Windows 10 & confidentiality

[Toine 0]

Hello everyone, like many of you I recently installed the Windows 10 system and it is then that I learned that there were a number of privacy concerns for users.

 

I have not linked the installation to a Microsoft account and I made the choice not my installation related to online services, and Microsoft's cloud, and on top of that I decided to block a list of url in the hosts file to prevent my PC sniffing information to Microsoft servers.

 

I also read some news sites, such arstechnica.com, no matter our installation options or the contents of the hosts file, Windows 10 does not include fee and in all cases gets informations on user.

 

I do not know yet if this is true, and no matter, I want me to take control of my data and I want to block the comunication between my system and Microsoft servers from my list, known for gathering information.

 

I would do with my firewall ESET Smart Security. I found how to block access to xx.xxx.xx.xxx IP addresses, but I do not know how to enter a url list to block access in 2 directions.

 

Thank you in advance.

[Marcos 5,074]

When creating a rule, you can select the direction for which the rule will be applied: In, Out, Both.

[ken1943 22]

Maybe when the EU really gets into it, things may change. They forced a big change with Internet Explorer and media player.  I have also said no to everything in custom install, but not inclined to sit watching a packet sniffer waiting to catch something.

Edited August 24, 2015 by ken1943

[Patch 16]

 

Hello everyone, like many of you I recently installed the Windows 10 system and it is then that I learned that there were a number of privacy concerns for users.

 

 

The issue is actually Windows 10 licence has some significant restriction

• Updates received without notice (Term 6)
• Diagnostic and usage data. Cannot be disabled (Group policy 0 setting ignored except on Enterprise versions)
• Disabling Windows 10 "Features" is also against the licence you agreement.

Together with their privacy policy

 

we may access, disclose and preserve your personal information, including your private content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary

 

The Windows 10 licence also has some significant restriction for small business and Unix / Mac sites

• Cannot install software on a device for use only by remote users (Term 2. c. (v))
• Can only remotely access from device running same or higher versions of windows (or one other user every 90 days) (Term 2. d. (v))

Your attempt to stop windows calling home is actually not allowed according to Microsoft's Windows 10 licence. In addition they are under no compulsion to honour software "Privacy" options you select during installation.

 

So while windows 10 code has some useful feature, the commercial arrangement results in it being an inferior product.

There may well be a profit to be made stock piling licences for older versions of windows.

Edited August 24, 2015 by Patch

[Toine 0]

When creating a rule, you can select the direction for which the rule will be applied: In, Out, Both.

 

Tank you, but i don't know where to enter the URLs (no IPv4) :

[rugk 397]

You could block URLs in the web protection. Or you can find out the IP address of the domains (e.g. by pinging it, using nslookup or an online service) and block these. However IPs may change, so it could possibly circumvented.

 

On the other side you have to know that the web protection does not filter HTTPS connections and only if you enable SSL scanning you can possibly filter some connections. (some connections use key pinning, which could also prevent this)

 

So personally I would do both methods, so at least one would catch. If you want to import a large number of IP addresses in ESS you can use my firewall rules generator.

Edited August 24, 2015 by rugk

[Toine 0]

You could block URLs in the web protection.

Thank you. I just did that. But now i'm thinking this is useless, let me know : in eset, this is a part of "web access", so i think this only block url from access by port 80 on web browser, but i think the system could continue to bypass this.

I try your firewall rules generator.

edit : be careful, on the MEGA link i downloaded a MEGAfile.exe

Edited August 24, 2015 by Toine

[SweX 871]

Not exactly on-topic, but here's two little tools.

 

hxxp://www.softwarecrew.com/2015/09/ashampoo-antispy-is-yet-another-windows-10-privacy-protector/

hxxp://www.softwarecrew.com/2015/08/lock-down-windows-10s-privacy-settings-with-oo-shutup10/

 

I have not tested any of them personally so I can't comment.

Both are free and basically puts together the in-built Win10 privacy settings in one GUI, which can be nice and convenient.

 

Edit: Here's a nice comparison between several Win10 privacy tools, including the two above.

hxxp://www.ghacks.net/2015/08/14/comparison-of-windows-10-privacy-tools/

"The following comparison provides you with an overview of these privacy tools highlighting the good, the bad and the ugly for each of them."

Edited September 10, 2015 by SweX

[Seth 2]

 

You could block URLs in the web protection. Or you can find out the IP address of the domains (e.g. by pinging it, using nslookup or an online service) and block these. However IPs may change, so it could possibly circumvented.

 

 

On the other side you have to know that the web protection does not filter HTTPS connections and only if you enable SSL scanning you can possibly filter some connections. (some connections use key pinning, which could also prevent this)

 

So personally I would do both methods, so at least one would catch. If you want to import a large number of IP addresses in ESS you can use my firewall rules generator.

 

What if you add those URLs to an external hardware firewall? As long as URLs dont change every IP will be blocked that is connected to the URLs?

Edited September 18, 2015 by Seth