Microsoft's Telemetry Additions To Windows 7 and 8 Raise Privacy Concerns

WheezyJoe writes: ghacks and Ars Technica are providing more detail about Windows 10's telemetry and "privacy invasion" features being backported to Windows 7 and 8. The articles list and explain some of the involved updates by number (e.g., KB3068708, KB3022345, KB3075249, and KB3080149). The Ars article says the Windows firewall can block the traffic just fine, and the service sending the telemetry can be disabled. "Additionally, most or all of the traffic appears to be contingent on participating in the CEIP in the first place. If the CEIP is disabled, it appears that little or no traffic gets sent. This may not always have been the case, however; the notes that accompany the 3080149 update say that the amount of network activity when not part of CEIP has been reduced." The ghacks article explains other ways block the unwanted traffic and uninstall the updates.

Telemetry Hack

[smittyoneeach]

Telemetry hack
Like shearing your back
The right suds keep it
From chopping your stack
Burma Shave

Re:

[smittyoneeach]

"Sack on BACK!
Installing Slack
Bummer #1 with a mullet
Love to cower, Jack,"
AC/DC did not sing.

Re:

[smittyoneeach]

Making a living
Would seem better than
Making a dying
In Somecountrystan

Re:

[macs4all]

...Like Ebola it's the gift
That keeps on giving
Because Microsoft execs
Gotta make a living
Burma Shave

Now THAT's funny! (and sad at the same time)...

Define Your Acronyms

[Anonymous Coward]

What the hell is CEIP? Editors, define your acronyms the first time they're used, especially if they're not common.

Can Editors Inspect Paragraphs?

Re:Define Your Acronyms

[Stolpskott]

Customer Experience Improvement Program... for those of us used to wading through the pile of sewage that is Windows in a corporate environment, it is well known and enjoyed about as much as annual performance appraisals.

Compare the experience to...

[Announcer]

I think a more apt comparison would be to compare this to the entire process of getting a colonoscopy, from the preparation the day before, to the actual "exam".....

Re:

[EndlessNameless]

It's not that bad. It's hardly a problem at all.

There are GPO settings to configure it, so it takes a domain admin maybe 5-10 minutes to log in and disable it globally. No scripting or registry hacks required.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Define Your Acronyms

[denis-The-menace]

And it's a failure b/c they ignore what people really wanted: the Start Menu.

Instead we got the Start List: 100+ icons to scroll through.

Only Santa's list is longer.

Re:

[yuhong]

Has been there since at least Office 2003 I think.

Re:Define Your Acronyms

[arglebargle_xiv]

Customer Experience Improvement Program...

It's a Microsoft customer service, in the sense of "the farmer got in a bull to service his cows".

Re:

[srmalloy]

What the hell is CEIP? Editors, define your acronyms the first time they're used, especially if they're not common.

Customer Experience Improvement Program.

Re:

[xxxJonBoyxxx]

>> Editors, define your acronyms the first time they're used, especially if they're not common.

I'm assuming SlashDot's using unpaid high school interns as editors these days, since anyone who's made it through a college-level writing course would know better. Your local town paper wouldn't hire you to write dog-catching interviews if you submitted this crap as an "article."

Firewall/Router blocking settings?

[IMarvinTPA]

Does anybody have instructions for common hardware firewalls and routers on what needs to be blocked at the network level?

My google-fu keeps failing me and everybody tries to explain how to do it using the built-in firewall which is probably as secure as guarding the hen house with foxes.

Thanks,
IMarv

Re:Firewall/Router blocking settings?

[geminidomino]

I put this in my tomato "Scripts" section. Basically grabbed all of the dig output for settings-win.data.microsoft.com and vortex-win.data.microsoft.com, cnames, and authorities for them.

Possibly excessive. I'm ok with that. YMMV.

iptables -I FORWARD -d 8.26.215.27 -j DROP
iptables -I FORWARD -d 64.4.54.254 -j DROP
iptables -I FORWARD -d 8.26.204.25 -j DROP
iptables -I FORWARD -d 198.78.199.155 -j DROP
iptables -I FORWARD -d 204.160.105.155 -j DROP
iptables -I FORWARD -d 4.23.46.155 -j DROP
iptables -I FORWARD -d 65.55.44.108 -j DROP

Re:

[geminidomino]

Do you use your Tomato router as a DNS resolver/server for your LAN?

I don't, but it's on the TODO list actually. I'll keep this in mind.

Thanks!

Re:

[Zanadou]

This isn't perfect, but I was using the batch file from here [hakspek.com] to uninstall/disable most of the telemetry bullshit from Windows 7.

(It says it's for Windows 10, but it seems works for Windows 7, too. Also note that the hiding/disabling of the KB updates in Windows update didn't work perfectly for me; I had to go back in a hide/disable some of them manually, afterward.)

Re:

[arglebargle_xiv]

Does anybody have instructions for common hardware firewalls and routers on what needs to be blocked at the network level?

Note that this is only going to help if you're sitting behind your own firewall, as soon as you take your laptop out of the house all the data is going back to Microsoft again. So a more reliable option is to block it at the source by changing the Windows config.

(Which, if it's anything like getting rid of the Win10 downgrade nag, is going to be a major chore. I've scraped viruses out of PCs that were easier to remove than the Win10 nag).

Re:

[rtb61]

Makes much more sense to un-install those privacy downgrades. Worth the effort as there is a distinct improvement in boot times as well as general performance. Those M$ anal probes do come with more than one cost, not just your privacy taken but also a system performance cost, obviously they run better in windows 10 built in than added in windows 7 and 8, which is why windows 10 outperforms fully privacy downgraded windows 7 and 8. I wonder how well windows 7 clean install no M$ recommended privacy downgr

Re:

[arglebargle_xiv]

Makes much more sense to un-install those privacy downgrades.

An easier option is probably just to disable them [arstechnica.com], it looks like the sole purpose of the Diagnostics Tracking Service is to send data back to Microsoft so if you prevent it from running you should be fine.

Disclaimer: I haven't run Snort on this yet so I don't know if there isn't something else phoning home with my data, but DTS seems the obvious candidate to kill.

Re:

[rtb61]

Thanks, I did both. In fact it seems to be a never ending tangle, finding more and mores purposeful holes in windows built in on purpose and needing to be uninstalled, disabled, detasked and blocked at the (non-M$) firewall.

Re:

[ihtoit]

There's a method which works (I've done it, and wrote the method as I went): it completely obliterates the Win10 nag and all associated processes and files, registry entries and pretty much guarantees that it won't return.

Step 1: take ownership of the GWX folder
Go to /Windows/System32/GWX. Right-click, Properties. Then, go to the Security tab, click Advanced. Under the Owner, click on Edit. Select your account rather than whatever crap Microsoft has preselected. Make sure you tick the box that says subfolde

Re:

[arglebargle_xiv]

Here's mine, rather more brief than yours since it was written purely as a memo for future reference:

Create key HKLM\SOFTWARE\Policies\Microsoft\Windows\GWX, then add DisableGwx
as REG_DWORD, value = 1.

Win+R -> taskschd.msc, open Task Scheduler Library | Microsoft | Windows |
Setup, which has two subkeys gwx and GWXTriggers. Delete all entries in
gwx, the other can't be deleted because of permissions, for this use Win+R
-> tasks, which opens C:\Windows\System32\Tasks. Go to
Microsoft\Windows\

Sigh, guess no Win boxes in the lab then

[WillAffleckUW]

There are consequences to every action

Re:Sigh, guess no Win boxes in the lab then

[Anonymous Coward]

The funny part is that there was a man who saw all this coming back in the early 90s who nobody listened to. His name is Richard Stallman.

Stallman warned everyone that proprietary software turns on the user in the end. People are complaining that Windows now sucks, and they have all these expensive (closed source too) tools they depend on for their livelihood that can't run on any platform besides Windows. Well, I guess they're getting what's coming to them. Stallman tried to warn them, but they didn't listen because they wanted stuff to "just work". Well, Stallman's inconvenient truth can no longer be ignored.

So have fun Windows users. I hope that your short term gains were worth not solving the problem in an open, portable, way.

Re:Sigh, guess no Win boxes in the lab then

[chipschap]

they didn't listen because they wanted stuff to "just work".

The further irony is that they didn't even get that much ... what they got was "stuff just works, except when it doesn't."

Now ... before anyone says, "yeah but stuff doesn't 'just work' on Linux either" ---- I know that. But I also know how much I paid for Linux. And if I'm good enough at it, I'm free to "fix stuff" and "make stuff work" I've done so many times. (Sure there are limits, the kernel is not so easy to fix ... but still ... you at least have full source access.)

Re:

[macs4all]

Now ... before anyone says, "yeah but stuff doesn't 'just work' on Linux either" ---- I know that. But I also know how much I paid for Linux. And if I'm good enough at it, I'm free to "fix stuff" and "make stuff work" I've done so many times. (Sure there are limits, the kernel is not so easy to fix ... but still ... you at least have full source access.)

Another fallacious "free" concept: "Linux is only free if your time is."

Personally, I want to work with my computer, not on my computer. I have enough of the former writing Windows Applications during the day for work. So when I come home, the very last thing I want to do is fiddle-fart around with Linux just to achieve a modicum of usability, or suffer the slings and arrows of even more Windows crap, and now New and Improved built-in Spyware! So, check my username and get a clue as to what I enjoy as an

Re:

[Forgefather]

The error messages that you send to Microsoft contain a full memory image at the time of the crash, which includes all encryption keys that have not been explicitly zeroed out, and a full image of every other program you have running.

Re:

[macs4all]

The real irony is that only paranoid loons like Stallman actually care about the CEIP. The rest of us who are sane and intelligent don't give a shit because it's not a problem. I have no problem with Microsoft collecting data about how I use my computer because they still have no clue who I am or the full details of what I'm doing.

That's cute. Look, everybody! Someone who is actually naive enough to believe that's all Microsoft is doing!

Here's a clue from the clue-box: Do you really think they would go to all the trouble that they have, just to see if they can "Improve the Experience"?

TANSTAAFL and Qui Bono apply here.

Re: Sigh, guess no Win boxes in the lab then

[BarbaraHudson]

Microsoft is just helping you put into practice the (your) data wants to be free thing.

Re:

[lgw]

Ubuntu too, of course, part of their program of copying everything MS does.

Re:

[macs4all]

Microsoft is just helping you put into practice the (your) data wants to be free thing.

So, if that's true, why don't we all just cause crash after crash, filling up their servers and bandwidth until they are forced to rethink their mass data collection strategy?

Re:

[macs4all]

Stallman warned everyone that proprietary software turns on the user in the end.

I know of some [apple.com] that won't [apple.com].

The guy who turned on "DoNotTrack" in IE?

[xxxJonBoyxxx]

So...did Microsoft take the guy who turned on "Do Not Track" in IE out back and shoot him?

No, that guy killed DoNotTrack dead. DNT for Beta

[raymorris]

No, the guys who wanted more tracking took that guy out for a beer. That's the guy who killed off DoNotTrack. Like Private Browsing in Firefox or Incognito Mode in Chrome, DNT was about the balance between privacy on one hand and convenience/features on the other hand. DNT was supposed to mean that the user valued privacy more than convenience and features at the moment. Here's what was supposed to happen, what DNT was intended for:

Case 1, no DNT header:
I go to Slashdot, and have not set a specific DNT header. I therefore get the DEFAULT tracking/personalization behaviors of Slashdot, including:
        I'm not redirected to Beta, because Slashdot tracks that I set "do not showme beta".
        On my mobile device, I'm not redirected to m.slashdot.org, because again Slashdot tracks my preferences based on some identifier/cookie.

Case2, with DNT header:
I launch a Private Browsing window in Firefox, or an Incognito tab in Chrome.
The browser prompts "DNT: Do you want to tell web sites to avoid identifying you or tracking your preferences? Some features and preferences may not work in DNT mode."
I click "yes, send the DNT header".
Slashdot sees that I have expressed that I want a higher level of privacy than the default, that I am willing to give up personalization in exchange for privacy.
Slashdot does not set a cookie, and I get redirected to m.slashdot.org or beta.slashdot.org each time. It does not track me to know my preferences between sessions.

It's all about the balance between privacy and convenience. Much like Incognito / Private Browsing mode disables the browser history, autocomplete, and other useful features in exchange for better privacy.

In short, the purpose of DNT was to communicate the user's desire to value privacy over convenience.

By violating the spec and sending DNT as the DEFAULT, the DNT header in IE suddenly meant "the user probably wants the DEFAULT balance between privacy and convenience". Since IE sent DNT by default, it no longer provided any information about the user's priorities regarding convenience vs privacy. It therefore became completely useless for it's purpose. That guy killed DNT.

-----

Here's a concrete example. Quoting from the DNT policy:

| all user identifiers, such as unique or nearly unique
| cookies, "supercookies" and fingerprints are discarded

Do you really think that all sites are going to get rid of cookies, including "don't show me Beta" cookies, for anyone and everyone using IE? Just because Microsoft thought it was a good idea? No friggin way. If the USER chose to actively ticked the box, perhaps so. Because Microsoft's marketing team thought that "Do Not Track" sounded good and that breaking most web sites was an acceptable side effect? I don't think so.

Re:

[exomondo]

Do you really think that all sites are going to get rid of cookies, including "don't show me Beta" cookies, for anyone and everyone using IE? Just because Microsoft thought it was a good idea? No friggin way. If the USER chose to actively ticked the box, perhaps so. Because Microsoft's marketing team thought that "Do Not Track" sounded good and that breaking most web sites was an acceptable side effect? I don't think so.

So you're saying privacy should be opt-out rather than opt-in.

Re:

[bondsbw]

Yet in the same comment, he's saying that making it opt-out is the reason it died.

Re:

[exomondo]

Yet in the same comment, he's saying that making it opt-out is the reason it died.

So we can't privacy by default. You should have no privacy unless you opt-in to having it.

Re:

[bondsbw]

No, I agree with your original statement. I was just pointing out the contradiction in the post by raymorris. (And to be clear, it's not a contradiction in logic but a contradiction between ideal and reality.)

What it IS, not SHOULD be. I prefer both

[raymorris]

I didn't say anything about my opinion of what SHOULD be. I described what the DNT spec does actually say. It says the header means that user actively chose to give up convenience and features , choosing more privacy instead. That's the meaning of the DNT header, per the DNT spec. I didn't write the spec, I just read it.

As written, DNT is well matched with Private Browsing mode. Sometimes I use Private Browsing. Most of the time I don't use it, because I LIKE auto complete. But I don't like my addres

Re:

[exomondo]

The fact that you have to explicitly say you want privacy makes it a bad spec to begin with, just like having to explicitly say you dont want to participate in Windows' CEIP rather than it being something you opt-in to is bad for privacy (even though in that case it's just telemetry data).

I don't entirely disagree

[raymorris]

I don't entirely disagree with you. However, consider this. You not only got on the web, you also LOGGED IN and posted your private opinions publicly. For whatever reason, you just chose to make your private thoughts public, and chose to have Slashdot track your /. user id. That shows that SOMETIMES, you want Slashdot to identify you. Sometimes, privacy is not the most important thing to you.

If you're like me, you clicked the "don't redirect me to beta" button. You'

Re:

[exomondo]

I don't entirely disagree with you. However, consider this. You not only got on the web, you also LOGGED IN and posted your private opinions publicly. For whatever reason, you just chose to make your private thoughts public, and chose to have Slashdot track your /. user id. That shows that SOMETIMES, you want Slashdot to identify you. Sometimes, privacy is not the most important thing to you.

Right, and I prefer to choose when that is, not have that as the default.

On the other hand, I want my Google maps to be very convenient. I'd rather it remember frequently used addresses rather than make me type em in every time.

Yes and you should opt in to that.

Re:

[AmiMoJo]

There is no reason why in your example Slashdot could not remember your preferences without tracking you. A simple anonymous cookie with no unique ID for beta/no beta and mobile/desktop is all that is required.

Even logging in is possible without violating DNT. Just discard any tracking data not essential for the provision of logged in services. DNT doesn't mean "do not set cookies", it means "don't track my browsing habits for any reason other than the provision of the services I ask for (e.g. advertising).

read the RFC

[raymorris]

If you're interested, you can read the actual DNT RFC rather than guessing about what it says.

There's nothing in the spec about "reason other than the provision of the services". There is one mention of advertising- tracking is ALLOWED under an exemption for advertising fraud detection. So almost the opposite of what you guessed it says.

Kickstarter Needed

[Tokolosh]

I am willing to contribute money for the development of (hopefully) simple software or scripts rid my system of this malware, once installed.

Also, some ongoing review system which only allows MS updates that are deemed benign.

Sheesh, it's getting tedious to wade through all the KB verbiage with my evil lawyer hat on.

Re:Kickstarter Needed

[Tokolosh]

https://github.com/WindowsLies... [github.com]

Someone is on the case!

Re:

[green is the enemy]

I've also been eyeing this project, but haven't tried it on any of my machines yet. In the reddit /r/sysadmin thread [reddit.com] people seem quite critical of this script. There is credible opinion that these updates will be required for windows to continue updating in the future, so it's dangerous to remove them; and that privacy cannot be achieved anymore while running Microsoft operating systems.

Re:

[AmiMoJo]

I wish that guy documented his work a bit more and didn't come off as paranoid. Why does he block hotmail.com, for example? I need login.love.com to use OneDrive for my encrypted backups. Blocking random Akamai servers doesn't sound like a good idea either.

What we need is a minimal set of blocking rules, with each one well documented with evidence that it actually needs to be blocked. None of this hacky "block a bunch of random web sites because they are associated with Microsoft" crap.

There is too much spe

Re:

[ilsaloving]

I found this. Dunno if it's 100% comprehensive, but it's a start.

http://www.hakspek.com/securit... [hakspek.com]

Trifecta of obscurity

[Okian Warrior]

"Raises privacy concerns" is elliptical speech: it's made to be deliberately obscure. (It uses "causes concern" to convey the central point without giving any information about what the point is.)

It's also passive voice [wikipedia.org], in that there's no person performing the action, the action is simply "caused" by something. (For comparison, consider "we wrote reports" versus "reports were written".) Hence, there's no person or group responsible, it's simply an aspect of situation.

And finally, the phrase uses framing [wikipedia.org] to soften the effect. Your personal information isn't being harvested, the system simply "raises some concerns".

Taken as a whole the headline tries to get the reader emotionally involved by stating something we should be concerned about, without saying in concrete terms *that* there is anything to be concerned about, and that it's *other people* who are concerned.

Meh. This didn't work on me, I'm not actually concerned, I'm going to ignore it.

(Propaganda success!)

Re:

[The-Ixian]

I am with you, my friend.

If they really want to know where my desktop is.... I guess it is no secret anyway... I mean I am using a public IP after all...

Windows 10

[Fire_Wraith]

I really want to like Windows 10. It seems to have a lot of nice features, was a smooth upgrade from 7, and probably the single most painless OS upgrade I've had on any MS platform (I had to correct a single driver, for a minor issue, and that was it).

But I'm really, really sick of just how blatantly Microsoft is trying to jam every single stupid thing into this, and tie it back to their cloud based bit. And I might even be okay with some of that, because I'm well aware that I wind up giving a lot to Google when I'm using stuff on Android. I might even use some of it, if they weren't going far beyond even what Google does.

The final straw was when they wanted to essentially remove my local account on the machine and replace it with me using a Microsoft account for my local login. No, sorry, but Redmond can go get fucked if they want that. It's one thing to have stuff in a cloud based application that has its own password, but it's another thing for that cloud based password to be my entire system. Perhaps I'm being overly negative, but it's just too much, that they want all this personal data, and they want to tie it all not just to what I do in application land with Outlook/Bing/Edge/Cortana/Skype whatever, but down to the OS level? No. And if it gets worse, I may just have to bite the bullet and do my PC gaming on Linux, and give up on doing anything bleeding edge.

Re:

[ihtoit]

that's Software As A Service for you. Cloud-based login for a local account is just about the stupidest idea I have ever heard of. What if you don't have an internet connection (for example, if you're sitting in a roadside cafe)?

Windows 7 and no automatic updates for me, and I've just started ripping out the other CEIP crap, there's fuckin' loads of it.

Re:

[vux984]

The final straw was when they wanted to essentially remove my local account on the machine and replace it with me using a Microsoft account for my local login.

Apple actually it too.

And in both cases, you can simply say No. It's not as obvious as it should be, but its also pretty trivial to say no, and since saying no, it hasn't bugged me about it again.

Perhaps I'm being overly negative, but it's just too much

I tend to think so too. But some people actually seem to like it.

I may just have to bite the bullet and do my PC gaming on Linux

Or you could just run a local account on your PC as you've always done. And not use Bing, edge, and outlook, and turn off Cortana.

Windows 10 is a product of the times, so anticipate stuff with cloud integration shit to be all over the place... everyon

Cloud logins

[JBMcB]

Cloud login sync between my 8.1 family PC and 8.1 tablet = kinda cool - the kid's pictures and game saves just pop up between the two.

Cloud sync between my 8.1 family PC and 8.1 development box = completely pointless - these are two different machines, I don't want family junk on my dev box or makefiles all over my family machine.

Re:

[FlyHelicopters]

I really want to like Windows 10. It seems to have a lot of nice features, was a smooth upgrade from 7, and probably the single most painless OS upgrade I've had on any MS platform

Amen, it really has been painless. They put a lot of effort into making this super easy. So far I've upgraded more than a dozen machines, ranging from a Core2Quad from 2008 to a recent high end Haswell machine, down to an ultraportable that only came with 32GB of SSD storage and didn't have enough space to install, but it used a USB Flash stick and did it anyway.

No problems. None, zero, ziltch, everything worked perfectly at the first reboot, and that included 5 year old Windows 7 installs that had a mil

Re:

[thegarbz]

The final straw was when they wanted to essentially remove my local account on the machine and replace it with me using a Microsoft account for my local login.

The final straw was providing you something optional which you can change at any time?

Man you're easy to upset.

Re: Windows 10

[ZiggyM]

google does the exact same with their Chromebook login. Windows does let you use a regular username/password untied to the cloud. I did it first thing.

Re:

[iampiti]

Yep, I totally hate what they've done with Win 10 too. It's not that they offer you options for cloud synchronization and such is that they're pushing them hard by making them the default and in many cases, making the "classic" options hard to find (e.g.: creating a local account instead of using a Ms account for login when you install Win 10).
Also for many apps (mail, media player, browser) the default are the "modern"/metro touch-optimized apps, which I find horrible for desktop use because, among other

Re:

[exomondo]

"The final straw" .... You hit the final straw. And you haven't switched operating systems?

No it was the final straw before he pseudonymously posted a strongly-worded opinion in a comment on a story on a website.

Re:

[Fire_Wraith]

It was the final straw with the cloud-based stuff they were trying to shoehorn in. I have it all disabled now, though as I noted in another post, I expect they'll try harder and harder to force that on everyone as time goes by.

Re:Windows 10

[LVSlushdat]

My "last straw" occurred around 2011. I'd just retired friom supporting Windows (and some Linux) for 24 years (1991-2010). After I retired, I used Windows 7 on my home machines for a bit, and finally I decided that there was nothing I do on the computer that requires Windows, so I killed the dualboot, and switched permanently to Linux, specifically Ubuntu.. Since I'm sort of the local neighborhood "tech support", I tried out Windows 10 in Virtualbox, just to familiarize myself with it for when I'm asked to help out a neighbor.. To put it bluntly, I'd NEVER run Windows10 on any of my machines, PERIOD.. And I'll recommend to anybody who asks, that IF they MUST use Windows 10, they need to, AT A BARE MINIMUM, turn off all the privacy-removal stuff and use a local account... Yeah, I know.. keeps you from using that over-rated Cortana crap... Whupteedoo... TL:DR: People who value what little privacy they have left should stay AWAY from Windows 10, Just one man's opinion........

Re:

[mister_playboy]

Windows 7 and 8 are now just as intrusive as 10 so please make sure you include that information in your local tech support opinion.

We have to stay up to date if we are to advise others.

Re:Windows 10 (and 7/8 also)

[LVSlushdat]

yes.. I am discovering that now, in the future, I'll be warning everybody about 7 AND 8... Of course, I'll also be using one or more of these lists of "updates" to REMOVE this crap from Win7/8 when we do our "Windows Janitorial Service"..... Jesus Christ, I'm beside myself with glee that I moved my families computers off MS products in 2011.....

Re:

[Fire_Wraith]

I can keep using a local account, I just have to disable all the stuff they keep trying to shove into it that wants to use it.

At this rate though, I expect they'll soon try to remove even that option for anything except corporate users.

Re:

[yuhong]

Actually, I think Win10 is better in that it makes the option to use a local account visible on the login screen.

Re:Windows 10

[Fire_Wraith]

I try to at least take it into consideration. I don't feel like I need complete privacy and anonymity, in part because I like some of the aspects of the connected and digital world.

That said, I try to at least be aware of some of the trade-offs, and who my information is going to (which sadly is a lot more effort than most people are interested in making). It comes down to who I'm willing to grant access to what information, to what degree - in part because of what they're likely to do with it, as well as what I feel like I get out of the service.

It's part of why I avoid using Facebook, because of their (nightmarish) track record and attitude towards things. On the other hand I use a number of services that are quite capable of tracking lots of things about me, and in some cases noticeably do - everyone from my cellphone provider, to Amazon when I browse or buy stuff, to Google when I search for something or use their map service, etc.

Why do I use those and not Facebook? Mostly because I'm of the opinion Facebook doesn't give a rat's ass who it sells stuff to, and wants to know every last thing about me and my personal life. If anything, they're more like an Intelligence Agency in their overwhelming and aggressive interest in my information. The others are at least more content with the stuff I give them. Amazon? Amazon can know what I buy and view from Amazon, in part because sometimes they'll later show me more stuff that I'm sometimes interested in. I'd be happier with the option to turn it off, maybe, but that's still a choice I can make between shopping there and not.

But there's a difference between having applications that I choose to use - such as Skype for instance - that links back into Microsoft's cloud, and having the very OS itself basically running in SaaS mode with a cloud based account. It's also not just about the privacy issues, but also the security issues that syncing my local password and my cloud password presents.

fix

[o_ferguson]

I've come up with a relatively simple solution. The text at the end of this post is a batch file. You can copy it from here, and paste it into notepad, and save it with any name you want, and the file extension .bat and then click on it to run it. It will look for each of the corrupted updates in order, and either tell you that they aren't installed, or give you the option of removing them. If you do choose to remove one or more of them, it will prompt you to reset your computer after each successful remova

Re:

[mythosaz]

It wouldn't be too much repetition if you considered using the FOR command...

FOR %A IN (list) DO command [ parameters ]

Re:

[ThePhilips]

Nah. It's faster to simply :%s!^!wusa /uninstall /kb:!

suggestion to make slashdot useful again

[ihtoit]

Would the editors consider adding a section for analysis of Windows updates so we can read then decide if we want them instead of having to go on click marathons through the desktop client? Even some sort of Patch Tuesday digest just indicating which of the updates are actual security patches would do it.

Re:suggestion to make slashdot useful again

[Zocalo]

The Internet Storm Centre [sans.edu] (part of SANS) posts one of these fairly shortly after MS releases the patches. Here's their post for the August patch batch [sans.edu] to give you an idea - they don't cover the optional updates at all though.

Re:

[ihtoit]

mod parent up - I don't install any of the optionals anyway. Thanks for that :)

Re:

[AmiMoJo]

This was one of the most asked for features in the Windows 10 feedback app, but it was rejected.

You can only skin the sheep once

[Iamthecheese]

The funny thing about this is until this I was willing to send telemetry to Microsoft. I understand how them knowing when my system crashes helps them fix bugs. I understand the wealth of good-for-everyone knowledge that comes with reports of which precise system file had a problem performing what kind of information. I would block crash reports sometimes, and I would allow other basic telemetry most of the time.

But due to their new privacy policy and other privacy rapine I've blocked every form of telemet

Re:

[yuhong]

What is actually wrong with the privacy policy that led you to disable it?

Re:

[LVSlushdat]

In my neighborhood, I am said "local nerd", and my advice to ANYone who asks, is "If you're on XP, we need to see if your system's use case allows you to use this thing called Linux.. If you're on Windows 7 or 8, STAY where you are... If you bought a new machine with 10, may God bless your soul.. We need to see if your machine's use case allows wiping that nightmare and installing Linux..." These words (or ones like them) have been spoken several times lately.. Especially regarding the poor sap who just bou

OMG!

[viperidaenz]

People who opted in to the Customer Experience Improvement Program are getting updates that send customer experience telemetry data.

What an outrage.

Re:

[Heir Of The Mess]

A good software developer should add logging of errors, unexpected values, and operations that take longer to complete than expected, and there should be a user option to have these logs sent back to the developer. So ok that seems to be what's happening here. As this is an OS it's probably also sniffing for malware like behaviour.

Being Slashdot I guess the unspoken worry is that MS are recording videos of slashdotters watching porn and the developers are having a good laugh. However I doubt that is happeni

Re:

[Octorian]

Yeah, when anyone else does it, this is the normal way software is maintained and supported in the modern connected world.
But when Microsoft does it, we scream bloody murder!

So many things these days seem to have these sorts of double-standards.

Re:

[yuhong]

But this don't mean the data is getting actually sent.

Sigh

[Trogre]

Why, again, do people still use Windows?

Re:Sigh

[exomondo]

Why, again, do people still use Windows?

Because it runs the programs they need to run and works with the devices they use. That is the primary purpose of an operating system, nobody turns on their computer just to use the operating system.

How do I avoid being infected on 8.1?

[DNS-and-BIND]

From what I've read, all of these infected updates are optional, so you have to deliberately install them. Is this true? If not, how do I detect if I've been infected? Someone up the thread posted a link to a github with a batch script you have to run as administrator, that's not really what I'm talking about. I just want to detect.

Re:

[wootcat]

I followed the instructions here...

https://www.hackread.com/microsoft-updates-spy-on-windows7-8-users/ [hackread.com]

It details how to see if you have those KBs installed and if so, how to remove them.

Re:

[LVSlushdat]

With a product like that (bless their hearts!!) I wonder just how long they'll continue to be a "Microsoft Partner".......

HOSTS file to the rescue!

[CxDoo]

Aw man apk will jizzgazm all over this thread. The time has finally come!

Re:

[CxDoo]

Might be but that's a non sequitur, you know that?

Trust on system updates broken

[naranek]

The thing that worries me it that there are now dozens of articles about which updates to remove to disable telemetry or the Windows 10 update nagbox. We've been saying that installing security updates is fundamental to keeping your computer secure. This goes against that. Do we really want to teach people to uninstall random updates based on shady blog articles?

Earlier I had all automatic update checkboxes checked, because I trusted that security updates are just that - security updates. From now on I'll be checking all the updates manually before installing, and I really hate to have to do that.

And before anybody recommends switch to Linux, I already use Linux as my main OS.

Why not just deploy to those participating in CEIP

[ausrob]

Unless there's a sinister plan to expand the use of telemetry in the future, why would these updates even be deployed to users who aren't already participating in the Customer Experience Improvement Program?

Re:

[Anonymous Coward]

I'll just try it again without the rest of the post. Now I get "Your comment has too few characters per line (currently 38.5)." Again, fuck you Slashdot. Let's see if this line can fix it. Let's see if this line can fix it. Let's see if this line can fix it. Let's see if this line can fix it. Let's see if this line can fix it. That didn't work "Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition.". Try again.

ECHO OFF
REM --- remember to invoke from ELEVATE

Re:

[o_ferguson]

Seems a rather lengthy and convoluted batch file - just use this: http://pastebin.com/B3DjTSX1 [pastebin.com]

Re:BATCH SCRIPT REMOVE BAD WIN7 UPDATES

[mythosaz]

Both scripts fail to make use of a simple FOR command.

FOR %A IN (list) DO command [ parameters ]

Re:

[o_ferguson]

Yes it can - I have posted a simple batch file fix in a comment further down the page.

Re:

[mister_playboy]

Microsoft has already solved your workaround by making all new KBs entirely nondescript. Enjoy your black box updates.

Re:

[Mister Transistor]

That's great until you run into an non-uninstallable update. They exist. Check out the "anti-piracy" updates they foisted on us the same way, just TRY to uninstall one of them!

Better to find out what the damn updates do first, and NEVER allow them to install in the first place if possible.

Re:

[Bing Tsher E]

A 5/16" drill through the CPU works, too, but is just as off topic..

Re:

[macs4all]

Ubuntu...

I'll see your Ubuntu, and raise you an OS X.