How To Keep Microsoft's Nose Out of Your Personal Data In Windows 10

MojoKid writes: Amid the privacy concerns and arguably invasive nature of Microsoft's Windows 10 regarding user information, it's no surprise that details on how to minimize leaks as much as possible are often requested by users who have recently made the jump to the new operating system. If you are using Windows 10, or plan to upgrade soon, it's worth bearing in mind a number of privacy-related options that are available, even during the installation/upgrade. If you are already running the OS and forgot to turn them off during installation (or didn't even see them), they can be accessed via the Settings menu on the start menu, and then selecting Privacy from the pop-up menu. Among these menus are a plethora of options regarding what data can be gathered about you. It's worth noting, however, that changing any of these options may disable various OS related services, namely Cortana, as Microsoft's digital assistant has it tendrils buried deep.

Re:HOSTS file

[gweihir]

Reportedly, at least part of the addresses are hard-coded in the software in a way that bypasses the hosts-file. There are confirmed reports for the latest 4 snooping updates for Win7/8 of this, so I suspect it can be true for Win10 as well. Of course, in order to get past the hosts-file, you have to bypass parts of the networking stack, i.e. a lot of criminal energy is involved.

The lack of control

The thing that pisses me off about Windows 10 is the apparent lack of control the user has with their own machine. Exhibit A: http://www.tenforums.com/attac...

Check out the real-time protection option. "You can turn it off temporarily, but if it's off for a while, we'll turn it back on automatically." What bullshit is that? First, it doesn't tell you what it constitutes as "a while". A day? A week? A month? Second, the fact that it believes that power users are extinct and might have an edge-case for permanently disabling it is ridiculous. It's based off of Microsoft Security Essentials, and I disabled the real-time protection when installed on Win 7 on my netbook because it was just too much for the poor little Atom processor to deal with. If I needed to scan something, I'd do it on-demand. Here, I have no permanent solution because Windows 10 thinks it knows better than my situation.

Windows 10 is peppered with many other areas which make me feel less in control than I used to. I know that I can't have full control when running a proprietary system, but it's all about degrees, and Win 10 feels far less catered for power users than Win 7.

Re: HOSTS file

[hummassa]

The option to block microsoft's domains, via any interface. People already established that somethingsomethingspysomething.dll bypasses the hosts file, the dns lookups and the firewall (and who knows what else) when talking to the mothership.

Re:not good enough

[thegarbz]

Don't use what? Cortana?

I don't use it. I disabled search features. I also live in an area where Cortana is not available. And yet every time I hit the start button and start typing some of my information is sent to servers related to the Cortana service.

Likewise I've removed a lot of the shitty live tiles. That doesn't stop the money app getting up to date stock information that it won't be displaying.

You can't not use some of these features, not without a firewall.

Re:HOSTS file

[SuricouRaven]

I've been doing it by IP range, watching a fresh Windows 10 install to see what it contacts.

65.52.108.0/14 #update.microsoft.com, licensing.md.mp.microsoft.com, v10.vortex-win.data.microsoft.com. Update has an alternate in another range.
104.40.0.0/13
204.79.196.0/23 #Start menu searches.
23.93.0.0/13
157.54.0.0/15
157.60.0.0/16
191.236.0.0/14
207.46.0.0/16
131.253.62.0/23
131.253.64.0/18
131.253.61.0/24 #login.live.com
131.253.128.0/17
191.232.0.0/14 #settings-win.data.microsoft.com
#Do not block these, required for updates:
#157.56.0.0/14 #sls.update.microsoft.com
#191.232.0.0/14 #windowsupdate.microsoft.com

I also had to block all subdomains for appex.bing.com, appex-rf.msn.com and cms.msn.com. Can't IP-block those as they are CDNs.

Re:HOSTS file

[SuricouRaven]

I've been testing the Windows firewall.

If you delete the permit rules for Windows services and spying, they come back. Protected rules.

But on Windows firewall, a deny always overrules a permit - if you explicitly deny the unwanted IP ranges, this does hold. At least in my testing so far - I've found one range that acts oddly and I think may be bypassing the firewall, but I need to confirm this.

Re:not good enough

[SuricouRaven]

I have been examining Windows Ten with a packet sniffer, and can confirm both of these claims. Even if you disable cortana and searching bing from the start menu, typing anything in there still results in a connection to a server associated with Bing - I don't know what's in that connection, as it's TLS. I've also confirmed that it does attempt to update the live tiles even when said tiles have been removed, as I see connections to servers such as foodanddrink.tile.appex.bing.com.

Re:HOSTS file

[rastos1]

Citation, please?

KB3068708
KB3022345
KB3075249
KB2976978
KB3021917

Re:What pissed me off...

[AmiMoJo]

When you logged in to the app store you were asked if you wanted to convert your account to a Microsoft online account, or just log in to the app store. You must have ignored that question and blindly clicked through it, and hence your account was converted (unfortunately that is the default).

http://www.guidingtech.com/ass...