Microsoft intensifies data collection on Windows 7 and 8 systems
Microsoft has been criticized by privacy advocates in regards to the data hunger of its Windows 10 operating system. The operating system slurps data like there is no tomorrow, especially when systems are set up using the express settings.
Experienced users may disable telemetry and data collection partially during setup, and then some more afterwards using the Registry or Group Policy.
What makes this problematic however is the fact that it is nearly impossible to stop all of the data collecting that is taking place.
While users may disable some, for instance by using privacy tools (of which there are plenty), others cannot be disabled or stopped that easily, for instance because of hardcoded host and IP address information that bypass the Hosts file of the operating system.
Windows 7 and 8
Windows 7 and 8 users have been plagued by "upgrade preparation" updates but left alone otherwise up until recently when it comes to this new level of data collecting.
This changed recently with the release of several updates for both operating systems that step up the game.
- KB3068708 Update for customer experience and diagnostic telemetry - This update introduces the Diagnostics and Telemetry tracking service to existing devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights. (Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1)
- KB3022345 (replaced byÂ KB3068708) Update for customer experience and diagnostic telemetry - This update introduces the Diagnostics and Telemetry tracking service to in-market devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet been upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights. (Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1)
- KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 - This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels. (Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1)
- KB3080149 Update for customer experience and diagnostic telemetry -Â This package updates the Diagnostics and Telemetry tracking service to existing devices. This service provides benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights. (Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1)
If these updates are installed on the system, data is sent to Microsoft regularly about various activities on it.
Microsoft lists two host names in KB3068708 that data is received from and sent to:
These, and maybe others, appear to be hardcoded which means that the Hosts file is bypassed automatically.
Please note that it appears that you can block the hosts listed above using firewalls running on the target PC.
What you can do about it
The best way to deal with these updates is to make sure they are not installed. If they have been installed already, you may want to disable them.
You may remove those updates using the Control Panel, or by running the following commands using an elevated command prompt:
- wusa /uninstall /kb:3068708 /quiet /norestart
- wusa /uninstall /kb:3022345 /quiet /norestart
- wusa /uninstall /kb:3075249 /quiet /norestart
- wusa /uninstall /kb:3080149 /quiet /norestart
It is recommended to "hide" them afterwards so that they are not picked up and installed again on the computer system. (via)
Thanks for the tip! Microsoft’s playing dirty.
It is depressing to say the least, that once we used to rely on updates to protect us from the criminal hackers and nosy neighbours of the w3, hoping av and a half decent firewall would keep them at bay. now here we are in 2015, hardening our routers with ddwrt or such, locking down browsers with adblockers and scriptblockers, using antiexploit addons, vpns and tor relays, encrypting our boxes and online chat, the amount of extra software required for the same privacy granted to these elitists who dictate our lives online is ridiculous and just plain wrong. If our privacy is to be invaded and scrutinised to the nth degree then why should theirs be excluded? seriously its time the hackers of the world united and started targeting the rich and powerful of these organisations that abuse their power daily, a prime example being that which befell Aaron Scwartz (https://www.youtube.com/watch?v=vXr-2hwTk58) , truly sickening that no one has been charged for destroying a genious by constant harassment and intimidation. i have one solution to fuk with these who spy on us all in the name of hunting terrorist’s , adjust your email signatures to include as many redflags as possible, let them sift that lot and choke on them too..ms=nsa=gchq=gestapo…the net is dead, time to go dark!
I thought I was the only person that thought the same way as you about these m-f really make using a computer difficult due to the all the hacking, spying, and the programs we have to use ( and wonder if that is safe) It is a joke for sure. Scrolling around for security issues on my Windows 7 64 bit laptop cause I hate Windows 8 and can not image what a 10 would be like as I am not computer savvy, well I found a site “National Vulnerability Database” by NVD-SCAP Validating Tools, well Microsoft has a security issues that ?? why don’t they fix these holes and make computing a joy instead of one big headache!! I would like to see all these hackers and rip off artist hung by the balls . I have been a victim of ID theft that affected our credit report and it still is not fixed correctly.
I guess no one wants to get off social media aka Facebook and like sites to be outraged enough to do anything about it. Example my sister who is on Facebook til 3Am playing games like Farmville and of course checking every “like it” box or writing some stupid comment on a family or friends post…..or my daughter in law posting pictures of herself everyday on Facebook or posting some silly comment ..This is what computing has become. They do not know how to do a sfc/scan or know what a bootmgr is…This is the major computer people I think and they do not have a clue to the security dangers.
The correct “fix” to this problem is to call your Congressman. Microsoft making it difficult, obscure, or impossible to prevent collection of data on your private machine and this is illegal by many statutes and norms of privacy in the U.S. THe current EULA drafted by idiotic lawyers saying the M$ gives itself the right to share information with other individuals including potentially government or police is also unconstitutional. It was highly suspicious since VISTA and now glaringly obvious that Microsoft is complicit and deliberately pursuing these illegal and unconstitutional policies, and hiding behind proprietary code. If all plumbers or cablerepairman wrote into their contracts they could peruse your personal belongings as “part of their contract”, someone in the industry would be serving jailtime. We need the same for M$ execs who are clearly stepping over the line and endangering our freedom, privacy, and democracy.
Amen – also. Once trusted, Microsoft is now lumped into the hated.
I haven’t got any of these.
Updates are set to notify not automatically download.
Only security updates are selected.
I haven’t been offered an upgrade though, nor this bloatware.
Some of the above mentioned updates had been categorized as important when they should have been proposed as optional.
They are important … *to Microsoft* ;-)
Actually, I read the Microsoft KB support articles for these, linked from Winaero, and one is optional, two are recommended, and one is an update for a previously released telemetry update (I think it’s probably the one that caused an uproar previously). Additionally, three of the four only apply when the user participates (opt-in I think) in the CEIP. KB3075249 doesn’t mention the CEIP at all so I assume it works without the computer being a part of that.
As stated in this How-To Geek article http://www.howtogeek.com/202038/why-you-need-to-install-windows-updates-automatically/, I would strongly recommend keeping automatic updates installed, and if you’re worried about the optional ones, simply change the Windows Update settings.
@AllThingsFirefox On both of my machines, one 7, one 8.1 I explicitly opted out from CEIP at the install time and I have checked that I am still opted out… Three of four updates were installed despite this opt-out (the only non-present was one that was upgraded itself 302*…). Hence, maybe these are additional parts of CEIP in some manner but they also operate on their own and will be installed on CEIP-opted-out machines.
Update 306* appears now (after removal) as “Important” update and 307* and 308* as “additional”.
@dusanmal, well, it does make some sense that they would be installed even if you aren’t in the CEIP, in case you later decide to join. I doubt that they do anything if you don’t, however.
Weird about the reclassification of updates. That’s a problem.
Mine were/are set to notify & not automatically down load either & I read descriptions of updates before I let them download & *I got stuck with all of them*… The descriptions are sketchy at best so I uninstalled, defrag’d & then hid them when they came up again.. Noticed I no longer get a prior notification like I used to I have to go in & check for the updates I want installed; just as an FYI those updates came in with about 16 others that day & all had the same sketchy descriptions.. I had I read this article last week & SMH..
I remember the good old times when I’d simply run Windows Updates in full confidence without even checking the updates (I never had auto-update nevertheless). Now on every Patch Tuesday (and out-of-cycle) I just cannot blindly update anymore : I’ve become suspicious, mainly for the reasons this article details. Microsoft is no longer my friend. They may laugh about it, rational minds may be hilarious about involving feelings within a commercial transaction, but I think that when an increasing number of everyday users are no longer confident it’s not good for the company, not good at all.
“I think that when an increasing number of everyday users are no longer confident it’s not good for the company, not good at all.”
Perhaps so, for the tiny handful of users such as those like ourselves on here, but then I look at yesterday’s article Martin put up:
“Windows 10 stats: 75 million devices…”
75 million! I care deeply about this spying and these privacy invasions, but off the top of my head, I know almost no one else who cares as much about it as I do.
I see Microsoft as just charging ahead, regardless of a relative handful of disgruntled users, and growing bolder by the day in its spying, as this article indicates.
I certainly agree. The masses are flattered when it comes to blindly swallowing what an institutional company such as Microsoft delivers, often never considers the opt-outs moreover, but are criticized when it comes to a true lack of responsibility leading to infected computers world-wide, zombies and bot-nots…
I’m not sure companies really wish techie-savant-educated masses, there’s too much to loose, mountains, planets of big money, as well when it comes to the medicine : healthier Web means frustrated anti-virus/malware firms.
Generally speaking, ethics is perceived as a public relations image always, and as a reasonable aim as long as it doesn’t interfere excessively with the profits.
Okay. Up to everyone on our jungle-planet. But I don’t call that a civilization. And I didn’t even mention the analogy with driving when being irresponsible on a road involves others’ security as well.
Conclusion : a jungle is neither ethical nor intelligent.
There are many of us out here who ‘care deeply’ about privacy invasions, but are a silent minority who wouldn’t think of opening social media accounts to the public or downloading and installing updates without taking a look.
It helps tremendously to have dedicated souls such as Mr. Brinkmann, who ‘cares deeply’ for users he may never see or hear from. Know this, there are many out here looking for a way to protect ourselves in an increasingly dangerous internet environment. Sometimes Microsoft’s description of an update triggers no alarms. It happens after things go wrong. Thanks, Martin, for those update critiques and so many other things you share. I will try to send donations your way to keep the light shining.
We are few and far between among the masses.
Very well said, Tom. I agree also.
This is more fodder for me to just switch to ubuntu!! This is completely up-surd…… access to my personal documents, really????
@Jim: I’d be wary of Canonical these days too.. They’re picking up some bad habits too. You might wanna give a security-centric OS like OpenBSD a try.
“Microsoft is no longer my friend.”
If it ever was. Remember, the wolf is never the lamb’s fiend – in spite of the wolf’s best efforts at ingratiating himself.
Well said Tom, I feel the same, there are times when I just hate to click install and most of the time I leave is disabled, downside for Windows 10 Home users they can’t.
Microsoft has never been your friend.
ReactOS could use some coding help. It is an open-source alternative to Windows. It is just in version 0.46 now, without e.g. the ability to rename files on NTFS partitions (although FAT32 is more mature), and printing capabilities have just been added. A 64-bit version is a long way away. It runs a lot of software already. Once it reaches a viable state, a lot of people are going to want to use it; for reasons of cost, and for privacy. It almost certainly won’t end M$, but it might just put them down below that magic 51% mark, and get them to back off the NWO agenda and listen to their customers a little again.
Such type of awareness; do you expect from an end user to be done by his/her own self?
Windows 7 still has many issues (with 6+ Years in Industry environment) and now Windows 10 became ugly/ buggy product. To whom should we trust?
Syed Irfan Naseer
Thanks very much for posting this, Hans!
That is awesome. Thanks, Hans.
@Martin should do a post just on this batch file. It works beautifully!
Good script! I used it right away on win7 for good measure!
Link has been removed? I get a ‘Page Not Found’ message.
I get that as well. Seems to have been pulled.
This one still works. If it gets broken again see this link for mirror’s: https://blockwindows.wordpress.com/
Just in case, I am posting it here:
The “BlockWindows.bat” file
openfiles.exe 1>nul 2>&1
if not %errorlevel% equ 0 (
Echo You are not administrator! Right Click file select run as admin
) else (
REM — uninstall updates
echo uninstalling updates …
echo Delete KB971033 (license validation)
start “title” /b /wait wusa.exe /kb:971033 /uninstall /quiet /norestart
echo – next
echo Delete KB2902907 (Microsoft Security Essentials)
start “title” /b /wait wusa.exe /kb:2902907 /uninstall /quiet /norestart
echo – next
echo Delete KB2952664 (Get Windows 10 assistant)
start “title” /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart
echo – next
echo Delete KB2976978 (description not available)
start “title” /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart
echo – next
echo Delete KB2990214 (Get Windows 10 for Win7)
start “title” /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart
echo – next
echo Delete KB3012973 (Upgrade to Windows 10 Pro)
start “title” /b /wait wusa.exe /kb:3012973 /uninstall /quiet /norestart
echo – next
echo Delete KB3021917 (Update to Windows 7 SP1 for performance improvements)
start “title” /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart
echo – next
echo Delete KB3022345 (telemetry)
start “title” /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart
echo – next
echo Delete KB3035583 (GWX Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1)
start “title” /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart
echo – next
echo Delete KB3044374 (Get Windows 10 for Win8.1)
start “title” /b /wait wusa.exe /kb:3044374 /uninstall /quiet /norestart
echo – next
echo Delete KB3050265 (update for Windows Update on Win7)
start “title” /b /wait wusa.exe /kb:3050265 /uninstall /quiet /norestart
echo – next
echo Delete KB3065987 (update for Windows Update on Win7/Server 2008R2)
start “title” /b /wait wusa.exe /kb:3065987 /uninstall /quiet /norestart
echo – next
echo Delete KB3068708 (telemetry)
start “title” /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
echo – next
echo Delete KB3075249 (telemetry for Win7/8.1)
start “title” /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart
echo – next
echo Delete KB3075853 (update for Windows Update on Win8.1/Server 2012R2)
start “title” /b /wait wusa.exe /kb:3075853 /uninstall /quiet /norestart
echo – next
echo Delete KB3080149 (Telemetry)
start “title” /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
echo – done.
REM — Hide updates
echo Hiding updates…
start “title” /b /wait cscript.exe “%~dp0HideWindowsUpdates.vbs” 971033 2902907 2952664 2976978 2990214 3012973 3021917 3022345 3035583 3044374 3050265 3065987 3068708 3075249 3075853 3080149
echo – done.
REM — Block Routes
echo Blocking Routes…
route -p add 18.104.22.168 MASK 255.255.255.255 0.0.0.0
route -p add 22.214.171.124 MASK 255.255.255.255 0.0.0.0
route -p add 126.96.36.199 MASK 255.255.255.255 0.0.0.0
route -p add 188.8.131.52 MASK 255.255.255.255 0.0.0.0
route -p add 184.108.40.206 MASK 255.255.255.255 0.0.0.0
route -p add 220.127.116.11 MASK 255.255.255.255 0.0.0.0
route -p add 18.104.22.168 MASK 255.255.255.255 0.0.0.0
echo – done
REM — Disable tasks
echo Disabling tasks…
schtasks /Change /TN “\Microsoft\Windows\Application Experience\AitAgent” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Application Experience\ProgramDataUpdater” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Autochk\Proxy” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Customer Experience Improvement Program\Consolidator” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Maintenance\WinSAT” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ActivateWindowsSearch” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ConfigureInternetTimeService” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\DispatchRecoveryTasks” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ehDRMInit” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\InstallPlayReady” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\mcupdate” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\MediaCenterRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\OCURActivate” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\OCURDiscovery” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscovery” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscoveryW1” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscoveryW2” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PvrRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PvrScheduleTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\RegisterSearch” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ReindexSearchRoot” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\SqlLiteRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\UpdateRecordPath” /DISABLE
echo – done
REM — Kill services
echo Killing Diagtrack-service (if it still exists)…
sc stop Diagtrack
sc delete Diagtrack
echo – done
echo Stop remoteregistry-service (if it still exists)…
sc config remoteregistry start= disabled
sc stop remoteregistry
echo Done â€” Manually Reboot for changes to take effect
REM shutdown -r
The “HideWindowsUpdates.vbs” file:
‘// Inspired by Opmet and Colin Bowern: http://serverfault.com/a/341318
If Wscript.Arguments.Count < 1 Then
WScript.Echo "Syntax: HideWindowsUpdates.vbs [Hotfix Article ID]" & vbCRLF & _
" – Examples: HideWindowsUpdates.vbs 2990214" & vbCRLF & _
" – Examples: HideWindowsUpdates.vbs 3022345 3035583"
Set objArgs = Wscript.Arguments
Dim updateSession, updateSearcher
Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateUpdateSearcher()
Wscript.Stdout.Write "Searching for pending updates…"
Set searchResult = updateSearcher.Search("IsInstalled=0")
Dim update, kbArticleId, index, index2
WScript.Echo CStr(searchResult.Updates.Count) & " found."
For index = 0 To searchResult.Updates.Count – 1
Set update = searchResult.Updates.Item(index)
For index2 = 0 To update.KBArticleIDs.Count – 1
kbArticleId = update.KBArticleIDs(index2)
For Each hotfixId in objArgs
If kbArticleId = hotfixId Then
If update.IsHidden = False Then
WScript.Echo "Hiding update: " & update.Title
update.IsHidden = True
WScript.Echo "Already hidden: " & update.Title
Is there some way to just get security updates and not new features? That would be a start
I don’t know the answer to your question, which is an important one, but I do remember reading somewhere else very recently that one should go into Windows Update settings and uncheck “Give me recommended updates the same way I receive important updates,” and “Show me detailed notifications when new Microsoft software is available.”
And today, just now, when Windows Update wanted to install what it said was a “Definition update for Windows Defender,” I got a UAC prompt to enter my Administrator password for it to do so. This has never happened before, that I can recall. I declined.
I now feel very suspicious of ANYTHING Microsoft wants to install on my computer.
I don’t want anything ever to bypass the HOSTS file. Can I set up a vitrual network loop and pipe everything through that, and through third-party firewall like Jetico?
I wonder if it’s possible to set up your router so that it can specifically block Microsoft from calling home, even if Microsoft tries to bypass the hosts file. If so, it may be a worthwhile article or sub-article for Martin to look into writing.
Yes, you can use your router’s firewall to block access provided that:
1. your router has a firewall option
2. the connection being made is not https. Most consumer firewalls will not stop a secure connection even if the site is in the list
3. Compressed webpages that use HTTP compression technology cannot be filtered.
Okay, so it skips the hosts table. What about using OpenDNS or some other method to set the websites to 127.0.0.1? It must do a dns lookup somewhere.
If you’re using an “IP-range” blocker such as PeerBlock, there is a dedicated Microsoft list available ( https://www.iblocklist.com/lists.php?category=general ) but using it will block ALL Microsoft calls, which was problematic for me. You’d have to fix exceptions. And I’m not sure a Microsoft OS would be stopped from calling “under the hood” …
… I tried it with pfSense after removing some M$-crapware, the result is somewhat frustrating:
Try running Acrylic DNS Proxy and point your DNS to that. I started using it when Microsoft began allowing certain partners of theirs to bypass the hosts file.
After you do this step, is there a way to then ban certain domains such as the ones listed here on wilderssecurity forum:
You can’t block above names with hosts file. They all were hardcoded in this DLL:
a question for you : how do you set windows update to only select those of security importance? my knowledge regarding tech issues is at a low level
I have changed the windows update settings to “Check for updates but let me choose whether to download and install them. I also unticked the the recommended updates box. On top of that I also unticked the other Microsoft services box.
Then the fun starts once you get updates on patch tuesday. I consult Martin’s article on these new updates and look up all KB’s to read the MS article. That is the only way to weed out the crap.
It will take a bit of time and work but that is the only way to try to keep the gates protected.
Thanks for the article to warn us of MS nasties sent our way. Luckily I already had them weeded out when they were offered.
This is the future. More and more invasions of our privacy. It really is starting to get a bit scary.
Slowly but steadily I am starting to think about another OS like Linux.
Try KALI, a slick version of Linux but heavy on the security testing side. :)
I have blocked these. Along with the W10 upgrade ones ;) MS should understand that I don’t want their offer and stop being so intrusive about it.
@Microsoft: Thats all, Folks! The only place in my environment where your products will be ran from today on is the testbench in our workshop. I do not need or use your spyware for my productions and purposes anymore. There are many other fine operation systems out there which need less ressources while providing higher performance.
I think i’m not alone.
Maybe for you, but my software has been Windows-only for about 10 years :/
I work with Linux Mint 17.2. I still need some Windows programs. They run in a virtual machine with no outside connection. Bye Microsoft. I was a windows user since 1985. No more. I’m a Linux Mint user since 2015.
not sure how long i’m able to continue to live with all this crap. now they are even after the old users, so why not just upgrade to 10 right? i’ve never been a fan of windows, but between osx and win, i just always felt more at home with the latter. linux always threw a couple things at me that i couldn’t properly fix, so i always ended up back at windows.
but i have to say enough is enough. companies think they can spy on me and disregard my privacy, just because my computer is connected to the internet. but it is _my_ computer and i want to use it as _i_ want, without someone external being able to monitor my every move.
i think it’s finally time for me to get used to linux and try to make it really work. even if it’s not perfect, i’m simply not ok anymore with the erosion of my privacy and in this regard i would feel much safer using an open source os.
I completely agree with everything you have written. “You took the words right out of my mouth,” as they say…
Right after reading this article today I went and downloaded the new VirtualBox 5, and the latest ISOs of Mint Cinnmon and Zorin. I’m going to have to try again to start getting used to Linux.
At least there IS an alternative to a corporate OS like Windows, even if I’m not overly fond of using it in actual practice…
Linix has a steep learning curve, the command line interface is a must to set things up correctly. Just keep it simple and learn as you go….
Good God! Thanks so much for putting this up, Martin!
What a great pity that our very operating systems are now spying on us!
I agree that we need an article about ways to defeat this kind of OS spyware, and how to block things that bypass the HOSTS file, etc..
Perhaps blocking in the firewall and/or router would be effective?
Thanks again for posting this.
If you can trust your router (DD-WRT/Tomato etc), and you know the addresses and IPs to block, then do it at a network level. Of course, lock down settings at a software level, and at an OS level, as much as possible first. Quite frankly, at this stage, if you can;t trust your OS, get another OS. I for one will only have a Win10 for testing and technical reasons.
Yeah, I agree with you. Anything I want to really want to block gets blocked in the cookies, scripts, and domains at the browser level, with NoScript, RequestPolicy, and BlockSite Plus, at the HOSTS level with Emsisoft, and in the firewall list of blocked domains.
Can you say specifically what you mean by locking settings down at the OS level, though? (Win 7 Pro)
I locked down a bunch of stuff initially after install in Task Scheduler, Group Policy, and the registry–CEIP and other stuff–but I’d like very much to hear anything else you or others suggest doing. Thanks!
@Hy – I just meant to distinguish the difference between Software–OS–Network. I don’t have a definitive list (well, not for Win10). My OS level would be things such as HOSTs etc, Firewall software, and so on. And I was just referring to this constant barrage of the OS itself wanting to dial home. Actually “locking down” a Win7 (or Win10) depends entirely on how much hassle you want to put up with, and would take a few hundred posts, at least :) and I wasn’t referring to all that.
PS: http://blog.superuser.com/2011/05/16/windows-7-network-awareness/ … for some light reading
Apparently, it was in the Win 10 EULA, etc., that the user was agreeing to being spied upon this way by Microsoft, but what about in Win 7 and Win 8?
Definitely a Privacy Intrusion on previous Windows 7/8 version of the OS. Like seriously maybe in Windows 10 is unavoidable as it is written in they EULA but not in Windows 7/8. I’m just gonna wait what other countries gonna do about this serious privacy intrusion with those updates in Windows 7/8. It doesn’t really much concern if it’s just a Software/Website but an Operating System where you save/work/do some things that well you do and the OS itself is spying, that’s definitely going below the belt!!! They could’ve just left WIndows 7/8 alone…
Fearmongering helps no-one, especially when Microsoft proactively collects FAR LESS data than Apple or Google on a regular basis. They don’t care about your personal stuff.
I’d agree with you but then Apple/Google marketshare on “PC MARKET” is but a dot global scale…. Maybe on mobile department they dominate but then again major work like documenting/accounting(office), programming(games/softwares/apps for mobile/etc), engineering/designing(Autocad/Photoshop/etc.), etc. are done on a “PC” in every major giant company/enterprise globally and not on a mobile/tablet. Also it is were you save your personal files like programs, pictures, adult things if you know what I mean, torrents, etc HUGE FILES that aren’t meant for mobile but to be safely stored in a FLASHDRIVE/EXTERNAL or INTERNAL HDD/SSD that needs to be connected to a “PC”. So No!!! I’d rather have them not Look at what I am doing inside my computer than on a mobile device that I don’t use major things other than calling/texting/chatting/playing some indie games if away from a PC.
Another poor defense of this behaviour.
“I’ve got nothing to hide” and “other companies are doing it too” are piss poor excuses for allowing this type of thing to progress further and further.
Amen! You are absolutely right.
This is not my argument. Constantly publishing anti-Microsoft propaganda when there are far worse offenders that people use just as much simply screams clickbait.
anon, and are we supposed to stop criticizing Microsoft just because other companies are worse? I don’t think that this is a wise idea. And that’s because unless people are voicing their discontent, the companies will ignore us (and even so, it is hard to make your voice heard…)
Maybe now they don’t (I doubt it, but let’s pretend…), but who can guarantee me that the data won’t be abused in the future or sold/given to a third-party that will abuse it?
If I remember correctly, wasn’t it just said here recently on gHacks, and 100,000 other places as well, that when the user installs Windows 10 they give permission to Microsoft to collect their personal data, and to share it with undisclosed third-parties?
I could be remembering wrongly, but it would make sense–what’s the point of collecting and storing users’ personal data unless it’s “monetized” (sold)?
What you seem to be saying anon is that because Apple or Google are invading people privacy in a massive way that it’s OK if Microsoft does the same thing as long as their not as bad?
Since when have we judged how bad something is based on something else being worse, somehow I don’t think the majority of people would accept that excuse, that it’s OK to do something bad or evil if someone else has done a greater bad or evil thing.
Thanks SÃ¶ren. The analysis is based on what Microsoft revealed about the updates. If that’s all there is to it, it is still intensifying data collection.
Regardless of that, I’d still block those updates from being installed as they serve no purpose to users of the operating system.
Bwahahaha! I love seeing all these people freaking out over this stuff. Millions of users who don’t worry about it know that all this info collected can’t be gone over with a fine tooth comb. There is simply too much info out there. It’s not like Microsoft is trying to see what each and everyone is up to. It’s to help better the system and experience for the end user. If I was at Microsoft I would be more inclined to stop what I’m doing, and really find a way to see what’s on a person’s computer when I see these updates and/or privacy settings are not installed/enabled. To me that sends a red flag saying “Hmm what is this person up to that they don’t want to be included?”. On the ones that install everything, and enable all “default” settings, I would simply say “OK, all is good. They will have a great experience. Next!!”. If everyone knew everything about everyone else the world would be a safer place since we would all know there is nothing to hide, so no bad will happen since no one would want to do bad stuff as it will get out right away.
” If everyone knew everything about everyone else the world would be a safer place since we would all know there is nothing to hide”. Man, I’m growing tired of this fallacy.
THIS. That old chestnut is so completely bereft of logic that it makes my head hurt.
Have a look this way if you please : http://www.networkworld.com/article/2926215/microsoft-subnet/richard-stallman-windows-os-is-malware.html
Your comment is naive.
Tom, that is just one man’s point of view, and an extreme one at that. What amuses me is how we get all paranoid about personally unidentifiable data that’s collected online yet, for years, have been readily giving out personally identifiable data when performing many everyday offline activities – making any major purchase, registering for a warranty, opening a bank account, taking out insurance, registering for social services, on and on. Where does everybody think all this data ends up – in a database on corporate or government computers.
Relax folks, there is nothing sinister at work here, merely a means of delivering an enhanced user experience.
@brightspark, it’s all a question of moderation I guess. Under as well as over-evaluation are problematic. Richard Stallman may over- estimate, or say so if motivated by social activism, I don’t have the right cards in my hand to know.
So, as always, trying to find the balance is the toughest approach but free of demagogy. This does not mean that we would implicitly under or over estimate privacy-related matters and hide this true conviction with rhetoric, that of equilibrium : as Woody Allen states it “It’s not because I’m paranoid that it means I have no enemies” (that’s the idea). Reality remains even if we touch it by subjective means.
I agree with you on the delta which occurs in many of our lives between a speech of privacy and our everyday-everywhere habits. One has to be coherent and find an exit when, as it happened to me, I was asked for my name & address when buying a perfume for a lady ot getting a haircut at a new barber’s shop : I am FranÃ§ois Hollande and the address is Faubourg Saint-HonorÃ© in Paris do I usually answer, leading to smiles, sometimes intrusion enforcement (question repeated with a smile) to which I choose an opposition leader!
So, whatever the efforts a user is likely at one point or another to exaggerate, if not to see what is not, or to be blind. This is also a consequence of dishonesty on the Web when applicable and proven : users may get hysterical or, in doubt, prefer to throw the possibly bad with the proven bad. A pity but not everyone knows the secret of the Gods (or is it of the devils?) when they know for sure that privacy IS a problem, mainly on the Web (even if not only).
Hence, your comment is welcomed as fresh air in a debate where pluralism more than ever is required. And perhaps may we remember that lack of evidence is evidence of nothing, that there can be smoke without a fire, but also that there is a true problem of privacy and that consequently either we accept either we refuse. After that, good luck to all, and remember : a privacy issue is NOT a virus, it’s another type of problem.
brightspark, you are overgeneralizing in your statement. Not everyone is willing to give up their private data in the ways you mentioned. And besides, there is another aspect to it: in some countries (including mine) there are laws that govern the use of personal data by the shops, banks, etc and that protect me to some degree when I do something like opening an account or making a purchase. But those laws will not apply to Microsoft data collection, so it is normal for me to oppose it as much as I can.
Guess it’s ok for you for MS to sell/give the data collected eg. programs, videos, music, pictures, document files, keylogger, etc. present on your computer then give it to the NSA/FBI(if needed)/sell it to ad companies to send ads to your email or a popup on your moniter suddenly when connected to the internet?… Good Luck with that.
I don’t think MS is collecting contents of random files on your computer.
That might be the worst argument I’ve ever seen.
I guess you’re OK with NSA spying on your phone/email too? I mean you’ve got nothing to hide right?
If you’re just trolling, fine. I kind of hope you are.
As for privacy: Microsoft has been preparing folks for nearly a decade, starting with the push to the cloud. Windows 10 = a service. Online. All the time. Of course, there is no privacy.
I don’t like about the new OS and what MS is doing and it has less to do with privacy than it does with control. Your words, Bobby Phoenix: 1) “It’s to help better the system and experience for the end user.” — Better the system? Better it for whom? Better the experience for the end user? What makes for a better experience is no longer in the hands of the end user. I do not want Microsoft making those choices for me, damn it.
2) “If I was at Microsoft I would be more inclined to stop what I’m doing, and really find a way to see what’s on a person’s computer when I see these updates and/or privacy settings are not installed/enabled.” — W T F business is it of yours?
3) “To me that sends a red flag saying “Hmm what is this person up to that they don’t want to be included?”.” — You know what, if you really want to know, all you have to do is ask me. I’d be really glad for the opportunity to tell you.
4) “On the ones that install everything, and enable all “default” settings, I would simply say “OK, all is good. They will have a great experience. Next!!” — WHAT! How do YOU know what is a great experience for ME?
5) “If everyone knew everything about everyone else the world would be a safer place since we would all know there is nothing to hide, so no bad will happen since no one would want to do bad stuff as it will get out right away.” — I don’t know whether to laugh or cry. Fully indoctrinated, aren’t you? Borg.
Yeah, sure ‘Bobby’… your reply optimizes the propaganda of Stalin, Hitler, Mao, Pol Pot… same old story, different useful idiots.
Let me tell you something ‘Bobby’, the above dictators could only dream and fantasize about such intrusiveness and control.
Your naive assumptions notwithstanding… people who embrace liberty and freedom should be very wary of anyone like you.
I’d rather not have my information including family photos and other personal information shared with third parties. I assume that like Facebook, Google, and others, by agreeing to the EULA you are giving up any ownership of these items and they can take items stored on your system such as personal photos and information (including diary entries) and publish or sell them to third parties and you cannot make any copyright claim since you gave up any ownership rights under the EULA. In addition, this spyware will be probably be used as an “enforcement tool” for law enforcement and companies who wish to find people who pirate their works even if these companies may not hold a copyright or other rights to the work you have stored on your computer. I’m sure companies wouldn’t appreciate if trade secrets were collected by Microsoft or another company and shared with competitors. Microsoft has been known to keep statistics on people who use competing products and keeping tabs on who is dual-booting their windows computer with Linux. In fact I believe at first they tried to make it against the EULA to have any other non-Microsoft OS installed on the same machine as Windows 8 and I wouldn’t be surprised if this spying will be used by Microsoft to find alleged violators of their EULA in the future.
Well, thats what supercomputers are for. And if you are wondering why MS do it, they are probably getting payed by NSA or forced by NSA. Not sure I recall correctly but didn’t snowden leak something about this?
“Updates Make Windows 7 and 8 Spy on You Like Windows 10”
Goodbye Microsoft, you’re doomed, that’s the last nail in the coffin.
I just downloaded Xubuntu Linux so hour from now all problems with spying, viruses and slow computer will be past.
R.I.P. in peace Windows.
rem – Removes Microsoft’s privacy invasive Windows updates in Windows 7 and 8.x
rem – Invoke from elevated cmd prompt or “Run as administrator”.
rem – Last update 20150828 1042 ET
echo Attempting removal of Microsoft’s 14 privacy invasive Windows updates. (For Windows 7, 8 and 8.1):
echo (01) Uninstalling KB2952664 – Compatibility update for upgrading Windows 7 …
start /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart
echo (02) Uninstalling KB2976978 – Compatibility update for Windows 8 and Windows 8.1 …
start /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart
echo (03) Uninstalling KB2977759 – Windows 10 Diagnostics Compatibility Telemetry …
start /b /wait wusa.exe /kb:2977759 /uninstall /quiet /norestart
echo (04) Uninstalling KB2990214 – Enables upgrade from Windows 7 to a later version …
start /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart
echo (05) Uninstalling KB3012973 – Upgrade to Windows 10 Pro …
start /b /wait wusa.exe /kb:3012973 /uninstall /quiet /norestart
echo (06) Uninstalling KB3021917 – Windows 7 SP1 performance improvements …
start /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart
echo (07) Uninstalling KB3022345 – Telemetry [Replaced by KB3068708] …
start /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart
echo (08) Uninstalling KB3035583 – Installs the Get Windows 10 (GWX) app …
start /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart
echo (09) Uninstalling KB3044374 – Nagware for get Windows 10 in Windows 8 and 8.1 …
start /b /wait wusa.exe /kb:3044374 /uninstall /quiet /norestart
echo (10) Uninstalling KB3050265 – Update to Windwos Update Services for upgrading to Windows 10 …
start /b /wait wusa.exe /kb:3050265 /uninstall /quiet /norestart
echo (11) Uninstalling KB3068707 – Customer experience telemetry point (W7,8,8.1) …
start /b /wait wusa.exe /kb:3068707 /uninstall /quiet /norestart
echo (12) Uninstalling KB3068708 – Update for customer experience and diagnostic telemetry …
start /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
echo (13) Uninstalling KB3075249 – Adds telemetry points to consent.exe in Windows 7 and 8.1 …
start /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart
echo (14) Uninstalling KB3080149 – Update for customer experience and diagnostic telemetry …
start /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
echo Process complete.
echo Please remember to REBOOT, and then hide the Following 14 KB updates in Windows update:
echo Press any key to exit …
rem – EOF
Thanks Martin, as with others here, I have auto-updates turned off and actually check the details before allowing an update, so was not affected by the KBs – BUT, thanks for the Host Names and I have blocked them in my Buffalo+dd-wrt router.
Ubuntu is looking better all the time. I have it in a VMWare Player Virtual Machine and use Pale Moon from there. Currently moving all my stuff to it as most things I use these days have Linux ports. I can see Linux getting more airplay in the future. Their Update system is fast, safe and optional.
The day is fast coming when I remove windows from my Surface and do a full native install of Linux, probably Mint.
A lot of people tell me I am too paranoid, but shit like this makes me realize that those Lemmings are not paranoid enough. :)
“I can see Linux getting more airplay in the future”
I hope so. I think that day is still a long way off, though. There is very little support for gaming, and many major applications (e.g. Photoshop) have no linux support.
I’d love to see Windows get some genuine, 1 to 1 competition.
Hiding the updates doens’t really help. I’ve hidden SEVERAL updates that Microsoft somehow un-hides and makes available, again.
Otherwise, thank you for this article, and I will be implementing these suggestions, as well as blocking IPs from my router.
If you use any ‘cleaner’ program that deletes the windows update cache, this also ‘resets’ the hides you have done.
Anyone can confirm Windows Vista has not been affected?
Probably not as it will be EoL in a couple of years, correct me if I’m wrong 2017? But also due to it even having less userbase than Windows XP.
If any of you would simply read about what these updates do, you might actually see that there isn’t some conspiracy here.
These updates are updates to the Customer Experience Improvement Program, which is not turned on by default. It is only turned on once you agree to it. Furthermore, even if you are part of that program… Microsoft does not collect your personal data.
frank, that shyte yer spewing from ur cake hole aint worth a hill of beans
You mean facts?
Searched on “windows ceip default;” found this on Microsoft’s own’ site:
“When Windows 7 and Windows Server 2008 R2 are installed and the computer is started for the first time, the Initial Configuration Tasks interface appears, displaying a variety of tasks including Enable automatic updating and feedback. In this task, you can choose to enable the default level of automatic updating and feedback, or you can manually configure settings. If you enable automatic updating and feedback, you turn on the Customer Experience Improvement Program. If you manually configure settings, you can choose whether to turn on the program. In Windows Server 2008 R2 you also have the option to provide information about your organization, such as the approximate number of servers your organization has worldwide.
In Windows 7, accepting the default recommendations for Initial Configuration Tasks also turns on the Customer Experience Improvement Program.”
Obviously, it is a bit more complicated than you lead your reader to believe when you say: “Customer Experience Improvement Program, which is not turned on by default.”
Further, the article says nothing about a Microsoft “conspiracy,” in fact, I think you are probably the only one here who has used that word.
The article says, “Microsoft intensifies data collection…,” a fair assessment, if you’ve bothered to look into this at all, as you imply you have.
Sure the headline is technically accurate, but the whole of the article makes it look like Microsoft is spying on you. It makes it look like Microsoft is doing all of this without your knowledge. That is what is bogus.
It is the user’s choice to turn this on.
It is the user’s choice to accept these updates automatically.
Like I said, the CEIP doesn’t even collect any personal information.
Furthermore the whole solution to this issue is overly complicated. All you have to do is go into the Action Center and turn the CEIP setting to off. No need to uninstall dozens of updates, they don’t do anything if CEIP is turned off.
No, you are wrong, the words â€œspyâ€ or â€œspyingâ€ do not appear at all in the entire article, not even once.
The article does â€œmake it look likeâ€ Microsoft has released new updates to further collect even more data from its users.
The article most certainly DOES NOT â€œmake it look like Microsoft is doing all this without your knowledge.â€ The article says that Win 7 and 8 data collection is intensifying, and that while experienced users may be able to disable some of this data collection, it is nearly impossible to disable ALL of it.
What is â€œbogusâ€ is your implied claim that Microsoft is doing all of this with the full knowledge and informed consent of each and every userâ€”THAT is BOGUS and you know it! Quit being disingenuous.
Get serious, man, if youâ€™re not just trolling: how many users do you know DO HAVE knowledge of this? Get real. No one I spoke to today had ANY knowledge of this. And every person I can think of at this momentâ€”family, friends, all the folks whose computers I repair regularly–will NEVER know about this increased data collection.
As pointed out to you already, it is more complicated than you make it appear. Your statements:
â€œIt is the user’s choice to turn this on.
It is the user’s choice to accept these updates automatically.â€
are BOGUS! Iâ€™ve gotta call Bullshit! on your oversimplified and misleading bullshit.
â€œCEIP doesn’t even collect any personal information.â€â€”I donâ€™t know how you are defining â€œpersonal information,â€ but I donâ€™t care, anywayâ€”it doesnâ€™t matter. The article doesnâ€™t even say that personal information is collected!
You are slippery and misleading and imprecise. I donâ€™t like that.
If you think Microsoft does not collect your personal data then you know very little about how digital fingerprints are used to identify unique devices, heck your IP address alone can be used to narrow down where you live and while that in itself can’t be used to collect your personal data it can be used with other information to build a digital picture of you.
From Micorosft’s Privacy Statement. The data they’re collecting is pretty damn “personal”:
Last Updated: July 2015
Microsoft Privacy Statement
Personal Data We Collect
Microsoft collects data to operate effectively and provide you the best experiences with our services. You provide some of this data directly, such as when you create a Microsoft account, submit a search query to Bing, speak a voice command to Cortana, upload a document to OneDrive, or contact us for support. We get some of it by recording how you interact with our services by, for example, using technologies like cookies, and receiving error reports or usage data from software running on your device.
We also obtain data from third parties (including other companies). For example, we supplement the data we collect by purchasing demographic data from other companies. We also use services from other companies to help us determine a location based on your IP address in order to customize certain services to your location.
The data we collect depends on the services and features you use, and includes the following.
Name and contact data. We collect your first and last name, email address, postal address, phone number, and other similar contact data.
Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.
Demographic data. We collect data about you such as your age, gender, country and preferred language.
Interests and favorites. We collect data about your interests and favorites, such as the teams you follow in a sports app, the stocks you track in a finance app, or the favorite cities you add to a weather app. In addition to those you explicitly provide, your interests and favorites may also be inferred or derived from other data we collect.
Payment data. We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument.
Usage data. We collect data about how you interact with our services. This includes data, such as the features you use, the items you purchase, the web pages you visit, and the search terms you enter. This also includes data about your device, including IP address, device identifiers, regional and language settings, and data about the network, operating system, browser or other software you use to connect to the services. And it also includes data about the performance of the services and any problems you experience with them.
Contacts and relationships. We collect data about your contacts and relationships if you use a Microsoft service to manage contacts, or to communicate or interact with other people or organizations.
Location data. We collect data about your location, which can be either precise or imprecise. Precise location data can be Global Position System (GPS) data, as well as data identifying nearby cell towers and Wi-Fi hotspots, we collect when you enable location-based services or features. Imprecise location data includes, for example, a location derived from your IP address or data that indicates where you are located with less precision, such as at a city or postal code level.
Content. We collect content of your files and communications when necessary to provide you with the services you use. This includes: the content of your documents, photos, music or video you upload to a Microsoft service such as OneDrive. It also includes the content of your communications sent or received using Microsoft services, such as the:
ï‚·subject line and body of an email,
ï‚·text or other content of an instant message,
ï‚·audio and video recording of a video message, and
ï‚·audio recording and transcript of a voice message you receive or a text message you dictate.
Additionally, when you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded. If you enter our retail stores, your image may be captured by our security cameras.
How We Use Personal Data
ï‚·Data Sharing. In some cases, we share with advertisers reports about the data we have collected on their sites or ads. We may also share data directly with service providers to permit them to provide services on our behalf or to partner with us in selecting and serving ads for our advertising partners. For instance, Microsoft uses a service provider to match your MicrosoftÂ cookieÂ ID and account data with data an advertiser may have about you (such as your recent purchases from them). This is done so the advertiser can reach you with an ad it thinks may be relevant to you. However, the service provider we use acts as a trusted third party and does not share any personal data that Microsoft or the advertiser has about you.
ï‚·Data Collected by Other Advertising Companies. Advertisers sometimes include their ownÂ web beacons (or those of their other advertising partners) within their advertisements that we display, enabling them to set and read their own cookies. Additionally, Microsoft partners with third-party ad companies to help provide some of our advertising services, and we also allow other third-party ad companies to display advertisements on our sites. These third parties may place cookies on your computer and collect data about your online activities across websites or online services. These companies currently include, but are not limited to: A9, Advertising.com, AppNexus, Criteo, MediaMath, nugg.adAG, Rocket Fuel, and Yahoo!. You may find more information on each company’s practices, including the choices it offers, by clicking on the company names above. Many of them are also members of the NAI or DAA, which each provide a simple way to opt out of ad targeting from participating companies.
Reasons We Share Personal Data
We share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorized. We also share data with Microsoft-controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our services; and to protect the rights or property of Microsoft.
We share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorized. For example, we share your content with third parties when you tell us to do so, such as when you send an email to a friend, share photos and documents on OneDrive, or link accounts with another service. When you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
In addition, we share personal data among Microsoft-controlled affiliates and subsidiaries. We also share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data in order to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.
Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to:
1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;
3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.
Please note that some of our services include links to services of third parties whose privacy practices differ from Microsoft’s. If you provide personal data to any of those services, your data is governed by their privacy statements.
“Customer Experience Improvement Program” another way of saying ‘we’re spying on you’
Itâ€™s not just Windows 10, Windows 7 and 8 are also tracking you
Disabling these Windows updates (and hiding them) will only work temporarily and it is problematic in long run. A lot of core system files are modified by these updates. It could be that if you disable these updates, future updates that modify same files will fail, because they will assume these changes are there, but they are not. So yes, disabling and hiding these buys you some time, but in the future successive important updates to same files may fail and may ‘force’ you install these.
Depending of how strong you feel about these updates you have these options:
a) uninstall and disable them now (as suggested in this article), you will have to install them anyway at some point of time
b) disable services added by these updates if known, scheduled tasks, etc, disable communication in firewall if possible
c) uninstall these, and fully disable windows updates, this can be risky, but at least like this you have still win7, or win8 and not ‘something’ else over time
d) give up on windows and learn to use something else
e) (after d) run Windows on virtual machine without internet access, and download software using the host non-windows system, and install it in windows virtual machine
Just to remind you all about an old report regarding ~70 hidden services harvesting data in Vista :
Thank you for posting this. I’d read about this long ago. It was good to read again!
Thanks for bringing this up Martin.
Wow! Recently, I was planning to keep my desktop on Windows 7 and only switch
my laptop to Linux. After reading this article, I am done with Windows. I do not
speak out of fear, but I feel this will be the right step towards preserving whatever
is left of my privacy. I will tidy up, backup, and end my 16-year relationship with
Windows and begin a new journey with Linux starting 1st September, 2015.
I need suggestions: a solid Linux distro for a power user who deals with programming,
networking, as well as screen recording and video editing. I’ve used the following
– Ubuntu (desktop & server)
– openSUSE (desktop & server)
– Elementary OS (brief desktop usage)
– SliTaz (brief desktop usage)
– Stable and fast
– Wide variety of software choices
– Maximum hardware compatibility
– Decent user interface
To all Linux experts out there, your advise on a modern Linux distro is highly appreciated.
You’ll probably get lots of conflicting advice as everyone has an opinion, but here goes. I have used quite a few distros and until recently favoured those based on Slackware, most recently using Salix. They were all completely stable but not so easy to set up as their software repositories are a bit sparse. I recently switched to Mint 17.2 with XFCE desktop and I love it. All my laptop hardware worked without issue and, being based on Ubuntu, it has a massive choice of software available and is a snap to install and set up. I plugged in my Samsung printer and by the the time I had sat down again Mint had installed the driver and was ready to print a test page. Even Windows can’t manage that. Like they say about Macs: everything just works. Very stable so far – it should be as it’s based on the Ubuntu 14.2 long term release.
Why not Ubuntu? I don’t like Unity. Mint has a choice of more traditional desktops and I have used XFCE for years. It’s easy to configure the essentials and keeps out of your way, but it’s not for people who love tweaking to the nth degree… for that you need KDE.
Hi andy! Choosing a Linux distro is a very subjective matter indeed.
I checked Salix and let’s just say it’s not to my taste.
Mint 17.2 seems good. I think I’ll give it a test drive. Incidentally, right
after posting my comment here yesterday, I visited distrowatch.com
and things became clearer. I found Manjaro Linux.
I watched a couple of review videos and really liked it. I’m not sure if
it’s going to be as great as I think it would, but time will tell.
If you’ve never come across it, here is the link if you or anyone else
As for Ubuntu.. well, I don’t like Unity either. I think GNOME and XFCE
are equally good, but I’ve probably never tried KDE and am going to
go with that.
Thank you very much for your input and suggestions. I appreciate it
a lot (and I really love the ghacks.net community).
I would recommend Linux Mint or PCLinuxOS. Mint can use Ubuntu or Debian as the base, so you have a lot of software packages available.
PCLinuxOS is a rolling release. Very nice.
Can’t you just block those websites and ip addresses in a firewall? Wouldn’t that stop it?
I don’t know for sure. It wouldn’t hurt to put those domains in your firewall’s block list, but I don’t know if it would block them.
Rick’s response above addressed trying to block these domains in the firewall of the router. His answer, in part, was that it would be possible if “the connection being made is not https. Most consumer firewalls will not stop a secure connection…”
We know that what Microsoft is now doing in Windows 10, and perhaps soon or already in Win 7 and 8, is using secure (https) connections and bypassing the HOSTS file. So these connections may be unblockable by both a software firewall and a hardware firewall in a router.
And then there is an additional problem, in that Microsoft is keeping these domains and IP addresses hidden, so even if a way is found to block the connections, you would still have to know which connections to block! We know some of them, as indicated in the article, and you can find more suspected ones on other sites if you search for them, but how will you know if you’ve ever found them all? You can’t!
That’s why this is so depressing: the very operating system on our “personal” computer has turned against us, and is trying to collect and sell as much data from us as possible. And while there may be ways to limit some of this, there doesn’t seem to be any way to stop all of it, and there may never be.
As of today, the only way to know for sure that Microsoft is not harvesting your data from your personal computer is to remove Windows and all other Microsoft products completely, and use instead a different operating system altogether,, such as Linux.
Here’s the fix.cmd file I built and tested on Windows 7 SP1 with all other Windows Updates. Use with care; YMMV!!!
REM MUST BE RUN LOGGED ON AS ADMINISTRATOR
REM Tested and works on Windows 7 SP1 x64
for %%i in (%KBlist%) do (
echo Uninstalling KB %%i
wusa.exe /uninstall /kb:%%i /quiet /norestart
echo Now, restart your system.
REM Then, using your favorite registry editor, go to
REM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing
REM Grant the dependent key CatalogsToUninstall full Administrator permissions
REM Delete all entries in that hive EXCEPT “(Default)”
REM Finally, perform a new Windows update, and mark each of these four KB numbers (if they appear) as
REM “Hide Update” so they don’t get reinstalled in any future update.
One thing I noticed when I switched to Win8.x with updates was that Microsoft now makes you go to a website to find out what each update does. With 20 updates, you have to click each one, open the associated webpage and then see what that particular update is doing.
I supposed MS is doing this to make it more difficult for people to see what each update does. Like myself, I suspect that most people are not willing to invest the time to do this, so instead we just click to install everything.
And the supplied description of the updates (and any associated KBs) is frequently useless – “To improve the user experience…”
Once again there are a few people that are fine with that, we may as well all burn our clothes, walk around naked and share our credit card numbers.
An OS should aim to serve the user not the other way around.
The sad thing is that Microsoft have shot themselves in the foot here and all this is doing is creating distrust, its terribly obvious that people will not be doing updates at this point which I guess its why Microsoft will not give you an option anymore, they will force you to update automatically and not only that I believe they also mentioned that some updates will be of non description (Sound suspicious to you?)
Regardless of company no one should be obligated to submit any sort of data or personal information to any company especially an OS which is so involved in everything you do on your PC in fact this has taken the P out of PC, there is no Personal Computer or computing anymore… GG Microsoft, thank you for showing us how much you regard us and value our rights and our privacy.
I have been thinking about buying a new HDD and installing Linux Mint on it at least as a trial to see how comfortable I feel. I know there are some things I am going to miss dearly that may never be available on Linux and I will have to jump through so many hurdles to achieve what I once could have in windows so easily before but I guess in time I will warm to it but deep down I will hope that Linux does improve and Microsoft takes a long hard look at itself but I doubt it, there are just far to many people willing to give up there freedoms and take it laying down, the Snowden leaks should have been enough to inspire a complete revolt and for people to overthrow governments but I guess if that was okay and people barely bat an eye then Microsoft saw opportunity to get involved to and know that there would be little to no resistance from society at large.
We are all to blame for this and should apologies to our future generations for allowing this to happen in our life times.
Drama… maybe but there is an element of truth behind it too and deep down we all know it no matter how we word it we are now simply a product of corporations, the new era and acronym of PC.
I totally agree with Mystique! Thanks for voicing my opinion, and with better words than I would be able to!
I guess we could see this coming. I have to assume from here on that any and all MS updates are malware.
I suppose the aim here is to cripple 7, so that “upgrading” to 10 is not so painful and no distinction between the two can be made.
I’ve sort of familiarised myself with Linux over the years in expectation of something like this and I’m glad I did.
The only remaining question is: which distro to choose?
“I have to assume from here on that any and all MS updates are malware.”
I don’t think you have to, I don’t think we should. If we want to understand it the smart way and play it accordingly we may understand that the art for companies is to mix valuable content with less valuable as well as with total craps, hence mislead the basic user who, frightened at the idea of loosing the best keeps the worst or, revolted at the idea of keeping the worst looses the best : if you want to make your way on this Web you must try to be a tightrope walker. Takes time and effort but is, IMO, the only path to combine privacy-security with a nice trip over the seven seas… and millions of sites.
I’m in the same situation as you and have chosen Manjaro Linux.
Please note that I haven’t used it yet. My comment is above:
Elevated command prompt?
Some of us self-taught hackers may not know that operation under that identity.
How is that different from the regular command prompt?
Even old dogs need to learn new tricks! :D
Means “run as administrator” ;) Simply right-click on cmd.exe and select that option.
I knew they would attempt to “sabotage” Win7/8.1 during Win10’s launch window. So, I stopped updating my systems manually around March of this year. Will update them again with greater scrutiny 6 months past the FREE Win10 upgrade period when most of these updates will have been taken off their servers.
It usually was the case that I’d cared to have the latest security patches on my system. But now, I see that these updates are potentially my greatest security and privacy threat!
When your article gets covered by Forbes is that a good thing?
I’m going to guess that it is. :)
Oh wow, there is a link. That’s good. Many “newspaper-type” sites don’t link back. Thanks for mentioning that!
Double check, but seems to affect Windows Home Server 2011 as well.
Cheeky sods, trying to do another Windows 10 thing, sliding all this spying crap in without people knowing. Since everything started coming out about Windows 10, i trust Microsoft about as much as they trust hackers, as they are proving they are just a sly and underhanded. They say “protect your PC against viruses/hacking and ‘spyware’ “, and they don’t see the irony in that ?
@John: Found the missing link, obviously they renamed it. It’s now
It’s called now “Backup of WindowsLies/BlockWindows”. Don’t know why it was gone
in the meantime, perhaps some lawyers had forced them to revoke and they put it
online using another name, so that will be an endless play in the upcoming future.
Kind of kindergarden…
What Microsoft is doing is tantamount to the mailman opening your private mail, reading it and then posting through your letter box. In the UK said postman would be prosecuted for that. I am sure that what Microsoft is doing is illegal under UK law.
BTW, does anyone know if the Mint version of Linux is any good for gaming?
Absolutely not. Your email has been getting “read” by systems on it’s way to you since the beginning of email. Google and Apple and now Microsoft give you the option of allowing a different system to “read” it in order to figure things out like if it needs to remind you about a package you have getting delivered, an airplane to board, or a doctors appointment to keep. You can turn it off if you’re paranoid… your emails are not getting stored anywhere extra, no human being is reading and understanding your emails.
There is no “opening” of email, it is never closed… you don’t want “systems” “processing” your mail, then you better encrypt it yourself prior to sending it … but whatever. Better delete every message you receive right after you’re done reading it if you don’t want it “collected” at least on your side… it is probably retained in somebody elses mailbox anyway.
No, no, no, that is absolutely incorrect! Your email has not â€œbeen getting â€˜readâ€™ by systems on itâ€™s [sic] to you since the beginning of email.â€ That is simply not true. I donâ€™t know if you are deliberately lying, or if you truly donâ€™t know that you are wrong, but it is extremely annoying, not to mention irresponsible to others, to read posts such as yours on here that are wrong yet pretend to be authoritative.
Perhaps you made a mistake and what you really meant to write is: â€œYour email has been getting “read” by systems on it’s [sic] way to you since the beginning of Gmail.â€ Gmail was the first major email provider to â€œreadâ€ not only the content of all its users emails, but also all of the content of all non-Gmail users who happened to send an email to a Gmail user. Gmail has been around just over ten yearsâ€”that is hardly, as you put it, â€œsince the beginning of email.â€
Regarding your branding of people who care about their privacy as â€œparanoidâ€–please take your extremist, demonizing characterizations elsewhere! â€œParanoiaâ€ is a psychiatric disorder, a mental illness. A truly â€œparanoidâ€ person suffers from delusions which are irrational, having no basis in fact. Just because someone does not have the same opinion as you does not make it okay for you to insult them and dismiss what they say because you falsely accuse them of being mentally ill. (False accusations, by the way, are themselves considered a hallmark of a paranoid personâ€¦)
Can someone PLEASE explain to the casuals the difference between the collection of analytic/diagnostic information and actually SPYING on the consumer!!!! This “spying” thing going on with media is going out of control !
You will have to decide for yourself whether you consider that “spying.”
If you yourself were already completely aware of the collection of all of this personal information by Microsoft, and if you knowingly gave them your full consent to collect all of this personal information from you, then you may not consider it “spying.”
If you then stop to think about the hundreds of millions of other Microsoft users around the world, and realize that many people (most?) have no idea that this degree of personal information being continually harvested from them, then you may consider that “spying.”
I wouldn’t get too hung up on the word “spying,” however; just inform yourself fully about what exactly is going on, and decide for yourself it it matters to you or not.
A few bytes of personally unidentifiable information that is put through a giant ETL to digest and provide some useful information about what people are using and what they aren’t, what parts of the operating system are crashing, etc. Who cares!
Seriously… these articles are nothing but clickbait, the less intelligent among us clutch onto the headlines and draw their own conclusions about Microsoft “spying” on us, reading our files, collecting our banking information and have a giant warehouse with a billion little manilla envelopes containing all of our dirt prepared to be shipped off to a time travelling USSR agent from the past.
I just love how Windows starts collecting some stuff like this, and there are so many articles demonizing windows let loose for the act and yet every single day people use their mobile devices with reckless abandon where their operating systems and all of their crappy “free” apps that they install by the hundreds do all of these things and more.
But oh my god, now someone has a statistic that says people use USB ports on their computers more often than they use SD card readers… my USB port using statistic is in there somewhere accounting for that pie graph and frankly I am outraged, that is my PERSONAL INFORMATION!
I am not saying privacy concerns do not matter, but I am saying that it is completely ridiculous how blown out of proportion these articles are and it is completely ridiculous that Microsoft is singled out here. If you’re going to run an article about this, at least balance it out with useful information about all of the OTHER things people are using that have the very same “problems”.
â€œWho cares?â€ Apparently you do, or else you would not take the time to write a post here, and a lengthy one at that. And obviously MANY other people care, too, as evidenced by the 100+ comments here, and by this story appearing in many other outlets as well.
Your personal attack on everyone who cares about their privacy as â€œthe less intelligent among usâ€ is extremely offensive. If you have intelligent points to make, then make them, and let them be judged on their merits or lack thereof, but do not show the emptiness of your hollow claims by resorting to ad hominem attacks on others who happen to have a different opinion than you. Please stop demonizing those with whom you disagree as â€œless intelligentâ€ and â€œcompletely ridiculous.â€
As already pointed out in another comment, your pathetic â€œargument,â€ if it can be called such, that data collection also happens elsewhere is what is truly unintelligent and ridiculous. â€œOther companies are doing it, tooâ€ is not an argument!
You claim you are â€œnot saying that privacy concerns do not matterâ€? Yes, you did. You yourself said, â€œWho cares!â€ You also called those who care about privacy as the â€œless intelligent among us,â€ and characterized privacy concerns as â€œblown out of proportionâ€ and â€œcompletely ridiculous.â€
Finally, your plea at the end for articles â€œabout all of the OTHER things people are using that have the very same â€˜problemsâ€™â€ shows only that you know nothing of this site. You must have fallen for your â€œclickbait.â€
“In connection with Your purchase of the Sale, You will provide the majority of the information We collect about You. Items required may include, but are not limited to, Your name, mailing address, e-mail addresses and other personally identifiable information.”
Other personally identifiable information? That could be anything! They are certainly key logging our paypal passwords with malicious scripts otherwise they wouldn’t have such a broad statement in their policy.
“We do not sell, license, lease or otherwise disclose Your information to any other parties; except that We may disclose Your information when We believe, in good faith, that disclosure is reasonably necessary to comply with laws, law enforcement or court orders, or to protect the rights, property or safety of another person, including Our own property or rights.”
They don’t do any of those things, unless they feel like it. “We believe…”, okay, that confirms it, they are selling our personal information to everybody they can and the policy does nothing to protect us from that since we cannot argue with their beliefs in good faith.
Truly scary stuff here…
It even goes out of the Microsoft realm.. (whoever nsatc.net is…)
; <> DiG 9.10.2-P2 <> vortex-win.data.microsoft.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65346
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 13, ADDITIONAL: 16
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vortex-win.data.microsoft.com. IN A
;; ANSWER SECTION:
vortex-win.data.microsoft.com. 2543 IN CNAME vortex-win.data.metron.live.com.nsatc.net.
vortex-win.data.metron.live.com.nsatc.net. 275 IN CNAME vortex.data.glbdns2.microsoft.com.
vortex.data.glbdns2.microsoft.com. 255 IN CNAME vortex-db5.metron.live.com.nsatc.net.
vortex-db5.metron.live.com.nsatc.net. 60 IN A 22.214.171.124
We are not discussing â€œGhacks Deals;â€ we are discussing Microsoft! You discuss one WEBSITE, which people may or may not use; but we are discussing an OPERATING SYSTEM, which hundreds of millions of people around the world use to run their personal computers every day.
Your â€œnon-argument,â€ actually a fallacy, which addresses something completely other than what is being discussed, has been well-known for over 2,000 years: these days it is called the â€œStraw Manâ€ fallacy:
â€œThe Straw Man fallacy is committed when a person simply ignores a person’s actual position and substitutes a distorted, exaggerated or misrepresented version of that position. This sort of “reasoning” has the following pattern:
1. Person A has position X.
2. Person B presents position Y (which is a distorted version of X).
3. Person B attacks position Y.
4. Therefore X is false/incorrect/flawed.
This sort of “reasoning” is fallacious because attacking a distorted version of a position simply does not constitute an attack on the position itself. One might as well expect an attack on a poor drawing of a person to hurt the person.â€
In your previous post you made ad hominem (Latin, â€œto the manâ€) attacks on the people themselves who are concerned about their privacy; now you ignore the issue at hand and set up a straw man.
Itâ€™s time for you to get back to the university (or register for the first time) and take an informal logic class.
You reject my posts on basis such as redirection and imagined “personal” attacks (you don’t think there are less intelligent people that will read headlines around the web that contain the word spying etc., stop there, and draw completely wild conclusions?), and and then reply in kind with a wall of text about straw man arguments and end yours suggesting I am uneducated.
So get on your high horse and prove something if you want so badly to debate “correctly”.
Wow, thatâ€™s so mean and sarcastic.
Thanks for the invitation, but my father always taught me to never get into a pissing contest with an elephant.
Yes, we do love it.
And it’s hardly patronizing, (unless you’re nervous). JB please continue :)
Congratulations, Martin! :)
Another mention for Martin, and an interesting update from yesterday:
Update (8/31/2015): This post originally reported that a firewall canâ€™t be used to block the Windows connections that bypass the hosts file. There appears to be confusion on this point as to whether the ranges can be blocked on Windows 10 or not and conflicting reports on how the Windows Firewall treats such rules. We discussed the situation with Ars Technicaâ€™s Peter Bright, who has confirmed that these new connections can be blocked. Reports that they canâ€™t be may have been confused or related to different OS settings.
Thanks, I have updated the article to reflect that.
Also some links of this article in Wilders Security Forums:
List of Windows 7 telemetry updates to avoid | Wilders Security Forums
Anyone know what those IP addresses are for? It looks like disabling some of the services might mess with Windows Media Center. Yes, I’m actually 1% who uses and loves WMC with my digital tuners. Otherwise, this script looks flipping fantastic, thanks!
As Someone who does private and extremely sensitive research this is basically the last straw.
As yet updates are not in our System and
As of Today the critical research machine is now air-gapped and this has forced us, to fully commit to move to Linux which has been in trial, with the only real issue being the 40TB+ of confidential research data on NTFS drives. Linux (Mint Distrobution) has been a very positive experience once you get over the learning curve and away from the Microsoft way of doing things
Anyone who values their privacy or values its trade secrets and patents would be very foolhardy not to follow our lead as though their “lives” depended upon it, Because they Do!
Windows 10 Firewall Control: Sphinx Software
Windows 10 Firewall Control is an outbound firewall which gives
the security that only allowed programs may access the Internet.
I have been running the FREE version for years now, no problems yet.
AFAIK the software is from India, hosted in the U.S.. I don’t know
if it can stop Windows phoning home.
Also good old xp-Antispy, which works well under Windows 7
will be developed further (sorry: the announcement is in German),
that could possibly help against the new challenges.
Offizielle Homepage des xp-AntiSpy
BTW: besides Windows I am using Linux too (Ubuntu 14.04 LTS).
If Microsoft does not respect the wishes of their users not to be
tracked and spied Ubuntu will be my main OS in the future.
Perhaps I should explain how Windows Firewall Control works roughly:
It leaves the Windows Firewall, which is working INBOUND only, as it is,
but adds an OUTBOUND functionality to it. That means that you are asked
to allow a connection from inside the computer to the internet, otherwise
access will be forbidden (the program remembers your decisions). By this
you should have control over who is trying to phone home or reload other
programs. Of course there will be the problem that some programs like
Windows will know this and try to bypass this in a tricky way. So you won’t
get an absolute security by this, but it could be a part of the puzzle
to achieve that.
There is a good description and a manual on the sidebar left if you open the
link above. Older versions, i.e. Windows 7 Firewall Control, are available.
I remember when Windows Activation first came out, it was an ActiveX add-in to Internet Explorer which you could trivially disable or remove.
Then they got clever.
I expect these patches to become “mysteriously” non-removable some time in the next year, plus your Windows will “mysteriously” become invalidated if they’re not installed.
Mark my words.
I have 2 window 7 disks from 3 years ago….. I will NOT update them.. when they stop working I will switch to ubuntu completely… F msoft
Given the (hopefully correct) good news above from the Ars Technica update of August 31 that these domains in Win 10 can be blocked in firewalls, I wondered if we could look into a few things:
1. whether such blocking definitely works in Win 7 and 8.1 as well (Ars’ Peter Bright says it worked in Win 8)
2. if that means in both software firewalls, and firewalls in routers
3. if it is the case that only SOME router firewalls can block connections to HTTPS sites, then a list of which routers have that capability
4. if we could have a page here on ghacks, like we just did recently with Firefox’s about:config preferences, dedicated to which domains should be blocked. Such a page would have to be kept updated, of course.
Not sure if this is possible or desirable from your point of view, but I’d love to know the answers to the first three points above, and I’d love to have a well-maintained, updated go-to page I could trust for the most current info about which domains to block.
Congratulations…..You received mention & link @ Ace of SpadesHQ sidebar. I will add that he has a huge following. Again congrats and I’ve bookmarked you.
If this is true, some truly scary stuff on Wilders Security Forums “List of Windows 7 telemetry updates to avoid”
Member “Holysmoke” posted:
“more terror about MS from long time poster at dslreports:
All text typed on the keyboard is stored in temporary files, and sent (once per 30 mins) to:
Telemetry is sent once per 5 minutes, to:
Typing the name of any popular movie into your local file search starts a telemetry process that indexes all media files on your computer and transmits them to:
When a webcam is first enabled, ~35mb of data gets immediately transmitted to:
Everything that is said into an enabled microphone is immediately transmitted to:
While the inital reflex may be to block all of the above servers via HOSTS, it turns out this won’t work: Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being transmitted.”
I had previously scanned my installed and ‘recommended’ updates on my laptop hours ago. I had not had any installed as listed. However, my laptop was just chewing on something big so I looked at the Task Manager to find Microsoft Telemetry Compatibility running. I ended the process immediately. I am currently seeking out the actual name of the service so I can disable it. It appears MS has gone beyond the scope of this posted article and is getting in another way.
In Task Manager, right-clicking on the process and choosing “Go to Service(s)” may work
Best Automated script to stop windows 7 8 and 10 spying.
Hides updates after removal, Blocks ip’s, Services, Tasks
you need new Window 10 edition
When I checked the Dell website, I discovered my computer was one model too early for a Windows 10 upgrade.
Heck, Darn, Means I will have to stick with this insecure XP which has such an obsolete codebase that MS decided to abandon it.
In the non too distant future, I can see a worthwhile market developing for used machines that run XP, just for the paranoid types like me.
And I have a Win 7 machine with a plastic cover over it. Never liked 7, and the machine won’t run XP except in SATA mode, which makes the newer quad4 machine actually perform at about the same speed as my old core2.
Wow–this is from Windows guru Woody Leonhard in InfoWorld…back in April 2015!
“The Microsoft Compatibility Appraiser task runs %windir%\system32\rundll32.exe appraiser.dll,DoScheduledTelemetryRun with the description “Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program.”
I found that the program runs whether or not you’ve opted into the Microsoft Customer Experience Improvement Program (CEIP). And even if you opt out, the program still runs.
Can somebody tell me why Microsoft is performing a telemetry run on PCs that have opted out of the CEIP? This results from an “important” update in the Automatic Update…”
“KB 2952664 triggers daily telemetry run in Windows 7 — and may be snooping on users”
I just notice i have KB3022345 installed.Would this by any chance have to do with the get windows 10 upgrade sitting on my taskbar or something else?Should i delete it or disable it?
Larry, you can type any kb-Nr. in the searchbar to get information about it.
Using StartPage I found this:
Microsoft confirms: Original versions of KB 3022345, KB 3048043 broke updating | InfoWorld
The answer to your question is at the end of the article.
Delete it! It is a telemetry “update.” Unless you don’t mind sending data from your computer to Microsoft (and to whomever they share it with).
Linux has improved significantly over the last number of years.
The command line is no longer required for configuration and maintenance. Fedora is getting better, and there are tools like Fedy and EasyLife which make it much easier. Just like Windows has PowerToys, so does Fedora.
With Linux Mint, you will never need to see a command line unless you want to.
Instead of wasting time with the hosts file (that approach was not bad yesterday…), set up your own DNS server… In order to block IPs, use a firewall.
One-liner blocking of their DNS names in dnsmasq and unbound:
I have never participated in CEIP.
I disabled CEIP in Action Center immediately after installing Win 7 Pro.
Then I disabled every trace of CEIP in Task Scheduler.
Then I went into Group Policy and disabled every mention of CEIP.
I just double-checked all of the above last week in light of this latest “telemetry/snooping” stuff, verified all of it, and thought that in terms of CEIP, I am fully locked-down.
Tonight, while looking in System events in Event Viewer (for another reason), I noticed that right after I turned the computer on, there was an event logged called something like “Customer Experience Improvement Program User Logon Notification.”
It seems that despite the great lengths I went to to avoid CEIP that it is still running on my PC!
This is outrageous, and completely unacceptable.
I have the right to quit the Internet forever if this is the way the Internet is going with their telemetry and privacy intrusions. That is what I plan to do.
Zero sarcasm here and honestly curious: how do you intend to accomplish that, and what are the alternatives? If you can share some ideas, perhaps we or someone else can benefit from your suggestions.
I use software O&O ShutUp10. Disable telemetry, localization detection, Cortana, app access… and more. Download Link: http://www.filehorse.com/download-shutup10/
That sounds great.
These updates are “needed” for W7 and W8.1 (I don’t know for servers)
I’m still using W8 (64 pro). None of these updates are proposed.
This does not mean that W8 is not concerned by the same “problems” ;)
I found a very simple solution that completely removes CompatTelRunner.exe.
After uninstalling updates, after disabling CompatTelRunner service, and even after another method I found of creating a registry entry telling Windows to not run the service on startup, CompatTelRunner.exe continued to run at startup.
I located CompatTelRunner.exe in >windows>system32 and tried to delete it but couldn’t even as an admin. I tried to rename it as well but was not allowed.
My 100% solution for completely removing CompatTelRunner.exe:
Get Unlocker. It is 100% free and available on FileHippo and Cnet, to name just a couple trusted sites. Once installed, right click on CompatTelRunner.exe to bring up the context menu. Choose “Unlocker.” It will tell you that there is nothing locking the file and will also give you other options to include “Rename.” Unlocker can rename CompatTelRunner.exe. Once renamed, it can be deleted!
I found a whole extra new network tunnel device in my windows 7 the Teredo Tunneling Pseudo-Interface, and the two Microsoft ISATAP ‘s..
Seems they wanted moar of my telemetry packets via IPV6 backdoors/featturettes, There’s a Service (or two–iforget now) with this crap too.
I only caught it cause I ONLY DO IPV4 (my iptables router is set to -J DROP the IPV6 turds)
I noticed these blocked IPV6 in TINY WALL is how I FOUND it/them,
I then track via Proc Hacker, Hex, Registry, Handles etc etcv to figure where the shit comes from.
I believe, they try to get them from IPV4 to 6 to V4 behind your back I guess. I don’t really know or care anymore, the trust of microsoft is now ZERO, I don’t patch for security anymore. Maybe next, I go DARK and say Screw the web completely. I am tired of debugging a broken system that all I did was update for “Security” which is now a JOKE anyway.
I can block ALL Packets with 255 lines in IPTABLES.
0.0.0.0/8 …. 255.255.255.255/8 goodbye packets.
I block the cidr of microsoft. I “removed BITS and WU services.”
I am dead serious. They are TOAST, I only use it cause I have some video editing and audio stuff, that is now going off-line.
When I think of microsoft people I think about how I want to cause them some DENTAL WORK.
I blame the damned hackers & virus writers for this! If these loosers did not get their sick jolly’s writing this crap in their parents basement/attic’s to attack the systems of ordinary folks, people would not blindly install upgrades that give micro soft even more intrusive power.
I have no doubt that Microsoft is in bed with the NSA. Why else would they limit you to 16-character passwords for live.com accounts, except to be able to pass along easily-crackable hashes to the government?
Here is a list of all suspicious updates related to telemetry that also appear in older versions of windows, including several older ones that do not appear in the article above and any of the articles online that reference this ghacks article. I feel the first 3 should have also been mentioned in this article.
KB2952664 â€“ Adds Appraiser.dll, Creates new tasks for DoScheduledTelemetryRun. In this case, also check for the â€œscheduled tasksâ€ and consider deleting them.
KB 2977759 â€“ â€œCompatibility update for Windows 7 RTMâ€ (Win10 compatibility tests)
KB3021917 â€“ â€œTelemetry is sent back to Microsoftâ€
KB3022345 â€“ â€œThis update introduces the Diagnostics and Telemetry tracking serviceâ€
KB3068708 â€“ Same as KB3022345. â€œThis update introduces the Diagnostics and Telemetry tracking serviceâ€
KB3075249 â€“ â€œThis update adds telemetry points to the User Account Control (UAC) featureâ€
KB3080149 â€“ â€œThis package updates the Diagnostics and Telemetry tracking service to existing devicesâ€
Additional, non-telemetry related but updates that ‘urge’ (try to force) you to update to Windows 10
KB3035583 â€“ â€œThis update installs the Get Windows 10 app, which helps users understand their Windows 10 upgrade options and device readinessâ€
And this one ONLY applies to windows 8 users:
KB 3044374 â€“ â€œUpdate that enables you to upgrade from Windows 8.1 to Windows 10â€³
And quite possibly, KB2882822.
I strongly suspect KB2882822 is where this all started. It is very suspicious that this update appeared only after i uninstalled 3 of the 4 above listed updates in the article. If I didn’t have the update from 2013-2015, it should have popped up ages ago. I’m not a developer who uses ITraceRelogger in embedded systems, so, no thanks.
I uninstalled them, I then hit ‘check for updates’ to get them to reappear and chose to ‘hide this update’ for all 3. They were the ONLY updates that appeared. KB2882822 did not appear with the 3 updates I had installed at this point.
After hiding these 3 updates, I did another ‘check for updates’. Suddenly, another update appeared from 2013. KB2882822.
The microsoft tech article states that “Update adds ITraceRelogger interface support to Windows Embedded Standard 7 SP1, Windows 7 SP1 and Windows Server 2008 R2 SP1”.
Doing some googling, I found that this update apparently had issues when it first came out related to DLP (Data-Loss Prevention) software, which prevented microsoft from communicating with its outside servers for no reason, another update was pushed to patch this so it wouldn’t interfere with DLP software.
ITraceRelogger allows developers for embedded systems collect diagnostic information from users. This would, of course, include microsoft. If anybody else has information about KB2882822 in relation to the microsoft collection ‘scandal’, chime in, but I will be uninstalling and hiding it, strongly suspect update that may seem to have good intentions for developers, but can also be misused by microsoft.
Thank you very much for this updated list. I had previously uninstalled several from an earlier list but have found KB2952664, KB3068708, KB3075249, KB3080149 from your list.
Also, KB2882822 was re-installed,
Ghack! (sound a cat makes when getting rid of a hairball [MS]).
use the ultimate tool that takes care of business!
“DWS Lite 1.5”, it’s opensource!
hi all, I just discovered this tool to tackle telemetry & ms experience in their own words:
Anti Beacon 1Spybot Anti-Beacon is a standalone tool which was designed to block and stop the various tracking (telemetry) issues present in Windows 10. It has since been modified to block similar tracking functionality in Windows 7, Windows 8 and Windows 8.1 operating systems.
Anti-Beacon is small, simple to use, and is provided free of charge. It was created to address the privacy concerns of users of Windows 10 who do not wish to have information about their PC usage sent to Microsoft. Simply clicking â€œImmunizeâ€ on the main screen of Anti-Beacon will immediately disable any known tracking features included by Microsoft in the operating system.
And best of all its free:
THANKS! I went through this thread: http://www.wilderssecurity.com/threads/list-of-windows-7-telemetry-updates-to-avoid.379151/ and found a reference to your site posted by a user there. I basically grabbed all updates recommended from that thread and referred links and compiled my list.
As mentioned, I have listed all the updates found on this thread and referenced and included a description based on what I found in either MS kb database and/or any negative references from other forums/websites that recommend removal from Win platform. My spreadsheet has a column labeled “remove?” to which a “1” is a “YES” and a “seems ok” is an “IGNORE”; the next column is the KB#; and finally, the third column is the description/notes I pulled from the web when i did a search on the KB# lookup via google.
i have also questioned a few of the recommended window updates as I was weary of uninstalling just anything that may have been just grouped in for whatever reason…
http://j.mp/x10-remove – here’s a pdf of the spreadsheet
and a copy/paste from that spreadsheet:
remove? kb desc
1 971033 w7 License validation check
seems ok 2505438 Slow performance in applications that use the DirectWrite API on a computer that is running Windows 7 or Windows Server 2008 R2
seems ok 2506928 A link in an .html file that you open in Outlook does not work in Windows 7 or in Windows Server 2008 R2
seems ok 2545698 Text in some core fonts appears blurred in Internet Explorer 9 on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
seems ok 2592687 Remote Desktop Protocol (RDP) 8.0 update for Windows 7 and Windows Server 2008 R2
1 2660075 You cannot change the time and date if the time zone is set to Samoa (UTC+13:00) and KB 2657025 is installed in Windows 7 or in Windows Server 2008 R2
1 2670838 â€“ Windows 7 Only (breaks AERO functionality and gives you blurry fonts on some websites)
1 2726535 An update is available that adds South Sudan to the list of countries in Windows Server 2008, Windows 7, and Windows Server 2008 R2
1 2876229 Skype for Microsoft Update
seems ok 2902907 Microsoft Security Essentials; Compatibility update for upgrading
seems ok 2923545 Update for RDP 8.1 is available for Windows 7 SP1
1 2952664 Compatibility update for upgrading Windows 7 – update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows.
1 2970228 http://www.infoworld.com/article/26…kb-2982791-and-kb-2970228-windows-update.html
1 2976978 Compatibility update for Windows 8.1 and Windows 8
1 2976987 Compatibility update for upgrading
1 2977759 W10 Diagnostics Compatibility telemetry
1 2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
seems ok 2994023 RDP 8.1 client for Windows 7 or Windows Server 2008 R2 disconnects when it is connected through a RD gateway
seems ok 3008188 November 2014 Windows Update client improvements in Windows 8.1 or Windows Server
1 3008273 update that enables Windows RT to update to Windows RT 8.1, and that enables Window 8 to update to Windows 8.1. See the prerequisites before you install the update.
1 3012973 Upgrade to Windows 10 Pro
1 3014460 (Upgrade for windows insider preview / upgrade to windows 10)
1 3015249 (Upgrade that adds telemetry points to consent.exe in Windows 8.1 and Windows 7)
1 3021917 in order to determine whether performance issues may be encountered when the latest Windows operating system is installed. Telemetry is sent back to Microsoft for those computers that participate in the Windows Customer Experience Improvement Program (CEIP).
1 3022345 Telemetry [Replaced by KB3068708]; Compatibility update for upgrading
1 3035583 GWX Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
1 3044374 W8,8.1 Nagware for W10
1 3046480 Update helps to determine whether to migrate the .NET Framework 1.1 when you upgrade Windows 8.1 or Windows 7
1 3050265 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 and Windows Server 2008 R2: July 2015
1 3050267 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015
seems ok 3065987 Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015; Compatibility update for upgrading
seems ok 3065988 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015 – update allows Windows Update client to receive System Hardware Updates and System Firmware Updates from a future version of Windows Server Update Services (WSUS).
1 3068707 Customer experience telemetry point. W7,8,8.1
1 3068708 Update for customer experience and diagnostic telemetry
1 3072318 Update for Windows 8.1 OOBE to upgrade to Windows 10
1 3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
seems ok 3075851 This update also resolves an issue in which certain Windows Update operations fail when you install Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015 (3065987) on Windows 7 Embedded editions.
1 3075853 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: August 2015
1 3080149 Update for customer experience and diagnostic telemetry (w7/8.1)
1 3081452 Ensures smooth experience for updateing OS to future versions
1 3083710 Windows Update Client for Windows 7 and Windows Server 2008 R2: October 2015 – see: http://sensorstechforum.com/force-upgraded-to-windows-10-kb-3083710-and-kb-3083711-patches/
1 3083711 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: October 2015 – http://sensorstechforum.com/forums/windows-updates-18/kb-3083710-and-kb-3083711/
1 3090045 Windows Update for reserved devices in Windows 8.1 or Windows 7 SP1
WINREDUCER + NTLITE
In case you want to avoid these “tracking” windows updates to install and become active, and if you don’t want to upgrade to Windows 10 from your perfectly well working Windows 7 (or even Windows 8), you may want to try this free tool:
One click and the tracking components will be disabled.
The “Upgrade to Windows 10” icons and nags will disappear.
Win10wiwi avoids also upgrading without your consent. It has been happening in the past to some users and may happen again in 2016.
You wonder what win10wiwi means? The answer is on the web site ;)!ï»¿
(This tool is and will stay free. forever. Because having the choice is the essence of freedom)
Winreducer + NTLite
Why bother with small hacks when you can just cut the components out of the frozen heart.
Unfortunately, we’ll have to keep track with microsoft releasing new black boxes regularly.
My “important updates” list has now ~20 Updates titled KB31*** and of course, none of them tells anything meaningful in it’s short description.
â€¦so i had to update my own post about that topic today, adding to the list of avoidable KB***** numbers.
Sorry: â€¦which is on
The problem arises mostly from wi fi’s and smartphones that anybody can connect from any place with stolen devices. Back to days before was only wired connections from homes and easily Companies knew who own what.
Now ,and in the name of this (amazing wi fi) and smart devices they stealing licences software connections and other things. Thanks.
Can I block Win10 updates with a firewall?
Wouldn’t it work to simply block the Windows Update service until you want to manually use it? Can’t we also block the telemetry applications/services this way?
Does nayone know the IP address range?
I can also turn off IPv6 if that makes things less complicated when using a firewall. Is this necessary?
t was humorous reading your little run-in here, as I’ve been pulling my hair out in huge clumps today trying to get Visual Studio 2015 Enterprise installed on my brand new Aspire V17 Nitro with Windows 10 installed. I can’t find any proper documentation either and it’s really frustrating. I had the Community version installed on my Samsung Ultrabook and that was problem-free, but this is just nerve-wrecking! I even had to violate my registry at one point to remove the previous failed installations after having to force the installer to quit. I’m now trying to install the Enterprise version without changing any settings at all – default size of 7gb and default install location – and it’s been stuck on 15% for about 3 hours now. Process is using 1% of the CPU and 40mb of RAM. I guess I’m probably going to have to switch back to the community version soon…
Well from 76~Dos to 98 I was in constant Communication with Bill and Paul. Actually helped to develop the first real Windows. With that being said and having to separate myself, company and short dedication to IBM (placing everything on hold) IBM fired me and allowed me to now possess 38 years of knowledge and System development; I have created ” Advanced Windowsâ„¢ 7 Professional System ” It Installs all available updates for Security and before ever reaching the complete desktop strips M$ Telemetry & OS advancement past Windowsâ„¢ 7. Everything is in the right place and at your fingertips. I currently have 41 machines & when I build my 50th laptop, I will be selling them on EBay.com I have been building my Inventory and continually enhancing my system Daily. I work on 8 to 12 at a time.
I`m pretty happy and can insure myself and purchasers that My ” Advanced Windows 7 professional System will update security for as long as M$ allows, but usable until 2024. Saying BOO YA would be pretty cool but who really gives a *&^M$ cares. My GUI is a cool blue look into a space horizon and looks so cool as it stars up saying ” Advanced Windowsâ„¢ 7 Professional System at its original location at the bottom and Shadowstar Â©â„¢ Studio Productions center screen. Yes I have a lot of talent and always dreamed of Windows starting up Saying Computer Interface Systems Â®â„¢ First.
On the Properties page, Well The Data & Logo as well as direct contact to me is Awesome
I have take the best of all versions since 98 ~ w7. It states that it can be restored to out of the box, but will loose all enhancements. Building a Laptop, provided all the parts are available to me in inventory are on-hand takes me 15 to 45 minutes. Installing the System W7 Pro takes a couple hours but after that; the enhancements take maybe three hours and fine tuning registry and so forth goes smoothly.
my only Problem is I keep taking out Evil M$ crap and adding in new enhancements.There are tools to reset the Update Directory and prevent OS upgrade. There are so many nice things added with purchased keys to thrill the owner. Context menus that get you where you need to be or start your favorite programs on the fly. Hundreds & thousands of things M$ should have done or made easily accessible. Norton Security is installed and up to date for me to be safe while building and installing
one of the finest systems M$ ever made, YES Windows Seven Professional with around 199~317 updates depending on model build.
@CisfRjsii please, whatever you have been smoking, man, share, SHARE!!
I just downloaded Xubuntu https://ext.to/xubuntu-10-10-desktop-amd64-iso-47435/ Linux so hour from now all problems with spying, viruses and slow computer will be past.
Can I block Win10 updates with a firewall?
Wouldnâ€™t it work to simply block the Windows Update service until you want to manually use it? Canâ€™t we also block the telemetry applications/services this way?
Does nayone know the IP address range?
I can also turn off IPv6 if that makes things less complicated when using a firewall. Is this necessary?