back to article Windows 10 Creators Update will add app-level privacy controls

Microsoft's taken another small step towards addressing those worried about Windows 10's impact on their privacy by adding more controls over what apps can do in the Creators Update of the OS. Users currently have a veto over apps sharing location data; in the Fall Creator's Update, that's going to be expanded to the camera, …

  1. Updraft102

    "Security – the new setting for enterprise users only, in which what's sent home is limited to “data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender”;"

    It's still too much. What part of "no" do you not understand, MS? Ask me for the data and I may or may not decide to give it to you, but it is not yours to demand and to take without my consent.

    1. Anonymous Coward
      Anonymous Coward

      The part that starts with "n" and ends with, "Just try to run Windows-exclusive apps without us. Oh, and don't try blocking us wholesale or you'll block the security updates, too."

  2. herman

    One word: ShutUp10

  3. a_yank_lurker

    Spyware-as-a-Service

    There is one setting missing - permanently off. Also, the ability to remove Craptana, Imbecile Explorer, and the other unworthy - Edge.

  4. Anonymous Coward
    Anonymous Coward

    Take a Stand...

    * Its now or never boys & girls. You can't rely on ShutUp10 or any other tool, because its a game of endless privacy whac-a-mole. Why? Forced updates means M$ means can defeat your defenses anytime they want and they will!

    * Instead, install a flavor of Linux i.e. Mint and enjoy FOSS as an added bonus... Or don't, but remember that M$ plan to converge into Facebook-Mark-II. Speaking of which look at how FB lied to regulators about extensive tracking of EVERYBODY, but got off like a politician's excuse:

    ~~~~~~~~~~

    https://forums.theregister.co.uk/forum/1/2017/09/11/facebook_fined_12m_by_spain/

    ~~~~~~~~~~

    * Blood-sucking tech corporations would be nothing if people deserted them... I closed FB, you could too. I refused Win10, in fact after working one-time for M$, I disconnected Win7 boxes 5-years ago when I stopped updates. Hey, life went on... So how about not using either service in a co-ordinated fashion for an extended time?

    * Cease being a <Strigoi for The Master>....

    1. Julian 8 Silver badge

      Re: Take a Stand...

      You can stop automatic updates via gpedit / group policy

      I have done so on one of my machines at home as the last time it updated it boots, works for an indeterminate time and then dies.

      Waiting for this update to see what it does

    2. wallaby

      Re: Take a Stand...

      OH FFS

      "* Instead, install a flavoUr of Linux i.e. Mint and enjoy FOSS as an added bonus... "

      and off go the penguins - Oh the tedium

      And FTFY

      Awaits down-votes from penguins and across the pond alike - build it and they will come.

      1. BazzF

        Re: Take a Stand...

        I've no problem with installing Linux. As soon as it's usable for my everyday needs, I will. That means all my games and all my photo editing software.

        Until then it's just a toy OS for me to play with occasionally.

        1. Solarflare

          Re: Take a Stand...

          I run flavours of *nix as well as Windows. Each have their uses. Gaming in Linux is still almost non-existent (even hacking together something with Wine is a shot in the dark at best) and there is still a large majority of enterprise software which will only work on Windows.

          Linux works for home users who either only check emails or who are die hard power users and don't care about anything that doesn't run on it.

          1. hplasm
            Gimp

            Re: Take a Stand...

            "... a large majority of enterprise software which will only work on Windows."

            Said a senior Powerpoint user.

            1. Charles 9

              Re: Take a Stand...

              Who's probably also ON THE BOARD. People value their jobs...

          2. Updraft102

            Re: Take a Stand...

            I can only hope that Vulkan really takes off in a big way, as this would make it far easier to game on Linux without any WINE-related issues. Most of the WINE difficulties now (slowness, glitching, incompatibility that you have to fiddle with endlessly to get some things to work, if they ever do) have to do with the DirectX to OpenGL translation. With a native API that doesn't need translation, many more things will work in WINE, and the WINE devs can concentrate on the remaining non-API problems instead of the more difficult (and presently more important) API translation.

        2. hplasm
          Windows

          Re: Take a Stand...

          "Until then it's just a toy OS for me to play with occasionally."

          Well as a Windows user, you are used to using a Toy OS...

          1. bombastic bob Silver badge
            FAIL

            Re: Take a Stand...

            "as a Windows user, you are used to using a Toy OS..."

            this goes double for Win-10-nic [the Playskool version, dumbed down to the level of pre-school children]

            thanks, Micro-shaft, for adding spyware and then "giving" us incremental ways to "block" it, like you're doing us a favor now... [but ONLY for 'Enterprise']

        3. inmypjs Silver badge

          Re: Take a Stand...

          "Until then it's just a toy OS"

          I would rather be running a toy than a joke.

        4. Richard Plinston

          Re: Take a Stand...

          > That means all my games and all my photo editing software.

          > Until then it's just a toy OS for me to play with occasionally.

          You don't seem to see the irony in using Windows to play games and then accusing Linux of being a 'toy'.

          1. Charles 9

            Re: Take a Stand...

            I don't see the irony. What do the professional gamers use, after all? Sure as heck not Linux, as Overwatch (among many other competitive games) is not supported on Linux and you can't use consoles because cross-platform play proved to be a disaster.

        5. Teiwaz

          Re: Take a Stand...

          That means all my games..Until then it's just a toy OS.

          Oh, the irony....

  5. Anonymous Coward
    Anonymous Coward

    Bring me my Shield

    Bring me my Pants on Fire.

  6. Dwarf

    Until you can work out what off means

    Then you can **** off with your unwanted spying - irrespective of how good or bad the rest of the product is.

    This applies to all users, not just those with the deeper pockets who you want to annoy the least.

    1. Charles 9

      Re: Until you can work out what off means

      But since so much software (including business-critical software) REQUIRES Windows, as the song goes, "You might as well be Walking on the Sun..."

  7. Anonymous Coward
    Anonymous Coward

    Can we even trust Microsoft anymore? (if we ever did?)

    This week we found out Windows 10 Pro Anniversary Update 1607 'Defer Feature Updates' toggle switch works back to front, so for users with the option 'on' (to defer feature updates), they are pestered constantly to upgrade to Creators Update 1703 and for users with this option 'off', not to defer feature updates, they will never receive it. (Unless a patch is released, correcting the operation of the switch). Is this malicious intent or just extreme stupidity?

    You can have all the privacy switches you want, but if the fundamental operation of the toggle switch doesn't operate as you'd expect, who knows what is actually being sent to Microsoft and when. What is protected, what isn't.

    Of course, when it comes to the crunch, this is their (Microsoft's) get out, "Oh we made 'a mistake' with how we presented the Privacy option to the user, Sorry", but they still have your data, so it matters little to them.

  8. Anonymous Coward
    Anonymous Coward

    Just more bandaid

    on top of bandages on top of old bandaid that is sitting on a festering wound full of gangrene.

    Won't make any difference to the outcome.

  9. Anonymous Coward
    Anonymous Coward

    This:

    "in which what's sent home is limited to “data about the Connected User Experience and Telemetry component settings".

    So, if I turn off every bit of telemetry that I can, what parts of the snooping routines I have turned off is sent to slurp.

    No doubt so they can add a new snoop routine which collects the same data as the one you disabled but decides to not tell you about it!

    Dear MS, let me make this REALLY fucking simple.

    I mean, FFS, it's so easy its even already in binary. We want an ON-OFF switch. That's it!!!!!

    Data slurp all, data slurp none. Not a difficult concept.

    1. Charles 9

      Re: This:

      Then you want data slurp all with no alternatives. You want data slurp none? HA! You couldn't afford it. Either unplug or get the business-friendly legislatures to force the issue.

  10. Anonymous Coward
    Anonymous Coward

    Like someone who won't answer a question directly

    While they make a perfunctory nod towards people's privacy concerns, they wilfully remain obtuse. I use a variant without the creepy digital snitch Cortana, and with which I've got telemetry set to level Security; but folks using any version should be able to set it the same.

    IMHO they again miss the opportunity to build trust.

    1. Charles 9

      Re: Like someone who won't answer a question directly

      Why do you need trust when you still have quite a captive market? Just look at how abysmally Valve has been trying to get headline games on Linux.

  11. Julian 8 Silver badge

    %appdata%

    Be nice if they stopped apps from installing from %appdata% or provided someway to force the apps to the relevant %programfiles% or %programfiles(x86)%

    allowing apps to run form there is a major pain, and it is not always easy to just use security restrictions to block the option as a number of apps want to install there with no alternative option

    HASHING is OK to a point and folders are a bit of a pain in a corporate environment

    1. Reue

      Re: %appdata%

      Use Applocker. I've just set it up in our environment.

      It helps if you set up event log forwarding first and run the applocker policy in Audit mode for a couple of weeks so you can monitor what would be blocked and then add them to the whitelist. I did it this way and received only a couple of calls for false positives once the policy was switched over to enforce.

    2. Sandtitz Silver badge
      Unhappy

      Re: %appdata%

      "Be nice if they stopped apps from installing from %appdata% or provided someway to force the apps to the relevant %programfiles% or %programfiles(x86)%"

      That's just due to crappy software developers. Suunto and Spotify are two idiot companies that flat out deny installation to %programfiles%. I'm sure there are plenty of others too. And the Onedrive installer in %appdata% is another MS brainfart.

      Hashing is not enough since these programs autoupdate themselves from time to time so either the new executable or the updater fail to launch. Unless you're there to unblock each new executable, it may be just easier to allow certain folders or just flat out deny these programs and tell the users to use their mobile or home computer for those programs.

  12. Julian 8 Silver badge

    US Gvt and so on

    After they block Kaspersky Antivirus, are they going to do the same to MS Windows with all the crap and sniffing it does ?

    1. Roland6 Silver badge
      Pint

      Re: US Gvt and so on

      You got it the wrong way round. They blocked Kaspersky because it was capable of detecting their bugs and blocking them. MS with Win10 and Apple with iPhone X Face Id are producing systems that TPTB can access, hence the target list is all those vendors of products that make life difficult for the TPTB, thus the next target for the Kaspersky treatment is.... Linux - controlled by a Finnish-American madman :)

  13. Sir Runcible Spoon

    Games Operating System

    Since we are still in the age of most games being made for Windows, I would very much like to see a stripped down OS that is just for playing games on.

    In fact, this whole Win10 data slurping 'you don't own your stuff' shit has totally put me off buying a decent gaming rig for VR, so I'll stick with PSVR for now and do my browsing from something more secure.

    1. Roland6 Silver badge

      Re: Games Operating System

      >Since we are still in the age of most games being made for Windows, I would very much like to see a stripped down OS that is just for playing games on.

      I thought MS's attempt at such an OS was Xbox One which runs a variant of the Win10 code base?

      1. Sir Runcible Spoon

        Re: Games Operating System

        I see what you're saying, but I can't really hook up an HTC Vive to it can I?

  14. Anonymous Coward
    Anonymous Coward

    W10 spyware

    I paid my windows. And I paid fully knowing how to crack it (as I did for my penny pinching wife). I paid two windows pro licenses.

    Now, I understand that google uses you as the product, as you are not paying.It is wrong, and I would prefer to pay and have privacy, but I understand it.

    Now, paying and not being considered the client but hte product is not acceptable, and I just refuse to use Microsoft products as much as I can. They are not only unreliable partners for engineering/consultancy companies, but also bad for customers in general. They abuse everyone, yet expect people to like them?

    1. RyokuMas
      Unhappy

      Re: W10 spyware

      Ah, the difference here is in the packaging: Microsoft came into this with a history, and have a notable talent for shooting themselves in the foot when it comes to marketing etc, the pop-up with no close button and options updating to Windows 10 "now" or "later" being probably the most relevant here. The fact that compared to the big players, Microsoft's tracking prior to Win10 was pretty minimal is irrelevant.

      Whereas Google have a talent for painting themselves as heroes while sliding their nastiness in on the quiet - under the guise of "free stuff" and "improving your experience", they have pretty much taken control of what is now the worlds #1 mobile operating system, abused their early success in web search to take the majority share of the browser market and attempted to undermine their competitors in other markets, and introduced more ways to track and spy on our every move than I care to imagine.

      It seems we are doomed to be in a race to the bottom for the crown of "most evil"...

      1. Anonymous Coward
        Anonymous Coward

        Re: W10 spyware

        Perhaps it's because, as they say, "Nice guys finish last..."

  15. Doctor Syntax Silver badge

    the additional setting, Microsoft says, will limit telemetry to “the minimum required for Windows Analytics”

    Why didn't they start like that? And make even that optional?

  16. Anonymous Coward
    Anonymous Coward

    There's a fifth secret level, 'asking for it', where not only are you naked to Microsoft, but you're being made water tight by them as well. This is the default level, reapplied each time you change the level to something else.

  17. Anonymous Coward
    Thumb Down

    I don't trust Microsoft at all...

    Microsoft people are so used to lying, they've convinced themselves that's the only way to behave.

    A massive group psychosis.

  18. Zog_but_not_the_first
    Facepalm

    See also...

    Of course I love you

    The cheque's in the post.

    I've made it perfectly clear.

    Etc.

  19. BobChip
    Holmes

    Data is not necessary ....

    "Data that is vital to the operation of Windows" and "when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly."

    NO it is not necessary. Not when you do NOT USE Windows in the first place. This may be a clue to my present state of security and contentment .....

    1. Charles 9

      Re: Data is not necessary ....

      Must not be a gamer, then. And don't mention consoles since they don't compare (ask Blizzard re: cross-platform play on Overwatch--it was a massacre).

  20. Anonymous Coward
    Anonymous Coward

    If the telemetry was supposed to be used to fix windows 10 it isn't working on my machine.... but why am I not surprised ! This software is a pile of garbage compared to linux, but unfortunately my games won't all run on linux or I'd not have one machine left running win 10 at all. Every time one of these major updates comes out there are more problems. Why can't they just fix the bloody thing !!!

  21. Fading
    Paris Hilton

    Where's my app....

    For sending back false data? In any situation of torture (aka Win10) you will talk in the end so the best thing to do is to talk all the time with false plausible data. At some point they will shut you up just to stop the incessant talking.

    1. Charles 9

      Re: Where's my app....

      Until they start shocking you or worse for telling lies. Some torturers are savvy enough to check for lies, and Microsoft is no different. Plus consider data allowances...

  22. Not also known as SC

    Host File

    Is there no way of putting the telemetry server's name into the host file and redirecting it to the loop back address or would this break other things as well?

    1. Wade Burchette

      Re: Host File

      No. The telemetry ignores the HOSTS file. Your only option is to block it at the router level. Not too hard with DD-WRT. There are tutorials on how to do this with Asus routers too.

      1. Updraft102

        Re: Host File

        From what I have been told by people who know far more about the telemetry than I do (I block it by not allowing 10 on my PC... problem solved), the Windows Firewall can be used to block the telemetry (so far, at least). While Windows updates could easily change the firewall settings just as they have changed other ones, apparently they don't.

        What URLs to block, though, is the big question. There are dozens of lists people have compiled for what domains to block to stop the telemetry, and they're all different-- so which ones are the right ones to block? It's not just one or two... it's dozens of them!

        The telemetry MS added to 8.1 and 7 is relatively easy to remove. I've used Wireshark and not found any transmissions that appear to be telemetry... it does the CRL checking, update checking, and other such functions I still allow it to perform, but if it is doing anything beyond that, it escaped my notice. It is possible that I just overlooked it, but at the very least this would mean that the volume of data sent is small enough to not raise an eyebrow of someone specifically looking for it.

        I don't know if the same methods can be used to remove the telemetry from 10. In 7 and 8.1, you can just use sc delete diagtrack to get rid of the spying service... it was never part of the original design, so nothing depends on it, and it just keeps on working without it. Maybe it would work the same with 10, maybe not. I would guess that removing the service, which has been renamed to something like connected user experience corporatespeak blather service, would do no worse than add errors to the event log, but I would also guess that there are other processes or services sending data back to the mother ship (Cortana, looking in your general direction) than what you would see on 7 or 8.1. The spying was baked in from the start in 10, not tacked on afterwards like on more desirable versions of Windows.

        There were a few other things I did to thwart the telemetry, but removing that service is the most important, and some of the stuff I have read suggests that with this gone, the other deletia are superfluous. Still, I prefer the scorched-earth approach, so long as Windows is still stable. Mine is, with telemetry gone and all of the Metro/Modern apps too (8.1). Rock stable without any of that crap, it is.

      2. quxinot

        Re: Host File

        pfsense for the win.

        The bitch of it is that it shouldn't be necessary. Make telemetry opt-out, fine, but include an OFF setting. And respect it (along with other preferential settings).

        How difficult would it be to include a couple different UI options, while we're at it?

        I suspect that if MS allowed a 'retro' interface (i.e., 7's UI, even a 2000 setting), allowed telemetry to be turned off, had a couple of options for how the start menu worked, and allowed user control over updates.... 95% of the people that hate Win10 would cheerfully use it.

        And yet, it isn't gonna happen.

        1. Charles 9

          Re: Host File

          Because it's more or less a captive market, especially re: new computers. Why play nice if your customers have no practical alternatives? It's not like most of these people can simply unplug.

  23. Captain Scarlet Silver badge

    W10 spying

    My W10 machine has all the privacy stuff on, yet my phone knows where I have been (As I find the traffic updates to be very useful) and probably slurps 10x more information about me.

    I don't think I can lay into MS in regards data slurping (Who the hell wants to know I watch Youtube and play Dota2), most times its annoying when updates start asking questions as often relatives will do what I tell them to and query it (Just fecking update damnit).

  24. Anonymous Coward
    Anonymous Coward

    Sorry Microsoft

    All I need for Windows is to run legacy and win32 programs properly: the onus is on their devs to beef up their security.

    If by 'apps' you mean those stuff you download from the Windows app store and requires a Microsoft account... sorry, I want no part of it.

    Imagine sharing your location data while you're at the desk on a PC... what a farce! Already I've seen some websites popping up a prompt asking for permission to share my location data.

    1. bombastic bob Silver badge
      Trollface

      Re: Sorry Microsoft

      "Imagine sharing your location data while you're at the desk on a PC..."

      and getting it wrong, because your "location" is at the office of your ISP, a hundred miles away [seen that, laughed]

      1. Anonymous Coward
        Anonymous Coward

        Re: Sorry Microsoft

        I use a VPN and, since I spend most of my time on UK/EU sites, the exit point is in Europe. Damn few sites get it right even when I do give permission. So joining in the laughter.

  25. SVV

    Creator's Edition

    Is this just some lame, desperate attempt to convince people that by using it they will become magically "creative"?

    Or is it a more sinister cross-cultural attempt to suggest divine providence for this miraculous piece of software ?

    Or maybe some weird hybrid of the two : "God could have designed the universe much more quickly if he'd had Mirosoft(tm) Windows(tm) 10 Creator's edition."

    1. Anonymous Coward
      Anonymous Coward

      Re: Creator's Edition

      It's Microsoft trying to be a trendy hipster, probably trying to raise a generation of Microsoft fanboys (millennials) by appealing to their inclinations.

      Observe SatNad's attire when he gives a presentation on stage. It's like he had raided Steve Jobs' wardrobe. Gone are the days of the 'boring suits' personified by Steve Ballmer.

  26. Anonymous Coward
    Anonymous Coward

    MS usage data = legal risk to organisations that process confidential data

    As organisations consider transitioning to Windows 10, the new mandatory data collection policy could pose a risk to anyone responsible for processing confidential information. Every file name a user opens, every URL they request etc. is relayed across the open internet. This could leak confidential information to an intercept, or provide useful information for hackers to obtain such information.

    In the interests of data security and legal compliance, organisations handling sensitive data should plan to migrate to a professional / enterprise-grade Operating System that does not expose their data in this way.

  27. Anonymous Coward
    Anonymous Coward

    Can i suggest:

    http://www.sphinx-soft.com/Vista/index.html

    I use it on all my machines.

    Brilliant piece of software.

    Basically, anything that tries to establish an outside connection if flagged until you allow / block.

    Some things it alerted me to on my Win7 Laptop:

    GWXDetector

    GWXExperience

    Microsoft Compatibility Telemetery

    Needless to say, these are now all blocked!!!

    It's another weapon in the fight to keep MY data out of their hands.

    Also helpful for clobbering malware when it attempts to connect to its C&C servers.

    1. Charles 9

      Re: Can i suggest:

      Thing is, I don't think they work with Windows 10 since the slurping there occurs at the kernel level, below anything that could intercept or block it on the machine. You basically need a physical firewall outside the machine to do any effective blocking.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like