Trust No One, Especially Microsoft And Intel

As a developer, I should have full control over the programs I write. There may be a compiler between the text and the executable, but the result is exactly what I expect (excluding the bugs). Even if the compiler may change significantly the structure of the program during the optimization phase, I know (more or less) what is going on under the hood. And, in case, I can simply read the f***ing manual. In few words, I've always thought that compilers don't add unwanted things to my code.

Well, this is no longer true. On the last Visual Studio, Microsoft decided to include in the binary file also some calls to undocumented "telemetry" functions. You can read the full story here: Microsoft secretly adds snooping codes into C++ Binaries Visual Studio 2015.

Unfortunately, doing things without informing the user is not a Microsoft prerogative and it's not limited to the software. Recently Intel decided to add a coprocessor called Management Engine (ME) in all its chipsets. This device has

its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system

If you think it can be easily disabled... well, read this thread.

I think it's not needed to write how bad this is for security and privacy. But the worst thing is that the big players decide that you, the owner of the PC or the writer of the code, don't even have the right know what's is going on under your hands. The sad truth is that the piece of hardware you bought or the program you wrote are not really yours.

Update

Also Windows 10 transmits a lot of information (about what?) to Microsoft servers, according to this post.


Cover image by Kai Hendry taken from Flickr licensed under the Creative Commons Attribution 2.0 Generic license.

This post has been updated after its initial publication. Last change made on 2017/07/02.

Luca Sommacal

Luca Sommacal

Italian developer (mainly in C for embedded platforms), Linux learner, addicted to rock music, history, science and few other things. Follow me on Twitter

comments powered by Disqus