Windows 10 Data Collection

[Misanthrope]

31 minutes ago, leadeater said:

I see a lot of unjustified hate towards Windows 10 for reasons with poor basis behind it, or at the exclusion of others doing the very same thing. 

We established that we do not exclude Google in any case, so move on.

[leadeater]

5 minutes ago, Misanthrope said:

We established that we do not exclude Google in any case, so move on.

That was my answer for bringing it up, accept it or not. I'll mention it again where necessary along with any other relevant product.

[Misanthrope]

2 minutes ago, leadeater said:

That was my answer for bringing it up, accept it or not. I'll mention it again where necessary along with any other relevant product.

Yes changing the topic and distracting from the main issue is an effective tactic, I'm done here.

[leadeater]

34 minutes ago, Misanthrope said:

Yes changing the topic and distracting from the main issue is an effective tactic, I'm done here.

How so? That seems rather dismissive of my point of view on the topic. Keep in mind this thread is rather fragmented since I pulled a lot of content from another thread to create it and therefore some of the replies are rather disjointed.

 

Also remember I started this with the user experience of being able to turn absolutely all communication off to Microsoft.

2 hours ago, leadeater said:

I can assure you mine does not do this

This is not the standard Windows 10 user experience, one I have never been subject to.

 

I do not believe all data/communication to Microsoft servers is private data, I also do not think it is acceptable to say that it is. There is private data that is sent, how much we don't know. Can you tell purely by the volume of communication sent to Microsoft servers, not accurately.

 

My take on yours and others view is that any communication to Microsoft servers is bad. I do agree if you wish to turn it off you should be able to and is exactly what I have done.

 

2 hours ago, leadeater said:

How is paying for a Microsoft product make it suddenly worse than what Google is doing? Paid or not hold them to the same standard.

This is the one time where I agree that is significant deviation from the original topic.

[Delicieuxz]

3 hours ago, leadeater said:

No it doesn't, private information and application/OS telemetry are very different things. Also you do realize Windows 7 does the same thing. It's only an issue more widely talked about now but it has been a thing since Vista and even XP to a very small degree.

Windows 7 doesn't do the same thing, though, as Windows 7 doesn't have persistent background data-collection. The telemetry program in Windows 7 is opt-in, meaning that a person has to manually look for the "connected user experiences and telemetry" program in Administrator Settings, and then manually enable telemetry, before there is any telemetry in Windows 7.

 

My comment also refers to pre-July 2015 Windows 7. If a person installed non-security and rollup updates after that time, then who knows what they might have in their Windows 7 installation. It's best to use a June 2015, or earlier Windows 7 ISO, and then disable Windows Update, and only get security updates from WSUS. That way, Windows 7 remains telemetry-free, just as a personally-owned OS (which the OS instance that a person uses with their owned license is) ought to be.

[leadeater]

5 minutes ago, Delicieuxz said:

My comment also refers to pre-July 2015 Windows 7

What makes this date so special? Did Microsoft release a specific update(s) after this or was this when they released a new ISO/build of Windows 7?

[dfsdfgfkjsefoiqzemnd]

22 minutes ago, leadeater said:

What makes this date so special?

MS started to import the Win10 telemetry into Win7 in July 2015 and IIRC even updated the .iso files that people could download to incorporate the telemetry by default, so the last version before that is generally considered to be the last "clean" version of Win7.   

 

To join in on the discussion : If a program crashes and Windows asks me to send data related to the crash to MS, I have absolutely no issues with that.  Usually I'll even let it send that report. 

But when I have all privacy settings on and see my firewall picking up data being sent to a Microsoft server as I'm opening files or typing stuff into my start menu's search bar, that's when a line has been crossed.  At that point an OS becomes spyware. 

[leadeater]

9 minutes ago, Captain Chaos said:

MS started to import the Win10 telemetry into Win7 in July 2015 and even updated the .iso files that people could download to incorporate the telemetry by default, so the last version before that is the last "clean" version of Win7.   

Wonder if that includes the Windows 7 Enterprise ISO's on VLSC.

[Delicieuxz]

1 minute ago, leadeater said:

Wonder if that includes the Windows 7 Enterprise ISO's on VLSC.

Windows 7 ISOs without telemetry updates can still be produced by taking an original or SP1 Windows 7 ISO, and then using WSUS to manually download and install all updates until June / July 2015.

 

I have a June 2015-updates ISO of Windows 7 Ultimate 64 for download, and also resources for making a person ISO for other Win 7 versions, here:

[leadeater]

18 minutes ago, Delicieuxz said:

Windows 7 ISOs without telemetry updates can still be produced by taking an original or SP1 Windows 7 ISO, and then using WSUS to manually download and install all updates until June / July 2015.

 

I have a June 2015-updates ISO of Windows 7 Ultimate 64 for download, and also resources for making a person ISO for other Win 7 versions, here:

I'm pretty well covered when it comes to downloading different builds of Windows 7 . Problem is Microsoft is very good at updating the ISOs on VLSC, much more so than other official places to get it. Would be nice if tracking wasn't in the Enterprise version on VLSC, never actually checked.

 

Spoiler

 

Edit:

It's not like it's a big issue as disabling these types of things is easy using Group Policy and is already part of my default policies I put in place.

[Devin92]

I am no computer expert so this is only my objective opinion based on the fact I seen so far,

Is complaining about Microsoft ONLY on this privacy intrusion a right thing? NO.

Is saying windows 10 a bad OS because it collect a lot of personal data and offer no option for most users (home/pro) to disable valid? YES

Google does data collection and they dont deny it, microsoft do data collection and they try to hide it first and then deny it and then just say fk you all, I am doing it, so bite me.

 

I dont like win10 because

1. it pushes too much ad on office, edge, and other microsoft product, which make it like a malware to me.

2. it force data collecting down your throat. if you use win10 you have to live with it, or go use linux.

 

OP's opinion on we dont know clearly what is in the data got sent to microsoft is not really valid. As shown, even searching local program (with online search disabled) get communication between ur OS and microsoft. this is a clear sign that the data sent to Microsoft contains a lot of personal local use data.

 

Privacy intrusion for data mining purpose or surveillance is a hard topic, and we should not blame it on ONE company. I do agree with OP that privacy is pretty much gone anyway. you can deny using windows 10 but your privacy protection does not improve that much, so as one of my friends famous saying "life is a bitch and then you die".

 

 

[leadeater]

17 minutes ago, Devin92 said:

OP's opinion on we dont know clearly what is in the data got sent to microsoft is not really valid

This is actually something I mentioned in a bit more detail.

2 hours ago, leadeater said:

We still don't exactly know what data is being sent though, getting that information however is unlikely. That is what I meant. Not knowing what is being sent to me is a bigger issue than it being sent.

Internet connected applications and operating systems is the standard now days, even home appliances are starting to do this. When talking about data collection, in this case Windows 10, the only thing I ever hear is that it does it so it's bad. Well unfortunately this is how it is going to be, there are many potential positives to connected devices and ones we willingly accept now. There could be many things that Windows could do to make user experience better by having this communication. So rather than saying it's all bad it should never do it ever, why not have a think about why it could be good and think about how you want things to be handled when this is happening.

 

Not to mention communication to Microsoft servers doesn't mean data collection, which is an assumption being made. We know there is data collection but any and all traffic to Microsoft may not be this.

 

We'll achieve a lot more by setting standards of data collection, ideally the open access to it to remove the fear of the unknown (open of our own).

 

Data collection isn't inherently bad, nor is it inherently good/helpful.

[Devin92]

19 minutes ago, leadeater said:

snip

sure, it has advantages and MS may use this info to provide us better services, BUT the fact that you can't disable it is worrying. Think about it in this way, I sold you this product, I want to know how you are using it and how you feel about it, so I can make improvement. Instead of email/calling you for feedback, I will just stand right next to you observing how you are using it and even if you order me to leave, I am still there. That is very, very annoying and make ppl start to hate the product.

[jagdtigger]

3 minutes ago, Devin92 said:

sure, it has advantages and MS may use this info to provide us better services, BUT the fact that you can't disable it is worrying. Think about it in this way, I sold you this product, I want to know how you are using it and how you feel about it, so I can make improvement. Instead of email/calling you for feedback, I will just stand right next to you observing how you are using it and even if you order me to leave, I am still there. That is very, very annoying and make ppl start to hate the product.

So much this, they already have a feedback app preinstalled in the OS so there is no need for the mass data harvesting...

[dfsdfgfkjsefoiqzemnd]

48 minutes ago, leadeater said:

We'll achieve a lot more by setting standards of data collection, ideally the open access to it to remove the fear of the unknown (open of our own)

In the past when you submitted a crash report, you could read all of it, then it was encrypted and sent to Microsoft.  Or at least we trusted that the part we read was all that was sent to Microsoft.  That made people think "oh, my data is used for this and that purpose", and it was all good.

 

Now there's all of the secrets, all the things they've installed and done behind our backs in the last 18 or so months, them trying to deny that they were collecting data and only admitting it after being caught red-handed, hiding from the user what data they are sending and not wanting to disclose it even after all the outcry, giving false options that don't really turn things off, all the "mistakes" in updates that turned settings back on ("coincidentally" always in Microsoft's favor), etc etc etc ...

You can't blame people for not trusting them anymore after showing that kind of untrustworthy behavior. 

 

 

 

As for the Google vs Microsoft debate, Google's services are free and you can easily avoid using them.  AFAIK they also don't sell your personal data, they only use it to bring you targeted advertising via their own ad network.  Oh, and they share it with the government when needed, of course.

 

Windows on the other hand is a paid product (and don't mention the free upgrade year, plenty of complaints are made by people who actually purchased a Win10 license).  One that can't be avoided so easily.  I need Windows for work due to custom proprietary software. Sure, I could quit my job, but that's just ridiculous and having to find a new job in a Windows-free environment means that the "easily" part doesn't apply. 

 

[leadeater]

2 hours ago, Captain Chaos said:

AFAIK they also don't sell your personal data, they only use it to bring you targeted advertising via their own ad network.

They are however selling ad services with the ability to target a desired audience, not selling your private data but using it to make a profit and market a service.

 

2 hours ago, Captain Chaos said:

Google's services are free and you can easily avoid using them

This is nearly impossible, if your using the internet to go to websites you are interacting with a Google service and likely more than one and more than once. There is no ability to opt-in or opt-out or even a distinct way of knowing it's happening.

 

Windows 10 you purchase, install and agree to the terms of use as one of the first things you do which includes data collection. Where's Google's OOBE, or Amazon's (before account creation) etc. 

[TheFlyingSquirrel]

Reading through this thread is worrying, many people do not realise you can stop\significantly impair Microsoft's snooping by changing a few OS settings, and killing the pre-installed apps(data thieves) via powershell. i.e. remove bing, money, news, store etc.... (contana unfortunately won't die but you can disable her). 

 

Used Wireshark post the purge and I didn't see any files or home phoning that shouldn't be there.

 

Miscrosoft strategy is data collection, as that is the next battle ground.   Be prepared for a company to  try lead you down a dark alley. 

[TheFlyingSquirrel]

37 minutes ago, leadeater said:

They are however selling ad services with the ability to target a desired audience, not selling your private data but using it to make a profit and market a service.

 

This is nearly impossible, if your using the internet to go to websites you are interacting with a Google service and likely more than one and more than once. There is no ability to opt-in or opt-out or even a distinct way of knowing it's happening.

 

Windows 10 you purchase, install and agree to the terms of use as one of the first things you do which includes data collection. Where's Google's OOBE, or Amazon's (before account creation) etc. 

 

Actually you can avoid google services very easily

Privacy Guaranteed solution

Ublock + Https Everywhere + A Cookie Destroyer + Firefox/Epic Browser (+  VPN Zero Knowledge) (+No Script)

For an account use a throwaway email account, or email generator

 

 

[leadeater]

38 minutes ago, kidanime3d said:

 

Actually you can avoid google services very easily

Privacy Guaranteed solution

Ublock + Https Everywhere + A Cookie Destroyer + Firefox/Epic Browser (+  VPN Zero Knowledge) (+No Script)

For an account use a throwaway email account, or email generator

 

 

Your not avoiding Google services with this, you are trying to obfuscate your identity by doing this. Most websites directly tie in with a Google service, you go to it you interact with a Google service. None of the above stops server side stuff.

[TheFlyingSquirrel]

18 minutes ago, leadeater said:

Your not avoiding Google services with this, you are trying to obfuscate your identity by doing this. Most websites directly tie in with a Google service, you go to it you interact with a Google service. None of the above stops server side stuff.

 

Server side stuff?   Maybe you would like to elaborate, Ublock can stop googles apis from loading in your browser. 

 

As a former web administrator your comment does not add enough detail to discern what your point.

[dfsdfgfkjsefoiqzemnd]

1 hour ago, leadeater said:

This is nearly impossible, if your using the internet to go to websites you are interacting with a Google service and likely more than one and more than once. There is no ability to opt-in or opt-out or even a distinct way of knowing it's happening.

Technically you're right.  I should have phrased that better.  It's not that I'm completely avoiding Google services at all, I'm just not using them directly or giving them a chance to get any kind of useful data about me. 

 

Most of my browsing is done through a VM that has a VPN (I don't bother doing that on forums though, too much of a hassle usually).  The VMs are regularly replaced with a fresh backup.

Firefox is set up to block Google's (and Facebook's and certain others') cookies

All social media buttons and widgets are also blocked

uMatrix and Noscript keep me safe from java and all other kinds of filth (no need to worry about Flash, I just don't have that installed anymore)

I use DuckDuckGo or ixquick rather than Google's search engine, don't use Maps at all, have a YT downloader so I don't even have to open YT videos (I just copy the link target, provide that to my downloader and that fetches the video file).

 

Whatever data they have on me, most of it is false (either due to the way I hide/obscure my presence or by purposely feeding them false information).  Search stuff like "<brand> adult diaper comparison" and "prevent saggy breasts" enough and Google will either think you're an old incontinent woman or decide that multiple people are using the same PC and will hence stop trying to build a profile.

 

Now on my work laptop, that's another story.  We rely heavily on Google services there so I'm always logged in to my work's gmail, use maps, etc etc.  But that's a different machine, different IP, etc etc.  I also don't use it for anything personal, so Google doesn't know it's the same person.

 

 

[leadeater]

3 hours ago, kidanime3d said:

 

Server side stuff?   Maybe you would like to elaborate, Ublock can stop googles apis from loading in your browser. 

 

As a former web administrator your comment does not add enough detail to discern what your point.

Websites that use Google analytics and server side data collection. Yes you can block all the client side scripts but anything server side all you can do is obfuscate who you are, but they are still getting your data and you're now hoping that they cannot identify you.

 

Then there are the websites that use Google authentication, or embed content from a Google service or Google hosted service.

 

Point was you cannot avoid all Google services, you can do plenty to block at lot of it but your not going to be able to avoid all of it. That's just how big Google is.

[TheFlyingSquirrel]

18 hours ago, leadeater said:

Websites that use Google analytics and server side data collection. Yes you can block all the client side scripts but anything server side all you can do is obfuscate who you are, but they are still getting your data and you're now hoping that they cannot identify you.

 

Then there are the websites that use Google authentication, or embed content from a Google service or Google hosted service.

 

Point was you cannot avoid all Google services, you can do plenty to block at lot of it but your not going to be able to avoid all of it. That's just how big Google is.

You are mistaken.

 

The google api load is client side.  If you block this, you stop google authentication or google hosted service, as the connection is blocked during Onload()

[leadeater]

4 hours ago, kidanime3d said:

You are mistaken.

 

The google api load is client side.  If you block this, you stop google authentication or google hosted service, as the connection is blocked during Onload()

Ah no, there are server side tools as well. If you choose to use them. Not that it matters as to the other point, if you can see people's profile pictures on this forum then you are hitting a google service, many of them are hosted by google.

[TheFlyingSquirrel]

12 hours ago, leadeater said:

Ah no, there are server side tools as well. If you choose to use them. Not that it matters as to the other point, if you can see people's profile pictures on this forum then you are hitting a google service, many of them are hosted by google.

Right, this is misinformation.

 

I invite you to benchmark LTT as I have done in the attached (just for reference) to look at how website with first and third party scripts work, as it seems you are under the impression that platform tools, apis, code, and information is hosted locally. 

 

In the attached is an example of the process, this is the same that is not locally stored, (anything google, Facebook or disqus)

In short - DNS to find the server, Connect to connect to serve, Send to request the required data, Wait for the server to acknowledge the request, Receive for receiving the data.

 

Ublock stops the overlay of web code, hence stopping tracking, photos, plugins loading etc..