The most over-looked threat to anonymity: revealing personal information

Thanks. Unfortunately, a daunting task for our organization - skill of a lawyer with deep technical understanding / experience - possible, perhaps, in a big shop.

Right. Only a small amount of information is needed to be identifying.

mirimir, have you managed to stop those particular call backs? If so, do you have any tips of what to do?

 

I have a question: identifying for what?

From my point of view, XP doesn't leak anything. This is achieved by blocking all internet access for any component of the OS, and by disabling all online features of XP, including Automatic Updates. As mirimir said, the only information "leaked" was the one during activation, but that links a GUID (or other form of identifier) and some hashed hardware info to an IP, which is OK with me (well, I would've preferred no leak at all, but I can't have all I want )

 

I don't use Windows for anything where I want privacy

Also, as I move away from my true identity in a multiple VM setup, I download fresh install images at each level, and never loop sharing back, or share images from one setup to another. These are all Linux and pfSense install images, so there are no money trails.

 

Thanks. I think you answered what I was thinking about (but not having the tech background to be so precise, and uncertainty to content with any "callbacks") in the second part of your response.

I see from mirimir's recent response that he avoids the issue altogether. But, needing to use Windows, as you say, it seems that it is a "compromise" we must live with.

It seems the probability of exposure here might be lower than there would be through involvement in attention-flagging activity, that would motivate someone/group to want to start analysis on what the OP identifies as a risk.

 

Hello everyone, apologies for my lack of response (have been knocked-out with serious computer trouble, about which more anon, as it was a lot of hard slog to solve the problem, and how it was done might be useful to somebody) and thank you for your very interesting Posts.

One of my primary concerns about Microsoft is the "Index .dat Files" which angry Geeks have built entire Websites about:

(Quote): "Index.dat are files hidden on your computer that contain all of the Web sites that you have ever visited. Every URL, and every Web page is listed there. Not only that but all of the email that has been sent or received through Outlook or Outlook Express is also being logged. The file names and locations depend on what version of Internet Explorer you have. If you are running IE version 4.0 or above, the file name is "index.dat". Microsoft has not supplied an adequate explanation as to what these files are for or why they have been hidden so well."

http://www.softcows.com/windows_washer_delete_indexdat.htm

Microsoft claims that these folders are for "speeding up website access" but the Geeks all say this is total lie.

The Geeks say that there are a lot of Index. dat Folders hidden in the OS (i think they have identified at least five so far) and they suspect that there are even more which have not so far been identified.

Nebulus, howdy, i think you are too trusting of "Billy-Boy"!!!

On MajorGeeks Website there is an (unfortunately unupdated for years) program where the Geek who created it says that when you boot a Microsoft OS, and have "Automatic Updates" switched on, the OS sends to MS vast amounts of information about what you have done to your OS and what you have got on it.

i am getting really paranoid about all this stuff, the outrageously corrupt right-wing "government" of my country is right now ramming into law under "urgency" a raft of new laws making it legal for "government and allied agencies" (meaning USA FBI, etc; the New Zealand Green Party found out that the "government" had been meeting in secret with American FBI delegations for weeks leading up to the "introduction" of the new Bill) to spy on New Zealanders without a High-Court Warrant.

What this means is that every civilian here can now have all to/from mail opened, every cellphone/telephone call intercepted, all computer activity hacked and recorded, and their homes broken into to plant micro-bugs for audio/video recording, without a Warrant.

We used to have a free "Freedom-Of-Information" system, but successive right-wing governments have radically changed it to a "user-pays" system at $300.00 per question!!! And what you get for your $300.00 is usually several foolscap pages with everything blacked-out!!!

The new spying legislation makes it impossible to find out through the FIA if you are being spied on.

It is extremely alarming what is going on all over "western" world, like a great big hangmans' noose being very slowly but relentlessly tightened.

The entire Swedish Pirates Party have been arrested and thrown in prison for an entire year each, and their so-called "crime"? Campaigning against Copyright and demanding its abolition.

The Pirate Bay Website has been forced out of European Union altogether!!!

 

Would like to add also that Geeks/Programmers are literally like the Wizards in the old "Sword-And-Sorcery" legends; there are not many Geeks in the world and they vary greatly in their "levels" and capabilities although they all are continuously studying, experimenting, and learning, and the Linux/Open-Source Geeks are the Awesomemost Adepts!!!

An American once told me: "pull the plugs on every supercomputer system in the capitalist world and the whole rotten edifice will totally collapse".

Only unrelenting bailouts are actually keeping capitalism afloat nowadays even though their supercomputers are still unfortunately continuing to function.

http://www.globalresearch.ca/

The entire capitalist "System" depends upon Geeks to function. The governments/corporations who need these Geeks are totally dependent on them. The corporate bosses/banksters and their political puppets are NOT Geeks and know nothing about Geek stuff.

Hence the Big Noose: to gradually, bit-by-bit, to get the Geeks in the Empire under absolute control ultimately and prevent any of the rapidly-increasing hordes of poverty-stricken "Sheeples" from "getting Geeky" and becoming another "Cyber-Terrorist!!!".

 

The computer trouble that was mentioned (getting relentlessly enfilladed in Firefox Browser with popups demanding acceptance of more and more cookies) of course was "buggy" new Firefox Browser 20.0 and also 20.01; due to endless problems with later versions of Firefox after 12.0 (problems with later versions were such things as the "Cookie Delete" function being inoperable and leading to rampantly escalating Cookie Folder; to try and solve this hunted all over Web and downloaded lot of programs to "fix" this, but none of them worked; other problems included almost endless "Cookie Demand" popups, on every website that was gone to.

Kept on staying with Firefox 12.0 but more and more Firefox Add-Ons will no longer work with 12.0, and including essentials such as magnificent "Status 4 Evar!!!".

So tried Firefox 15.0 (which on a website somebody had recommended), 20.0, and 21.0 with utterly disastrous results. It's a very long story but finally found out that Firefox 19.0 gives no problems anywhere and can handle all the latest Add-Ons without any trouble, and Firefox 19.0 is available here:

http://www.oldapps.com/firefox.php?old_firefox=11884

Mozilla have got distressing habit of launching very buggy new versions of Firefox, that can literally transform non-Geeks into foaming-mouthed glazed-eyed Zombies!!!


Am now going away (what is that jubilant cheering i hear!!!) but will leave some URLS for Websites the readers here might like:

http://www.snapfiles.com/freeware/ (their massive array of free programs are bug-free: on the program pages that you select for the Editorial/download, if you scroll down the page you will usually find a lot of "User reviews" about the program, and nearly all of them are incredibly highly informative about the program. One of their Reviewers is awesomely fabulous Linux Gimp Graphics expert!!!

All Windows 7 users are blind, deaf, and dumb if they have not got "TinyWall" just google "TinyWall" for the proof!!!

http://www.snapfiles.com/freeware/

MajorGeeks is where the absolutely latest versions of programs is the place to go but pay very careful attention to the dates and ratings of the programs because they have got untold morasses of outdated/obsolete stuff everywhere.

http://www.majorgeeks.com/


Softpedia is another excellent download Website, but Softpedia and MajorGeeks are not meticulously "clean/bug-free" like Snapfiles (only "drawback" of Snapfiles is that a few of their programs such as MalwareBytes are a bit out of date but not by much - if you want MalwareBytes latest edition you should go to Majorgeeks).

http://www.majorgeeks.com/


Thank you again for writing, and do not forget this Website:

http://www.globalresearch.ca/

Is Website that everyone with a computer connected to Web should know, but unfortunately most people connected to Web do not ever know about this Website!!!

 

@ Originally Posted by TheWindBringeth
... An alternative approach would be to read Microsoft's *full* privacy statement, including any supplements that delve into specific features, for the products they would be using:

http://www.microsoft.com/privacystat...rproducts.aspx

and then do some searching for (independent) articles/discussions that try to drill into specific aspects.


@ Read a telephone-book of Legaleze/DuckQuack Speak!!!

Show me anyone in so-called "western world" who has got the time and/or patience to wade through the interminable Microsoft contract statements.

 

Is very true what you say, SafeGuy

 

The conversations here are most crucially important topics for all people who have got Web access.

 

WilderSecurity, thank you for your very good Website.

 

No, but I trust my brain, my tests and my configurations

Unless there is a link/proof to this, it is a pure speculation/paranoia.

 

I certainly trust Nebulus' assessment of his setup.

There's no need for speculation. If you want to know who your computer is talking to, and what it's telling them, use Wireshark. Some of the traffic may be encrypted, of course, but that's a good thing (unless its malware).

 

Thanks

I suggested Wireshark as well a few posts above, but it seems that not everyone is content with testing themselves what a Windows OS sends home...

 

Well, it is possible to send data using covert channels, such as packet timing etc. TLAs can do that. Some malware may do that. I doubt that Windows does. But you never know

 

Indeed one would want such traffic to be encrypted so that the information is protected from intermediaries. Assuming the device admin can MITM/decrypt it and perform meaningful inspection of what is being communicated, we're good. However, I'd like to explicitly mention (for the benefit of other readers) that if software uses an approach which prevents the device admin from doing so, we have a serious problem. Examples of this would be software that trusts/uses only those certificates that were built into it, software that uses custom encryption protocols, etc. Bottom line, you can't secure a device if you can't perform meaningful inspection of what it is transmitting and receiving.

FWIW, I don't think it requires much expertise or time to make a pass over privacy policies, even Microsoft's. For purposes of this discussion the objective is simply to walk through them, learn what you can about features which phone home information, and identify opportunities to disable the objectionable ones. This will be far easier for some than others, but even average users can do this and benefit from it. Seeing as how even average users will likely be exposing sensitive information to the software over a long period of time, and how in cases such as this we know for a fact that there are features which phone home information and some sensitive information can be caught up in that, it would seem highly prudent to make time for this and/or similar research.

For example, if you read the Windows 7 Privacy Supplement @ http://windows.microsoft.com/en-US/windows7/windows-7-privacy-statement#T1=supplement you will learn of:

Customer Experience Improvement Program (CEIP)
http://windows.microsoft.com/en-US/windows7/windows-7-privacy-statement#section_36

Windows, and also some specific Microsoft applications, is instrumented to collect configuration, usage, etc information and send that to Microsoft. A privacy conscious person would want to learn of and disable such features. FWIW, it is my understanding that in at least some pre-release versions of Microsoft software the disabling feature did not actually put a stop to such communications and it appeared to me that was by design (mandatory participation for beta testers). So I think it would be wise for privacy conscious uses to avoid pre-release software, or at the very least carefully research such issues before installing any.

 

well for one CEIP can be disabled as a list of other privacy and security holes in windows OS

for w7 users see this very useful thread from encryptedbytes

https://www.wilderssecurity.com/showthread.php?t=324004

and at mirimirs statement about serial keys being backtraceable to your IRL identity , its true , BUT , if you know how to purchase your OS of choice without any IRL info then theres no issue there, i dont recommend using it on anything IRL tied thou, for IRL id have a seperate purchase with my IRL identity tied to it , remember anything can be used against you if you dont know how to use it properly , this counts for linux users as well

thou mirimirs solution using Vms and compartmentalization is great for non IRL activitys and comes very much recommended as well

p.s: protip avoid w8 like the plague if your smart

 

The other end of the covert channel must be a Microsoft server, and if this is the case, they might as well send the information encrypted and get over with it Besides, using a covert channel needs a lot of "standard" information to be sent, which in my experience, doesn't happen. So, as you said, I doubt that Windows does it.

 

hahahaha i knew my suspicions were correct! Windows does spy on everything you do!!! Linux open source FTW!

 

Well, the possibility of Microsoft collaborating (voluntarily or not) with the US government just went up in my calculation, as they are one of the nine listed...

US Intel Data Mining From US "Internet" Companies

What are the odds it is limited to emails and bing search?

BTW, you guys here on Wilders are great! I appreciate your willingness to share knowledge on these topics as it seems that it is becoming an increasingly relevant issue to everyone. There is also a gold mine of knowledge in the past threads. Also, special thanks to the folks who run / moderate Wilders!