EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-06-2017, 01:04
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 246
Rept. Given: 0
Rept. Rcvd 253 Times in 90 Posts
Thanks Given: 0
Thanks Rcvd at 61 Times in 29 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
Official Windows 10 spying list

Today Microsoft released an official list of all the ways Windows 10 is spying on its users by calling it "diagnostics data". In the past most of these things were considered as horror stories and the only thing people could agree on was that the spying is so complex that only Microsoft knows what is transmitted.

https://technet.microsoft.com/itpro/windows/configure/windows-diagnostic-data

And this is just a list of things Microsoft officially admits to. The special Windows 10 version for China which recently was released as beta version is supposed to contain even more spy functions...
Reply With Quote
The Following 4 Users Say Thank You to Kerlingen For This Useful Post:
alekine322 (04-17-2017), LaDidi (04-19-2017), Shub-Nigurrath (04-07-2017), tonyweb (04-15-2017)
  #2  
Old 04-13-2017, 19:29
surferxyz surferxyz is offline
Friend
 
Join Date: Jan 2005
Location: Planet Earth
Posts: 42
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 6 Times in 3 Posts
surferxyz Reputation: 2
There are a number of programs that configure windows with the intention of stopping the telemetry, but I havnt seen anyone validate if the tools work.

For example you could configure a machine then maybe intercept all the windows communication (has anyone actually decoded the telemetry data?), and watch for network connections when none should be happening on a clean install.

I noticed there is a persistent connection to a microsoft server for "push" notifications which was not disabled by tools like "shutup10"

I think I just ended up having to track it down and disable the service myself.

From the ones I have looked at, none of them seem to do a particularly great job preventing what I consider unwanted communication with microsoft... but this project seemed fairly good:

https://github.com/Nummer/Destroy-Windows-10-Spying/releases

Also you can run the LTSB version of windows 10, which probably wont change all your configuration without your permission, although I never really checked.

Last edited by surferxyz; 04-13-2017 at 19:50.
Reply With Quote
The Following User Gave Reputation+1 to surferxyz For This Useful Post:
niculaita (04-14-2017)
The Following 3 Users Say Thank You to surferxyz For This Useful Post:
alekine322 (04-17-2017), an0rma1 (05-20-2017), niculaita (04-14-2017)
  #3  
Old 04-19-2017, 14:40
LaDidi LaDidi is offline
VIP
 
Join Date: Aug 2004
Posts: 155
Rept. Given: 2
Rept. Rcvd 10 Times in 9 Posts
Thanks Given: 7
Thanks Rcvd at 7 Times in 5 Posts
LaDidi Reputation: 10
It's a good beginning if Microsoft publish collected informatons by Windows 10.
Only if they maintain the web page..
Reply With Quote
  #4  
Old 05-20-2017, 04:09
an0rma1 an0rma1 is offline
Friend
 
Join Date: Feb 2002
Posts: 162
Rept. Given: 105
Rept. Rcvd 25 Times in 16 Posts
Thanks Given: 152
Thanks Rcvd at 40 Times in 18 Posts
an0rma1 Reputation: 25
@surferxyz: i am using here shutup10. Do you think is best to user other program? I thought this was very complete. Thanks
Reply With Quote
  #5  
Old 05-20-2017, 20:37
surferxyz surferxyz is offline
Friend
 
Join Date: Jan 2005
Location: Planet Earth
Posts: 42
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 6 Times in 3 Posts
surferxyz Reputation: 2
Quote:
Originally Posted by an0rma1 View Post
@surferxyz: i am using here shutup10. Do you think is best to user other program? I thought this was very complete. Thanks
I think shutup10 is alright as a quick way to setup a new windows 10 install, I haven't seen any research on exactly what communication is remaining from windows to microsoft after these tools are run.

But I can confirm that with shutup10 the "WpnService" (windows push notification service) is still running after you used the tool, resulting in a persistent connection to microsoft, which I feel like should be an option to turn off in the tool (and therefore I would say it is not doing a very good job/living up to its name). However I found basically all the other similar tools had the same deficiency.

I don't think any are "very complete", and I'd like to see a good technical review of what communication remains, and exactly what risks are involved with allowing unfiltered windows update communication.

Also I had the idea that, it might be good to intercept the windows update process, and use a out of band web of trust mechanism to confirm that everyone is also receiving the same updates (so for example preventing Microsoft from pushing out a backdoor update just targeting you/or a subset of users)

I know you can kind of do that already by using WSUS, but that seems too heavy for the simple kind of validation I have in mind.
Reply With Quote
  #6  
Old 06-13-2017, 11:19
Debugger Debugger is offline
Friend
 
Join Date: May 2013
Location: World of Objects
Posts: 43
Rept. Given: 53
Rept. Rcvd 8 Times in 6 Posts
Thanks Given: 58
Thanks Rcvd at 12 Times in 7 Posts
Debugger Reputation: 8
I use Destroy Windows 10 spying in conjunction with Shutup10 plus private firewall to see where my beloved windows is connecting to.
Reply With Quote
  #7  
Old 06-13-2017, 15:53
Fyyre's Avatar
Fyyre Fyyre is offline
VIP
 
Join Date: Dec 2009
Location: 0xfffffffe
Posts: 115
Rept. Given: 38
Rept. Rcvd 57 Times in 26 Posts
Thanks Given: 9
Thanks Rcvd at 50 Times in 11 Posts
Fyyre Reputation: 57
werfault.exe send data Microsoft whenever application fault. Not matter what setting you place for "Windows Error Reporting".

You can disable with secpol.msc

Software Restriction Policy (if no exist), add policy.

Additional Rules. Right click; add Disallow entry. Type: Path .. Name: WerFault.exe
Attached Images
File Type: png policy.png (34.1 KB, 8 views)
__________________
-Fyyre

--
http://twitter.com/Fyyre
http://fyyre.ru
Reply With Quote
The Following 2 Users Say Thank You to Fyyre For This Useful Post:
niculaita (06-14-2017), TechLord (06-13-2017)
  #8  
Old 06-15-2017, 16:31
cnbragon cnbragon is offline
Friend
 
Join Date: Nov 2010
Posts: 21
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
cnbragon Reputation: 1
Does win10 collect these information by default? Is there any method to turn off this function?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
It's Official: ASPack software is Dead TmC General Discussion 8 08-11-2007 07:49
Yahoo spying on you !! ferrari General Discussion 2 02-24-2004 23:17


All times are GMT +8. The time now is 16:49.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX