My "The Complete Windows 10 Privacy Guide" book is out
I like to challenge myself when it comes to things I like, and one of the things that I always wanted to do in that regard was to write a book.
Now, writing a book is a daunting task and I was never sure if I had the willpower to do so. I began writing a privacy guide for Windows 10 months ago; first by creating a structure for the book, and then filling that structure with content, and revisiting everything to add, edit and remove content in the process. Since I wanted it to be ready for Microsoft's Fall Creators Update, I also had to rewrite entire sections of the book as Microsoft made changes to that version of Windows 10.
I completed "The Complete Windows 10 Privacy Guide" in early October, and published it via Amazon's Createspace service, and on Amazon, as a paperback and Kindle ebook.
The book is designed to offer a complete overview of privacy when it comes to Windows 10, and it is helpful for home users and IT admins. It covers telemetry, Microsoft's position on privacy, setup, after setup configuration, Group Policy entries, Registry keys, information on individual features, a big resource section, and a lot more.
It took a long time to collect, test, and verify the information. First, because it covers a huge list of Registry keys, Group Policy Settings, Windows Settings and more that I needed to verify to match the Fall Creators Update that Microsoft will release today, and also because there is little to virtually no documentation on some settings, keys, Windows services or tasks.
I tried getting answers from Microsoft, and while I managed to talk to a PR rep, nothing came out of it unfortunately.
Here are the links to the book: (use the code FW27Q8FG on Createspace for a 25% discount on the purchase)
- The Complete Windows 10 Privacy Guide on Createspace
- The Complete Windows 10 Privacy Guide: Fall Creators Update paperback on Amazon
- The Complete Windows 10 Privacy Guide: Windows 10 Fall Creators Update version for KindleÂ (coming soon)
If you don't use Amazon.com, you need to change the domain extension to go to the local store. I appreciate any positive review on Amazon as it will help giving the book more exposure.
You can purchase the ebook version (in color format) directly from me as well. I only accept PayPal at the time of writing though. Send me $6 (or more if you want to tip or donate), and I send you the book to the PayPal email address (or another if you let me know). Note that the book as a size of 12 Megabytes.
You can preview the book on Amazon; here is a top level overview of the table of contents:
- What Microsoft says about Privacy and Windows 10
- Privacy Options during Setup
- 5-Minute Privacy Configuration
- Configuring Privacy Settings after Setup
- Quick Overview: Differences between Windows 10 editions
- Important information about tools used in this guide
- Telemetry (What is, levels, configuration, business and enterprise options)
- Settings for Windows 10
- Windows Features
- Windows Services
- Windows Tasks
- Office Telemetry
I'd like to thank Woody Leonhard and GÃ¼nter Born specifically as they offered assistance and advise. They have this to say about the book:
"Privacy has never been an easy topic and Windows privacy draws attacks from all sides. That's why it's more important now than ever to understand exactly what Windows does with your information - and what you can do to reduce the snooping, while keeping the features that you really want. Brinkmann's book is a watershed event in documenting Windows privacy settings, with in-depth information you won't find anywhere else." (Woody)
"The book contains the most complete Registry entries and group policy collection about Windows 10 privacy I've seen so far ..." (GÃ¼nter Born)
If you have any questions about the book, or the process of writing your own book, let me know and I get back to you asap.
So Martin, did you cover W10’s hard-coded IP addresses? That is, the M$ telemetry receiving server IP addresses which can’t be blocked using the HOSTS file or a third party firewall? I’ve been noticing how most people seem to have forgotten about that little “feature”. Along with forced automatic updates, it’s one of the main reasons I wouldn’t touch Windows 10 with a barge pole.
Wind your neck in.
I have not. That is a good point though. I plan to release an update with every feature update of Windows 10. Will add this to the list of things to cover.
I’ll buy it if you stop deleting my responses to Appster.
That made me laugh.
Although I’m tired of your bickering, and have stopped reading your back-and-forths long ago.
Hey, when it comes to Appster, I always keep a sense of humor. It’s funny watching him react sometimes.
The changes made to Firefox are not the end of the world, but a natural progression of things. That’s how I see it. I’m fairly optimistic as to how it will all turn out.
@ John C
Martin has put a lot of effort, thought and work into this and all you do is bitch !!
‘M$ telemetry receiving server IP addresses which can’t be blocked using the HOSTS file or a third party firewall?’
At present, NO ONE seems to know how to do this because Win 10 is a closed ‘operating system’. Of course you could try instead of moaning and criticizing.
As Womble says: Wind your neck in.
I certainly didn’t intend to imply that I don’t appreciate Martin’s excellent efforts. Far from that. But as far as my concern about the hard-coded IP addresses goes, if you’re not concerned about that yourself you’re either naive or else a complete idiot. I’m hoping that neither is the case.
And by the way, thanks to Martin for his reply!
So far the only two replies I saw bitching about were from http://www.com and you (T J). Wondering…
@J D, who’s btiching? That was a humorous response.
Maybe I should have put a smiley after it.
Some of you all need to lighten up. lol
If only was the hard coded IP address. there are a ton of undocumented APIs/updates “Hotfixes”/pinning features, and god knows what else hidden “gems” inside in Windows 10.
Congratulations, Martin, for your commitment to security and privacy which is a known evidence by now and its deployment in the area of Windows 10, the ultimate privacy questionable OS. Should I ever install it that I’d read your work before and with the greatest attention.
By the way, does anyone know if the hard-coded IP addresses “feature” is specific to Windows 10?
That’s a really good question. I’m running W7 Pro 64-bit on another computer, and update it manually. I’m betting that one of them was a kernal level modification which added the “feature”. I usually keep the computer offline, but since it’s online once in a while, doing so is no guarantee of protection from M$’s “Big Brother” snooping.
‘chef-koch October 18, 2017 at 4:49 am’ far below has an answer/explanation which I haven’t fully understood.
He states “[…]The DNS hardcoded IP’s (which aren’t IP’s btw) are in dnsapi.dll […] So looks like hard coded IP addresses are not specific to Win10. dnsapi.dll is present here on my Win7. From there on chef-koch explains that this is not stricto sensus hard coded IP. What I understand is that Windows 7 can establish certain connections even if I’ve blacklisted them …
“Microsoft responded quietly after detecting secret database hack in 2013”
The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident.
Thanks for the link, quoting …….
“Microsoft discovered the database breach in early 2013 after a highly skilled hacking group broke into computers at a number of major tech companies, including Apple Inc, Facebook Inc and Twitter Inc.”
Seems, no computer data is safe from hackers anymore, especially for high-value targets like politicians, government officials, CEOs, billionaires, movie stars, etc.
@AnorKnee Merce, what’s more worrying is M$ tried to bury it. Not a good way to gain some trust out there.
Hardcoded server IP addresses are not a problem for capable firewalls.
This is because the TLS Client Hello and/or the TLS Server Hello response contains ample plain-text names that the firewall can analyse in order to block or allow a TLS connection.
A Wireshark trace of the Hello sequence when connecting to say 220.127.116.11 (a bing.com address)shows so many names in the Hello responses from the server that a capable firewall should have no trouble in identifying that address as a Microsoft site.
Amazon UK link
Hi, excellent book, no spanish version? or multi-language?.
It would be nice if there’s a Spanish version.
English only for now unfortunately. I might translate it to German, but my “other” language skills are not sufficient to translate the book.
Glad to hear you’re releasing it in paperback as well. I won’t buy a Kindle due to DRM issues.
Let’s hope future book editions will come out as time goes by and new changes are implemented, for I believe Micro$oft won’t stand still when it comes to data collection & telemetry.
Well done! Still using Win7 Pro but will add it to my kindle collection as soon as I can. I’ll put it right next to Woody’s book. ;)
Hi Martin, congratulations and good luck!
Martin, in the Amazon US sample version for Kindle PC-3, the letter “t” is added to the beginning of many words per the attached file I sent you by email. Can you verify the problem is not in the actual Kindle PC-3 full version?
Noticed that, this must have been an uploading issue. I have pulled the Kindle version for now, will reupload once I have identified the issue.
New version is up, check it out :)
Congratulations. It’s nice to have people around who still know what books are, and who even volunteer to write one. Regretfully I won’t buy this one, since I’m safely tucked away in Windows 7, but I hope it will benefit more fearless souls.
I had a look though, and did not find any paper version with CD-ROM included. Stop giggling, please. That was a great way to use computer books. Have both a true book to read and absorb at length, and a digital version for quick reference while working on the computer.
The Kindle thing does not replace it, as you either buy a paper version, or an electronic one (and the latter is proprietary). Nobody in his right mind will buy both (people with unlimited funds excepted).
This is a glaring omission. Paper computer books, in my opinion, should by default come with an electronic version added.
Looks like good work Martin. In my own case it’s less relevant as I do not have Win10, but I will mention this book to others who do.
Re the problem of blocking IP addresses that are hardcoded within Win10: I’m no expert on this, but I guess that a simple way to block those would be to use the filtering capabilities of your router — once you have found out what IP addresses to block, of course.
Afaik nearly all routers nowadays have a configurable IP filter built into their firmware. You can access this from your browser in four simple steps:
1. enter the router’s own IP address,
2. unlock the router settings dashboard by entering your router management password,
3. go to the router’s filter settings page,
4. enter the IP addresses you want to block.
As far as I know, such a filter block in the router itself is impossible to circumvent. Bonus: none of the devices using this same router will be able to connect to the blocked IP addresses, so this block will in one stroke work for your entire home network.
Very nice suggestion Henk, thank you. Checking my router’s IP filter now and got a bit confused. I see:
1. Protocol (various options here, “ANY” should be good). Now it gets confusing:
2. Start Source IP Address
3. End Source IP Address
4. Start Destination IP Address
5. End Destination IP Address
6. Start Source port
7. End Source port
8. Start Source port
9. Start Destination port
10. End Destination port
11. Ingress (two options here: “LAN” and “the name of connection to the ISP”
12. Egress (same two options as Ingress)
Have tested it yet, but I hope it will accept multiple IP’s and ranges on the same rule, otherwise it’ll be quite a pain to add multiple rules.
@George: I don’t know what router you have, and as said I’m not a real expert here. Most routers I’ve encountered will offer a simple page in Settings named something like “Filtering” or “Security” or in rare cases “Parental Controls”. There, you should be able to quite easily add IPs to a block list (which is saved in the router’s own internal memory). Often the only choice you have to make here is between blocking outgoing or blocking incoming traffic, outgoing being the obvious choice in this case. Only two times I’ve seen a router (the cheapest kind, I suppose) that appeared to have no blocking options at all.
I wonder if you’re on the right settings page here, and not in something like the more complicated settings for Port Forwarding (which is not the same as filtering). But maybe your router just uses a more confusing entry method for filtering.
Did you search the user manual for your router, or the manufacturer’s website, for info about the correct procedure to block an IP address? If you cannot find anything, then try a Google search for the exact brand and type of your router + a keyword like “filtering” or “blocking”.
This is the best I can do now, sorry I cannot help you more. Maybe some real expert could chime in here?
Martin, you must be exhausted! What with your daily informative articles on the ghacks site to contend with, you must be Superman to be able to find time to research a comprehensive look at Windows 10 and then to publish your findings in print as well!
I checked the Dutch site, but they only appear to be offering the digital version which can also be read on a smartphone if the user installs the free Kindle app: https://www.amazon.nl/Complete-Windows-10-Privacy-Guide-ebook/dp/B076CG6S6Q/ref=sr_1_fkmr0_2/262-6010194-2289430?ie=UTF8&qid=1508250774&sr=8-2-fkmr0&keywords=The+Complete+Windows+10+Privacy+Guide%3A+Fall+Creators+Update+Paperback
Congratulations on the release of your (first ever?) book!
congratulations. long live the idealists!
Martin, thereâ€™s gotta be something WRONG with you!â€¦ :+)
Iâ€™m with TelV. How on Godâ€™s green earth did you ever find the time to run ghacks AND write a book on Win 10 privacy (certainly one of the biggest tech userâ€™s problem.) Wow!
Not that I needed any more evidence that youâ€™re a top notch pro when it comes to explaining technology but your new book just adds to it.
Who knows, after things settled down, I just might try Win 10, BUT only with your book in hand. I only want to learn from the best! Congratulations!
Yes, it was quite the busy period in my life. I plan to update the book for each new feature update that Microsoft releases. Should be less time consuming thankfully.
I like writing about things that interest me, so, it did not really feel all that much like work, but more of a research project that I enjoyed very much.
Now, what should I write about next? Any suggestions?
A guide for newbies to make the switch to Linux. It’d be fantastic to have info on setting up a Linux environment that won’t be overwhelming and confusing for those of us who aren’t experts and are used to Windows!
A guide about anonymity and privacy.
Congratulations on the book – it’s one of the few resources I feel confident comes from a knowledgeable source. Writing a book about Windows Privacy is no easy achievement – especially with the goal posts constantly changing.
Disregard any negative comments as they aren’t directed toward you but toward Microsoft itself. The comment by John C is a reflection of that and similar feelings burn brightly in many others, including myself.
I’m very happy to have made the move to Linux a few years ago. I still occasionally dabble with Windows 10 (forced support). Honestly… and I sincerely mean no offense to you, if I thought Windows 10’s user-hostile privacy issues could be solved in any form…
As far as I’m concerned, Microsoft is an unrepentant, non-accountable human rights violator and this is the only way to tackle them and many other similar tech companies.
womble & tj too bad being rude is your thing.
John C was making a comment.
I like that line tucked-in, me too.. happy with win 7
I can only choose one book to purchase today…lets see here … ” The Complete Windows 10 Privacy Guide. By Martin Brinkmann or ” Hit Refresh ” – The Quest to Rediscover Microsoft’s Soul and Imagine A Better Future for Everyone. By Satya Nadella
hmmmmm …choices, choices…vacillation, vacillation oh the pain……..okay, ding…ding…ding…ding…we have a winner…I will go with the best seller…The Complete Windows 10 Privacy Guide.
By Martin Brinkmann
That wasn’t so hard after all. LOL
Thank you ;)
Congrats Martin. Not in any way to diminish your work and efforts, I must say that any OS that requires an entire book to make it only partially private is an OS that is not worthy of being installed.
Congratulations, Martin. I sent you the money for the book as well as a donation via PayPal. I look forward to reading it.
Thank you, I have replied with a copy of the book. Should be in your inbox ;)
Congrats on your eBook! (:
I also starting long time back writing on my own book, but this will be mor techniqually: https://github.com/CHEF-KOCH/HWAB
“By the way, does anyone know if the hard-coded IP addresses “feature” is specific to Windows 10?”
The DNS hardcoded IP’s (which aren’t IP’s btw) are in dnsapi.dll, which including several domain’s for e.g. cortana (which people so wrongly called ‘spying IP’s). In my book I will cover it all, and reveal the truth about it. In fact these IP’s/Domaisn never get called with specific settings, windows versions and if you’re not rely on windows own caching mechanism. The thing starts here, on some Windows versions’s you can’t replace Windows own cache because services.msc simply not allows that, backtracking the services via regedit to manipulate this is also only a workaround because with every update you run into the possible problem t hat it gets re-enabled. In LTSB versions this is easier to handle since this toggle isn’t blocked and you can simply use DNSCrypt + Unbound (cache) and that’s basically it.
There are pseudo tools and wannabe’s which collecting ueless IP’s and think this prevents anything without mention that this is useless because WFC/windows own firewall is depending on DNS cache (windows own) without enabling such a service there not logging/catching anything and this is the real problem – so I highly recommed to use e.g. Windows 10 Firewall control from sphinx because it not is depending on Windows DNS cache service so nothing gets bypassed.
Blocking Ip’s is in general problem and mostly only end up with problems because the domain behind simply re-spawns or changes IP’s and than you’re effort is null and void. So I prefer ASN/Domain directly e.g. on a Pi-Hole/Router(NAT). What no one mentioned ever is that none of the mentioned stuff gets called as long you follow simply rules which can be changed via gpedit.msc. Which I will cover in my guide.
I like your HWAB. Please write more on your ublock and umatrix settings suggestion at github. Do you have any suggestion for the user.js for Thunderbird 52?
Thank you for your efforts, Martin. I think it is totally depressing that we need an entire to book to try to understand how are we are getting exploited and abused by the planet’s largest software manufacturer. If I ever need to install this piece of spyware I’ll be sure to but the book.
I can buy paperback on AmazonUK but struggling to find electronic/PDF version that I would rather purchase. Taking notes from the paper version is cumbersome compared to electronic one.
I can send you the PDF book to your email if you purchase the paperback. Amazon needs a while to combine the two and offer both in combination.
Flippin’ good work and appreciated.
The stars are dancing in the twilight!
Martin, congrats on your new book! I will give honest review when I get to it. I appreciate all your excellent work and writing on ghacks.net.
It is possible to buy this just as PDF?
I dont have a kindle and i dont want a book.
Yes you can do that. Just send a PayPal donation of $6 or more (link is in sidebar), and you get it.
And exist other ways to donate?
I dont have paypal nor like it
PayDirekt would be nice, but that works only with german banks…
You can send cash to my home address, how about that?
Strange, i cant answer your latest comment.
Did you live in germany?
I hope to see a Windows 10 1809 update of your book. BTW, the reader does not need a Kindle to view an Amazon ebook. I just updated the PC version of Kindle to 1.24.3, and the Amazon Embers font is super for my aging eyesight.
Congratulations on your book.
Ordered a copy from the Book Depository today.