nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Windows 10 Creators Update will add app-level privacy controls

Silver badge

"Security – the new setting for enterprise users only, in which what's sent home is limited to “data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender”;"

It's still too much. What part of "no" do you not understand, MS? Ask me for the data and I may or may not decide to give it to you, but it is not yours to demand and to take without my consent.

34
4
Anonymous Coward

The part that starts with "n" and ends with, "Just try to run Windows-exclusive apps without us. Oh, and don't try blocking us wholesale or you'll block the security updates, too."

0
0
Bronze badge

One word: ShutUp10

20
2
Silver badge

Spyware-as-a-Service

There is one setting missing - permanently off. Also, the ability to remove Craptana, Imbecile Explorer, and the other unworthy - Edge.

29
5
Anonymous Coward

Take a Stand...

* Its now or never boys & girls. You can't rely on ShutUp10 or any other tool, because its a game of endless privacy whac-a-mole. Why? Forced updates means M$ means can defeat your defenses anytime they want and they will!

* Instead, install a flavor of Linux i.e. Mint and enjoy FOSS as an added bonus... Or don't, but remember that M$ plan to converge into Facebook-Mark-II. Speaking of which look at how FB lied to regulators about extensive tracking of EVERYBODY, but got off like a politician's excuse:

~~~~~~~~~~

https://forums.theregister.co.uk/forum/1/2017/09/11/facebook_fined_12m_by_spain/

~~~~~~~~~~

* Blood-sucking tech corporations would be nothing if people deserted them... I closed FB, you could too. I refused Win10, in fact after working one-time for M$, I disconnected Win7 boxes 5-years ago when I stopped updates. Hey, life went on... So how about not using either service in a co-ordinated fashion for an extended time?

* Cease being a <Strigoi for The Master>....

17
11

Re: Take a Stand...

You can stop automatic updates via gpedit / group policy

I have done so on one of my machines at home as the last time it updated it boots, works for an indeterminate time and then dies.

Waiting for this update to see what it does

2
3

Re: Take a Stand...

OH FFS

"* Instead, install a flavoUr of Linux i.e. Mint and enjoy FOSS as an added bonus... "

and off go the penguins - Oh the tedium

And FTFY

Awaits down-votes from penguins and across the pond alike - build it and they will come.

13
8

Re: Take a Stand...

I've no problem with installing Linux. As soon as it's usable for my everyday needs, I will. That means all my games and all my photo editing software.

Until then it's just a toy OS for me to play with occasionally.

12
9

Re: Take a Stand...

I run flavours of *nix as well as Windows. Each have their uses. Gaming in Linux is still almost non-existent (even hacking together something with Wine is a shot in the dark at best) and there is still a large majority of enterprise software which will only work on Windows.

Linux works for home users who either only check emails or who are die hard power users and don't care about anything that doesn't run on it.

7
5
Silver badge
Windows

Re: Take a Stand...

"Until then it's just a toy OS for me to play with occasionally."

Well as a Windows user, you are used to using a Toy OS...

11
4
Silver badge
Gimp

Re: Take a Stand...

"... a large majority of enterprise software which will only work on Windows."

Said a senior Powerpoint user.

9
3
Silver badge

Re: Take a Stand...

Who's probably also ON THE BOARD. People value their jobs...

1
1
Silver badge

Re: Take a Stand...

"Until then it's just a toy OS"

I would rather be running a toy than a joke.

5
5
Silver badge
FAIL

Re: Take a Stand...

"as a Windows user, you are used to using a Toy OS..."

this goes double for Win-10-nic [the Playskool version, dumbed down to the level of pre-school children]

thanks, Micro-shaft, for adding spyware and then "giving" us incremental ways to "block" it, like you're doing us a favor now... [but ONLY for 'Enterprise']

5
3
Silver badge

Re: Take a Stand...

> That means all my games and all my photo editing software.

> Until then it's just a toy OS for me to play with occasionally.

You don't seem to see the irony in using Windows to play games and then accusing Linux of being a 'toy'.

6
2
Silver badge

Re: Take a Stand...

I can only hope that Vulkan really takes off in a big way, as this would make it far easier to game on Linux without any WINE-related issues. Most of the WINE difficulties now (slowness, glitching, incompatibility that you have to fiddle with endlessly to get some things to work, if they ever do) have to do with the DirectX to OpenGL translation. With a native API that doesn't need translation, many more things will work in WINE, and the WINE devs can concentrate on the remaining non-API problems instead of the more difficult (and presently more important) API translation.

0
0
Silver badge

Re: Take a Stand...

That means all my games..Until then it's just a toy OS.

Oh, the irony....

0
0
Silver badge

Re: Take a Stand...

I don't see the irony. What do the professional gamers use, after all? Sure as heck not Linux, as Overwatch (among many other competitive games) is not supported on Linux and you can't use consoles because cross-platform play proved to be a disaster.

0
0
Anonymous Coward

Bring me my Shield

Bring me my Pants on Fire.

7
1
Silver badge

Until you can work out what off means

Then you can **** off with your unwanted spying - irrespective of how good or bad the rest of the product is.

This applies to all users, not just those with the deeper pockets who you want to annoy the least.

15
3
Silver badge

Re: Until you can work out what off means

But since so much software (including business-critical software) REQUIRES Windows, as the song goes, "You might as well be Walking on the Sun..."

0
0

Can we even trust Microsoft anymore? (if we ever did?)

This week we found out Windows 10 Pro Anniversary Update 1607 'Defer Feature Updates' toggle switch works back to front, so for users with the option 'on' (to defer feature updates), they are pestered constantly to upgrade to Creators Update 1703 and for users with this option 'off', not to defer feature updates, they will never receive it. (Unless a patch is released, correcting the operation of the switch). Is this malicious intent or just extreme stupidity?

You can have all the privacy switches you want, but if the fundamental operation of the toggle switch doesn't operate as you'd expect, who knows what is actually being sent to Microsoft and when. What is protected, what isn't.

Of course, when it comes to the crunch, this is their (Microsoft's) get out, "Oh we made 'a mistake' with how we presented the Privacy option to the user, Sorry", but they still have your data, so it matters little to them.

11
4
Anonymous Coward

Just more bandaid

on top of bandages on top of old bandaid that is sitting on a festering wound full of gangrene.

Won't make any difference to the outcome.

14
4
Silver badge

This:

"in which what's sent home is limited to “data about the Connected User Experience and Telemetry component settings".

So, if I turn off every bit of telemetry that I can, what parts of the snooping routines I have turned off is sent to slurp.

No doubt so they can add a new snoop routine which collects the same data as the one you disabled but decides to not tell you about it!

Dear MS, let me make this REALLY fucking simple.

I mean, FFS, it's so easy its even already in binary. We want an ON-OFF switch. That's it!!!!!

Data slurp all, data slurp none. Not a difficult concept.

14
2
Silver badge

Re: This:

Then you want data slurp all with no alternatives. You want data slurp none? HA! You couldn't afford it. Either unplug or get the business-friendly legislatures to force the issue.

1
4

Like someone who won't answer a question directly

While they make a perfunctory nod towards people's privacy concerns, they wilfully remain obtuse. I use a variant without the creepy digital snitch Cortana, and with which I've got telemetry set to level Security; but folks using any version should be able to set it the same.

IMHO they again miss the opportunity to build trust.

10
2
Silver badge

Re: Like someone who won't answer a question directly

Why do you need trust when you still have quite a captive market? Just look at how abysmally Valve has been trying to get headline games on Linux.

1
1

%appdata%

Be nice if they stopped apps from installing from %appdata% or provided someway to force the apps to the relevant %programfiles% or %programfiles(x86)%

allowing apps to run form there is a major pain, and it is not always easy to just use security restrictions to block the option as a number of apps want to install there with no alternative option

HASHING is OK to a point and folders are a bit of a pain in a corporate environment

4
1

Re: %appdata%

Use Applocker. I've just set it up in our environment.

It helps if you set up event log forwarding first and run the applocker policy in Audit mode for a couple of weeks so you can monitor what would be blocked and then add them to the whitelist. I did it this way and received only a couple of calls for false positives once the policy was switched over to enforce.

1
1
Silver badge
Unhappy

Re: %appdata%

"Be nice if they stopped apps from installing from %appdata% or provided someway to force the apps to the relevant %programfiles% or %programfiles(x86)%"

That's just due to crappy software developers. Suunto and Spotify are two idiot companies that flat out deny installation to %programfiles%. I'm sure there are plenty of others too. And the Onedrive installer in %appdata% is another MS brainfart.

Hashing is not enough since these programs autoupdate themselves from time to time so either the new executable or the updater fail to launch. Unless you're there to unblock each new executable, it may be just easier to allow certain folders or just flat out deny these programs and tell the users to use their mobile or home computer for those programs.

1
0

US Gvt and so on

After they block Kaspersky Antivirus, are they going to do the same to MS Windows with all the crap and sniffing it does ?

6
4
Silver badge
Pint

Re: US Gvt and so on

You got it the wrong way round. They blocked Kaspersky because it was capable of detecting their bugs and blocking them. MS with Win10 and Apple with iPhone X Face Id are producing systems that TPTB can access, hence the target list is all those vendors of products that make life difficult for the TPTB, thus the next target for the Kaspersky treatment is.... Linux - controlled by a Finnish-American madman :)

7
5
Silver badge

Games Operating System

Since we are still in the age of most games being made for Windows, I would very much like to see a stripped down OS that is just for playing games on.

In fact, this whole Win10 data slurping 'you don't own your stuff' shit has totally put me off buying a decent gaming rig for VR, so I'll stick with PSVR for now and do my browsing from something more secure.

6
2
Silver badge

Re: Games Operating System

>Since we are still in the age of most games being made for Windows, I would very much like to see a stripped down OS that is just for playing games on.

I thought MS's attempt at such an OS was Xbox One which runs a variant of the Win10 code base?

4
1
Silver badge

Re: Games Operating System

I see what you're saying, but I can't really hook up an HTC Vive to it can I?

2
1
Anonymous Coward

W10 spyware

I paid my windows. And I paid fully knowing how to crack it (as I did for my penny pinching wife). I paid two windows pro licenses.

Now, I understand that google uses you as the product, as you are not paying.It is wrong, and I would prefer to pay and have privacy, but I understand it.

Now, paying and not being considered the client but hte product is not acceptable, and I just refuse to use Microsoft products as much as I can. They are not only unreliable partners for engineering/consultancy companies, but also bad for customers in general. They abuse everyone, yet expect people to like them?

9
2
Silver badge
Unhappy

Re: W10 spyware

Ah, the difference here is in the packaging: Microsoft came into this with a history, and have a notable talent for shooting themselves in the foot when it comes to marketing etc, the pop-up with no close button and options updating to Windows 10 "now" or "later" being probably the most relevant here. The fact that compared to the big players, Microsoft's tracking prior to Win10 was pretty minimal is irrelevant.

Whereas Google have a talent for painting themselves as heroes while sliding their nastiness in on the quiet - under the guise of "free stuff" and "improving your experience", they have pretty much taken control of what is now the worlds #1 mobile operating system, abused their early success in web search to take the majority share of the browser market and attempted to undermine their competitors in other markets, and introduced more ways to track and spy on our every move than I care to imagine.

It seems we are doomed to be in a race to the bottom for the crown of "most evil"...

5
2
Anonymous Coward

Re: W10 spyware

Perhaps it's because, as they say, "Nice guys finish last..."

0
0
Silver badge

the additional setting, Microsoft says, will limit telemetry to “the minimum required for Windows Analytics”

Why didn't they start like that? And make even that optional?

6
1
Anonymous Coward

There's a fifth secret level, 'asking for it', where not only are you naked to Microsoft, but you're being made water tight by them as well. This is the default level, reapplied each time you change the level to something else.

3
2
Thumb Down

I don't trust Microsoft at all...

Microsoft people are so used to lying, they've convinced themselves that's the only way to behave.

A massive group psychosis.

6
4
Silver badge
Facepalm

See also...

Of course I love you

The cheque's in the post.

I've made it perfectly clear.

Etc.

5
3
Holmes

Data is not necessary ....

"Data that is vital to the operation of Windows" and "when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly."

NO it is not necessary. Not when you do NOT USE Windows in the first place. This may be a clue to my present state of security and contentment .....

6
4
Silver badge

Re: Data is not necessary ....

Must not be a gamer, then. And don't mention consoles since they don't compare (ask Blizzard re: cross-platform play on Overwatch--it was a massacre).

0
1
Anonymous Coward

If the telemetry was supposed to be used to fix windows 10 it isn't working on my machine.... but why am I not surprised ! This software is a pile of garbage compared to linux, but unfortunately my games won't all run on linux or I'd not have one machine left running win 10 at all. Every time one of these major updates comes out there are more problems. Why can't they just fix the bloody thing !!!

5
5
Paris Hilton

Where's my app....

For sending back false data? In any situation of torture (aka Win10) you will talk in the end so the best thing to do is to talk all the time with false plausible data. At some point they will shut you up just to stop the incessant talking.

4
2
Silver badge

Re: Where's my app....

Until they start shocking you or worse for telling lies. Some torturers are savvy enough to check for lies, and Microsoft is no different. Plus consider data allowances...

0
0
Bronze badge

Host File

Is there no way of putting the telemetry server's name into the host file and redirecting it to the loop back address or would this break other things as well?

2
0
Silver badge

Re: Host File

No. The telemetry ignores the HOSTS file. Your only option is to block it at the router level. Not too hard with DD-WRT. There are tutorials on how to do this with Asus routers too.

4
0
Silver badge

Re: Host File

From what I have been told by people who know far more about the telemetry than I do (I block it by not allowing 10 on my PC... problem solved), the Windows Firewall can be used to block the telemetry (so far, at least). While Windows updates could easily change the firewall settings just as they have changed other ones, apparently they don't.

What URLs to block, though, is the big question. There are dozens of lists people have compiled for what domains to block to stop the telemetry, and they're all different-- so which ones are the right ones to block? It's not just one or two... it's dozens of them!

The telemetry MS added to 8.1 and 7 is relatively easy to remove. I've used Wireshark and not found any transmissions that appear to be telemetry... it does the CRL checking, update checking, and other such functions I still allow it to perform, but if it is doing anything beyond that, it escaped my notice. It is possible that I just overlooked it, but at the very least this would mean that the volume of data sent is small enough to not raise an eyebrow of someone specifically looking for it.

I don't know if the same methods can be used to remove the telemetry from 10. In 7 and 8.1, you can just use sc delete diagtrack to get rid of the spying service... it was never part of the original design, so nothing depends on it, and it just keeps on working without it. Maybe it would work the same with 10, maybe not. I would guess that removing the service, which has been renamed to something like connected user experience corporatespeak blather service, would do no worse than add errors to the event log, but I would also guess that there are other processes or services sending data back to the mother ship (Cortana, looking in your general direction) than what you would see on 7 or 8.1. The spying was baked in from the start in 10, not tacked on afterwards like on more desirable versions of Windows.

There were a few other things I did to thwart the telemetry, but removing that service is the most important, and some of the stuff I have read suggests that with this gone, the other deletia are superfluous. Still, I prefer the scorched-earth approach, so long as Windows is still stable. Mine is, with telemetry gone and all of the Metro/Modern apps too (8.1). Rock stable without any of that crap, it is.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing