Windows 10 Privacy

Discussion in 'privacy general' started by Fox Mulder, Jul 10, 2015.

  1. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Lol, that was a waste of time. That guy is a complete idiot.

    If you give Microsoft the benefit of the doubt that they are not reading every keystroke then things are not as scary. The problem though is that they can read every keystroke. All it takes is a special letter from the FISA court for the NSA to get the live feed from every computer. That is what is scary.

    On another note Qubes OS is looking more tempting all the time.
    Has anyone used it as a solution?
     
    Last edited: Aug 28, 2015
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Been running it for a while now, but not as a full "production" system. Because of the variety of environments I have, I'm sticking with my manual assemblage of virtual machines doing stuff like Qubes but worse.
    Providing R3 proves stable, I think that next time I rebuild my main environment, it'll be on that base.
     
  3. Qubes is good but I'm not sure it's ready to be my main OS. If I was new to Linux I would choose Mint or Ubuntu but not Qubes.

    Look Qubes security model is great. I use Qubes 3 R2 on one of my Machines but if I was a newbie I wouldn't go with Qubes.
     
  4. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Looking at it I would agree that it is not for beginners.
    I have been using Linux systems for several years now so I think I should be OK from that perspective. The barrier I always have is that I need office, project and visio. Typically I have needed to resort to VMs to get the security that I need. Qubes seems like it would accomplish most of what I am looking for. I will see what the final version is like as I plan for my next computer upgrade.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Can always run W7 in Qubes as a hardware VM, so non-games programs are supported. Still get the networking and USB isolation.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  8. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    599
    My advice is don't try to do anything illegal on Windows 10 because the government can easily access all of the contents on your computer via backdoors on Windows 10. For example, if you connect to Tor on Windows 10, then Microsoft is probably alerted to the fact you are connected to Tor. And then they can probably get access to all of your files on Windows 10, as long as you are connected to the Internet.

    Windows is really terrible for privacy. I don't want to use Windows even though I don't do anything illegal because Windows is not trustworthy. Even the Chinese government doesn't use Windows because they are afraid the backdoors in Windows might infringe on their privacy and security.

    Learn to use Linux if you want to true privacy and control over your computer.
     
  9. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
  10. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    That was my thought as well, I am assuming that if I can run something in a VM currently it will work in Qubes VM. Might grab a spare SSD so that I can play around with it in my spare time before I make the call to put into production system.
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Last edited: Aug 29, 2015
  12. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Would running W7 in Qubes without external networking work to prevent data leakage?
     
  13. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Yes, I think you could edit the template environment that way so it was effectively airgapped (but allowed file transfer & clipboard copy) - in much the same way as a standard VM can work. I'd hope it would also be possible to run it in selectively revert-only mode if for any reason you wanted to have it connected - again, the way it works with normal VMs.
    I think that's exactly the sort of compartmentalisation that Qubes encourages, and indeed for W7 applications, almost all of the time, the applications have no business talking to the internet. I spend much of my Sandboxie config switching off internet access for anything that can see my data, and clearly having a virtual airgap would be better.
     
  14. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,910
    Location:
    USA
    It does make it embarrassing when you hack into company's in other country's and get caught because they can see what you are doing :rolleyes:.
     
  15. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    I first posted this in another thread but as it seems to be relavent here as well I will do a quick copy and paste (with a few alterations).....maybe I'm foolishly wrong and that's why it received no responses on the other thread? Anyway I'd hate to allow such a potentially useful thought pass into oblivion so here I go again...

    It's been almost a month since I've messed with Windows 10 and as most of the software I was waiting for is nearly Windows 10 ready I started taking another look at it yesterday. While removing components with NTLite and checking the result in a VM I came across something which I believe might be the key to getting non enterprise versions to actually respect the global policy/reg entry that sets the AllowTelemetry key to 0. eg actually disable it like in Ent vs minimal (basic) data...
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
    "AllowTelemetry"=dword:00000000
    
    The first clue was found in
    Windows\System32\spp\tokens\ppdlic\TelemetryPermission-ppdlic.xrm-ms
    in the form of a string that appears to prevent disabling telemetry
    "TelemetryPermission-AllowDisable">0<
    eg is telemetry allowed to be disabled? 0=false or NO
    So this says to me, don't let it get disabled...and this is found in Home, Pro and Ent...

    The second was found in an enterprise only file
    Windows\System32\spp\tokens\skus\Enterprise\Enterprise-ppdlic.xrm-ms
    which overrides the initial TelemetryPermission-ppdlic.xrm-ms
    "TelemetryPermission-AllowDisable" attributes="override-only">1</
    1=True or YES
    so with that entry Telemetry is suddenly 'allowed' to be disabled....either via the gpedit entry and the reg entry noted above (one and the same) but the result is the same.
    That string isn't found in the Pro or Home version skus...and so I feel this might actually be the point where the ability to disable it is checked/enforced using the SPP,...imagine that?!

    So would deleting TelemetryPermission-ppdlic.xrm-ms (it certainly seems to be the thing preventing it from being fully disabled on non-ent versions) and rebuilding tokens (warning, may need to reactivate after doing so) then allow ALL Windows 10 versions to properly respect the entry / fully prevent telemetry [at least as far as it goes on an ent version]?...or does it only do so if that override exists and removing that 'block' means zip? I am inclined to think the block matters as my understanding is that those Telemetry components were originally designed to be temporary (eg preview).
    Windows\System32\spp\store\2.0\tokens.dat
    https://support.microsoft.com/en-us/kb/2736303

    Rebuilding the tokens is needed because otherwise the telemetry cert data 'already' exists and persists in the tokens.dat by default...

    I don't understand enough about how it (SPP and the certs) works but I came across it and it certainly seems possible/plausible to me. I'm just not sure how to go about testing it yet. Thoughts anyone?

    In a non-activated VM I encountered no issues, but how to figure out if these changes make it respect the setting is a different question! Very open to input/ideas here but I'll go ahead and admit I'm not really qualified for network level analysis which is the only thing I can think of atm. /crossfingers The pieces as I've put them together seem to fit, I just don't know how to make sure they fit like I think they do... =(
     
    Last edited: Sep 1, 2015
  16. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    That is some great in-depth research and effort but at the same time it makes me wonder how fast I can install linux ;)

    These guys creating these block windows 10 privacy tools must be on similar wave lengths might be worth checking how they are going about disabling it or if your method above works you never know it may end up being added.
     
  17. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    Finally figured out a way to test it by using the process I outlined on a different component and its cert. Doesn't seem to work on that one so it doesn't look good. doh! =(
     
  18. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    My thoughts as well. Testing Qubes OS this weekend.
     
  19. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Worth a shot as always !

    I have tried linux several times in the past but tbh always deleted it since I hated the fact I had to sudo everything but the package managers and software are pretty good and the odd software can be sudo away, for its purpose to serve as a privacy and secure o/s I think it may just be worth it in the long run especially when its open source, no telemetry/cd key activation rubbish also.
     
  20. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Yeah gotta be done I don't personally believe in half these win10 reports but why risk it when other options are available and free.
    I am struggling in some areas but googling some guides helps and the rest ill post around to get solutions.
     
  21. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Started the testing and I am pretty impressed. I have set Windows up with no external network access. It appears that you can firewall each VM and even whitelists. Means I can set up the windows VM with internal but not external network access.

    Having some issues getting the seamless mode to run but overall very happy with the performance.
     
  22. Lagavulin16

    Lagavulin16 Registered Member

    Joined:
    Nov 26, 2014
    Posts:
    195
    Location:
    Emerald City
    Post #'s 179 & 180 in the thread "Windows 10 Issues, Problems & solutions" references the app -- O&O ShutUp 10 -- that appears to be more than moderately successful in blocking user feedback sent to the Peeping Tom conglomerate aka Microsoft (et al). I'll concede a healthy dose of skepticism for a 3rd party app's ability to quash M$'s insatiable appetite for your music, pics, keystrokes, passwords, contacts, medical condition, religious taboos, fave ice cream, pets' names, yada yada.... If anyone else has given this app a shot, please share your thoughts. Graci.

    Edit: imo the app in question seemed like a better fit for this privacy-focused thread.
     
    Last edited: Sep 6, 2015
  23. Rigz

    Rigz Registered Member

    Joined:
    Jun 28, 2015
    Posts:
    65
    Location:
    Earth
    As I posted in the thread I started about Windows 10 Privacy vs. OS X https://www.wilderssecurity.com/thre...ich-has-better-privacy-policies.379356/page-3


    "Today one of my students came up to me and told me that his Windows 10 install popped up a message warning him that software without a legal license was found, and that it would be disabled. I of course told him that he shouldn't be pirating software.

    That was enough for me to realize that Windows 10 is reporting far too much of what's going on and being installed on individual computers. Windows 10 shouldn't even be an option."

    By saying Windows 10 shouldn't even be an option doesn't mean that I'm advocating piracy, I'm just saying that there is no reason that the OS should be checking up on this kind of stuff. Suddenly Microsoft gets the privilege to know the directory and file structure of our private computer systems, and for some reason we're (the general public) agreeing to it.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    May we please have the name of the software? Is it a Microsoft product or service as they claim, or are they monitoring even more?
     
  25. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    75+ Million people have installed Windows 10 so far(end of august).... and not one user has posted a screen shot saying their software was found to be without a genuine license.....

    Not suggesting that students claim's were incorrect but we need proof in the pudding to be sure.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.