Microsoft's Telemetry Additions To Windows 7 and 8 Raise Privacy Concerns

WheezyJoe writes: ghacks and Ars Technica are providing more detail about Windows 10's telemetry and "privacy invasion" features being backported to Windows 7 and 8. The articles list and explain some of the involved updates by number (e.g., KB3068708, KB3022345, KB3075249, and KB3080149). The Ars article says the Windows firewall can block the traffic just fine, and the service sending the telemetry can be disabled. "Additionally, most or all of the traffic appears to be contingent on participating in the CEIP in the first place. If the CEIP is disabled, it appears that little or no traffic gets sent. This may not always have been the case, however; the notes that accompany the 3080149 update say that the amount of network activity when not part of CEIP has been reduced." The ghacks article explains other ways block the unwanted traffic and uninstall the updates.

Telemetry Hack

[smittyoneeach]

Telemetry hack
Like shearing your back
The right suds keep it
From chopping your stack
Burma Shave

Define Your Acronyms

What the hell is CEIP? Editors, define your acronyms the first time they're used, especially if they're not common.

Can Editors Inspect Paragraphs?

Re:Define Your Acronyms

[Stolpskott]

Customer Experience Improvement Program... for those of us used to wading through the pile of sewage that is Windows in a corporate environment, it is well known and enjoyed about as much as annual performance appraisals.

Re:Define Your Acronyms

[srmalloy]

What the hell is CEIP? Editors, define your acronyms the first time they're used, especially if they're not common.

Customer Experience Improvement Program.

Re:Define Your Acronyms

[xxxJonBoyxxx]

>> Editors, define your acronyms the first time they're used, especially if they're not common.

I'm assuming SlashDot's using unpaid high school interns as editors these days, since anyone who's made it through a college-level writing course would know better. Your local town paper wouldn't hire you to write dog-catching interviews if you submitted this crap as an "article."

Re:Define Your Acronyms

[denis-The-menace]

And it's a failure b/c they ignore what people really wanted: the Start Menu.

Instead we got the Start List: 100+ icons to scroll through.

Only Santa's list is longer.

Re:Define Your Acronyms

[arglebargle_xiv]

Customer Experience Improvement Program...

It's a Microsoft customer service, in the sense of "the farmer got in a bull to service his cows".

Sigh, guess no Win boxes in the lab then

[WillAffleckUW]

There are consequences to every action

Re:Sigh, guess no Win boxes in the lab then

The funny part is that there was a man who saw all this coming back in the early 90s who nobody listened to. His name is Richard Stallman.

Stallman warned everyone that proprietary software turns on the user in the end. People are complaining that Windows now sucks, and they have all these expensive (closed source too) tools they depend on for their livelihood that can't run on any platform besides Windows. Well, I guess they're getting what's coming to them. Stallman tried to warn them, but they didn't listen because they wanted stuff to "just work". Well, Stallman's inconvenient truth can no longer be ignored.

So have fun Windows users. I hope that your short term gains were worth not solving the problem in an open, portable, way.

Re:Sigh, guess no Win boxes in the lab then

[chipschap]

they didn't listen because they wanted stuff to "just work".

The further irony is that they didn't even get that much ... what they got was "stuff just works, except when it doesn't."

Now ... before anyone says, "yeah but stuff doesn't 'just work' on Linux either" ---- I know that. But I also know how much I paid for Linux. And if I'm good enough at it, I'm free to "fix stuff" and "make stuff work" I've done so many times. (Sure there are limits, the kernel is not so easy to fix ... but still ... you at least have full source access.)

Re: Sigh, guess no Win boxes in the lab then

[BarbaraHudson]

Microsoft is just helping you put into practice the (your) data wants to be free thing.

Re:Sigh, guess no Win boxes in the lab then

[Forgefather]

The error messages that you send to Microsoft contain a full memory image at the time of the crash, which includes all encryption keys that have not been explicitly zeroed out, and a full image of every other program you have running.

Compare the experience to...

[Announcer]

I think a more apt comparison would be to compare this to the entire process of getting a colonoscopy, from the preparation the day before, to the actual "exam".....

Re: Compare the experience to...

[reboot246]

I wouldn't know. I was out cold during my last colonoscopy. Most people are nowadays.

But I'm wide awake when it comes to being screwed by Microsoft. And it's not pleasant.

Kickstarter Needed

[Tokolosh]

I am willing to contribute money for the development of (hopefully) simple software or scripts rid my system of this malware, once installed.

Also, some ongoing review system which only allows MS updates that are deemed benign.

Sheesh, it's getting tedious to wade through all the KB verbiage with my evil lawyer hat on.

Re:Kickstarter Needed

[Tokolosh]

https://github.com/WindowsLies...

Someone is on the case!

Trifecta of obscurity

[Okian+Warrior]

"Raises privacy concerns" is elliptical speech: it's made to be deliberately obscure. (It uses "causes concern" to convey the central point without giving any information about what the point is.)

It's also passive voice, in that there's no person performing the action, the action is simply "caused" by something. (For comparison, consider "we wrote reports" versus "reports were written".) Hence, there's no person or group responsible, it's simply an aspect of situation.

And finally, the phrase uses framing to soften the effect. Your personal information isn't being harvested, the system simply "raises some concerns".

Taken as a whole the headline tries to get the reader emotionally involved by stating something we should be concerned about, without saying in concrete terms *that* there is anything to be concerned about, and that it's *other people* who are concerned.

Meh. This didn't work on me, I'm not actually concerned, I'm going to ignore it.

(Propaganda success!)

Re:BATCH SCRIPT REMOVE BAD WIN7 UPDATES

I'll just try it again without the rest of the post. Now I get "Your comment has too few characters per line (currently 38.5)." Again, fuck you Slashdot. Let's see if this line can fix it. Let's see if this line can fix it. Let's see if this line can fix it. Let's see if this line can fix it. Let's see if this line can fix it. That didn't work "Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition.". Try again.

ECHO OFF
REM --- remember to invoke from ELEVATED command prompt!
REM --- or start the batch with context menu "run as admin".
SETLOCAL

REM --- (as of 2015-08-26):
REM KB3012973 - Upgrade to Windows 10 Pro
REM KB3021917 - Update to Windows 7 SP1 for performance improvements
REM KB3035583 - GWX Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
REM KB2952664 - Compatibility update for upgrading Windows 7
REM KB2976978 - Compatibility update for Windows 8.1 and Windows 8
REM KB3022345 - Telemetry [Replaced by KB3068708]
REM KB3068708 - Update for customer experience and diagnostic telemetry
REM KB2990214 - Update that enables you to upgrade from Windows 7 to a later version of Windows
REM KB3075249 - Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
REM KB3080149 - Update for customer experience and diagnostic telemetry
REM KB3044374 - W8,8.1 Nagware for W10
REM KB2977759 - W10 Diagnostics Compatibility Telemetry
REM KB3050265 - Windwos Update services update to upgrade to W10
REM KB3068707 - Customer experience telemetry point. W7,8,8.1

REM --- uninstall updates
echo uninstalling updates ...
start "title" /b /wait wusa.exe /kb:3012973 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:3044374 /uninstall /quiet /norestart
echo - done.
start "title" /b /wait wusa.exe /kb:2977759 /uninstall /quiet

Windows 10

[Fire_Wraith]

I really want to like Windows 10. It seems to have a lot of nice features, was a smooth upgrade from 7, and probably the single most painless OS upgrade I've had on any MS platform (I had to correct a single driver, for a minor issue, and that was it).

But I'm really, really sick of just how blatantly Microsoft is trying to jam every single stupid thing into this, and tie it back to their cloud based bit. And I might even be okay with some of that, because I'm well aware that I wind up giving a lot to Google when I'm using stuff on Android. I might even use some of it, if they weren't going far beyond even what Google does.

The final straw was when they wanted to essentially remove my local account on the machine and replace it with me using a Microsoft account for my local login. No, sorry, but Redmond can go get fucked if they want that. It's one thing to have stuff in a cloud based application that has its own password, but it's another thing for that cloud based password to be my entire system. Perhaps I'm being overly negative, but it's just too much, that they want all this personal data, and they want to tie it all not just to what I do in application land with Outlook/Bing/Edge/Cortana/Skype whatever, but down to the OS level? No. And if it gets worse, I may just have to bite the bullet and do my PC gaming on Linux, and give up on doing anything bleeding edge.

Re:Windows 10

[Fire_Wraith]

I try to at least take it into consideration. I don't feel like I need complete privacy and anonymity, in part because I like some of the aspects of the connected and digital world.

That said, I try to at least be aware of some of the trade-offs, and who my information is going to (which sadly is a lot more effort than most people are interested in making). It comes down to who I'm willing to grant access to what information, to what degree - in part because of what they're likely to do with it, as well as what I feel like I get out of the service.

It's part of why I avoid using Facebook, because of their (nightmarish) track record and attitude towards things. On the other hand I use a number of services that are quite capable of tracking lots of things about me, and in some cases noticeably do - everyone from my cellphone provider, to Amazon when I browse or buy stuff, to Google when I search for something or use their map service, etc.

Why do I use those and not Facebook? Mostly because I'm of the opinion Facebook doesn't give a rat's ass who it sells stuff to, and wants to know every last thing about me and my personal life. If anything, they're more like an Intelligence Agency in their overwhelming and aggressive interest in my information. The others are at least more content with the stuff I give them. Amazon? Amazon can know what I buy and view from Amazon, in part because sometimes they'll later show me more stuff that I'm sometimes interested in. I'd be happier with the option to turn it off, maybe, but that's still a choice I can make between shopping there and not.

But there's a difference between having applications that I choose to use - such as Skype for instance - that links back into Microsoft's cloud, and having the very OS itself basically running in SaaS mode with a cloud based account. It's also not just about the privacy issues, but also the security issues that syncing my local password and my cloud password presents.

Re:Windows 10

[LVSlushdat]

My "last straw" occurred around 2011. I'd just retired friom supporting Windows (and some Linux) for 24 years (1991-2010). After I retired, I used Windows 7 on my home machines for a bit, and finally I decided that there was nothing I do on the computer that requires Windows, so I killed the dualboot, and switched permanently to Linux, specifically Ubuntu.. Since I'm sort of the local neighborhood "tech support", I tried out Windows 10 in Virtualbox, just to familiarize myself with it for when I'm asked to help out a neighbor.. To put it bluntly, I'd NEVER run Windows10 on any of my machines, PERIOD.. And I'll recommend to anybody who asks, that IF they MUST use Windows 10, they need to, AT A BARE MINIMUM, turn off all the privacy-removal stuff and use a local account... Yeah, I know.. keeps you from using that over-rated Cortana crap... Whupteedoo... TL:DR: People who value what little privacy they have left should stay AWAY from Windows 10, Just one man's opinion........

No, that guy killed DoNotTrack dead. DNT for Beta

[raymorris]

No, the guys who wanted more tracking took that guy out for a beer. That's the guy who killed off DoNotTrack. Like Private Browsing in Firefox or Incognito Mode in Chrome, DNT was about the balance between privacy on one hand and convenience/features on the other hand. DNT was supposed to mean that the user valued privacy more than convenience and features at the moment. Here's what was supposed to happen, what DNT was intended for:

Case 1, no DNT header:
I go to Slashdot, and have not set a specific DNT header. I therefore get the DEFAULT tracking/personalization behaviors of Slashdot, including:
        I'm not redirected to Beta, because Slashdot tracks that I set "do not showme beta".
        On my mobile device, I'm not redirected to m.slashdot.org, because again Slashdot tracks my preferences based on some identifier/cookie.

Case2, with DNT header:
I launch a Private Browsing window in Firefox, or an Incognito tab in Chrome.
The browser prompts "DNT: Do you want to tell web sites to avoid identifying you or tracking your preferences? Some features and preferences may not work in DNT mode."
I click "yes, send the DNT header".
Slashdot sees that I have expressed that I want a higher level of privacy than the default, that I am willing to give up personalization in exchange for privacy.
Slashdot does not set a cookie, and I get redirected to m.slashdot.org or beta.slashdot.org each time. It does not track me to know my preferences between sessions.

It's all about the balance between privacy and convenience. Much like Incognito / Private Browsing mode disables the browser history, autocomplete, and other useful features in exchange for better privacy.

In short, the purpose of DNT was to communicate the user's desire to value privacy over convenience.

By violating the spec and sending DNT as the DEFAULT, the DNT header in IE suddenly meant "the user probably wants the DEFAULT balance between privacy and convenience". Since IE sent DNT by default, it no longer provided any information about the user's priorities regarding convenience vs privacy. It therefore became completely useless for it's purpose. That guy killed DNT.

-----

Here's a concrete example. Quoting from the DNT policy:

| all user identifiers, such as unique or nearly unique
| cookies, "supercookies" and fingerprints are discarded

Do you really think that all sites are going to get rid of cookies, including "don't show me Beta" cookies, for anyone and everyone using IE? Just because Microsoft thought it was a good idea? No friggin way. If the USER chose to actively ticked the box, perhaps so. Because Microsoft's marketing team thought that "Do Not Track" sounded good and that breaking most web sites was an acceptable side effect? I don't think so.

suggestion to make slashdot useful again

[ihtoit]

Would the editors consider adding a section for analysis of Windows updates so we can read then decide if we want them instead of having to go on click marathons through the desktop client? Even some sort of Patch Tuesday digest just indicating which of the updates are actual security patches would do it.

Re:suggestion to make slashdot useful again

[Zocalo]

The Internet Storm Centre (part of SANS) posts one of these fairly shortly after MS releases the patches. Here's their post for the August patch batch to give you an idea - they don't cover the optional updates at all though.

Re:BATCH SCRIPT REMOVE BAD WIN7 UPDATES

[o_ferguson]

Seems a rather lengthy and convoluted batch file - just use this: http://pastebin.com/B3DjTSX1

Re:BATCH SCRIPT REMOVE BAD WIN7 UPDATES

[mythosaz]

Both scripts fail to make use of a simple FOR command.

FOR %A IN (list) DO command [ parameters ]

You can only skin the sheep once

[Iamthecheese]

The funny thing about this is until this I was willing to send telemetry to Microsoft. I understand how them knowing when my system crashes helps them fix bugs. I understand the wealth of good-for-everyone knowledge that comes with reports of which precise system file had a problem performing what kind of information. I would block crash reports sometimes, and I would allow other basic telemetry most of the time.

But due to their new privacy policy and other privacy rapine I've blocked every form of telemetry on my machine. They no longer get to hear a damn thing. Surely this was predictable. And how many regular and corporate sales has Microsoft lost already over this? Everyone knows to ask their local nerd what OS and other software to use. Stupid, stupid, stupid.

Re:Firewall/Router blocking settings?

[geminidomino]

I put this in my tomato "Scripts" section. Basically grabbed all of the dig output for settings-win.data.microsoft.com and vortex-win.data.microsoft.com, cnames, and authorities for them.

Possibly excessive. I'm ok with that. YMMV.

iptables -I FORWARD -d 8.26.215.27 -j DROP
iptables -I FORWARD -d 64.4.54.254 -j DROP
iptables -I FORWARD -d 8.26.204.25 -j DROP
iptables -I FORWARD -d 198.78.199.155 -j DROP
iptables -I FORWARD -d 204.160.105.155 -j DROP
iptables -I FORWARD -d 4.23.46.155 -j DROP
iptables -I FORWARD -d 65.55.44.108 -j DROP

Re:Sigh

[exomondo]

Why, again, do people still use Windows?

Because it runs the programs they need to run and works with the devices they use. That is the primary purpose of an operating system, nobody turns on their computer just to use the operating system.

Re:What it IS, not SHOULD be. I prefer both

[exomondo]

The fact that you have to explicitly say you want privacy makes it a bad spec to begin with, just like having to explicitly say you dont want to participate in Windows' CEIP rather than it being something you opt-in to is bad for privacy (even though in that case it's just telemetry data).

Re:Never install updates without reading the KB

[mister_playboy]

Microsoft has already solved your workaround by making all new KBs entirely nondescript. Enjoy your black box updates.

Re:Firewall/Router blocking settings?

[rtb61]

Makes much more sense to un-install those privacy downgrades. Worth the effort as there is a distinct improvement in boot times as well as general performance. Those M$ anal probes do come with more than one cost, not just your privacy taken but also a system performance cost, obviously they run better in windows 10 built in than added in windows 7 and 8, which is why windows 10 outperforms fully privacy downgraded windows 7 and 8. I wonder how well windows 7 clean install no M$ recommended privacy downgrades compares against windows 10.

Re:Firewall/Router blocking settings?

[arglebargle_xiv]

Makes much more sense to un-install those privacy downgrades.

An easier option is probably just to disable them, it looks like the sole purpose of the Diagnostics Tracking Service is to send data back to Microsoft so if you prevent it from running you should be fine.

Disclaimer: I haven't run Snort on this yet so I don't know if there isn't something else phoning home with my data, but DTS seems the obvious candidate to kill.

Re:Firewall/Router blocking settings?

[arglebargle_xiv]

Here's mine, rather more brief than yours since it was written purely as a memo for future reference:

Create key HKLM\SOFTWARE\Policies\Microsoft\Windows\GWX, then add DisableGwx
as REG_DWORD, value = 1.

Win+R -> taskschd.msc, open Task Scheduler Library | Microsoft | Windows |
Setup, which has two subkeys gwx and GWXTriggers. Delete all entries in
gwx, the other can't be deleted because of permissions, for this use Win+R
-> tasks, which opens C:\Windows\System32\Tasks. Go to
Microsoft\Windows\Setup, which is where taskschd gets its config for GWX
from, and take ownership of GWXTriggers and all its subfolders. Then
refresh taskschd and delete the GWXTriggers entries.

Finally, kill the GWX task from Task Manager.

Trust on system updates broken

[naranek]

The thing that worries me it that there are now dozens of articles about which updates to remove to disable telemetry or the Windows 10 update nagbox. We've been saying that installing security updates is fundamental to keeping your computer secure. This goes against that. Do we really want to teach people to uninstall random updates based on shady blog articles?

Earlier I had all automatic update checkboxes checked, because I trusted that security updates are just that - security updates. From now on I'll be checking all the updates manually before installing, and I really hate to have to do that.

And before anybody recommends switch to Linux, I already use Linux as my main OS.

Re:No, that guy killed DoNotTrack dead. DNT for Be

[AmiMoJo]

There is no reason why in your example Slashdot could not remember your preferences without tracking you. A simple anonymous cookie with no unique ID for beta/no beta and mobile/desktop is all that is required.

Even logging in is possible without violating DNT. Just discard any tracking data not essential for the provision of logged in services. DNT doesn't mean "do not set cookies", it means "don't track my browsing habits for any reason other than the provision of the services I ask for (e.g. advertising)."

Re:How do I avoid being infected on 8.1?

[wootcat]

I followed the instructions here...

https://www.hackread.com/microsoft-updates-spy-on-windows7-8-users/

It details how to see if you have those KBs installed and if so, how to remove them.

Re:*cough*

[Bing+Tsher+E]

A 5/16" drill through the CPU works, too, but is just as off topic..