitive and b) not intended for user consumption or immediate use. As Chris pointed out, the user has reason to expect that if they delete something, it's gone - not duplicated out of sight. Also, diagnostic info should be kept around even (perhaps especially) if the source data has been removed.
    – brichins
    Commented Mar 1, 2019 at 20:39
  • 11
    This encryption is in no way suspicious; rather, it is evidence that whoever designed this process built a proper threat model, analyzed it appropriately, and correctly implemented good mitigations against likely vulnerabilities.
    – Eric Lippert
    Commented Mar 2, 2019 at 1:38
39

Memory dumps often have document contents

It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.

Improve this answer
1
  • Yes, memory dumping is a specific case.
    – Overmind
    Commented Mar 4, 2019 at 6:28

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .