nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
EU privacy gurus peer at Windows 10, still don't like what they see

Silver badge

Even if they are forced to back down, they've already got the data on all those people they are abusing with Windows 10 ?

Can we actually trust any of the mega corps to remove the data when they are told to, after all we've seen time and time again that supposedly deleted data wasn't

36
0
Anonymous Coward

Can we actually trust any of the mega corps to remove the data when they are told to, after all we've seen time and time again that supposedly deleted data wasn't

The blunt and simple answer is "no" unless the companies in question have also implemented an audit process which is executed by independent 3rd parties, by preference NOT paid by the same organisation (one of the problems with company audits).

There is no viable argument to believe any assertion by companies that pertains to protecting your rights if said assertion conflicts with their ability to derive a profit from it. Ever.

28
0
LDS
Silver badge

"Can we actually trust any of the mega corps to remove the data"

Of course no. Ebay, for example, terminated my account because I didn't use it for a while. I wasn't unable to reset the password using the username or email, but when I tried through PayPal, it returned as the account name as <number>@deleted and the email address I used - but it didn't re-activated the account and suggested me to call support. It is clear the account wasn't deleted, and my data still there, although not accessible by me. Guess I will go through my country privacy law to ask for a full removal of my data, and see what happens...

10
0
Silver badge

@Dwarf

even if they say they did, some middle manager probably "forgot" to also remove it from the back up system. Yes, the data is off of our servers.... You didn't mention tapes...

3
0
Silver badge

Off the servers is one thing

but deleted from all Historical backups? Are you having a larf?

As for that, how many people here have used the wayback archive?

Sometimes it is great to know that someting hasn't entirely gone to the bitbucket in the sky.

4
1
Bronze badge

Re: "Can we actually trust any of the mega corps to remove the data"

Most computer systems are backed by relational databases, if you've ever had any transactions on eBay, eBay can't remove your account without removing all records of any transaction you had on eBay. Because of this you can't actually delete your account in any web application you've ever used, at least not until every single record your user was ever attached to has been archived, which in most cases will NEVER actually happen.

They best they can do is just set the fields for your personal information to something else, they may have already done that and legally that is all they have to do.

2
1
Silver badge

Deleted personal data is the only thing that is properly backed up and always recoverable.

Trigonoceps' First Law of Data Storage.

If you want to make sure that your raid never fails ensure there is a deleted personal data partition on it.

Trigonoceps' Second Law of Data Storage.

3
0
Silver badge

"even if they say they did, some middle manager probably "forgot" to also remove it from the back up system. Yes, the data is off of our servers.... You didn't mention tapes..."

And even if they could prove all your data had been deleted by them from all their servers and backups, How about those third party partners they've shared (sold) your data to prior to deletion?

4
1
Silver badge

Re: "Can we actually trust any of the mega corps to remove the data"

There is a conflict with this kind of situation. If, for example, data is deleted and the tax authorities descend on ebay then that very same data needs to be accessible (for at least six financial years). It could be argued that the information can be anonymised by replacing John Smith with custid1234, but there may be complex relationships between customers and the organisation being scrutinised that needs that non-anonymised connection. A possible example might be VAT fraud - there would need to be a tie-up between their anonymised data and data that nails someone's identity, such as a VAT registration number. Where does one set the boundary point between anonymised and non-anonymised information?

2
0
Bronze badge

Re: "Can we actually trust any of the mega corps to remove the data"

You can selectively delete parts of those tables tho.

For example, there'd be a unique ID (a key) that us used to relate your customer identity details (name, address, DoB, etc etc) with the transactions. And any eBay transaction (bid, winning bid, etc) won't have your identity details in it, it will have the unique ID, the key, which is then used to pull out the identity details to list it with a purchase for example.

So while the TRANSACTIONS won't be deleted, or the keys (unique IDs), the data within the identity tables can be deleted (or replaced with NULL or a standard string like, "DELETED").

Therefore while all the transactions are still there (since they involve other people who might still want to know ID XYZ bought/sold the item), the individual identifying information can be deleted from a relational-based database (or any other for that matter), so rather than seeing "John Doe of 2343 Wanking Ave, Cayman Is. won the bid for Fleshlight", you'd see "345428946593 won the bid for Fleshlight".

3
0
Bronze badge
Unhappy

What information does Win 10 slurp?

Does anybody know what information Windows 10 actually slurps? I don't use it (I use Win 7 and Linux Mint).

I refuse to use Win 10 (with the exception of my employer, where I have no choice) and Win 7 is now my last MS OS. I only use it because there are two programs I use that are not available for Linux.

24
1
Anonymous Coward

Re: What information does Win 10 slurp?

Does anybody know what information Windows 10 actually slurps? I don't use it (I use Win 7 and Linux Mint).

I'd welcome an indication of that too, but the problem is that you hit the one area where Microsoft HAS improved security because it affects them making a profit (the quality of customer protection has never influenced their profit, which is why that has never seen that much improvement).

6
0
Silver badge

Win 7? Uh-oh...

...http://www.ghacks.net/2015/08/28/microsoft-intensifies-data-collection-on-windows-7-and-8-systems/

10
0
LDS
Silver badge

Re: What information does Win 10 slurp?

https://privacy.microsoft.com/en-us/privacystatement

Enjoy, it's a long read, and that's only the public statement...

5
0
Bronze badge

Re: Win 7? Uh-oh...

Hi,

Yes - this was my thought - there are Windows 7 and 8 systems that have telemetry, yet i see no options to stop collection.

Why has the EU ignored this aspect ?

Many people on Windows 7 and 8 are not even aware, they stayed on Windows 7 and 8 because they did not like Windows 10, not because of Windows 10 telemetry.

Regards,

Shadmeister.

3
0
Silver badge

Re: What information does Win 10 slurp?

At the most basic level, if you turn on all privacy settings, about the same amount of data as Windows 7.

If you want to use Cortana and search, then you give away more data.

If you want personalised advertising, then you give away more data.

If you want Edge or IE Smartscreen to protect you, you give away more data (same as Windows 7).

etc.

8
1
Silver badge

Re: What information does Win 10 slurp?

OK: that is what they say. How can an owner of a MS Windows 10 machine actually see (read) what is being sent to Redmond ? Until the owner can see (in plain text - with good documentation that fully describes the XML or whatever) then it is not transparent.

7
0
Silver badge

Re: Win 7? Uh-oh...

Thats why scripts such as this one exist - it removes the telemetry from Windows 7 and 8.1

Telemetry remover for Win7 / 8.1

There appear to be others too.

7
0
Anonymous Coward

Re: What information does Win 10 slurp?

I've just had to set up a Win10 ('Home') laptop for my wife, who frustratingly needs stuff like powerpoint for her job (no, the libreoffice equiv won't fly with her).

During the process I was confronted with Cortana, which I attempted to remove or at least disable, only to find that in Win10 'Home' this is all but impossible.

Apparently Cortana collects data about _everything you do_, so that it can 'help' you. GRRRRRR. It has a specific interest in flight and hotel bookings by the look of it, but it does seem all-pervasive ... its even embedded now in the bloody Win10 Netflix 'app' so that it can monitor which movies you watch AAGAGAGGAGGHHHHH!!!

...and the second we logged into the laptop and told it what her Hotmail address was, oh my god that really seemed to join a few dots for it and it knows a LOT about her already.

The urge to simply wipe Win10 off the damned thing and replace with a user-friendly Linux is almost overpowering ... am thinking of paying the money for Win10 Pro, which I've found 'remove cortana' instructions for.

Oh, and I didn't mention the bundled 'Office 365' starter which is clearly intended to push you further toward the cloud ...

23
2
Silver badge
Boffin

... I only use it because there are two programs I use that are not available for Linux.

If anyone can point me in the right direction to getting Claris Works version 1 running in Wine I'll be a very happy bunny. I've never managed to get it beyond the splash screen.

Seriously. I've largely migrated to Libre Office, but compared to Claris Works it's clunky and over complex for most of what I used CW for. And CW's word processor still has a few tricks up it's sleeve that LO can't, as far as I can tell, yet manage.

2
0

Re: What information does Win 10 slurp?

Try https://www.oo-software.com/en/shutup10

That disables Cortana for me, and lots of the other 'extras' you get in Win 10.

4
0
Silver badge

Re: What information does Win 10 slurp?

During the process I was confronted with Cortana, which I attempted to remove or at least disable, only to find that in Win10 'Home' this is all but impossible.

I got a laptop which came with Win10 on it. I thought I'd take the opportunity to see what it was like before proceeding to wipe it (and enable to use it at least for some browsing while I work out which distro works best on it).

Cortana (and most of the bundled basic apps) seem to take a dim view to the fact that I have not supplied it with a Microsoft account. About 80-90% of the pre-installed stuff refuse to work without MS Account. Cortana occasionally whimpers but has so far suggested nothing.

So it appears that if you don't provide MS account and install applications the normal way (ie none of the MS cloudy stuff) it may hamper what they get. Don't use Edge either as I prefer Firefox and/or Palemoon.

Should probably have a look with wireshark to see how much it phones home, although I suspect the contents are likely to be encrypted.

1
0

Re: What information does Win 10 slurp? @LDS

From the privacy statement:

'We also obtain data from third parties.'

I wonder who these 'third parties' are and what data is being shared with them? For that matter has consent been gained from the user to share it with Microsoft in the first place?

3
0

Re: What information does Win 10 slurp?

"During the process I was confronted with Cortana, which I attempted to remove or at least disable, only to find that in Win10 'Home' this is all but impossible."

Absolutely 100% completely untrue.

Start with Microsoft's built- in Cortana and general privacy settings in Win10 Home, which are a bit obtuse to locate but ARE there. Then go on to

https://www.oo-software.com/en/shutup10

which works perfectly with all levels of Windows 10, yes even Home.

And then, possibly, consider never touching your wife's computer again.

Seriously.

You have brought up the thought of using your own anti-Microsoft bias in an attempt to force a user into a "solution" that is completely wrong for them and will not work. Rather than put in a bit of time and effort into research to find out how to manipulate the OS to your liking, some of which is built in to the UI itself. Cortana does indeed have a shut down feature within Windows, if only you'd had looked for it.

2
9

Re: Win 7? Uh-oh...

I use DWS, which makes changes that block the data slurping.

0
0
Silver badge

Re: What information does Win 10 slurp?

"https://privacy.microsoft.com/en-us/privacystatement

Enjoy, it's a long read, and that's only the public statement..."

I prefer the musical version

2
0

Re: ... I only use it because there are two programs I use that are not available for Linux.

You might find it easier to run something like WinXP in a VM, and access Claris Works through that. I remember using CW in NT4 Workstation, and I'm reasonably certain that it will run in XP too. All you have to do is to disable networking in the VM, so that XP cannot call home.

2
0
Bronze badge

Re: What information does Win 10 slurp?

You can buy cheap ($20-$30) Pro upgrade keys from Kinguin.net

However, what do you mean by "logged into the laptop and told it what her Hotmail address was"?

What/how did you tell "it" (I assume you mean the laptop/Win10 OS) what her hotmail address was?

You didn't actually create a Microsoft Account and provide the email address as part of creating that account did you? You don't need an MS Account to use Windows, you can create a local-only account that requires nothing more than a username and a password to create. When the installation screen (or first time use if it came pre-installed with win10) asks you to login with or create a Microsoft Account, ignore it, skip/cancel/next, and then it'll ask about creating a local account. Since MS wants you to use an MS account, it's the first thing they ask about, but don't give in and create one,

Using a local only account gets rid of most (but not all) of the telemetry, the most personal telemetry. If you don't log in with an MS Account, the telemetry, while still troubling, is much less, generally non-personal (usually aggreated-type) information like what features of windows are used, etc. And even this can be gotten rid of with the right tools, like shutup10 as others have mentioned, or even, as I did on a recent laptop that came with win10 pre-installed, setting up an IP-MAC binding on my firewalls built-in DHCP server, and then put a DENY outbound rule so that nothing would go out until I'd finished 'tuning' (i.e. getting rid of all the telemetry) win10.

2
0

Re: What information does Win 10 slurp?

Thanks for that link. Just finished running the program, and I simply don't want to believe how much MS was getting off my PC. I'll be regularly checking the settings from now on.

0
0

Re: What information does Win 10 slurp?

It does encrypt the data that's sent back, it is also deferred making it extremely difficult to know what is being sent when.

0
0
Bronze badge
Boffin

Re: What information does Win 10 slurp?

There are some GitHub projects which block/disable double digits of suspect Microsoft domains and functionality which the deceptive Microsoft security switches may not, some of my bookmarked sites for Windows 10 lock-down are:

http://www.majorgeeks.com/files/details/destroy_windows_10_spying.html

https://modzero.github.io/fix-windows-privacy/

The above tools disable lots of dubious OS functionality and domains.

A Windows 10 Enterprise version is probably the safest because it can be formally locked down even more than the Professional version, but it should be commons sense to never do any personal stuff on work kit which you not OK with being monitored, because some employers do, so no private, NSFW or P2P stuff.

I also block several domains, I never want any machines to access, in my router's domain filter, just-case an OS tries to bypass my lock-down measures.

0
0
Bronze badge

Re: Win 7? Uh-oh...

Some of the Windows 10 lock-down tools will also work with earlier OSs and have config. files which can be re-purposed. A lot can be done by blocking several dubious Microsoft domains in the OS (e.g. the hosts file) or in better routers.

0
0

Re: What information does Win 10 slurp?

One little tip for the Win 10 Microsoft Account issue, is don't connect the device to the Internet until after you've finished the install/initial set-up. i.e. Don't plug in the Ethernet, or select a Wi-Fi network.

Without Internet, Windows 10 bypasses all the Microsoft Account stuff, and only asks you to provide a local username and password.

Obviously once set-up is complete, you can connect and do what you want afterwards.

One additional warning for anyone using a local account in Win 10 (as I do), if you do use MS services (like XBox/hotmail/O365 etc), and you decide you want to access those services when logged in to Win 10 with the local account, be careful, as some services when adding an MS account, will ask if you want to move/convert your local account to the MS one. Don't do it, just don't!

2
0

Re: What information does Win 10 slurp?

I have W10 Pro at home, and it's fine in terms of being able to be locked down. GPEdit is your friend.

And no, as far as I'm concerned, work kit remains just that. I'm not letting my personal data anywhere near it.

0
0

Re: What information does Win 10 slurp?

I too purchased a new HP win 10 second computer and tried removing the MS accounts that caused problems. I also found that I could not install SKYPE, you cannot go P2P, the moment you do MS send in a total verbal full screen block which you cannot remove or shut down the machine in the normal way and is not prevent by any type of fire wall, it advises you to call MS on 0800 ????????? or your machine will be locked for good in 5 mins. I instantly switched off everything.

I found exactly the same refusal to to get the machine to work when I tried to disable any requests by MS for account sign ups. After a short while there came the famous BLACK screen of death. Then after 6 months without the machine while being repaired in Spain I again tried where I left off but this this time there was BLUE screen claiming that some vital program had failed. There was absolutely no way to repair it or reboot. I was totally shut out. I hate Windows 10 and want to return it to Win 7.

0
0
Silver badge

No company has done more than MS to challenge laws that provide insufficient data [protection]

USAians not liking the government hoarding data but not minding corporations hoarding it allows Microsoft to do what it does - take the government to court and at the same time produce an OS that hoards data.

No, I don't get it either. Perhaps a USAian will be along in a moment to explain.

16
1
Silver badge
Unhappy

Re: No company has done more than MS to challenge laws that provide insufficient data [protection]

I don't like either form of data collection (private sector OR gummint). However, if gummint DOES slurp data, and it's done in secret, it can't legally be used against you in court. Still, it can be used against you to park agents in places to survey you and collect evidence that CAN be used against you in court. 'Grey area' for national intelligence gathering and preventing crimes and terrorism, etc. and as long as I don't know about it, I'm willing to look the other way (up to a point).

THEN AGAIN, when Micro-shaft collects data on you, ESPECIALLY without being given permission to do so, AND it's being used to MARKET YOUR BEHAVIOR as a commodity, then THAT is DISTURBING. It means they think that we are nothing but CATTLE. Moo.

6
2
Silver badge

Re: No company has done more than MS to challenge laws that provide insufficient data [protection]

"It means they think that we are nothing but CATTLE. Moo."

The fall and fall of the average citizen:

Once upon a time, business viewed us as customers.

Then, gradually, we became mere consumers.

With the rise of internet, we've all been relegated to assets that are 'monetized'.

7
0

Re: No company has done more than MS[...] @bombastic bob

it can't legally be used against you in court.

Two words: parallel reconstruction.

http://www.reuters.com/article/us-dea-sod-idUSBRE97409R20130805

1
0
404
Silver badge

Re: No company has done more than MS to challenge laws that provide insufficient data [protection]

Quid pro quo...

'USAians not liking the government hoarding data but not minding corporations hoarding it allows Microsoft to do what it does - take the government to court and at the same time produce an OS that hoards data.'

<rant>

^this^ is what drives me crazy as a USAian - <deleted>Silicon Valley has been practically living in the <deleted> White House for the last 8 years and the <deleted> gov types allow it to happen as long as they get access to the <deleted> data. This gives them that <deleted><deleted> legal crevice is which to say 'Oh No, We Don't Have The Data - They Do' and the <deleted> corporations playing the <deleted> martyr card protecting the <deleted> poor American from Big Gov', all the while sharing everything you hold dear WITH the <deleted> bastards 'perfecting their machine language/prediction/world domination'

My Ass! <deleted> <deleted>

</rant>

Ahem... 'scuse me...

2
0

Paradoxically, no company has done more than Microsoft to challenge antiquated laws that provide insufficient personal data to users

And to government too.

They were amongst the first participants in PRISM, and the current fuss over legal niceties regarding Irish servers only started *after* their shady dealings with the US government were revealed by Snowden. They had to resist this in court. They simply had no other choice. They have known for years that this was an issue but did nothing until they were forced to do so.

If Microsoft cared so much about how their customers are treated why did they fire Caspar Bowden?

24
0
Bronze badge

They were amongst the first participants in PRISM

Not to mention after MS purchased skype, it's architecture went from difficult to intercept end-to-end peer-to-peer encryption with only the peers involved in the conversation and having the keys, to a client-server-client with MITM encryption which could be easily monitored and eavesdropped on by listening in on that central server using the server side keys known to MS.

6
0
Silver badge

Where is the turn everything off button?

"Paradoxically, no company has done more than Microsoft to challenge antiquated laws that provide insufficient personal data to users. It has filed four separate lawsuits against the US government – with some success, particularly over a law that allows the state to access personal information stored on Microsoft servers overseas – the so-called “Dublin Warrant” case"

So you want to slurp the personal data of Windows 10 users but don't want anyone else having access to that information. Hmmmm.....

19
0
Silver badge

Where is the turn everything off button?

There is no off button, everything now just goes into standby mode.

4
1
Anonymous Coward

Re: Where is the turn everything off button?

> There is no off button, everything now just goes into standby mode.

Note that this isn't a joke. By default the power-off button in Windows 8.x and 10 puts the computer into a suspend state. It's not actually off.

I installed the latest version of Shutup10 the other day. I noticed it had sprouted a new toggle switch.

'Disable conducting experiments with this machine by Microsoft'

'Microsoft can "experimentally" change particular settings on the Windows system remotely. This is done to test and / or check certain configurations.'

The anniversary edition appears to ship with a setting that allows MS to remotely screw around with your machine in order to see if it breaks...

10
0

You probably can't turn EVERYTHING off but

The privacy problem is closely related to the loss of control over Updates. The fixes for one are useful for the other. All those mentioned below are free of charge.

You can take reasonable control with a combination of Spybot Antibeacon (as well as "Immunise" on the first tab, remember to select all the optional telemetry blocks on the second tab) and Winaerotweaker, which will let you do such useful things as setting your ethernet connection to "metred" which stops Windoze updates in its tracks (because they fear class actions caused by forcing users to download GB on $/gb connections). You can also use it to disable many of the auto updates and rebooting after update.

In the Pro or Enterprise versions you can also use gpedit to force W-update into "Notify Only" mode, but that won't prevent "Security" updates.

However, be aware that MS is writing its own countermeasures to these countermeasures. For example, many of the IP addresses blocked by Spybot AntiBeacon have now been hard coded around by subsequent updates.

Finally download Wushowdiag.cab, which MS were forced to release, I believe, as a consequence of another court case resulting from an update borking one or more users systems. It is presented as a "troubleshooter" but what it really does is allow you to preview all outstanding updates and select those you don't want. Those "hidden" updates will then be ignored when you choose to permit an update.

2
0
Silver badge
Linux

Re: You probably can't turn EVERYTHING off butm @Harry Stottle

You have just reminded me I dumped Windows when Vista arrived. In XP I had to run multiple anti-this, anti-that and anti-whatever just to keep XP working. I'd rather *be* working.

I now only have one Windows machine but so far I have not needed to switch it on :)

3
1
Anonymous Coward

Re: You probably can't turn EVERYTHING off but

"Finally download Wushowdiag.cab" The only reference to this file in google is your register post.

1
0

Re: You probably can't turn EVERYTHING off but

apologies. Memory failure on my part.

the real name is at the end of this link!

http://download.microsoft.com/download/f/2/2/f22d5fdb-59cd-4275-8c95-1be17bf70b21/wushowhide.diagcab

0
0

Re: You probably can't turn EVERYTHING off butm @Harry Stottle

unfortunately I don't have that option. My principle programming language is still Visual Foxpro and that only co-operates with windoze

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing