How To Keep Microsoft's Nose Out of Your Personal Data In Windows 10

MojoKid writes: Amid the privacy concerns and arguably invasive nature of Microsoft's Windows 10 regarding user information, it's no surprise that details on how to minimize leaks as much as possible are often requested by users who have recently made the jump to the new operating system. If you are using Windows 10, or plan to upgrade soon, it's worth bearing in mind a number of privacy-related options that are available, even during the installation/upgrade. If you are already running the OS and forgot to turn them off during installation (or didn't even see them), they can be accessed via the Settings menu on the start menu, and then selecting Privacy from the pop-up menu. Among these menus are a plethora of options regarding what data can be gathered about you. It's worth noting, however, that changing any of these options may disable various OS related services, namely Cortana, as Microsoft's digital assistant has it tendrils buried deep.

HOSTS file

"How To Keep Microsoft's Nose Out of Your Personal Data In Windows 10"

How about a new HOSTS file? APK?

Re:HOSTS file

You joke, but that pretty much IS the only way. Tons of experiments and wire captures have already shown that no matter what settings you disable, the OS still sends TONS of info back to MS servers.

Re:HOSTS file

[gweihir]

Reportedly, at least part of the addresses are hard-coded in the software in a way that bypasses the hosts-file. There are confirmed reports for the latest 4 snooping updates for Win7/8 of this, so I suspect it can be true for Win10 as well. Of course, in order to get past the hosts-file, you have to bypass parts of the networking stack, i.e. a lot of criminal energy is involved.

Re:HOSTS file

[gweihir]

There is criminal energy involved in sabotaging mechanisms such as the hosts-file in order to deceive users. Even thinking of it requires significant criminal energy, and the strong intent to harm users.

Re:HOSTS file

[binarylarry]

Use a modern OS instead of Windows.

Re:HOSTS file

[aaron4801]

Or just block the URLs/IP addresses later down the network stream, like at the router.

Re:HOSTS file

[shubus]

Exactly! PfSense and Snort gateway....find and block every one of those "call home" URL's and see how many are left still trying to call home after all known privacy options have been enabled. It's gonna take me awhile.

Re:HOSTS file

[plasm4]

Yeah I have to agree with you there. Going out of your way to hide something from someone is different simply not mentioning it.

Re:HOSTS file

[gweilo8888]

Nope. The only realistic way is not to install it -- and you're a moron if you do.

Re:HOSTS file

[gweilo8888]

There are confirmed reports for the latest 4 snooping updates for Win7/8 of this

If this is true, it's class-action time and count me in. I paid full retail for multiple copies of Win7, and did not do so to be spied on. Citation, please?

Re:HOSTS file

[U2xhc2hkb3QgU3Vja3M]

Until the OS ignores your HOSTS file for some hard-coded domains. If you can't trust your OS, why are you trusting it to filter things out? The filtering has to come from outside, from another system.

Re:HOSTS file

[rudy_wayne]

All over the interwebs people are posting information on how to block this. It will be interesting to see what Microsoft's reaction is. I can't believe they went to all the trouble to design and implement this and aren't going to push back against people trying to disable it.

Re:HOSTS file

[rudy_wayne]

Until the OS ignores your HOSTS file for some hard-coded domains. If you can't trust your OS, why are you trusting it to filter things out? The filtering has to come from outside, from another system.

That's why you need to use a firewall. A real one, not that Windows Firewall crap. And block any outgoing connections you don't approve.

Re: HOSTS file

OMG! Access to your personal medical and financial information. And your sensitive work/company/corporate data and emails.

Re:HOSTS file

[Purity+Of+Essence]

That data is very valuable which is why Microsoft is going through so much trouble to get it. It's worth way more than the $100-200 asking price for a retail copy of Windows. In an equitable universe, Microsoft would be paying people to use Windows 10.

Re:HOSTS file

[savuporo]

Get a slightly intelligent router, something that runs OpenWRT or so, and take care of the issue at the source.

Re:HOSTS file

[w_dragon]

Google does the same thing. Both Android devices and chromecast ignore the DNS in the DHCP negotiation and use Google DNS servers at least for netflix. This makes it more difficult to use DNS-based region modifiers like unblock-us, since you have to block 8.8.8.8 and 8.8.4.4 at the router.

Re: HOSTS file

[hummassa]

The option to block microsoft's domains, via any interface. People already established that somethingsomethingspysomething.dll bypasses the hosts file, the dns lookups and the firewall (and who knows what else) when talking to the mothership.

Re: HOSTS file

Hardware. A seperate system.
Windows firewall is just an app. A real firewall is on it's own hardware with its own OS.

Re:HOSTS file

[hummassa]

The "telemetry" think might opt to accumulate your data and just send it at the first opportunity (when you connect to some other network, like starbucks' or something).

Re:HOSTS file

[shubus]

Agreed! This is certainly possible. All such activities will of course be logged to disk so they'll sill be observable. I expect this job will be fun for a while but soon become rather tedious.

Re:HOSTS file

[unrtst]

... I can't believe they went to all the trouble to design and implement this and aren't going to push back against people trying to disable it.

Really? What percentage of people are actually going to disable (and/or block) all of it? What percentage will disable *any* of it? ANYONE that wants cortana to work, which seems to be a large part of their marketing, will have to keep most of it enabled. Will the percentage that's left from those be enough to justify what was done? (the answer is "Hell yes it will, unless some lawsuit somehow gets in the way").

Now, you may be thinking something along the lines of, "while alienating all their true supporters and die hard fans", or something like that (eg. those who are going through the disabling steps are annoyed, and that annoyance may cost MS). Why would MS give a fuck? Anyone going through the trouble to disable all those settings has bought into Windows so completely that they're even willing to go through all that trouble just to use Windows 10... Microsoft doesn't have to worry at all about losing those customers.

Why would they push back any further within Windows 10? They can just wait 'til the next round of shitty-ui-new-version then slightly-better-new-version-that-adds-more-privacy-issues (or any other combo of two evils).

Re:HOSTS file

You joke, but that pretty much IS the only way. Tons of experiments and wire captures have already shown that no matter what settings you disable, the OS still sends TONS of info back to MS servers.

This has been posted a few places on the net. Set all the below addresses to 0.0.0.0, because /. won't allow me to use 0.0.0.0 so many times. Too many "junk" characters!

vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net
redir.metaservices.microsoft.com
choice.microsoft.com
choice.microsoft.com.nsatc.net
df.telemetry.microsoft.com
reports.wes.df.telemetry.microsoft.com
wes.df.telemetry.microsoft.com
services.wes.df.telemetry.microsoft.com
sqm.df.telemetry.microsoft.com
telemetry.microsoft.com
watson.ppe.telemetry.microsoft.com
telemetry.appex.bing.net
telemetry.urs.microsoft.com
telemetry.appex.bing.net:443
settings-sandbox.data.microsoft.com
vortex-sandbox.data.microsoft.com
survey.watson.microsoft.com
watson.live.com

Re:HOSTS file

[chipschap]

Just run Linux, works every time.

Re: HOSTS file

Stop at {insert your favorite fast food, coffee shop, hotel, public place here} with your laptop and "Bingo!", M$ owns you.
If Windows 10 is a security concern to you, you shouldn't be using Windows 10.

Re:HOSTS file

[chipschap]

I've got to ask if it's really worth it. I suppose, if you absolutely must run Windows or are forced to do so at work or somehow ... but geez, isn't it time to ditch Windows completely if you can? Isn't it worth going to some extra trouble to get out of that ecosystem permanently?

Re: HOSTS file

So you will allow everyone to rummage through your house and go through your wallet right, since your information isn't private anyway.

So whats your bank account number and pin number? Don't want to tell us? Why not? Your bank has it anyway.

Whats your social security number? Don't want to tell us? Why not? The govt has it anyway.

Re:HOSTS file

[shubus]

Well, I'm an Apple guy with an unused PC gathering dust and a lot of curiosity. So it's just an experiment, as I'm quite happy in the Apple ecosystem.

Re:HOSTS file

[rudy_wayne]

You joke, but that pretty much IS the only way. Tons of experiments and wire captures have already shown that no matter what settings you disable, the OS still sends TONS of info back to MS servers.

This has been posted a few places on the net. Set all the below addresses to 0.0.0.0, because /. won't allow me to use 0.0.0.0 so many times. Too many "junk" characters!

vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com

. . . . etc.

That's only some of them. I've been collecting all the ones I could find form various sources and the total number of them is now over 100.

Re:HOSTS file

[unrtst]

sed -i 's/^\(hosts:[[:space:]]\+\)files[[:space:]]/\1/' /etc/nsswitch.conf

Yeah. Lots of work on other platforms too.

(and yes, I know this is almost completely unrelated to the topic at hand; they probably just use DnsQuery with DNS_QUERY_NO_HOSTS_FILE; it's not hard though, and shouldn't be)

Re:HOSTS file

[gl4ss]

it's not the real reason.

the real reason is pushing the appstore and pushing it for all kinds of applications.

pushing the appstore was also the reason why they were pushing win8/8.1 for practically free and it's the sole only reason for the shitfest that is metro(they shipped a program environment that was unfinished, unpolished and lacking in api's to replace what it was intended to replace only because they were in a hurry to release an appstore because some execs _thought_ they could get 30% of 3000$ photoshop and cad licenses, which was never going to happen anyway)

Re:HOSTS file

[ancientt]

Right, because keeping your browsing and application-utilization habits a secret is SO important.

OMG somebody might know you look at porn! Or that you play video games! Or that you are shopping online for a new printer!!!

The horror!

Okay, mostly I agree with you, and even if 99.9% of people were aware of what's shared, almost none of them would care. Of course, in reality, I'd be surprised if even 1% of people care enough to find out.

Lets just target that tiny fragment of the population that cares and wants to protect their privacy. Maybe you know the person behind the Ashley Madison hack, or want to blow the whistle on the NSA, or maybe you found out something terrible about Microsoft and want to email somebody about it, whatever. In this scenario, you're somehow also nuts enough that you are going to pass on your bombshell using your home Windows 10 PC.

Wireshark and a few tweaks to your router and there is now nothing goes out that you don't want going out. Problem solved. (It's not going to last ten seconds in keeping your identity secret from any of those entities, but hey, it's not Windows 10's fault at least.)

But wait, you must be saying, "my PC is connected without a router!" (How?) Don't worry your pretty little head about it. A couple host file edits and you're good. But "wait" you say, (complainer!) "these apps are still connecting!" So you add a handful of specific routes with the handy command line and boom (!) problem solved again. (For another ten seconds.)

"But ancientt," you say. "I'm posting and emailing stuff all the time that could get me in trouble and I don't want Microsoft to know!" To which I reply, "Tails and VPN my child." But you ignore my advice, because of course you do. "I must secure Windows 10 permanently!" I find you irritating, but alas, I cannot resist your wiles so I offer this further guidance. Edit your registry, run your own DNS server, set the default route to localhost and only allow an IP connection to sites you've intentionally pre-configured with the route command, and now my stupid but persevering student, you have a Windows 10 configuration which will communicate with nothing undesired.

I will not post bail.

Re:HOSTS file

I recommend NetLimiter or similar to monitor activity of unwanted downloads and uploads. It also can apply firewall rules to connections.

Re: HOSTS file

The "real firewall" quip meant a real *hardware* device sitting between your computer and the cloud, lying to Windows^W^W^Wcontrolling the flow of unwanted data in ways we are no longer allowed to do by design. Granted, you either cough up big money for a commercial solution, or get a WRT router and then simply dump your hostfile there to instantly plug the leaks

Unless the NSA aims at subverting DDWRT / OpenWRT from the inside and shares the exploits with your OS makers to make your hardware firewalls moot (and various commercial companies might scream at that point, unless NSLs are involved), we're safe for just a bit longer.

Re:HOSTS file

[bjwest]

There is criminal energy involved in sabotaging mechanisms such as the hosts-file in order to deceive users. Even thinking of it requires significant criminal energy, and the strong intent to harm users.

You're forgetting we're talking corporate to consumer here, nothings illegal from that standpoint. If you take every third word from every other sentence in every fifth paragraph starting from the third paragraph from the bottom, and wrap around, you gave your permission for them to do this when you clicked Agree.

Re:HOSTS file

[thegarbz]

Until the OS ignores your HOSTS file for some hard-coded domains.

What do you mean until?

Re:HOSTS file

[thegarbz]

Never contribute to mal.... you know the saying.

Microsoft has always bypassed the hosts file for certain things, not in the name of criminal sabotage but in the name of something quite simpler, allowing their software to receive updates despite attempts to prevent it by malware.

At least that's their excuse, and with an excuse like that it's hard to justify criminal intent. More likely someone thought it was "a good idea at the time".

Re:HOSTS file

[SuricouRaven]

I've been doing it by IP range, watching a fresh Windows 10 install to see what it contacts.

65.52.108.0/14 #update.microsoft.com, licensing.md.mp.microsoft.com, v10.vortex-win.data.microsoft.com. Update has an alternate in another range.
104.40.0.0/13
204.79.196.0/23 #Start menu searches.
23.93.0.0/13
157.54.0.0/15
157.60.0.0/16
191.236.0.0/14
207.46.0.0/16
131.253.62.0/23
131.253.64.0/18
131.253.61.0/24 #login.live.com
131.253.128.0/17
191.232.0.0/14 #settings-win.data.microsoft.com
#Do not block these, required for updates:
#157.56.0.0/14 #sls.update.microsoft.com
#191.232.0.0/14 #windowsupdate.microsoft.com

I also had to block all subdomains for appex.bing.com, appex-rf.msn.com and cms.msn.com. Can't IP-block those as they are CDNs.

Re:HOSTS file

[SuricouRaven]

I do not yet know, but intend to test this on Friday.

Re: HOSTS file

[Opportunist]

A trustworthy maker. Or at least one that has not proven to be untrustworthy yet.

Re:HOSTS file

[SuricouRaven]

I've been testing the Windows firewall.

If you delete the permit rules for Windows services and spying, they come back. Protected rules.

But on Windows firewall, a deny always overrules a permit - if you explicitly deny the unwanted IP ranges, this does hold. At least in my testing so far - I've found one range that acts oddly and I think may be bypassing the firewall, but I need to confirm this.

Re: HOSTS file

[WaffleMonster]

More info on this? I set my router's DNS server to resolve the two telemetry servers to 127.0.0.1. Would that fix the problem or no?

If you have a DNS server one way is to create a zone matching the name of the Microsoft host and simply leave the zone empty. It won't resolve to anything and the Microsoft stack won't even try to make a connection.

--
"Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary."

Re: HOSTS file

[ruir]

And updates wise? And out of home?

Re:HOSTS file

[ruir]

How about not using their shit? It is 2015, the compatibility myth as been bust for more than a decade for good, and there are not a lack of alternatives...

Re: HOSTS file

[ruir]

If you think only the 10th version is a security concern, the problem is you, not MS.

Re:HOSTS file

[ruir]

If you have not noticed in the last 4 decades MS in underhanded, I have got a bridge to sell. Ring my mobile now, go to the NSA site my phone is there.

Re:HOSTS file

[ruir]

Stupid question, do you already have ipv6 at home and work? ipv6 does not route automagically

Re:HOSTS file

[sexconker]

Won't work.
As has been reported, MS has several hard-coded IPs in Windows 10.
You have to block at your router.

Re:HOSTS file

[WaffleMonster]

There is criminal energy involved in sabotaging mechanisms such as the hosts-file in order to deceive users. Even thinking of it requires significant criminal energy, and the strong intent to harm users.

Looked up reference for getaddrinfo, GetAddrInfoEx and variants there is no namespace identifier other than NS_DNS to be found that allows or even mentions addressing DNS separate from the hosts file... ... minutes later ...

I guess you learn something new every day. For those interested in joining Microsoft in the pits of hell add DNS_QUERY_NO_HOSTS_FILE to the options flag of DnsQuery().

Re:HOSTS file

[ruir]

Nonsense, you dont block DNS, you just do a NAT on them, and send them to the DNS server of your choice, or to your own. Thats what I do at home with pfsense.

Re:HOSTS file

[ruir]

I use Mac and Linux, and surprisingly, it soles the problem very well. I need to confirm this.

Re:HOSTS file

[ruir]

solves. Damn dictionaries.

Re:HOSTS file

[rastos1]

do you already have ipv6 at home and work?

Yes.

ipv6 does not route automagically

Oh, really?. Leave your geek card at the door.

Re:HOSTS file

[rastos1]

Citation, please?

KB3068708
KB3022345
KB3075249
KB2976978
KB3021917

Re:HOSTS file

[SirJorgelOfBorgel]

Good job blaming Google for something the Netflix guys hardcoded in their app. What?

Re: HOSTS file

[bickerdyke]

It's not part of windows, which is the very thing you want it to protect you from.

Re:HOSTS file

[Pinky's+Brain]

They can just route all the data through whatever you leave open for updates.

Re: HOSTS file

[Gadget_Guy]

Windows Firewall, by default, allows all outgoing connections. In order to block an outgoing connection you have to specify exactly which one you want to block. How do you do that if you don't know which program is making the connections? What if Windows Update adds something that you don't even know exists?

Why ask these questions if you have already given the answer yourself? You simply change the firewall profile from its default setting to block all outgoing connections except those specified by a rule. This is not a missing feature from the Windows Firewall.

The big problem is that installers and services that run as admin can add their own entries to the firewall without notification. Steam does this for its own client and for any games that it installs. If it can't access the Internet for any reason, the client adds another entry for itself into the firewall. I eventually added another administrator account for the Steam service to run as and then denied it access to the firewall with the registry editor.

That's works for a third-party program, but Microsoft services could always bypass the security if they wanted. This isn't a limitation of the firewall per se, but rather a consequence of us not trusting the OS that actually provides the protection in the first place.

Re:HOSTS file

[DrXym]

The "correct" way to approach it is to leave the door slightly ajar so people who want to leave can even though the majority will stay. Look at Android - Google Play is the default but you can still install APKs or even another store if you want. The majority don't and Google know this which is why they're fine about the switch being there. It also gives them some measure of defence if the EU or some other investigator comes knocking at their door.

I put "correct" in quotes because the truly correct behaviour would be to respect people's privacy by default. While Microsoft provides a non obvious link to modify some privacy settings during setup, this screen does not contain access to all of them (e.g. OneDrive settings) and it's clear that Microsoft has chosen to ignore privacy settings and phone home regardless with some information.

Re: HOSTS file

A real fire wall stops fire.

Re:HOSTS file

[gweihir]

Indeed. And that is the issue here: The deception used.

Re:HOSTS file

You are right, with Windows 10, "YOU" become the product, not the Operating System...Like you said, a 1 time fee of $199 vs a "lifetime" of fees from advertisers, government snoops, malware writers, etc at $199 a piece becomes WAY more profitable... Just wait until they fully roll out Windows as a Service, then the REAL fun will begin...

Had this discussion over a year ago with my co-workers when Micro$haft announced free Win10 'for everyone'....I was cautious then, as nothing 'free' (as in freedom) comes out of Redmond...I was laughed at and told I was a conspiracy theorist...and here we are a little less than a year later, and these same people are wondering how to turn off all of this sh*t...

Re:HOSTS file

[plasm4]

It's a shame I've been modded insightful. In a better world I would have been modded redundant.

Re:HOSTS file

[thegarbz]

Would be great if it didn't introduce a whole new set of problems such as not working with the software I need to run.

Re:HOSTS file

[thegarbz]

I tried, but I couldn't even get Photoshop to install let alone work.

Re:HOSTS file

[ruir]

Well if you have it, I guess it does, here homes with IPv6 from the ISP are not yet that common. ;)

Re: HOSTS file

[rtb61]

Windows 10 has just proven to be the worst of them all. Quite simply the only solution is to not buy or install windows and block all updates from prior versions of windows beyond security only updates. It is important to spread that choice far and wide in order to force M$ to produces a Windows 10 SE edition, where not only has all this crap been disabled but the code itself is completely missing from the OS install. Accept this offering from M$ and you are a bloody idiot.

Re:HOSTS file

[rastos1]

That's why there is Teredo, 6to4, 6in4, 6over4, ...

Re: HOSTS file

[cyber-vandal]

There are many things that don't run on the Linux desktop otherwise it would far more widespread than it is.

Re: HOSTS file

It's not just the microsoft.com domains, it's the following domains plus whatever IP addresses MS hardcodes from Akamai and other CDNs:

msn.com
nsatc.net
msads.net
bing.net
live.com
cloudapp.net
v0cdn.net
msftncsi.com
a-msedge.net
akadns.net
footprintpredict.com
microsoft-hohm.com
adnexus.net
adnxs.com
msecnd.net

This list is is almost certainly imcomplete, and given that these domains, the hardcoded-bypass-your-hosts-and-DNS and the IPs they're backended in can all change at the drop of a hat you're going to need an extremely advanced set of firewall rules to block them off reliably. The only winning move is not to play.

Re:HOSTS file

[present_arms]

you're doing it wrong, I got it to install and run using PlayOnLinux, (did it to see if I could, and did) however not all windows software can be used this way, put windows in a vm and use iptables sort the crap out. then use the routers firewall too just to make sure, host files in Linux bocks both urls and IPs, I know this because I got locked out of a server by IP, I had to ssh in to another server then ssh in to the server I wanted to clear myself (self inflicted wound, my fault). bah why am I bothering, ya wont take advice and you only end up getting fucked by MS regardless.

Re:HOSTS file

[jakimfett]

[citation needed]

Re:HOSTS file

[CODiNE]

That sounds like a bunch of great DDoS targets. Anyone remember when the Windows update server was hit so hard they had to retire it? I think it was windowsupdate.com which stopped working but the one in the control panel was fine.

Re:HOSTS file

[kheldan]

After decades of using Microsoft OS's, I'm actually considering making the move to some flavor of Linux so I don't have to put up with all this fascist bullshit from Microsoft. We seem to be rapidly moving towards a world where you don't even own the hardware you're running an OS on, let alone the OS itself, you're just 'renting' it or something, and they actually own all the data you've got on it. Fuck that.

Re:HOSTS file

[Reziac]

I'd noticed long before Win7+ that once in a while my HOSTS file seemed to get ignored. Don't recall specifics offhand, but at least back as far as Win98 (at least, once TurboTax forcibly applied IE5.5, which also fucked up Win98's resource management. -- That was also the last time I bought TurboTax.)

Re:HOSTS file

[SuricouRaven]

Because it appears to work... almost.

The firewall blocks almost all spying traffic, but there is an exception. I'm still seeing connections to 65.52.108.33 even with a firewall block, and sometimes 65.52.108.33. I think I know why. The latter of these is licensing.md.mp.microsoft.com, and the former shares the same range allocation. The hostname suggests they may relate to DRM in some way, probably for the app store, so it is possible they are coming from a service which has privileges beyond the normal as an anti-tamper or anti-reverse-engineering measure. Like being able to ignore the firewall.

licensing.md.mp.microsoft.com is particularly troublesome, because it's the one that I noticed getting contacted every time you run any app using the new interface API, including even trivial ones like the calculator or image viewer. I do not know what 65.52.108.33 is, but I don't see any mention of it in the DNS query responses, which suggests it may be a hard-coded address.

Microsoft doesn't appear to segregate their network by function very much - content delivery, update and licensing servers all share the same IP ranges. I suspect they may move around if I watch long enough, to judge by the short TTL in DNS. Makes it difficult to filter the spying without disabling updates too.

Re:HOSTS file

[SuricouRaven]

Made an error in pasting there, sorry - got the IPs mixed up. The mysterious ip is actually 65.55.138.111. I looked in the TLS negotiation and saw the hostname specified as sls.update.microsoft.com - so yes, it appears that some processes do have the ability to ignore Windows own firewall. Also my nslookup query for sls.update.microsoft.com just changed, so I can confirm that theory. Probably load balancing.

65.52.108.33 is the spymaster, licensing.md.mp.microsoft.com.

Re:HOSTS file

[SuricouRaven]

Got another one. vortex-win.data.microsoft.com IP 65.55.44.109. Note that I've got everything in 65.52.0.0/14 blocked by the firewall, which conclusively shows that some Windows services are able to disregard the Windows firewall. IP range blocks there can reduce the spying, but not eliminate it, and because of all the mixing of servers may also block updates in the attempt.

Re:HOSTS file

[enochsvision8231]

http://www.ghacks.net/2015/08/...

Re:HOSTS file

[SuricouRaven]

Even when it's set to deny everything by default, lots gets through. Even the Maps app!

I think there might be some sort of hidden hard-coded rule that always permits signed apps, or something like that. But all the login.live.com and onedrive-related traffic is blockable by the Windows firewall. Partially effective. I've not even started on playing with the hosts file yet.

Re:HOSTS file

[gweihir]

Of course, I have already done that. But doing so is way beyond the capabilities of an ordinary user.

Re:HOSTS file

[gweihir]

Would be interesting to know. My Net here is still pure IPv4, but that cannot last.

Re: HOSTS file

[SuricouRaven]

"Microsoft services could always bypass the security if they wanted"

I can confirm that they do indeed do this. The firewall can stop some of the unwanted traffic by configuring blocks for specific IP ranges, but not all of it. Even if you block everything both by default policy and by rule, traffic from some sources can still be observed. I'm currently experimenting with a combination of the windows firewall and the hosts file, to see if together they catch everything.

Re:HOSTS file

[SuricouRaven]

It can and will last, for the same reason IPv6 has not been implemented by any major consumer ISP for the last decade: No-one wants to be the first, with all the difficulty that would surely bring.

Re:HOSTS file

[Alien54]

so what part of these are related to conventional updates. and what part are related to general snoopery?

Re:HOSTS file

[macs4all]

Not sure this is a right comment, but with all the hype over open source exploits, people still are convinced Windows and Apple are "secure" and yet they pretty much monitor every thing you do, and store that information.

Windows, yes. Apple, no.

Unlike Microsoft, Apple makes its money off hardware, and thus has absolutely no incentive to sell your soul to The Man.

Apple has also figured out that some Users care about Privacy, and that that may eventually lead to more sales of their Hardware; so, in essence, Apple has discovered that it can actually Market PRIVACY, and so it does. A little too quietly for my taste; but the signs are there, spelled out in explicit detail if you know where to look And you will notice a refreshing lack of "weasel words", such as "for various purposes"...

Also, despite the noise propagated here, Apple actually has a very longstanding distaste for government in general, and I have been watching and using Apple for more than enough decades to know that cooperating with the Gummint would be corporate anathema to them.

And even when Apple does design something like "Spotlight Suggestions" that sends your Spotlight Searches to Apple, so that they can provide internet-based search results alongside local search results, they provide a clear, GUI-available method to completely disable the feature.

The proof in the pudding comes from the fact that you don't see any long lists for OS X of hard-coded IP destinations being published in similar articles to this one, or anyone reporting that, despite turning off everything that can be turned-off, OS X acts like a data-thief, like Windows has obviously turned into. So, in other words, please don't simply lump Apple and Microsoft together as "Teh Evilz"; because that simply isn't the case.

Re:HOSTS file

[MachineShedFred]

Good luck ignoring my DNS server sending their spyware to 127.0.0.1, or my router sending their traffic to the bit bucket.

Re:HOSTS file

[StikyPad]

Right, so far it's just bit players like Comcast and TWC. Maybe someday the major consumer ISPs will support IPv6, but that day certainly isn't November 9th, 2011.

Re:HOSTS file

[MachineShedFred]

I'd love to see them bypass a null-route rule on my router.

If I want the traffic to not go somewhere, they are completely at my mercy. Mwa ha ha!

Re:HOSTS file

[MachineShedFred]

For most of us, it's a moot point, as our shit ISPs don't support IPv6

Re:HOSTS file

[MachineShedFred]

That's awesome - I never thought of just using a NAT rule to man-in-the-middle something that has already been man-in-the-middle'd...

Re:HOSTS file

[macs4all]

Right, because keeping your browsing and application-utilization habits a secret is SO important.

OMG somebody might know you look at porn! Or that you play video games! Or that you are shopping online for a new printer!!!

The horror!

Sometimes it's not the Act; it's the Principle.

Or do you go around writing your name, date of birth and social security number (or equivalent if in a non-U.S. country) on public walls? And if not, why not? After all, who needs Privacy; it's just so, so, Twentieth Century!

Re: HOSTS file

[macs4all]

The same is true of your social security number. The IRS has it, as does your phone company, and your employer, and your school, and several other businesses. Again, the only reason you think this is private is because you are clueless.

And yet, you won't type it here. Why? You think it hasn't been transmitted over an unsecure internet connection at some point? NOW who's clueless?

Hypocrite.

Re:HOSTS file

[macs4all]

That data is very valuable which is why Microsoft is going through so much trouble to get it. It's worth way more than the $100-200 asking price for a retail copy of Windows. In an equitable universe, Microsoft would be paying people to use Windows 10.

Which is why it is such a bad joke that Windows 10 in "free" (as in beer).

Microsoft was forced by Apple and Linux to reduce the cost of Windows "Client" to "free"; but they can't run a Company the size of Microsoft on the sales of Microsoft Office alone (yes, I know they have other products; but none of them besides Office and Windows make enough to run a Company a 100th the size of Microsoft); so guess how they are replacing that revenue?

Re:HOSTS file

[w_dragon]

This behavior is only on Android and chromecast. IOS, OSX, windows, even the netflix client on my Sony Blu-ray player and Wii don't do the same thing. I highly doubt netflix is responsible.

Re:HOSTS file

[thegarbz]

Pretty much any industrial design software ever, all recent versions of creative suite, etc.
None run under Wine, none have suitable alternatives.

Re:HOSTS file

[thegarbz]

Yep exactly the kind of simple, user friendly solution I've come to expect from Linux.

This is the reason people flock to walled gardens. Some of us will happily be chained at the ankle for the privilege of NOT having to have an epic war with their PC every time they want to do something simple. Don't get me wrong I'm a fan of Linux, but I've tried it at least once a year on my desktop and every time I conclude that this year it can stay as a server OS only, maybe next year will be better.

Re: HOSTS file

[yuhong]

Does Win10 really send this stuff?

Re:HOSTS file

[yuhong]

Yea, the problems with DRM. I wonder if iOS and Android does the same thing.

Re:HOSTS file

[yuhong]

FYI, see https://www.reddit.com/r/Windo... .
Someone managed to decrypt this traffic using Fiddler.

Re:HOSTS file

[Agripa]

That does not prevent an external firewall from blocking by destination IP.

Re:HOSTS file

[gweilo8888]

HAH! :)

Re:HOSTS file

[unrtst]

Why should they do something that complicated if ...

(emphasis mine)
I'm not sure what world you come from, but one line is not "that complicated" here. The GP also referred to it as, "Even thinking of it requires significant criminal energy". That's simply not true... it's dead easy; it's an insignificant change.

I do think all those external fetches should be clearly documented and relatively easy to block or redirect, but I could care less if they bypass the hosts file, and it's certainly not some huge bit of dark magic.

Re:HOSTS file

[aNonnyMouseCowered]

Use Linux online. Use Windows offline. Only problem is if you love online games.

Re: HOSTS file

[ruir]

If you say. Many beg to disagree, and nobody is talking only about Linux. Plenty of alternatives out there.

Re:HOSTS file

[ruir]

This configuration is done routinely with VPNs or captive portals.

Ok i'm going to say it

[ozduo]

don't install the damm thing!

Re:Ok i'm going to say it

Ubuntu or Mint works well enough. You can keep Windows in a VirtualBox. Chrome will allow you to watch Netflix. Games via Steam. As Steam's own platform runs Linux, more and more games are being ported all the time, especially the newest ones.

For games you have Steam. You might want to install proprietary video drivers for best performance and compatibility.
Honestly, Linux today provide superior out-of-the-box hardware compatibility, sustained support, easier and more flexible installation procedure and even the UIs makes more sense.

People installing Windows 10 won't get any support from me, or pity.

Captcha: against

Re:Ok i'm going to say it

[houghi]

What about all those that do not have a clue? What about those that buy the new hardware and have no idea how to install anything else or do not even know it is possible?

Or is it ok that only tech-savy people have some sort of privacy? (Wich means you do not have any privacy either.)

I do not understand this "let everybody look out for themselves" in a community that also preaches "Open Source is great, because we share the workload and sharing is good."

Re:Ok i'm going to say it

[antdude]

Ditto. I am avoiding it.

How To Keep Microsoft's Nose Out of Your Data?

[Irate+Engineer]

Just install Linux.

You're welcome.

Re:How To Keep Microsoft's Nose Out of Your Data?

[Bodhammer]

Just install *BSD.

TFTFY

Re:How To Keep Microsoft's Nose Out of Your Data?

[thegarbz]

Sorry that just broke most of my software.

Re:How To Keep Microsoft's Nose Out of Your Data?

[inasity_rules]

2016 - The year of Gnu HURD.

Re:How To Keep Microsoft's Nose Out of Your Data?

[thegarbz]

Sure just point me to 3D mechanical analysis software, a fully featured PCB EAD package, and complete all in one solutions for programming proprietary microcontrollers and FPGAs and I'll happily change.

No I'm serious I would happily change. The state of software on Linux is the only reason my desktop still doesn't run it. I already have it running on every other machine. You may not believe it but not every piece of software has an alternative.

Beside the point

[zAPPzAPP]

Yes, I can see the options during the setup. Years of updating Java have trained me to uncheck everything.
Anyway that is old news.

We want to know more about the things you can not set in the options.
Ways to prevent forced updates?
Remove hidden services?

Re:Beside the point

Right, the next installer I write will have a "Don't fuck everything up" checkbox, checked by default, just for you!

Re:Beside the point

[Darinbob]

Good idea. Added unnecessary features should always be an opt-in choice. Also installing a third party anti-malware program, or third party search bar, or a third party browser, or any third party demo, should be opt-in only.

Another good improvement. If the user has ever unchecked "automatically install new updates" and instead checked "notify me about new updates", then the installer should remember that choice in the future.

Re:Beside the point

[Tharic-Nar]

You can take back some control of Windows Update if you use Windows 10 Pro. You have to use a mix of group policy and the disable update tool from Microsoft: http://techgage.com/article/ta... The two mixed together allows you to selectively install updates while preventing others. It's a little more convoluted that previous OSs, but it can be done. The problem is that Windows will nag you when there is an update, including a full splash screen like a UAC warning saying you have to update. If you are running Home, then yeah, it's all or nothing, disable service or live with constant fear of a failed update.

What if there is a bug?

[Marrow]

If the default is "on" , what if a bug in the code resets the setting or ignores the setting. Are there any indicators that this information is going out? Can there be any indicators? What is the amount of encrypted traffic going out from the system to microsoft? Any way to look at what is being sent at any point in time? Does it ever log what was sent? Can it?

Re:What if there is a bug?

[Darinbob]

An update could add a new setting at any time, and fail to notify the user about the new option and the new undesirable default setting. Not hypothetical, there are applications that do this.

Re:What if there is a bug?

[bondsbw]

Are there any indicators that this information is going out?

Yes. To find the indicator, open your web browser. In the address bar, enter "wireshark.org". Press enter. Find your way to the download, and download the appropriate installer. Run the installer. Run the application. Learn how to use it.

Oh, wait... you meant indicators in the OS? Ha. Right. What makes you think they would exist? It's kind of silly to expect there to be indicators showing for these particular things. If everyone got indicators for every little thing they wanted, then the whole screen would be nothing but indicators. This is why third-party programs exist... and development tools galore if you can't find an application that behaves to your exact specification.

Re:What if there is a bug?

[techno-vampire]

If the default is "on" , what if a bug in the code resets the setting or ignores the setting.

That's not a bug, it's how the software was designed to work.

Re:What if there is a bug?

[thegarbz]

If the default is "on" , what if a bug in the code resets the setting or ignores the setting

There's evidence of that happening already. I'm strongly considering wide ranging blocks of Microsoft IPs a the router, but the problem is on any mobile device that won't stop the leaking when I move to another network.

Re:/facepalm

[gweihir]

It actually is that big a deal. It is just that the MS PR department managed to convince some clueless people that what they do is harmless. It is not.

can't even run office apps...

it's funny that considering how "deep" Cortana is, it gets utterly confused and useless when I say "Cortana start microsoft word".

I've seen this on here a few times

I'm just waiting for the coffee table book now.

not good enough

Purportedly M$ is also issuing updates to Win7/8 that would mirror Win10 behavior. You want out? Install Linux (or FreeBSD)

Re:not good enough

Linux with systemd? No fucking chance. Systemd the death of Linux.

back to FeeeBSD for me.

Re:not good enough

[rubycodez]

Wrong, since Windows source is closed there could be privacy invading components that are unknown. You fail at comprehending the problem

Re:not good enough

[Darinbob]

This is believable. There's nothing in this that requires new fundamental operating system infrastructure. Except maybe Cortana but that's more of an application than an operating system component, and the first thing any thinking person would shut off or uninstall).

Re:not good enough

[rudy_wayne]

... or just disable the features you don't like... like you could have done all along. If you can use Linux, you can disable any feature you don't like from Windows.

Except that in Windows 10, you can't. There are many things for which there are no settings to disable them. And even you dig deep, it still doesn't work. But don't take my word for it. Try it.

Open Task Manager and kill Cortana. It immediately comes back. This is just one example of Microsoft going back to the old scam they used years ago, "We can't remove Internet Explorer because it's too deeply embedded in the OS".

Re:not good enough

[hyperar]

... or just disable the features you don't like... like you could have done all along. If you can use Linux, you can disable any feature you don't like from Windows.

Except that in Windows 10, you can't. There are many things for which there are no settings to disable them. And even you dig deep, it still doesn't work. But don't take my word for it. Try it.

Open Task Manager and kill Cortana. It immediately comes back. This is just one example of Microsoft going back to the old scam they used years ago, "We can't remove Internet Explorer because it's too deeply embedded in the OS".

So?, what's the problem?, just don't use it, i don't use neither IE nor Edge they are just there, what's the problem?.

Re:not good enough

[rubycodez]

I see no evidence of this quality impact you are talking about in open source OS. You are going to claim HP/UX or AIX or Windows Server is of higher quality than Linux or the BSD? Nonsense, no sane person would ever put any of those OS directly on the internet because of their poor quality leading to security holes.

Open source is looked at by third parties and ten thousandth parties, the developers don't all work for one company and contributions are made from non-core developers.

Re:not good enough

[hyperar]

Wrong, since Windows source is closed there could be privacy invading components that are unknown. You fail at comprehending the problem

As the AC said, did you checked the Linux source code to check for "privacy" invading components?, know anyone that did it?, if OSS source code would be checked as much as the community claims it is, there would be several years old bugs on massive components like OpenSSL and such. Don't get me wrong, you could do it if you want to, there's just not that many people willing to do it.

Re:not good enough

I think you need to do some research on what cortana collects on you even when youre NOT using it.

Re:not good enough

[mattventura]

The difference is that FOSS software is generally created by people to fill their own need and shared with others because they have no reason not to, whereas proprietary software is far more often made for profit which encourages monetization and/or tracking methods that negatively impact the user such as the case here. Not saying there aren't exceptions to both, but that's generally the case.

Re:not good enough

[Bite+The+Pillow]

17 years of disassembly experience should serve me well. Buy I am not allowed to share my changes. Perhaps the Mickey mouse laws should be challenged. Again.

Re:not good enough

[thegarbz]

Don't use what? Cortana?

I don't use it. I disabled search features. I also live in an area where Cortana is not available. And yet every time I hit the start button and start typing some of my information is sent to servers related to the Cortana service.

Likewise I've removed a lot of the shitty live tiles. That doesn't stop the money app getting up to date stock information that it won't be displaying.

You can't not use some of these features, not without a firewall.

Re:not good enough

[SuricouRaven]

I have been examining Windows Ten with a packet sniffer, and can confirm both of these claims. Even if you disable cortana and searching bing from the start menu, typing anything in there still results in a connection to a server associated with Bing - I don't know what's in that connection, as it's TLS. I've also confirmed that it does attempt to update the live tiles even when said tiles have been removed, as I see connections to servers such as foodanddrink.tile.appex.bing.com.

Re:not good enough

[Opportunist]

Even if you didn't use IE, it was always there and ready to be used by people who wanted into your PC.

Just 'cause YOU don't use it doesn't mean it cannot be used. IE was one of the key entry points for malware throughout its existence. Whether you used it or not was secondary, what mattered was that any attacker could rely on it being there.

Re:not good enough

[AmiMoJo]

Open Task Manager and kill Cortana. It immediately comes back.

I've seen people saying that a couple of times. I disabled Cortana (well, I set all the privacy options during install and never /enabled/ Cortana) and the task doesn't run at all.

Re:not good enough

Flashback to Vista where several system services were hogging the CPU, I/O and harddrive, even during light use, some of which were basically unkillable.

Made me upgrade to XP at the time, even though the "Vista-compliant" hardware weren't really 100% compatible.
Infuriating times.

Re:not good enough

[guruevi]

LOL. Don't know whether you're funny or serious but Win10 is all but unusable for people coming from XP/7

Re:not good enough

[chihowa]

...I don't know what's in that connection, as it's TLS.

Is the TLS certificate hardcoded, or will it accept certificates from another CA if you add them to the Windows CA store? Let's try to crack that sucker open...

Re:not good enough

[rubycodez]

No it isn't, can't even cut and paste text from important popups to look up error codes. It doesn't include all the basic utilities that real operating systems have. It's crippled to run only on a certain amount of processors. it's rubbish

Re:not good enough

[jakimfett]

Personally, I went the "Debian, but remove systemd" route.

Re:not good enough

[LessThanObvious]

The Start Menu Search Bar is for lazy people. Back in my day we just had Run, you had to actually know that you wanted and that's the way we liked it.

Re:not good enough

[jones_supa]

No disagreement there, but it still is higher quality than Linux.

Re:not good enough

[EndlessNameless]

The service is probably configured to restart on failure. This is why you don't terminate services from Task Manager. Killing the process there means it will not exit cleanly, which causes the service controller to interpret it as failed---and respond accordingly.

Either use the UI management console (services.msc) or the command line (net stop SERVICENAME).

If you insist on killing services using the wrong tool, you should set those services to "Take No Action" on first/second/subsequent failures in the service management console. There may still be events logged for abnormal termination, but the service controller will no longer restart the service.

Re:not good enough

[toddestan]

I don't know if they've improved it, but the search in Windows 7 is so broken that I'll usually just use dir /s at the command prompt to find files.

I'm not a panicky guy but...

[Maxo-Texas]

I've been with windows for close to two decades.

But I'm probably going to either use an older windows box or just bite the bullet and go to linux for my "real" machine. I might use windows for a gaming machine.

I've used openoffice then libre office for years now and no longer even occasionally dip back into Word.

I've disliked the tighter microsoft email/social account integration for a while now.

I really dislike what I'm hearing about the new o/s. I stopped using facebook because of similar actions.
it's like being fabulously wealthy isn't enough. If windows 10 goes forward as is, I probably won't go with it.

Re:I'm not a panicky guy but...

[MrL0G1C]

Ditto, I hate the idea of MS spying on what I'm doing and it's not known what info they still send back even though you've turned off all the privacy destroying options. And now they're refusing to say what the purpose of new updates is.

So, fuck you Microsoft, I'm advising everyone to install Linux from now on, this crap is not worth it, not even for free.

Re:I'm not a panicky guy but...

Maybe you missed that Microsoft have made it increasingly difficult and misleading to get around setting and and logging into a Microsoft account. Maybe you missed that not all the snooping can be turned off. Or maybe you're just trolling.

Re:I'm not a panicky guy but...

[theArtificial]

If you can use Linux, you can easily disable any feature you don't like on Windows

For those not using the corporate version please share the steps for disabling telemetry. Another Slashdotter posted an interesting video that captured packets when programs, such as calculator, were opened. This was with the settings as private as they could be made: Cortana off, smartscreen off, bug reporting off, everything he could find turned off.

Re:I'm not a panicky guy but...

[Intrepid+imaginaut]

Yeah enough is enough, a line has been crossed.

Re:I'm not a panicky guy but...

[Harlequin80]

You will ask yourself why you didn't do it earlier Maxo. I would recommend you start with Linux Mint, I think it is the best distro by far if you want a machine that just works and feels natural.

For myself I have been running Linux on my main machine for the last 5 years and keep a windows box for games. Having small kids and a more than full time job means it doesn't even get turned on that much anymore. Add on to that that more and more of the games I play are appearing in Linux and windows gets used less and less.

Re:I'm not a panicky guy but...

[hyperar]

If you can use Linux, you can easily disable any feature you don't like on Windows

For those not using the corporate version please share the steps for disabling telemetry. Another Slashdotter posted an interesting video that captured packets when programs, such as calculator, were opened. This was with the settings as private as they could be made: Cortana off, smartscreen off, bug reporting off, everything he could find turned off.

What did those packets transfered?

Re:I'm not a panicky guy but...

What did those packets transfered?

That's an interesting question, but it's beside the point.

Those of us concerned about this telemetry data are more concerned that any packets exist in the first place. There is no rational reason for Win10 to reach-out to Microsoft's servers (or any servers) when an application like the calculator is opened, especially if all of the supposed "privacy" features are set to a mode that implies that no data will be shared with the outside world.

If you genuinely want to know what the packets contain, then I bear you no ill will for asking the question. But do keep in mind that the content of the packets is of little importance to the main topic.

Re:I'm not a panicky guy but...

[mcrbids]

I'm advising everyone to install Linux from now on, this crap is not worth it, not even for free.

If you're this late in the game and *finally* saying this, well, welcome to the club!

I switched almost 20 years ago to Linux, when my Windows 98 computer emailed a word file of customer names and (private) contact info with a virus. Realizing the risk of staying with an insecure platform, I jumped to using Linux for my workstation full time.

I've never looked back.

RedHat Linux became Fedora/RHEL/CentOS but picking the "main" commercial distro at the time has paid enormous dividends over the years! In the intervening years, I went from newbie to experienced software developer, with pay scale to match. Security has been excellent; the constant plague of malware and virus updates are a long distant memory.

This while serving thousands of users at hundreds of clients 24x7.

Yes, I still Windows - for games. And that is dwindling.

Re:I'm not a panicky guy but...

[SuricouRaven]

I can't tell you what, but I can tell you where: licensing.md.mp.microsoft.com. You can see the DNS lookup too, and the IP matches.

Re:I'm not a panicky guy but...

[rastos1]

Have a look: https://youtu.be/qdYL0_xOXW4?t=286

I see there "Microsoft account" - does it indicate that the username/password live in the cloud? The whole thing is Microsoft OS. Why would I assume that it talks about Microsoft corporation and not local Microsoft software? Does it explain that the account will be used to sign in to both the PC and online services? Until now the accounts used to log in into the operating system were stored locally on that PC or in the logon server that is under control of the LAN admin.

I see there "No account? Create one!" - does that indicate whether the new account is local or live in the cloud?

I see there "Skip this step" - does it indicate that I want to create a local account or does it say that I don't want to create account at this time?

Now can you explain how is that imaginary?

Re:I'm not a panicky guy but...

[Maxo-Texas]

In my case, the games I play are appearing on tablets. I spend more time on my tablet each day than on my computer.

I tried out knoppix and was reasonably happy with it. And I made a strategy of finding and getting used to opensource programs that worked both on windows and on linux equally well. So when I swap over, I'll be familiar with my software stack.

I suspect the windows 8.1 pc I bought will be the last microsoft desktop computer I'll ever buy.

Re:I'm not a panicky guy but...

[baerd]

I would really like to know the most newbie friendly Linux today to try it out. I have no interest in learning the nuts and bolts during the install I just want to click next a bunch of times and start using it. Is there such a thing? Like many I can't cut ties to Windows due to gaming but I'd like to give Linux a try despite not having a lot of time to learn a new OS.

Re:I'm not a panicky guy but...

[Alien54]

signing in with an MS account is needed to that Cortana can work

After 10 is set up you can switch to a local account, or use the non express other option to eventually use only a local account

discussed here among many other places on the web

http://www.networkworld.com/ar...

Re:I'm not a panicky guy but...

[Harlequin80]

Even better then. Games and photoshop are my only things keeping windows around.

Knoppix is a decent distro but will come with a higher culture shock than mint. Also while this will probably start a flame war I prefer the look of Cinnamon (Gnome) to the LXDE interface which is Knoppix's default. I tend to only use LXDE when I am running on something with really no grunt, ala an atom.

Re:I'm not a panicky guy but...

[Maxo-Texas]

I appreciate the advice and will look into mint.

The reason I tried Knoppix was the "no install boot disk".

I'm familiar with unix from college but there will still be quite a learning curve once I get past the pretty face.

Re:I'm not a panicky guy but...

[MrL0G1C]

Linux Mint is probably the best, it doesn't worry about patent stuff and so will play back more movies etc.

But if games is your thing then Ubuntu is the one to go for, but AFAIK Mint is based on Ubuntu so maybe steam works with it too.

Note: KDE is more like windows UI-wise.

Linux Distributions Supported by Steam - Linux Issues - Knowledge Base - Steam Support

Re:/facepalm

Just a day or two ago /. does the responsible thing and posts an article that actually discusses what is going on and shows that it's really not that big a deal. The very next day they're bad to spreading fud. Make up your mind, and stop trying to have it both ways.

So basically install the next piece of global spyware shit that Windows is, then spend a few days reading how to disable all the spyware shit. Then hope that it was all of it because you can never know. It is closed source for a reason.

Here have this true post that got modded -1 for literally being factual. It also was beneath an "account holder" that got modded 0. Facts.

http://hardware.slashdot.org/comments.pl?sid=7860731&cid=50336091

And have this one, same true links, also modded -1.
http://tech.slashdot.org/comments.pl?sid=7814945&cid=50277265

Everybody should begin their posts with those links, see if you can even see Slashdot at all without moving the sliders to see -1 and 0 modded posts. ,,|,,

And if you even say haha derp Windows rules... you are looking at Insightful +5. Facebook and Twitter buttons... and lies, go figure.

What pissed me off...

Was when I was looking at the app store, but it said I had to log in to my microsoft account to use any of the apps. OK, logged in with my hotmail account which has a long complex password, which was copy/pasted with my password manager. I turn my PC off for the night, next day it won't take my usual password because it's now not a local machine logon, but is my microsoft logon, which I can't fill in because I can't open my password manager. Luckily I backup the keepass data to a USB flashdrive, so I fire up my other real OS which is linux so I can write down the frigging password to get the windows pile of shit logged back in. Screw MS... wiping the drive and installing linux.

Re:What pissed me off...

[Darinbob]

Avoid the app store. I think it's utterly ridiculous that you need a third party account merely to use the free applications. It only does this because it wants people to have that account so that they can push their stupid store on users; once you have the account it thinks people will be hooked and start spending money on stuff, one-touch click to install useless junk, etc.

And of course once you have a linked Microsoft account, it can really go full bore on tracking what you run, what you buy, what you search for. All in the fictitious name of improved customer experience.

Re:What pissed me off...

[perryizgr8]

I think it's utterly ridiculous that you need a third party account merely to use the free applications

Umm...what?! This is exactly what Apple and google have been doing since day 1. At least microsoft still allows side-loading.

Re:What pissed me off...

[AmiMoJo]

When you logged in to the app store you were asked if you wanted to convert your account to a Microsoft online account, or just log in to the app store. You must have ignored that question and blindly clicked through it, and hence your account was converted (unfortunately that is the default).

http://www.guidingtech.com/ass...

Re:What pissed me off...

[Darinbob]

I can use my Mac and all of the applications that come with it without using an Apple ID at any time. I would need an Apple ID to get any of their thousands of pointless fluff from the store. However on Windows 8, you can not use the built in Mail app (the metro version) without having a Microsoft account. When installing/upgrading to a new OSX version it does not ask you to use or create an Apple ID, yet that is what Windows 8 and 10 will do.

Apple and Google do this on their smart phones; Windows 8 is for a desktop computer.

Re:/facepalm

[hyperar]

Just a day or two ago /. does the responsible thing and posts an article that actually discusses what is going on and shows that it's really not that big a deal. The very next day they're bad to spreading fud. Make up your mind, and stop trying to have it both ways.

So basically install the next piece of global spyware shit that Windows is, then spend a few days reading how to disable all the spyware shit. Then hope that it was all of it because you can never know. It is closed source for a reason.

Here have this true post that got modded -1 for literally being factual. It also was beneath an "account holder" that got modded 0. Facts.

http://hardware.slashdot.org/comments.pl?sid=7860731&cid=50336091

And have this one, same true links, also modded -1. http://tech.slashdot.org/comme...

Everybody should begin their posts with those links, see if you can even see Slashdot at all without moving the sliders to see -1 and 0 modded posts. ,,|,,

And if you even say haha derp Windows rules... you are looking at Insightful +5. Facebook and Twitter buttons... and lies, go figure.

Couple of days of reading?, like you could just click the damn "Privacy options" link at install time and uncheck the 4 or 5 options. I get it, you're used to Linux, where you need 743 command line commands to do anything, but, c'mon

Disable Forced Updates on Home

[Prototerm]

To disable forced updates, go into Services and set Windows Update to Disabled. Then put an icon for Services on the task bar

Re:Disable Forced Updates on Home

[SuricouRaven]

The updates are the one contact to Microsoft I don't want to disable.

Re:Disable Forced Updates on Home

[Opportunist]

And don't remember to repeat the rain dance after every update, because MS will fix the mistake you made.

Re:/facepalm

If you don't think having integrated spyware, adverts and forced updates in your OS is "not that big a deal", then you are a fucking moron.

The lack of control

The thing that pisses me off about Windows 10 is the apparent lack of control the user has with their own machine. Exhibit A: http://www.tenforums.com/attac...

Check out the real-time protection option. "You can turn it off temporarily, but if it's off for a while, we'll turn it back on automatically." What bullshit is that? First, it doesn't tell you what it constitutes as "a while". A day? A week? A month? Second, the fact that it believes that power users are extinct and might have an edge-case for permanently disabling it is ridiculous. It's based off of Microsoft Security Essentials, and I disabled the real-time protection when installed on Win 7 on my netbook because it was just too much for the poor little Atom processor to deal with. If I needed to scan something, I'd do it on-demand. Here, I have no permanent solution because Windows 10 thinks it knows better than my situation.

Windows 10 is peppered with many other areas which make me feel less in control than I used to. I know that I can't have full control when running a proprietary system, but it's all about degrees, and Win 10 feels far less catered for power users than Win 7.

Re:The lack of control

[hyperar]

The thing that pisses me off about Windows 10 is the apparent lack of control the user has with their own machine. Exhibit A: http://www.tenforums.com/attac...

Check out the real-time protection option. "You can turn it off temporarily, but if it's off for a while, we'll turn it back on automatically." What bullshit is that? First, it doesn't tell you what it constitutes as "a while". A day? A week? A month? Second, the fact that it believes that power users are extinct and might have an edge-case for permanently disabling it is ridiculous. It's based off of Microsoft Security Essentials, and I disabled the real-time protection when installed on Win 7 on my netbook because it was just too much for the poor little Atom processor to deal with. If I needed to scan something, I'd do it on-demand. Here, I have no permanent solution because Windows 10 thinks it knows better than my situation.

Windows 10 is peppered with many other areas which make me feel less in control than I used to. I know that I can't have full control when running a proprietary system, but it's all about degrees, and Win 10 feels far less catered for power users than Win 7.

That's weird, i have another AV installed on mine since install and Windows Defender is disabled since then.

Re:The lack of control

[hyperar]

The thing that pisses me off about Windows 10 is the apparent lack of control the user has with their own machine. Exhibit A: http://www.tenforums.com/attac...

Check out the real-time protection option. "You can turn it off temporarily, but if it's off for a while, we'll turn it back on automatically." What bullshit is that? First, it doesn't tell you what it constitutes as "a while". A day? A week? A month? Second, the fact that it believes that power users are extinct and might have an edge-case for permanently disabling it is ridiculous. It's based off of Microsoft Security Essentials, and I disabled the real-time protection when installed on Win 7 on my netbook because it was just too much for the poor little Atom processor to deal with. If I needed to scan something, I'd do it on-demand. Here, I have no permanent solution because Windows 10 thinks it knows better than my situation.

Windows 10 is peppered with many other areas which make me feel less in control than I used to. I know that I can't have full control when running a proprietary system, but it's all about degrees, and Win 10 feels far less catered for power users than Win 7.

And to be fair, no power user will run a PC, specially a Windows PC without an AV, plus activating the an AV ocasionally is pointless, if it isn't on all the time, why putting it on anytime?

Re:The lack of control

[SuricouRaven]

Windows 10 assumes the user to be technologically ignorant because the vast majority of computer users *are*.

Computers have matured to the point where, like cars, you need only the vaguest idea how they work in order to use them. There was a time when anyone who wanted to drive a car needed to be familiar with the technology in order to carry out frequent maintenance and repair the many breakdowns in the field - that is where computers used to be. Now the car is a mature technology people can stop worrying about how their car works and treat it as a magic moving box, needing to contact an expert only on the rare occasions it goes wrong. That almost works for computers too now.

Re:The lack of control

[thegarbz]

To be fair all the evidence (unpatched machines, zombie machines participating in botnets, and general clueless idiots not knowing what their computer does) points towards a realisation by Microsoft that they can fix self destructive users by not giving them a rope by which they may hang themselves.

It's a shame they don't have some kind of expert mode, but the reality is most users NEED things like Windows Defender to re-enable itself because they are too dumb to keep their computers malware free.

Re:/facepalm

[Dutch+Gun]

Well, don't worry. This is pretty much guaranteed to happen with each new release of Windows. Also, the article isn't as hysterical as the headline makes it out to be. I think it's a good thing for people to be made away of all the privacy controls and their implications.

There are some serious and legitimate privacy concerns, but nearly every single privacy invasive feature can be turned off, and that's really important. What's the downside? There are some features that rely on the ability to talk to Microsoft servers and read various personal data, like e-mail, calendars, and contacts. A personal digital assistant like Cortana needs to know a LOT about you to be effective. Another one is cloud synchronization - obviously, if you want your various PCs and devices to be synchronized automatically, personal data will need to be stored in Microsoft servers so they can be transferred between your machines. Whether you consider those "privacy invading" or "neat new features" (or both) largely depends on your perspective.

We've heard reports about a few services still communicating with MS servers. This isn't exactly a huge concern to me, as I'd expect a few things like activation and updates to still talk to MS. There may be a few other things that slip through the cracks (like start menu tiles still refreshing even though they're all removed), but it doesn't have the feel of anything malicious to me. Others may choose to believe the worst, of course.

One of the big issues for me is the forced updates, because that has serious implications regarding stability (I've personally had to roll back a seriously bugged Nvidia driver until it was fixed many months later). We've already seen problems with this, so it's not really a theoretical concern. I've heard Microsoft may be backing down a bit, acknowledging that people need to be able to block known bad updates / drivers, and have released a standalone tool that can do this. My bet is that this will later be integrated into Windows myself, but at least it's possible now.

I'm not a big believer in conspiracy theories about MS scanning your drive and sending your personal data away. What's the motivation? Plenty of people will gladly opt in (or more accurately, choose not to opt-out) just to get the convenience of automatic cloud backups, synchronization, and an intelligent digital assistant. They're not going to care about the minority of people that are privacy-concerned enough to shut off all those features. They stand to lose FAR more in lawsuits, lost consumer confidence, and political probes than whatever they might gain from it.

Too many GUI changes to do -- needs simplification

From all the articles I've read about Windows 10, it looks like there are quite a number of settings that must be made to stop all that "phone home" behavior.

The number of changes is large enough so that I don't trust myself to do them all by clicking various GUI screens. I'll inevitably miss one or get it wrong -- which is unacceptable when privacy and security are at stake.

Does anyone know of any software yet that fixes Windows 10's abuses using a single-step installer?

Re:/facepalm

Couple of days of reading?, like you could just click the damn "Privacy options" link at install time and uncheck the 4 or 5 options.

Two major problems with that:

1) There aren't options to disable all of the spyware in Windows 10.
2) Even when you "disable" the options that you are graciously allowed to by Microsoft on your own PC, it still sends that data anyway.

If you knew how to use a packet analyser, you could see that for yourself instead of posting comments that reveal what a clueless idiot you are.

Re:EULA?

[Darinbob]

I thought they were Geniuses(tm)?

Re:/facepalm

[Darinbob]

It is a big deal. However some people have been brainwashed into not caring about privacy. "Oh, it's just for providing a better customer experience, I'm all for that!", or "I love advertising, especially when it's targeted!", or "I like things in the clouds, especially the bunny shaped ones", or "when has Microsoft ever been evil?"

Re:/facepalm

[Darinbob]

Couple days of reading articles about Windows 10 that is, not to read the checkboxes. Only someone who trusts Microsoft would trust those checkboxes to do what they say.

Re:/facepalm

[Darinbob]

Can you trust that they are being turned off? Microsoft does not have a good track record when it comes to telling the truth. Even after turning off those options it seems that Windows 10 is still transmitting a lot of data that appears to be telemetry. Even if this is purely benign data, it is not their network and it is not free so they should not transmit anything without the user's explicit permission.

Re:/facepalm

[timrod]

I think the problem is that MS isn't being completely clear as to what it is they're collecting or why they're collecting it. Take those seven or eight updates to Windows 7 and Windows 8.1 that added forced telemetry collection. No one really knows what it is those things are collecting - MS's own update really doesn't say much other than "It's information needed to ease the transition between Windows 7 or 8.1 and Windows 10" and "It's for customer experience improvements". On top of this, all of the telemetry updates were marked as "Important" in Windows Update, meaning that they'll be automatically installed on most update configurations.

If MS really had some reason to do this, they should have said exactly what it is they were collecting and why from the get-go, and also had a clear opt-out provision. Failing to do this is what's sparking a lot of paranoia - I've heard everything from "MS's telemetry service is logging everything you type and sending it to MS to improve autocorrect functionality" to "MS is actively recording input from attached webcams and microphones and sending it to MS servers".

I think if MS were to put out a well-thought out announcement telling people why it is they're doing this, a lot of the paranoia would go away.

Interesting game. The only way to win is not to pl

[The_Laughing_God]

Equivalently: "How may I [consort with] a brothel of multiply infected hookers who have graduate biomed degrees, practical research in communicable infection and a fervent INTENT to infect their customers?"

As WOPR said in "Wargames", 30+ years ago, "Interesting game. The only way to win is not to play."

Simple

Don't DOWNGRADE to WIndows 10. Windows 7 is superior to Windows 10. If you installed Windows 10 remember you have 30 days to change your mind and UPGRADE back to Windows 7.

Captcha: Undoing

Re:/facepalm

[hyperar]

Couple days of reading articles about Windows 10 that is, not to read the checkboxes. Only someone who trusts Microsoft would trust those checkboxes to do what they say.

So is like you can't win, if there are no options, it's because you don't have options, if you have options, then they don't work on purpose, Why would you even consider using Windows in the first place?

Got FixAp??

[laurencetux]

base points for a working ap and 4X for hardware and add 2 to the multiplier if you post detailed plans and a firmware image.

Just be patient and wait?

[AbRASiON]

Within 3 to 6 months some tool will come out from someone, similar to classic shell but for privacy. It'll disable any and everything properly and "fix" any odd crap straight up.

Let other people get messy with it.
I mean you could just not use it but for some of us, that isn't an option.
I'm happy to wait for a cool tool, probably be published like most useful free tools on Ninite.com as well, it'll be a piece of cake.

Let others beta test.

Re:Just be patient and wait?

[gx5000]

"Let others beta test."

Seems everything out there nowadays is Beta if not Alpha.
I miss the pre-social media days (the 80's) so bad.
Alta-Vista and my old BBS.

Re:/facepalm

[Darinbob]

Because it used to be an operating system and had not yet turned into a smartphone wannabe.

The solution...

[sarguin]

... http://www.linuxmint.com/

"And nothing of value was lost"

[davidwr]

It's worth noting, however, that changing any of these options may disable various OS related services, namely Cortana, as Microsoft's digital assistant has it tendrils buried deep.

And nothing of value was lost.

Richard Stallman is now playing

the worlds smallest open source violin.

Re:/facepalm

[LesFerg]

Just a day or two ago /. does the responsible thing and posts an article that actually discusses what is going on and shows that it's really not that big a deal. The very next day they're bad to spreading fud. Make up your mind, and stop trying to have it both ways.

But it's worse than that; this is an article telling noob users how to open Settings and untick a bunch of options. With screenshots. Any regular slashdotter should feel quite insulted having this article posted here. Seriously, somebody thinks we need to see some screenshots of how the Settings pages work.

Re:I had high hopes...

[LesFerg]

Yes but with vmware viewer installed, I can run a really fast Linux desktop inside of win10.

The 'Settings' is where they fool you

[sasquatch989]

Just because you kill a feature in 'settings' doesnt mean that they have to oblige. You can't see the code so you cannot be sure if changing the settings actually changes anything

Re:/facepalm

[hairyfeet]

Uhh yeah..about that? those are like the button at a stoplight, makes ya feel good but don't do shit...didn't ya get the memo? Unless you set up a hardware router with IP based blocking and block a shitload of IP addresses then everything you do is getting sent to the mothership whether you like it or not.

You didn't think you'd get anything "free" from MSFT, did you? Hell its the most expensive version of Windows EVAR as not only do you trade a legit key from a non spyware version of Windows but you ALSO give them your data for sale, so you get to double pay for that "free" OS...hell of a scam,huh?

Re:/facepalm

[Darinbob]

They're going to market you to advertisers and sell their customer lists, if you ever get an app (don't do this!) they'll let the app makers know what similar apps you have purchased. Their goal is to out-google Google, and out-apple Apple. They know they're behind in the customer monetization game and are trying to leapfrog past the others. Windows is in a decline as the casual users are moving to phones and tablets so Microsoft is desperate here.

Just look at Windows 8, the whole thing from top to bottom that they marketed was purely about getting eyeballs to their useless store and getting users to sign up with Microsoft ID accounts. When beta users figured out how to bypass the Metro stuff and go straight to the usable desktop, the very next patch disabled this ability because their goal was to get everyone to that start screen where the monetization starts. Sure they fired the VP in charge of Windows after this, but are you really sure all the decision makers who pushed for that idea are really reformed?

2015 just might be the year of the Linux Desktop

[Gravis+Zero]

Thanks Microsoft! Windows 10 gives all the users that were thinking of trying Linux an obvious incentive to make the switch!

Re:/facepalm

[hcs_$reboot]

If you knew how to use a packet analyser, you could see that for yourself

All of that likely to be encrypted, though

trust

[amberdalan]

The only sure way to prevent win10 from installing, monitoring, reporting, narcing, and doing things on your privately owned hardware, with your privately paid for internet connection, is to Never install it. Ever. If you doubt me try rolling back. Go on. Try it. I'll wait.

Re:/facepalm

[hcs_$reboot]

I get it, you're used to Linux, where you need 743 command line commands to do anything

Usually switching from mouse/GUI to a terminal allows you to do exactly precisely what you want in a few commands (and if you need 743 commands, make a shell script, which becomes one command). And you also usually get a level of feedback (errors...) you wouldn't have with the Gui.

Photoshop / Lightroom anxiety

[DoofusOfDeath]

My wife has a small photography business, and Photoshop and Lightroom are huge aspects of her photo editing workflow. She's invested untold hours building up skills in them, and that proficiency really pays off in terms of the quality and speed of her editing work.

Right now she edits on our Windows 7 box. I'm almost dead set against us using Windows 10 because of this privacy crap (and now I apparently have to try undoing the telemetry those assholes snuck into Windows 7.)

I feel caught between a rock and a hard place, because switching to a Mac would be an unwelcome expense for us. Also an business risk, since I can cheaply repair or upgrade a PC, but I have not expectation of being able to do that on a Mac. So if a Mac craps out near one of her deadlines, I'm not confident that I can get it (or a replacement) online as fast as we really want.

I'm just amazed at how hard Microsoft is working to drive us away. They've gone from being a reasonable partner for our kind of business (Windows 7), to being one of our largest sources of medium- and long-term risk. They're now making our decision to use Windows for her business, into a strategic mistake.

I really hope Adobe comes up with some decent solution to people in our shoes. If they have a Linux port of Creative Suite in their back pocket, this would be a dandy time to start selling it.

Re:Photoshop / Lightroom anxiety

[ruir]

Have you heard about the latest updates bringing this marvellous 1984 functionality to Windows 7 and 8, you know, for you to have one less reason to upgrade to Windows 10? Guess not...

Re:Photoshop / Lightroom anxiety

[DoofusOfDeath]

Have you heard about the latest updates bringing this marvellous 1984 functionality to Windows 7 and 8, you know, for you to have one less reason to upgrade to Windows 10? Guess not...

Actually yeah, although I was caught off-guard until I read about them. Fortunately they're optional updates, and I hadn't installed any of them yet.

Re:Photoshop / Lightroom anxiety

[ruir]

MacBook Pro 15'' are renovating their technology, and the 2014 model is with a very interesting price range at least in the US as we speak...for someone who uses photoshop and Lightroom, there could not be better alternative.

Re:Photoshop / Lightroom anxiety

[DoofusOfDeath]

Thanks for the tip!

Re:Photoshop / Lightroom anxiety

[StormReaver]

It's a long-shot, but maybe WINE will run Adobe Creative Suite (but probably not).

That being said, Richard Stallman saw this coming a long time ago. After years of thinking he was a crackpot, I eventually understood his perspective when he said that it's better to use a Free program with fewer features than a proprietary one with more features. After getting the rug pulled out from under me too many times by proprietary software, I went purely FOSS in 1999. I sometimes have to be creative in my solutions, but I don't consider that to be a bad thing. And my freedom is worth it.

Windows 10/Adobe Creative Suite is a case study in what I have come to accept as Stallman's fundamental truth on the matter, and is the rule of proprietary software rather than the exception.

Re:Photoshop / Lightroom anxiety

[DoofusOfDeath]

I think I agree with everything you say, but there's an unfortunate catch, at least for my wife's kind of business. The ecosystem around Photoshop and Lightroom is so extensive and useful, that I really don't think she'd ever be able to edit photos as quickly or as well using the obvious OSS substitutes. It's possible she could come close, but I'd be very skeptical that we could ever justify the time it would take her to adapt her skillset and to adjust her workflow.

That's just an unfortunate reality of running a small business while also being a wife and mother: time is money, and both are often in short supply. So time-efficiency, as well as quality output to make happy customers is huge. So although I like to minimize all kinds of risk (e.g., that introduced by depending on proprietary OS's and apps), we probably just can't afford the time investment it would require.

Now it's possible that there are OSS substitutes for Photoshop and Lightroom (and the various 3rd-party tools, and user communities) that would make the switch practical. I'm just not aware of them. I'd be glad to hear any practical suggestions.

Re:Photoshop / Lightroom anxiety

[Black+LED]

Doesn't matter what other OSes are doing. That does not make it OK for Microsoft to sucker people into getting a "free" crippleware update that sneaks in all sorts of spyware and advertising.

Cortana cannot be uninstalled and even when "disabled", it still spies on you. At least on my phone, I can and do run a custom AOSP build, sans Google crap.

Re:Photoshop / Lightroom anxiety

[tehcyder]

I feel caught between a rock and a hard place, because switching to a Mac would be an unwelcome expense for us. Also an business risk, since I can cheaply repair or upgrade a PC, but I have not expectation of being able to do that on a Mac. So if a Mac craps out near one of her deadlines, I'm not confident that I can get it (or a replacement) online as fast as we really want.

No offence, but is your business really so small you can't afford a spare Mac? Judging by the prices of professional photographic hardware, I'd have thought the price of a spare laptop was chicken feed.

Re:Photoshop / Lightroom anxiety

[DoofusOfDeath]

No offence, but is your business really so small you can't afford a spare Mac?

Not impossible, just painful. Not sure if you've ever run a small business before, but cashflow can sometimes be very limited, especially in the early stages. Bear in mind that cameras and other photo equipment also compete for budget.

Re:Photoshop / Lightroom anxiety

[toddestan]

I wouldn't sweat it too much at this point anyway. You've got almost 5 years of support left on Windows 7, and if you're willing to put up with Windows 8.1 you'll be supported until 2023. Though I'm not sure for how much longer you'll be able to easily get a Windows 8.1 license.

Re:/facepalm

[SuricouRaven]

3) Those are the obvious options. There are many more burried all over the place, under control panel and settings, every one of which is invasive-by-default. It's quite the quest to find them all, and even when you do find them all you only run into 1) anyway - you've reduced the spying a bit, but not eliminated it.

You can't even run calculator or the image viewer without Microsoft knowing. Really. Every time you do, it establishes a connection to licensing.md.mp.microsoft.com. I think it does that for all the new-style-interface apps, perhaps checking for revocation or collecting usage statistics.

Re:/facepalm

[SuricouRaven]

Almost all. At least MS is being sensible here and making sure only they can spy on it, not half the internet via traffic interception. The only unencrypted thing I've found are updates for the live tiles, which are plain old HTTP grabbing mostly XML files.

Re:/facepalm

[Opportunist]

Although Win8 really tried hard.

Re:/facepalm

[Opportunist]

Just 'cause you're paranoid doesn't mean that they ain't out to get you.

But seriously. If I had to sell a product that was potentially harmful, the first thing I'd do as soon as stories about the harm it can do start to surface is to launch a flood of even more outlandish claims (like smart meters burning your house or killing your pets) to make the original, correct, claims look like yet another batch of crazy loonies having a field day.

It's basically misinformation 101.

The most simple way to keep Microsoft out

[ruir]

Is not to use they turds. Do not use Windows and Office, come on. Even a 5 year old can understand it.

Re:/facepalm

[Barsteward]

it might be your computer but you just loan the OS when buying a Microsoft Operating system. Check your EULA

Re:/facepalm

[cfalcon]

> , but nearly every single privacy invasive feature can be turned off

I was going to call you a liar, until I saw the qualifier "nearly". In fact, we don't know all the things that can't be turned off. We just know about a lot of them. Note also that the methods to turn them off often only appear to work (ex: turning telemetry off in the registry only works in Enterprise, in Pro or Home or anything that a mere non-corporation can legally own, the setting is ignored).

Anyway, the reason I'm responding is because you talk about a "conspiracy theory". Don't use those words. That's not what this is.

This is OBSERVED data leaving your box, for reasons that don't help YOU in any way, and can ONLY be used to hurt you, with NO supported way to disable them. Microsoft is willing to ignore networking standards and the best interests of their customers to do this.

It's not a "conspiracy", because it's a known entity- Microsoft.

It's not a "theory", because it's not an "unproven thing" or a "framework for discussion". It's observed. You can observe it yourself, should you so desire.

The leaking is tremendous. Simply watching the network traffic on Windows 10 reveals vastly more about the user than you would expect, and that's before even caring about what's IN the goddamned network traffic.

Re:/facepalm

[Spy+Handler]

But seriously. If I had to sell a product that was potentially harmful, the first thing I'd do as soon as stories about the harm it can do start to surface is to launch a flood of even more outlandish claims (like smart meters burning your house or killing your pets) to make the original, correct, claims look like yet another batch of crazy loonies having a field day.

It's basically misinformation 101.

You just described the history of government involvement in UFOs.

Windows 10 isn't the only privacy violator

[psychonaut]

It's interesting that there's been such outrage over Windows 10's snooping, especially considering that many wildly popular proprietary programs have already been doing this for years. For instance, in 2007 Slashdot reported that Skype reads your /etc/passwd file and Firefox profile; who knows how it uses this data or where it gets sent.

The real problem here isn't Windows 10 in particular, it's running proprietary software in general. With proprietary software it's almost impossible for the average user, and usually very difficult even for experts, to discover and mitigate against privacy violations and security holes. Free software puts up no artificial barriers to security and privacy audits; any competent programmer can check the code herself, and any concerned layperson can delegate a trusted programmer to do so (or read existing reports from programmers or journalists they trust).

Rule number one for Windows 10

Use a local account instead of a Microsoft account.

That alone will disable various 'features' such as Cortana.

As for the other options to disable, they can be found here:
https://fix10.isleaked.com/

Finally, if you wish to reject Microsoft's cloud and mobile ambitions completely, run Powershell as administrator and Remove -AppxPackage every preinstalled Metro crap.
https://thomas.vanhoutte.be/miniblog/delete-windows-10-apps/

Re:Like what?

[behrooz0az]

Name one. please.
tip:
libc handles dns resolution in linux.

It doesn't matter.

The problem here is the company behind the OS and their Orwellian privacy ideas.

You can block entire IP ranges, disable services and smoulder half the registry. If they are serious about collecting this information, expect CDN servers to start taking up slack in random cities, small server providers way outside the firing line. They will find a way to get past your firewall restrictions, until you're left with nothing but an isolated machine.

You can disable and remove all you want from the core system, if you're using Windows Updates, they've won. The regular user won't have the know how to reverse engineer every update, or won't keep in the loop on critical security updates to make sure he at least turns Windows Update on once. Not everyone will be running a Enterprise version, apart from actual corporate and pirate users.

They have the ability to modify anything they want via WU. How long will your sanity last battling against the Microsoft gestalt?

This needs to be solved in a court, in a way that can make an impact on a multinational company. If not, then you're just living on a prayer, hoping that you've figured out every packet that's leaving the machine.

Re:It doesn't matter.

[erapert]

This needs to be solved in a court, in a way that can make an impact on a multinational company.

Or you could just install Linux.

Sweet, a way to disable Cortana

[HalAtWork]

So basically no downside to disabling these options then!

Re:/facepalm

[slashways]

If M$ is not clear about what there are doing; This is clearly because they want to make money with your data; with your behavior; Selling ads, selling where you are, selling what you are doing... Now you are still buying the OS, and you are the 'product' too. Fascinating!!!

A FLOSS firewall

[LichtSpektren]

Are there any sufficient FLOSS firewalls that can block all of the reporting back to Microsoft for Windows 7, 8, and 10, without breaking the automatic updates?

Try installing Zonealarm

[WerewolfOfVulcan]

You can configure Zonealarm to alert you when programs attempt to send traffic out. When Windows 10 tries to phone home, disallow it from doing so. Problem solved.

Simple - change OS

[jp10558]

I'm solving this by installing Scientific Linux 7.1. Why fight the OS and the OS vendor? That doesn't make any sense to me...

Ummm Andriod

[Gliscameria]

Microsoft sure is getting a lot of hate for what Google has been doing for years.

Re:/facepalm

[gx5000]

"into a smartphone wannabe."

Agreed, even Super SKYPE Cortana Smartphone.

Cheers.

You need to nuke Microsoft's creepy telemetry also

[magicandjewel]

Here are a few ways to accomplish it. They make use of the HOSTS file and registry settings among other techniques. (Disclosure: I'm a retired Microsoft Senior Technical Writer, i.e., I know enough not to trust them). http://www.ghacks.net/2015/08/...

Removing Microsoft's spyware.

[emil]

Remove these patches. Disable the "recommended"patches in Windows update. Run another update, and if any of these return, set them to ignore.

KB 3035583 (primary nagware for Windows 10)

KB 2952664
KB 2976978
KB 2990214 (Windows 10 upgrade)
KB 3021917 (Windows Customer Experience Improvement Program)
KB 3022345
KB 3035583
KB 3044374 (Windows 10 upgrade)
KB 3068708 (update for CEIP and telemetry)
KB 3075249 (telemetry)
KB 3080149 (update for CEIP and telemetry)

Re:/facepalm

[Opportunist]

Well, here the UFOs were most likely just some secret projects like U2 and the like. Which were Unidentified Flying Objects, so...

Windows 10 Mobile

[aquabats]

I shutter to think at what will be mined from the Windows 10 mobile update. Is there any hope of this being less open to Microsoft since Data rates apply and the FCC is involved?

The only way is: do not install MS software

[Helldesk+Hound]

How To Keep Microsoft's Nose Out of Your Personal Data In Windows 10?
The only way I know for preventing MS from accessing your personal data for their own purpose is to not install MS software.

Re:/facepalm

Uhh yeah..about that? those are like the button at a stoplight, makes ya feel good but don't do shit...didn't ya get the memo? Unless you set up a hardware router with IP based blocking and block a shitload of IP addresses then everything you do is getting sent to the mothership whether you like it or not.

You didn't think you'd get anything "free" from MSFT, did you? Hell its the most expensive version of Windows EVAR as not only do you trade a legit key from a non spyware version of Windows but you ALSO give them your data for sale, so you get to double pay for that "free" OS...hell of a scam,huh?

Out of all the people who responded to my comment here http://yro.slashdot.org/comments.pl?sid=7911631&cid=50399165

I'll respond here. Really, this shit should be put on the front page of Slashdot maybe some old school readers would actually be interested.

That link hairyfeet added above is the last piece of the puzzle. The Czech guy checked here http://localghost.org/posts/a-traffic-analysis-of-windows-10

In that article is this:

Information transmitted

All text typed on the keyboard is stored in temporary files, and sent (once per 30 mins) to:

oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
reports.wes.df.telemetry.microsoft.com

Ok so you look for whois nsatc.net

NSATC.NET - Domain Informationnew
Domain NSATC.NET [ Site Info Traceroute RBL/DNSBL lookup ]
Registrar MARKMONITOR INC. MarkMonitor, Inc.
Registrar URL http://www.markmonitor.com
Whois server whois.markmonitor.com
Created 27-Sep-2001
Updated 01-Dec-2014
Expires 27-Sep-2015
Time Left 30 days 0 hours 4 minutes
Status clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
DNS servers A.NS.NSATC.NET 199.93.44.45
B.NS.NSATC.NET 8.12.212.49
C.NS.NSATC.NET 64.152.2.44
D.NS.NSATC.NET 205.128.93.51
E.NS.NSATC.NET 212.187.162.134
G.NS.NSATC.NET 205.128.88.25
L.NS.NSATC.NET 8.255.48.47
g.ns.nsatc.net 205.128.88.25
e.ns.nsatc.net 212.187.162.134
d.ns.nsatc.net 205.128.93.51
a.ns.nsatc.net 199.93.44.45
b.ns.nsatc.net 8.12.212.49
l.ns.nsatc.net 8.255.48.47
c.ns.nsatc.net 64.152.2.44

Now who is MarkMonitor, Inc?

https://en.wikipedia.org/wiki/MarkMonitor
http://www.popsci.com/technology/article/2013-02/everything-you-need-know-about-piracy-battling-copyright-alert-system
https://torrentfreak.com/torrent-trackers-ban-windows-10-over-privacy-concerns-150822/

Ok so what happened? Microsoft took consumers money for decades of virus-laden shitware. Botnets, anti-virus suites, ransomware, all that shit.... you bought it hook line and sinker. They profited. Now they used the money consumers gave them to hire career lawyers. World gov's said hey, what the fuck? Anti-trust, etc.. then they started fuckin.

You will want to uninstall your Windows 10 "The Spyware of all Spywares Edition" because the only anti-virus that will work is Linux or other *nix.

If you installed Windows 10 because of lies about being free, or DX12, your homework is:
https://www.google.com/#q=roll+back+windows+10

You have 30 days after you took the spyware upgrade to roll back or it self-deletes the backup files.

You may or may not decide to keep any Windows at all... bu

I'm a hardcore MS fanboy, but.. this is too much

[Muson]

I'm with Windows since 3.11, had all versions. I'm also professionally MCSE/MCITP.. blablabla.. so really invested in the company... I was totally fine with Millennium. Vista was slow, I had good hardware at the moment, so it was alright for me. Put effort to like Metro on 8.1, sucks... (sigh) but I had to keep up with progress... Did upgrade to 10 few days back. But this ends here.... The last callback\telemetry MS will have from my home PC is that I'm downloading Ubuntu 14.04 and Universal USB installer.

Re:/facepalm

[kuzb]

I'm sorry, but going off half cocked screaming doom and destruction without any real evidence to back up your claims just makes you look like a tinfoil hat wearing idiot. I'm so sick of the tools here who seem to think evidence is only necessary when it contradicts their opinion. You people make us all look bad.

Batch/VBS Script that does the dirty work

[zinchalk]

There is a user over on voat.co that has made a VBS+Batch Script that blocks the suspected windows 7/8 updates that add the tracking and telemetry "features". A breakdown of the what updates are blocked are listed and since is VBS and a Batch file, you can check the internals of the tool (aptly named "Aegis") yourself. https://voat.co/v/technology/comments/459263/new