Archive for July 12, 2019

FTC Agree To A $5 Billion Dollar Fine For Facebook

Posted in Commentary with tags on July 12, 2019 by itnerd

The Federal Trade Commission voted this week to approve a roughly $5 billion settlement with Facebook over a long-running probe into the tech giant’s privacy missteps, WSJ reported Friday, citing people familiar with the matter [The link may be paywalled. Here’s an alternative source]:

The 3-2 vote by FTC commissioners broke along party lines, with the Republican majority lining up to support the pact while Democratic commissioners objected, the people said. The matter has been moved to the Justice Department’s civil division and it is unclear how long it will take to finalize, the person said. Justice Department reviews are part of the FTC’s procedure but typically don’t change the outcome of an FTC decision. A settlement is expected to include other government restrictions on how Facebook treats user privacy. The additional terms of the settlement couldn’t immediately be learned. An FTC spokeswoman declined to comment, as did a Facebook spokesman. Facebook said April 24 that it was expecting to pay up to $5 billion to settle the probe. A resolution was bogged down by a split between Republicans and Democrats on the FTC, with the Democrats pushing for tougher oversight of the social-media giant.

The problem that I have with this fine is $5 billion is a rounding error to Facebook. So in my mind, that’s a #fail. But if there are really good government restrictions that Facebook has to adhere to for years, then maybe this might mean something. I’ll guess it will be up to the Europeans to really slap Facebook silly.

Microsoft Slips Code Into Windows 7 “Patch Tuesday” Update That Phones Home

Posted in Commentary with tags on July 12, 2019 by itnerd

How comfortable are you with this that popped up on ZDNet. Assuming that you are on Windows 7 of course and you just did updates on this past “Patch Tuesday”:

As expected, Windows Update dropped off several packages of security and reliability fixes for Windows 7 earlier this week, part of the normal Patch Tuesday delivery cycle for every version of Windows. But some hawk-eyed observers noted a surprise in one of those Windows 7 packages.

What was surprising about this month’s Security-only update, formally titled the “July 9, 2019 — KB4507456 (Security-only update),” is that it bundled the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10. 

Under Microsoft’s rules, what it calls “Security-only updates” are supposed to include, well, only security updates, not quality fixes or diagnostic tools. Nearly three years ago, Microsoft split its monthly update packages for Windows 7 and Windows 8.1 into two distinct offerings: a monthly rollup of updates and fixes and, for those who are want only those patches that are absolutely essential, a Security-only update package.

What was surprising about this month’s Security-only update, formally titled the “July 9, 2019—KB4507456 (Security-only update),” is that it bundled the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10.

Among the fierce corps of Windows Update skeptics, the Compatibility Appraiser tool is to be shunned aggressively. The concern is that these components are being used to prepare for another round of forced updates or to spy on individual PCs. The word telemetry appears in at least one file, and for some observers it’s a short step from seemingly innocuous data collection to outright spyware.

My longtime colleague and erstwhile co-author, Woody Leonhard, noted earlier today that Microsoft appeared to be “surreptitiously adding telemetry functionality” to the latest update:

With the July 2019-07 Security Only Quality Update KB4507456, Microsoft has slipped this functionality into a security-only patch without any warning, thus adding the “Compatibility Appraiser” and its scheduled tasks (telemetry) to the update. The package details for KB4507456 say it replaces KB2952664 (among other updates).

Come on Microsoft. This is not a security-only update. How do you justify this sneaky behavior? Where is the transparency now.

I for one am not comfortable with this. Though given Microsoft’s previous behavior on this front, it’s not all that shocking seeing as they’ve been caught doing this sort of thing before. The thing is that forced updates, the mandatory telemetry, and the complete lack of transparency is going to bite Microsoft at some point as options like the Mac and Linux exist. Thus Microsoft needs to be really careful as this sort of behavior will send people towards those options faster than Lance Armstrong on steroids while riding a bike.