News Microsoft opens Transparency Centre Brussels

These days, it would be exceptionally difficult for microsoft to be doing much behind the scenes without significant risk of detection. What's the hypothesis here, that they've written an OS that phones home with details it shouldn't, and is specifically written to make this absolutely impossible to detect with monitoring tools? Pull the other one, we're not that important.

 

I think it's more along the lines of including a secret back door that can be opened if you know about it when you want to, I don't think anyone is saying that they've written an OS that phones home with details it shouldn't as like you rightly point out that would be easy to detect.

 

Seems to me that Microsoft is really trying to prevent the adoption of open source alternatives in the EU.

 

In any case, how is this being checked? How do we know the source code they're supplying is the version that's released?

This is the reverse issue of one key problem with the GPL, in which that it is, to all practical purposes, impossible to show that source code you've released is the version you used to create a given binary.

 

Yep, I reckon that's almost certainly what it is.

 

Well, it should be possible to compile the software from the source code then compare with the released version.

 

I would imagine these are air gapped computers in rooms where you can't bring anything in, nor can you take anything out. Compiling windows is unlikely to be a press the green button in visual studio type experience. I would think it would involve all sorts of build scripts and tools which are unlikely to be made available.

So I would think that these reviewers would be brought in to use only their thoughts and knowledge to examine the code of which they have little or no experience in dealing with and no real ability to examine references, make modules work in real time, run tests etc. Even if it is the real deal and you can compare it to a build, Microsoft can change the whole lot willynilly through windows update thus nullifying the whole purpose of the exercise.

If you want a secure operating system you need to have access to the code and build it yourself. It's as simple as that. Governments that are truly concerned about security should be running their own verified builds of some open source platform. If a tool they require doesn't exist on the platform they should build it. But security has always taken a back seat to convenience.