Gregory's ServerRandom bit of Microsoft telemetry dropped in this WSJ piece, good to know they’re tracking key presses.
Kevin Beaumont
22 comments
Ankit Pati
@jt_rebelo @GossiTheDog Keypress + timing data can be processed to give the exact identity of the keys.
João Tiago Rebelo
@ankitpati I know, but using that internally at MS... Everything they collect is one more vector for a blackhat to exploit, but I think (hope) they don't match those telemetry details in-house. @GossiTheDog
Em 💜
I feel zscaler’s data gathering and connecting that to a user is even on a wilder level. ’Fortunately’ that data is also nicely put together for the customers’ admins and csuites for easy digest.
Michael ☕️
@GossiTheDog is this what they're talking about when they ask for "Inking and typing" data sharing? #TurnThatShitOff
the vessel of morganna
@GossiTheDog is that key-presses within teams? 'cause tracking the <x> is typing notifier isn't the absolute *worst* thing they could be doing, despite still being creepy. if it's OS wide, though... lol 
Raven667
@astraleureka @GossiTheDog maybe I'm giving too much benefit of the doubt but keeping an RRD of the usage of the "someone is typing" notification service in Teams would be totally normal, expected and provide the described data. Obviously they also know how many active meetings or messages in general are going on at any time as well. Maybe the takeaway is that _any_ centralized service becomes exposed to incalculable amounts of incidental data and needs retention policies to keep risk low
the vessel of morganna
@raven667 @GossiTheDog Teams is backed by exchange, for the actual messaging at least. I'm not sure how they handle signalling, but it's safe to assume they keep some sort of logging of that data too.
rob
@GossiTheDog along with the mouse wobbler, I can see keyboard activator being essential home office equipment soon. Leave Notepad open and set the keyboard activator to type out Trollope novels in short bursts.
artful modder
@GossiTheDog I wonder if blocking telemetry at the group policy level has any bearing on this 🤔
ISO8601
@GossiTheDog Now I'm starting to think that MSTIC etc probably maintains a list of of devices where telemetry is blocked/disabled, to improve the signal/noise ratio for identifying devices which threat actors might be using. Presumably it would eliminate 99.9% of the uninteresting endpoints.
zazzoo
@GossiTheDog Psst. Windows has been nothing but garbage spyware since Windows 10. Unless you've got an enterprise license, specifically block it on your firewall or have hacked your OS, there is no way to disable it. Pass it around.
Alan
@zazzoo @GossiTheDog it’s not an option for everyone, but if you’re remotely tech oriented, try to run Linux.
zazzoo
@metaphase @GossiTheDog I'm an IT guy so I may be biased, but I think Linux desktop distros have passed the point needing to be a techie to use. I find Debian/Gnome to be both intuitive for Windows users and far easier to install and update than Windows. I firmly believe starting with Windows 8, Microsoft basically ripped off Gnome's UI. Now, getting enterprise productivity software to run or, if you're a home user, games? That's the biggest hurdle.
PrimroseHill
@GossiTheDog I do this! I wake up having fallen asleep watching TV and answer more emails 
Lewis Cowles
@GossiTheDog teams perfectly illustrates bits of the web designed to harm users, they've not had to invent anything to spy on folks 
Josh Carlson
@GossiTheDog What is the benefit of knowing when people are typing a lot?
Chase :unverified: :verified: :loading:
@GossiTheDog i wonder how they are using this data internally other than for marketing.  |
@GossiTheDog since they will be using Copilot to siphon data off of work and personal files to train it, knowing how many key presses happen at what time (but, hopefully not which keys) isn't the worst telemetry on Stalker11.