According To 8chan's /tech/, Windows 10 Could Be Fairly Malicious

[GoodBytes]

Mods please shut this thread down it has no reason to be kept alive anymore...

Sorry, but I do not mod threads I participate in. Use the report system and another mod will evaluate the situation.

[SpaghettiCarbonara]

You are being wilfully blind because that screenshot is from a news article that @SpaghettiCarbonara has posted at least twice in this thread now.

He may have posted it before,

 

I think you're talking about @Astralify

 

Gotta give it to 4chan/8chan, they sure know how to stir shit up...and they control the internet too...

 

Hoh boy... Sorry to disappoint you but they're mainly just a bunch of shitposters, the amount of things they can control can be counted on one hand

 

I feel like some people participating in this conversation don't read all of the post/comment.

 

You and me both, pal

 

It's not directly mentioned in the PP. It's a sum up from the EDRi article.

 

You are welcome.

Also, we know that government agencies will get info from basically everywhere if they want, the thing is that Windows 10 can get so much more information about you and your activities like nothing else before. And everything is so well organized by micro$oft. With things like your unique ID and shit.

Also, here is another article from RT. Quote of interest:

Peace.

Thanks again dude, I'll add it to the OP

 

Mods please shut this thread down it has no reason to be kept alive anymore...

 

I'd rather they didn't. If this is legit, people need to know and I'd like this thread to stay alive for information gathering purposes. However, I agree that it's mostly useless arguing at this point.

 

 

So for anyone who reads this, I'd appreciate it if you stopped arguing over your different opinions and what-not in this thread. Bring real information and evidence to the table and argue via PM if you must. We gotta keep this thread clean and tidy!

[Solkia]

 

 

If I get some timer over I'll try and monitor some traffic. Would a screenshot of suspicious packets leaving my computer and going to a Microsoft server be sufficient evidence? I could also post instructions on how to replicate the results for others to try out in case you accuse me of faking it.

 

 

Please do

[GoodBytes]

Sure, but don't get confused with the Windows Activation, and OneDrive integration which syncs your files and OS settings between your devices, and of course Windows update.

[LAwLz]

Please do

Not going to bother if the Microsoft defence force will just ignore it. I don't know how often it will send info so it might take minutes or several days. It's a lot of work I'd rather not put in.

 

If you're wondering what I would do, I would install wireshark and then filter out all the regular stuff and just wait for anything strange to appear. When it does I'd check the destination IP and then try and see what the packet contains.

[Uwillparish]

Does this mean i shouldnt jump ship on windows 7 and go to 10, need confirmation here

[LAwLz]

Does this mean i shouldnt jump ship on windows 7 and go to 10, need confirmation here

It depends. I have installed Windows 10 and it does have some really nice benefits. If privacy is a top priority then you might want to not install 10.

[Uwillparish]

It depends. I have installed Windows 10 and it does have some really nice benefits. If privacy is a top priority then you might want to not install 10.

well, i guess i will have to install a separate partition, my porn is private, thanks microsoft  

[Nowak]

People, people! Keep it civil in here. There is no confirmed data on what information Microsoft collects from your PC, for all we know it could be just things like for Cortana, search suggestions when searching the internet through Cortana and telemetry data such as how long it takes to open Application X or Windows App Y on your PC or it could be the entirety of what you do with your PC. I can understand being concerned about your privacy, but please. Don't jump to the conclusion that MS is literally the NSA or whatever. There's minimal evidence to confirm or deny that just yet.

[mr moose]

The privacy policy is pretty standard, it allows/informs you that MS has to pass your details on to banks/paypal/financial institutions in order to process purchases, pass on any information under court order or as part of any data laws in there respective countries.  And the third party sharing of information allows them to outsource services they sell to you.  For example without that clause they might have trouble sending you your purchase because they can't share your address with a third party shipping company.  You'll find almost every privacy policy is exactly the same. 

 

Also interesting to note that they print in black and white that they will not use content (email content, personal files, chat, documents, video etc) to direct ads.

 

 

Not saying it isn't bad (or good or anything really) Just saying without it there is a lot of normal operations they couldn't do because it requires sharing information.  Also It reads almost identical to privacy policies from HP, ebay, paypal, facebook.

 

 

It's not undisclosed, the privacy policy tells you what is excluded from the data they collect, and they tell you what they are doing with it.   Many security companies have poured over windows before, MS even sends the whole source code to governments in order to show they have nothing to hide and aren't doing the dirty on their customers.

 

 If someone does (from source code or showing proof the data sent back to MS was in a private document/email), then I will believe it, but until that time I refuse to make an assumption and jump up and down like someone kicked my cat.

 

I highly doubt MS sends back unencrypted data.  So unless MS are sending personal data as plain text you won't be able to prove anything. Proof cannot be an unreadable data set that could be anything.

 

I don't think you've read my posts and are making a bunch of assumptions. I never said anything about them reading my emails and stuff. Go back a few posts and you will see that I got 2 issues with this.

 

1) That they are collecting info and we have no way of turning it off. Do you agree that this is the case? If you don't then I will gladly show you the settings as well as start monitoring traffic so I can capture some packets. If you don't believe me now, would those things be solid evidence enough to make you believe me? We are not talking about what is being sent here, just that they are doing it.

 

2) We don't know what info they are collecting. The settings and policies are pretty vague, we can't preview the data before it's being send and we don't get a detailed list of exactly what things they are collecting. Do you agree that we can't see these things? I can't prove a negative so if you disagree then I would like you to show me for example a list of exactly what they are collecting, or show me where I can preview the data being collected.

 

 

Do you or do you not agree that both of these things are true and if you do, don't you agree that they are bad in terms of customer privacy?

 

 

 

 

Why not? The thread is still on topic and clearly people want to discuss it.

 

I haven't made any assumptions nor have I changed my stance.  I still believe they do not collect private data (as many are claiming they do), and no one here has been able to show that they either are or claim to.

[LAwLz]

I highly doubt MS sends back unencrypted data.  So unless MS are sending personal data as plain text you won't be able to prove anything. Proof cannot be an unreadable data set that could be anything.

 

I haven't made any assumptions nor have I changed my stance.  I still believe they do not collect private data (as many are claiming they do), and no one here has been able to show that they either are or claim to.

So you're still not reading my posts... Again, I am not out to prove that Microsoft are stealing very personal information about me. You're assuming that I am, but that's not what I am arguing for. Like I said in my other post, these are the issues I have:

 

1) That they are collecting info and we have no way of turning it off. Do you agree that this is the case? If you don't then I will gladly show you the settings as well as start monitoring traffic so I can capture some packets. If you don't believe me now, would those things be solid evidence enough to make you believe me? We are not talking about what is being sent here, just that they are doing it.

 

2) We don't know what info they are collecting. The settings and policies are pretty vague, we can't preview the data before it's being send and we don't get a detailed list of exactly what things they are collecting. Do you agree that we can't see these things? I can't prove a negative so if you disagree then I would like you to show me for example a list of exactly what they are collecting, or show me where I can preview the data being collected.

 

And you didn't answer my question:

Do you or do you not agree that both of these things are true and if you do, don't you agree that they are bad in terms of customer privacy?

 

 

You're having a completely different conversation than I am. I have not claimed that they are selling my emails to someone but that's what you keep asking me to prove. I won't try and prove that because that's not related to the 2 issues I mentioned earlier. You might as well ask me to prove that 9/11 was/wasn't an inside job. The conclusion won't change anything anything about the 2 issues I am having.

[mr moose]

So all that about not using the content of our emails and such was just a load of bullshit because as soon as Microsoft feels like it, they can and will access it.

 

 

So you're still not reading my posts...

 

That's just one post, I am sure you've said on more than one occasion that MS are reading our private content.

 

EDIT: I should probably add that with regard to proving 9/11,  that is life, you don't get to claim assumptions are facts just because disproving them is inconveniently hard.  If that was the case you'd have to accept there is a GOD. 

[LAwLz]

That's just one post, I am sure you've said on more than one occasion that MS are reading our private content.

That wasn't related to our conversation which started several pages before that post. It is also unrelated to my two issues. Oh and you yet again avoided my question for some reason. I don't understand why you won't answer it. It's not a loaded question. It's a question to clear up the any potential confusion because I really feel like we are having two separate discussions here. You're talking and defending one thing and I am talking and attacking another.

[matwoodson]

[emoji23][emoji23][emoji23] you thought it wasn't gonna be

[mr moose]

That wasn't related to our conversation which started several pages before that post. It is also unrelated to my two issues. Oh and you yet again avoided my question for some reason. I don't understand why you won't answer it. It's not a loaded question. It's a question to clear up the any potential confusion because I really feel like we are having two separate discussions here. You're talking and defending one thing and I am talking and attacking another.

 

 

I don't think you've read my posts and are making a bunch of assumptions. I never said anything about them reading my emails and stuff. Go back a few posts and you will see that I got 2 issues with this.

 

So all that about not using the content of our emails and such was just a load of bullshit because as soon as Microsoft feels like it, they can and will access it.

 

I'm sorry but claiming you where saying it to someone else doesn't change the fact you said it and that it is apart of this conversation.

I have already addressed everything you have asked, I don't know what else to tell you.

[LAwLz]

I'm sorry but claiming you where saying it to someone else doesn't change the fact you said it and that it is apart of this conversation.

I have already addressed everything you have asked, I don't know what else to tell you.

1) Our argument started long before I made that post and it was not directed at you. Also it was not related to the telemetry data but rather a general statement (which is true, they have built in the functionality to do it, they have the legal rights to use it, and they will use it if they want to). You're taking quotes out of context. Would you be happy if I revised my "I never said anything about them reading my emails and stuff" to "I never said anything about them reading my emails and stuff in our discussion. I have mentioned it in other contexts though."?

2) It's still not relevant to the two issues I am having and have repeated over and over again in the last 2 posts to make it 100% clear exactly what I think is bad.

3) You haven't answered my question:

1) That they are collecting info and we have no way of turning it off. Do you agree that this is the case? If you don't then I will gladly show you the settings as well as start monitoring traffic so I can capture some packets. If you don't believe me now, would those things be solid evidence enough to make you believe me? We are not talking about what is being sent here, just that they are doing it.

 

2) We don't know what info they are collecting. The settings and policies are pretty vague, we can't preview the data before it's being send and we don't get a detailed list of exactly what things they are collecting. Do you agree that we can't see these things? I can't prove a negative so if you disagree then I would like you to show me for example a list of exactly what they are collecting, or show me where I can preview the data being collected.

 

 

Do you or do you not agree that both of these things are true and if you do, don't you agree that they are bad in terms of customer privacy?

It's two simple yes/no questions. And no, you haven't addressed it, at least not explicitly.

[mr moose]

I don't think you've read my posts and are making a bunch of assumptions. I never said anything about them reading my emails and stuff. Go back a few posts and you will see that I got 2 issues with this.

 

1) That they are collecting info and we have no way of turning it off. Do you agree that this is the case? If you don't then I will gladly show you the settings as well as start monitoring traffic so I can capture some packets. If you don't believe me now, would those things be solid evidence enough to make you believe me? We are not talking about what is being sent here, just that they are doing it.

 

2) We don't know what info they are collecting. The settings and policies are pretty vague, we can't preview the data before it's being send and we don't get a detailed list of exactly what things they are collecting. Do you agree that we can't see these things? I can't prove a negative so if you disagree then I would like you to show me for example a list of exactly what they are collecting, or show me where I can preview the data being collected.

 

 

Do you or do you not agree that both of these things are true and if you do, don't you agree that they are bad in terms of customer privacy?

 

 

 

 

Why not? The thread is still on topic and clearly people want to discuss it.

 

 

1. I have already answered, so has goodbytes, and if you search google you'll find a few articles on how to turn it off also.

 

Sensationalist articles sell, but they all include the steps you can take to turn it off.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/windows-10-spying-how-to-opt-out-of-microsofts-intrusive-terms-of-use-10432300.html

https://www.reddit.com/r/Windows10/comments/3f38ed/guide_how_to_disable_data_logging_in_w10

http://www.rockpapershotgun.com/2015/07/30/windows-10-privacy-settings/

 

2. As I have said several times now, the privacy statement states what data they are collecting, anything outside of that is illegal,  and only an assumption at any rate.

 

So if you ask me again I can only assume it's because you don't like the answer as opposed to not getting one.

 

 

Also, just so you know,  claims are claims, posting them in an open forum is posting them to and for everyone to read.  You said it and can't undo it simply because you were wrong.

[LAwLz]

1. I have already answered, so has goodbytes, and if you search google you'll find a few articles on how to turn it off also.

 

Sensationalist articles sell, but they all include the steps you can take to turn it off.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/windows-10-spying-how-to-opt-out-of-microsofts-intrusive-terms-of-use-10432300.html

https://www.reddit.com/r/Windows10/comments/3f38ed/guide_how_to_disable_data_logging_in_w10

http://www.rockpapershotgun.com/2015/07/30/windows-10-privacy-settings/

I've already gone through all the settings in Windows 10 and turned things on/off. I have not been able to turn off the telemetry data though. It is simply not possible unless you have the Enterprise version.

The only workaround I've found is redirecting the telemetry data through the host file (what the reddit post suggests) but I wouldn't trust that. In Windows 8 Microsoft changed it so that some changes to the host file are ignored.

 

 

2. As I have said several times now, the privacy statement states what data they are collecting, anything outside of that is illegal,  and only an assumption at any rate.

No it doesn't state that. It states what kind of data they might collect in rather vague terms. There is no list of precisely what data they are collecting or how much and there is no option to preview it before it is being sent.

 

 

If I ask you again then it's because your answers are factually wrong, not because I "don't like the answers".

Also, I don't think I was wrong with that statement (which is still unrelated to our conversation). At best you can argue the semantics.

 

 

 

 

Sidenote:

I got done moving over to Windows 10 on my desktop today. Other than some issues (like it automatically installing the God awful Realtek audio driver which sucks ass and my login problems) it's been good so far.

Lots and lots of areas where Microsoft can improve it and it has some drawbacks, but I think the benefits over 7 is worth it for me. Also, it took something like 15 hours to do backups, install and configure everything so I'd rather not do that again...

[burnttoastnice]

I've already gone through all the settings in Windows 10 and turned things on/off. I have not been able to turn off the telemetry data though. It is simply not possible unless you have the Enterprise version.

The only workaround I've found is redirecting the telemetry data through the host file (what the reddit post suggests) but I wouldn't trust that. In Windows 8 Microsoft changed it so that some changes to the host file are ignored.

 

 

No it doesn't state that. It states what kind of data they might collect in rather vague terms. There is no list of precisely what data they are collecting or how much and there is no option to preview it before it is being sent.

 

 

If I ask you again then it's because your answers are factually wrong, not because I "don't like the answers".

Also, I don't think I was wrong with that statement (which is still unrelated to our conversation). At best you can argue the semantics.

 

To everyone in general making a fuss about telemetry data:

Telemetry data collection only applies to Windows Store apps. You no use Windows Store? Microsoft no care about you.

Source https://msdn.microsoft.com/en-us/library/windows/apps/hh967787.aspx

 

A bit of deeper reading actually reveals that it's the app developer who sees the telemetry anyway.

 

I will say 2 things and 2 things only:

Each letter you type into Chrome is sent to google. That's why you get live search suggestions. You're also signed into your Google account most likely.

Every app you open (or at least most apps) will call home to find out if there is an update or any new version data. Some other apps may even anonymously report usage.

[mr moose]

I've already gone through all the settings in Windows 10 and turned things on/off. I have not been able to turn off the telemetry data though. It is simply not possible unless you have the Enterprise version.

The only workaround I've found is redirecting the telemetry data through the host file (what the reddit post suggests) but I wouldn't trust that. In Windows 8 Microsoft changed it so that some changes to the host file are ignored.

 

 

No it doesn't state that. It states what kind of data they might collect in rather vague terms. There is no list of precisely what data they are collecting or how much and there is no option to preview it before it is being sent.

 

 

If I ask you again then it's because your answers are factually wrong, not because I "don't like the answers".

Also, I don't think I was wrong with that statement (which is still unrelated to our conversation). At best you can argue the semantics.

 

Of course you can't turn off telemetry data, by it's very definition it is remote measurement, if you turned it off it wouldn't be telemetry.

 

Your having trouble interpreting the privacy statement, that doesn't make me factually wrong and if all I can argue is the semantics (the meaning of the relationship between crucial signifier's in language), then yes, I admit that is what I am doing, I am looking at the language and the crucial signifier's to determine their actual meaning.

[LAwLz]

To everyone in general making a fuss about telemetry data:

Telemetry data collection only applies to Windows Store apps. You no use Windows Store? Microsoft no care about you.

Source https://msdn.microsoft.com/en-us/library/windows/apps/hh967787.aspx

 

A bit of deeper reading actually reveals that it's the app developer who sees the telemetry anyway.

 

I will say 2 things and 2 things only:

Each letter you type into Chrome is sent to google. That's why you get live search suggestions. You're also signed into your Google account most likely.

Every app you open (or at least most apps) will call home to find out if there is an update or any new version data. Some other apps may even anonymously report usage.

Are you sure that the link refers to the one in telemetry data in the privacy settings? Telemetry is a general term for remotely collecting metrics. It is possible that there are multiple types of telemetry in Windows.

But let's say it is only for Windows Store apps (which seems to be the case), that's still a lot of deeply integrated things in the OS which you can't remove. Edge for example is a "store app". So the the calendar, mail, camera, image viewer and a bunch of other ones.

 

The 2 things you say at the end is actually only 1 thing, and that thing is "others do evil things so therefore it is okay for Microsoft to do it!", which I think is a terrible argument which has gotten extremely popular in the last couple of years.

 

 

Of course you can't turn off telemetry data, by it's very definition it is remote measurement, if you turned it off it wouldn't be telemetry.

That is wrong. Telemetry was optional in previous versions of Windows and there is nothing in the definition of telemetry that says it has to be on at all time. Hell, the Enterprise version can turn it off.

And just to be clear, I don't have anything against telemetry. What I have a problem with is taking control away from users.

[burnttoastnice]

Are you sure that the link refers to the one in telemetry data in the privacy settings? Telemetry is a general term for remotely collecting metrics. It is possible that there are multiple types of telemetry in Windows.

But let's say it is only for Windows Store apps (which seems to be the case), that's still a lot of deeply integrated things in the OS which you can't remove. Edge for example is a "store app". So the the calendar, mail, camera, image viewer and a bunch of other ones.

 

The 2 things you say at the end is actually only 1 thing, and that thing is "others do evil things so therefore it is okay for Microsoft to do it!", which I think is a terrible argument which has gotten extremely popular in the last couple of years.

 

Quote from Microsoft site underneath section titled "Collecting Telemetry Data"

 

Even if you enable telemetry data collection for your apps, we only collect telemetry data from customers who have opted in to the Customer Experience Improvement Program (CEIP).

Here is a semi-detailed MS update post highlighting how the telemetry service works - and once again repeating that it only applies to CEIP users: https://support.microsoft.com/en-gb/kb/3068708

From all this it's appears that you can opt out of the CEIP and they won't collect telemetry from your system. I clearly remember seeing that as an option to tick&join myself when setting up Win10. As for those who hit the Express button - you stupid. They may be still collecting some data but I doubt it's anything interesting anyway

 

 

That is wrong. Telemetry was optional in previous versions of Windows and there is nothing in the definition of telemetry that says it has to be on at all time. Hell, the Enterprise version can turn it off.

And just to be clear, I don't have anything against telemetry. What I have a problem with is taking control away from users.

I don't think enterprise users can do it on an individual pc basis. Enterprise versions of windows have the majority of their settings controlled by (domain) group policy, some of which only ever apply if a computer is on a domain.

[LAwLz]

Quote from Microsoft site underneath section titled "Collecting Telemetry Data"

Here is a semi-detailed MS update post highlighting how the telemetry service works - and once again repeating that it only applies to CEIP users: https://support.microsoft.com/en-gb/kb/3068708

From all this it's appears that you can opt out of the CEIP and they won't collect telemetry from your system. I clearly remember seeing that as an option to tick&join myself when setting up Win10. As for those who hit the Express button - you stupid. They may be still collecting some data but I doubt it's anything interesting anyway

That only applies to Windows 8 and down. In Windows 10 there is no option to opt-out from it. And no, there is no option for it during the initial setup. As far as the telemtry settings goes, it doesn't matter if you do the express setup or the advanced setup and turn everything off, the telemetry settings will still be the same (can be changed, but not completely turned off in settings under privacy).

 

 

I don't think enterprise users can do it on an individual pc basis. Enterprise versions of windows have the majority of their settings controlled by (domain) group policy, some of which only ever apply if a computer is on a domain.

Well I don't have an Enterprise key to try it out on, but it does not seem like it will only apply to computers in a domain. You can actually set group policies on a computer basis even without having an AD installed. You can access it by running gpedit.

[burnttoastnice]

Well I don't have an Enterprise key to try it out on, but it does not seem like it will only apply to computers in a domain. You can actually set group policies on a computer basis even without having an AD installed. You can access it by running gpedit.

 

Unfortunately Microsoft removed Group Policy editor from Win 10 Home. Sideloading it doesn't work either. The Pro version probably has it though.

 

 

That only applies to Windows 8 and down. In Windows 10 there is no option to opt-out from it. And no, there is no option for it during the initial setup. As far as the telemtry settings goes, it doesn't matter if you do the express setup or the advanced setup and turn everything off, the telemetry settings will still be the same (can be changed, but not completely turned off in settings under privacy).

 

In this case I think it's confirmed that Microsoft is definitely collecting some other data. For me it isn't much of a problem since I can easily make a DNS server program (already have, use it in multiplayer LAN games) to block requests to any unknown MS servers, or filter the request through my webserver then to the MS servers.

[mr moose]

Are you sure that the link refers to the one in telemetry data in the privacy settings? Telemetry is a general term for remotely collecting metrics. It is possible that there are multiple types of telemetry in Windows.

But let's say it is only for Windows Store apps (which seems to be the case), that's still a lot of deeply integrated things in the OS which you can't remove. Edge for example is a "store app". So the the calendar, mail, camera, image viewer and a bunch of other ones.

 

The 2 things you say at the end is actually only 1 thing, and that thing is "others do evil things so therefore it is okay for Microsoft to do it!", which I think is a terrible argument which has gotten extremely popular in the last couple of years.

 

 

That is wrong. Telemetry was optional in previous versions of Windows and there is nothing in the definition of telemetry that says it has to be on at all time. Hell, the Enterprise version can turn it off.

And just to be clear, I don't have anything against telemetry. What I have a problem with is taking control away from users.

 

Telemetry from the greek; "tele" meaning remote and "metry" meaning measure, it is by definition data that is sent to a remote place for measurement.  You cannot have local telemetry data, the fact they call it telemetry data indicates by it's name that it is data being sent back to MS.  Again this means they are not hiding anything.