back to article Reminder: How to get a grip on your files, data that Windows 10 phones home to Microsoft

If you don't know how to control the information Windows 10 sends back about you to Microsoft, the Redmond giant has updated its guide on how to do so. Snappily titled "Configure telemetry and other settings in your organization", the page was tweaked on Tuesday, and some corners of the web are rather excited by this …

  1. Ketlan
    Devil

    Fat chance

    'Much of the info about how Windows and apps are functioning is deleted within 30 days.'

    'Much of???' That's including, possibly, some personal files? Not a chance.

    1. Mikel

      Re: Fat chance

      "Up to most of your data is deleted.". You know, like your broadband plan is " up to 50Mbps."

  2. Pen-y-gors Silver badge

    Missing option?

    What about option 0 - "Fec off you nosy gobshites" that doesn't send a single bit without explicit permission

    1. paulf Silver badge
      Pirate

      Re: Missing option?

      FTA: "There are four telemetry settings: "Security", "Basic", "Enhanced", and "Full"."

      There are four telemetry settings: "On", "On", "On" and On".

      FTFY

      1. Gotno iShit Wantno iShit

        Re: Missing option?

        There are five telemetry options: "On", "On", "On", "On" and Spybot Anti-Beacon.

        FTFY

        1. Triggerfish

          Re: Missing option?

          Nope, nope, nope and nope.

        2. Mikel

          Re: Missing option?

          @Gotno

          If you are running software that is designed and advertised to perform a function that you don't want it to, if when your countermeasures fail you have noone but yourself to blame. Microsoft's technology is adaptive to your defenses and you -will- be assimilated.

          1. Gotno iShit Wantno iShit

            @ Mikel

            No argument at that from me, I'm trying to avoid relying on one thing.

            Where possible telemetry updates aren't installed (1st line of defence), SBAB confirms their absence but sits ready to block of the tasks should they appear (2nd line). I accept it relies on me correctly identifying and blocking said updates which is a monthly PITA. SBAB edits the hosts file so there is kinda a 3rd line of defence. Since the executables don't exist I can't block them at the firewall but that would be just another line of defence on the machine anyway, as you say Microsoft adapts. One day soon I shall get around to reading the manual for my router and blocking the telemetry hosts there too, a much more acceptable independent line of defence. Still relies on a correct list of telemetry hosts though.

            Longer term I'm going Mint* at which point an even bigger learning curve begins. It's the monthly update filtering that has tipped me over that particular edge. Deadline is a year from now when my Action Pack subscription expires.

            *Not just yet though.

      2. Stoneshop Silver badge
        Holmes

        Re: Missing option?

        There are four telemetry settings: "On", "On", "On" and On".

        ITYM "On", "More On"*, "Even More More On" and "Extra Special More On"

        * Space and pronunciation thereof entirely optional

        1. Neanderthal Man
          Windows

          Re: Missing option?

          Me not understand. Who is Extra Special Moron?

  3. Anonymous Coward
    Anonymous Coward

    crashes and benefits

    There's a (slight?) parallel that can be drawn between telemetry reporting crashes and yellow card reporting of adverse effects in pharma.

    Underreporting means important issues go unnoticed and more are affected (suffer) before the issue is resolved.

    That said, in medicine there are clear society needs to identify and prevent harm to the vulnerable. And that the system is not obvious unless you read all of the medicine leaflet and might be overlooked is less of an issue.

    While Microsoft's approach may be important to help its users, and other software might benefit from same approach, that the information has not been clearly set out from the start so that users can make their own informed choice, is detrimental.

    1. Anonymous Coward
      Anonymous Coward

      Re: crashes and benefits

      While Microsoft's approach may be important to help its users, and other software might benefit from same approach, that the information has not been clearly set out from the start so that users can make their own informed choice, is detrimental.

      could so easily be re-written as below for Care.Data

      While the NHS's approach may be important to help its users, and other healthcare might benefit from the same approach, that the information has not been clearly set out from the start so that users can make their own informed choice, is detrimental.

      Opting OUT of Both.!

  4. Scoular

    If Microsoft was sincere and honest

    If Microsoft was sincere and honest they would give users a clear and full explanation of what data they wanted to collect and allow users to decide how much they wished to share including NOTHING THANKS.

    They they would actually do as the user requests.

    1. Doctor Syntax Silver badge

      Re: If Microsoft was sincere and honest

      "If Microsoft was sincere and honest they would give users a clear and full explanation of what data they wanted to collect"

      They do. It's on that notorious long T&Cs page. It amounts to "pretty much anything we decide". Go read.

      1. Alumoi

        Re: If Microsoft was sincere and honest

        I've spend the last 2 weeks reading the T&C and your conclusion is wrong. It's not "pretty much anything we decide" but "everything we can get our hands on".

    2. Anonymous Coward
      Anonymous Coward

      Re: If Microsoft was sincere and honest

      if they were honest, they would say: We know that people want free lunch, however, as a profit-making business, we do not offer free lunches. What we offer is a lunch in exchange for showing us your privates.

      ...

      on second thoughts, this would NOT work, because on top of a being a profi-making business, they are a business that strives to make the most possible profit, ideally by hook, less ideally, by crook, if they can get away with it. And by lebelling it we'll-give-you-ours-if-you-show-us-yours is less profitable than by labelling it FREE!!!! FOR LIFE!!! COME ALL YA FAITHFUL!!!!*

      So, really, it's not their fault that people are such suckers, they only nurture human nature....

      * what, it's a little star-like thingy, what did you expect?!

  5. adnim Silver badge

    Remote control?

    "..they can request extra data from your machine, which Windows 10 will hand over under remote control if management approves."

    Presumably if management does not approve Windows 10 will be smart enough to know this and refuse to hand over any data whether the person doing the requesting is a Microsoft engineer, Bob or Alice?

    Of course the methods and security around the methods MS Engineers use to remote YOUR Windows 10 install will never be reversed, hacked or leaked. Or indeed sold to support a habit, gambling debt, lavish lifestyle or simple greed.

    Sometimes I wish I wasn't quite so cynical but that's very rare these days.

    1. Roger Greenwood

      Re: Remote control?

      I'm amazed - telemetry going one way I can understand, but remote control means something else entirely - "the key is under the mat" security again.

    2. Dan 55 Silver badge

      Re: Remote control?

      I've read there is a way to furtle Home's privacy settings down to Security but I can't find it at the moment.

      Full is quite shocking and I believe it's the recommended default, on Home at least. Not so much a back door as a front door with a red carpet.

      1. Pookietoo

        Re: there is a way to furtle Home's privacy settings

        Was that the install Group Policy Editor tweak?

        1. joed

          Re: there is a way to furtle Home's privacy settings

          regedit for home versions of Windows

          plus good firewall, rules and likely blocking IPv6 (impossible to mange target moving between billions of IPs)

      2. I ain't Spartacus Gold badge

        Re: Remote control?

        I can confirm Full is the recommended default on Home, as I've just had a shufti at the settings. Which live with Windows Update and Defender - I'm sure that menu wasn't there when I first installed Windows 10, but I could be wrong. I upgraded pretty early, as the PC was on Windows 8. Being a small company we tend to only buy about one PC/laptop a year, so get whatever OS it comes with.

        Anyway I'd been through the non-automatic installation, and unticked almost all the telemetery stuff, although I may have left the security/virus reporting stuff on.

        MS had interpreted that decision as "Enhanced" in this new (if it is new) menu. And I was given a choice of basic, enhanced or full (recommended).

      3. Aqua Marina
        Black Helicopters

        Re: Remote control?

        "I've read there is a way to furtle Home's privacy settings down to Security but I can't find it at the moment."

        I've been making use of DWS Lite much to the same effect. http://dws.wzor.net/

    3. alain williams Silver badge

      Re: Remote control?

      "..they can request extra data from your machine, which Windows 10 will hand over under remote control if management approves."

      They forgot to add: or any file that the NSA/FBI wants and asks us to collect.

  6. C Yates
    Mushroom

    NOPE!

    "we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID,"

    "Take steps"!? So they can still work it out then?

    I *really* don't like this; there's just too much leeway for them to be able to do/get whatever they want.

    Linux all the way now I'm afraid...

    1. Chika

      Re: NOPE!

      Fair enough, though there are a couple of things to take into account here.

      The first is that nobody is forcing you to change to Windows 10 besides Microsoft, and there are measures that you can implement to kill that nonsense off. Microsoft are still supposed to stick to their published extended support for Windows 7 and, if you really want, its current support of Windows 8.1 for some years yet.

      The second, chances are that the machine you are working on, if it was built with Windows 7, will be well past its prime by the time Microsoft ends support for it.

      So if you really don't want to use W10, Linux is only one of a few ways out of the situation. If you have W7 or W8.1 and it does what you want it to do, then why change now?

      1. Sir Runcible Spoon Silver badge

        Re: NOPE!

        For personal machines, if M$ decided to release a stripped down version of their OS just supportign DX<x> so people could run it for games, I might be tempted.

        If not, I'll just bite the bullet and only play games that can be played on Linux*

        *Don't talk to me about WINE. It's like black magic getting some games to work, and then I can't work out what I did to sort it out :(

        1. /dev/null

          Re: NOPE!

          "For personal machines, if M$ decided to release a stripped down version of their OS just supportign DX<x> so people could run it for games, I might be tempted."

          Isn't that basically XBox?

      2. C Yates
        Big Brother

        @Chika

        "nobody is forcing you to change to Windows 10 besides Microsoft"

        They're only the company people whose products are used the most at work and home...

        No real biggie there then.

        "there are measures that you can implement to kill that nonsense off"

        But you shouldn't need to, that's the whole point. Sure *I* can implement these measures, but the average person isn't going to know any better.

        "Microsoft are still supposed to stick to their published extended support for Windows 7..."

        A lot of people have had this "OS" practically force itself onto their systems. So even if they did try to stay with Windows 7, they would need to know what they were doing (see "average person" comment above) in order to avoid it installing automatically.

        "If you have W7 or W8.1 and it does what you want it to do, then why change now?"

        Oh I'm not, believe me :)

        1. DougS Silver badge

          "Nobody is forcing you to change to Windows 10 but Microsoft"

          You say that like its no big deal that they are trying to force/trick people into upgrading 7 & 8 to 10. Microsoft has added opt-out full data collection as part of the bargain, which you can't even fully opt out of. If the US had any decent laws that sort of thing should be illegal. I don't see how it isn't illegal in the EU under their data protection laws, but they move so slowly it will probably get raised as a case in 2019 when it is far too late.

          Since Windows 7 goes out of support in 2020 and Windows 8 was never fit for purpose, anyone who has to use Windows will be forced to upgrade in 4 years. I only use my Windows 7 VM for iTunes and to run the software that interfaces with the OBD-II port in my car, so I will probably keep using Windows 7 forever and not worry when Microsoft stops the security patches.

        2. Chika

          Re: @Chika

          "nobody is forcing you to change to Windows 10 besides Microsoft"

          They're only the company people whose products are used the most at work and home...

          No real biggie there then.

          I'd change just the one part of that statement. They're the only company people think can be used to run their products. As I've mentioned in the past, while software lock-in can be a problem, in some cases the lock-in is only force of habit.

          "there are measures that you can implement to kill that nonsense off"

          But you shouldn't need to, that's the whole point. Sure *I* can implement these measures, but the average person isn't going to know any better.

          No, you shouldn't need to. Don't belittle the "average person" though as they will often be the first to gripe when X has moved or Y doesn't work the way it used to. Then they take measures to correct that, which is where we come in!

          "Microsoft are still supposed to stick to their published extended support for Windows 7..."

          A lot of people have had this "OS" practically force itself onto their systems. So even if they did try to stay with Windows 7, they would need to know what they were doing (see "average person" comment above) in order to avoid it installing automatically.

          Maybe, maybe not. See my note above about your note.

          "If you have W7 or W8.1 and it does what you want it to do, then why change now?"

          Oh I'm not, believe me :)

          Fair enough. Nor am I. :)

          1. C Yates

            Re: @Chika

            "while software lock-in can be a problem, in some cases the lock-in is only force of habit"

            Agreed, although again, the average person generally isn't going to be the one that breaks that habit.

            "Don't belittle the "average person" though as they will often be the first to gripe when X has moved or Y doesn't work the way it used to."

            The average person isn't to blame or belittle for this. MS are.

            "Then they take measures to correct that, which is where we come in!"

            First, they have to know it's a problem (most won't), then there's the fact that a lot of us don't *want* the extra work!

            Microsofts' Facebook-like "arsing-about" with privacy shouldn't be something that we have to deal with!

            There's enough to do with hunting down drivers (which the Win10 updates are terrible at finding btw - another gripe), general software/hardware errors/maintenance etc. Adding the joy of ensuring a customer/friend/family members' privacy isn't being violated too is something that just shouldn't need to be done.

            They are causing all of this, why can't they fix it?

            "Maybe, maybe not. See my note above about your note."

            Hah! well if you'll refer to appendix A, you'll find something in sub-section B that will clearly disprove your argument. (Sorry, it's been a very long day.)

            1. Chika

              Re: @Chika

              "Then they take measures to correct that, which is where we come in!"

              First, they have to know it's a problem (most won't), then there's the fact that a lot of us don't *want* the extra work!

              Nobody wants extra work. But then I believe that's where we certainly agree in that MS are the root cause of this whole problem.

              Microsofts' Facebook-like "arsing-about" with privacy shouldn't be something that we have to deal with!

              There's enough to do with hunting down drivers (which the Win10 updates are terrible at finding btw - another gripe), general software/hardware errors/maintenance etc. Adding the joy of ensuring a customer/friend/family members' privacy isn't being violated too is something that just shouldn't need to be done.

              They are causing all of this, why can't they fix it?

              Because they probably believe that there is more in it for them by sticking to this, especially now the deed is done. That and the age old problem with Microsoft; they don't like to admit they are wrong.

              "Maybe, maybe not. See my note above about your note."

              Hah! well if you'll refer to appendix A, you'll find something in sub-section B that will clearly disprove your argument. (Sorry, it's been a very long day.)

              Heh! We've all been there! :)

  7. Benno

    YOUR Windows 10 install?

    Sorry guys, Windows 10 isn't yours. It's being leant to you for free (for now). At what stage did you think you had the right to prevent this 'telemetry' stuff from happening?

    This is one of the things that annoys me so much about W10 - if the product had been managed 'better' people would be falling over themselves to use it (it certainly seems to perform well - from what I've read).

    C'est la vie...

    1. Anonymous Coward
      Anonymous Coward

      Re: YOUR Windows 10 install?

      > C'est la vie...

      Since Windows 8 it's been more 'C'est la guerre' than 'C'est la vie'...

      1. Chika
        Trollface

        Re: YOUR Windows 10 install?

        C'est la vie...

        Good. I could do with a dump...

    2. nijam

      Re: YOUR Windows 10 install?

      > ... Windows 10 isn't yours. It's being leant to you for free...

      Errrr, no. Maybe you meant "Windows 10 isn't yours. It's being leased to you for for a substantial sum of money loaded on the hardware price of your PC"?

  8. Pascal Monett Silver badge
    Thumb Down

    "gaming achievements"

    Yup, I understand perfectly that such information must be immediately sent to Redmond to improve Windows 1 0 stability and functionality. NOT.

    My solution is to not install Windows 1 0.

    1. Pen-y-gors Silver badge

      Re: "gaming achievements"

      I agree - Windows 3 1 was bad enough, I really don't want to go back to Windows 1 0

  9. Anonymous Coward
    Anonymous Coward

    Is there any way to disable telemetry data altogether on any version of Windows 10?

    Other than not installing this NSA sponsored malware of course?

    1. Anonymous Coward
      Anonymous Coward

      Re: Is there any way to disable telemetry data altogether on any version of Windows 10?

      https://github.com/WindowsLies

      1. Sir Runcible Spoon Silver badge

        Re: Is there any way to disable telemetry data altogether on any version of Windows 10?

        You could always set up your router to block outbound connections to MS IP's. You'd need to keep it up to date and keep an eye on it, it also might mean your machine goes on a go-slow if it's timing out loads of connections.

  10. Jack of Shadows Silver badge

    Certainly gives me pause

    But not from the thought of my privacy being violated by Microsoft. What is concerning here is that IT needs to give a serious thought to what their employees are using in terms which version of Windows they are running (remember, telemetry hooks exist in 7 & 8 unless blocked) and which specific variant (Home, Enterprise,...). Especially the variant. Get together with Legal and make sure both of you are thrashing out the possible sharp-edges here.

    Not good. Not that Windows 10 will ever be seen on any bare metal that I own. Hannibal the Cannibal grade muzzled Virtual Machines? Yeah.

  11. paulc

    Well I was going to recommend Linux Mint...

    But...

    1. Anonymous Coward
      Anonymous Coward

      Re: Well I was going to recommend Linux Mint...

      Yes, that is a bit of a bummer. While Mint's more than good enough for me - I'm reluctant to recommend it to anyone right now, even though it's still much safer than Windows.

    2. Chika
      Linux

      Re: Well I was going to recommend Linux Mint...

      But...

      You leave my arse out of this!

      openSUSE all the way over here. At least for the moment (I just wish they'd stop brown-nosing with RedHat).

    3. Anonymous Coward
      Anonymous Coward

      Re: Well I was going to recommend Linux Mint...

      Appeasing GUI but, lacks the security with it's hybrid coding according to this article.

      http://www.infoworld.com/article/3036600/linux/is-linux-mint-a-crude-hack-of-existing-debian-based-distributions.html

      Far safer checking with SHA256 than MD5

      (Day in a life lyrics spring to mind but not in Blackburn, Lancashire..)

    4. Ilsa Loving

      Re: Well I was going to recommend Linux Mint...

      I don't see why people can't just use the original Ubuntu. If you don't like Unity, don't use the main Distro. There is also Kubuntu (KDE), Xubuntu (XFCE), and a bunch of other varieties. They now even have version that has MATE as the default desktop.

      I prefer a Mac/Hackintosh myself cause I consider Linux to still be way too unpolished for my desktop uses, but for people who arn't as fussy as me, ?buntu is perfectly good.

  12. LDS Silver badge

    Basically, if you're not a business customer, your're screwed anyway.

    Of course they don't dare to collect much data on businesses or schools PCs, because the following lawsuits could become both costly and very bad PR. Consumer customers can be screwed at will. Nodbody at Nadella's premises thought that home PCs are used by children as well, just like the schools ones?

    I would have no problem to turn on crash inspection tools when - and only when - needed and send a report to MS - as long as it doesn let me inspect what it sends, and doesn't attempt to send anything outside the crash perimeter. When repeating a crash, I can be careful not to open other applications that could leave in memory sensitive data. And I may ensure other sensitive data are cleared before. If it is always on, and it does send it automatically without my approval, it can send sensitive data - and in some jurisdiction, it can also break the law.

    MS is just making clear Windows 10 is a dangerous operating system when it comes to your privacy. And the level of telemetry looks to go far beyond the crash inspection data - it looks a full user profiling to understand what it uses, when and how. Even if no error occurs.

    1. joed

      Re: Basically, if you're not a business customer, your're screwed anyway.

      Well, lets not forget about class action lawsuits in US. Windows 10 EULA makes it more difficult but I bet there will be some lawyers looking for money to be had (on MS' expense).

  13. Anonymous Coward
    Anonymous Coward

    remote execution?!

    This just pushed my paranoia dial into the red danger zone of tin-foil-hat levels, since this is effectively a back door. I bet its not as secure as it could be, and wont take long for something bad to happen to some poor sucker(s) somewhere because of it.

    DO NOT WANT.

  14. Adam 52 Silver badge

    If I read this correctly, Microsoft acknowleges that it isn't necessarily to collect some information by allowing the "security" level but doesn't make that level available to home users.

    So home consumers are denied the right data collection to be limited to that necessary.

    "Here come the Belgians", they seem to have a fit-for-purpose data protection department.

    1. Anonymous Coward
      Anonymous Coward

      "Here come the Belgians"

      You rang ?

      1. Joe Werner
        Pint

        "Here come the Belgians"

        .. and as Cesar wrote they are the bravest of all Celts ;-)

        Have a beer, there's so many little breweries in that small country that brew brilliant beer!

        1. Anonymous Coward
          Pint

          I think it was the bravest of Gauls (although it could've been Ghouls), but I'll have the beer anyway.

          Cheers

    2. Doctor Syntax Silver badge

      "So home consumers are denied the right data collection to be limited to that necessary."

      They're beta testers. Everything is necessary.

      1. hplasm Silver badge
        Devil

        "." They're beta testers. Everything is necessary."

        Windows 10 has reached beta?

    3. Anonymous Coward
      Anonymous Coward

      are you sure it's the Belgians, not the Spanish Inquisition?

      1. Chika

        are you sure it's the Belgians, not the Spanish Inquisition?

        Not something anyone would expect.

  15. Anonymous Coward
    Anonymous Coward

    W7/8 ??

    How much of this applies to the attempted retro-fitting of this telemetry mechanism to W7/8?

    1. Jess

      Re: retro-fitting of this telemetry mechanism to W7/8?

      If it is for NSA surveillance all of it, if it is for what it says very little.

      My argument would be if you don't trust MS to honour your privacy with Windows 10, why would you trust them with Windows 8, 7 or even Vista?

      I am using Windows 10, I like it, but I don't download pirate movies or use pirate software.

      1. Anonymous Coward
        Anonymous Coward

        Re: retro-fitting of this telemetry mechanism to W7/8?

        I think part of the point is that no Corporation should be allowed to gather information about you, me or anyone else in this method. Aside from from the legal privacy problems this doubtlessly creates for Lawyers, Medical Professionals, Accountants, Engineers and private Businesses. Remember there are many private businesses that are not big enough to justify buying WSUS. Then, of course, there is the average home user who still probably doesn't have a clue about this issue, but is still deserving of the normal privacy that they should expect without having to jump through any hoops to attain what should be a normal level of privacy.

  16. Rocket_Rabbit
    Meh

    Evil Corp

    As much as I will be turning my win 10 to basic when I actually install it, how bad is it really? I mean we all panic and go off on one but surely people aren't in the banana boat of 'Google don't do this' or any other 'inserttechcompanyherethatprovidefreestuff'. Microsoft aren't interested in you as an individual. Like all other companies, they want the big data.

    I admit that they could be a bit...a lot more clear about this, but they know it'll scare people off and everyone would have a massive over reaction to it. We still have a reaction, but at least it isn't in the public eye so MS have scored a win on this one.

    1. SundogUK

      Re: Evil Corp

      It's my PC. It belongs to me, not Microsoft. They have no right to ANY data from my PC without my express permission. End of.

      1. Anonymous Coward
        Anonymous Coward

        Re: Evil Corp

        Your PC, their software.

        Feel free to use an alternate OS if you don't like it.

    2. I ain't Spartacus Gold badge

      Re: Evil Corp

      Everyone's shown perfectly willing to accept this on phones and tablets. And even TVs and internet of insecure stuff... stuff. So I guess it's just the future.

      To be fair to MS, they're also being expected to provide similar reliability to tablets where the hardware and software are much more controlled - so I guess it's no surprise they've tried this on.

      I wonder what the diagnostic info is like on Macs nowadays? Given that Apple have total control of iPads and iPhones to collect to their hearts' content.

      Also, given normal consumers appalling attitude to security, I'm sort of tempted to say that this improves the privacy for them. In that sure it opens them more to MS, but it protects them more as a herd too, against security threats that might hit them later - as MS are now much more likely to catch and patch them.

      I'm amazed they've allowed themselves permission to operate tools (even the limited subset of OS tools they say). I can't see how that's legal, given that they've sought absolutely no permissions whatsoever. And no, the ticked by default request for diagnostic info definitely doesn't count as permission to actively run a piece of software on the computer. Particularly given how sensitive everyone's been when they've been trying to take down botnets, and I don't believe anyone has yet tried to clean up the affected PCs remotely.

  17. TheProf
    Thumb Up

    We have the power

    "Normal events are not uploaded on metered networks. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks."

    Change your network settings to metered and the power source to battery. That'll stop 'em dead, right?

    1. Paul Kinsler

      Re: "Change your network settings to metered and the power source to battery."

      But how do they determine "metered"? If my ISP charges per byte between my router and 'net, how (or why) would this necessarily manifest on some hypothetical W10 machine talking (only) via the router?

      Does "metered" really mean "mobile/data"?

      1. Woodgar

        Re: "Change your network settings to metered and the power source to battery."

        You can set this yourself in your internet connection settings. I forget where, and I can't check right now, but it's something you control rather than MS working it out for themselves.

        1. Boothy

          Re: "Change your network settings to metered and the power source to battery."

          It only works on Wi-Fi or mobile data as well.

          If your using a LAN connection, e.g. Ethernet to a desktop etc. Then the 'metered connection' option is missing :-/

    2. Mikel

      Re: We have the power

      Can I ask you something? Do you mount your car on rails so it doesn't veer off the road of its own volition, as the manufacturer told you it would? Do you chain it to a tree when parking so it doesn't wander off with your stuff in it? That is what this is like.

  18. Anonymous Coward
    Anonymous Coward

    "...we take steps to avoid gathering any information..."

    plain English: but we didn't say WE DON'T DO THAT.

  19. Anonymous Coward
    Anonymous Coward

    for security minded

    1. install cracked Windows 10 Enterprise or

    2. don't run W10

    ...

    3. how much is Enterprise, by the way, and do I get a discount for running it on one machine? :)

    1. AndrewDu

      Re: for security minded

      You can't get Enterprise (legally) unless you have an Enterprise Agreement.

      Minimum 500 users, if you're wondering.

      1. Anonymous Coward
        Anonymous Coward

        Re: for security minded

        oh

        (mock disappointment ;)

      2. joed

        Re: for security minded

        too easy with Enterprise version.

        It's just an ISO file and likely can be downloaded straight from MS (without much trouble). It'll install. It'll run. It'll just keep remind at logon to activate it, but you can ignore it. It's beta after all and you just keep testing it. I've had 8.1E running like this for ~2 years. 10E is past 6 months mark on another test box. Fire, use, shut down. Running on "metered connection" so possibly not getting updates (but not leaking my limited usage data either). I'd not pay MS for this system - it's just not worth it. Nothing on it out of the box (not that I planned to sign in with MS account just to get "good stuff"). Actually not using any of MS services is another common sense step in keeping your stuff private from MS. If anything at least it'll fragment your data across different services and make bid data work harder to make any sense out of it.

  20. Steve Davies 3 Silver badge

    The Article is just the tip of the Iceberg

    Go google

    Windows 10 telemetry blocker

    There are a number of results that will show you just how many IP addesses that your W10 installe wants to talk to even if you have set the Telemetry to OFF.,

    Barstewards

    Oh, and a report on /. yesterday seemed to indicate that the latest set of updates wlaks all over your user settings when it comes to default Browser and email client.

    They really must be getting desperate for your data.

    {Posted from a windows 10 free Environment}

  21. Anonymous Coward
    Anonymous Coward

    Privacy governance team

    >Sensitive info is stored in a separate data store that’s locked down to a small subset of Microsoft employees in the Windows Devices Group. The privacy governance team permits access only to people with a valid business justification

    Is the NSA a business?

    Who vetted the "subset of Microsoft employees"?

    Who is the privacy governance team and who vetted them?

    1. Eeeek

      Re: Privacy governance team

      > Who vetted the "subset of Microsoft employees"?

      > Who is the privacy governance team and who vetted them?

      Hey, I work in that part of the IT industry (not for Microsoft). I'm what's called an "external auditor". So, to answer your questions...

      The Microsoft executive team should have created a policy specific for the subset of Microsoft employees. the policy should cover, at a minimum, what roles within the organization constitute that subset, and some form of vetting. Vetting would generally involve the sort of background check one expects when one applies for any IT job and possibly a few more. Background checks, such as verifying references, employment history, financial/credit checks, and criminal background checks, are generally the ones used. Most companies only do this as part of the hiring process, although a few industries (such as audit and finance) perform these checks periodically on existing staff (generally annually).

      The privacy and governance team are most likely responsible for monitoring the systems and activity to ensure that it follows Microsoft's policy regarding this data. Similar to an audit but generally less intrusive and more cooperative with the people who actually have access to the data. In a large organization, like Microsoft, the governance team is usually in a separate reporting structure from the teams that they monitoring (often reporting up to a CTO or even the CEO directly).

  22. Anonymous Coward
    Anonymous Coward

    There was a time*

    when companies released software that worked instead of rushing out betas and relying on users to do the testing.

    (*)OK maybe there wasn't but MS is taking this user testing to new heights.

  23. Anonymous Coward
    Anonymous Coward

    gaming achievements, are always sent immediately

    yummy data, I'm sure worth a lot to the MS gaming arm. But hey, I'm sure that the spying arm would never, ever share that data with the gaming arm, right? Right?

  24. JEF_UK

    Windows 7 now just as bad!

    Un-used, idle Windows 7 with all new telemetry talks back 4 times per hour.

    NOT F**** ACCEPTABLE!

    Snort Logs following some of the vortex and settings IPs

    Date Pri Proto Class Source SPort Destination DPort SID Description

    02/24/16

    10:41:45 2 TCP Potentially Bad Traffic 10.10.3.1 5969 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    10:41:42 2 TCP Potentially Bad Traffic 10.10.3.1 5968 191.232.139.254 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    10:11:39 2 TCP Potentially Bad Traffic 10.10.3.1 5964 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    10:11:36 2 TCP Potentially Bad Traffic 10.10.3.1 5963 191.232.139.254 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    09:26:44 2 TCP Potentially Bad Traffic 10.10.3.1 5934 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    09:26:41 2 TCP Potentially Bad Traffic 10.10.3.1 5933 65.55.44.109 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    08:41:43 2 TCP Potentially Bad Traffic 10.10.3.1 5674 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    08:41:41 2 TCP Potentially Bad Traffic 10.10.3.1 5673 191.232.139.254 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    08:11:43 2 TCP Potentially Bad Traffic 10.10.3.1 5634 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted

    SNIP

    02:11:37 2 TCP Potentially Bad Traffic 10.10.3.1 5471 65.55.44.109 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    01:41:34 2 TCP Potentially Bad Traffic 10.10.3.1 5280 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    01:41:32 2 TCP Potentially Bad Traffic 10.10.3.1 5279 191.232.139.254 443 136:1 . (spp_reputation) packets blacklisted

    02/24/16

    00:56:39 2 TCP Potentially Bad Traffic 10.10.3.1 5209 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted

    1. Anonymous Coward
      Anonymous Coward

      Re: Windows 7 now just as bad!

      Excuse me, but I couldn't help but notice you're on 10.10.x - how the fuck did you gain access to my network?

      ;-)

      1. JEF_UK
        Big Brother

        Re: Windows 7 now just as bad!

        I'm on 172.16.18.0/24, 172.16.28.0/24 and 172.16.38.0/24 I'm just monitoring your 10.10.3.0/24 :P

        1. Sir Runcible Spoon Silver badge
          Joke

          Re: Windows 7 now just as bad!

          Is it time to add M$ owned address space to RFC-1918?

  25. All names Taken
    Facepalm

    Okay, be positive?

    It is naive in the extreme to think that mobile comms with computational power that smartphones have are not going to do lots of data analyzing and report that to base camp. But where is that base camp, who does it belong to and are there other wannabe, dodgy, improper, wstinking wrotten wrats basecamps huh?

    But that could be in the users favor?

    For example will the Happle, Ms or Big G let someone else slurp their (as in T-H-E-I-R) data for free?

    Uh-huh - once those analytics have become proprietary someone needs to look after their interest no?

    (Just trying to look at data slurping positively that's all)

  26. Whitter
    FAIL

    Feels like Clippy again

    MS just don't like to admit they got it wrong.

    It took years to kill Clippy; likely similar for this.

    1. LDS Silver badge

      Re: Feels like Clippy again

      I hope the EU or the like step in like they did with IE and Media Player and force MS to deliver WIndows 10 TF (Telemetry Free), because it looks it's capable of breaking a lot of EU privacy laws by collecting data it is not allowed to.

      But I'm afraid that's just a dream...

  27. JeffyPoooh Silver badge
    Pint

    "...why apps and services crash."

    For some folks, still stuck with a low bandwidth connection (e.g. dial-up, cellular, or even 2400 bps Iridium) to the 'net, the crashes are probably caused by their connection being completely plugged up with all this 'telemetry' data.

    Does setting a 'Metered Connection' flag automatically turn off all this rubbish?

    It really should be fully integrated in the OS. Set one (for example) 'Dial-Up (56kbps) Connection' flag, and the OS should configure itself and installed apps to minimize traffic.

    It should have been implemented decades ago.

  28. Anonymous Coward
    Anonymous Coward

    Not siding with, just pointing out, this is nothing new. And not just Microsoft, but pretty much everyone and everything. I know I can point to several devices around my home and work, along with tons of programs and apps that are excellent products but send data back to somewhere for whatever reason, or have options to deselect such intrusion, opting out, and even then by monitoring network traffic, you can still see these things doing.....something that makes me wonder, hell, the opt out really do anything? Makes me want to crawl the internet and read the fine print.

    And with Windows I feel people are sounding this warning, pointing, screaming "look! It's horrible what they are doing!" While at the same time using their phones and apps and having no option or concern for what data is being sent back.

    1. zero2dash

      "And with Windows I feel people are sounding this warning, pointing, screaming "look! It's horrible what they are doing!" While at the same time using their phones and apps and having no option or concern for what data is being sent back."

      The difference is, most of those other companies (Google included) are willing to disclose what they do with the information.

      MS has and is still playing coy. Not only that, but let's bring up the giant elephant in the room, which is the Windows Update sneakiness they're trying to pull on anyone with 7 or 8/8.1 into updating to 10....so, trust in MS is in the toilet. They say what they do, but they've already been proven untrustworthy, so why believe what they say? The bigger issue is what they're NOT saying.

      Two wrongs don't make a right. You also (most likely) have less personally identifiable information on a mobile device than you do on a personal computer. I couldn't care less if Google wants to crawl my email for a small one line text based ad, but I sure the hell don't want MS cataloging the files on my computer including tax forms with social security numbers. Hands off my computer. Google has access to what I allow them to have access to; MS wants access to everything on my computer. No.

  29. Wade Burchette

    Steps to get a grip of your files, data that is phoned home to Microsoft

    Step 1: Install Windows 7

    Step 2: Disable telemetry updates

    Step 3: Enjoy!

    Alternative --

    Step 1: Install Windows 8.1

    Step 2: Install Classic Shell

    Step 3: Disable telemetry updates

    Step 4: Enjoy!

    Another Alternative --

    Step 1: Purchase Mac

    Step 2: Enjoy!

    Another Alternative --

    Step 1: Download a Linux distro

    Step 2: Install that Linux distro

    Step 3: Enjoy!

    1. Anonymous Coward
      Anonymous Coward

      Re: Steps to get a grip of your files, data that is phoned home to Microsoft

      "Step 1: Install Windows 7"

      Good luck with that. I did a fresh install of Windows 7 from DVD last weekend, for a family member. The last stage of the install is an unattended compulsory Windows Update. When this finished there was a reboot and TADA! Windows 10 was installed. At no point was I asked if that was what I wanted. The version of Windows 7 I installed was paid for, so they downgraded to a free OS without asking.

      There might be a rollback option to the Windows 7 that never showed its desktop. Also, I suppose I could reinstall after disabling the PCs network connection. In the end I ran out of time so all I could do was set the spy level to Basic and leave it.

      I'm still W7 at home and the revelations about remote access to personal files in this article mean I will never go W10. It can only be a matter of time before this Microsoft Remote Access Trojan© gets hacked.

      1. Anonymous Coward
        Anonymous Coward

        @Tinfoil Fedora - Re: Steps to get a grip of your files, data that is phoned home to Microsoft

        Whaat ?!! You did a Windows 7 installation while connected to the network ? Man, you like living dangerously, don't ever do that again. Always run the installation without network connection, configure update settings to your taste so you can be able to chose and only after that go get the updates. I've been doing this since I was a Windows XP user and it never failed me.

        On my home network I have a lonely Windows 10 installation shackled inside a VM just to take a look at the beast, the rest is a mix of XP, 7, 8.1 and various Linux.

  30. Palpy

    But my friends, it is much worse --

    -- than you probably think.

    I'm not minimizing Microsoft's expanding grasp on user data. I don't run Windows at home.

    But I do run Intel's Management Engine. I have to. It's a chip-set embedded operating system that boots before my OS, boots before my BIOS, and has robust phone-home, encryption/decryption, and remote-control capabilities. It's outside my control, and outside the control of my OS. If it doesn't run, neither does my PC or my Macs, because it orchestrates CPU activity. Among other necessary tasks. (Not just Intel -- AMD has its own version of the ME.)

    http://www.theregister.co.uk/2015/12/31/rutkowska_talks_on_intel_x86_security_issues/

    And also see:

    http://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub

    So yes, switch off MS telemetry. Wipe the hard drive and install Arch. Install Qubes. Install OpenBSD. You are still running hardware that can capture your encryption keys and phone home. At least, that seems to be part of its capabilities -- it's closed-source, proprietary code which is carefully guarded. See the slideshare above, esp slides 6, 7 and 8.

    Regardless of Microsoft, we haven't "owned" our PCs for a decade or so.

    1. David 132 Silver badge
      Facepalm

      Re: But my friends, it is much worse --

      *sigh* Not this canard again.

      On all recent Intel PC systems, the ME is responsible for:

      - monitoring fan speeds / voltages / temperatures

      - running the secure enclave for SGX secure guard extensions

      On vPro-branded systems ONLY, the ME runs a more complex firmware that includes a network stack.

      Consumer, non-vPro PCs don't have a large enough SPI flash chip to run this firmware - that's one small reason why vPro systems are more expensive, the extra $0.02 or whatever for the larger flash chip, multiplied by the system vendor's usual mark-up. The network stack also relies on the presence of a specific Intel ethernet controller and/or a specific Intel Centrino WiFi card - again, most consumer systems don't use Intel networking parts, and certainly wouldn't use the more-expensive vPro ones for no benefit.

      So unless your system says "vPro" on it, nothing below applies:

      Out of the box, the network stack ("Active Management Technology" or AMT) on the ME is disabled. Shut off. Inaccessible.

      None of it can be used until the owner of the PC (either you, or in a corporate environment, your IT dept) has taken the action to "provision" the AMT capability and switch it on.

      That involves: setting access credentials, configuring the IP address etc, and choosing the level of user notification.

      Provisioning can only be done from the local PC via the BIOS, or across the LAN (not WAN) with appropriate certificate-based provisos (e.g, if the machine sending the provisioning info is on the kontoso.com domain, your machine must be too, and must have a cert from a recognized provider, valid for the *.kontoso.com domain, embedded in its BIOS at time of deployment).

      TL;DR: Hackers from China or Fort Meade aren't going to remotely enable AMT without your knowledge.

      Once the provisioning's done, then AMT gives you remote power-on/power-off capabilities, and a built in KVM redirection server (based on the VNC protocol with secure extensions).

      If a KVM session is initiated, a great big flashing icon appears in the top-right corner of the screen the whole time, and the screen border changes to a yellow/red stripe pattern. You WILL be aware that the PC is being controlled.

      There is so much security built into AMT that it's a PITA to provision and use it. I honestly sometimes wish that the security wasn't so robust - it'd make it a darn sight easier to deploy this stuff. AMT is very cool.

      Short version: does your PC say "vPro" on it? Then yes, it has "robust [...] remote control capabilities". For the PC's owner, by their choice.

      If not, it doesn't. It physically can't.

  31. J J Carter Silver badge
    Devil

    We know...

    MSFT is evil, cont. P.94

  32. Infernoz Bronze badge
    Devil

    Solution: have a broadband router supporting domain filtering

    I've added what I think are the relevant spy domains, from the list in BlockWindows on Github, to my router's domain filter, because I don't trust any software solution on a Windows 10 machine to be 100%, including the hosts file.

  33. Anonymous Coward
    Anonymous Coward

    Top-10 List: Enough of trusting M$ disclosures, where's the hardcore list of stuff to disrupt?

    #1. Any Windows UX / Spyware components uninstallable through Add / Remove programs?

    #2. List of sneaky Scheduled Tasks to cripple (Home OS versions especially...)

    #3. Likewise for sneaky Services (services.msc)...

    #4. Sneaky IE / Edge Browser Add-ons (run w/o permission etc)?

    #5. Sneaky Run / Runonce commands...

    #6. Sneaky DLLHost spawned COM objects..

    #7. Other Registry Key nasties not covered already above?

    #8. New forms of app launching in Win10 not covered above... (Lenovo Superfish / Dell type stealth sneakiness (pre-OS / UEFI / BIOS etc)?

    #9. Which subsystems do we need to run a Win2000 emergency repair disk on and force kill: c:\%windows%\system32\*.dll %windows%\system32\*.exe

    #10. Disable search indexing of files? Firewall: Can we still block all inbound / outbound traffic unless a rule is explicitly created by the user in WF.msc, or only trust 3rd party Firewalls?

  34. CAPS LOCK Silver badge

    I don't want Microsoft to own all my stuff, so I don't run Windows.

    It's the only way to be sure...</Ripley>

  35. Anonymous Coward
    Anonymous Coward

    MS Telemetry gathering Software/Apps/Hardware details en-masse, is Anti-competitive.

    As an example, Microsoft knowing the total number of Firefox / Google Chrome installations across Windows 10, or seeing a App/Program has become / is rapidly becoming popular, means Microsoft can target resources at those areas, develop their own competiting Apps/Software 'anti-competitively' using this insider knowledge/Telemetry data much quicker, it's therefore Anti-competitive.

    You see it with the default Application behaviour, an extra step has been put in place, when an Application like Firefox asks if you want to set it as Default, this instead opens a panel, where you then have to explicity change the default Edge to Firefox. Its all designed so the average user doesn't switch away from the default MS Applications.

    In fairness, Google Privacy checkup, for the web makes it as difficullt as possible to opt-out of Google's data collection across Search,Advertising,Youtube. Its confusing, far too many steps involved and truely, designed to obfuscate. Clear your cookies/advertising id- you're completely opted-in again. They really don't want you to opt-out.

  36. SoloSK71

    Sad to say

    but between having no time to install and configure and support, and no inclination to give up my privacy, I have pretty much given up on PC's at home. A variety of single use electronics (Kobo for reading, etc.) is what I have now.

  37. Greig_Mitchell

    Nothing new

    I think a lot of people seem to forget that Microsoft have been collecting and using telemetry data since at least Windows Vista, this is nothing new here.

    Organisations have always had the option to disable this via Group Policy and with Windows 10 consumers can rightly turn these options off from the get go.

    This is just another case of the tech journalists blowing things out of proportion again without properly doing their research first.

    FYI 1511 is the version number of the Windows 10 November update not the build number. 10586 is the build number.

    1. Sir Runcible Spoon Silver badge

      Re: Nothing new

      "collecting and using telemetry data since at least Windows Vista"

      and enabling remote access by default, and scraping up any and all of your documents 'just in case' they might have a bearing on a bug?

      "This is just another case of the tech journalists blowing things out of proportion"

      What, exactly, would you consider proportionate? Perhaps you don't just leave your front door open when you go out, but actively distribute leaflets with your address, vehicle access and a list of goods not already stolen.

      I doubt you do, so why wouldn't you consider the equivalent for your PC an issue worthy of being reported?

    2. zero2dash

      Re: Nothing new

      "I think a lot of people seem to forget that Microsoft have been collecting and using telemetry data since at least Windows Vista, this is nothing new here."

      Except it was opt-IN and not a requirement of using the OS.

      You can also refuse to install the updates that add or modify CEIP and Telemetry in Vista-8.1 as well.

      Big difference.

  38. Anonymous Coward
    Anonymous Coward

    HOSTS

    Can't you just enter the (36?) MS sites in your hosts file and assign 127.0.0.1 to block them?

    1. Uncle Slacky Silver badge

      Re: HOSTS

      No, MS ignores the hosts file for most of its telemetry. You have to block it at the router.

      1. Anonymous Coward
        Anonymous Coward

        Re: HOSTS

        Yep. And what's to stop them pushing update in the future to add new servers etc, meaning that (potentially) constant monitoring and router rules change is necessary if you're at all creeped out by Win 10.

        Is all rather too much effort for me, and so after 18 odd years, I am shifting to Linux.

        1. GMYF

          Re: HOSTS

          Yeah, but it seems now Microsoft is in with Fedora/Red Hat. Hosting ISOs and contributing money/code to the project. How long before upstream Linux is corrupted with Microsoft/government goals?

          1. Chika
            Linux

            Re: HOSTS

            Microsoft has had its sticky fingers in RedHat for quite a while now, and the practices of said Beast seem to have filtered through already.

            For example, have you noticed the concerted groan that goes up every time systemd is mentioned? Guess who is pushing that particular bit of crap?

            It's possibly the only reason why I might consider replacing openSUSE with Mint, though Mint hasn't ruled out using systemd in the future so I'm holding my horses and trying a few options in the meantime.

            Oh yes, and talking of systemd and pulseaudio.... F*** POETERRING!!!

  39. Eeeek

    Just how much did Microsoft pay El Reg to write this article? The privacy concerns of Windows 10 are so watered down it is absurd.

    Windows 10, even in basic mode IS spying. Don't believe me: go do a search about how much the FBI and CIA love the metadata of internet traffic. And what you bothered to list in this joke of an article goes way beyond what is available from metadata of Internet traffic.

  40. Cynic_999 Silver badge

    Bug reports and parts of files ...

    So if an application crashes when you are working on the payroll or a confidential document, the document or payroll database (or parts thereof) will automatically be sent to Redmond to assist them to find why the application crashed.

  41. GMYF

    After Bill Gates' anti-Apple rant where he states that Microsoft complies with government requests for software back doors without hesitation, I'm just done trusting Microsoft. The Windows 10 push has been going on for 7 months and it's far from a success. Windows 7, as a PAID upgrade, was a success. For a free upgrade, it is doing marginally better than Windows 7. As several news articles have said, it is a hollow, forced victory, and I can't believe anyone honestly trusts them unless they are Windows fanboys. Microsoft has repeatedly shown that what they say and what they do are quite different things, and I'm certain that dichotomy extends to privacy policy, update descriptions, and telemetry collection.

  42. herman Silver badge

    Well, at least they use https, but to which servers do they connect? If that is known, then one should block it in a network firewall.

  43. JLV Silver badge

    naive question

    Couldn't you just set up the hosts file so that MS telemetry ends up @ 127.0.0.1? At least most of the time?

    Or does that interfere with checking that you have a valid license and therefore lock you out somehow? Still, I assume Windows 10 doesn't stop working when it's disconnected.

    You know, you could almost tolerate this crap if they actually acted usefully on the info. Such as:

    1. allowing users to get rid of ribbons everywhere, if so desired. don't need no telemetry to tell them how many of us dislike ribbons.

    2. getting rid of Windows 8 style system settings dialog.

    3. etc..., etc...

    As it is, it seems like a lot of spying without much user benefit. And I really wonder why MS picked another fight with its user base.

    1. Boothy

      Re: naive question

      MS telemetry bypasses the hosts file. If you want to block, it needs to be at the firewall or router level.

  44. Camilla Smythe Silver badge

    I had some nice Indian Chappies....

    From Microsoft phone me up to fix stuff for me. Apparently my computer was reporting all sorts of stuff back to base and they were really sorry about that. Having gone through Windows R we had to use SupremoControl, which I was informed was Microsofts free version of something that sorts stuff out. Then some kind bloke called LogMeIn paid a visit and installed Chrome for me so I suppose Microsoft and Google must be mates. Anyway, long story short, once everything was fixed I filled out my details on a Microsoft provided form and was told the £49 fix it fee would be waived and I would be credited with £690 for all the stress they had caused me. They sorted that one out through Microsoft's preferred banking service, Western Union, and were even kind enough to set up the account for me so they could transfer the money. I am presently talking to my bank about how they should be using Western Union because my banks rubbish software appears to have taken £800 out of my account rather than crediting it and my computer does not really work properly any more ever since I visited their online banking service. Anyway, at least my computer is not reporting much if anything back to Microsoft because my mates from India have not phoned back to say so so everything must be cool... RESULT!!1!!

  45. Richard Plinston Silver badge

    under remote control

    > they can request extra data from your machine, which Windows 10 will hand over under remote control

    I would be interested to know how they do that. I have several computers here (none are Windows) behind my router which has a fixed IP. The only way to access a specific machine from outside is via the 'virtual servers' that I have set up: port 80 and 443 go to my web server; port [redacted] goes to sshd on another machine, and that is it. So no one could connect to this machine at all. And that is with a fixed IP, many computers wind up with varying IP addresses that change when they reconnect to their ISP.

    It must be that the Windows 10 machines connect to MS at regular intervals to receive instructions, such as 'send me your documents'. How hard would it be for a blackhat to intercept that connection and send their own request for private data?

    1. VeryOldFart

      Re: under remote control

      I'm not sure what they mean by 'remote control' but in principle there will already be a TCP connection from your PC to them so they can potentially do what they want with it. Your setup stops external TCP sessions being initiated but can't protect you from sessions initiated from your machine. You would need to block all of the outgoing 'telemetry' traffic at your router to stop internally initiated sessions.

      What they can actually do depends on the 'telemetry' system that is installed, which can in turn be updated at will.

      What could possibly go wrong with that?

  46. Stevie Silver badge

    Bah!

    We hates the bandwidth thief Microsoft so we does my precious!

    1. Chika
      Trollface

      Re: Bah!

      We hates the bandwidth thief Microsoft so we does my precious!

      Why don't you give them a ring?

  47. Bronek Kozicki Silver badge

    why bother

    I mean, why bother setting anything by hand. Just go and download O&O ShutUp 10 , and additionally to prevent Windows from "forgetting" your settings install Spybot Anti-Beacon.

    Or one could just not use Windows 10 at all (there are reasons why one might want to - but then see above)

  48. Kar98

    Oh no!

    Microsoft is stealing my kitten pictures!

  49. Old Handle
    WTF?

    Yikes. That's even worse than I thought.

  50. Anonymous Coward
    Anonymous Coward

    Did you see the trial balloon?

    Microsoft has a lot of problems with WIN10 not the least of which is security, privacy and functionality issues. Their latest issue if you didn't notice the trial balloon launched last month is that MS has decided it will NOT support new CPUs from Intel, AMD and Qualcomm that are being released this year and next so use on Win 7-8 even though these versions of Windows are fully capable of running the new processors. MS has decreed that the world must upgrade to WIN10 or you will not be able to use any new processors on Windows at all.

    Seeing as though consumers and enterprise has very valid reasons for not upgrading to WIN10, such as security, privacy, functionality, etc. I see this deal headed for a Federal court system in the U.S. and national courts in countries around the world. I wonder if the EU beaks have seen the trial balloon that MS posted last month on the mandatory upgrade of all Win 7-8 users to WIN10? I hope the EU is not going to allow this unilateral and arbitrary decision by MS to shut out 90% of the world that uses Windows for work or personal use.

    1. Tridac

      Re: Did you see the trial balloon?

      Who cares, other than paranoid commercial environments that must have the latest and greatest hardware / os and slavishly install all patches because microslop say they need them ?. Once you get a system installed and stable, there's a good argument for locking it down frozen at that spec for good... As for performance, there really has been little advancement in processor performance over what is actually needed in years and most users would be quite happy with 5 year old or even older hardware to run their os and apps.

      None of the hardware here is less than that in age and we are using 7 and even Xp for some work. All updates are switched off after install of the initial service packs and all machines are running only the services that are required to actually get the job done Windows is actually pretty good stripped down to essentials and we haven't had any malware probles for as long as I can remember..

      Why does anyone need windows 10, when erlier versions are quite capable of running all the usual apps and will do for the forseable future ?...

  51. Max Normal

    Disable all the telemetry gubbins easily...

    Install Spybot Anti-Beacon.

    https://www.safer-networking.org/spybot-anti-beacon/

    Disables all the MS essential data-hoovering rubbish.

    1. LDS Silver badge

      Re: Disable all the telemetry gubbins easily...

      Don't worry, some of the next update will remove/disable all the known anti-spyware software. MS controls the OS, so as along as you use Windows 10 it has the advantage. And as long as you use Windows 10 because it's free, you're telling MS it did the right thing - sooner or later you will be defeated and all these untilities will be rendered useless.

      Only if MS understand Windows 10 becomes a failure because of its spyware capabilities, there's a chance they will be removed (unless one day some privacy enforcing agency awakes and tell MS to stop it if it wants to sell Windows 10 legally...)

  52. bluest.one
    Big Brother

    You have to remembe that, regardless of Microsoft's stated intent and regardless of the setting you choose, undepinning this is the fact that all USA companies which deal with customer data are outsourced branches of the NSA, who can plunder anything these companies are able to collect.

    In addition, the idea that NSA will IN ANY WAY respect the mere software privacy settings of your operating system ("Oh no, they put the security on 'basic' - we can't peer through their documents now!") belongs to a pre-Snowden age (otherwise known as the fool's paradise).

    Windows 10 appears to be insecure by design.

  53. lonegull

    Desperation

    Trust a company that doesn't disclose or even admit that Windows 10 is sending information back to Microsoft for months after release? SERIOUSLY!! Trust Microsoft after the malware style upgrade campaign used to for Windows 10? WHAT THE....?!

    Leasing their software should not by any law allow Microsoft the kind and breadth of access to private data that Windows 10 EULA and privacy agreement allows. The software (Windows 10) is owned by Microsoft, the hardware running the software and the information stored on that hardware is NOT.

  54. lonegull

    Tip of the iceberg!

    I suspect diagtrack and the bypassing of the host file is only the tip of the iceberg to the extent that Microsoft has backdoor-ed Windows 10. Given the breadth of access they give themselves in the EULA and privacy agreement, there are other undocumented subverted system processes running in Windows 10.

    To be fair though, it isn't just Windows 10 spying on customers. Nvidia geforce graphics drivers send telemetry back to Nvidia. This can be disabled using the autoruns program from Microsoft.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019