Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Windows 10 might have tricked you into using a online account
127 points by xchip on Jan 15, 2023 | hide | past | favorite | 109 comments
Has this happened to more people?

I just noticed this, and so this happened to a few friends of mine.

I am familiar with dark patterns, and read carefully and I though I had dodged all Microsoft attempts at trying to register me into their online system, but somehow they got me.




This definitely happened to me a while ago. I'm not that upset about it, except that I spent some time changing all my local accounts from "jon" to "jrockway", and signing in with my email address made my local account "jon". Now when I ssh places, I have to supply -l or properly add an entry to ~/.ssh/config because this is the only account I have that's not named "jrockway". All in all, this reduces the enjoyment in my life by 0.0000000000000001% but I'm not losing too much sleep over it.

(My favorite Windows 10 update was the one where you installed it, and instead of getting your desktop on reboot, there was this weird slideshow that said "HELLO" "ALL YOUR FILES ARE EXACTLY WHERE YOU LEFT THEM". I thought it was malware, but that's apparently something a large team of experts at Microsoft thought would be fun for their users. Maybe they were really excited about some filesystem bug that they fixed? I'll never understand.)


You should be able to fix your local user name in lusrmgr.msc (select your account and press F2).

I’m using a Microsoft account, but to avoid this nonsense, I created it as a local account (because this laptop shipped with Windows 11 Pro RTM, so I could still do that) and converted it to a Microsoft account. If I didn’t have this option, I would probably create a Microsoft account with the dumb default name, then create a local account, delete the old account, and convert my new local account.


I now have an exact sequence of log ins so that I know exactly the path on Windows everything will be. And the naming / pathing of online MS accounts is confusing and annoying.


God, the number of panicked IT support calls I got over that particular phrasing. It was quite the month.


Let me try guessing it... most people thought it was some kind of ransomware smiling at them?


Exactly so. It didn't help that it occurred right around the same time as the bitcoin/ransomware attacks starting increasing in frequency.


That was my thought. I mean, it was a little bit too cinematic and I don't think things like this happen in real life, but I had a WTF moment.


I honestly always thought it was some sort of GLaDOS/Hal 9000 style joke. "don't worry Dave, we're still watching all your files" or something, I actually laughed out loud when I saw it. It's even more hilarious to me if that was supposed to be serious.


You can add a wildcard entry (Host *) with the username to your ssh config. That will make it the default (can still be overridden by host-specific settings).


I don't know why I didn't know that. That is very helpful!


In French, we once had a poor translation that said: "Laissez-nous tout". Well the "leave everything to us" original was maybe already kind of weird.


I think the “files are where you left them” dialogue is meant to assuage the concerns of people who just did a big OS upgrade and are a bit anxious about it all.

It’s still a pretty poorly thought out dialogue, though.


You know what reassures me that nothing has gone wrong? When unexpectedly I am greeted with big white text insisting everything is okay. Imagine if you got a letter through the post out of the blue saying "You don't have cancer." I can only imagine how I would probably suddenly be a lot more worried about having cancer than before having gotten that letter.

Whoever came up with that idiotic dialogue is unhinged and detached from reality and has no business touching a user interface.


It's ironic that years after Microsoft created that dialog, Windows 10 comes out with an update that deletes your files from where you left them: https://www.windowscentral.com/microsoft-confirms-major-wind...


Don't worry your kidneys are where you left them!


Did it switch you magically or something?

I actually don't mind the microsoft account integration but I also have a name issue. Microsoft will name my account the equivilent "jons" instead of "jsmith" but all my ssh logins are the latter.

I just make an offline account first and then change my account to a microsoft one in user settings and it seems to keep the first name.


I think I consented in some sense; a condition to upgrade Windows 8 retail to Windows 10 or something like that. It is one of those things like "I'm going to close my eyes and punch the air wildly, if you get hit it's your fault". It was my fault, but kind of rigged against me if that makes any sense. Like I said, though, I'm not that mad about it.


You have to be really vigilant to not end up with a microsoft account instead of a local account. Especially if you work with anything microsoft store or minecraft.


Given that some Microsoft employees no doubt frequent this forum, I hope they see and address this issue.

Something like an advanced checkbox to customize the local account’s username. Maybe also having a default local user account name tied to the online account for any new machines set up with the online account.


The same Microsoft that "knows what's best for us" - don't count on it


It seemed very suss, like why are you telling me that, were they not where I left them at some point and you've fixed it.. or...


Yes, I remember that slideshow.

There was also something in the lines of "Leave it all to us, your data is safe". The irony was that with part of the text displayed was overflowing off the screen was was not readable. The absolute proof my data was safe in the hands of clowns.

I believe I still have a picture of that somewhere..


The one I liked the most was saying "Leave everything to us" in full screen... everything what? Give all my belongings to MS? :-P


That could have been be the update after the one that famously deleted the content of your download folder.


This will happen when you sign in to any Microsoft product, such as Office, Teams or Onedrive. After you input email and password, there is a window dialog with a big button to use that credential to manage the device, i.e., your computer, converting your local into an online account. And there is an option, with small text, to "use only in Microsoft applications", or words to that effect. This is easy to get caught, as everybody won't read dialog windows and rapidly click on whatever big button.


In similar way instagram shortly after being purchased by facebook tricked me into login with fb account - the now "old" login option was placed at the bottom of window and it was done in small font that could be seen as copyright footer for a distracted eye.


This also used to corrupt an environment variable until reboot (possibly $USERNAME). Was really frustrating to debug that one


Yes, this happened to me when I was forced to reinstall Windows due to a stubborn booting issue. I've been growing uncomfortable with the idea of having an adversarial relationship with such an essential piece of software as an OS for a while already and this prompted me to try out Linux as my daily driver. Been pretty satisfied with the results and Linux is where I do most of my computing these days.


I think I know what you are referring to. When setting up my new laptop Windows was asking me to sign in with an account. This step could apparently be skipped (a friend told me later) but I didn't notice at the time. I just formatted everything and installed Linux.


yeah, I thought I had dodged that trap every single time, but somehow I still fell into it.


Windows 11 latest installer doesn't even present the option to use a local account. However, the mechanism to bypass this is to enter in a fake Microsoft Login ID and then wait for it to fail, then select something like "Other Options" at the dialog that comes up and then there's an option to use a local account.

I think you can also install without internet and you'll get the local account option too, but I have not tried it yet.

Super annoying. I ran into this last week while reinstalling Windows on a dead NVMe drive.


Did they take away the ability to create a local account if you setup without Internet access?


Yes, unless you run OOBE\BypassNRO.cmd from cmd to bypass the network connection step, since there's no "skip" button anymore.

Even this is somewhat broken. If you run this after connecting to the Internet then it doesn't do anything and still forces you to use a Microsoft account (unless you somehow get it to throw you back to that page).


Indeed. Took me a while to find route around. These issues are forcing me off Microsoft products in general. What a pain, and a betrayal of long-time customers. Interfering with peeps going offline is interfering with security.


You have to be disconnected from wifi and Ethernet to be offered the option of a local account. This was removed in 11.


If you create the bootable Windows 11 media with Rufus, it "allows to bypass the mandatory requirement for a Microsoft account on Windows 11 22H2. (NB: Network MUST be temporarily disabled for the local account creation to be proposed). Also add an option to skip all collection questions (Sets all answers to "Don't allow")".


for windows 10 at least, now it lets you create the local account beore starting the imaging process

the windows 10 setup wizard still tries to get you to log in, to the point of writing on the wizard "your computer must be connected to the internet to finish setup"

and yet... after you unplug the ethernet cable... it lets you finish setup without internet...

> Microsoft executives had, according to him, "proved, time and time again, to be inaccurate, misleading, evasive, and transparently false. ... Microsoft is a company with an institutional disdain for both the truth and for rules of law that lesser entities must respect. It is also a company whose senior management is not averse to offering specious testimony to support spurious defenses to claims of its wrongdoing." https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor....


Not entirely, you can open a terminal and input a command to bypass it. It is kind of ironic, though, considering "open a terminal and input a command" is usually considered to be a take-that against GNU/Linux.


Simpler option is to enter a@a.com and any password. It'll error and then let you create local account.


Yep, this still works at least on Windows 10. I did it about 3-4 months ago when setting up a laptop for someone. You do need to fail a few times in a row before it lets you create a local account.


Good to know. What is the command? And what’s the shortcut to get a terminal?


Per https://www.ghacks.net/2022/05/13/how-to-bypass-the-microsof..., you can type Shift-F10 to break into a command prompt during OOBE and run this command: OOBE\BYPASSNRO. Or you can try logging in with a banned email address like no@thankyou.com.


Doesn't work on the Surface with W11 that I recently acquired. I managed to attach a keyboard, but Shift-F10 had no effect.


I'd try the banned email address, then.


Coincidentally, that's why I am not using win11, despite all its improvements over win10.

(The one i miss most is GUI support in WSL )


That actually shipped to Windows 10: https://devblogs.microsoft.com/commandline/the-windows-subsy...


WSL GUI has been "available" in win10 for over a year now, but doesn't seem to work outside the insider program.

On win11 it seems to work fine.


Right, and last November it hit general availability. You don’t need to be running an Insiders build of Windows 10 any more. That was the announcement I linked.

It shipped via the Microsoft Store, so you have to specifically install it, but it works fine on a fully updated non-Insiders Windows 10.


I've never performed such a thing and I'm using local account.

Maybe that's because I have Win10 Pro? idk.


Maybe you have a Microsoft account


I use Windows 11 Professional and was able to install using a local account while connected to WiFi.


On "old" versions you could - or at least you could not connect and it would allow to create a local account in this case. On the last one MS says you can't OOBE without the Internet, even with Pro, and at a first glance it seems you actually can't, but then you just press shift+F10, type oobe\bypassnro, and then it reboots and you actually can again.

I'm not sure why they consider that it makes any sense. Probably just a motherfucker higher-up who really like dark patterns and annoying their customers^W advertising targets, so MS can resell more private informations and they get a big bonus.


If you know what the UI looked like while you accomplished this, that would be useful. I've had to reach back behind the machine, unplug the ethernet, and reboot to get it to realize I'm just trying to setup a spare machine for visitors.


If you tell it it's going to connect to a domain, it will let you make a local account. This, of course, requires Pro or better.


Not really. You can get around this with:

Shift + F10 > taskmgr > Network Connection flow > End task


I recall having to do something like this when starting a new laptop with 10. I think I hopped in the car and drove a little ways down the street. See? No internet connectivity, honest!


"Switch your Windows 10 device to a local account" support article:

https://support.microsoft.com/en-us/windows/switch-your-wind...


I recently set up (for someone else) a NUC that came with Windows 11. During setup, it first prompts to set up networking. I dutifully entered the WiFi credentials and was subsequently FORCED to create a Microsoft account in order to continue.

Lesson learned: Never put a new Windows box onto a network until after it is set up.


Windows 10 definitely tricked me into creating a Microsoft account, and I didn't realize I'd been tricked until later. Felt pretty sleazy. Windows 11 being even more of that kind of garbage, and the Steam Deck being a good enough gaming platform, means I've probably built my last Windows PC.


Microsoft doing shady shit? Color me surprised.

I'm glad I've ditched Microsoft's ecosystem. I use Linux now.


Same here, and I'm in the process of excising Apple, Google. Baby steps in the right direction is all I need to work on.


well, yes, but they bought Pöttering and afaik he still works on systemd


> they bought Pöttering and afaik he still works on systemd

systemd is a monster that I don't like. Its documentation is obtuse and unwieldy. I even created a website [0] specifically for me to remember specific things about systemd that it doesn't document well.

[0]: https://systemd.software/


It’s not even possible in windows 11. You can leave Microsoft behind, or accept it and move on. I think apple does this too. You have options, but they don’t include Microsoft or apple. I think chromeos, for now, lets you opt out. I could be wrong about that.


> You can leave Microsoft behind,

Everyone currently afflicted can make the most of the US 3-day weekend, write this installer raw to a USB stick/drive, boot it, and overwrite Microsoft forever:

https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/d...

Or, if it's a laptop that needs closed WiFi firmware blobs, use this USB stick image instead:

https://cdimage.debian.org/cdimage/unofficial/non-free/cd-in...


For some reason, “I think Apple does this too” always comes up in the discussions about Microsoft forcing online accounts within Windows.

MacOS doesn’t do this. Accounts are machine local. iCloud integration is an optional layer on top. Always has been. Nothing has changed.

Maybe give the OS a try before assuming Apple is following all the same antipatterns just because they also happen to fall into the category of “big tech”.


Apple is worse, they will randomly lock you out of devices you own even though you have the password and demand you verify on a different one. I had relatives who only had one apple device, what a nightmare fixing that was.

It's the big tech equivalent of stop and frisk.


This can’t happen if you don’t use iCloud. It’s a security feature supposedly for the user, but is badly implemented and annoying.


It is possible to set up MacOS without an iCloud account, but they do try hard to get you to sign in. You have to be diligent about looking for buttons like "Skip," "Not now," and "I'll do it later."

Fortunately those options still exist, but the pressure to sign in has been increasing over the last several versions of MacOS.


Em... No. Have you used a Mac? They only ask you once during setup, and have only one popup asking if you are sure.


Not true. Right now, I have MacOS Ventura nagging me to update my iCloud password, for the account "(null)". Notifications, System Settings badge, System Setting menu item drawing attention to "update available", all the enchilada.

"defaults delete com.apple.systempreferences AttentionPrefBundleIDs" doesn't work anymore.

Bug? Might be. But it happens to achieve the same kind of nagging that Microsoft is famous for; it passes the duck test.


Apple has more than one operating system.

iOS requires you to sign in to install apps.

Technically this doesn't lock you out the operating system, but it's close.


Can't update without signing in.


You do need an Apple account to use the App Store on macOS, unlike on Windows. With the App Store being the only place to download XCode, which in turn is required to use all the good stuff like Homebrew, the result for me and probably most people on HN is roughly the same.

Also, the macOS system preferences nag the user until iCloud is activated.


AppleID is everywhere.


FYI you cannot use ChromeOS without a Google account. You also cannot log out of chrome on ChromeOS.


Windows 11 pro doesnt require an ms account, you can create a local account.


This is no longer correct with the latest 22H2 December update. In order to circumvent this now requires getting to the command prompt (Shift+F10) during install and issuing a command to bypass the requirement.


The "I want to use enterprise login" (or whatever it is worded), doesn't work anymore?

It always created local login; if you really wanted to join AD, you had to use this account to log in and join manually. Actually, pretty annoying, desktop Linuces are capable of AD join straight from the OOBE.


Good to know, will be teaching this trick to my grandma, wish me luck


Luckily your grandma has a grandchild who can do that for her.


Yep. Got bit by this once signing into Office 365. I noticed because my desktop background changed to something that I apparently had on another machine where I accidentally got online synced.

It's crazy that this ever was considered...


MS has been driving hard to get everyone into cloud accounts for years now. I assume it’s so they can track, data mine, and do other user hostile things.


I have a pro license and during the installation of Windows 11, it was not happy with local accounts.

I do not remember exact details, but at some point there was a prompt to log in or create an MS account, and I needed to go back a step for the local account option to appear.

I think Windows 10 was similar but it has been a long time since my last installation.


It actually tricks almost everyone succesfully. Every "non-techie" person I have met (and I have met many different people) uses an online account to sign in to their Windows 10 computer.

Every time I configure a fresh Windows 10 system I make sure the computer is not connected to the Internet so it would let me use an offline account.


It happened to me when I logged into XBOX for Forza 5 - voila, Windows 10 suddenly had that account registered as well!


Can you provide details of what you found and how?


I noticed in the accounts control panel that my local account became an online one.

As I said, I pay a lot of attention into not falling into Microsoft's dark patterns, but somehow I did and my local account became an online one. I am wondering if this has happened to others too.


Delight your users by tricking them into doing something they don’t want. The whole win10 onboarding experience is an exercise in adversarial computing. Every screen is something they want but you don’t.


To anyone looking for this, you have this option to remove all Microsoft spyware crap while creating bootable usb with Rufus.

Now a days Linux got so good, I just boot into windows for playing games. What would be the law if it’s a person and not the most profitable company doing this to a person!


> To anyone looking for this, you have this option to remove all Microsoft spyware crap while creating bootable usb with Rufus.

Rufus just burns the image to usb, where is this option to remove the bloatware


Check the latest version. You’ll get options to remove (auto disable) all of “privacy toggles” during setup and to auto add local account same as host system (and remove data and online account restrictions) once you click to start flash


Dig through the local group policies for mentions of “Microsoft account” or “Microsoft sign-in”. There should be some policies for Microsoft Office apps, the Settings app, as well as a security setting that block it from different angles.


Leaving this here: https://rentry.org/ltsc

Running IoT LTSC 10 as we speak.


Happened to me recently when I had to install Teams on my PC. Then they told me all my files were owned by the wrong user.


Be careful, because if your version of Windows supports bitlocker Windows will turn it on and store the spare key in the online account.


It’s pretty damn difficult to setup a new Windows machine without the online account. Several “ domain join instead” dark patterns


One of the reasons why I stopped using the dumpster fire that is Windows and moved to ZorinOS. I'm never going back.


No, I simply don't sign into anything outside browser on desktop and I don't use Microsoft browser.


I wasn’t able to purchase Windows 10 license without switching to an online account.


The only "trick" I'm aware of is when signing into accounts in certain (Microsoft) applications. You will get a prompt where you need to select to only sign into this specific app.

Other patterns pushing you to use a Microsoft account are not dark at all. They're everywhere though!


Can you dodge Apple account on Mac?


[flagged]


It's not about making me safer, it's about keeping offline OSes as an option. The ability to buy a general purpose computer and do arbitrary things with it is something we take for granted, but will never get back once we lose it.


Use Linux if you want control.

I use Windows for gaming, but I fully accept that I'm basically renting it as a service from Microsoft at this point even if it's a one time upfront payment to use.


You didn't buy in, you were shaken down. There's a difference.

Making life so needlessly friction laden so the alternative seems _SO_ frictionless is basically blackmail.

Nope.


is there any guarantee that if i annoy microsoft on github or xbox gaming that microsoft will not disable my windows account tied to those email addresses?

threat surfaces go beyond ephemeral and tracking data.


Make a new account just for Windows


What do you mean? How is this a problem?

I think you can still use Windows without having an online account. But this pattern is similar to Apple having your logged on to your Apple/iCloud account when using your devices.


It is a problem to get registered into some organization using dark patterns.

Android is straight forward and doesn't insist every single time into drafting you with tricky dialogs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: