Update, November 7th @ 5:25pm EST:
First, NVIDIA gave Ryan their official statement, which I included below verbatem.
GeForce Experience collects data to improve the application experience; this includes crash and bug reports as well as system information needed to deliver the correct drivers and optimal settings. NVIDIA does not share any personally identifiable information collected by GeForce Experience outside the company. NVIDIA may share aggregate-level data with select partners, but does not share user-level data. The nature of the information collected has remained consistent since the introduction of GeForce Experience 1.0.The change with GeForce Experience 3.0 is that this error reporting and data collection is now being done in real-time.
They also pointed to their GeForce Experience FAQ.
It sounds like there's a general consensus, both from NVIDIA and even their harshest critics, that telemetry only affects GeForce Experience, and not their base driver. I still believe that there should be a more granular opt-out that still allows access to GeForce Experience, like web browsers and Visual Studio prompt with a checkbox during install. Still, if this concerns you, and, like Windows 10, it might not and that's okay, you can remove GeForce Experience.
Also, GamersNexus yet again did a very technical breakdown of the situation. I think they made an error, though, since they claimed to have recorded traffic "for about an hour", which may not have included the once-per-day reporting time from Windows Task Scheduler. (My image below suggests, at least for my system, monitor once per hour but report at 12:25pm and user login.) I reached out to them on Twitter for clarification, but it looks like they may have just captured GeForce Experience's typical traffic.
Update, November 7th @ 7:15pm EST: Heard back from GamersNexus. They did check at the Windows Task Scheduler time as well, and they claim that they didn't see anything unusual. They aren't finished with their research, though.
Original news, posted November 6th @ 4:25pm EST, below.
Over the last day, users have found NVIDIA Telemetry Monitor added to Windows Task Scheduler. We currently don't know what it is or exactly when it was added, but we do know its schedule. When the user logs in, it runs an application that monitors… something… once every hour while the computer is active. Then, once per day (at just after noon on my PC) and once on login, it runs an application that reports that data, which I assume means sends it to NVIDIA.
Before we begin, NVIDIA (or anyone) should absolutely not be collecting data from personal devices without clearly explaining the bounds and giving a clear option to disable it. Lots of applications, from browsers to software development tools, include crash and error reporting, but they usually and rightfully ask you to opt-in. Microsoft is receiving a lot of crap for this practice in Windows 10, even with their “Basic” option, and, while most of those points are nonsense, there is ground for some concern.
I've asked NVIDIA if they have a statement regarding what it is, what it collects, and what their policy will be for opt-in and opt-out. I haven't received a response yet, because I sent it less than an hour ago on a weekend, but we'll keep you updated.
https://t.co/vq1UdyM2sPbreddi
https://t.co/vq1UdyM2sPbreddit thread regarding this issue as mentioned by multiple techtubers twitter feed
How dare you question Nvidia!
How dare you question Nvidia! They know what’s best for you.
You can probably opt out of it by upgrading to a founders edition.
Follow up question for your
Follow up question for your Nvidia discussion: do the transmissions include the user’s email address / nvidia account? If so was this one of the motivations for GFE requiring a login (since there don’t seem to be many/any other good reasons for it?)
I don’t understand. It sounds
I don't understand. It sounds like you're asking if the telemetry gives NVIDIA the email address that you've already registered with NVIDIA, and voluntarily send them every time you log in. If that is what you're asking, telemetry would be redundant.
Besides, while people freak out about "you're the product" with telemetry and crash reporting, it's rare that actually nefarious things happen. Humans are really bad at keeping bad secrets. As more and more people are involved, the chance of leaking explodes unless it is offset with genuine feeling of "doing good".
More likely than not, the privacy concerns are from accidental overcollection, or things that seem mundane to the implementer but have large, unforeseen consequences. (Or it is really bad, people quit, and it is eventually leaked, a la Yahoo.)
The point is that Nvidia
The point is that Nvidia would have telemetry data that correlates to a specific user. Collecting information anonymously without user consent is bad enough but requiring registration and then linking the telemetry to that registration (what I think the OP is suggesting) is a step worse.
It isn’t necessary that one think Nvidia is being nefarious to be upset that they are collecting user data without consent. I would assume that this is for internal use and not, for example, being sold to third parties. But that doesn’t really matter to me, you should ask and allow users to opt-out. I purchased the card at the price you set and didn’t agree to be part of your product improvement program.
Yes, thank you Josh. There is
Yes, thank you Josh. There is a big difference (at least to me) about the collection and reporting of anonymous, aggregate data vs. personally identifiable information.
Even in the case where I’ve explicitly opted-in to identification for some functionality, does not mean I expect that opt-in to apply to additional, non-essential, non-disclosed data backhaul.
For example, let’s say I willingly give Samsung my name and address when I purchase one of their TVs, on a warranty card. I’d do that because I understand how the info and the warranty go together. It does not mean I’d expect the TV to send all my detailed watching information along with my name to Samsung, and even less that they in turn would sell the two together to anyone else. (This is a hypothetical example, I am not aware of them actually doing this.)
Just a little more
Just a little more elaboration because of the “I don’t understand” comment.
It is easily technically possible to segregate data transmissions into separate identified vs anonymized sessions. Even if an app needs to do its regular work in a logged in, identified session, there is nothing that prevents it from sending expanded telemetry / backhaul / sensitive information in a separate stream from which identifiers have been removed. Let’s say for example that access to nvidia drivers was by paid subscription, and that’s why you needed an account to download them (of course that’s not that case, but just trying to come up with a reasonable example.) Any request for drivers would in that world be accompanied by account info.
But, if, say there’s also a telemetry function that was going to regularly report on what games were installed on the hard drive and how many minutes each was played each day, there’s no reason this would have to be done in the same identified transaction. It could be transmitted anonymously so the aggregate data would be available without leaving it individually identifiable on their servers.
All of this is not just possible, it (along with disclosure and getting opt-in first) is common practice in responsible implementations.
As to you not seeing either approach as a big deal, that’s fine, there’s plenty of people in that camp. But as a tech journalist I think you probably want to understand the distinction between aggregate anonymous and personally identifiable and recognize that is important to certainly your tin-foil wearing readers and maybe even just those who were raised with a certain sense of manners and decency whether it ultimately makes a big difference or not.
Fucking a you fucking
Fucking a you fucking paranoid faggot ass peasants are so fucking pathetic. Fuck PC Per, you fucking nerdfags have RUINED PCPER.
Hows life in the downs
Hows life in the downs treating you?
Neither this nor the parent
Neither this nor the parent post are appropriate. At all.
So why not delete them? I
So why not delete them? I mean, many times you guys have deleted comments that were no where near egregious as the op’s in this thread.
Well, I was busy this weekend
Well, I was busy this weekend so I didn't see it.
Upon reading it I have discovered I am far more flexible than I knew, I had not realized I was capable of ruining myself. That kind of post is just too amusing to remove … yet.
So… you’re gonna wait until
So… you’re gonna wait until AFTER it affects your status with Patreon to proactively deal with your platform being routinely used to promote homophobic hate speech?
Acknowledging that with a post about how you think gay-bashing is “just too amusing to remove” is really playing with fire, no matter how your comment was intended.
The amount of threads that
The amount of threads that I've removed for these sorts of reasons could probably be counted on one hand, since I've started working here in 2011. Jeremy, on the other hand, deletes comments fairly regularly.
We don't have a site-wide policy, although I'm not sure whether that's a problem. We each deal with what we see, time and situation permitting, just not in exactly the same way.
gold!
gold!
You have gone too long
You have gone too long without cuteness and are suffering extreme withdrawal symptoms.
This should help you take the edge off, but I highly recommend that you find at least 100 cute pictures to look at, as well as pet a cat.
http://i.imgur.com/z34GTbj.jpg
http://i.imgur.com/P6ck9rP.jpg
http://i.imgur.com/FwjBIJf.jpg
In the future, keep track of how long you go without looking at a cute animal, and understand that withdrawal symptoms can kick in within as little as 20 minutes in some cases.
Seems to be tied to GFE, I
Seems to be tied to GFE, I don’t have GFE installed as I have no use for it’s features and I don’t have these Telemetry processes.
JHH and Nvidia are acting
JHH and Nvidia are acting more like J. Edgar Hoover’s FBI with the covert collecting of information! First it’s log in for drivers under GFE and now it’s this data slurp. As if Nvidia does not already make lot of money from their overpriced GPU SKUs! Nvidia has email addresses and wants to make some more scratch snooping around in their users’ privacy! But Nvidiots love their Great Leader JHH! Their Leader can do no wrong in the Nvidiots eyes!
Watch out for those NvidiSpies!
AMD collects information on
AMD collects information on you as well. Look at the bottom part of their EULA on their website. They are also pushing you red fanboys to win10 because you get more performance from directx 12. Win10 is riddled with telemetry and spyware. You don’t have it any better in your camp either.
Edit replace you with your
Edit replace you with your system information.
Vulkan/Linux and no
Vulkan/Linux and no Nvidia/Intel/M$ needed! To get the spying out in the privacy in!
It would be interesting to
It would be interesting to also see an analysis on how this impacts performance.
Doubtful much at all, since
Doubtful much at all, since they're rare, individual events on the Windows task scheduler, but I guess there could be a tiny stutter at that time. It might be good to check out. It'd surprise me, though.
If it only runs once per
If it only runs once per hour, and it only collects the most surface level details (such as running programs, recent crashes, ect) i would be surprised if there is any impact, let alone a meaningful impact.
AFAIK nvidia doesn’t take
AFAIK nvidia doesn’t take part in any NSA programs, according to the Snowden NSA leaks. Considering that AMD requires Windows 10/DirectX 12 to perform comparably to nVidia cards. It’s nearly 2017. Unplug your LAN cable if you are this tinfoiled.
NSA is not the point here
NSA is not the point here (and if it was, I’d point out that the Snowden’s leaks make clear that neither a company’s knowledge nor consent are necessary for them to “take part” in NSA data collection, or alternatively to serve as a collection point for hackers who steal their data and repurpose it, etc.)
The larger point is in your last two sentences – as we approach 2017, it is becoming more and more difficult to either “unplug your LAN cable” (as more services that could be delivered without one, are tied to one any way) or to avoid an overlarge set of data being backhauled, stored, and retained by every entity one does business with.
You may be ready to give in to a future where every second of every life is available for purchase in a searchable database, but I’d prefer to put that off a while longer. I don’t feel I have anything to hide, but then again I have no way of knowing whether some future potential employer might decide not to hire me because I “play too much Grand Theft Auto” per their standard background check. I’d prefer not to find out.
No not DX12! there is Linux
No not DX12! there is Linux and Vulkan and no Nvidia/M$ spyware! AMD is the price/Performance leader as far as GPUs go for all types of GPU gaming and GPU compute!
Nvidia just gets more and
Nvidia just gets more and more disgusting for each passing year.
Sorry to all those people who
Sorry to all those people who figured they could just register with Nvidia and it was all for ‘the best’. I think I’ll be going with AMD next time around, regardless of the benchmarks – this is just the kind of behaviour one can expect from a monopoly.
MajorGeeks has a story for all those who are unsure how to disable this; they recommend using Autoruns (from SysInternals). http://www.majorgeeks.com/news/story/nvidia_adds_telemetry_to_latest_drivers_heres_how_to_disable_it.html
I see that my install has the same report time as Mr Michaud’s. Presumably this is standard.
Funny comment from the
Funny comment from the internet
“Nvidia SpyWorks™ technology combined with certified EVGA products ensure a fast response time from your local fire department for when the card inevitably catches fire.”
That is awesome customer
That is awesome customer support. Looking out for me by always monitoring me, and by giving foam pads I need to put on myself instead of a proper new replacement card to replace the combustible ones.
<3
They’ve been moving towards
They’ve been moving towards this for a while. It just sucks how everything wants your email address or social media log in.
You put yourself out there on
You put yourself out there on social media, so that’s what social media is for, the spying and the ad pushing. Hey fools tell the world your likes and dislikes but no one cares but the metrics gathers/slurpers and ad pushers getting all the details of your goings on! Look at me world I’m on social media, I just bought a new jet boat! Que the ads for life vests, swimming lessons, and shark repellent!
M$ and Nvidia want the rest of the folks that are not on social media to get at their private info to offer to any and all who will pay to profile you, like it or not!
I suppose that we can now
I suppose that we can now charge Nvidia for data/service provided, right?
Since Pcper is kinda a
Since Pcper is kinda a non-official nvidia PR extension, what is nvidia’s official response?
Unfortunately your magical
Unfortunately your magical thinking is not powerful enough to impact reality so we are unable to use our millions of dollars in NVIDIA favours to demand an answer.
If you managed to read any of the post before the red rage descended o'er your eyes you would have noticed we have inquired.
Jeremy we all know Ryan cant
Jeremy we all know Ryan cant summon Jensen because he hasn’t finished rebuilding the churches alter for the sacrificial ritual.
The world of lurking
The world of lurking anonymous telemetry data sets. Companies of product usually state that it is not in any way harming any privacy, but the opposite is true.
The data set itself might not contain any real private data connected to a personality, but what often is forgotten is the connection data set itself that does point towards a specific machine, location and possibly local account.
When you combine those two data sets it is not anonymous anymore.
Instead of an opt-out there is mostly a section in the EULA where they mention data collection and by pressing OK upon driver installation you agree to it.
The only way out is mostly by not using the drivers or buy the product all.
That is hardly a freedom of choice that is a basic right we should have in the western world. This is even stated in a resolution of a United Nations.
Recently i had this same discussion with Electronic Arts on what is happening with their new Origin software. They do offer an opt-out selector, but due to recent malfunctioning it is even questionable if that functionality even really works.
Many people have been sending bug reports over it and it led to a change in their EULA too.
The bug was mainly fixed by “If you don’t want us to collect you data then do not use this software” AFTER you made a purchase.
Basically there’s no choice there too.
Of course it can still be fine that programmers find it very useful data to be able to make a better product. That is understandable and such EULA also state that all data is anonymous, but combined with the server connection data set this data is far from anonymous.
This data is often not send encrypted. This means that any man-in-the-middle can simply look into both gathered data sets.
Americans have something called The Patriot Act that basically scoops all data coming into and going out of the country like a fishing net.
This means that all the data sets are being shared with 3rd parties unwillingly.
In this case there is no opt-out for Americans, but non-Americans are not in any way a part of this. That means violations on planetary scale. You are basically bound to where data is being stored and even when you live in Austria with constitutional protection that same constitution means nothing anymore and that is bullshit.
This all can still be avoided when data sets are send encrypted and the data stored on encrypted databases in a country that does honor real customer privacy. Even when the data is stolen.
So the real questions for Nvidia are:
– What data specifically is being gathered?
– When not using Nvidia experience or install it is data still being gathered?
– Is there a way to opt-out from data gathering?
– Is the data being send encrypted to avoid 3rd parties to copy the data while it’s being send?
– Where is the data stored?
– Is the data stored encrypted in case of breach?
These are the real question that should be asked, because when some of these questions are answered as “negative” then that data service qualifies as being dirty spyware.
Many people are done with this data grab everywhere and it is a basic human right to be done with it.
The question is if companies that play a large role in our lives are willing to facilitate the customers that do care where all their data goes. They should.
Ban Windows 10.
Dont use
Ban Windows 10.
Dont use social media.
VPN.
Rectification:
I mentioned
Rectification:
I mentioned Austria, but meant Switzerland with Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and corporations.
It seems that spying is about
It seems that spying is about to come even in the form of drivers. That makes me very worried about the future. In the olden days you only got sh*t like that if you downloaded drivers or programs from untrusted sources – now there is just no escape and spyware is forced even to paying customers.
This is the beginning of the end to general computing as we used to know it – at least where privacy is a concern. And where would it not be? Windows and device manufacturers like Nvidia just can’t be trusted anymore. This is the new low to whole industry and I guess that it’s only about to get worse. I have had enough of this already. Holding off all my further purchases and moving all my machines to Linux and open source software. Good riddance to Nvidia and all the rest.
I agree with what you said,
I agree with what you said, but isn’t Nvidia the best video card to use with Linux too?
It is, but I doubt main
It is, but I doubt main distros would take tainted drivers in to their repositories. Linus already gave the finger to Nvidia due to bad handling of their drivers. The amount of hate that the open source community would raise if Nvidia ever tries to move spyware in to their Linux drivers would drive Nvidia so far to the no-go zone, that they simply can’t do that due to business reasons. Besides, maybe in the future AMD get’s their open source drivers together, so that nothing would be there to lock people to Nvidia. That remains to be seen though.
WHAT THE FUCK IS LINUX
WHAT THE FUCK IS LINUX FAGGOT?
The OS that is not part of
The OS that is not part of that closed windows/MacOS ecosystem. Linux and Vulkan and no M$ or Nvidia/Intel! It’s not about who has the most FPS after a certian point, so Linux/Vulkan will be there for those that value their privacy.
The PC/Laptop markets have been shrinking anyways and AMD will be getting more of that shrinking market share because folks will not want to give all their money to Nvidia, and the spying does not help! I’ll keep my fat wad of cash in my pocket until the Linux laptop OEMs start providing laptops with AMD’s APUs with Zen/Vega graphics! I own plenty of windows 7 based laptops to last me until well after 2020 and windows 7’s EOL. I’m not giving M$ or Intel any more of my money and I have never owned any Nvidia hardware to begin with. I’ll always go with what is affordable no matter where the device is made.
The way things are going with the PC/Laptop markets and people have just about have had enough with the intrusive land grab onto their PC/Laptop hardware by the big technology intrests. People are turned off by the technology industry that doe not respect people’s privacy and people’s rights to control over their own hardware. Linux is going to be very popular come 2020 and even before that 2020 EOL date for windows 7.
P.S. That wad of cash is big enoug to buy any high dollar GPU SKUs but I am no fool! I’ll be damned if I’ll waste my money on any damn computer, they are not worth what some are charging they never where.
tldr; It runs the interwebs
tldr; It runs the interwebs ya buffoon.
True for proprietary drivers,
True for proprietary drivers, not for open source one.
I pointed this out months
I pointed this out months ago: https://forums.geforce.com/default/topic/920307/geforce-drivers/nvidia-backend-communicating-with-gfe-nvidia-com-without-gfe-installed-why-/1/
So AMD has EULA too. And near
So AMD has EULA too. And near the bottom it has the following statement. To help AMD improve your graphics experience: AMD may collect non-personal information including the model of AMD graphics product, it’s device ID, and other system information.
Well other system information is kinda vague. How do they get this information. Maybe there is some form of telemetry going on as well.
http://support.amd.com/en-us/download/eula
PS I also like the part that you’re using this software without warranty etc. So even if you could prove their software fried your card or motherboard (rx 480) and you live somewhere it doesn’t apply; you agree to limit their total liability to $100.
Anonymous Nvidia User, that’s
Anonymous Nvidia User, that’s JHH’s main Tool. JHH’s wants all your secrets to flog for Extra above those FE dollars!
Nvidia and M$ and the metrics slurping, the forcing, and the milking for dollars. Milk Milk Milk! Bilk Bilk Bilk! And don’t forget that SP FP Nvidia gimping and lack of async compute!
That statement and the GFE
That statement and the GFE Eula are at opposites as pointed out by overclockers forums
Nvidia is just giving the Legal run-around with no explanation.
I want to see a test if this
I want to see a test if this at all affects latency
NVIDIA Release 368.95 Hotfix Driver for DPC Latency
https://www.pcper.com/news/Graphics-Cards/NVIDIA-Release-36895-Hotfix-Driver-DPC-Latency
IF its being collected on the hour will it lead to increase and stutter / microstutter.
Has there been a follow up to this since the hotfix
Deferred Procedure Calls
Deferred Procedure Calls (DPC) regards the kernel side of the driver. There is absolutely no reason why any of this should be anywhere near the kernel, let alone affecting DPC latency. Not sure if Windows Task Scheduler would even allow NVIDIA to do that for all users, anyway.
People still posting error
People still posting error reports in GeForce forums saying they had to revert back.
Just like the GIF errors and video play back corruption is this one of those hotfixes that comes and goes like many others if its not being tested