Thursday, October 29, 2015

Peeping Into Windows 10: Cortana

One of the great things about Windows 10 is, well I can't really think of any. On the flip side I can enumerate on a couple things I don't like about it. On top of my list is Cortana's collection of data.

Cortana is Microsoft's answer to Apple's Siri. 'She', as Microsoft likes to think of 'it', is a voice activated personal assistant.  According to Microsoft, "Cortana is your clever new personal assistant. Cortana will help you find things on your PC, manage your calendar, track packages, find files, chat with you, and tell jokes. The more you use Cortana, the more personalized your experience will be."

What is less obvious, unless you actually dig around the net, is this: As long as Cortana is turned on in Windows settings 'she' will be eavesdropping on everything you say. Yep, everything within microphone shot. All in an effort to further personalize your experience. Your device may also send 'speech data' back to Microsoft periodically, though it is unclear what that might include. If that isn't enough, Cortana also collects data based on email*, calendar, instant messages, OneDrive, and web history.

Fortunately, there are some things you can do to control what she hears. The links below dive deeper into what is collected and how it is used by Microsoft. Of primary interest should be the first link as it describes how to manage Cortana settings. The other links dive more into how Microsoft uses and manages user privacy.

Cortana-Privacy-FAQ

Microsoft's Privacy Statement

Microsoft's Corporate Citizenship

And, while this post hyper-focuses on Microsoft's use of personal data and collection, by no means are they alone. Microsoft will push targeted ads, but if you use other services such as Google Mail you already know that data mining occurs for this purpose. The difference here is how that information is collected, how much is collected, and how it is used.

*This is a bit ambiguous as some articles I have read state that Microsoft is mining emails, while other articles state the Microsoft has been clear about not doing so, particularly after some backlash from them looking at a customer's Hotmail account for illegally shared trade secrets from a former Microsoft employee.

Tuesday, July 14, 2015

Some Like It Hotspots: Comcast Xfinity WiFi

If you have ever looked at the list of WiFi networks that appear within the vicinity of your device you may have noticed one, or both, of Comcast's wireless networks broadcasting as xfinitywifi, or CableWiFi. On its face it doesn't seem like a bad thing, but Comcast is using customer's rented routers to provide hotspot access, and that calls into some question about whether this is legal, ethical, or secure.

CableWiFi and xfinitywifi SSIDs use dedicated bandwidth along with a dedicated antenna within the router to broadcast. This segregates traffic from the home user's private WiFi network. To connect to these SSIDs you have to be a Comcast customer. When connecting, you are asked for your Comcast credentials before access to the network is granted. You can connect to these networks from just about anywhere and have the convenience of 'free' WiFi.

Let's take a look at what this really means:

Comcast has only said that this network uses a separate antenna, and that these networks use a separate IP address from your home's private network. That may be true, but we don't know anything more about how this works or the security of this technology. There is no customer access to the settings of the Comcast networks, and therefore no way to look at the radio settings, the security settings, etc. Router vulnerabilities exist, and that an exploit could leapfrog Comcast's networks onto a home user's network is not outside the realm of possibility.

While Comcast does not tell their customers up-front about this network being enabled by default, it does state that customers can opt-out of having these networks broadcast. That is good news, but there have been numerous complaints that users are unable to successfully shut it down. Naturally, Comcast encourages people to leave it on.

There is some concern about how much electricity this additional broadcasting network uses. Comcast claims that it is 'nominal' at best. Speedify, a company that tested the electrical use while the network was broadcasting idle and with connections, suggests that it could cost customers somewhere in the $20 to $30 range depending on where they live in the US. Comcast disputes this claim stating that Speedify used business class hardware; not home-user hardware. It is also important to note that Speedify sells Internet services and are not a completely independent testing source. Despite this, Comcast welcomed Speedify to test again in the future using the latest home user hardware. Sounds like a great idea, but not every household will have the latest hardware. Testing older home user hardware and newer hardware would be a fairer gauge of electrical consumption. In any case, it hardly seems ethical to expect customers to not only pay for renting the modem/router and Internet access, but to also pay additionally in electrical supply costs.

The xfinitywifi and CableWiFi antenna radio signals can interfere with signals from a home user's private network. This can have a noticeable impact on the quality of service experienced with devices on a personal network, and has been a source of customer complaints.

Learn more about Xfinity WiFi and how to disable it here:
Comcast Xfinity WiFi
Disable Xfinity Hotspot

Purchasing your own modem and router give you more freedom to control costs, as well as the security of your network. It will cost less in the long run to purchase your own equipment, however; you will be responsible for maintaining it. If you are not comfortable setting up and securing your own network it still may be less expensive to hire a technologist to do it for you.