Slashdot Mirror
How To Keep Microsoft's Nose Out of Your Personal Data In Windows 10
MojoKid writes: Amid the privacy concerns and arguably invasive nature of Microsoft's Windows 10 regarding user information, it's no surprise that details on how to minimize leaks as much as possible are often requested by users who have recently made the jump to the new operating system. If you are using Windows 10, or plan to upgrade soon, it's worth bearing in mind a number of privacy-related options that are available, even during the installation/upgrade. If you are already running the OS and forgot to turn them off during installation (or didn't even see them), they can be accessed via the Settings menu on the start menu, and then selecting Privacy from the pop-up menu. Among these menus are a plethora of options regarding what data can be gathered about you. It's worth noting, however, that changing any of these options may disable various OS related services, namely Cortana, as Microsoft's digital assistant has it tendrils buried deep.
Just install *BSD.
TFTFY
"I say we take off, nuke the site from orbit. It's the only way to be sure."
Reportedly, at least part of the addresses are hard-coded in the software in a way that bypasses the hosts-file. There are confirmed reports for the latest 4 snooping updates for Win7/8 of this, so I suspect it can be true for Win10 as well. Of course, in order to get past the hosts-file, you have to bypass parts of the networking stack, i.e. a lot of criminal energy is involved.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
it's funny that considering how "deep" Cortana is, it gets utterly confused and useless when I say "Cortana start microsoft word".
Purportedly M$ is also issuing updates to Win7/8 that would mirror Win10 behavior. You want out? Install Linux (or FreeBSD)
To disable forced updates, go into Services and set Windows Update to Disabled. Then put an icon for Services on the task bar
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
The thing that pisses me off about Windows 10 is the apparent lack of control the user has with their own machine. Exhibit A: http://www.tenforums.com/attac...
Check out the real-time protection option. "You can turn it off temporarily, but if it's off for a while, we'll turn it back on automatically." What bullshit is that? First, it doesn't tell you what it constitutes as "a while". A day? A week? A month? Second, the fact that it believes that power users are extinct and might have an edge-case for permanently disabling it is ridiculous. It's based off of Microsoft Security Essentials, and I disabled the real-time protection when installed on Win 7 on my netbook because it was just too much for the poor little Atom processor to deal with. If I needed to scan something, I'd do it on-demand. Here, I have no permanent solution because Windows 10 thinks it knows better than my situation.
Windows 10 is peppered with many other areas which make me feel less in control than I used to. I know that I can't have full control when running a proprietary system, but it's all about degrees, and Win 10 feels far less catered for power users than Win 7.
The option to block microsoft's domains, via any interface. People already established that somethingsomethingspysomething.dll bypasses the hosts file, the dns lookups and the firewall (and who knows what else) when talking to the mothership.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
You joke, but that pretty much IS the only way. Tons of experiments and wire captures have already shown that no matter what settings you disable, the OS still sends TONS of info back to MS servers.
This has been posted a few places on the net. Set all the below addresses to 0.0.0.0, because /. won't allow me to use 0.0.0.0 so many times. Too many "junk" characters!
vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net
redir.metaservices.microsoft.com
choice.microsoft.com
choice.microsoft.com.nsatc.net
df.telemetry.microsoft.com
reports.wes.df.telemetry.microsoft.com
wes.df.telemetry.microsoft.com
services.wes.df.telemetry.microsoft.com
sqm.df.telemetry.microsoft.com
telemetry.microsoft.com
watson.ppe.telemetry.microsoft.com
telemetry.appex.bing.net
telemetry.urs.microsoft.com
telemetry.appex.bing.net:443
settings-sandbox.data.microsoft.com
vortex-sandbox.data.microsoft.com
survey.watson.microsoft.com
watson.live.com
I've been doing it by IP range, watching a fresh Windows 10 install to see what it contacts.
65.52.108.0/14 #update.microsoft.com, licensing.md.mp.microsoft.com, v10.vortex-win.data.microsoft.com. Update has an alternate in another range.
104.40.0.0/13
204.79.196.0/23 #Start menu searches.
23.93.0.0/13
157.54.0.0/15
157.60.0.0/16
191.236.0.0/14
207.46.0.0/16
131.253.62.0/23
131.253.64.0/18
131.253.61.0/24 #login.live.com
131.253.128.0/17
191.232.0.0/14 #settings-win.data.microsoft.com
#Do not block these, required for updates:
#157.56.0.0/14 #sls.update.microsoft.com
#191.232.0.0/14 #windowsupdate.microsoft.com
I also had to block all subdomains for appex.bing.com, appex-rf.msn.com and cms.msn.com. Can't IP-block those as they are CDNs.
I've been testing the Windows firewall.
If you delete the permit rules for Windows services and spying, they come back. Protected rules.
But on Windows firewall, a deny always overrules a permit - if you explicitly deny the unwanted IP ranges, this does hold. At least in my testing so far - I've found one range that acts oddly and I think may be bypassing the firewall, but I need to confirm this.
KB3068708
KB3022345
KB3075249
KB2976978
KB3021917
When you logged in to the app store you were asked if you wanted to convert your account to a Microsoft online account, or just log in to the app store. You must have ignored that question and blindly clicked through it, and hence your account was converted (unfortunately that is the default).
http://www.guidingtech.com/ass...
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
The problem here is the company behind the OS and their Orwellian privacy ideas.
You can block entire IP ranges, disable services and smoulder half the registry. If they are serious about collecting this information, expect CDN servers to start taking up slack in random cities, small server providers way outside the firing line. They will find a way to get past your firewall restrictions, until you're left with nothing but an isolated machine.
You can disable and remove all you want from the core system, if you're using Windows Updates, they've won. The regular user won't have the know how to reverse engineer every update, or won't keep in the loop on critical security updates to make sure he at least turns Windows Update on once. Not everyone will be running a Enterprise version, apart from actual corporate and pirate users.
They have the ability to modify anything they want via WU. How long will your sanity last battling against the Microsoft gestalt?
This needs to be solved in a court, in a way that can make an impact on a multinational company. If not, then you're just living on a prayer, hoping that you've figured out every packet that's leaving the machine.
A real fire wall stops fire.