←back to thread

Upcoming Windows 11 builds cannot install without internet and Microsoft Account

(infosec.exchange)
268 points tech234a | 3 comments | 29 Mar 25 04:13 UTC | HN request time: 0.492s | source
Show context
soraminazuki ◴[29 Mar 25 05:47 UTC] No.43513090[source]
It's such an absurd lie. If Microsoft's idea of security is to force its users to authenticate online for a local account, they should never be allowed in the software industry at all. They're needlessly and dramatically increasing the attack surface of one of the most security critical software running on user devices.
replies(5): >>43513349 #>>43513354 #>>43513571 #>>43513574 #>>43514238 #
CrossVR ◴[29 Mar 25 06:46 UTC] No.43513349[source]
And for what? Make number go up? If it's just another data collection scheme the at least I could understand why.
replies(1): >>43513373 #
bboygravity ◴[29 Mar 25 06:51 UTC] No.43513373[source]
Because the NSA pays them to.

Why did they do to Skype what they did (first turn it from p2p to centralized and spyable and then just ignore it and let it die)?

Same reason.

replies(2): >>43513535 #>>43513541 #
1. sterlind ◴[29 Mar 25 07:27 UTC] No.43513541[source]
(Opinions are my own, I have no inside knowledge.)

I vaguely remember hearing that P2P Skype was the bane of sysadmins' existence. Skype would elect clients on high-bandwidth networks as supernodes. This tended to be business customers - the very organizations MS wanted to attract. Skype's prodigious hole-punching ability made it difficult to throttle, so it got banned from a lot of enterprises. MS essentially hosted the supernodes on Azure, which centralized it.

As for encryption, on the other hand, Wikipedia says MS specifically added the ability to eavesdrop for law enforcement agencies, though apparently Skype had already added a backdoor for the NSA before MS bought them: https://news.softpedia.com/news/Skype-Provided-Backdoor-Acce...

replies(2): >>43513582 #>>43516672 #
2. somenameforme ◴[29 Mar 25 07:37 UTC] No.43513582[source]
This [1] is one of my favorite leaks from Snowden revelations, and I regularly bring it up anytime people try to downplay what PRISM is. That's a user manual for NSA agents on how to spy on Skype users (including video and text) in real time. It's informative and also amusing at times. For instance in the FAQ one issue a confused spook might run into is why they're being spammed with the same messages repeatedly. It turns out that when a user logs on to a new device, the recent messages Microsoft sends to the user are also directly forwarded to the NSA, which can result (from their perspective) in messages being repeated.

[1] - https://www.aclu.org/sites/default/files/field_document/Guid...

3. jofla_net ◴[29 Mar 25 16:29 UTC] No.43516672[source]
I remember the old supernodes p2p app, was good times.

I used to leave an extra old laptop on with it running, maybe 15 years ago, on a public address.

During the arab spring, tons of traffic could be seen connecting clients in north africa. It truly did route around things.