Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'telemetry'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 20 results

  1. Microsoft Re-Releases Snooping Patches KB 2952664, KB 2976978 Earlier versions of the Win7 and 8.1 patches kicked off enhanced snooping routines, and there's no indication what's changed in these versions We don't know what KB 2952664 (for Windows 7) and KB 2976978 (for Windows 8.1) actually do. But both patches have been shown in the past to trigger a new Windows task called DoScheduledTelemetryRun. The patches appeared in the Automatic Update chute earlier todayas Optional, so they won't be installed unless you specifically check and install them. But in the past, the Optional versions have been converted rapidly to Recommended, and thus installed on most machines. The last release of KB 2952664 went from Optional to Recommend in a week. Microsoft's descriptions of the patches are quite bland: GWX, of course, is Microsoft's malware-like "Get Windows 10" campaign that plagued Windows 7 and 8.1 users last year. I last wrote about the patches on Oct. 5, 2016: The revision dates on the KB articles don't instill any confidence. When I wrote about KB 2952664 last October, I noted that the KB article was up to revision 25, dated Oct. 4, 2016. The current KB article, dated Feb. 9, 2017, is at revision 11. I have no idea what's up. Why is Microsoft releasing this CEIP diagnostic program on a Thursday? Why isn't it being held for next Tuesday's Monthly Rollup? Why does it fall outside the announced schedule of Security Only and Monthly Rollup patches? Why did the revision numbers change? But I do know that earlier versions of these patches triggered new snooping scans, whether the Customer Experience Improvement Program is enabled or not. And I do know that Microsoft hasn't documented much at all. Discussion continues on the AskWoody Lounge. AskWoody Lounge - Comments Source Alternate Source: Windows KB2652664 And KB2976978 Telemetry Updates Re-Released (Again)
  2. I IN NO WAY TAKE ANY CREDIT FOR THIS IT WAS TAKEN FROM MDL FORUM AND SOME POSTS MY MEMBERS ON THIS FORUM! Manual: Tools: Windows 10 Lite v7.1 Destroy Windows Spying v1.6 Build 722 [Works with Win 7/8/8/1/10] Blackbird v6 v0.9.98 [Works with Win 7/8/8/1/10] O&O ShutUp10 v1.4.1386 Spybot Anti-Beacon v1.6.0.42 [Works with Win 7/8/8/1/10] W10Privacy v2.2.0.1 Win.Privacy v1.0.1.5 [Works with Win 7/8/8/1/10] Disable Windows 10 Tracking v3.0.1 iSpy Privacy-X v3.0.0.0
  3. Broken down, this works out to 3967 connection attempts to 51 different Microsoft IP addresses. You can see full tabulated results on Voat. With Microsoft facing unprecedented levels of criticism for its lack of transparency over spying components, these findings will serve only to add fuel to the fire. The fact that it was the Enterprise edition of Windows 10 that was used for testing is likely to raise further questions. http://betanews.com/2016/02/06/windows-10-phones-home-a-lot-even-with-all-reporting-and-telemetry-disabled/ Windows 10 telemetry network traffic analysis, part 1 Curious about the various telemetry and personal information being collected by Windows 10, one user installed Windows 10 Enterprise and disabled all of the telemetry and reporting options. Then he configured his router to log all the connections that happened anyway. Even after opting out wherever possible, his firewall captured Windows making around 4,000 connection attempts to 93 different IP addresses during an 8 hour period, with most of those IPs controlled by Microsoft. Even the enterprise version of Windows 10 is checking in with Redmond when you tell it not to — and it's doing so frequently. Like many of you, I am concerned about the telemetry, spying and other surveillance features, known or unknown, of Windows 10. It has concerned me enough to push me to Linux Mint as my main operating system. Even so, I wanted to better understand Windows 10, but internet search results for a decent windows 10 traffic analysis leave a lot to be desired. As such, I decided to do my own investigating on what, exactly, Windows 10 is doing traffic-wise, and post the results. For this analysis, I wanted to simply analyse the network traffic of Windows 10 on a clean install, and just let it sit and run without using it. What I have done for this analysis: I have installed DD-WRT on a router connected to the internet and configured remote logging to the Linux Mint laptop in #2. I have installed Linux Mint on a laptop, and setup rsyslog to accept remote logging from the DD-WRT router. I have installed Virtualbox on the Linux Mint laptop, and installed Windows 10 EnterprisePNG on Virtualbox. I have chosen the customized installation option where I disabled three pages of tracking options. I have configured the DD-WRT router to drop and log all connection attempts via iptables through the DD-WRT router by Windows 10 Enterprise. Aside from installing Windows 10 Enterprise, and verifying the internet connection through ipconfig and ping yahoo.com, I have not used the Windows 10 installation at all (the basis for the first part of this analysis) Let Windows 10 Enterprise run overnight for about 8 hours (while I slept). I use perl to parse the data out of syslog files and insert said data into a Mysql database. I use perl to obtain route data from whois.radb.net, as well as nslookup PTR data, and insert that into the Mysql database. Lastly, I query and format the data for analyzing. Here is the roughly 8-hour network traffic analysis of 5508 connection attempts of an unused, base install of Windows 10 Enterprise (NOTE: I did not remove any 192.168.1.x home network IP addresses from the analysis): individual connection attempts by IP address,port, and protocol: select distinct(ip_address),port,protocol,count(ip_address) as attempts from rejected_connections group by ip_address order by attempts desc; ip_address port protocol attempts 94.245.121.253 3544 UDP 1619 65.55.44.108 443 TCP 764 192.168.1.1 53 UDP 630 192.168.1.255 137 UDP 602 65.52.108.92 443 TCP 271 64.4.54.254 443 TCP 242 65.55.252.43 443 TCP 189 65.52.108.29 443 TCP 158 207.46.101.29 80 TCP 107 207.46.7.252 80 TCP 96 64.4.54.253 443 TCP 83 204.79.197.200 443 TCP 63 23.74.8.99 80 TCP 45 23.74.8.80 80 TCP 45 65.52.108.103 443 TCP 29 134.170.165.251 443 TCP 27 23.67.60.73 80 TCP 21 65.52.108.27 80 TCP 21 157.56.96.58 443 TCP 19 134.170.51.247 443 TCP 18 23.67.60.97 80 TCP 18 134.170.165.253 443 TCP 18 65.55.138.126 443 TCP 18 131.253.40.53 443 TCP 16 134.170.58.118 443 TCP 15 131.253.61.100 80 TCP 14 104.73.92.149 80 TCP 14 157.56.96.123 443 TCP 14 157.56.77.139 443 TCP 13 65.55.138.111 443 TCP 12 40.117.145.132 443 TCP 12 131.253.40.59 80 TCP 12 23.210.63.75 80 TCP 12 65.55.113.13 80 TCP 11 134.170.51.246 443 TCP 9 134.170.58.190 443 TCP 9 191.232.80.58 443 TCP 9 207.46.114.58 443 TCP 9 23.193.225.197 80 TCP 9 134.170.115.62 443 TCP 9 104.73.160.51 80 TCP 9 104.73.160.16 80 TCP 9 23.210.5.16 80 TCP 8 157.56.77.138 443 TCP 8 131.253.61.84 80 TCP 8 23.217.138.11 80 TCP 8 23.193.230.88 443 TCP 7 198.41.214.183 80 TCP 6 13.107.3.128 443 TCP 6 198.41.215.186 80 TCP 6 198.41.214.186 80 TCP 6 198.41.214.184 80 TCP 6 104.73.143.160 443 TCP 6 157.55.240.220 443 TCP 6 198.41.215.185 80 TCP 6 72.21.81.200 80 TCP 6 23.193.251.132 80 TCP 6 23.193.236.70 443 TCP 5 72.21.91.8 80 TCP 5 23.217.138.25 80 TCP 4 131.253.61.96 443 TCP 4 131.253.61.82 443 TCP 3 23.102.17.214 443 TCP 3 23.101.156.198 443 TCP 3 23.74.9.198 80 TCP 3 104.73.153.9 443 TCP 3 23.74.9.217 80 TCP 3 23.9.123.27 80 TCP 3 94.245.121.254 3544 UDP 3 23.101.187.68 123 UDP 3 104.91.188.21 80 TCP 3 131.253.61.66 443 TCP 3 23.217.138.122 80 TCP 3 23.101.115.193 443 TCP 3 198.41.215.182 80 TCP 3 198.41.214.187 80 TCP 3 23.210.48.42 443 TCP 3 104.208.28.54 443 TCP 3 23.217.138.18 80 TCP 2 23.193.238.90 443 TCP 2 23.217.138.90 80 TCP 2 23.217.138.43 80 TCP 1 23.67.60.65 80 TCP 1 65.52.236.160 443 TCP 1 157.56.144.215 3544 UDP 1 23.96.212.225 443 TCP 1 157.56.144.216 3544 UDP 1 65.52.108.252 443 TCP 1 65.52.108.94 443 TCP 1 134.170.179.87 443 TCP 1 104.73.138.217 443 TCP 1 104.91.166.82 80 TCP 1 104.73.160.58 80 TCP 1 137.116.74.190 80 TCP 1 23.217.138.97 80 TCP 1 Extended data for each distinct connection attempt: select distinct(t1.ip_address),nslookup,port,protocol,connection_attempts,route,origin,description from (select distinct(ip_address) as ip_address,port,protocol,count(ip_address) as connection_attempts from rejected_connections group by ip_address order by connection_attempts desc ) as t1 join (select distinct(ip_address) as ip_address,nslookup,route,origin,description from routing_data group by ip_address) as t2 where t1.ip_address=t2.ip_address order by connection_attempts desc; ip_address nslookup port protocol connection_attempts route origin description 94.245.121.253 3544 UDP 1619 94.245.64.0/18 AS8075 MICROSOFT 65.55.44.108 443 TCP 764 65.52.0.0/14 AS8075 MICROSOFT 65.52.108.92 msnbot-65-52-108-92.search.msn.com 443 TCP 271 65.52.0.0/14 AS8075 MICROSOFT 64.4.54.254 443 TCP 242 64.4.0.0/18 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 65.55.252.43 msnbot-65-55-252-43.search.msn.com 443 TCP 189 65.52.0.0/14 AS8075 MICROSOFT 65.52.108.29 msnbot-65-52-108-29.search.msn.com 443 TCP 158 65.52.0.0/14 AS8075 MICROSOFT 207.46.101.29 80 TCP 107 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 207.46.7.252 80 TCP 96 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 64.4.54.253 443 TCP 83 64.4.0.0/18 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 204.79.197.200 a-0001.a-msedge.net 443 TCP 63 204.79.197.0/24 AS8151 Microsoft Corporation 23.74.8.99 a23-74-8-99.deploy.static.akamaitechnologies.com 80 TCP 45 23.74.8.0/23 AS20940 Akamai Technologies 23.74.8.80 a23-74-8-80.deploy.static.akamaitechnologies.com 80 TCP 45 23.74.8.0/23 AS20940 Akamai Technologies 65.52.108.103 443 TCP 29 65.52.0.0/14 AS8075 MICROSOFT 134.170.165.251 443 TCP 27 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.67.60.73 a23-67-60-73.deploy.static.akamaitechnologies.com 80 TCP 21 23.67.60.0/24 AS7922 Comcast Cable Communications, Inc. 65.52.108.27 msnbot-65-52-108-27.search.msn.com 80 TCP 21 65.52.0.0/14 AS8075 MICROSOFT 157.56.96.58 443 TCP 19 157.56.0.0/16 AS8075 MICROSOFT 134.170.51.247 443 TCP 18 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.67.60.97 a23-67-60-97.deploy.static.akamaitechnologies.com 80 TCP 18 23.67.60.0/24 AS7922 Comcast Cable Communications, Inc. 134.170.165.253 443 TCP 18 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 65.55.138.126 443 TCP 18 65.52.0.0/14 AS8075 MICROSOFT 131.253.40.53 443 TCP 16 131.253.32.0/20 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 134.170.58.118 443 TCP 15 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 131.253.61.100 80 TCP 14 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 104.73.92.149 a104-73-92-149.deploy.static.akamaitechnologies.com 80 TCP 14 104.64.0.0/10 AS31377 Akamai Technologies 157.56.96.123 443 TCP 14 157.56.0.0/16 AS8075 MICROSOFT 157.56.77.139 443 TCP 13 157.56.0.0/16 AS8075 MICROSOFT 65.55.138.111 443 TCP 12 65.52.0.0/14 AS8075 MICROSOFT 40.117.145.132 443 TCP 12 40.64.0.0/10 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 131.253.40.59 80 TCP 12 131.253.32.0/20 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.210.63.75 a23-210-63-75.deploy.static.akamaitechnologies.com 80 TCP 12 23.210.48.0/20 AS16625 Akamai Technologies 65.55.113.13 80 TCP 11 65.52.0.0/14 AS8075 MICROSOFT 134.170.51.246 443 TCP 9 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 134.170.58.190 443 TCP 9 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 191.232.80.58 443 TCP 9 191.232.0.0/13 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 207.46.114.58 443 TCP 9 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.193.225.197 a23-193-225-197.deploy.static.akamaitechnologies.com 80 TCP 9 23.193.224.0/20 AS20940 Akamai Technologies 134.170.115.62 443 TCP 9 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 104.73.160.51 a104-73-160-51.deploy.static.akamaitechnologies.com 80 TCP 9 104.64.0.0/10 AS31377 Akamai Technologies 104.73.160.16 a104-73-160-16.deploy.static.akamaitechnologies.com 80 TCP 9 104.64.0.0/10 AS31377 Akamai Technologies 23.210.5.16 a23-210-5-16.deploy.static.akamaitechnologies.com 80 TCP 8 23.208.0.0/14 AS31377 Akamai Technologies 157.56.77.138 443 TCP 8 157.56.0.0/16 AS8075 MICROSOFT 131.253.61.84 80 TCP 8 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.11 a23-217-138-11.deploy.static.akamaitechnologies.com 80 TCP 8 23.217.138.0/24 AS7922 Akamai Technologies 23.193.230.88 a23-193-230-88.deploy.static.akamaitechnologies.com 443 TCP 7 23.193.224.0/20 AS20940 Akamai Technologies 198.41.214.183 80 TCP 6 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 13.107.3.128 443 TCP 6 13.104.0.0/14 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 198.41.215.186 80 TCP 6 198.41.215.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 198.41.214.186 80 TCP 6 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 198.41.214.184 80 TCP 6 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 104.73.143.160 a104-73-143-160.deploy.static.akamaitechnologies.com 443 TCP 6 104.64.0.0/10 AS31377 Akamai Technologies 157.55.240.220 443 TCP 6 157.55.0.0/16 AS8075 MICROSOFT 198.41.215.185 80 TCP 6 198.41.215.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 72.21.81.200 80 TCP 6 72.21.81.0/24 AS15133 EdgeCast Networks, Inc. 23.193.236.70 a23-193-236-70.deploy.static.akamaitechnologies.com 443 TCP 5 23.193.224.0/20 AS20940 Akamai Technologies 72.21.91.8 80 TCP 5 72.21.91.0/24 AS15133 EdgeCast Networks, Inc. 23.217.138.25 a23-217-138-25.deploy.static.akamaitechnologies.com 80 TCP 4 23.217.138.0/24 AS7922 Akamai Technologies 131.253.61.96 443 TCP 4 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 131.253.61.82 443 TCP 3 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.101.156.198 443 TCP 3 23.100.0.0/15 AS8075 MICROSOFT 104.73.153.9 a104-73-153-9.deploy.static.akamaitechnologies.com 443 TCP 3 104.64.0.0/10 AS31377 Akamai Technologies 23.9.123.27 a23-9-123-27.deploy.static.akamaitechnologies.com 80 TCP 3 23.9.112.0/20 AS16625 Akamai Technologies 94.245.121.254 3544 UDP 3 94.245.64.0/18 AS8075 MICROSOFT 23.101.187.68 123 UDP 3 23.100.0.0/15 AS8075 MICROSOFT 104.91.188.21 a104-91-188-21.deploy.static.akamaitechnologies.com 80 TCP 3 104.91.176.0/20 AS20940 Akamai Technologies 131.253.61.66 443 TCP 3 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.122 a23-217-138-122.deploy.static.akamaitechnologies.com 80 TCP 3 23.217.138.0/24 AS7922 Akamai Technologies 23.101.115.193 443 TCP 3 23.100.0.0/15 AS8075 MICROSOFT 198.41.215.182 80 TCP 3 198.41.215.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 198.41.214.187 80 TCP 3 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 23.210.48.42 a23-210-48-42.deploy.static.akamaitechnologies.com 443 TCP 3 23.210.48.0/20 AS16625 Akamai Technologies 104.208.28.54 443 TCP 3 104.208.0.0/13 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.18 a23-217-138-18.deploy.static.akamaitechnologies.com 80 TCP 2 23.217.138.0/24 AS7922 Akamai Technologies 23.193.238.90 a23-193-238-90.deploy.static.akamaitechnologies.com 443 TCP 2 23.193.224.0/20 AS20940 Akamai Technologies 23.217.138.90 a23-217-138-90.deploy.static.akamaitechnologies.com 80 TCP 2 23.217.138.0/24 AS7922 Akamai Technologies 23.217.138.43 a23-217-138-43.deploy.static.akamaitechnologies.com 80 TCP 1 23.217.138.0/24 AS7922 Akamai Technologies 23.67.60.65 a23-67-60-65.deploy.static.akamaitechnologies.com 80 TCP 1 23.67.60.0/24 AS7922 Comcast Cable Communications, Inc. 65.52.236.160 443 TCP 1 65.52.0.0/14 AS8075 MICROSOFT 157.56.144.215 3544 UDP 1 157.56.0.0/16 AS8075 MICROSOFT 23.96.212.225 443 TCP 1 23.96.0.0/14 AS8075 MICROSOFT 157.56.144.216 3544 UDP 1 157.56.0.0/16 AS8075 MICROSOFT 65.52.108.252 443 TCP 1 65.52.0.0/14 AS8075 MICROSOFT 65.52.108.94 msnbot-65-52-108-94.search.msn.com 443 TCP 1 65.52.0.0/14 AS8075 MICROSOFT 134.170.179.87 443 TCP 1 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 104.73.138.217 a104-73-138-217.deploy.static.akamaitechnologies.com 443 TCP 1 104.64.0.0/10 AS31377 Akamai Technologies 104.91.166.82 a104-91-166-82.deploy.static.akamaitechnologies.com 80 TCP 1 104.91.166.0/23 AS20940 Akamai Technologies 104.73.160.58 a104-73-160-58.deploy.static.akamaitechnologies.com 80 TCP 1 104.64.0.0/10 AS31377 Akamai Technologies 137.116.74.190 80 TCP 1 137.116.0.0/15 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.97 a23-217-138-97.deploy.static.akamaitechnologies.com 80 TCP 1 23.217.138.0/24 AS7922 Akamai Technologies is for awhile longer (hours? days? weeks?) to get a more complete snapshop of connection attempts before I move on to further analysis of Windows 10. All Credits To CheesusCrust The Source
  4. Microsoft Reduces the Amount of Telemetry Data Collected from Windows 10 PCs Other privacy changes implemented for Microsoft users First and foremost, Microsoft is introducing a new privacy dashboard on the web that lets users see and manage privacy data, including search history, location activity, and Cortana’s Notebook - information that the digital assistant requires to provide a more personal experience. In order to access this dashboard, you need to sign in with your Microsoft account and connect to account.microsoft.com/privacy, with Redmond promising to add more functionality and categories over time. Windows 10 changes As far as Windows 10 is concerned, Microsoft is announcing a new setup experience for users who install the new OS. The new option replaces the previous Express settings presented during the Windows 10 install, Microsoft says. Those upgrading from Windows 7, Windows 8 or performing a new clean install should be able to see what Microsoft describes as “simple but important settings,” while those who are already on Windows 10 will be asked to update privacy settings with a notification. These new settings will make their debut with the Creators Update, and will be integrated into an insider build shipping soon. The telemetry settings in Windows 10 will be simplified from three different levels to just two, namely Basic and Full. The Enhanced level will no longer be offered, and users who picked this one will be prompted to switch to Basic or Full after installing the Creators Update. But what’s more important is that the Basic level will collect a reduced amount of telemetry data from Windows 10 computers, according to Microsoft. “This includes data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft,” the firm says. Users will be given full control over their privacy settings and will obviously be allowed to change them at a later time from the Settings app in Windows 10. Source
  5. How Windows 10 Data Collection Trades Privacy For Security Here's what data each telemetry level collects and the price you pay to send the least telemetry to Microsoft Windows 10’s aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft. But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That’s because doing so can decrease the effectiveness of Windows 10’s security features. Microsoft isn’t merely hoovering up large amounts of data because it can. The company has repeatedly reiterated its stance that Windows 10 does not collect the user’s personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality. With the current shift to Windows-as-a-service, Microsoft plans to release more updates to the operating system more frequently, and it will use telemetry data to understand how people are actually using Windows and applications. Microsoft can use the information to figure out what new features are needed or to prioritize changes to existing components. For Microsoft, more data means more security But the telemetry data is used for more than how to improve or evolve Windows. There is an actual security impact, too. Knowledge is power, and in the case of Windows 10, that usage data lets Microsoft beef up threat protection, says Rob Lefferts, Microsoft’s director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender, such as Application Guard and Advanced Threat Detection (these two features are available only to customers with Windows 10 Enterprise with Anniversary Update and Enterprise E5 subscriptions). As Windows 10’s built-in security tool, Windows Defender uses real-time protection to scan everything downloaded or run on the PC. The information from these scans is sent back to Microsoft and used to improve protection for everyone else. For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences. Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns, Microsoft needs access to technical data, such as what processes are consuming system resources, hardware diagnostics, and file-level information like which applications had which files open, Lefferts says. Taken together, the hardware information, application details, and device driver data can be used to identify parts of the operating system are exposed and should be isolated into virtual containers. How Windows 10 telemetry levels affect security and administration IT admins can control what telemetry is sent back to Microsoft using group policy objects—if they are using an enterprise version of Windows 10 and a Microsoft administration tool, of course. (Consumer versions of Windows don’t provide this capability, which is why there are now third-party telemetry blockers on the market, though not all telemetry can be blocked.) The Privacy option in Settings lets administrators choose one of three telemetry levels: Basic, Enhanced, and Full. Windows 10 Home and Pro are set by default to Full. Windows 10 Enterprise and Education are set by default to Enhanced. But there’s a fourth level called Security available only in Windows 10 Enterprise and Education editions, and only through group policies (not via Settings). Available to admins only, Security level sends the least data. The Security level sends less telemetry to Microsoft than the Basic level does. And it collects enough technical data about Windows’s Connected User Experience and Telemetry component settings, the MSRT (Malicious Software Removal Tool), and Windows Defender to keep Windows, Windows Server, and System Center secure. At the Security level, only OS information, device ID, and device class (server, desktop, mobile device) are sent to Microsoft, along with the MSRT report that contains information about the infection and IP address. Windows Defender and System Center Endpoint Protection provide diagnostic information, user account control settings, UEFI (Unifieid Extensible Firmware Interface) settings, and IP addresses. (If this latter information shouldn’t be sent, then turn off Windows Defender and use a third-party tool instead.) If the goal is to not have any data go to Microsoft, using the Security level is the best option. But it has one big drawback: Windows Update won’t work, because Windows Update information—such as whether the update installation succeeded or failed—does not get collected at the Security level. MSRT also won’t run if Windows Update is not working. Thus, it requires a lot of IT involvement to keep the systems updated and secure if the telemetry level is set to Security. Basic level is the least a user can choose within Windows. For most users focused on privacy, the Basic level is probably the best option for limiting what gets sent to Microsoft. The Basic level sends device information like application compatibility and usage information in addition to the information sent from the Security level. This can include the number of crashes and the amount of processor time and memory an application used at a time. System data can help Microsoft know whether a device meets the minimum requirements to upgrade to the next version. Data from the Basic level helps identify problems that can occur on a particular hardware or software configuration. The types of data collected include device attributes, such as camera resolution, display type, and battery capacity; application and operating system versions; networking devices, such as the number of network adapters; IMEI number (for mobile devices) and mobile operator network; architecture details, such as processor, memory type, and firmware versions; storage data, such as number of drives, type, and size; and virtualization support. The Basic level also collects and transmits compatibility details, such as how add-ons work with the browser, how applications work with the operating system, and whether peripherals like printers and storage devices would work with the next version of the operating system. Enhanced level aids user-experience improvements. The Enhanced level, the default setting for Windows 10 Enterprise and Education, also sends data on how Windows, Windows Server, System Center, and applications are used; how they perform; and their reliability. This includes operating system events, such as those from networking, Hyper-V, Cortana, storage, and file system; operating system application events, such as those from Server Manager, Mail, and Microsoft Edge; device-specific events such as data from Microsoft HoloLens; and all crash dumps. Data collected from the Enhanced level helps Microsoft improve user experience because the company can use the detailed information to find patterns and trends in how the applications are being used. Enhanced is the minimum level needed for Microsoft to identify and address Windows 10, Windows Server, and System Center quality issues. The Full level makes your PC an open book. The Full level—the default for consumer versions of Windows—is the free-for-all level that has privacy folks worried, because it includes significant technical data, which Microsoft claims is “necessary to identify and help to fix problems.” At the Full level, devices send information related to reliability, application responsiveness, and usage along with all crash dumps. Data collection has changed in Windows Telemetry data is not new to Windows 10. Microsoft used telemetry in previous versions of Windows and Windows Server to check for updated or new Windows Defender signatures, verify Windows Update installations, and gather reliability information through the RAC (Reliability Analysis Component) and Windows CEIP (Customer Experience Improvement Program). What’s changed is that Windows 10 has expanded the scope to better understand the type of hardware being used, basic system diagnostics, logs of how frequently features are being used, what applications have been installed, how users are using those applications, and the reliability data from device drivers. Microsoft says it tries to avoid collecting personal information, but it can happen. For example, crash dumps can contain the contents of a document that was in memory at the time of the crash. The news that Microsoft would include threat intelligence content such as indicators and reports of past attacks from FireEye’s iSight Intelligence product into Windows Defender Advanced Threat Protection, there were concerns that FireEye would gain access to some of the telemetry data. But Microsoft says that is not part of the FireEye deal. Microsoft’s plan to put advertising on users’ lock screens and Start screens—and block IT admins from disabling them—has also fanned the flames of security fear. After all, similar advertising from the likes of Google ad Facebook relies heavily on the intense collection of personal data to target the ads. It’s worth noting that Windows is not intentionally collecting functional data, such as the user’s location when the user is looking at local weather or news. The application may collect such data, but not the Windows 10 operating system—and thus not the Windows 10 telemetry. Of course, Microsoft collects personal information from its own applications. Cortana is such an example, but users can turn off Cortana completely. Overall, IT organizations should be able to find a telemetry level they’re comfortable with in terms of privacy, while not sacrificing the core security of Windows. They may have to pay the price of higher admin costs if they use the lowest telemetry level (Security), but only if they choose to do so. Source AskWoody's Word On This Article
  6. Gamers are accusing NVIDIA’s new drivers of spying on you, collecting more data with new telemetry services. But NVIDIA isn’t spying on you—or, at least, NVIDIA isn’t gathering more data than it already was, and most of that data is required for it to work properly. Those New Telemetry Processes Do Nothing (at the Moment) This whole subject started to take on a life of its own when people noticed the latest NVIDIA drivers add an “NVIDIA telemetry monitor”, or NvTmMon.exe, entry to the Task Scheduler. MajorGeeks even recommended disabling these tasks with the Microsoft Autoruns software. While many websites uncritically recommended disabling these processes, Gamers Nexus monitored these processes and found that “they appear to be inactive at this time and do not transact data, as far as we can tell.” In other words, those telemetry-named processes do nothing. Disabling them accomplishes nothing. It’s possible that NVIDIA is working on moving telemetry-related functions from the main GeForce Experience program to these processes, but that hasn’t happened yet. A future driver update that makes these processes functional will also probably re-enable them in the Task Scheduler. There’s no point in disabling them right now “just in case”. People Are Reading the Wrong Privacy Policy People on Reddit found the Privacy Policy on NVIDIA’s website and summarized it as such: “NVIDIA may collect your name, address, email, phone number, IP address, and non traditional identifiers and share this information with business partners, resellers, affiliates, service providers, consulting partners, and others. This information is combined with typical browsing and cookie data and used by NVIDIA itself or advertising networks.” That sounds bad. But that’s actually a summary of the privacy policy for your use of NVIDIA’s website. As Gamers Nexus wrote, there’s a separate policy that covers GeForce Experience and NVIDIA’s software. NVIDIA issued an official statement that said: “NVIDIA does not share any personally identifiable information collected by GeForce Experience outside the company. NVIDIA may share aggregate-level data with select partners, but does not share user-level data… Aggregate data refers to information about a group of users rather than an individual. For example, there are now 80 million users of GeForce Experience.” GeForce Experience Needs to Collect Data to Function The GeForce Experience application, by its very nature, needs to collect some data from you. Here’s what the GeForce Experience application, included with NVIDIA’s drivers, does: It checks for new drivers and downloads them for you. To do this, it has to check which operating system you’re using, which NVIDIA hardware you have installed, and which driver version you currently have installed. It scans your system for installed games and suggests optimal settings. To do this, it needs to know which games you have installed, how they’re currently configured, and what hardware you have in your PC. It also reports back basic information about how you use the application. For example, NVIDIA can probably tell how many people use the GeForce Experience application to optimize games, how many people use the gameplay-recording feature, and so on. NVIDIA says it hasn’t started collecting any new data recently, writing in a statement: “The nature of the information collected has remained consistent since the introduction of GeForce Experience 1.0. The change with GeForce Experience 3.0 is that this error reporting and data collection is now being done in real-time.” You Can Monitor the Data GeForce Experience Sends If you’d like to see every bit of data GeForce Experience sends, you can do so with Wireshark. Gamers Nexus monitored the data NVIDIA’s applications sent over the wire and found about what you’d expect. It sends: Your GPU’s specification, vendor, clock speed, and overclock information. Your monitor information and display resolution. Driver settings for some specific games, such as whether you’ve disabled G-Sync or chosen a type of antialiasing for a game in the NVIDIA Control Panel. The resolution and quality settings you’ve chosen for some specific games. A list of games and applications installed, so NVIDIA can see how many people have Origin, Steam, Counter-Strike: GO, Overwatch, and other games installed. How much RAM you have. Information about your CPU, motherboard, and BIOS version. This is the type of data we’d expect to see, given what GeForce Experience does. NVIDIA can use much of this data to suggest optimal settings for your hardware. Data about which games you have installed and how you’ve configured them can help NVIDIA know which games to focus development resources on, and point it in the right direction when automatically choosing graphics settings. These are good things, and what GeForce Expeirence has always been designed to do anyway. To Disable Telemetry, You’d Have to Break GeForce Experience You’re free to disable those telemetry services, but that won’t do anything for the time being. To truly stop NVIDIA’s software from phoning home, you’d have to break GeForce Experience by blocking its connections at the firewall level. But if you do this, GeForce Experience won’t automatically check for and provide you with graphics driver updates anymore. The game-optimization features would stop working. Other Internet-connected features would also break. In fact, if you block connections from GeForce Experience and it can’t connect to NVIDIA’s servers, it just kicks you back top a sign-in screen saying “We are unable to log you in at this time. Try again later.” This is a bad idea. Those graphics driver updates are important! The Mandatory Account Still Stings We’ve looked into it and found NVIDIA’s telemetry is really nothing to worry about. GeForce Experience collects as much data as it always does, and the data it collects makes sense for what it has to do. The new telemetry processes don’t seem to actually do anything. But NVIDIA has gamers on edge with its recent decisions. GeForce Experience version 3.0 requires you sign in with an account to use it—even just to get driver updates—which makes many gamers unhappy. However, you can just create an NVIDIA account for this purpose. You don’t have to link a Google or Facebook account. While we wish NVIDIA would offer more options, let’s keep our complaints tethered to the real world. Many of the claims going around online about NVIDIA’s new telemetry services just aren’t true. Article source
  7. Microsoft Security Bulletins November 2016 Microsoft Security Bulletins November 2016 offers an overview of all security and non-security patches for Windows and other Microsoft products. Yes, it is this time of the month again. Microsoft just released updates for all client and server versions of Windows and other company products. Our Microsoft Security Bulletins November 2016 provides you with information so that you can prioritize updates for deployment, or find out what they do before installing them. The overview begins with an executive summary that highlights the most important bits of information. It is followed by the operating system and other Microsoft product distribution that lists products and the number of security updates and their severity. This is followed by the list of security bulletins, security advisories and updates, and non-security updates released in the past 30 days. The last part details how to download these updates. It offers direct update download links that point to Microsoft's Update Catalog, and reference links that you can load for additional information and research. Microsoft Security Bulletins November 2016 Executive Summary Microsoft released 14 security bulletins on the November 2016 Patch Day. 6 of the bulletins are rated with a severity rating of critical, the remaining 8 with a rating of important. All client and server versions of Windows are affected by at least one critically rated bulletin. Microsoft published updates for Microsoft Edge, Microsoft SQL Server, Office and other Microsoft products as well. Operating System Distribution Windows 8.1 and 10 are affected by more vulnerabilities than Windows 7 and Vista on the client side. This is explained by the security update for Adobe Flash MS16-141 which is released for Windows 8.1 and 10 only, and MS16-129, the cumulative security update for Microsoft Edge. The new Windows Server 2016 is affected by MS16-130 and Ms16-131 critically, while previous versions of Windows Server are either not affected at all, or only with important severity. Windows Vista: 2 critical, 6 important Windows 7: 2 critical, 6 important Windows 8.1: 3 critical, 7 important Windows RT 8.1: 1 critical, 7 important Windows 10: 4 critical, 7 important Windows Server 2008: 1 critical, 6 important Windows Server 2008 R2: 1 critical, 6 important Windows Server 2012 and 2012 R2: 6 important, 2 moderate Windows Server 2016: 2 critical, 5 important Server core: 8 important Other Microsoft Products Microsoft Office 2007, 2010, 2013 and 2016: 1 important Microsoft Office 2013 RT: 1 important Microsoft Office 2011, 2016 for Mac: 1 important Microsoft Office Compatibility Pack Service Pack 3: 1 important Microsoft Excel Viewer: 1 important Microsoft PowerPoint Viewer: 1 important Microsoft SharePoint Server 2010, 2013: 1 important Microsoft Office Web Apps 2010, 2013: 1 important SQL Server 2012 Service Pack 2, Service Pack 3: 1 important SQL Server 2014 Service Pack 1, Service Pack 2: 1 important SQL Server 2016: 1 important Security Bulletins Red = critical MS16-129 -- Cumulative Security Update for Microsoft Edge (3199057) This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. MS16-130 -- Security Update for Microsoft Windows (3199172) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application. MS16-131 -- Security Update for Microsoft Video Control (3199151) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. MS16-132 -- Security Update for Microsoft Graphics Component (3199120) This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. MS16-133 -- Security Update for Microsoft Office (3199168) This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. MS16-134 -- Security Update for Common Log File System Driver (3193706) This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. MS16-135 -- Security Update for Windows Kernel-Mode Drivers (3199135) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. MS16-136 -- Security Update for SQL Server (3199641) This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. MS16-137 -- Security Update for Windows Authentication Methods (3199173) This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. MS16-138 -- Security Update to Microsoft Virtual Hard Disk Driver (3199647) This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability. MS16-139 -- Security Update for Windows Kernel (3199720) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. MS16-140 -- Security Update for Boot Manager (3193479) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy. MS16-141 -- Security Update for Adobe Flash Player (3202790) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. MS16-142 -- Cumulative Security Update for Internet Explorer (3198467) This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Security advisories and updates KB3201860 -- MS16-128: Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8 Embedded Standard, and Windows Server 2012 Non-security related updates Cumulative updates not yet published on the update history pages. Will update the article as soon as that happens. KB3197867 -- November, 2016 Security Only Quality Update for Windows 7 and Server 2008 R2 Security updates to Microsoft Graphics Component, kernel-mode drivers, Microsoft Video Control, Common Log File System driver, Windows authentication methods, Windows operating system, Windows File Manager, Windows registry, OpenType, Internet Explorer 11, and Windows Component. KB3197868 -- November, 2016 Security Monthly Quality Rollup for Windows 7 and Server 2008 R2 Support page MIA. No information other than the security updates that it includes. KB3197873 -- November, 2016 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 Support page MIA. See KB3197867 above for list of updates. KB3197874 -- November, 2016 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 Support page MIA. No information KB3200970 -- Cumulative Update for Windows 10 Version 1607 and Windows Server 2016 Addressed issues that prevented users from connecting to virtual private networks (VPNs). Improved reliability of Internet Explorer, Remote Desktop and multimedia audio. Fixed a system tray issue in regards to WiFi connections not showing up. Fixed unnamed issues in various Windows components including Microsoft Edge, Internet Explorer 11, Remote Desktop, Active Directory, Windows shell, enterprise security and more. Security updates for a number of Windows components including Boot Manager, kernel-mode drivers, Edge, IE11, Microsoft Video Control and more (as outlined in the Security Bulletins section above). KB3197954 -- Cumulative Update for Windows 10 Version 1607 and Windows Server 2016 Improved reliability of many components including Windows kernel, Internet Explorer 11, Start, File Explorer, graphics. Fixed crash in System Center Operations Manager (SCOM). Fixed connectivity issues in Remote Desktop Gateway. Addressed updates restoration issue when doing system resets. Fixed an issue that caused domain logons to fail after upgrading from Windows 10 Home to Pro. The HTTP Strict Transport Security (HTST) preload list was updated. Addressed unnamed issues affecting USB, Wi-Fi, Bluetooth, Windows kernel, Microsoft Edge, Internet Explorer 11, PowerShell, and more. Check out the support article linked above for a full rundown. KB2976978 -- Update for Windows 8.1 -- Compatibility update for keeping Windows up-to-date in Windows 8.1 and Windows 8 -- This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program KB3199375 -- Update for Internet Explorer -- FIX: "Do you want to open this file" error message after you apply security update 3185319 KB3200006 -- Update for Internet Explorer -- System Center Operations Manager Management Console crashes after you install MS16-118 and MS16-126 KB3192321 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 -- Turkey ends DST observance KB3192403 -- October, 2016 Preview of Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 KB3192404 -- October, 2016 Preview of Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 KB3192406 -- October, 2016 Preview of Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 KB3198591 -- Update for Windows 7 and Windows Server 2008 R2 -- Windows Server 2008 R2 domain controller crashes when two threads use the same LDAP connection How to download and install the November 2016 security updates Windows 7, 8.1 and 10 users get so-called monthly rollup releases. On Vista, individual patches are made available. Windows users can download and install the patches via Windows Update: Tap on the Windows-key, type Windows Update and hit the Enter-key. If the update check is not performed automatically, click on "check for updates" on the page that opens. Updates that are found may be installed automatically, or displayed to the user instead for manual selection. Updates are also made available on Microsoft's Download Center, as monthly security releases, and through the Microsoft Update Catalog. Direct Microsoft Update Catalog download links: Windows 10, Windows Server 2016 KB3200970 -- Cumulative Update for Windows 10 Version 1607 KB3197954 -- Cumulative Update for Windows 10 Version 1607 Windows 8.1, Windows Server 2012 R2 KB3197874 -- November, 2016 Security Monthly Quality Rollup for Windows 8.1 and Server 2012 R2 KB3197873 -- November, 2016 Security Only Quality Update Windows 7, Windows Server 2008 R2 KB3197868 -- November, 2016 Security Monthly Quality Rollup for Windows 7 and Server 2008 R2 KB3197867 -- November, 2016 Security Only Quality Update Additional resources Microsoft Security Bulletin Summary for November 2016 List of software updates for Microsoft products List of security advisories of 2016 Microsoft Update Catalog site Our in-depth update guide for Windows Windows 10 Update History Windows 8.1 Update History Windows 7 Update History Source
  8. It's been brought to our attention that nVIDIA now has telemetry included with its drivers. It also continues the bloat with nVIDIA Wireless Controller and ShadowPlay services, something many don't need. First, let's go over what these are. Telemetry is essentially considered spying by many as it is a way to send data back and forth. It's nowhere near that simple, but we'd like to know what it's doing in our video drivers when it's never been needed before. nVIDIA Wireless Controller requires you have, you guessed it, a nVIDIA Wireless Controller. ShadowPlay is a way to capture and record gameplay. The easiest way to check for, and disable these is to download Microsoft Autoruns. Autoruns is portable, so no installation is needed. Download it and unzip Autoruns.zip into its own folder and double click Autoruns.exe or Autoruns64.exe. Type nvidia in the filter box. You will find Telemetry in the Task Scheduler section and the nVIDIA Wireless Controller, and ShadowPlay services further down under the registry entries. Uncheck what you don't want, close and reboot. If you get an error, close the program and right click on Autoruns.exe or Autoruns64.exe and "Run as Administrator." Here is an image showing you how to get it done: Article source
  9. If you have the Microsoft Windows Malicious Software Removal Tool installed on your machine, either by having installed it manually or because it shipped with Windows, you may have noticed already that it is sending out so called Heartbeat Reports after certain scans. These reports are not linked to any of the major telemetry services or tasks that you may or may not have disabled on your machine. On Windows 10, the Heartbeat report gets sent out to Microsoft even if you have disabled the Customer Experience Program and the majority of other telemetry related services or tasks, and made sure to set all privacy related settings to maximum privacy. How to disable Heartbeat Telemetry First thing you may want to do is check whether the installed copy of the Windows Malicious Software Removal Toll (MRT) sents Heartbeat telemetry reports. The easiest way to check that is to load the MRT log. Open File Explorer or Windows Explorer on your Windows machine, and load the following by pasting it in the address bar and hitting the Enter-key: C:\Windows\debug\mrt.log This opens the MRT log. Scroll down to the last entries and check for Heartbeat Telemetry there. You may also hit F3 to open the search to jump to the first Heartbeat entry in the log. Heartbeat Telemetry data is not sent out each day according to the log, but only every five or six days. You can verify that in the log as you will find "Heartbeat Will be Sent in x Days" entries there. Microsoft notes in its privacy statement that the Malicious Software Removal Tool will sent a report to Microsoft with "specific data about malware detected, errors, and other data about your device" but fails to go into details. We don't know what is sent to Microsoft as part of Heartbeat other than the information that Microsoft revealed in its privacy statement. Option 1: Registry Key The Knowledgebase support article KB891716, Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment, lists a Registry key to block the sending of reports of the MRT to Microsoft. An administrator can choose to disable the infection-reporting component of the tool by adding the following registry key value to computers. If this registry key value is set, the tool will not report infection information back to Microsoft. Subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT Entry name: \DontReportInfectionInformation Type: REG_DWORD Value data: 1 Note: Since Heartbeat is only triggered when automatic scans are run, it is too early to say if setting the key disables the sending of reports completely. I will monitor the situation and will update the article with my findings later. Tap on the Windows-key, type regedit.exe and hit the Enter-key. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT Right-click on MRT and select New > Dword (32-bit) Value from the context menu. Name the name Dword DontReportInfectionInformation Double-click the newly created Dword and set its value to 1. Option 2: Disable the MRT Task, or Disable Heartbeat Telemetry Since MRT is run automatically, it must be triggered somewhere. If you check the Task Scheduler for MRT related tasks, you will eventually find the one task that Windows uses for that. Note: Disabling the task disables automatic MRT scans on the system. Make sure you have proper antivirus software installed on the device. Tap on the Windows-key, type Task Scheduler, and hit the Enter-key. Use the sidebar folder structure and go to Task Scheduler Library > Microsoft > Windows > RemovalTools. Right-click on MRT_HB and select disable from the context menu. If you compare the last run time with the Malicious Software Removal Tool log, you will notice that they match. Also, the _HB part is a strong indicator that this is what is triggering the Heartbeat reports. If you check the command switches used, you will notice the undocumented switch /EHB. You could remove the switch from the command to keep automatic scans without Heartbeat report generation enabled. I verified that /EHB is indeed the trigger for Heartbeat Telemetry. If you remove it, no Heartbeat reports are created when the scan runs. You may need to check back regularly though as Windows Updates may replace the custom task with the default one. Article source
  10. Microsoft plans to roll out major extensions to its Diagnostic and Telemetry service in November Yesterday Microsoft released seven new patches through Windows Update. Three of them -- KB 3192403 for Windows 7, KB 3192404 for Windows 8.1, and KB 3192406 for Windows Server 2012 -- confirm a trend we've long expected: Microsoft is adding new telemetry/snooping capabilities to Win7, 8.1, and Server 2012 by growing out its Diagnostic and Telemetry service subsystem, DiagTrack. The big push will come in November. Much to Microsoft's credit, we have many details about the new subsystem. We also have tools to help you avoid installing this enhancement to DiagTrack. But in order to use those tools effectively, you must start installing Windows 7 and 8.1 updates manually -- using Windows Update will ensure that your PC starts sending more info to the mothership. What kind of info? We don't know -- and don't have any way of knowing. While there are voluminous lists of privacy-related settings, Microsoft hasn't said what data it's collecting. There is no "Security" level option for Win 7 or 8.1 (or Win10 Pro or Home, for that matter). Data sent to the mothership is encrypted and inaccessible -- as it should be -- so we simply don't know if this new, improved DiagTrack will lead to Google-class snooping. Before you get worried, be sure you understand the situation. These three patches have been released as a test. They're called "October 2016 Preview of Monthly Quality Rollup" for a reason. If you run Windows Update in Win7 or 8.1, they'll appear as unchecked, optional updates. If you don't check them, they won't be installed. And unless you're testing something specific, you'd be foolish to check and install the updates. These Third Tuesday patches are a preview of the non-security portion of the monthly rollup that's expected to arrive in November. It's complicated, but in short, you don't want to install them yet. The KB articles have detailed descriptions of the changes coming in November, but they're quite esoteric -- telemetry receiving locations, proxy servers, and registry entries. The KB articles all point to Microsoft's description of the Customer Experience Improvement Program (CEIP). But the description, which is almost eight years old, doesn't mention DiagTrack. You might draw the conclusion that you can turn off DiagTrack by turning off CEIP, but as best I can tell that isn't true. I first noticed that telemetry-with-no-off-switch behavior 18 months ago in KB 2952664. A new incarnation of the same patch appeared earlier this month. Bottom line: Those users who install KB 3192403 or KB 3192404 should expect a greatly enhanced DiagTrack subsystem that provides unknown kinds of telemetry to Microsoft, with no easy way to switch it off. The obvious way to avoid such a situation is to avoid installing the patches in the first place. I'll step you through that minefield next month, when the patches appear for real. Tero Alhonen has noticed something uncanny about the patches: The KB 3192403 and KB 3192404 articles include wording that's basically identical to that found in KB 3192441, which is the Oct. 11 cumulative update for Windows 10 version 1511. They have the same telemetry upload points and registry entries. It sure looks like Windows 10-class snooping is coming to Windows 7 and 8.1. If you have Windows 7 or 8.1, you likely already have a nascent version of DiagTrack running. To see it, go into Control Panel and choose System and Security, Administrative Tools. Double-click on Services and scroll down the list to see if Diagnostic Tracking Service has been started. If you want to disable it (I've seen no reports of adverse side effects in doing so), double-click on Diagnostic Tracking Service. Under General, set Startup type to Disabled and click the Stop button, then OK. After you reboot, DiagTrack will haunt your PC no more -- until the next DiagTrack patch gets applied. If you want to kill DiagTrack and pour salt on the ground from which it springs, you can run these commands (each on one line) provided by abbodi86 on AskWoody.com: sc config DiagTrack start= disabled sc stop DiagTrack reg delete HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener /f reg delete HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Diagtrack-Listener /f reg delete HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\SQMLogger /f reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack /f reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection /f takeown /f %ProgramData%\Microsoft\Diagnosis /A /r /d y icacls %ProgramData%\Microsoft\Diagnosis /grant:r *S-1-5-32-544:F /T /C del /f /q %ProgramData%\Microsoft\Diagnosis\*.rbs del /f /q /s %ProgramData%\Microsoft\Diagnosis\ETLLogs\* That's a scorched-earth removal of a "service" you're not likely to want. Stay tuned. There will be lots of bumps ahead, in the aftermath of this month's patchocalypse. I continue to recommend that you NOT install any October updates just yet. Wait for the dust to settle. Later this week I'll have detailed (and easy) step-by-step instructions for safely installing the October updates. Source: Microsoft previews telemetry push with new Win7/8.1 patches KB 3192403, 3192404 InfoWorld - Woody on Windows AskWoody.com - Woody Leonhard's no-bull news, tips and help for Windows and Office
  11. Microsoft Security Bulletins October 2016 Microsoft Security Bulletins October 2016 provides you with an overview of all security and non-security patches Microsoft released in that month. Microsoft released updates for supported operating systems and other company products on today's patch day. This guide provides you with information on the patches and related information. It covers all security and non-security updates that Microsoft released, plus additional information and links that may prove useful. It begins with an executive summary highlighting the most important information about the October 2016 Patch day. This is followed by the list of affected Windows client and server operating systems, and other Microsoft products. The severity and number of updates is listed for each product so that you can see on first glance how products that you use are affected. What follows is the list of security bulletins, security advisories, and non-security updates that Microsoft released in October 2016. The last part lists download options, and links to additional resources. Microsoft Security Bulletins October 2016 Executive Summary Updates for Windows 7 and 8 are provided as monthly rollup patches instead of individual updates from this Patch day on. We covered this in detail, and suggest you check out this article for details. Microsoft released a total of 10 security bulletins on the October 2016 Patch Day. Five of the ten bulletins are rated with a maximum severity rating of critical (highest), the remaining five with a maximum severity rating of important (second highest). All Microsoft client and server operating systems are affected by vulnerabilities. Microsoft Silverlight, Microsoft .Net Framwork, Microsoft Office, and various business products are affected as well. Operating System Distribution All client versions of windows are affected by MS16-118, Ms16-120 and MS16-122 critically. Windows 8.1, RT 8.1 and Windows 10 are furthermore affected by MS16-127 critically. windows 10 on top of that is affected by MS16-119 critically. Windows 10 is also affected by MS16-126, rated important, which fixes issues in the Microsoft Internet Messaging API. MS16-119 is a cumulative security update for Microsoft Edge. MS16-127 updates the integrated Adobe Flash Player on those systems. Windows Vista: 3 critical, 2 important, 1 moderate Windows 7: 3 critical, 2 important, 1 moderate Windows 8.1: 4 critical, 2 important Windows RT 8.1: 4 critical, 2 important Windows 10: 5 critical, 3 important Windows Server 2008: 1 critical, 2 important, 1 moderate, 1 low Windows Server 2008 R2: 1 critical, 2 important, 1 moderate, 1 low Windows Server 2012 and 2012 R2: 1 critical, 2 important, 2 moderate Server core: 1 critical, 3 important Other Microsoft Products Microsoft .NET Framework Security Only Release: 1 important. Microsoft .NET Framework -Monthly Rollup Release: 1 important. Skype for Business 2016: 1 important. Microsoft Lync 2010, 2013: 1 important. Microsoft Live Meeting 2007 Console: 1 important. Microsoft Silverlight: 1 important Microsoft Office 2007, 2010: 2 important Microsoft Office 2013, 2013 RT, 2016: 1 important Microsoft Office for Mac 2011, 2016: 1 important: Microsoft Word Viewer: 2 important Microsoft Office Compatibility Pack Service Pack 3: 2 important Microsoft SharePoint Server 2010, 2013: 1 important Microsoft Office Web Apps 2010, 2013: 1 important Security Bulletins Red = critical MS16-118 -- Cumulative Security Update for Internet Explorer (3192887) This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. MS16-119 -- Cumulative Security Update for Microsoft Edge (3192890) This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. MS16-120 -- Security Update for Microsoft Graphics Component (3192884) This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. MS16-121 -- Security Update for Microsoft Office (3194063) This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. MS16-122 -- Security Update for Microsoft Video Control (3195360) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. MS16-123 -- Security Update for Windows Kernel-Mode Drivers (3192892) This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. MS16-124 -- Security Update for Windows Registry (3193227) This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information. MS16-125 -- Security Update for Diagnostics Hub (3193229) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. MS16-126 -- Security Update for Microsoft Internet Messaging API (3196067) This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. MS16-127 -- Security Update for Adobe Flash Player (3194343) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. Security advisories and updates Non-security related updates KB3194798 -- Update for Windows 10 Version 1607 - The update includes quality improvements according to Microsoft. The history lists various fixes for issues, as well as security updates released today. See this page for details. KB3192392 -- Security only update for Windows 8.1 and Windows Server 2012 R2 Security updates to Microsoft Video Control, kernel-mode drivers, Microsoft Graphics Component, Windows registry, and Internet Explorer 11. KB3185331 - Monthly Rollup for Windows 8.1 and Windows Server 2012 R2 This security update includes improvements and fixes that were a part of update KB3185279 (released September 20, 2016) and also all security updates of KB3192392. KB3192391 -- Security only update for Windows 7 SP1 and Windows Server 2008 R2 SP Security updates to Windows authentication methods, Internet Explorer 11, Microsoft Graphics component, Microsoft Video Control, kernel-mode drivers, Windows registry, and Microsoft Internet Messaging API. KB3185330 -- Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1 This security update includes improvements and fixes that were a part of update KB3185278 (released September 20, 2016), and also resolves the security updates listed under KB3192391 KB3191208 -- Update for Windows 10 Version 1511 -- Can't install Windows servicing updates in Windows 10 Version 1511 KB3197099 -- Dynamic Update for Windows 10 Version 1607 -- Compatibility update for upgrading to Windows 10 Version 1607: October 11, 2016 KB890830 -- Windows Malicious Software Removal Tool - October 2016 KB2952664 -- Update for Windows 7 -- Compatibility update for upgrading Windows 7. See this article for details. KB2976978 -- Update for Windows 8.1 -- Compatibility update for Windows 8.1 and Windows 8. See this article for details. KB3192665 -- Update for Internet Explorer -- ActiveX installation that uses AXIS fails after you install MS16-104. KB3063109 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, and Windows Server 2008 R2 -- Hyper-V integration components update for Windows virtual machines that are running on a Windows 10-based host. KB3177467 -- Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 -- Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: September 20, 2016. KB3179930 -- Reliability Rollup for Microsoft .NET Framework 4.5.2, 4.6 and 4.6.1 on Windows 7 and Windows Server 2008 R2. KB3179949 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 and 4.6 on Vista and Server 2008. KB3181988 -- Update for Windows 7 and Windows Server 2008 R2 -- SFC integrity scan reports and fixes an error in the usbhub.sys.mui file in Windows 7 SP1 and Windows Server 2008 R2 SP1. KB3182203 -- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded -- September 2016 time zone change for Novosibirsk. KB3184143 -- Update for Windows 8.1 and Windows 7 -- Remove software related to the Windows 10 free upgrade offer. KB3184951 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 on Windows Server 2012. KB3185278 -- Update for Windows 7 and Windows Server 2008 R2 -- September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. Improved support for the Disk Cleanup tool to free up space by removing older Windows Updates after they are superseded by newer updates. Removed the Copy Protection option when ripping CDs in Windows Media Audio (WMA) format from Windows Media Player. Addressed issue that causes mmc.exe to consume 100% of the CPU on one processor after installing KB3125574. Addressed issue that causes the Generic Commands (GC) to fail upon attempting to install KB2919469 or KB2970228 on a device that already has KB3125574 installed. All reported changes here. KB3185279 -- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 -- September 2016 update rollup for Windows 8.1 and Windows Server 2012 R2. Addressed issue that causes some USB storage devices to lose authorization when the device goes into the lowest power state, requiring user to re-authenticate using PIN when the device moves back to a working power state. Addressed issue that causes Windows Explorer to become unresponsive when sharing a folder that is the child of at least two shared parent folders. Addressed issue that causes a COM port to become unavailable after it is repeatedly opened and closed. Addressed issue that causes devices to lose connection to their virtual private network (VPN) a few seconds after connecting, if the connection is made using an integrated mobile broadband connection. All reported changes here KB3185280 -- Update for Windows Embedded 8 Standard and Windows Server 2012 -- September 2016 update rollup for Windows Server 2012. KB3186208 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 on Windows 8.1 and Windows Server 2012 R2. KB3159635 -- Update for Windows 10 Version 1607 -- Windows 10 Update Assistant update. How to download and install the October 2016 security updates Updates are also provided via Microsoft's Download Center, monthly Security ISO image releases, and via Microsoft's Update Catalog. Direct Microsoft Update Catalog download links: Windows 7 Security-only October 2016 Windows 8.1 Security-only October 2016 Windows 8.1 Flash security patch October 2016 Additional resources Microsoft Security Bulletin Summary for October 2016 List of software updates for Microsoft products List of security advisories of 2016 Microsoft Update Catalog site Our in-depth update guide for Windows Windows 10 Update History Windows 8.1 Update History Windows 7 Update History Source
  12. When Microsoft offered Windows 10 as a free upgrade to Windows 8.1 and Windows 7 SP1 users last year, everyone rejoiced and readily opted for the upgrade. But soon it was discovered that Windows 10 has so many programs and components that send a feedback about how you use your PC to Microsoft servers. After that everyone became very cautious about upgrading to Windows 10 and turning off various settings in Windows 10 if they actually upgrade to the new operating system. Now almost one year has passed and nothing has changed – Microsoft has actually become more aggressive about advertising their products via Windows updates and hiding the privacy related options much deeper into a pile of settings. If you want to be able to manage those privacy settings from one place instead of hunting for them in dozens of locations, then you can use Windows 10 Dominator tool. Windows 10 Dominator is an open source tool that allows you to manage all the privacy settings in Windows 10 that are otherwise difficult to configure. You can manage various privacy, telemetry, location and other miscellaneous settings using this small program. Under the privacy settings, you can toggle the search bar results, use of your advertising ID by apps, sending feedback to Microsoft, logging of keystrokes, and asking for your feedback etc. You can also switch off telemetry data collection, connecting to Microsoft telemetry servers, prevent the apps from requesting your location, turn off SmartScreen filter and more. All of these settings are available somewhere in Windows but Windows 10 Dominator allows you to easily control them from its interface. However, if you want to manually change these settings in Windows, then you can click on the more.. shown next to each of the settings in Windows 10 Dominator. For example, if you click on more.. displayed next to the SmartScreen filter setting, then it opens Windows settings window where you can manually modify the setting. Windows 10 Dominator Article source
  13. Windows Spy Blocker is a regularly updated collection of firewall, hosts file and Proxifier rules that block Windows 10 phone home functionality. While Microsoft collected telemetry data in previous versions of the Windows operating system as well, data collection was intensified with the release of Windows 10. The default installation has most telemetry data settings set to enabled and while options are provided to turn off some settings, some cannot even be turned off in the operating system's settings. According to Microsoft, the data collecting is all for the greater good as it helps Microsoft make the product better for the user. While there is certainly some truth to that, it is not the whole story and since no one knows what Windows 10 PCs are submitting to Microsoft in regular intervals, some prefer to block connections to Microsoft servers altogether. Lots of tools have been created in the past year that aim to help users improve privacy when using Windows 10 machines. You can check out our comparison of privacy programs for Windows 10 for that as a starting point. Windows Spy Blocker Windows Spy Blocker is a collection of rules that its author has discovered while running Wireshark on a Windows 10 Professional system. The provided download includes a batch file that updates rules files, and files with the latest set of rules as well. Hosts file The hosts directory lists three files that block Windows Telemetry, Windows Update, and third party applications (using servers operated by Microsoft). You can copy and paste the information into the Windows hosts file directly, which you find under C:\Windows\System32\drivers\etc, or by using hosts managers which may be easier to use and support extra features such as backing up the hosts file or resting a previously backed up copy. Firewall The firewall directroy includes the batch file. You get a number of options when you run it, including one to download and add rules from the GitHub repository, or to add or remove rules so that Windows Firewall uses them on the computer. Proxifier Some hosts are not blocked even when they are added to the hosts file. The author of Windows Spy Blocker suggests to use a top level application such as Proxifier for these instead, and that's what this set of rules are designed for. You can use other means, like blocking hosts on the router level or hardware firewall if one sits between the device and the network/Internet. Closing Words Windows Spy Blocker offers a handy set of rules to block Windows 10 devices from phoning home. While you may be tempted to use them all without verification, it is highly suggested to make sure you are not blocking services or features that you require or use. This includes Windows Update, and especially so if you are not using other means to retrieve updates for the operating system running on the device. crazy-max/WindowsSpyBlocker Article source
  14. Everyone seems concerned about their privacy in Microsoft's new operating system Windows 10. Although Microsoft has mentioned several times that Windows 10 doesn't collect any personal data. It only collects some anonymous data and sends it to Microsoft to make the overall user experience and Windows functionality better. The collected data helps Microsoft in improving Windows 10 functionality and performance. But still many Windows 10 users are worried about this automatic data collection. To help users in improving their privacy, Microsoft has provided several options to disable telemetry and diagnostic data collection in built-in Settings app as mentioned in following exclusive tutorial: Best Privacy Settings for Windows 10 After disabling the options and settings mentioned in the above tutorial, you can sit back, relax and stop worrying about your privacy in Windows 10. But many people are still searching on Internet and following guides to turn off telemetry and data collection in Windows 10. Some websites suggest to use 3rd party software to block Microsoft servers IP addresses and URLs to disable telemetry but I'll never suggest this as it may cause serious problems as mentioned in following article: [Fix] Can't Open Bing, MSN, Outlook or Other Microsoft Websites in Windows 10 Apart from 3rd party software, some websites also suggest a Group Policy trick to disable telemetry and data collection in Windows 10 which is actually useless if you are using Windows 10 (also known as Core or Home) or Windows 10 Pro editions which are the most common and most used editions of Windows 10. That Group Policy trick only works in Windows 10 Enterprise, Education, IoT and Server editions. I have mentioned this trick long time back in the above mentioned "Best Privacy Settings for Windows 10" guide. I also mentioned that which Windows 10 editions support this trick. Still many people are unaware of the fact. I have received many emails from readers about applying this trick. People are confused whether this method is actually useful or is it just a myth. That's why today in this article, I'm going to reveal the truth behind this Group Policy trick so that everyone can understand this trick's usage and functionality: First of all lets talk about the trick! Its suggested that you can completely disable telemetry and data collection in Windows 10 by changing an option in Group Policy Editor. The whole method is as following: METHOD 1: Disable Telemetry in Windows 10 Using Group Policy Editor 1. Press WIN+R keys together to launch RUN dialog box. Now type gpedit.msc in RUN and press Enter. It'll open Group Policy Editor. 2. Now go to: Computer Configuration -> Administrative Templates -> Windows Components -> Data Collection and Preview Builds 3. In right-side pane, look for "Allow Telemetry" option. 4. Double-click on "Allow Telemetry" and select Enabled option in the new window. Now you can set its value to any of following options from the drop-down list: 0 - Security 1 - Basic 2 - Enhanced 3 - Full People suggest to set the option to "0 - Security" to completely disable telemetry and data collection in Windows 10. METHOD 2: Disable Telemetry in Windows 10 Using Registry Editor Above mentioned method cannot be used in Windows 10 Core or Home edition as this edition doesn't contain Group Policy Editor. If you are using Home edition of Windows 10 or if you can't use or don't want to use Group Policy Editor, you can take help of Registry Editor for the same task. Just follow these simple steps: 1. Press WIN+R keys together to launch RUN dialog box. Now type regedit in RUN and press Enter. It'll open Registry Editor. 2. Now go to following key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ 3. Create a new key under Windows key and set its name as DataCollection 4. Now in right-side pane, create a new DWORD AllowTelemetry and set its value to any of following: 0 (To set telemetry settings to security only) 1 (To set telemetry settings to Basic) 2 (To set telemetry settings to Enhanced) 3 (To set telemetry settings to Full) People suggest to set the value to 0 to completely disable telemetry and data collection in Windows 10. Close Registry Editor and restart your computer to take effect. What Exactly Does This Trick Change? This trick disables changing telemetry option in Settings app. Actually you can set what type of diagnostic and usage data should be collected and sent by Windows 10 using Settings app. 1. Open Settings app from Start Menu or by pressing WIN+I keys together. 2. Now go to "Privacy -> Feedback & diagnostics" and here you can select your desired option from drop-down list. It allows you to set the option to any of following: Basic Enhanced Full As you can see the "Security" option is not present in the drop-down list. That's why people suggest to use the above mentioned Group Policy or Registry trick to set the telemetry option to "Security" which sends the minimal data to Microsoft. Once you apply the trick, the option to change diagnostic and usage data in Settings app becomes grayed out and you can't change the option. The page also shows "Some settings are managed by your organization" message at the top of the page. Truth Behind This Group Policy or Registry Trick If you are using Windows 10 (Core/Home) or Windows 10 Pro edition, this trick to set telemetry option to 0 - Security is useless for you. Microsoft has mentioned clearly in the description of "Allow Telemetry" option in Group Policy Editor that setting the option to "0 - Security" on Windows 10 Home or Pro editions is equivalent to settings it to "1 - Basic" which you can always change using Settings app without using Group Policy Editor or Registry Editor. Actually settings telemetry option to "0 - Security" only works on Windows 10 Enterprise (including LTSB), Education, IoT and Server editions. So if you are using Enterprise, Education, Server or IoT editions of Windows 10, then you can apply this trick to set the diagnostic and usage data collection to minimal (security data only) but if you are using Windows 10 Home or Pro editions, this trick will not work for you. Credit to
  15. There are numerous Win10 anti-spy apps but I prefer to use this useful tool. Its does the actual uninstall of packages then other apps just disable/blocking the services Plus having the advantage to uninstall(offline) the Telemetry and related spy packages from the .iso first before clean install the OS so M$ had nothing much to begin spying with Can also use it uninstall(online) the packages on your current OS. ------------------------------------------------------------- --------Registry Tweak Tool v1.4.7.0--------------- ---------------for Windows 6.x------------------------- ---------Created by Michal Wnuowski-------------- -----Concept by Aviv00@msfn / lite8@MDL----- -----------Modified by Legolash2o------------------- -------------------------------------------------------------- Download & source files http://www.mirrorcreator.com/files/0S9OS0ZM/install_wim_tweak.exe_links http://www.mirrorcreator.com/files/9ET1MS7F/win6x_registry_tweak_src_v1.4.7.zip_links http://www.msfn.org/board/topic/152688-win6x-registry-tweak/ Steps to do 1. Unhide & list all the packages available on the wim file(offline) or current OS(online) and write them to a text file 2. Uninstall the packages 3. Hide packages Offline uninstall syntax Online uninstall syntax *Example how I uninstall offline using en_windows_10_enterprise_2015_ltsb_x64_dvd_6848446.iso *Place install.wim at E:\ *Place install_wim_tweak.exe at E:\ *Create a folder name "IMG" at E:\ E:\install.wimE:\install_wim_tweak.exeE:\IMG 1. Mount install.wim at E:\IMG (CMD admin) Dism /Mount-Wim /Wimfile:E:\install.wim /index:1 /MountDir:E:\IMG 2. Unhide offline ~ Create Packages.txt at C:\Windows\System32 E:\install_wim_tweak.exe /p "E:\IMG" /l 3. Uninstall Telemetry E:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-OneCore-AllowTelemetry-Reduced-Default-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-OneCore-TroubleShooting-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-OneCore-TroubleShooting-WOW64 /r Uninstall Diagnostics Tracking E:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-DiagTrack-Internal-Package /r Uninstall Windows Defender ( WARNING : No Windows Defender access via Windows Settings / Group policy ) E:\install_wim_tweak.exe /p "E:\IMG" /c Windows-Defender-AM-Default-Definitions-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Windows-Defender-Client-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Windows-Defender-Group-Policy-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Windows-Defender-Client-WOW64-Package /r Unnstall Search E:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Search2-base-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Search2-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Search2-shell-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Search2-WOW64-base-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Search2-WOW64-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Search2-WOW64-shell-Package /r Uninstall Cortana ( WARNING : Breaks Windows Search function too ) E:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Cortana-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Cortana-PAL-Desktop-Package /r Uninstall OneDrive E:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-OneDrive-Setup-Package /r Uninstall Xbox E:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-OneCore-AppRuntime-WOW64-xbox-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-OneCore-AppRuntime-xbox-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-OneCore-Networking-XboxLive-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-OneCore-Networking-XboxLive-WOW64-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Client-Drivers-xbox-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Client-Features-Package-AutoMerged-xbox /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-xbox /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Xbox-GameCallableUI-Package /rE:\install_wim_tweak.exe /p "E:\IMG" /c Microsoft-Xbox-IdentityProvider-Package /r Lists of full PackageNames Uninstalled TelemetryMicrosoft-OneCore-AllowTelemetry-Reduced-Default-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-OneCore-TroubleShooting-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-OneCore-TroubleShooting-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-OneCore-TroubleShooting-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-OneCore-TroubleShooting-WOW64-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Diagnostics TrackingMicrosoft-Windows-DiagTrack-Internal-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-DiagTrack-Internal-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Windows DefenderWindows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Windows-Defender-Client-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Windows-Defender-Client-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Windows-Defender-Client-WOW64-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Windows SearchMicrosoft-Windows-Search2-base-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-Search2-base-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Windows-Search2-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-Search2-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Windows-Search2-shell-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-Search2-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Windows-Search2-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-Search2-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Windows-Search2-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-Search2-WOW64-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Windows-Search2-WOW64-shell-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-Search2-WOW64-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384CortanaMicrosoft-Windows-Cortana-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-Cortana-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Windows-Cortana-PAL-Desktop-Package~31bf3856ad364e35~amd64~~10.0.10240.16384OneDriveMicrosoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~~10.0.10240.16384XboxMicrosoft-OneCore-AppRuntime-WOW64-xbox-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-OneCore-AppRuntime-WOW64-xbox-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-OneCore-AppRuntime-xbox-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-OneCore-AppRuntime-xbox-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-OneCore-Networking-XboxLive-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-OneCore-Networking-XboxLive-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-OneCore-Networking-XboxLive-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-OneCore-Networking-XboxLive-WOW64-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Windows-Client-Drivers-xbox-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-Client-Drivers-xbox-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Windows-Client-Features-Package-AutoMerged-xbox~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-Client-Features-Package-AutoMerged-xbox~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-xbox~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-xbox~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Xbox-GameCallableUI-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Xbox-GameCallableUI-Package~31bf3856ad364e35~amd64~~10.0.10240.16384Microsoft-Xbox-IdentityProvider-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384Microsoft-Xbox-IdentityProvider-Package~31bf3856ad364e35~amd64~~10.0.10240.16384 4. Saving changes to Mount-Dir Dism /Commit-Image /MountDir:E:\IMG 5. Recheck uninstalled packages with packages.txt E:\install_wim_tweak.exe /p "E:\IMG" /l 6. Rehide all packages, prevent breaking the OS E:\install_wim_tweak.exe /p E:\IMG /l 7. Un-mount & commit changes to E:\install.wim Dism /unmount-Wim /MountDir:E:\IMG /Commit ________________________________________________________________ That's all, use the new install.wim for your .iso. Can uninstall more packages if you want, check againest your Packages.txt .
  16. Microsoft launched the first big update for its Windows 10 operating system this month and while it introduced several new features and much-needed improvements, issues were reported as well. Probably the most common one was that Microsoft rest some or even all default apps and settings in the update. If you are not observant about those things, you may not have noticed that settings were reset to their default values which, at least where privacy comes into play, is quite problematic. While it does not take long to restore the previous settings and make other apps the default programs again on Windows 10, something like this should never have happened in first place. Windows 10 version 1511 ships with another change that may cause confusion at first. The Diagnostics Tracking Service is a core tracking service of the operating system that controls data collection. One option that you had in the past was to disable the service using the Services Console to block the data collecting from happening. If you check Services after the major update, you will notice that the Diagnostics Tracking Service is gone. Did Microsoft listen to users for once? No, they did not. Microsoft renamed the service instead which means that you will find it listed under its new name Connected User Experiences and Telemetry instead. It is unclear why Microsoft changed the name in the update. One explanation would be to make it clearer what the service does but since Microsoft did not announce the change, the motive behind the change is unclear. This means however that you will have to disable that service after the update to Windows 10 Build 1511 if you don't want the diagtrack service to run on the system. Disable the Connected User Experiences and Telemetry service To disable the new service, do the following: Tap on the Windows-key, type services.msc and hit enter. Locate the Connected User Experiences and Telemetry service (services are sorted alphabetically). Double-click on the service. Select Stop to terminate it. Change the Startup Type of the service to disabled. It seems necessary that you check back regularly, not only in Services but also the privacy settings that Windows 10 lists in the Settings application and the changes that you had to make in the Group Policy Editor or the Registry directly, as there is no telling if things will be reset or changed again in the future. Since I'm rather a pessimist than an optimist when it comes to these things, I fear that this will happen on a regular basis from now on. (via Tweakhound) News source
  17. Symantec President and CEO Michael Brown has said that openness and awareness is central when a user's privacy is traded away. Symantec claims that it operates the world's largest civilian intelligence network, and according to President and CEO Michael Brown, the key to keeping customers happy with contributing their computer telemetry is to be open about it. "We are very open about [telemetry collection], so customers really are opting-in to contribute that telemetry to us," Brown told journalists in Sydney on Tuesday. Microsoft has seen considerable friction recently from Windows 10 users over its compulsory collection of telemetry, but Brown brushed such concerns aside. "Most people are not as concerned about that," he said. "But our approach is that has to be open for customers." Symantec currently collects telemetry from 110 million enterprise customers, and 60 million consumer and mobile end-points, resulting in a database that monitors 8 trillion objects in real-time, and is updated at a rate of 200,000 rows per second. "We've invested to understand more about the threat landscape than anyone else out there in the civilian world; there are probably a few governments who have invested as much ... but we don't think there are any other companies out there," Brown said. "That makes us a really attractive partner to work with because our belief is the more we know about the threats, the more we can protect customers." The company is currently building an analytics platform that will expose research data that was previously used internally to customers and third parties through an API. Brown said the data that will be available to all comers, including competitors, is built on top of Hadoop, Apache Kafka, and Storm. Symantec's first application using the platform, dubbed Risk Insight, is slated to be available in the next six months. Brown also promoted an open approach to corporations working with governments and law enforcement agencies, and said that users should be aware of when their privacy is traded away. "[if] we're giving the keys to encryption to law enforcement, because we want to serve a different purpose, then ... it should be in the light of day." The Symantec chief said his company does not believe in backdoors, but that it would follow whatever legal requirements were made of it. "We as a society, as an open society, have to make trade offs, and we are going to follow whatever we agree on with our laws," he said. With the increasing use of cloud-based services and encryption, Brown said that the usefulness of firewalls has diminished compared to years past. "A lot of what's been protected at network firewalls, now is bypassing the firewalls because you can't apply policy to something that's encrypted -- you don't know what it is -- and as more workloads move to the cloud, the firewall becomes less important," he said. "With the age of less perimeter defence, it's important to make sure that your end-point's totally secured." Brown has been at the helm of Symantec since September 2014, when he was promoted into the role from being interim CEO, a position he gained after the company fired former CEO Steve Bennett. At the time, Brown was already a member of Symantec's board, having joined after the merger with Veritas Software in July 2005. Veritas was spun out earlier this year and sold to private equity firm, Carlyle Group, for $8 billion. In its second-quarter earnings released earlier this month, Symantec reported net income of $156 million from revenue of $1.5 billion. News source
  18. Worries about Windows 10 tracking are overblown, and providing data on crashes helps everyone. But it's also understandable why some Windows 10 users are reluctant to share. When, why and how much diagnostic data Windows 10 sends back to Microsoft has been a source of considerable debate for the last couple of weeks. By default Windows 10 collects some data about how Windows and Windows apps are performing plus some additional details - such as about crashes, so-called telemetry data. (Calling all this 'telemetry data' makes it sound much more grand than it is, like the sort of information that would be sent back by a probe en route to a distant star, rather than the more humdrum details of why your PC crashed halfway through you writing a Facebook post.) But what has some people worried is that while the amount of data your Windows PC will send to Microsoft can be reduced to a very basic level, for home users it can't be stopped completely. There are lots of reasons why sending this sort of data to Microsoft is a good idea - it can help its engineers spot and fix common bugs faster than they could if they were waiting to users to complain. And while the default telemetry setting for Windows 10 Home and Pro users is 'full', when dialled down to the 'basic' telemetry settings Microsoft is getting, as Ed Bott points out, very basic data about crashes, hangs and security settings that can't be tracked back to a person or PC: hardly a massive invasion of privacy. And don't forget, for most home users Windows 10 is going to be a free download - so maybe they should be willing to put up with providing a limited amount of diagnostic and usage data (which is only going to make the software better anyway) without kicking up too much of a fuss. Jack Schofield also make an excellent broader point about why you should leave the telemetry on, especially if you know anything about technology. As he argues, every time the 'smart' people turn off telemetry -- and the 'dumb' people leave it on -- this skews the data that gets sent back to the developers of any software. The experiences and choices of the smartest users thus never get registered, their votes never counted, and as Jack points out: "In the long term, dumber software is the almost inevitable result." However, complicating matters somewhat, last week as part of the first major update to Windows 10, Microsoft gave enterprise users the option to switch off telemetry completely (although it doesn't recommend it) citing feedback from business and government customers as the reason. This is certain to be welcomed by business users, but raises the question of why this option wasn't extended to Home and Pro users too: surely they have the same worries about privacy that corporate users do? There's such a vast Windows 10 install base already that losing that few percent of users who really don't want to share their telemetry data seems a small price to pay here, especially as privacy is such a hot topic for many. It's hard to see why these two groups of users, using what is effectively the same software, should be treated in different ways. A level playing field would make more sense. Article source
  19. Saved Telemetry Pings and datareporting/archived are two local folders in the Firefox profile that the browser started to populate with data recently. Users on development versions may find months worth of telemetry data in those folder while stable users only recent data. What makes this puzzling is that the data is created even if Firefox is configured to not collect telemetry data. You can check the configuration by loading about:preferences#advanced in the browser's address bar and switching to the data choices tab when the page opens. There you find listed what is being submitted to Mozilla automatically. It is unclear at this point in time why telemetry data is still being saved to the local profile folder if "share additional data" or "health report" are disabled under data choices. Telemetry pings are data packages that Firefox sends to Mozilla servers. The data is stored in JSON format which means that you can take a look at it by loading it in a plain text editor or specialized application that displays JSON data in an orderly fashion. The collected data includes information about the build of the browser, various benchmark values, the installed extensions, and information about the computer system. The Saved Telemetry Pings folder and the Datareporting/archive folder contain both telemetry pings. The core difference appears to be that the latter stores them in compressed format (.jsonlz4) while the former does not. You can decompress these files from within Firefox's Browser Console by following the instructions posted on Mozillazine. Stopping the generation of Telemetry Pings So how can you stop the generation of Telemetry Pings and archived pings in Firefox? By making the following changes on about:config. toolkit.telemetry.archive.enabled to falsetoolkit.telemetry.enabled to falsetoolkit.telemetry.unified to falseLets take a closer look at what those preferences do. The preference toolkit.telemetry.archive.enabled defines whether local archiving of telemetry pings is enabled or not. The preference depends on toolkit.telemetry.unified and works only if unified is turned on. It may not be necessary to set it to false because of this, since we set unified to false anyway in the preferences but there is no harm in doing so. The main preference toolkit.telemetry.enabled depends on unified as well. If unified is off, it controls if Telemetry is enabled in Firefox. If unified is on, it controls whether extended data is sent to Mozilla. The preference toolkit.telemetry.unified finally controls unified behavior. If set to on, Telemetry is enabled, will record basic data, and will send additional pings. While we are at it, you may be interested in the following Telemetry-related preferences as well: datareporting.healthreport.uploadEnabled sends data if Health Report is enabled in the Firefox preferences under Data Choices.datareporting.policy.dataSubmissionEnabled is the master kill switch. If disabled (set to false), no policy is shown and no uploads take place.datareporting.policy.dataSubmissionEnabled.v2 will prevent the sending of Firefox Health Report v2 data to Mozilla.toolkit.telemetry.server defines the server the Telemetry ping is sent to. Set to blank for instance to block this from happening.Credit to
  20. Windows 10 comes with the telemetry feature enabled by default which collects all sorts of user activity and sends it to Microsoft. Many users worry about this behavior and are constantly looking for ways to disable it completely. If you are concerned about privacy, you should know that in Windows 10 build 10525, telemetry and data collection services are locked down to send all information to Microsoft! There are three states of Telemetry are available in Windows 10 Basic Basic information is data that is vital to the operation of Windows. This data helps keep Windows and apps running properly by letting Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also turns on basic error reporting back to Microsoft. If you select this option, Microsoft will be able to provide updates to Windows (through Windows Update, including protection by the Malicious Software Removal Tool), but some apps and features may not work correctly or at all. Enhanced Enhanced data includes all Basic data plus data about how you use Windows, such as how frequently or how long you use certain features or apps and which apps you use most often. This option also lets Microsoft collect enhanced diagnostic information, such as the memory state of your device when a system or app crash occurs, as well as measure reliability of devices, the operating system, and apps. Full Full data includes all Basic and Enhanced data, and also turns on advanced diagnostic features that collect additional data from your device, such as system files or memory snapshots, which may unintentionally include parts of a document you were working on when a problem occurred. This information helps Microsoft further troubleshoot and fix problems. If an error report contains personal data, Microsoft claims they won't use that information to identify, contact, or target advertising to you. This is the recommended option which they recommend for the best Windows experience and the most effective troubleshooting.In Windows 10 build 10525, the option is set to Full and cannot be changed by the user! So Microsoft will know all about the apps you are using and even about the personal data you have. If you are not happy with such behavior, consider staying with the current RTM build 10240 which is locked to "basic" data collection level and can even be disabled. Source