Microsoft backports data slurp to Windows 7 and 8 via patches We recently mused, half seriously, whether the entire point of the Windows 10 upgrade was to harvest your personal information. With Microsoft suffering from a serious case of Google envy, perhaps it felt it had some catching up to do. Now Microsoft is revamping the user-tracking tools in Windows 7 and 8 to harvest more data, …
I was thinking we could still use Windows 7 at work. Apparently not. A pity I have some licenses.
The Windows machines will now be put fully out of commission for testing only and on their own private network. Needless to say more won't be bought (neither Windows computers not OS).
CEIP can be disabled in the Windows Control Panel. Do these updates still send data in that case?
"The notes explain that diagnostic telemetry data is sent to settings-win.data.microsoft.com. Privacy advocates note that this is hard-coded, so blocking access via the hosts doesn't work."
Not sure I follow that. Hard-coded where? Why does hard-coding a DNS name prevent the TCP stack from using the hosts file entries as part of its name resolution process?
I have CEIP switched off, but I can see my laptop still trying to resolve settings-win.data.microsoft.com and vortex-win.data.microsoft.com. I have them in an RPZ on my local resolver so it always gets NXDOMAIN. Haven't tried with the hosts file -- was worried that a future update could just revert my change.
Why does hard-coding a DNS name prevent the TCP stack from using the hosts file entries as part of its name resolution process?
You need to stay in more often.
If all you have is an IP address, hosts is bypassed. If you have a fully-qualified (or partially qualified) domain name like microsoft.com or localhost, then hosts.txt or the DNS server is involved in the translation into an actual IP address.
Apparently what the quote in the OP above means is that the FQDN "settings-win.data.microsoft.com" bypasses both hosts and DNS-based name resolution.
That being the case, the only way to squelch the traffic is to add custom routing rules (probably at the router rather than the PC, just to be sure) for any/all IP addressed associated with that address. With the way things are going, we'll probably also find that there's a custom MS DNS server involved as well whose sole purpose is to resolve that address, so that will probably need to be blackholed too
How did things get to this stage so soon?
"That being the case, the only way to squelch the traffic is to add custom routing rules (probably at the router rather than the PC, just to be sure) for any/all IP addressed associated with that address."Or just create a firewall rule on the PC.
I think the reason he suggested "probably at the router rather than the PC, just to be sure" is that MS have, especially in this case (in fact this case alone would be enough) proven themselves not only to not be trustworthy with any data, but also to go to some lengths to bypass security or privacy measures people might actually try to put in place just to prevent this sort of rubbish.
I think the secret is they've (government agencies and colluding companies, i.e. Microsoft) have been at it a long time. The race is on to total slavery.
If you wouldn't want to see it in your daily newspaper don't put it online (or even type it into an Internet capable computer).
These patches (according to an article on Forbes.com) also apply to Server installations as well.
I can't help wonder if a few security people should start asking MS really probing questions about what is actually sent back to the Redmond mothership. If there is the slightest risk of any identifiable data being sucked away from a sever then MS are (IMHO) gonna get into some sticky waters with the regulators.
As for bypassing the hosts file... this is just nasty.
that URL resolves to
C:\Users\numpty>nslookup settings-win.data.microsoft.com
...
Non-authoritative answer:
Name: onesettings-db5.metron.live.com.nsatc.net
Address: 191.232.139.253
Aliases: settings-win.data.microsoft.com
settings.data.glbdns2.microsoft.com
C:\Users\numpty>
I can't help wonder if a few security people should start asking MS really probing questions about what is actually sent back to the Redmond mothership.
They say no identifying data, but they then mention they take snapshots of RAM.
Just how do they propose to identify what is "identifying" and what isn't? What happens if the RAM snapshot was of the web browser's RAM just as you were filling out an order form on an online shop?
They going to find your address in there and scrub it out? I think not.
I can, if I wish, not use SELinux, unlike with Windows 10 where it will continue to keystroke monitor even if I have that turned off or potentially even send memory dumps to Microsoft. Anyway, the "NSA effect" of SELinux was more political than anything. It stymied some development of better security approaches but with the latest point release we seem to be breaking away from that,
Anyway, I'm not someone discovering GNU/Linux as a result of this, I'm someone going back to it. I've out off Windows 10 because of privacy concerns and out of distaste at the way they have tried to force me into it with deeply irritating and very hard to remove ads inserted without my permission into my Windows 8 Pro install. If they backport things I'm not happy with into Windows 8, changing what I regard as the terms of the arrangement I'll go back to Gentoo, or try Mint that everyone's talking about. I still have all the skills, they're just dusty. I transitioned from GNU/Linux at somepoint around Windows 7 when it turned out to be actually good and I've defended MS on these forums many times against their less rational critics. But if MS are now telling me that my money isn't good enough for them and they demand my data too, then they lose my support.
And this isn't some irrational jump - the number of things I have to do to preserve my personal and professional privacy from them is getting longer and longer. I don't have time for that and if MS's business interests are now no longer "Please me to get my money" but rather "Find ways to get her data", then I don't trust it to be a fight I can win. They can just keep making it harder and harder to stop them until one slip and there it all goes. What it comes down to is that MS are telling me their aims no longer coincide with my own.
And as someone who prefers to pay for things with money, I'm starting to get quite angry about that.
"I'm someone going back to it."
As am I.
Any recent Ubuntu or Mint will do fine. I find some of the desktop discussions noisy as I can work with most and changing is not that onerous so it's like complaining about the desktop image, just change it!
I might use Ubuntu just because of the distro's used in the last few years it has probably given me the least issues for time used. Even when I hit an issue I can be pretty sure there will already be a specific solution out there for a two minute search. Sometimes Linux users seem to take pride in rolling their own version of everything and resist any external help, well done you, I'm either too thick to do that or wish to spend my time other ways.
At work I am considering white-listing the windows boxes and giving users something else for web browsing, this is an intrusion too far and I genuinely think it is not legal in this land.
There is always a certain amount of hyperbole around MS but this time they seem to be trying to alienate the very users who have previously championed their cause.
I'm now going back after some years of absence too. As a contractor I need Windies at work so my laptop runs W7 Pro, but it also runs VMware Workstation with a full virty lab several and Linux vms. I come from a Solaris/HPUX background, bit of SCO (remember them?) and was always a SUSE user. I used Ubuntu until Unity came out but as well as being the interface I didn't like, what REALLY p'd me off was adding the web and Amazon to the default searches.
Since I can't edit a post to this topic, I'll have to make another reply.
After blocking the two addresses on my router, I'm denied access to just about all microsoft services - bing, bing maps (which really hurts as they have the Ordnance map), Outlook.com, microsoft translate and so on - I don't use Xbox services, but I would think that they would be kaput too.
All work fine if I use Tor.
Basically what seems to have happened is "if you don't allow us to hoover your data, whether or not you have consented, adios". I'll be interested to see if my Windows install and office fall out of registration.
I think a mail to the Information comissioner would be in order
It's pretty simple, really, and one I'm not too surprised to see:
The IP address 64.4.54.253 resolves to a pretty generic Microsoft domain (ns2.msft.net), which means it's probably used for a variety for its services.
Basically, this means you can't block it outside your PC without collateral damage. I wouldn't be too surprised if it's also the Windows Update IP, meaning security updates would get blocked, too.
Ah but you see, once the scandalous free trade agreement is sealed quietly behind all of our backs, the European data protection laws as you know them will begin to be watered down to suit the whims of the American corporates who want a piece of the action in these parts.
http://www.huffingtonpost.com/mary-bottari/us-eu-trade-negotiations_b_4251035.html
Blocked them all long ago... both on my personal devices and on work WSUS. I have the "bad habit" of reading what patches do before installing them - that's why now MS won't tell you what patches are for...
But it's a very nasty turn by MS - and other companies are following, for example Embarcadero offers its own "telemetry" cloud service (AppAnalytics) for applications written with C++ Builder and Delphi, and I'm not sure applications has to offer the option to disable. it (although AFAIK a warning is displayed the first time you use it).
What is really worse, is also that data are sent not only to the company you bought the product from - which is enough bad already - it's sent to a 3rd party in a foreign country with no obligations towards you and whose security you can't control. Sure, data are "anonymized" - which may mean nothing, depending on what data are collected.
IMHO, this kind of behaviour should be forbidden, and that enforced by law. Who needs Hacking Team when the whole OS and most applications are spyware on their own?
How is a criminal going to stay in business? The police just ask MS, Google, Facebook et al for the info and show it in court? (Of course they will need a court order to first ask)
Then again, it could be a cost saving exercise for police forces as they will only need half the number of coppers.
Just thought.....has any considered the human rights of the terrorist in this?
More to the point, has any considered my human rights to privacy?
Has there been a merger I'm unaware of? I know MS was probably the first accused of providing a back door, now they give the impression of working together.
Given the prospective lives of 7 and 8 and the fact that take up of Win10 is less than they had hoped so far, I had wondered if there could be some slrpy updating. The next worry is that if these current updates are removable then the next round of slurpery will be incorporated into something harder to remove and more necessary to the OS actually operating.
When or if that happens: Hello Apple/Linux etc.
Repeating: http://www.ghacks.net/2015/08/28/microsoft-intensifies-data-collection-on-windows-7-and-8-systems/
Also the comments on ghacks mention a batch file to do the cleanup: https://github.com/WindowsLies/BlockWindows
Ahhh. Linux.
"Privacy advocates note that this is hard-coded, so blocking access via the hosts doesn't work."
Dunno how that works... Hosts file works closer to the network layer. How/where the domain is coded/configured shouldn't prevent the function of the hosts file?
Though I'm sure there are ways to get around that... Though if MS is going through all that trouble... It must mean people are using hosts files a lot, and they REALLY want those 'anonymous metrics'...
Probably hard-coded into the kernel, which is of course below the network driver which is below the TCP/IP stack. Thus why you have to block it outside the PC, thus why they use the same IP as assorted other services, thus why you can't block it without collateral damage, thus why serious gamers are pretty much stuck since there's no real alternative to Windows there.
You mean you have not discovered yet that 20% of all Steam games have Linux support ?
I'm currently counting 2800 games with Linux support on Steam !
And that many games run fine in Linux with Wine ?
Simply stop buying any game that has no Linux support, and before you know it, you no longer care about Windows.
Kinda late for that, don't you think? I've stopped buying games altogether yet I still have the issue of my existing library. And 20% doesn't even cover a fair chunk of my library. Come back when it's closer to 90% so I don't have to leave the vast majority of my game behind. And the games that tend to run on WINE tend to be older ones, not the cutting edge (which will soon include DX12 games with their close-to-metal coding).
Simply stop buying any game that has no Linux support, and before you know it, you no longer care about Windows.
There are those who would argue "But so many of the top-rated games aren't on Linux yet"..
Well, to them I will simply say - why not look around at the games that are? You might find something really good that hasn't had the marketing hype of some of the other stuff out there.
I spend a lot of time playing games, and while RTS is far preferred I've also played FPS and shoot-em-up. I still play a lot of old games as well - in fact one I still love from time to time is "Carrier Command" which could run on the same 360K floppy disk that had the OS! (SOASER (thanks El Reg commentards for the suggestion!) and the Homeworld series (classic, Remastered stopped me playing HW for some weeks!) are among those I prefer most).
You'll be pleasantly surprised at the great games available (some very old ones) that run on something other than Windows if you're willing to take a look away from so-called "top hype10" lists and look elsewhere. And no need to worry about the data slurping.
(I've also played Tib3 on Linux. Installs beautifully on WINE IME without needing anything, and found it faster than the Windows install on that same hardware. )
"Simply stop buying any game that has no Linux support, and before you know it, you no longer care about Windows."
But you would also have relatively few recent blockbuster games to play. And the latest games where actually available on Linux will play with significantly lower graphics performance without Direct-X 12 support...
But you would also have relatively few recent blockbuster games to play.
As per my earlier post - blockbuster games aren't always that great, and there's many very good (and often far better) games out there.
And the latest games where actually available on Linux will play with significantly lower graphics performance without Direct-X 12 support...
Actually, speaking from significant hours of gaming (I need a 48" monitor now just so I can see it past my gut!), DirectX is the lower-performing graphics system in many cases. Certainly when I've compared games between Windows and running them on WINE, they tend to play a lot better on WINE on the same hardware. This isn't always the case, but then I haven't really tried for a while either so WINE could be much better today, and of course there's various other tools to make it easier to use.
In fact MS Office (prior to the 365 ripoff version) actually installs much faster and easier under WINE than it does on Windows IME (still not as fast or functional as Libre mind, but if you really must use MS Office then do yourself a favour and install it on Linux! - Then you don't even have to worry about MS stealing your documents while you're working on them, much easier to secure your system from their thieving prying eyes)
"Actually, speaking from significant hours of gaming (I need a 48" monitor now just so I can see it past my gut!), DirectX is the lower-performing graphics system in many cases. Certainly when I've compared games between Windows and running them on WINE, they tend to play a lot better on WINE on the same hardware. This isn't always the case, but then I haven't really tried for a while either so WINE could be much better today, and of course there's various other tools to make it easier to use."
If they're running faster on WINE, odds are it's because the WINE run is using less-intensive graphics settings than Windows. For example, support for DirectX 10 and up is known to be flaky with WINE, so to turn the phrase, "Can WINE run Crysis?" Answer: "Yes, but not as well as on Windows."
As for my personal experience, I used to play TF2 a lot, and I personally noted the Linux port was somewhat slower and flakier than the Windows version. Also, despite owning a pretty recent AMD graphics card, support could get flaky, and I've more than once had spontaneous X crashes and even panics, no matter what version of driver I used. So let's just say I've been around the block more than once, and each time left me wanting. This whole spyware bit has put me in a very uncomfortable position since I want to jump but risk losing too much. I'd be more inclined if Valve could push to increase Linux compatibility, but until then...
> Dunno how that works... Hosts file works closer to the network layer. How/where the domain is coded/configured shouldn't prevent the function of the hosts file?
The hosts file is a means of converting from a domain name to an IP address. If the name is not in hosts the system goes to a DNS server to do that.
If the connect already has the IP address (ie hard coded) then the hosts file or DNS are not used at all.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
