Everything about Windows 10 privacy

Topic

New Reply

I mean ev-er-y-thing. Martin Brinkmann, of ghacks.net fame, has published the ultimate reference to Windows 10 privacy settings, on a site called Priv
[See the full post at: Everything about Windows 10 privacy]

14 users thanked author for this post.

MikeFromMarkham, Rick Corbett, Elly, SteveTree, lmacri, ch100, Fred, HiFlyer, lurks about, JSTechGeek, Mr. Natural, AlexEiffel, satrow, Microfix

Reply | Quote

Replies

How timely, I’ve just sent W7 to digital heaven and now on W10 v1803 my upgrade experience
Have the majority of these done within GP, Task Scheduler and Regedit. Extensive list though well worth a double check. Thanks for the link and heads up Woody!

Windows - commercial by definition and now function...

1 user thanked author for this post.

zero2dash

Reply | Quote

I also did the 1803 upgrade earlier this week on one of my machines and I just realized that it wipes out the Automatic Update registry entries. [sigh] Apparently my once-over on the settings to make sure they were left alone was not good enough.

2 users thanked author for this post.

Mr. Natural, Microfix

Reply | Quote

The first thing that anyone should do after upgrading to 1803 is go over all your privacy settings option. A number of new privacy snoop options come with 1803 and the new settings are wide open. And your previous settings may be reset as well.

Red Ruffnsore

Reply | Quote

I had the settings set in the GUI (Settings/Updates & security) but the registry ones were not there. I still had the net of the GUI, so I’m not too concerned.

I am testing this in a VM now to see if Group Policy is kept upgrade to upgrade. I would assume it will be, but then again, better safe than sorry (which is why I’m doing this experiment).

No other settings were changed from 1709 to 1803 that I can tell. The only new setting I had that I ticked was to use the telemetry viewer data, and then I promptly downloaded the actual viewer from the store. The data contained therein was harmless, indeed ‘Basic’ level data. It contained my PC name, which was the only identifiable data I could see. Being that I’m not using anything exactly top secret or cutting edge (4790k, the CPU contained within the box running the OS) – I’m not worried about it. [shrug]

Reply | Quote

https://www.reddit.com/r/privacy/comments/98maf8/windows_10_sends_your_data_5500_times_every_day/

People who are concerned about their privacy, tweaking settings in Windows 10 is like using a water gun on a forest fire. Windows 10 is a cloud service which Microsoft controls, while Windows 7 and Linux are offline operating systems where the user has full control over their Personal Computer… You have no privacy in Windows 10.

7 users thanked author for this post.

AlexEiffel, RamRod, Elly, Bill C., wdburt1, HiFlyer, Microfix

Reply | Quote

Even at router level firewall settings? For sure, you can’t block them all but, it makes me feel better

Windows - commercial by definition and now function...

Reply | Quote

The question is – does W10 give that much value to justify all the hassle?

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

2 users thanked author for this post.

Elly, wdburt1

Reply | Quote

If you’re blocking at the firewall, it’s essential the trump card, so yes, it will block it.
The problem you have is you’re blocking a moving target, since the DNS server names are going to rotate and change frequently, so anything you list now may not necessary be what needs to be blocked tomorrow.

I’m comfortable changing the settings and leaving it as it is. If I wanted to tweak my OS endlessly, I’d install Arch (Linux) instead.

Reply | Quote

I would implore you to look at the telemetry viewer, but my gut instinct tells me you’re not running Win10 in any capacity, even a VM with no NIC connected.

Yet you have an email account and probably a Twitter and Facebook account, and probably accounts for online bill pay, and a login to your bank, and other assorted logins.

The paranoia over freedom and privacy in 2018 is unjustified when it pertains to Win10, when they give you the options to opt out, and they even provide a viewer to see the actual data being sent.

Reply | Quote

I run 4 Windows 10 virtual machines (Home, Pro, Enterprise and Enterprise LTSB 2016) to be able to see for myself what differences there are when it comes to control and privacy.

And yes, I have read the “Telemetry viewer” and the Windows 10 user agreements etc etc and it’s clear to me that Microsoft is monitoring their users simply when they open programs, images etc on their own hard drive.

This is not about the telemetry, it’s about Windows 10 being a cloud service that takes over your PC and installs and changes whatever Microsoft wishes, such as reverting back privacy settings, installing bloatware, uninstalling certain programs that the users have installed and installing advertisements on the your PC. This is the biggest violation of customer trust that I have ever experienced and I find it infuriating that Microsoft gets away with this and worst of all, has people who still defend them, especially people who call themselves IT experts.

There are many arguments against this, such as “I don’t have anything to hide” and “You are still being spied on on the internet” which is a ridiculous way to defend something. I am very cautious of what I do on the internet because I know that Google can track and see what I do online most of the time, but to me, there is a difference between my online activity, and having my own operating system controlling everything on my computer, even after I close the browser.

Paranoia? Yeah sure, all those corporations and governments must all be wrong and paranoid right? Windows 10 has been criticized by France and Russia for its privacy concerns and even banned in China for collecting data and being unable to rightfully encrypt it. What a crazy coincidence that Windows 7 is not criticized right? This is why Windows 10 China Government Edition was created, to try to make Windows 10 resemble an offline operating system like Windows 7.

Also, you claim that Windows 10 gives you the option to “opt out” of the telemetry and data collection… did you even read the article I linked? First of all, you can’t disable the telemetry, only set it to “Basic” or “Security” (In Enterprise versions) but that STILL doesn’t disable the telemetry. Also, like I just said, what is the point of an option to opt out when your settings still get reset in the next feature update?

7 users thanked author for this post.

Wheel_D, Rick Corbett, AlexEiffel, RamRod, Elly, Sessh, wdburt1

Reply | Quote

Check your task Schedules.  Anything you can stop before it starts…

Reply | Quote

Stunning how many settings that you must deal with.

I wonder if any certifications (e.g. A+ Certification) cover all of these privacy settings? This sort of thing seems like it should be fundamental knowledge for a certified technician.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

MrJimPhelps wrote:

Stunning how many settings that you must deal with.

Bold emphasis mine.
And no, you do not have to deal with any of the settings; they are there to tweak if you wish.

1803 also has the telemetry reader where you can see all the data that is actually sent, if you’re even more paranoid. (From what I’ve seen, it’s basically harmless data at the Basic level, as mine are.)

Having the options =/= having to fiddle with the options.

Reply | Quote

I guess I should have said, “Stunning how many settings that you must deal with if you want to stop all of the telemetry.”

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

zero2dash

Reply | Quote

Now that is an undeniable statement if I’ve ever heard one.

Reply | Quote

MrJimPhelps wrote:

Stunning how many settings that you must deal with.

I wonder if any certifications (e.g. A+ Certification) cover all of these privacy settings? This sort of thing seems like it should be fundamental knowledge for a certified technician.

That’d be useful, sure, but these days it might be pointless for a cert provider to try to incorporate Windows privacy setting info at a sufficiently granular level of detail… because of Microsoft’s too-frequent Feature Updates (“FU” for short), along with their new “change-for-the-sake-of-change-to-justify-our-too-frequent-FU-releases-and-because-we’ve-decided-stability-and-predictability-are-no-longer-important-characteristics-of-a-Microsoft-operating-system” ideology, resulting in the regularly recurring possibility of maybe-not-completely-random-but-certainly-not-predictable Windows interface/setting changes…

By the time accurate granular privacy setting info was added to cert objectives and exams – and incorporated by training resources and providers – the included info might well have been obsoleted by Microsoft.

2 users thanked author for this post.

AlexEiffel, HiFlyer

Reply | Quote

What scares me is the number registry settings that must be made. This is recipe for a disaster. And for most, tweaking the registry is something they do not do at all nor know how to do.

1 user thanked author for this post.

wdburt1

Reply | Quote

These are GUI settings that can be made and do not have to be made; there is nothing listed in the article that requires manipulation of the registry.

If you want to get your elbows in there and batch file it to change the settings in bulk in the registry, sure, you can do so. This also is not necessary.

1 user thanked author for this post.

HiFlyer

Reply | Quote

As part of my Ph.D. assistantship (that I just received.  Hooray!), I am being fitted with a computer for my office/desk space.  Due to university policy, all computers must be outfitted with W10.  The first thing I did, before I even set a password, was defer feature updates for 360 days, deferred regular updates for 30 days, and set my active hours to be basically all day.  However, I am going to need to learn the nuances of W10 if I am going to survive this horrid mess.  I am also exploring the possibility of making a Linux partition.

This guide is going to be my lifesaver for the next 4-6 years.

Say a prayer for me as I enter the dark, corrupt netherworld of M$ W10

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

5 users thanked author for this post.

Elly, RamRod, Cybertooth, HiFlyer, Jan K.

Reply | Quote

AlexN wrote:

Due to university policy, all computers must be outfitted with W10.

Dude, with respect, that can’t be right.
No unix/bsd/linux boxes? No Macs? At a university???

3 users thanked author for this post.

Elly, HiFlyer, Jan K.

Reply | Quote

I could have gotten a Mac, but I’d have been waiting a lot longer.  Besides, once I put in the Linux partition (should it receive the OK), I’ll be parking my MacBook Air right next to it on one side and maybe my W8.1 laptop on the other.

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

You can probably run Linux Live, with persistent storage. It runs off of a flash drive – you could get a good-quality USB3 flash drive, so that it would be fast. Check our Linux Forum for more information:

https://www.askwoody.com/forums/forum/askwoody-support/other-platforms-for-windows-wonks/linus-for-windows-wonks/

Of course, if you run Linux Live, you won’t be able to connect to your school’s network. But if they let you connect remotely via something like Citrix Receiver, then get yourself a wifi hotspot (your phone can likely provide a wifi hotspot) and connect remotely via the wifi hotspot.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

HiFlyer

Reply | Quote

No unix/bsd/linux boxes? No Macs? At a university???

 

That’s one of the reasons I quit my Cybersecurity course (superior technician, an inferior degree to bachelor) at the Polytechnic Institute of Guarda, in Portugal. But they also have engineering degrees and masters in I.T. A total Micro$oft sweatshop. Totally sold out to M$. All on unmanaged automatic updates Windows 10. I’m out!

Since I already had a MCSA training on XP and an international career on IT and I’m 40 years old, the teachers respected me and had to swallow a lot of my rants and my laptops running Linux (and Windows VMs for Cisco software and Oracle SQL).

I even made out loud fun during class of one of the teachers having a Kali Linux desktop on a Windows 10 desktop…

It’s NOT nice to have PCs rebooting randomly out of the blue during classes on the teachers’ computers, in the library when you’re working or researching, late night while fighting deadlines for projects, or to a colleague imploding in almost to panic during a programming exam, for a long long time feature upgrade…… Or more recently another colleague of mine lost an entire morning of AutoCAD work because she didn’t save (her fault!) and the PC just said Oh you’re maniacally working on AutoCAD for hours, that doesn’t seem to be important, wait a bit while I shove 1803 down your throat, you can go out for a loooong coffee or may be cry for a good while. It’s OK, you’ve got the time and when you return you’ll have all your unsaved work lost (mmm… what about autosaves?) so you can go out and cry a little bit more and then cry again when the boss asks for the project…

But yeah, back on topic and at least in Portugal, there are universities that are teaching IT engineering degrees, have no Linux installed and run all on Windows 10 with loose wild automatic updating. Like I said, I’m out.

1 user thanked author for this post.

Elly

Reply | Quote

I even made out loud fun during class of one of the teachers having a Kali Linux desktop on a Windows 10 desktop

Hmmm, maybe not a good idea to make fun of teacher in class? Unless you have very good relationship with them, if they are petty they may punish you later when they turn in student grades. But, yeah, I totally understand the impulse…

I get why Microsoft created WSL (Windows Subsystem for Linux), it makes sense from Microsoft’s perspective. But from a technical perspective, it boogles my vendor-neutral mind that someone with technical chops wouldn’t choose to run native.

at least in Portugal, there are universities that are teaching IT engineering degrees, have no Linux installed and run all on Windows 10 with loose wild automatic updating

Wow. Assume polytechnic institutes maybe focus more on specific practical skills for (soon-to-be-)working IT professionals than more traditional universities, but still your story sounds scary for students there.

Reply | Quote

Hmmm, maybe not a good idea to make fun of teacher in class? Unless you have very good relationship with them, if they are petty they may punish you later when they turn in student grades.

I had a great relationship with that teacher. Actually, we all had, he is young and a very nice, very close to his students, always helping. We had a very good humor in his classes and I busted myself working very hard for good grades.

With the other ones I was an assertive Microsoft ranty. Working hard on their classes and talking to them about these issues as an adult and a professional with a former international career, always backing up my points with logic and never ever getting personal, respecting them and their work and positions.

But yeah, I was on a Cibersecurity course that discussed Specter and Meltdown zero times when it got out and I (thanks to you all here!) was on top of it, and that smelled like a huge dead rat, making me wonder what are they preparing me for when I get out of here with a paper and a title but not feeling ready to do real cibersecurity work when I would get thrown again into the sharks of the real working life. So I got out and instead I’m learning how to craft guitars by hand (and also by CNC running on Windows XP, my MSCA studies are useful here after all!).

Right now I’m looking at my cut hands from *very* sharped Japanese handsaws and chisels but I do not regret the choice one single time. And I thank you all for doing that job properly for me as just an internet user.

And I’m here looking at the Windows 10 mess for sport and being up to date as a spectator of all this circus, nodding at Microsoft and almost laughing because I am not on your shoes, gentlemen. I respect you and I empathize the pains of your everyday lives and very hard work.

Reply | Quote

Yes, we do have Citrix, actually!  If I can do Linux (which our research group’s IT guy said we an), then I’m going with one of the Ubuntu or Mint flavors.  I’ll read more when I’m ready to pursue that route.

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

Citrix Receiver for Linux:

https://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-latest.html

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Settings (GUI, registry, group policies, task scheduler) tell programs to skip ‘telemetry’ data collection/transmission, but it only applies to specific programs; and there is no guarantee that these programs handle settings as expected.

In the end, the only reliable way to ensure that sensitive data is not leaving the system unnoticed is blocking traffic to/from domains/IP addresses/ranges via DNS and firewall.

Reply | Quote

Couple of weeks ago I finally installed 1803 pro-64 on with the option to keep nothing. I really can’t tell that anything has changed as I steadfastly avoid using any feature Microsoft provides. Since I am not using any UWP based apps, even Edge, I uninstalled everything Microsoft lets me do using the uninstall where provided and used O&O ShutUp10 to further lock down the privacy settings. One thing I noticed was that even though I set the background apps be completely OFF, they all went back to ON whenever I logged in. “Mail and Calendar”, “Microsoft Store” and “Photos” would keep reappearing even though I never ran them. Terminating, resetting and turning them off in “Advanced Options” in Settings > Apps & Features gave no better results. Also the space used still kept changing from the 16.0 KB reset value telling me had been run. I finally had enough of that and used gpedit.msc and enabled “Let Windows apps run in the background” in “Computer Configuration > Administrative Templates > Windows Components > App Privacy” and set it to “Force Deny”. Now finally the background apps setting remains off. That page now also says “*Some settings are hidden or managed by your organization.” The space used shown in Settings > Apps & Features remains 16.0 KB expected except for the 17.8 KB shown for “Microsoft Store”.

HP Compaq 6000 Pro SFF PC / Windows 10 Pro / 22H2
Intel®Core™2 “Wolfdale” E8400 3.0 GHz / 8.00 GB
HP ProDesk 400 G5 SFF PC / Windows 11 Pro / 23H2
Intel®Core™ “Coffee Lake” i3-8100 3.6 GHz / 16.00 GB

1 user thanked author for this post.

Cybertooth

Reply | Quote

I recently came across another very good guide to Windows 10 Privacy here:

https://www.makeuseof.com/tag/complete-guide-windows-10-privacy-settings/

It strikes me as an accurate and
balanced look at this issue, and ends with this undeniable conclusion:

“It seems that in the age of data gathering and intelligence, Microsoft makes clear choices: act first and never ask for forgiveness.”

2 users thanked author for this post.

Cybertooth, AlexEiffel

Reply | Quote

Except how to shut it all off. Completely. Finally. Total privacy as a choice.

1 user thanked author for this post.

Elly

Reply | Quote