back to article If you installed Windows 10 and like privacy, you checked the defaults, right? Oh dear

Here's a quick FYI: if you installed Windows 10, and in a rush to try out Microsoft's new operating system, you clicked through the default settings without looking, you may want to look again. If you value your privacy, or have a distrust of Microsoft, you probably want to make sure some or all of the settings are flipped to …

  1. Zog_but_not_the_first Silver badge
    Devil

    By design

    "And Windows 10 feels like it's trying to pull a fast one on a lot of us."

    1. BillG Silver badge
      IT Angle

      Re: By design

      Who does Microsoft think they are, anyway? Google?

      1. Anonymous Coward
        Anonymous Coward

        Re: By design

        Microsoft never innovates it only steals, welcome to project copy Google.

        1. Anonymous Coward
          Meh

          Re: By design

          Microsoft never innovates it only steals, welcome to project copy Google

          Google image search?

          Blatant rip of of Bing right there.

          1. Anonymous Coward
            Anonymous Coward

            Re: By design

            microsoft explain what's going on, and how they are nothing like google, here in this youtube video

    2. Bob Vistakin
      Facepalm

      Scroogled!

      So all the whining Microsoft has been doing about Google has been blown away in an almighty hypocritical u turn? Boy, what a surprise.

  2. Anonymous Coward
    Anonymous Coward

    No different to..

    Most of the shit that gets piled with Android..

    Also its not surprising its default is set to on, as some of the "best" new features need things like Location to work (such as Cortana).

    1. Dan 55 Silver badge
      Facepalm

      Re: No different to..

      Yes, well done Microsoft for taking the worst practices from the least private mobile OS, adding a few of their own, and bringing them to their desktop OS.

    2. Michael Habel Silver badge

      Re: No different to..

      If Cortina is as you say "The best"... Then Oh Mighty Zarquon help 'em 'Cause they're gonna need it....

  3. king of foo

    It's pretty bad... Really

    While I was upgrading my laptop in the early hours of sunday am I figured "why not google win10 privacy while I wait", spoke a fair amount of French, then spent a good half hour tweaking settings/registry values. What annoyed the hell out of me was the need to disable processes and edit the registry (home premium) to stop some of the reporting home.

    Thinking of friends/fam I'm hoping some kind soul will write a nice little "freeeedurm" script to simplify the process, or perhaps an "app" to demonstrate in simple terms (traffic lights) to your average Joe public exactly how exposed they are/what is being collected, with a "protect me squire!" button...

    1. king of foo

      Re: It's pretty bad... Really

      more info here

      1. Brandon 2

        Re: It's pretty bad... Really

        How long before an "auto"-update undoes what you do to the registry to stop the "reporting home"? I was wondering why this was free... now we know. Frankly, I don't mind selling some of my data for advertising, etc. But when they have access to ALL of my data, my spidey sense tingles... then i read that awesome Reg article about government spying on us... and... well... i think I'll stay with 7 for a bit longer...

        1. Bronek Kozicki Silver badge

          Re: It's pretty bad... Really

          I suppose you could set a policy to enforce settings, i.e. store the right data in registry. Still, thanks for sharing where to put it! I suspect I might need this, one day ...

          1. James Loughner

            Re: It's pretty bad... Really

            You truly believe that an update would respect your policy settings LOL. I have this neat bridge for sale, you interested??

        2. Anonymous Coward
          Anonymous Coward

          @Brandon 2 - Re: It's pretty bad... Really

          i think I'll stay with 7 for a bit longer

          Me too. But I will also be paying close attention in future, not only to what updates come down the line, but also to what traffic the OS is initiating. If only just to say "Fuck off Microsoft, you've gone to far."

        3. Anonymous Coward
          Anonymous Coward

          Re: It's pretty bad... Really

          "How long before an "auto"-update undoes what you do to the registry to stop the "reporting home"?"

          Ahh, the old bag of tricks: Registry polling OS-threads are back again, I see.

          NT workstation was easily converted to NT server with single registry change.

          MS fix for that? Create an operating system thread (running all the time) which polls that single registry key every 2 seconds and swaps it back if you try to change it. And hide the watchdog as an update.

          Sound familiar, doesn't it?

          So I'll say w10 runs a thread to undo all your changes all the time.

          As they directly say:

          "You may change this setting but after a while _we will change it back_".

          "a while" is, of course, not defined anywhere, so it can be minutes or weeks.

      2. VinceH Silver badge
        Pint

        Re: It's pretty bad... Really

        "more info here"

        Thanks for the link - bookmarked for future ref. Have a thumbs up and one of these --->

      3. Greg D

        Re: It's pretty bad... Really

        Thanks. Once I'm up and running in Windows 10 land I'll write a little .ps1 script to do all that :)

    2. Pascal Monett Silver badge

      Re: I'm hoping some kind soul...

      Well I'm hoping that sheeple people won't throw themselves upon the spear that is Windows 1 0 and will have enough sense to retain their intellectual faculties - and privacy - intact.

      Yeah. And I also hope I'll win the lottery some day.

      1. Anonymous Coward
        Anonymous Coward

        Re: I'm hoping some kind soul...

        Windows 10 is part of the five eyes spy network, see the excellent Reg article by Ducan Campbell on Echelon

        1. Anonymous Coward
          Anonymous Coward

          Re: I'm hoping some kind soul...

          "Windows 10 is part of the five eyes spy network"

          You mean "All Android phones" surely?!

          1. Michael Habel Silver badge

            Re: I'm hoping some kind soul...

            Yes Google do it, so it must therefore be ok for everyone else then?! Thats not staying classy MicroSoft!

          2. TMe

            Re: I'm hoping some kind soul...

            5 eyes? Must be at least one cyclope then

    3. JDX Gold badge

      Re: Thinking of friends/fam I'm hoping some kind soul will write a nice little "freeeedurm" script

      Thing is while most of this isn't ideal, the objections to it are largely ones of principle, not that anything is likely to happen because MS knows this stuff. So your friends/family probably aren't really that bothered, unless they read some scaremongering "Windows is stealing your soul - you won't BELIEVE what happened next" 'article' on FB. You can help them out but they probably won't really understand why you need to unless you scare them with a biased viewpoint on the subject.

      1. Anonymous Coward
        Anonymous Coward

        Re: Thinking of friends/fam I'm hoping some kind soul will write a nice little "freeeedurm" script

        "..not that anything is likely to happen because MS knows this stuff."

        And how you know it's only MS who knows _everything_ you do?

        As we know, MS is a partner for NSA and CHGQ and being 'a partner' doesn't mean having a BBQ together.

        Not only you are selling everything you do, you are also selling everything anyone around you is doing. And that information isn't yours to sell.

        As MS puts it "...shares wifi-passwords with Skype, Facebook and outlook.com friends." as plain text, obviously.

        Also MS spies on your emails, which means anyone you send/receive emails is also spied on. And registered as fellow of yours.

        Fast forward to company email ... basically even one w10-user in email distribution list is leaking everything in emails to NSA, passwords, accounts, everything. That's a massive non-security.

        It's obvious that _everything_ in MS cloud is already doing that, just judging by the spying enforced in w10.

    4. Tubz

      Re: It's pretty bad... Really

      Powershell, run a admin ..

      Get-Service DiagTrack | Set-Service -StartupType Disabled

      Get-Service dmwappushservice | Set-Service -StartupType Disabled

      reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection\ /v AllowTelemetry /t REG_DWORD /d 0 /f

  4. Anonymous Coward
    Anonymous Coward

    'Cheap' in terms of food, now means selling your privacy too.

    I found out tonight Lidl requires your car registration at the till, here in the UK.

    I was caught offguard at Lidl, (its always a bit of a rush packing) and asked for my car registration number at the till. Lidl are obviously selling this information to Europarks foremost, but others too no doubt. I didn't like the fact I'm asked to give what is private information in a situation that is very public, either.

    Are Lidl actually collecting it to enforce 90 minute limit parking fines though? I don't think so. It doesn't seem as though its needed if Europarks run the carparks, hence it seems like colllecting private 'linked' information under false pretenses.

    The Europarks ANPR Cameras are supposed to do that, as the car park is run by them. Why are Lidl acting as so called enforcer, other for financial means, and a cut of the fine revenue. Very easy to get full driver details via the DVLA.

    I thought it was bloody cheek, not sure what consent I gave on entering the store, (the store been separate from the parking) but it certainly wasn't explicit. ANPR is bad enough, but that tracks the vehicle, this in effect, is explicitly tracking the customer.

    Waitrose thankfully don't do this. Tonight was my last shop at Lidl. It was convenient and cheap, on the way home. Waitrose is slightly further out my way.

    1. Anonymous Coward
      Anonymous Coward

      Re: 'Cheap' in terms of food, now means selling your privacy too.

      +1

      Can't stand ANPR car parks, want to charge for parking then put up a bloody barrier and ticket machine.

    2. Anonymous Coward
      Anonymous Coward

      Re: 'Cheap' in terms of food, now means selling your privacy too.

      "Are Lidl actually collecting it to enforce 90 minute limit parking fines though? "

      Not really any different than any other store who gives you free parking for a limited time - but only if you buy something in the store. The ANPR knows you parked there and for how long - the manual check confirms you used the store and when. Presumably you don't have to buy anything - just queue at the checkout. ALDI use the same system on their car park - except it is only for validated customers' use. Anyone not validated gets an automatic fine.

      Our Waitrose allows a short free parking period in the community car park if you get your token validated at the checkout. In theory you can't ask for a validation without actually buying something. I don't think there is an ANPR as well - but it wouldn't be that difficult as the car park is covered by at least one town CCTV camera.

      1. P. Lee Silver badge

        Re: 'Cheap' in terms of food, now means selling your privacy too.

        Why not just hand the customer a plastic card to feed into the machine at the exit? Or print a barcode on their receipt?

    3. Doctor Syntax Silver badge

      Re: 'Cheap' in terms of food, now means selling your privacy too.

      "I was caught offguard at Lidl, (its always a bit of a rush packing) and asked for my car registration number at the till."

      I think in my case I'd have demanded to know why. If it was just for APNR that might have been OK. But retail companies really should use their clout to get rid of parking vultures (no relation to our beloved el Reg of course).

      1. Anonymous Coward
        Anonymous Coward

        Re: 'Cheap' in terms of food, now means selling your privacy too.

        > But retail companies really should use their clout to get rid of parking vultures (no relation to our beloved el Reg of course).

        Wow brought back back parking nightmares from my time living across the pond and painful Lidl shopping. One edge to being back home as a Yank not living on the coasts is having giant ass free parking spots almost everywhere due to no shortage of land. Fly over country has its perks.

    4. Tom 35 Silver badge

      Re: 'Cheap' in terms of food, now means selling your privacy too.

      A drug store here in Canada (Rexall) likes to ask people for their postal code at checkout. Most of the time I just say Nope. Sometimes I give them the north pole postal code H0H 0H0.

      Have you tried just saying NO when they ask?

      1. Anonymous Coward
        Anonymous Coward

        Re: 'Cheap' in terms of food, now means selling your privacy too.

        I have a psuedo address i use all the time, when their postcode checker fails to register it i tell them its a new estate, they manually add a duff address and i am left alone.

        Currys once pulled this shit when i bought a TV, they wanted my name, address, postcode, etc etc. They got an address, postcode, name etc, just not mine!!!

        1. Neil Barnes Silver badge

          Re: 'Cheap' in terms of food, now means selling your privacy too.

          @cornz1 - if you buy a TV, the store is required to log your address for the licence; not their fault and so I guess not the same thing.

          "Can't stand ANPR car parks, want to charge for parking then put up a bloody barrier and ticket machine."

          My registration plate includes easily-confused-by-OCR characters including K, M, W, X, and 8 - it's rare I get out of a prebooked airport park without having to have a discussion.

          1. Anonymous Coward
            Anonymous Coward

            Re: 'Cheap' in terms of food, now means selling your privacy too.

            "@cornz1 - if you buy a TV, the store is required to log your address for the licence; not their fault and so I guess not the same thing."

            But I am under no obligation to answer them truthfully. Is so the same thing. Unwarranted snooping!

          2. Cynic_999 Silver badge

            Re: 'Cheap' in terms of food, now means selling your privacy too.

            "

            @cornz1 - if you buy a TV, the store is required to log your address for the licence; not their fault and so I guess not the same thing.

            "

            Stores in the UK usually go way over what the law demands. Supermarkets frequently won't sell booze to adults who are *accompanied* by a minor, for example. I recently bought a pair of passive 3D glasses from Argos and was asked for my name & postcode for TV licencing. I pointed out that the glasses cannot receive TV broadcasts and so do not fall under the regulation, but the employee stated that it was store policy to get the information for all purchases that were "TV related". I told her that I was a traveller and had no fixed abode, which stumped her.

        2. auburnman

          Re: 'Cheap' in terms of food, now means selling your privacy too.

          In fairness to Curry's I believe it is legislated that a seller must get your address when you buy a TV so that the TV licencing mob can hound you.

          1. g e

            Re: 'Cheap' in terms of food, now means selling your privacy too.

            I don't remember being asked for a licensing pound of flesh for the last 3 TVs I bought, thinking about it and they were bought from a store, not online which would already have my delivery address

            1. auburnman

              Re: 'Cheap' in terms of food, now means selling your privacy too.

              Sounds like enforcement has fallen by the wayside; they did used to hand out paltry fines some years back. I seem to recall they billed ASDA about ten grand.

          2. Number6

            Re: 'Cheap' in terms of food, now means selling your privacy too.

            In fairness to Curry's I believe it is legislated that a seller must get your address when you buy a TV so that the TV licencing mob can hound you.

            They are obligated to get an address from you. You are under no obligation to give them your correct address and they are under no obligation to verify it.

          3. fruitoftheloon
            Go

            @auburnman: Re: 'Cheap' in terms of food, now means selling your privacy too.

            Yup, it is a requirement of the Wireless & Telegraphy Act.

            Cheers,

            Jay

        3. Peter Gathercole Silver badge

          @cornz 1

          Actually, Currys were just fulfilling their legal obligations. When buying TV receiving equipment, by law they have to gather and pass on identity information to the TV Licensing authority.

          If you pay by card, they will normally just pass enough information from that so that identity can be obtained from the bank. Alternatively, if you use a store loyalty card, that will suffice too.

          I once bought a TV aerial amplifier from Tesco, wanting to pay cash, and having just lost my keyring clubcard. They refused to sell it to me without me providing my name and address. They did not even relent when I pointed out that it was not technically capable of receiving a TV signal, and that where it was going was not my house (I was getting it for my parents).

          I know for a fact that they use Tesco clubcard information, because our card has a typo in the name on the card that we've never corrected. And after buying a TV, we got a nasty-o-gram from the license enforcers claiming that they could not identify a valid TV license under the name and address that the clubcard was registered to. I did nothing, waiting to see whether someone would actually spot that garthercole and gathercole actually only differed by one letter, and at some point they must have, because there was never any follow-up. It's a bit of a shame. I would have loved to have seen that go to court to watch it be thrown out.

          What really annoyed me was when another shop asked me for the same information for exactly that purpose when I bought a simple DVD player! That really took the piss.

          I believe I've heard that deliberately giving false information when buying TV receiving equipment in the UK can be deemed as fraud.

          Edit: Hmm. Others beat me to this while I was typing it up. Must remember to be less verbose.

        4. KA1AXY

          Re: 'Cheap' in terms of food, now means selling your privacy too.

          I always give my work address and phone

      2. Anonymous Coward
        Anonymous Coward

        Re: 'Cheap' in terms of food, now means selling your privacy too.

        Per the Blues Brothers, I always give the address of Wrigley Field: 1060 W Addison St, 60613. I can't be the only; I bet they get a tonne of unwanted mail.

    5. spudmasterflex

      Re: 'Cheap' in terms of food, now means selling your privacy too.

      I like this parking, but I also like this parking

    6. Greg D

      Re: 'Cheap' in terms of food, now means selling your privacy too.

      AFAIK a number plate is not private information.

      1. paulf Silver badge
        Big Brother

        Re: 'Cheap' in terms of food, now means selling your privacy too.

        @Greg D

        "AFAIK a number plate is not private information."

        No, it isn't. However my payment card is private information, while details the shopping I've bought is semi-private; and they're trying to link all three at the checkout. Note that it's trivial for anyone to look up the car make + model from the registration (i.e. is it a Bentley or a banger?) so they suddenly have much better knowledge of their shopping demographic. Maybe they have the ability to link payment card to the billing address from another source - another aspect of the demographic is how wealthy your 'hood is. We don't know what information the other side of the equation has access to...

        That all assumes they're only interesting in knowing their shopping demographic better and not the usual targeted ads crap.

        Paying cash is one thing but not many people carry enough cash with them to cover the weekly shop and if you only find out when you've packed your shopping and are about to pay it's a bit late to say I'll pop to an ATM. That said I'd probably empty my bags, buy the minimum shopping with cash to avoid a parking ticket, leave them to put it all back on the shelves and sod off to a shop that doesn't feel the need to track my every move!

      2. nijam

        Re: 'Cheap' in terms of food, now means selling your privacy too.

        > AFAIK a number plate is not private information.

        True. However... what *is* private information (as per the DPA, etc.) is that it is *your* car's registration number.

      3. Anonymous Coward
        Anonymous Coward

        Re: 'Cheap' in terms of food, now means selling your privacy too.

        According to privacy officials here in Finland, _it is private information_ as it's directly connected to name & address, therefore collecting and publishing those is illegal.

        That view is of course not shared in UK where spying on car owners is the norm, illegal or not, no-one cares.

  5. LDS Silver badge
    Big Brother

    Guess I'll stick to 7 until 2020...

    ... meanwhile, I'll start to write my own OS...

    1. Khaptain Silver badge

      Re: Guess I'll stick to 7 until 2020...

      I know a guy called Linus who did just that....

      1. asdf Silver badge

        Re: Guess I'll stick to 7 until 2020...

        Yeah and then Red Hat came and ruined the userland on one hand and Google did on the other.

        1. Teiwaz Silver badge
          Meh

          Re: Guess I'll stick to 7 until 2020...

          'Red Hat'??

          Oh, Another Systemd dig...

          1. asdf Silver badge

            Re: Guess I'll stick to 7 until 2020...

            Systemd is but one part of the freedesktop.borg hairball. Get assimilated.

            1. Teiwaz Silver badge

              Re: Guess I'll stick to 7 until 2020...

              Freedesktop is not even a standards body, it's specification is adopted to varying degrees between Gnome and KDE, and is only recently at version 1.1.

              As a 'borg' it shows all the assimilation ability of a tribe of ewoks. You wouldn't want Gnome and KDE(etc.) to run off implementing the same idea in even more different ways...

              As it is, KDE4 had it's user icons in ~/.local/share/icons & Gnome and others in ~/.icons.

              People will be launching tirades against EWMH next...

              1. asdf Silver badge

                Re: Guess I'll stick to 7 until 2020...

                kdbus is all you need to know about Red Hat's intentions which also is part of the lovely freedesktop. All one giant happy family laptop centric POSIX hating windows lite hairball.

          2. hplasm Silver badge
            Gimp

            Re: Guess I'll stick to 7 until 2020...

            "Oh, Another Systemd dig..."

            Yep- keep digging until the hole is big enough to bury the bastard* like an old white dogshit.

            *systemd or it's 'creator' - you choose.

            1. GrumpenKraut Silver badge

              Re: Guess I'll stick to 7 until 2020...

              > *systemd or it's 'creator' - you choose.

              I take ... both of them. Plus using a volcano saves the digging.

              1. Bronek Kozicki Silver badge
                Coat

                Re: Guess I'll stick to 7 until 2020...

                The funny thing about systemd, I actually like unit files and few other things it brought strictly related to initialisation management. It is really big shame that it's put its fingers into so many pies, e.g. when dbus goes wrong (sometimes it does!) I am unable to gracefully shutdown the system because silly bugger is unable to communicate with init process without dbus.

                On the other hand, it does provide some entertainment, watching all these bone headed-attempts to move dbus to kernel, in a least efficient way possible. I wonder what systemd and gnome authors will try to copy from Windows next, badly (Cortana a.k.a. "universal privacy invasion", perhaps?) Sorry for off topic, I heading out anyway

      2. Mpeler
        Coat

        Re: Guess I'll stick to 7 until 2020...I know a guy called Linus who did just that....

        van Pelt?

        (and he was just doing it for Peanuts)...

      3. LDS Silver badge

        Re: Guess I'll stick to 7 until 2020...

        I can't trust him too. He uses GMail...

      4. fung0

        Re: Guess I'll stick to 7 until 2020...

        I know a guy called Linus who did just that...

        You're probably thinking of Richard Stallman. Linus wrote a kernel.

        1. Anonymous Coward
          Anonymous Coward

          Re: Guess I'll stick to 7 until 2020...

          "You're probably thinking of Richard Stallman. Linus wrote a kernel."

          The kernel is the operating system. The GNU project's aim was to build an open Unix - kernel and development toolkit (the C compiler, gcc etc.). GNU did have it's own kernel (Hurd), but the Linux kernel was released earlier and adopted instead, hence GNU/Linux - the Linux kernel, written using GNU tools.

          So yes, Richard Stallman was involved with writing his own OS, but Linus beat him to release, admittedly using the GNU tools - so less overall work as Linus didn't have to worry about writing the compiler, linker etc.

  6. asdf Silver badge

    not so free

    Funny how Android and Windows 10 are both "free" to the consumer huh? Apple I guess at least just overcharges you for the hardware and then drops support for their loss leader software for your device after a few years to strongly encourage you to pay your reoccuring dues to the hipster club(cult?). Yay fanboi downvotes all around.

    1. LDS Silver badge

      Re: not so free

      Apple is even more clever - it makes you pay it to steal your data!

    2. fung0

      Re: not so free

      I'm no fan of the Mac UI, and I find iOS unusable. But you have to at least give Apple credit for creating a separate OS for its mobile toys. Mac OS X remains respectful of a UI tradition that goes back 30 years, and charges users up-front, instead of trying to surreptitiously 'monetize' them.

  7. Stephen Leslie

    Some steps

    Turn off Cortana and instead search locally, otherwise everything is sent to Bing.

    Go through the "Privacy" settings thoroughly.

    Lock down Edge, setting your own home page, start page, and set the New tabs to blank.

    Lock down IE where appropriate if you know how.

    Turn off the tracking service: dmwappushsvc

    Turn off the diagnostics service: diagtrack

    Adjust the hosts file. In this The Register comments section you might see an extra blank line between each entry, so you might have to adjust the following eliminating the extra blank lines between each entry; but that said, add the following to your hosts file:

    #Windows 10 Privacy Blocker#

    0.0.0.0 vortex.data.microsoft.com

    0.0.0.0 vortex-win.data.microsoft.com

    0.0.0.0 telecommand.telemetry.microsoft.com

    0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net

    0.0.0.0 oca.telemetry.microsoft.com

    0..0.0.0 oca.telemetry.microsoft.com.nsatc.net

    0.0.0.0 sqm.telemetry.microsoft.com

    0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net

    0.0.0.0 watson.telemetry.microsoft.com

    0.0.0.0 watson.telemetry.microsoft.com.nsatc.net

    0.0.0.0 redir.metaservices.microsoft.com

    0.0.0.0 choice.microsoft.com

    0.0.0.0 choice.microsoft.com.nsatc.net

    0.0.0.0 df.telemetry.microsoft.com

    0.0.0.0 reports.wes.df.telemetry.microsoft.com

    0.0.0.0 wes.df.telemetry.microsoft.com

    0.0.0.0 services.wes.df.telemetry.microsoft.com

    0.0.0.0 sqm.df.telemetry.microsoft.com

    0.0.0.0 telemetry.microsoft.com

    0.0.0.0 watson.ppe.telemetry.microsoft.com

    0.0.0.0 telemetry.appex.bing.net

    0.0.0.0 telemetry.urs.microsoft.com

    0.0.0.0 telemetry.appex.bing.net:443

    0.0.0.0 settings-sandbox.data.microsoft.com

    0.0.0.0 vortex-sandbox.data.microsoft.com

    0.0.0.0 survey.watson.microsoft.com

    0.0.0.0 watson.live.com

    0.0.0.0 watson.microsoft.com

    0.0.0.0 statsfe2.ws.microsoft.com

    0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com

    0.0.0.0 compatexchange.cloudapp.net

    0.0.0.0 cs1.wpc.v0cdn.net

    0.0.0.0 a-0001.a-msedge.net

    0.0.0.0 statsfe2.update.microsoft.com.akadns.net

    0.0.0.0 diagnostics.support.microsoft.com

    0.0.0.0 corp.sts.microsoft.com

    0.0.0.0 statsfe1.ws.microsoft.com

    0.0.0.0 pre.footprintpredict.com

    0.0.0.0 i1.services.social.microsoft.com

    0.0.0.0 i1.services.social.microsoft.com.nsatc.net

    0.0.0.0 feedback.windows.com

    0.0.0.0 feedback.microsoft-hohm.com

    0.0.0.0 feedback.search.microsoft.com

    0.0.0.0 bingads.microsoft.com

    0.0.0.0 www.bingads.microsoft.com

    #End Windows 10 Privacy Blocker#

    # [Block Microsoft Apps]

    127.0.0.1 apps.microsoft.com

    127.0.0.1 www.apps.microsoft.com

    This is probably just a start. You might feel the thing is almost an extension of Microsoft servers, rather than its own operating system. But with some adjustments, you can reclaim your own computer.

    If anyone has more ideas, please post 'em.

    1. Teiwaz Silver badge

      Re: Some steps

      If you turn off ALL the 'features' what's left?

      WinXP?

    2. Turtle

      @Stephen Leslie Re: Some steps

      "You might feel the thing is almost an extension of Microsoft servers, rather than its own operating system. But with some adjustments, you can reclaim your own computer."

      Thanks for the post; that's some very useful stuff there..

      What I need to know, and will require, I suspect, more time from more tech-competent people than myself, is the degree to which it is possible to disable the constant surveillance, and, simultaneously, what remains in force no matter what the user does. If it *all* can be disabled, then I don't much care what Microsoft has put in there; it's the undefeatable mechanisms that concern me. I doubt that the final word has been said on this matter.

    3. joed

      Re: Some steps

      the very 1st step - never login with/create online account

      Keep all "value added" services disconnected until you really need them and obviously never use OS vendor provided services as these are too closely tied into the system for comfort.

      1. Stephen Leslie

        Re: Some steps

        Thanks, yes, just create a local account. I install with the computer unplugged too!

        You might note that "apps" can be uninstalled either manually or by PowerShell.

        Just as a note: you can even use PowerShell to uninstall them all in one fell swoop (except the underpinning platform, Edge, and Settings); but be cautious, that's everything metro on your account.

        AFAICT, Microsoft has removed a couple things non-metro from Windows 10 - calculator and sound recorder (a tiny program that's been on Windows for decades) - so if you remove the calculator app, and the sound app, there is no calc.exe or sound recorder on the system to replace them with; you can replace sound recorder with something like Audacity, and there are numerous ways calculators online.

    4. Anonymous Coward
      Anonymous Coward

      @Stephen leslie - Re: Some steps

      A very useful list, thanks.

      One thing I noticed, though :

      Turn off Cortana and instead search locally, otherwise everything is sent to Bing.

      Done that but I found that even on a local search the thing connected to Bing, sent it a packet of data and got a whole load of packets back. Looked suspiciously like it was sending the search request in anyway.

      So blocking in the Hosts file seems the only way - can't trust the UI to actually do what you want.

    5. Tony Paulazzo

      Re: Some steps

      #Windows 10 Privacy Blocker#

      Thanks for that. On my games desktop I turned off all intrusive options then began to wonder, would that matter anyway. If they wanted to snoop, no way I'd know about it. Just a quick question, shouldn't all those 0s be 127.0.0.1? or does it not matter?

      1. Stephen Leslie

        Re: Some steps

        Either - you can use 127.0.0.1

        Some folks point them to 0.0.0.0

    6. MacGyver

      Re: Some steps

      Turning off Cortana? Easier said than done.

      I had to turn off just about every Search related service to get Cortana to disappear. (not that I wasn't going to do that anyway, I've used Agent Ransack since they implemented search back in Vista anyway)

      BTW, thanks for the host file URLs.

    7. fung0

      Re: Some steps

      Excellent list. Thanks!

      However:

      But with some adjustments, you can reclaim your own computer.

      I'd say this statement is premature, unproven and astoundingly optimistic. At this point, we have no idea what may lurk in the closed source of Windows 10, nor how persistent Microsoft's (forced) auto-updates will be in (re)opening privacy holes.

      What we do know is that by accepting Windows 10, in exchange for a few miserable new features, you are giving Microsoft carte blanche - you're happily volunteering to accept Redmond's electronic anal probe. The only real solution is to avoid installing this nightmare, and uninstall it immediately if you've already made a horrible mistake. JUST SAY NO to Windows 10. If you're not willing to tell Microsoft right now that its behavior is unacceptable, you are part of the problem, and you guarantee that things will continue to get worse.

  8. This post has been deleted by a moderator

    1. Magani
      WTF?

      Why would someone post as AC then put their real name in the comments?

      Just asking...

      1. This post has been deleted by its author

    2. asdf Silver badge

      >SQL is obsolete and dead.

      Wow you really you believe you are the first person to say that huh?

    3. Mpeler
      Mushroom

      Microsoft uses SQL.

      "Microsoft uses SQL."

      Ahh, but you use TROLL:

      T edious,

      R epetitive,

      O bnoxious,

      L amea$$

      L anguage.

      Threadbombing with impunity, whilst adding nothing of value.

      Go parse yourself.

    4. TheVogon Silver badge

      " Microsoft uses SQL."

      They also use NoSQL - just Bing DocumentDB....

  9. Doctor Syntax Silver badge

    "Your typed and handwritten words are collected to provide you a personalized user dictionary"

    Good idea. Collect all your habitual misspellings into a personal dictionary so as to avoid bothering you about them. Something teh internet has always needed.

    1. Teiwaz Silver badge

      Personalised user dictionary

      > ""Your typed and handwritten words are collected to provide you a personalized user dictionary"

      Good idea. Collect all your habitual misspellings* into a personal dictionary so as to avoid bothering you about them. Something teh internet has always needed."

      * Mindreader used to do that in the early 90's. Progress, huh....

  10. Sebastian A

    Hah.

    "Windows does not collect personal information without your consent."

    Since you're consenting by accepting the defaults, that statement is technically correct, which as we all know, is the best kind of correct.

    1. asdf Silver badge

      Re: Hah.

      >which as we all know, is the best kind of correct.

      Yeah unless you are an out of touch out of date tech company desperately in need of good will from customers then its a turd in a punchbowl.

  11. DougS Silver badge

    Advertising ID?

    So while Apple has taken steps to eliminate the ability of an app to access any sort of unique ID connected to the user, Microsoft is going full steam ahead with this? And adding this to Windows 10 on PCs - when they are already getting paid good money for the OS?

    At least Google has a valid reason for pushing this stuff on people, because they make nothing from Android aside from the advertising revenue. Microsoft wants it on both ends, payment up front and continuing to sell your eyeballs down the road, and bringing it to PCs to boot!

    Glad I use Linux and iOS!

  12. Anonymous Coward
    Anonymous Coward

    This should be a lesson

    to all those who were (and are still) laughing to Richard Stallman's lectures on software freedom.

    A new and very long era of Windows abuse will begin. Oh, by the way, it's too late to go back, folks! Don't count on Linux to save your bacon because in case you did not know, there is no free and open software on closed and locked hardware. Your only choice will be on which wagon you want to be shackled: Apple, Google or Microsoft. Enjoy!

    1. Pascal Monett Silver badge

      Re: A new and very long era of Windows abuse will begin

      Don't think so.

      The big problem that Microsoft has now is that its every misstep will be crucified in the media. Microsoft is not the powerhouse it used to be. Billions in the bank no longer guarantee user compliance.

      Windows 95 was a turd, Windows XP was better, and XP SP3 was just about acceptable. In those days, the Internet reared its ugly head and when Vista rolled around, despite all the programmed hype that was Microsoft SOP, it was decried, pilloried and ridiculed and did not take off.

      That is something that Microsoft had never before experienced ; rejection. Every single OS edition, every attempt, every tool had, previously, been kept or retired at the whim of Redmond HQ. For the first time in history, a Microsoft OS had been crucified BY THE USERS and Microsoft had been forced to accept its defeat.

      I am convinced that historians will peg that as the point at which Microsoft has begun its march into irrelevance.

      Meanwhile, Window 1 0 is attempting to save Redmond's bacon by adopting the Internet to an extent that is unheard-of in Redmond-land. Microsoft's marketing department is probably feeling a permanent high with all the potential (read, skewering user's wallets potential), but the Internet is here now, and Microsoft does not control it. Users will decide whether or not Win 1 0 is worth it, and Microsoft can bleat all it wants about Win 1 0 "features", if users don't accept them, 1 0 will fail.

      And that will be a much more devastating failure in Microsoft's OS history, because its entire future is hinging on this moment.

      I don't know which way this will go, but I'm not sure even Microsoft's legendary PR department will be able to save its bacon this time.

      1. asdf Silver badge

        Re: A new and very long era of Windows abuse will begin

        >I am convinced that historians will peg that as the point at which Microsoft has begun its march into irrelevance.

        No that will either be the day the antitrust ruling came down or when Billy G stepped down day to day as CEO which both predate Vista by quite some time.

      2. Michael Habel Silver badge

        Re: A new and very long era of Windows abuse will begin

        The lack of a proper GUI, Start Button, and Start menu aside... And whatever Third-Party remedy One might have used... Or paid for to fix these... pales to the fact that Windows 10 will sell your Soul, Bank Accout, Wi-Fi Passwords, and your Dog Piecemeal to the largest bidder, or, Alphabet Soup Origination. Given MicroSofts stary history on security... Just how long will it be until our Russian, and Chinese "friends" get their hands on this stuff? Perhaps that Nigerian Prince just might be able to get his Billions back!

        As pointed out above.... Microsoft aren't completely daft... If everyone starts to alter their host File. Chances are good that they'll eventually overwrite this again.

        I might have mentioned this in a different Thread, but, its slowly looking like the only OS in the World that could save Windows 8.x... May well turn out to be Windows 10. Bullshit Interface aside. Nobody has ever actually accused it of being nearly as insidious with Ones data as this current OS... Yes you may have had to download Solitaire as an optional extra, with all its ads... But, 1) it was NOT part of the OS - AT SALE 2) You weren't required to download it. Which hardly justifies either behavior IMHO.

        But, between the shit UI, or the OS that spys on me... I'd go for Windows 8.x... I meant Linux Mint.

  13. Aqua Marina

    EU law

    I have a niggling suspicion that EU law might come to the aid of those of us in the EU. Something in the back of my mind is telling me that we can explicitly opt out of data retention by informing Microsoft via any official method. I.e. If MS advertise an official Facebook page, then any posts to it are legally considered officially delivered in the same way they would be via post. 10 million posts would probably DOS the page, if only it was possible for an opt out template to go viral. Then there is the fact that for £10 you can ask MS UK to supply you with a hard copy of everything they hold on you under data protection laws. The awkward git in me thinks that this can be used to make things difficult until MS provide a single opt out function that is unambiguous to non-corporate users.

    1. Sebastian A

      Re: EU law

      Other than occasionally stinging them for a billion dollars, when has EU law actually brought about meaningful change to Microsoft's (or by extention, any tech giant's) products?

      1. Tony Paulazzo

        Re: EU law

        when has EU law actually brought about meaningful change to Microsoft's ... products?

        It's not much, but forced 'em to put a browser choice on all EU citizens computers. The American government couldn't even do that!

        EDIT: Clarity.

      2. LDS Silver badge

        Re: EU law

        If Microsoft APIs and document formats had been published, it was only because of EU ruling. Mass media focused only on IE - but the real change was to force Microsoft to publish APIs and formats needed for interoperability.

        Samba and other projects would be still far behind if those APIs and formats would be still unpublished, and it wasn't the DOJ to obtain it.

    2. Mpeler
      Flame

      Re: EU law

      Yep, they're about due to do something useful... it's been quite a while, what with cucumber curvature, useless lightbulbs, vacuum cleaners that (don't) suck, and dryers that don't dry.

      What the HE!! do they do in Brussels anyway? Even their chocolate isn't any good anymore...

  14. iLuddite

    had successful Win10 weekend

    I dissuaded three people from installing Win10. I was nefarious about it - I showed them the 'privacy' policy. Occasionally, it's good to show your friends that you care.

  15. Reallydo Wannaknow
    Facepalm

    neatly summarised in one image

    https://i.imgur.com/9DoVoix.jpg

    A few gems: "Real-time protection: This helps find and stop malware from installing or running on your PC. You can turn this off temporarily, but if it's off for a while we'll turn it back on automatically." (emphasis mine)

    and

    "The BitLocker recovery key for your device is automatically backed up online in your Microsoft OneDrive account."

    and

    "Microsoft doesn't need to ask for access to your Skype and Outlook.com contacts because these other services are both owned by Microsoft and tied to your Microsoft account."

    1. This post has been deleted by its author

      1. GrumpenKraut Silver badge

        Re: neatly summarised in one image

        > ... if somehow those keys were hacked ...

        Not "if", rather "when".

      2. TheVogon Silver badge

        Re: neatly summarised in one image

        "Where is it stated that the BitLocker recovery key is stored online ?"

        See http://windows.microsoft.com/en-gb/windows-8/bitlocker-recovery-keys-faq

        For non domain joined PCs using a Microsoft account, the BitLocker recovery key is stored online in OneDrive, which for most users is likely a good thing as encryption is now enabled by default.

        "if somehow those keys were hacked and extracted - seems to be a high security risk."

        Well they would also need physical access to your device to use them. And as a non Domain joined user then probably you wouldn't have required a PIN or enabled 2 factor authentication - so if they have your Microsoft account, they could login to your device anyway...

        However if you have something that you really want to protect from the NSA, law enforcement, foreign governments, etc, then the keys can easily be viewed and deleted here:

        https://onedrive.live.com/recoverykey

        "Does everyone get an online account automatically with Windows 10 ?."

        Nope - you can choose to use a local account or a domain account only if you want to.

    2. MacGyver

      Re: neatly summarised in one image

      Worried your keys might get hacked? HA! Those keys are there so they can be handed over to whatever agency might ask for them, the end, no hacking required. (I'm guessing that if you "delete" said key from OneDrive, it will still exist as a backup on the server. Unless someone somewhere has read just how Microsoft "deletes" things from OneDrive and corrects me.)

  16. Nanners

    Don't be too snarky

    its the new world order and we are just Borg now. Only a matter of time before apple does the same and the whole system is centralized to google ai.

  17. Anonymous Coward
    Anonymous Coward

    Tin-foil your house

    It's the only way to be sure.

  18. arctic_haze Silver badge
    Black Helicopters

    Progress

    Previous versions of Windows had a NSA key. The most recent one seems to have been written by NSA.

  19. Timmy B Silver badge

    I wonder....

    ... how many people complaining about these privacy settings have store cards, credit/debit cards, bank accounts, or use Ebay, Paypal, Amazon, Google services, etc. Our information is all out there and none of it is really private unless you go to great lengths. And to me those lengths simply aren't worth my time or effort. I don't care if Microsoft knows where I am, what I'm searching for, etc. If the state wants to know all about me - it damn well will do and I can't do anything about it. Seriously, though, what is the big issue? What harm can be done to me with any of this data gathered about me? That's a serious question folks - somebody actually give me an example of any kind of harm.

    1. hplasm Silver badge
      Paris Hilton

      Re: I wonder....

      Just because they can is no reason for you to roll over.

      When you are on your knees, they can ask to to do other things...

    2. Anonymous Coward
      Anonymous Coward

      Re: I wonder....

      All that credit card info stuff is true, but as someone on the Insider forum commented (roughly) is that any reason why I should cc Microsoft on everything I do?

      If you're looking for convincing examples of harm, I can't help you. All I can say is what I feel having used the thing for quite a few months :

      It's a great OS if you subscribe to the vision that is being put forward, but when I consider all that Microsoft are putting under the hood, I get a cold feeling in the pit of my stomach. I won't use it for real, and I won't suffer it's presence on any devices attached to my network.

    3. fruitoftheloon
      WTF?

      @TimmyB: Re: I wonder....

      I mean, no 'properly elected' government has ever used data it gathered with consent for nefarious ends, have they now?

      Try asking that to my mother-in-laws family in Austria...

      Oh sorry, you can't as most of them were gassed and barbecued by the elected government...

      Be careful what you wish for my friend, as you WILL wake up one day and find things have changed.

      Have a nice day!

      Jay.

      1. Timmy B Silver badge

        Re: @TimmyB: I wonder....

        mmm - Reducto ad hitlerum - fail..... No decent argument

        1. fruitoftheloon
          Go

          @TimmyB: Re: @TimmyB: I wonder....

          Timmy,

          would you be so kind as to share a lucid point of view?

          Kind regards,

          jay

    4. Anonymous Coward
      Anonymous Coward

      Re: I wonder....

      @timmy

      Sorry to see you get so many downvotes, I guess its easier to be an armchair critic and reading the truth is a tad painful. I dont like the massive invasion of privacy, but there is little I can do, or really want to do tbh im too lazy, and i suspect a good 90% of commentards are in the same boat as you rightly pointed out.

      on another note, how anonymous is this post really, you all love your privacy, but if a reg hack wanted to know who posted what ... well..... I'm sure it isn't hard for them to see.

      1. Anonymous Coward
        Anonymous Coward

        @Anonymous Coward - Re: I wonder....

        on another note, how anonymous is this post really, you all love your privacy, but if a reg hack wanted to know who posted what ... well..... I'm sure it isn't hard for them to see

        I assume you're referring to your own post and of course el Reg can link it to your real reg username. However, they can only link to the real you if you gave that info up when you registered.

        They would have no hope of identifying the real me from the information they have. They'd have to break a few laws/do a few deals to get the info needed to identify me.

        But that isn't the point is it? The fuss is about giving one corporation wide access to your info where you live, ie on the machine that you're posting from/working from/writing personal diaries on etc.

        On the subject of Reg hacks - yes they can get to you via your e-mail address. Happened to me once.

      2. DropBear Silver badge

        Re: I wonder....

        "I dont like the massive invasion of privacy, but there is little I can do..."

        It's called "learned helplessness". Look it up. It's also false.

        "...or really want to do tbh im too lazy,"

        Oh, now that's an entirely different issue, innit. "The Grasshopper and the Ant" comes to mind. After all it's clearly profoundly dumb to "work hard" if "food is plentiful"; unfortunately, by the time it's not, it's too late.

      3. fung0

        Re: I wonder....

        I dont like the massive invasion of privacy, but there is little I can do, or really want to do tbh im too lazy

        There is a lot you can do, and all it requires is that you be just a bit lazier than you already are. JUST DON'T INSTALL WINDOWS 10. Pretty simple, huh? Be just lazy enough to not jump when Microsoft tells you to, and a year from now, the world will be a better place.

      4. Cari

        @AC Re: I wonder....

        "on another note, how anonymous is this post really, you all love your privacy, but if a reg hack wanted to know who posted what ... well..... I'm sure it isn't hard for them to see."

        As anonymous as the information you gave when signing up. Not everyone provides their real e-mail address, name etc. When signing up to online forums.

    5. Kobus Botes
      Boffin

      Re: I wonder....

      @ Timmy B

      A good introduction is to read up on the right to privacy - particularly what Judge Brandeis had to say. Unfortunately it is too long to repeat here (and too intricate), but you can start here:

      https://www.brandeis.edu/now/2013/july/privacy.html

      http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html

      https://en.wikipedia.org/wiki/Louis_Brandeis#Olmstead_v._United_States_.281928.29_.E2.80.93_Right_of_privacy

      If that does not scare you, you are welcome to give away your privacy.

      1. Timmy B Silver badge

        Re: I wonder....

        @Kobus

        I understand the issues surrounding privacy and value mine - heck it's why I spend so much time away from any electronics living in the woods under piles of sticks (seriously I do). But I also understand that all the trappings of modern life are linked and information is a sought after currency in this brave new world. I happily give away a little of my privacy to use things online. I allow MS, Google, Amazon etc. access to a lot of my information. But personal things I cherish I don't freely share online - I don't need to and don't want to. In all this I have the control as I let lose what I allow online.

        I give information away but what I do is with my consent - but then I'm not daft enough to just click [Next], [Next], [Next] on any software installer.

        There are, after all, far worse things to worry about in the world today and if people don't see that then perhaps they aught to get their news form places other than the Reg.

        1. Kobus Botes

          Re: I wonder....

          @ Timmy B

          ...I give information away but what I do is with my consent...

          Ahh, but then you DO care. The point is that you have looked at the issues, assessed the implications and decided that it is not worth (in most cases) your while worrying about it. That is OK.

          I, on the other hand, refuse to have a Facebook account, or a Twitter account, or a Watsapp account or a Skype account. And I keep location awareness off on my phone, as well as WiFi - both only gets turned on when I need to or have control over what is sent out (as far as it is in my means).

          That is also why I post here under my own name (I also have another account, or post anonymously when I do not want to be easily linked to whatever I have to say, for various reasons). But I am under no illusion that The Reg can connect the dots and know who I am, and I am OK with that.

          The problem with giving away your privacy, though, is that the vast majority of people who do not care are completely unaware of the possible ramifications (and seemingly also do not really want to think or worry about it). Those of us who do value our privacy therefore stand to lose it, as the majority who do not care will also not do anything about protecting privacy rights, thereby giving your and my privacy away. That is why those of us who have assessed the problem should fight to keep it and make others aware of what is really happening.

          1. Timmy B Silver badge
            Pint

            Re: I wonder....

            @Kobus

            Yes - I do care - but not enough to worry.

            I also view it more like an economic transaction - I pay in privacy for the use of a service. Generally I think I am getting a good deal. After all I recon you could find out pretty much anything about me with little effort.

            Saying that I don't have a twitter account (not that I use) as I tried it once and just don't see the point.

            And in total violation of the rules of internet discussion I am going to say you seem like a sensible chap and I've enjoyed our little exchange - have a virtual beer.

            1. fruitoftheloon
              Pint

              @Timmy B: Re: I wonder....

              Timmy,

              I am with you on the 'bargain' made with Google, I am also quite happy with the varying 'tracking options' that I have swiched off, tbh Google make this reasonably easy to do.

              'tis interesting that most folk aren't bothered at all, but perhaps that is my age showing???

              Have one on me.

              Regards,

              jay

            2. fung0

              Re: I wonder....

              I pay in privacy for the use of a service. Generally I think I am getting a good deal.

              You may not have noticed, but (contrary to Microsoft's contention), Windows is not "a service." It's a desktop operating system. We accepted tracking on the Web. We accepted endless privacy shenanigans on Facebook. We accept that the use of debit cards and loyalty cards lets corporations and the government track our every move, our every thought. And on top of all that, we've seen governments and corporations starting to use that mass of data in truly despicable, totalitarian ways.

              When, might I ask, were you planning to get worried?

              Windows is on over a billion devices around the world. If it's allowed to be just as riddled with privacy holes as Facebook, then we have no refuge left. Our work, our most private thoughts and activities are no longer private. Essentially, there's no privacy left other than locking yourself in an unlit broom closet and hoping that there's no IR camera in there with you.

              Windows 10 offers almost nothing of any value. A few miserable and badly-implemented new features. Is it excessive to suggest that maybe we could be just worried enough to resist giving up a huge chunk of our remaining privacy, in exchange for so little?

              1. Timmy B Silver badge

                Re: I wonder....

                @fung0

                N0 Windows is not a service and I don't have to use all the bits I'm talking about. Pretty much everything linked to onedrive / outlook / etc.

                My most private thoughts and activities are very private - they simply don't go online at all. I will start to worry when they can read my mind.

            3. LDS Silver badge

              Re: I wonder....

              I prefer by far to pay with money. Once they are no longer my money, they not carry any info about me. Money are fully anonymous. While paying with your data allows those who have them to build more and more knowledge about you, correlate them with more data even not coming fro you, and transfer it to others also. Those data stay, even when you had forgot about them... think about it. You're giving away much more than money.

    6. MJI Silver badge

      Re: I wonder....

      Store cards.

      If I want to hide from Tesco I do not use card and I use cash.

      Amazon

      Default to not using for presents as they spurt information everywhere.

      Ebay

      Junk account or private browsing for when I want to look at things I do not want to appear in my history. (It does work)

      Google

      Some parts live in HOSTS along with ad brokers

      1. Timmy B Silver badge

        Re: I wonder....

        @MJI

        Lets look at the worst cases and see if all that effort is worth it:

        Store cards - Tesco tries to sell you other stuff and annoys you with adverts.

        Amazon - Amazon tries to sell you stuff and annoys you with adverts - possibly one of those adverts shows a present you were buying as a surprise. More annoyance.

        Ebay - It goes wrong and things you don't want in your history appear in your history. Worst case is similar to amazon. Unless you're buying illegal stuff then you go to prison and too right.

        Google - Google knows where you are and pesters you with ads, etc....

        So the worst here is, depending on what you do, either mild annoyance or prison.

        As I'll never go to prison for buying tat on EBay then I take the risks and don't worry.

        Can anybody else show me any worse results. I'm still waiting for a realistic example of a bad outcome that doesn't rely on paranoia of accepting all the defaults in Windows 10

        1. MacGyver

          Re: I wonder....

          @Timmy B. (wanting worst case results)

          Ok, I bite.

          Let's say I work at Microsoft and I'm a psycho and I want to date a specific girl I saw at the store. I can find all her interests, her likes, her movements.

          Let's say some foreign government wants to compromise you because you work at a powerplant. We'll all they need to do is get a job with some company that has access to your data. Now they can find out through your online habits that you've been giving it to an office co-worker. They won't tell your wife if you just install this USB stick for them.

          Or, I can review all your data, figure out that you have a gambling problem, then bombard you with temptations, then send you lots of "cash for cars", "pay-day loans" and whatever to drain you as far as I can.

          I see you have bought an Epinephrine injector, I can send you send all kinds of "Worst bee problem in decades" articles and then my links to those pens. Basically ramping up your fears to sell you something.

          I can raise your health care price because you like windsurfing sites.

          I can see you looking up cancer and target you with homeopathic "cures".

          It gives people power over you, period. If there is a way for it to be used against you, someone will figure it out and it will be. We will need to be re-trained to understand how our lack of privacy puts anyone with access to our information in a position to manipulate us in ways we can not even begin to think of.

          1. Timmy B Silver badge

            Re: I wonder....

            @MacGyver

            All of those things are being done and have been done right across history without technology. These companies and corporations only have power over me if I allow them to. We're more influenced and controlled by the press and governments. If you're weak enough to have affairs, or a gambling problem or buy into homeopathy then I'd say you gave the power away long before installing Windows 10...

            Oh - and lobby your government so you don't have a healthcare system that can charge you like that. (I'm in the UK).

            1. fruitoftheloon
              Stop

              @TimmyBRe: I wonder....

              Timmy,

              You get it, I get it, in a few years my little lad will too.

              As to everyone else...

              Most people haven't a f'ing clue how their data will be stolen and mis-used (because they didn't realise what they were 'volunteering').

              Is this a world that on the whole gains from astounding data gathering/pilfering...?

              Your thoughts would be much appreciated.

              Regards,

              jay

        2. This post has been deleted by its author

        3. Cari

          Re: I wonder....

          "Can anybody else show me any worse results. I'm still waiting for a realistic example of a bad outcome that doesn't rely on paranoia of accepting all the defaults in Windows 10"

          Any of those places have their DBs compromised and your financial details, along with the rest of your personal identifying info are either:

          Sold to the highest bidder, who does what they wish with your ID (after emptying your bank account),

          Or posted online for free to make a point (as certain hacker groups are wont to do). If you're especially lucky, some unscrupulous media outlet will make a big deal out of the whole fiasco and kindly link to the info dump, increasing its visibility.

          In the short term, you may think "well all I had to do was cancel a card and change a few passwords, no harm done there."

          Of course, the Internet is forever, and even if you find your info among the thousands released and change what you can, that which you can't change is archived online and privately, to be dragged up whenever anyone wants to get at you for some petty reason or another, like pissing someone off on an Internet forum.

          Oh, and then there's the possibility of someone editing that info for shits and giggles. You may be one of the righteous, nothing to hide so nothing to fear, but that's not necessarily what the modified info says. Like the cases of photoshopped "revenge porn" that have caused some to lose their jobs.

      2. This post has been deleted by its author

    7. LDS Silver badge

      Re: I wonder....

      There's some differences, for example banks may be higly regulated, while IT companies are not.

      Sometimes I *want* my transactions to be registered because this mean I have means to prove it happened - say I buy a car, if I pay with a credit card or bank transfer the seller can't deny the payment. Pay cash and if trouble arises you may not be able to show you actually paid.

      Just, the bank can't see all of my transactions (if I pay cash, for example...), and is not authorized (at least here) to share them with anybody it likes. Other tracking methods - say fidelity cards - are clearly opt-in, you can refuse them, or decide when to use them. Still, a bank or the like can see only a part of my activities (sure, it can try to match them to others later...)

      But transfer this power to a PC (but should we call it "Personal" still? Or are they fully "Shared" devices nowadays?), make all settings opt-out and difficult to reach, and whoever controls it is able to track most of what you do.

      Do you believe these data can't be used against you? Do you believe they gather all those data just "to improve the service" or to target ads?

      Why do you believe they want health data? To deny you an insurance or the like as soon as you ask for one. Why car insurance wants a "black box" to track you? So they can tell you were 5 km/h above the 50 km/h speed limit, and/or too close to the car in front of you, so they can pay less, or not pay at all. Or just look at how prices can be modified depending on how your are willingly to buy a given good.... once you have the data, and the processing power, there's a lot you can do to exploit your "human products" to maximize your revenues.

      And don't believe they won't, they're already doing, and are improving quickly at it. Why MS is giving away Win10 for free and gave up all the money from upgrades? Of course, it believes it will have a fair ROI anyway - and where it should come from?

      And what about if someone breaks their security and gets access to your data? Do you believe it won't use against you in some criminal way? Ask those whose credit card data were compromised. Or their images and then made public. Or their personal data, and then used to impersonate them in fraudolent transactions.

      1. Reallydo Wannaknow

        Re: I wonder....

        "Why do you believe they want health data? To deny you an insurance or the like as soon as you ask for one."

        From what I read, the reason health insurance is such a hot commodity is that it makes identity theft much easier.

      2. Mpeler
        Flame

        Re: I wonder.... @LDS

        "Why MS is giving away Win10 for free and gave up all the money from upgrades? "

        As soon as I saw the "free upgrades" in the media, the idea of "fee upgrades" (for Micro$oft) popped into my head (or, rather, slithered). Aside from the fact they've just taken the computing world back 60 years to IBM's view of rental software (ahh, the days of TimeSharing and slooooow modems), they've managed to finally implement "one device, one copy, forever".

        Chuck the mobo in the skip because it's failed, replace it - sorry (dumb) customer, you'll need to purchase a new copy of windoze 1 0. Probably the same for other devices (I'm starting to believe all this licensing crap from XP onwards was a dry run for this).

        Getting a board which doesn't support UEFI would probably go a ways to putting a spanner in their schemes (btw, who REALLY needs a huge sysdisc in these days of SSDs....). I fear the days when M$ (or whoever, NSA, GCHQ, STASI, etc.) can refuse your UEFI PC booting, or perhaps even brick it. Then again, M$ updates sometimes brick things too.

        Using alternatives to Skype and Bing (OK, yeech)(either way) would also stop the implied consent of tie-in. Sad to say, this could be the final nail in the coffin for Windows Phones if people catch on the M$'s illict linking practices.

        Micro$oft: get your money-grubbing paws off my PC.

  20. Tubz

    From, the EU Deans office.

    Microsoft, it has come to our attention that you have released Windows 10, but we have noticed a few privacy violations. Young master Mozilla, isn't very happy you setting your browser as default either.

    You agreed to stop misbehaving or we would take the appropriate action

    We will see you in the EU Deans office later this afternoon for a good spanking and fines.

    1. Mpeler
      Headmaster

      From, the EU Deans office.

      From this point onward, Micro$oft,

      You are on DOUBLE-SECRET PROBATION...

      That'll teach ya...

  21. Anonymous Coward
    Anonymous Coward

    Microsoft vs Google

    I expect google to take some of my data in order to provide my "free" services. Google is an advertising company.

    I pay for microsoft software and therefore i dont expect to have to pick through it, as if it is adware, for privacy settings.

    If Microsoft expect me to subscribe to the Windows Service in the future as it speculated and quite plausible and i am also fighting with my data being harvested too... this make Microsoft more evil than google (except that I would be paying for evil instead of just consuming it...)

  22. Anonymous Coward
    Anonymous Coward

    Free?

    Surely, users didn't think Microsoft were giving away something, unless there was value to them on another front?

  23. kkfkxiek

    Petiition to MS

    Here I have created a petition to ms. You can vote for it.

    https://windows.uservoice.com/forums/265757-windows-feature-suggestions/suggestions/9160855-respect-users

  24. Trollslayer Silver badge

    Windows 8 was bad enough

    By not actually telling you you didn't need to log into their system but could have a local account.

    Matrix time?

  25. auburnman

    I think it's time to accept the viewpoint that with all the obfuscation of your Privacy settings you probably have missed at least one, and/or MS have reset them while you weren't looking. Someone will need to figure out if you can firewall off any data that tries to escape to Microsoft while still letting OS updates in. (In fact firewalling the update server could be a good control mechanism to ensure that updates happen on your schedule, not Redmond's. However all this seems like a hell of a faff and will probably only see use by people forced into using/supporting W10.

    Where I think this will hit Microsoft bigtime is Compliance: what if the data I handle on a day-to-day basis is not only confidential, but I have a legal or professional duty to keep it private? Are people really going to use W10 if misclicking a privacy flag (or a forced update resets it) could put your job or your freedom at risk?

    1. John G Imrie Silver badge
      Big Brother

      Enterprise

      Why do you have Compliance data on a non Enterprise OS. Especially as the Enterprise OS lets you turn of some of the things the Plebs can not.

      Only partially in jesat

      1. auburnman

        Re: Enterprise

        Yeah, an Enterprise version will (probably) start out safe. But when (not if) a blunderer or bad actor in your IT or Microsoft or any one of a million programs with poor installers trips a registry setting somewhere, do you know for a fact that the Enterprise version is so structurally different to Spyware version that phoning home cannot possibly come active? And even if you did know for a fact last week Enterprise Edition doesn't have the phone home code, do you know for a fact that the latest wave of updates didn't accidentally or otherwise sneak some phone home code in as part of a wider update?

  26. Aoyagi Aichou
    Flame

    "Windows does not collect personal information without your consent."

    Yes, unreadable fine print hidden at the end of the (unlawful) agreement which is stowed in a locked filing cabinet in a disused toilet with a sign on the door saying "Beware of the leopard" is totally an agreement. How magical.

    This things should come with explicit and informed agreement.

    But hey, at least it isn't like WP8 where they upload all your primary contacts and calendar entries without telling you and without an option to opt out.

  27. Picky
    WTF?

    It's a pain in the behind ...

    Sacrificed a Windows 7 portable to 10 today - 2 hours later and it is SHI*E - no improvements on Win 7 really

  28. Amorous Cowherder
    Pint

    Everyone does know that this shit is in Windows 8 too right? I can't be the only one who checks every option during a software install to see what interesting options are lurking in the dialogs. I spotted this nasty shit back when Windows 8 first came out, read it carefully and disabled the nastier bits. I deliberately looked for it during the Windows 10 betas and there it was again, this time all switched on.

    Much like Oracle, they turn on various options by default, they get you to run an audit on your kit and then tell you it's your fault for not taking 3 months to read the 1200 page manuals properly when they fired up some hidden process that'll now cost you $25k/cpu!

    All software companies are bastards looking to fleece you for money or info.

  29. Captain Scarlet Silver badge

    Waiting for SP1 always pays off

    But then again so does hitting custom setup as it appears even Windows will at some point ship with the Ask.com toolbar

  30. Anonymous Coward
    Anonymous Coward

    Windows 7 may not be a refuge either

    FWIW, this guy says even Windows 7 is infected with this behaviour if you've allowed "critical updates" since April

    http://yro.slashdot.org/comments.pl?sid=7777263&cid=50231001

    1. Chika

      Re: Windows 7 may not be a refuge either

      FWIW, this guy says even Windows 7 is infected with this behaviour if you've allowed "critical updates" since April

      Interesting, but incomplete. I did find an article elsewhere that cited this:

      http://www.infoworld.com/article/2911609/operating-systems/kb-2952664-compatibility-update-for-win7-triggers-unexpected-daily-telemetry-run-may-be-snooping.html

      This cites KB2952664 and possibly a couple of other updates (including an alternative KB posted for Windows 8). I just tried removing the KB from the machine I had set up with Windows 10 (and since reverted to Windows 7) and I ended up with some problems in the task scheduler. I wasn't too surprised.

      The idea of a lot of hacking and slashing cited by the poster in Slashdot, however, doesn't yet give any details.

  31. Bob McBob
    Stop

    European regulators will be all over this

    Only a matter of time before the Dutch, Danish, French, German etc data protection authorities will open a case. I fail to see how explicit consent is obtained by obfuscating it in a different menu. There is personal data here.

    M$ just don't give two hoots about "European" concerns.

  32. Matthew 17

    All this spying for marketing and advertising....

    is it really worth money?

    All this social media and now operating systems that record and log everything we do is to sell data to advertisers who use it to create adverts we block or ignore. Does anyone every actually buy something, anything because of user data that was mined?

    Was there ever a service or product created because of this information?

    If MS want to be the next Google and give away its software for free in return for spying will ensure it never be regarded as an Enterprise OS, or is that the plan you have a free spyware OS or a paid for Enterprise version that doesn't?

    Either way I'm convinced all this data is just a house of cards, when someone looks and sees that despite the petabytes of information collected no-one ever buys anything, the realisation that it's not worth anything and we have another dot com burst bubble.

    1. MacGyver

      Re: All this spying for marketing and advertising....

      You must not ever get called upon to fix the relative's computers.

      They usually have no Ad-blocking software, no cookie clearing, are using IE 7, have every swinging toolbar known to man installed. They also put their singular AOL email in everything that has ever asked for it.

      I bet that's a lot of people. I'm betting that those users are like prize winning cattle to these marketer types. I also bet that they click on their milk-fed ads as often as they're shown to them.

      Watch a mouth-breather use a computer for a bit and see what I mean. If you get bored, ask them to do a very specific search for something, like: "number of dollars spend on non-violent first-time offenders in prison". Now sit back as they click on the first search result Google gives them, then number two, then three, and so on.

      The fact you know what an Ad-block program even is puts you in a different category, one that makes it hard for you to even imagine how they use a computer.

  33. Morte66

    I checked the defaults. I decided...

    - If I'm going to see adverts, I'd rather they were targeted adverts. I have occasionally bought things that pleased me because of targeted adverts. Allow all that.

    - If I'm going to say "Hey Cortana, where's the nearest pub?" I'd like her to know where I am. Too often on Android I've received traffic information for Reading whilst in Norwich, or whatever. So location stuff can stay on too.

    - Like hell it is automatically giving out wifi passwords for my router. Turn that shit off.

    So, I'm happy enough, but I think it's very dodgy that this stuff is buried and defaulted and not really transparent at all.

    Also, I wonder whether I missed anything.

  34. pop_corn

    Personalised Ads? Bring 'em on!

    I don't understand what people have against personalised ads.

    As a middle aged fella (oh the horror!) I don't want to see ads for dresses, vacuum cleaners, nail polish, spar treatment weekend breaks or Fiat 500's.

    I *want* personalised ads, because I want to see ads for fast cars, beer, golf holidays and TVs so big I need to build an extension... so some power tool ads would be useful too!

    What's not to like about personalised ads?

    1. GrumpenKraut Silver badge

      Re: Personalised Ads? Bring 'em on!

      > What's not to like about personalised ads?

      The ads.

    2. thames

      Re: Personalised Ads? Bring 'em on!

      Going through a mid-life crisis, are you? Here's a nice tip - when the ad men told you that you needed to buy all that crap in order to be happy, they lied. Lies are still lies, whether they're "personalised" lies or not.

    3. Not That Andrew

      Re: Personalised Ads? Bring 'em on!

      Don't forget the ads for "sexy senior" dating services, haemorrhoid cream, "performance enhancers" prostrate cancer "treatments", hair loss treatments, plastic surgery & girdles.

  35. John Munyard

    If Microsoft invested as much in it's software as it does in it's lawyers they would have a better product.

  36. Anonymous Coward
    Anonymous Coward

    Limiting Windows Defender isn't more secure

    It's not a good idea to turn off cloud-based protection for Windows Defender, as that limits its effectiveness. By turning off the cloud-based function, it won't be able to check to see if there is a signature match that has not yet made it into the system's list. You'll be more vulnerable to newly deployed malware.

    If you want to turn off the cloud based option, then you'd be better off going with a different antivirus vendor and removing Defender altogether.

  37. AndyFl

    Breaks Data Protection regulations

    By collecting all sorts of personal data like this without making it clear to the user up front appears to break EU regulations on informed consent. It only becomes obvious what is happening if the user makes an effort and starts digging into the settings, the Microsoft privacy page is clear but it is hardly top of the average user's reading list.

    Principles of the EU regulations are informed consent and that data may only be used for the stated purpose for which it was provided by the individual.

    I see neither of these principles in operation here.

    Of course the Microsoft lawyers will disagree, but I'm pretty sure the judges and regulators in the EU will have a different view.

    1. Aoyagi Aichou

      Re: Breaks Data Protection regulations

      You can try asking them yourself, if you ever get a reply.

      https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/Contact

  38. ntevanza

    You ain't seen me.

    The post is required, and must contain letters.

  39. pop_corn

    Personalised Ads? Ah, it's not the personalisation.

    Ah so it's not the personalisation that people are bothered about, it's the ads themselves. Then install something like Adblock Plus.

    Whilst I agree that few people want to see ads, if I do have to see them, I'd rather they were personalised than random.

    After all, every ad you see in print or on the TV, is tailored to the audience the advertisers think are watching, which is a form of personalisation.

  40. Gatehellian

    A world of databases

    Whats interesting is that some people are not bothered by Microsoft collecting their information, suggesting that Apple, Google, Facebook, and even Twitter has been doing it for years so why complain now that Microsoft is starting too?

    The problem is that such power over data can be requested, or demanded by an EULA by any person or company despite them NOT being a government agency, or even a police office/organization.

    What that means is, even someone such as myself, as complete nobody, can go online and purchase, for example, a facebook clone website (for maybe $800), which we'll call "Scrapbook", copy and paste some of Microsofts' EULA terms into my brand new "Scrapbook" site's EULA, and just like Microsoft, and the other companies mentioned, I now have the legal right to absolutely everyone's information too (if they are a member of my website).

    All I need now is somewhere to store it all. Maybe i'll buy a server too. I think I can get a starter server for about $1500.

    The point is, if this type of non-privacy politics is going to be the new-age norm, then its really anyone's guess who is really going to be creating databases of everyone's information (for company profit).

  41. Boo Radley

    Does this mean it will prevent me from downloading torrents (of educational videos, of course), or will it just report me to the proper authorities?

  42. Jesus45

    Coming soon: hackers break in into microsoft cloud storage. Personal data from billions of users at risk!.

    What could possibly go wrong.jpg

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019