Does Windows 10's Data Collection Trade Privacy For Microsoft's Security?

jader3rd shares an article from PC World arguing that Windows 10's data collection "trades your privacy for Microsoft's security." [Anonymized] usage data lets Microsoft beef up threat protection, says Rob Lefferts, Microsoft's director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender... For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences.

Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns, Microsoft needs access to technical data, such as what processes are consuming system resources, hardware diagnostics, and file-level information like which applications had which files open, Lefferts says. Taken together, the hardware information, application details, and device driver data can be used to identify parts of the operating system are exposed and should be isolated into virtual containers.
The article points out that unlike home users, enterprise users of Windows 10 can select a lower level of data-sharing, but argues that enterprises "need to think twice before turning off Windows telemetry to increase corporate privacy" because Windows Update won't work without information about whether previous updates succeeded or failed.

Re:MS is completely wrong

[Sipper]

Telemetry should be able to be switched off entirely, on all Windows installs, so that our right to privacy in respected.

I agree; sharing of data online should be an opt-in operation rather than something that for the most part cannot be completely opted-out-of. Microsoft's EULA allows for sharing any data they collect with third-parties, and there are reports that they already have and are continuing to do so. There are those that are proponents of what Microsoft is doing, saying that it's "good" for the OS, however if any open-source operating system were to do what Microsoft is doing, it would receive a lot of criticism for sharing data without opt-in consent.

There is some relief to be had however: on Windows 10 Pro and above the Telemetry service can be disabled. The service is named "Customer User Experiences and Telemetry". Look in "Administrative Tools" in "Services" and stop + disable it. The way to verify that the service is disabled is to look at the hidden folder %Program Data%\Microsoft\Diagnostics before-and-after stopping and disabling the service; before stopping the service the encrypted files there cannot be deleted because they're "in use", after stopping the service the files can be deleted and don't return.

There are firewall rules concerning the "Customer User Experience and Telemetry" service that can be disabled too -- but (from what I've read) supposedly disabling these rules won't block the service from the Internet. i.e. similar to how some sites cannot be blocked via "hosts" file entries because Microsoft has hardcoded certain names/IPs in their DNS resolver, supposedly there are certain hardcoded bypasses to the firewall as well.

It's possible to get Windows Update working over Tor, BTW. Windows Update unfortunately only understands an HTTP proxy, not Socks5, so another proxy (such as Privoxy, which is open source) is required to forward traffic to Tor via Socks5. Windows Update follows the proxy set by 'netsh winhttp set proxy IP:PORT;exception_list' (which requires being run from an Admin command prompt). Then firewall rules to block all traffic not coming from the Tor daemon. Verification via packet sniffing or via 'Tcpview' from SysInternals. Unfortunately what I see after all that is there is still some System-level traffic that accesses the 'Net directly, i.e. bypassing the firewall, so this still doesn't seem to be 100% trustable. (Not that it could be, anyway, given that Windows is not open source.)

Re:No, ABMers. No. For the last time. NO.

[Ol+Olsoc]

Don't like it? Don't use it. Stop crying and stop whining.

and no, this isn't a post about President Trump.

I don't! I stopped using Windows 10, and you know what? HIghly recommended, the telemetry is one thing, bad enough, but the fact that their updates bitch up the computer is every bit as bad.

If I have to give up my privacy, I want a computer that always works. Otherwise, it's security through inoperation.