What should be the real continuing inexcusable outrage is that Windows, even today, grants all applications full access to read the titles of all windows with no way to disable it.
If you run Windows, ask yourself what information that leaks and if you trust everything running on your machine not to exfiltrate that.
jfim · 43m ago
> What should be the real continuing inexcusable outrage is that Windows, even today, grants all applications full access to read the titles of all windows with no way to disable it.
That's there because it's been in there forever in the win32 API, and changing that would break applications.
For example, a long time ago, I wrote a small application that would iterate through a list of executables, launch each one sequentially, and for as long as that executable ran, it would look at the window that had the current focus, enumerate every control, and then send a click message to any control that would contain the words yes, agree, continue, accept, install, ok. Made my life easier to automatically install software on computers unattended.
There are plenty of other applications that require looking up other windows and sending them messages for all kinds of user workflows, things like autohotkey and so on. Changing that behavior would break all of them.
poisonborz · 26m ago
Why? Just disable for all by default and have a permission popup open for each, stating that disabling it may crash that app.
concerndc1tizen · 50m ago
> the real continuing inexcusable outrage is that Windows, even today, grants all applications full access to read the titles of all windows with no way to disable it.
IIUC, X11 had the same problem, but Wayland allows sandboxing to prevent this?
And MacOS has some degree of sandboxing? But many applications require "Accessibility" permission that similarly gives far too many privileges?
duskwuff · 41m ago
> But many applications require "Accessibility" permission that similarly gives far too many privileges?
I haven't run into too many applications requesting that permission, outside of desktop automation and window management tools (Hammerspoon, Magnet, etc) which need it to do their job.
jaoane · 26m ago
>What should be the real continuing inexcusable outrage is that Windows, even today, grants all applications full access to read the titles of all windows with no way to disable it.
No thank you, I want to keep my OS with apps that are powerful and that doesn't show me a useless permission prompt every five minutes.
incangold · 2m ago
You should be able to choose to switch off security as you wish. You should also be able to choose to leave it on.
poisonborz · 21m ago
Why useless? Permission prompts were the best inventions of mobile OSes, there should be much more of them actually.
On desktop there could be ways added to sidestep them, eg. defined in bulk in a processname.permissions file somewhere protected.
perching_aix · 1h ago
I asked myself and the answer is no. Now what? I have dealbreaker problems with Linux and Mac. I'm also not going to pull a Terry Davis and make my own OS, and I'm not willing to participate in the circus that is open source either.
With these in mind, what am I supposed to do, move to the mountains and live the life of a hermit? Once again, not happening. It'd appear that I'm between a rock and a hard place - exactly as designed. This is what an ecosystem grip is like.
Buttons840 · 28m ago
"What option do I have left after rejecting every other option?"
I guess the answer, for you, is that you have no other option.
For others, I'll say that I've had 3 Wacom tablets (I keep upgrading), including one with a screen and they have all worked well enough with open-source drivers. They're popular enough that you can do some research to know how they will work on Linux.
perching_aix · 21m ago
> I guess the answer for you, is that you have no other options.
Yes, which is exactly what I was getting at. I'm not in the situation where if only I spent some time on introspection and "asked myself", I'd all of a sudden have this lightbulb moment that hey, what if I just switched to Linux or bought a Mac instead, despite what people like GP might like to think.
This is a lot like when people try to - sometimes kindly, sometimes not - invite people's attention to the fact that e.g. they're fat. As if somehow this key piece of realization was the only thing keeping them from starting on a lifestyle change and taking ownership of their diet. It's juvenile there, and it's juvenile here too. Except in this case, I'd argue it goes even further: it's willfully dishonest. As if it was normal that the only way out were the options listed. As if all these options were playing on an equal field.
baobun · 17m ago
FreeBSD?
perching_aix · 16m ago
Let's also not forget NetBSD. /s
userbinator · 27m ago
(2020)
I have an old unbranded Chinese tablet that came with a CD-ROM containing the driver, configuration utility, their source code, and even a datasheet for the MCU it used. A huge contrast between merely selling a product, and trying to control the whole "experience". IMHO we need more of the former, but corporate attitudes strongly encourage the latter.
orbital-decay · 44m ago
Just like all other drawing tablet manufacturers like Huion, for that matter. Block it in your firewall unless you want it to siphon your data.
I feel like this post is from a couple decades old time capsule. 99% of corporate software is just data exfiltration endpoints now, especially the kind of software that hardware manufacturers tend to make for Windows, which is bloated panels with a couple toggles that are only here to collect your data. The privacy policy is simply a cover-up in most cases. It's not like you have a choice either, because other manufacturers are the same. This stuff needs active countermeasures that treat it as hostile, but since it's hardware it often has low-level access.
landl0rd · 1h ago
I am not surprised. We've known for a while old OS design can't fix this. Not in a comprehensive way. We can patch over specific cases but the basic design is wrong. Capability-based OSes like mobile ones tend to work better here.
We can't keep assuming code run on-device is trustworthy. Not just in the "not malware" sense. In that of "does what the user wants and nothing more, nothing less."
marcodiego · 37m ago
Not the first time something like this is shown here. And it is very important to say that such a thing is a anti-feature of the driver and that something like this would probably never be acceptable on Linux, where such devices work beautifully just after plugging.
The operating system where these things happen should also be blamed.
oldie but goodie, also I think OSU players wrote their own drivers for this.
stepupmakeup · 37m ago
Ironically, osu! had it's own built-in spyware until 2016, automatically uploading window and process names as well as manual commands to take full monitor screenshots in the name of preventing cheaters (both software-wise e.g Cheat Engine.exe is running, and sharing/boosting accounts, by checking if someone is logged into the same Skype account).
They're much more configurable than Wacoms proprietary drivers and also telemetry-free. It's so widely used that they've even been directly integrated into the new osu! lazer client.
GuestFAUniverse · 1h ago
"We apologize for any confusion regarding data collection being done by the Wacom software driver and the unclarity about the actual information collected."
Again and again:
any PR containing "confusion" seems BS to me.
Stop gaslighting! Take responsibility!
Henchman21 · 1h ago
I agree, but realize we’re in a moment in time where accountability and responsibility have gone out of fashion. What a time to be alive!!
johnea · 22m ago
In spite of the article being 5 years old, I still found it interesting and relevant.
The details of how the data was captured was helpful.
The things I found most interesting fall into 3 parts:
Part 1) It's heartening to see people enjoying their kids:
> I told my son to clear my schedule. He bashed two wooden blocks together in understanding, encouragement, and sheer admiration.
Go Dad! Enjoy it while you can!
If you have an experience like mine: as a 57yo at the time, and well aware of what was coming. When I went from daily interacting with my son, who was finally old enough to speak with as a adult, he suddenly moved away to college over a weekend and I almost never see him any more 8-(
I never expected the fully anticipated experience of empty-nest to affect me so strongly 8-/
Part 2)
> I care about this for two reasons.
> The first is a principled fuck you.
I had to laugh 8-) This somehow reminded me of a line in one of my favorite movies: The Live Aquatic.
Bill Murray's character is asked: This leopard shark is an endangered species. What would be the scientific purpose of killing it?
To which he replies: Revenge...
Part 3) The obligatory proprietary OS bashing:
Several times, the author states: "A device that is essentially a mouse..."
It should be pointed out, that a mouse is a USB class device. That is to say, it is a standard USB device that requires no proprietary driver (except for the purpose of exfiltrating data that the mouse maker has no functional need of, or other "value added" purposes)
Pretty much any special feature of the device can be implemented as a user space library.
The author is working on a Mac, the situation is even worse on windoze, where even a actual mouse will ask you to install a custom device driver.
This is why linux, with a broad support of standard USB class devices, is now significantly superior to windows in USB device support. For almost any typical type device, when you plug it into a linux computer, it just works. No driver install or other configuration needed.
Even if you need a driver to support your tablet on some version of an OS that doesn't provide support, there is a GPL waycom driver:
tl;dr: linux good, windoze sux, mac getting worse...
In the current world, every computer company in any way associated with h/w or s/w or online activity is now also in the data borker business.
This is similar to the way the car dealership industry is now basically a subdivision of retail loan banking. Try buying a car with cash, versus a lease or loan. But, of course, it's not just milking the idiot herd for all it can, its "maximizing efficiency", for somebody...
So much for the glowing future brought to you by unbridled capitalism...
That's it. Try not to use Waycom, or at least not on Mac or windoze...
kristjansson · 1h ago
Congratulations on being one the of the lucky 10000 today!
But for the rest of the us, the answer to "...again?!" is firmly "No".
https://web.archive.org/web/20200307082846/https://community...
Wacom now has an opt-in for data collection.
What should be the real continuing inexcusable outrage is that Windows, even today, grants all applications full access to read the titles of all windows with no way to disable it.
If you run Windows, ask yourself what information that leaks and if you trust everything running on your machine not to exfiltrate that.
That's there because it's been in there forever in the win32 API, and changing that would break applications.
For example, a long time ago, I wrote a small application that would iterate through a list of executables, launch each one sequentially, and for as long as that executable ran, it would look at the window that had the current focus, enumerate every control, and then send a click message to any control that would contain the words yes, agree, continue, accept, install, ok. Made my life easier to automatically install software on computers unattended.
There are plenty of other applications that require looking up other windows and sending them messages for all kinds of user workflows, things like autohotkey and so on. Changing that behavior would break all of them.
IIUC, X11 had the same problem, but Wayland allows sandboxing to prevent this?
And MacOS has some degree of sandboxing? But many applications require "Accessibility" permission that similarly gives far too many privileges?
I haven't run into too many applications requesting that permission, outside of desktop automation and window management tools (Hammerspoon, Magnet, etc) which need it to do their job.
No thank you, I want to keep my OS with apps that are powerful and that doesn't show me a useless permission prompt every five minutes.
On desktop there could be ways added to sidestep them, eg. defined in bulk in a processname.permissions file somewhere protected.
With these in mind, what am I supposed to do, move to the mountains and live the life of a hermit? Once again, not happening. It'd appear that I'm between a rock and a hard place - exactly as designed. This is what an ecosystem grip is like.
I guess the answer, for you, is that you have no other option.
For others, I'll say that I've had 3 Wacom tablets (I keep upgrading), including one with a screen and they have all worked well enough with open-source drivers. They're popular enough that you can do some research to know how they will work on Linux.
Yes, which is exactly what I was getting at. I'm not in the situation where if only I spent some time on introspection and "asked myself", I'd all of a sudden have this lightbulb moment that hey, what if I just switched to Linux or bought a Mac instead, despite what people like GP might like to think.
This is a lot like when people try to - sometimes kindly, sometimes not - invite people's attention to the fact that e.g. they're fat. As if somehow this key piece of realization was the only thing keeping them from starting on a lifestyle change and taking ownership of their diet. It's juvenile there, and it's juvenile here too. Except in this case, I'd argue it goes even further: it's willfully dishonest. As if it was normal that the only way out were the options listed. As if all these options were playing on an equal field.
I have an old unbranded Chinese tablet that came with a CD-ROM containing the driver, configuration utility, their source code, and even a datasheet for the MCU it used. A huge contrast between merely selling a product, and trying to control the whole "experience". IMHO we need more of the former, but corporate attitudes strongly encourage the latter.
I feel like this post is from a couple decades old time capsule. 99% of corporate software is just data exfiltration endpoints now, especially the kind of software that hardware manufacturers tend to make for Windows, which is bloated panels with a couple toggles that are only here to collect your data. The privacy policy is simply a cover-up in most cases. It's not like you have a choice either, because other manufacturers are the same. This stuff needs active countermeasures that treat it as hostile, but since it's hardware it often has low-level access.
We can't keep assuming code run on-device is trustworthy. Not just in the "not malware" sense. In that of "does what the user wants and nothing more, nothing less."
The operating system where these things happen should also be blamed.
Related discussion and developments then: https://news.ycombinator.com/item?id=22247292
And again later, https://news.ycombinator.com/item?id=29056847
They're much more configurable than Wacoms proprietary drivers and also telemetry-free. It's so widely used that they've even been directly integrated into the new osu! lazer client.
Again and again: any PR containing "confusion" seems BS to me.
Stop gaslighting! Take responsibility!
The details of how the data was captured was helpful.
The things I found most interesting fall into 3 parts:
Part 1) It's heartening to see people enjoying their kids:
> I told my son to clear my schedule. He bashed two wooden blocks together in understanding, encouragement, and sheer admiration.
Go Dad! Enjoy it while you can!
If you have an experience like mine: as a 57yo at the time, and well aware of what was coming. When I went from daily interacting with my son, who was finally old enough to speak with as a adult, he suddenly moved away to college over a weekend and I almost never see him any more 8-(
I never expected the fully anticipated experience of empty-nest to affect me so strongly 8-/
Part 2)
> I care about this for two reasons.
> The first is a principled fuck you.
I had to laugh 8-) This somehow reminded me of a line in one of my favorite movies: The Live Aquatic.
Bill Murray's character is asked: This leopard shark is an endangered species. What would be the scientific purpose of killing it?
To which he replies: Revenge...
Part 3) The obligatory proprietary OS bashing:
Several times, the author states: "A device that is essentially a mouse..."
It should be pointed out, that a mouse is a USB class device. That is to say, it is a standard USB device that requires no proprietary driver (except for the purpose of exfiltrating data that the mouse maker has no functional need of, or other "value added" purposes)
Pretty much any special feature of the device can be implemented as a user space library.
The author is working on a Mac, the situation is even worse on windoze, where even a actual mouse will ask you to install a custom device driver.
This is why linux, with a broad support of standard USB class devices, is now significantly superior to windows in USB device support. For almost any typical type device, when you plug it into a linux computer, it just works. No driver install or other configuration needed.
Even if you need a driver to support your tablet on some version of an OS that doesn't provide support, there is a GPL waycom driver:
https://github.com/linuxwacom/input-wacom
tl;dr: linux good, windoze sux, mac getting worse...
In the current world, every computer company in any way associated with h/w or s/w or online activity is now also in the data borker business.
This is similar to the way the car dealership industry is now basically a subdivision of retail loan banking. Try buying a car with cash, versus a lease or loan. But, of course, it's not just milking the idiot herd for all it can, its "maximizing efficiency", for somebody...
So much for the glowing future brought to you by unbridled capitalism...
That's it. Try not to use Waycom, or at least not on Mac or windoze...
But for the rest of the us, the answer to "...again?!" is firmly "No".