Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Keep Microsoft's Nose Out of Your Personal Data In Windows 10

Posted by samzenpus on from the and-stay-out dept.

MojoKid writes: Amid the privacy concerns and arguably invasive nature of Microsoft's Windows 10 regarding user information, it's no surprise that details on how to minimize leaks as much as possible are often requested by users who have recently made the jump to the new operating system. If you are using Windows 10, or plan to upgrade soon, it's worth bearing in mind a number of privacy-related options that are available, even during the installation/upgrade. If you are already running the OS and forgot to turn them off during installation (or didn't even see them), they can be accessed via the Settings menu on the start menu, and then selecting Privacy from the pop-up menu. Among these menus are a plethora of options regarding what data can be gathered about you. It's worth noting, however, that changing any of these options may disable various OS related services, namely Cortana, as Microsoft's digital assistant has it tendrils buried deep.

37 of 426 comments (clear)

  1. HOSTS file by Anonymous Coward · · Score: 5, Funny

    "How To Keep Microsoft's Nose Out of Your Personal Data In Windows 10"

    How about a new HOSTS file? APK?

    1. Re:HOSTS file by Anonymous Coward · · Score: 4, Insightful

      You joke, but that pretty much IS the only way. Tons of experiments and wire captures have already shown that no matter what settings you disable, the OS still sends TONS of info back to MS servers.

    2. Re:HOSTS file by gweihir · · Score: 4, Informative

      Reportedly, at least part of the addresses are hard-coded in the software in a way that bypasses the hosts-file. There are confirmed reports for the latest 4 snooping updates for Win7/8 of this, so I suspect it can be true for Win10 as well. Of course, in order to get past the hosts-file, you have to bypass parts of the networking stack, i.e. a lot of criminal energy is involved.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:HOSTS file by gweihir · · Score: 5, Insightful

      There is criminal energy involved in sabotaging mechanisms such as the hosts-file in order to deceive users. Even thinking of it requires significant criminal energy, and the strong intent to harm users.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:HOSTS file by binarylarry · · Score: 5, Insightful

      Use a modern OS instead of Windows.

      --
      Mod me down, my New Earth Global Warmingist friends!
    5. Re:HOSTS file by plasm4 · · Score: 5, Insightful

      Yeah I have to agree with you there. Going out of your way to hide something from someone is different simply not mentioning it.

    6. Re:HOSTS file by gweilo8888 · · Score: 3, Insightful

      Nope. The only realistic way is not to install it -- and you're a moron if you do.

    7. Re:HOSTS file by U2xhc2hkb3QgU3Vja3M · · Score: 4, Insightful

      Until the OS ignores your HOSTS file for some hard-coded domains. If you can't trust your OS, why are you trusting it to filter things out? The filtering has to come from outside, from another system.

    8. Re:HOSTS file by rudy_wayne · · Score: 5, Insightful

      Until the OS ignores your HOSTS file for some hard-coded domains. If you can't trust your OS, why are you trusting it to filter things out? The filtering has to come from outside, from another system.

      That's why you need to use a firewall. A real one, not that Windows Firewall crap. And block any outgoing connections you don't approve.

    9. Re:HOSTS file by Purity+Of+Essence · · Score: 4, Interesting

      That data is very valuable which is why Microsoft is going through so much trouble to get it. It's worth way more than the $100-200 asking price for a retail copy of Windows. In an equitable universe, Microsoft would be paying people to use Windows 10.

      --
      +0 Meh
    10. Re: HOSTS file by hummassa · · Score: 4, Informative

      The option to block microsoft's domains, via any interface. People already established that somethingsomethingspysomething.dll bypasses the hosts file, the dns lookups and the firewall (and who knows what else) when talking to the mothership.

      --
      It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
    11. Re:HOSTS file by chipschap · · Score: 4, Insightful

      Just run Linux, works every time.

    12. Re:HOSTS file by gl4ss · · Score: 3, Insightful

      it's not the real reason.

      the real reason is pushing the appstore and pushing it for all kinds of applications.

      pushing the appstore was also the reason why they were pushing win8/8.1 for practically free and it's the sole only reason for the shitfest that is metro(they shipped a program environment that was unfinished, unpolished and lacking in api's to replace what it was intended to replace only because they were in a hurry to release an appstore because some execs _thought_ they could get 30% of 3000$ photoshop and cad licenses, which was never going to happen anyway)

      --
      world was created 5 seconds before this post as it is.
    13. Re:HOSTS file by ancientt · · Score: 3, Funny

      Right, because keeping your browsing and application-utilization habits a secret is SO important.

      OMG somebody might know you look at porn! Or that you play video games! Or that you are shopping online for a new printer!!!

      The horror!

      Okay, mostly I agree with you, and even if 99.9% of people were aware of what's shared, almost none of them would care. Of course, in reality, I'd be surprised if even 1% of people care enough to find out.

      Lets just target that tiny fragment of the population that cares and wants to protect their privacy. Maybe you know the person behind the Ashley Madison hack, or want to blow the whistle on the NSA, or maybe you found out something terrible about Microsoft and want to email somebody about it, whatever. In this scenario, you're somehow also nuts enough that you are going to pass on your bombshell using your home Windows 10 PC.

      Wireshark and a few tweaks to your router and there is now nothing goes out that you don't want going out. Problem solved. (It's not going to last ten seconds in keeping your identity secret from any of those entities, but hey, it's not Windows 10's fault at least.)

      But wait, you must be saying, "my PC is connected without a router!" (How?) Don't worry your pretty little head about it. A couple host file edits and you're good. But "wait" you say, (complainer!) "these apps are still connecting!" So you add a handful of specific routes with the handy command line and boom (!) problem solved again. (For another ten seconds.)

      "But ancientt," you say. "I'm posting and emailing stuff all the time that could get me in trouble and I don't want Microsoft to know!" To which I reply, "Tails and VPN my child." But you ignore my advice, because of course you do. "I must secure Windows 10 permanently!" I find you irritating, but alas, I cannot resist your wiles so I offer this further guidance. Edit your registry, run your own DNS server, set the default route to localhost and only allow an IP connection to sites you've intentionally pre-configured with the route command, and now my stupid but persevering student, you have a Windows 10 configuration which will communicate with nothing undesired.

      I will not post bail.

      --
      B) Eliminate all the stupid users. This is frowned upon by society.
    14. Re:HOSTS file by thegarbz · · Score: 4, Insightful

      Until the OS ignores your HOSTS file for some hard-coded domains.

      What do you mean until?

    15. Re:HOSTS file by SuricouRaven · · Score: 5, Informative

      I've been doing it by IP range, watching a fresh Windows 10 install to see what it contacts.

      65.52.108.0/14 #update.microsoft.com, licensing.md.mp.microsoft.com, v10.vortex-win.data.microsoft.com. Update has an alternate in another range.
      104.40.0.0/13
      204.79.196.0/23 #Start menu searches.
      23.93.0.0/13
      157.54.0.0/15
      157.60.0.0/16
      191.236.0.0/14
      207.46.0.0/16
      131.253.62.0/23
      131.253.64.0/18
      131.253.61.0/24 #login.live.com
      131.253.128.0/17
      191.232.0.0/14 #settings-win.data.microsoft.com
      #Do not block these, required for updates:
      #157.56.0.0/14 #sls.update.microsoft.com
      #191.232.0.0/14 #windowsupdate.microsoft.com

      I also had to block all subdomains for appex.bing.com, appex-rf.msn.com and cms.msn.com. Can't IP-block those as they are CDNs.

    16. Re:HOSTS file by SuricouRaven · · Score: 4, Informative

      I've been testing the Windows firewall.

      If you delete the permit rules for Windows services and spying, they come back. Protected rules.

      But on Windows firewall, a deny always overrules a permit - if you explicitly deny the unwanted IP ranges, this does hold. At least in my testing so far - I've found one range that acts oddly and I think may be bypassing the firewall, but I need to confirm this.

    17. Re:HOSTS file by rastos1 · · Score: 3, Funny

      do you already have ipv6 at home and work?

      Yes.

      ipv6 does not route automagically

      Oh, really?. Leave your geek card at the door.

    18. Re:HOSTS file by rastos1 · · Score: 5, Informative

      Citation, please?

      KB3068708
      KB3022345
      KB3075249
      KB2976978
      KB3021917

  2. Ok i'm going to say it by ozduo · · Score: 5, Insightful

    don't install the damm thing!

    --
    I got to the chocolate box before you, that's why the hard ones have teeth marks.
  3. How To Keep Microsoft's Nose Out of Your Data? by Irate+Engineer · · Score: 3, Insightful

    Just install Linux.

    You're welcome.

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!

  4. Beside the point by zAPPzAPP · · Score: 4, Insightful

    Yes, I can see the options during the setup. Years of updating Java have trained me to uncheck everything.
    Anyway that is old news.

    We want to know more about the things you can not set in the options.
    Ways to prevent forced updates?
    Remove hidden services?

  5. What if there is a bug? by Marrow · · Score: 4, Interesting

    If the default is "on" , what if a bug in the code resets the setting or ignores the setting. Are there any indicators that this information is going out? Can there be any indicators? What is the amount of encrypted traffic going out from the system to microsoft? Any way to look at what is being sent at any point in time? Does it ever log what was sent? Can it?

  6. Re:/facepalm by gweihir · · Score: 3, Insightful

    It actually is that big a deal. It is just that the MS PR department managed to convince some clueless people that what they do is harmless. It is not.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  7. I'm not a panicky guy but... by Maxo-Texas · · Score: 5, Interesting

    I've been with windows for close to two decades.

    But I'm probably going to either use an older windows box or just bite the bullet and go to linux for my "real" machine. I might use windows for a gaming machine.

    I've used openoffice then libre office for years now and no longer even occasionally dip back into Word.

    I've disliked the tighter microsoft email/social account integration for a while now.

    I really dislike what I'm hearing about the new o/s. I stopped using facebook because of similar actions.
    it's like being fabulously wealthy isn't enough. If windows 10 goes forward as is, I probably won't go with it.

    --
    She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
    1. Re:I'm not a panicky guy but... by MrL0G1C · · Score: 4, Interesting

      Ditto, I hate the idea of MS spying on what I'm doing and it's not known what info they still send back even though you've turned off all the privacy destroying options. And now they're refusing to say what the purpose of new updates is.

      So, fuck you Microsoft, I'm advising everyone to install Linux from now on, this crap is not worth it, not even for free.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
    2. Re:I'm not a panicky guy but... by Anonymous Coward · · Score: 5, Interesting

      Maybe you missed that Microsoft have made it increasingly difficult and misleading to get around setting and and logging into a Microsoft account. Maybe you missed that not all the snooping can be turned off. Or maybe you're just trolling.

    3. Re:I'm not a panicky guy but... by theArtificial · · Score: 5, Interesting

      If you can use Linux, you can easily disable any feature you don't like on Windows

      For those not using the corporate version please share the steps for disabling telemetry. Another Slashdotter posted an interesting video that captured packets when programs, such as calculator, were opened. This was with the settings as private as they could be made: Cortana off, smartscreen off, bug reporting off, everything he could find turned off.

      --
      Man blir trött av att gå och göra ingenting.
  8. What pissed me off... by Anonymous Coward · · Score: 5, Interesting

    Was when I was looking at the app store, but it said I had to log in to my microsoft account to use any of the apps. OK, logged in with my hotmail account which has a long complex password, which was copy/pasted with my password manager. I turn my PC off for the night, next day it won't take my usual password because it's now not a local machine logon, but is my microsoft logon, which I can't fill in because I can't open my password manager. Luckily I backup the keepass data to a USB flashdrive, so I fire up my other real OS which is linux so I can write down the frigging password to get the windows pile of shit logged back in. Screw MS... wiping the drive and installing linux.

    1. Re:What pissed me off... by AmiMoJo · · Score: 5, Informative

      When you logged in to the app store you were asked if you wanted to convert your account to a Microsoft online account, or just log in to the app store. You must have ignored that question and blindly clicked through it, and hence your account was converted (unfortunately that is the default).

      http://www.guidingtech.com/ass...

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  9. The lack of control by Anonymous Coward · · Score: 4, Informative

    The thing that pisses me off about Windows 10 is the apparent lack of control the user has with their own machine. Exhibit A: http://www.tenforums.com/attac...

    Check out the real-time protection option. "You can turn it off temporarily, but if it's off for a while, we'll turn it back on automatically." What bullshit is that? First, it doesn't tell you what it constitutes as "a while". A day? A week? A month? Second, the fact that it believes that power users are extinct and might have an edge-case for permanently disabling it is ridiculous. It's based off of Microsoft Security Essentials, and I disabled the real-time protection when installed on Win 7 on my netbook because it was just too much for the poor little Atom processor to deal with. If I needed to scan something, I'd do it on-demand. Here, I have no permanent solution because Windows 10 thinks it knows better than my situation.

    Windows 10 is peppered with many other areas which make me feel less in control than I used to. I know that I can't have full control when running a proprietary system, but it's all about degrees, and Win 10 feels far less catered for power users than Win 7.

  10. Re:/facepalm by Anonymous Coward · · Score: 5, Insightful

    Couple of days of reading?, like you could just click the damn "Privacy options" link at install time and uncheck the 4 or 5 options.

    Two major problems with that:

    1) There aren't options to disable all of the spyware in Windows 10.
    2) Even when you "disable" the options that you are graciously allowed to by Microsoft on your own PC, it still sends that data anyway.

    If you knew how to use a packet analyser, you could see that for yourself instead of posting comments that reveal what a clueless idiot you are.

  11. Re:not good enough by rudy_wayne · · Score: 5, Insightful

    ... or just disable the features you don't like... like you could have done all along. If you can use Linux, you can disable any feature you don't like from Windows.

    Except that in Windows 10, you can't. There are many things for which there are no settings to disable them. And even you dig deep, it still doesn't work. But don't take my word for it. Try it.

    Open Task Manager and kill Cortana. It immediately comes back. This is just one example of Microsoft going back to the old scam they used years ago, "We can't remove Internet Explorer because it's too deeply embedded in the OS".

  12. Re:/facepalm by timrod · · Score: 5, Insightful

    I think the problem is that MS isn't being completely clear as to what it is they're collecting or why they're collecting it. Take those seven or eight updates to Windows 7 and Windows 8.1 that added forced telemetry collection. No one really knows what it is those things are collecting - MS's own update really doesn't say much other than "It's information needed to ease the transition between Windows 7 or 8.1 and Windows 10" and "It's for customer experience improvements". On top of this, all of the telemetry updates were marked as "Important" in Windows Update, meaning that they'll be automatically installed on most update configurations.

    If MS really had some reason to do this, they should have said exactly what it is they were collecting and why from the get-go, and also had a clear opt-out provision. Failing to do this is what's sparking a lot of paranoia - I've heard everything from "MS's telemetry service is logging everything you type and sending it to MS to improve autocorrect functionality" to "MS is actively recording input from attached webcams and microphones and sending it to MS servers".

    I think if MS were to put out a well-thought out announcement telling people why it is they're doing this, a lot of the paranoia would go away.

  13. Re:not good enough by thegarbz · · Score: 4, Informative

    Don't use what? Cortana?

    I don't use it. I disabled search features. I also live in an area where Cortana is not available. And yet every time I hit the start button and start typing some of my information is sent to servers related to the Cortana service.

    Likewise I've removed a lot of the shitty live tiles. That doesn't stop the money app getting up to date stock information that it won't be displaying.

    You can't not use some of these features, not without a firewall.

  14. Photoshop / Lightroom anxiety by DoofusOfDeath · · Score: 5, Interesting

    My wife has a small photography business, and Photoshop and Lightroom are huge aspects of her photo editing workflow. She's invested untold hours building up skills in them, and that proficiency really pays off in terms of the quality and speed of her editing work.

    Right now she edits on our Windows 7 box. I'm almost dead set against us using Windows 10 because of this privacy crap (and now I apparently have to try undoing the telemetry those assholes snuck into Windows 7.)

    I feel caught between a rock and a hard place, because switching to a Mac would be an unwelcome expense for us. Also an business risk, since I can cheaply repair or upgrade a PC, but I have not expectation of being able to do that on a Mac. So if a Mac craps out near one of her deadlines, I'm not confident that I can get it (or a replacement) online as fast as we really want.

    I'm just amazed at how hard Microsoft is working to drive us away. They've gone from being a reasonable partner for our kind of business (Windows 7), to being one of our largest sources of medium- and long-term risk. They're now making our decision to use Windows for her business, into a strategic mistake.

    I really hope Adobe comes up with some decent solution to people in our shoes. If they have a Linux port of Creative Suite in their back pocket, this would be a dandy time to start selling it.

  15. Re:not good enough by SuricouRaven · · Score: 4, Informative

    I have been examining Windows Ten with a packet sniffer, and can confirm both of these claims. Even if you disable cortana and searching bing from the start menu, typing anything in there still results in a connection to a server associated with Bing - I don't know what's in that connection, as it's TLS. I've also confirmed that it does attempt to update the live tiles even when said tiles have been removed, as I see connections to servers such as foodanddrink.tile.appex.bing.com.