Windows 10 Privacy

Discussion in 'privacy general' started by Fox Mulder, Jul 10, 2015.

  1. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    I'm pretty interested in Windows 10 but I haven't been following it. Has anyone really delved into the privacy implications of this OS? I understand that it's even more connected to the cloud than Windows 8.1 was, but that these features are still optional.
     
  2. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    You can disable most if not all of the cloud stuff by choosing the customise setup option instead of express setup, also using a local account with windows 10 is still possible even though MS seem to go out of their way to hide the option in the various preview builds. My main concern is that you wont be able to stop automatic windows updates unless you use Pro or enterprise version. They also seem to be forcing drivers from window update on users who then report that their sound gets messed up every time the driver is updated.

    As with all MS OS's there always seem to be more phoning home & more ports you cant close in each new version. I would also never use a MSA (Microsoft account) with windows as all your browser favs, passwords, data etc end up on MS servers, considering that MS was one of the first companies to sign up to the NSA spying that is a big no no for me. I would also like a way to remove all the modern UI & universal apps from the OS as they are never used.
     
  3. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    i have Win 7 and updates turned off and still as soon as i connect to internet with 3G there are connections being made to Akamai, which i think is Windows Update.
     
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    The main concerns I've seen are that there are new mechanisms for authentication, some of which are explicitly biometric (3d face scanning), and also, are tied to the Microsoft Live Account. Just as with storing Bitlocker keys in the cloud, there would be concerns with how it stored any certificates or other fingerprints in the cloud. I believe the additional two-factor authentication mechanisms are optional though (and some use the Fido U2F standard which is relatively new but does have some desirable privacy advantages over other schemes).

    I think the level of responsible disclosure about all this is poor frankly, and although I've searched (and had a go of the CP), there is little to go on. I'd like to see, from MS, a few white papers explaining how all this works.
     
  5. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
  6. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Same here. I wish they backpedal on this move.
     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I'm not sure there is a difference, but the English-US version would be http://windows.microsoft.com/en-us/windows-8/windows-8-1-privacy-statement.

    If one were interested in what applied to Windows 8.1 (some of which may apply to Windows 10), you'd begin by studying the "Features supplement" on the above page. IIRC, it doesn't communicate ALL the important details that you would need to know in order to understand the privacy implications, but it was/is one of the best places to start.
    I was thinking the same thing, but I notice there is now this: https://www.microsoft.com/en-us/privacystatement/default.aspx

    Which includes a section for Windows, and if you expand that, you'll see that it does provide some information for different features and aspects. Much too vague in some places. I wonder if Microsoft is trying to move away from the old structure/format/presentation and go with this one.

    On a related note, the new Microsoft Services Agreement: https://www.microsoft.com/en-us/servicesagreement/default.aspx
     
    Last edited: Jul 10, 2015
  8. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    I would also recommend setting it up a local user account. While you are there I would also suggest creating a second local user account with admin access and disable admin access on your user account. While it wont help with privacy, it will reduce your attack surface as a lot of malware is reliant on running as admin.
     
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Yes, starting with local accounts is a good approach, which mirrors best practice on W7 anyway. Bump up UAC to max, and demand ctrl-alt-del for elevation helps. Plus Applocker if available.

    The notion of having an automatically-cloud-connected admin account used by default is horrific, as well as harmful to privacy.
     
  10. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    Depends what you mean by "privacy". If you mean PII, location sharing can be turned off.

    Everything else? 1) What does it matter? 2) Unless you don't use the Internet, your telemetry is being used by all sorts of things anyway.

    Storing BitLocker recovery keys in the cloud is optional. Besides, I use BitLocker for the contingency that if my device is stolen, the information on it isn't.

    If you're logged in with an admin account and are connected to Dropbox, Google Drive, Box, et. al., you're already connected to the cloud with an admin account. If that's your concern, don't use an admin account. Additionally, MSA has an excellent 2FA.
     
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @Rolo42 - thanks for the info, do you have sources? In particular, my understanding is that if you went through the default account setup with a Live Account as admin, your BL recovery keys WOULD automatically be backed up to the cloud, is that not the case?

    I have not seen sufficient technical/privacy related analysis to say that MSA has "excellent" 2FA. For one thing, I actively do not want a biometric second factor, I want a dongle. Is a U2F dongle one of the 2FA options? Second, is the "fingerprint" only stored locally or what? How can it be repudiated? Etc.

    I do understand the challenges of keeping information leakage away, but what I don't want is the holy grail for advertisers, being able to associate my persona(s) with me to the biometric extent (or mobile number etc). No way.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I have managed to block all (or most) phoning home with Win 8, so I sure hope that this will also be possible in Win 10.
     
  13. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    It's the same firewall.


    I always use admin account (so many programs require it to run properly; I'd rather not have the hassle), I do use MSA for the features (and required for IP now), and I do use BitLocker on my laptop and I do not have a TPM module (I use password) and it gave me the option of storing my recovery key in many places (printer, USB stick, a file, cloud, OneDrive, keypunch--okay maybe not that last one), all optional.

    On the cloud isn't a bad idea since one would always have access to it. For a thief to use it, he would have to steal my laptop and hack my MSA account and steal my phone (MSA has 2FA) and hack into the phone (lockscreen). If he did all that, I'm probably face-down in a ditch somewhere and my BitLocker key wouldn't really be a concern of mine anymore.
     
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    If any user and/or platform specific persistent identifiers (cookies, GUIDs, account IDs, license IDs, advertising IDs, hardware addresses, fingerprints/hashes derived from hardware and/or biometric data, etc, etc) are sent during phone-home events, it causes the phoned-home data and any related activity/info to be correlated (over time, possibly in a retroactive fashion, probably across different types of Internet connections and IP Addresses, possibly across different devices as well). So they are of major concern to those who genuinely care about privacy.

    The unique identifier passing and phone-home can be made independent of an online account. It can be specific to the hardware and/or OS platform itself, something else that user accounts share in common including possibly an app, or specific to individual user accounts. So you should look for that.. and evaluate potential consequences, if/where you find it... even if you know you will NEVER create ANY account with Microsoft.

    Although having a local admin account tied to a Microsoft account could create unique concerns, I wouldn't assume that having a local non-admin account tied to a Microsoft account would be privacy safe. Obviously, you'd want to evaluate the consequences for that one non-admin account. In addition, you'd want to determine whether there are any secondary consequences. For example, the act of tying one local account to an online account could cause the platform itself to become associated with that online account. Since other local accounts share the same platform, those other local accounts could also become associated with the online account. Technically, this type of cross-local-account correlation could be also done via non-online-account-tied unique identifiers, but I'm mentioning it here.

    To say there is much to delve into would be putting it mildly.
     
  15. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    That all looks to be quite the stretch of conjecture.

    Besides, Skynet only distinguishes between human and non-human; it doesn't care who you are. :D
     
  16. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    You really need to carefully assess the potential privacy concerns that you have. If you are concerned with privacy to that extent I would recommend avoiding windows altogether. You can run linux with a windows VM if you need to run windows programs. Depending on your concern you can disable all internet access to the system and isolate it.
     
  17. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @Rolo42 thanks for the information. My preference would indeed be to back up certificates and BL recovery to the cloud, but under in an encrypted file under my jurisdiction. I'm also not accepting of 2FA schemes that require a mobile number (whether for PIN or backup). Not doing it. I use 2FA via Yubikey for Windows logon, but that's a strictly local affair and is not explicitly tied to me (other than possession of the dongle). I would use a U2F dongle, but not one requiring biometrics.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes, so I suppose you can still block OS applications from outbound access? And if not, a third party firewall should do the trick.
     
  19. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Drawing attention to some mechanisms/issues that can magnify exposures, and urging interested parties to actively look for those and determine which are applicable to the system they are evaluating, doesn't qualify as conjecture in my book. The things I touched upon would be familiar to those who have taken an interest in privacy and tried to develop some understanding of the technical aspects.

    Well, that really wasn't about my own concerns (which are entirely ordinary in nature). It was about things which can have a big impact on basic levels of privacy for people in general. A quote I like is: "Either treat this subject with the seriousness it deserves or drop it". Since I think privacy is far too important an issue to drop, I try to treat it with seriousness.
     
  20. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    You can block outbound connections with Windows Firewall (and deny by default); you just have to manually do it.

    GlassWire has a button you can block all or individual applications manually--which is nice for the event that you detect "that's not supposed to happen" and can kill it right there.
    The free version only notifies you of an app's first outbound connection; the paid version can give you a prompt. It's a really nice UI for Windows Firewall; I can't really imagine a stronger setup firewall-wise (without implicitly blocking everything and manually creating all your allow rules, which you can already do without extra software).

    I agree...partially. The issue is "scope creep".

    I do not consider my "behaviour" personal information; it is personalised information but it doesn't personally identify me. I like these because I get better, more relevant search hits and suggestions on my desktop and on my phone.

    Personally Identifiable Information (PII) is another story. I don't want any of my contact information used for any other purpose than actual direct business transactions or support initiated by me alone. It's gotten to the point where we have laws controlling sharing and access. Now if our government would secure this information at least as good as savvy users tend to, our efforts won't be for naught! (latest debacle being stolen PII of federal employees having had a background investigation for security clearances in the last 15 years)
     
    Last edited: Jul 12, 2015
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes, I noticed that Win Firewall does give an option to block outbound connections, even from system services, so I can't imagine that this won't be possible in Win 10. About GlassWire, there are a couple of reasons why I chose not to use it, but it's off topic over here.
     
  22. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    Do you really think the Privacy Statement is followed correctly? :rolleyes: All editions of Windows, from W95 to now, have an universal backdoor that grants Microsoft full access to your computer. Remember that time when Windows pushed new updates even though you had your settings to "DO NOT UPDATE"? Or, do you remember that time when +4million Windows PC's were infected with a malware that used Tor for an attack, and Microsoft removed Tor for +1 million (or was it 2mi) Windows PC's?

    If you REALLY want privacy, do like me:

    * Don't use Facebook;
    * Don't use Google/Youtube without a VPN;
    * Don't have a Google/Microsoft/Facebook/Twitter/account, or ANY account at a US-based service;
    * Don't have a smartphone, or at least change it's OS;
    * Don't use Windows, use only GPL software;
    * Correctly configure your browser for best privacy settings;
    * Use a free VPN like the one at autistici.org or riseup.net

    But I'm too extreme. Nevertheless, I have all the privacy I want ATM.
     
  23. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    Win10 firewall is the same familiar WAF; I can't see anything different about it.

    re: "Do not update"...it only updated critical security updates--which help protect everyone...especially from any goofball who would disable updates entirely (why!?) and would be most likely to get and spread worms, etc.

    re: Tor. You're objecting to Microsoft eliminating a known attack in progress? You can't have it both ways: "Secure your os!" and "Don't touch my OS!". This is why John Q. HomeUser won't be able to disable Win10 updates...No connected PC is an island.

    re: VPN/anonymizers. They are a significant security risk. I can't understand avoiding established, scrutinised companies (Google, Microsoft) by funnelling all of your traffic through obscure VPNs--especially the first one that has a "manifesto" rather than an enforceable privacy policy and the second one isn't any different than any other service with anonymous statistics-sharing. cf. https://help.riseup.net/privacy-policy

    re: "real privacy": Why not just become Amish? Penguin hunter in Antarctica? Big Data doesn't care who you are, just what the herd is doing.
     
  24. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    Who are known to work with the NSA? Sure, why not trust them, right?
    And I mean, it's not like riseup got it's encrypted servers held by the FBI, then fought in court for the users' rights and won.... oh wait, they did! :D
    And autistici? It's not like they don't have their servers in Iceland, Norway and other countries who are way more trustable than the US.... oh wait, they do! :D
    And the manifesto vs "privacy enforcement" thing? It's not like Google and Microsoft are spying on their users, right? Oh wait again! :argh:
     
  25. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    If the NSA is looking into my e-stuff, I have bigger problems. I'm also natural IN the US, for which my "big brother" would be the CIA and DHS, not the NSA. Besides, they already have all my PII and all those who managed to steal OPM records of recent security clearance investigations have it too--so I'm really, really, really not concerned about cookies, URL logs and other such trivialities.

    This is the problem: redefining terms. "Data collection", "Analytics" et. al. are not the same as "spying" in the context of the state "spying" and even if it were, so what? So the spook arm of national security finds out I have an absurdly large Steam game collection? That I watch a lot of science AND Bible-based education recordings on YouTube? WhaaaAAAAaaa??

    Ifyay Iyay ereway oingday omethingsay adyshay, Iyay ouldway useyay encryptionyay onyay ayay eparatesay eviceday edicatedday otay ymay ifthfay-olumncay-ikelay activitiesyay andyay ityay ouldway avehay ayay ysicalphay elfsay estructday echanismmay...andyay ayay oeshay-onephay! (in case they're listening right now)
     
Loading...