Author Topic: Windows 10 Privacy Concerns (Read 80537 times)

Deozaan · « **Reply #100 on:** September 08, 2015, 09:52 PM »

I'm running WinPrivacy on Windows 10... and I just got the weirdest request for internet access.

C:\Program Files\WindowsApps\Microsoft.BingFinance_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.MSN.Money.exe

I don't even have money installed!
-wraith808 (September 08, 2015, 09:42 PM)

Money is an app that comes with Windows 10.

Windows 10 Privacy Concerns

My guess is that it's trying to update the "Live Tile" info.

ewemoa · « **Reply #101 on:** September 09, 2015, 02:20 AM »

You could do it with Powershell by using it to do the updates rather than relying on the Windows Update application, so rather than the reactive approach in the script above it would be proactive.

ie. Powershell fetches a list of updates available, compares against a list of unwanted KBs, hides any if found, and then invokes auto-update (which will automatically skip Hidden updates), or does the other updates itself.

So goes the theory.
-4wd (September 08, 2015, 08:59 PM)

Hmm...that would involve changing operational procedures

If I'm willing to go that far, perhaps I should look around (or wait) for more options to appear. At any rate, it seems like keeping an eye out for an alternative approach to updating seems in order.

Thanks for your thoughts!

4wd · « **Reply #102 on:** September 09, 2015, 05:15 AM »

Hmm...that would involve changing operational procedures If I'm willing to go that far, perhaps I should look around (or wait) for more options to appear. At any rate, it seems like keeping an eye out for an alternative approach to updating seems in order.
-ewemoa (September 09, 2015, 02:20 AM)

I've been having a play:

Windows 10 Privacy Concerns

phitsc · « **Reply #103 on:** September 09, 2015, 05:26 AM »

That looks very interesting. Can you also list (or remove) unwanted updates which have already been installed?

4wd · « **Reply #104 on:** September 09, 2015, 05:37 AM »

That looks very interesting. Can you also list (or remove) unwanted updates which have already been installed?
-phitsc (September 09, 2015, 05:26 AM)

That's what the script I wrote up here does, although it just goes ahead and uninstalls them, (or at least tries).

But I was thinking of combining it with this one since it can use the same list of unwanted KBs.

phitsc · « **Reply #105 on:** September 10, 2015, 02:41 AM »

That looks very interesting. Can you also list (or remove) unwanted updates which have already been installed?
-phitsc (September 09, 2015, 05:26 AM)

That's what the script I wrote up here does, although it just goes ahead and uninstalls them, (or at least tries).

But I was thinking of combining it with this one since it can use the same list of unwanted KBs.
-4wd (September 09, 2015, 05:37 AM)

Worked like a charm! Very cool actually. Thanks

4wd · « **Reply #106 on:** September 10, 2015, 06:47 AM »

Worked like a charm! Very cool actually. Thanks
-phitsc (September 10, 2015, 02:41 AM)

You're welcome, nearly finished the next version - you can see what the output looks like above.

Just a couple of typos to murder and work out why global variables don't seem to be

xtabber · « **Reply #107 on:** September 10, 2015, 09:08 PM »

Microsoft has confirmed that it has been downloading the entire Windows 10 upgrade to anyone who has automatic updates turned on, whether or not they have indicated they have requested the upgrade

"For individuals who have chosen to receive automatic updates through Windows Update, we help upgradable devices get ready for Windows 10 by downloading the files they’ll need if they decide to upgrade. When the upgrade is ready, the customer will be prompted to install Windows 10 on the device.”

That's about 3GB of files surreptitiously downloaded under the guise of updating your current OS.

ewemoa · « **Reply #108 on:** September 13, 2015, 12:41 AM »

Does any one know of comprehensive documentation regarding the specifics of all (or nearly all?) MS KB updates?

Apart from looking around at various articles, posts, am currently constructing URLs of the form:

https://support.microsoft.com/en-us/kb/<put-a-relevant-number-here>

ewemoa · « **Reply #109 on:** September 21, 2015, 08:14 AM »

The Windows Update Powershell Module installed.
-4wd (September 01, 2015, 01:14 AM)

In another thread I started looking at a PowerShell program that loads related files relative to the invoked script file.

Do you think the terms of the Module mentioned above would allow bundling?

FWIW, the program I was looking at was Scoop -- there appears to be a PowerShell 2 compatible version at:

https://github.com/d...us/scoop-powershell2

The following seems to be some code that arranges for the aforementioned loading of code relative to the invoked script:

https://github.com/d...master/bin/scoop.ps1

4wd · « **Reply #110 on:** September 22, 2015, 05:16 AM »

The Windows Update Powershell Module installed.
-4wd (September 01, 2015, 01:14 AM)

Do you think the terms of the Module mentioned above would allow bundling?
-ewemoa (September 21, 2015, 08:14 AM)

Since the Windows Update Powershell Module doesn't include a specific license agreement that I can find, I guess this part of the TechNet terms of use comes into effect:

CONTENT
All Content is the copyrighted work of Microsoft or its suppliers. Use of the Content is governed by the terms of the license agreement, if any, that accompanies or is included with the Content.

If any Content is made available to you on this web site without a license agreement, then you may make a reasonable number of copies of the Content for your internal use in designing, developing, and testing your software, products and services. You must preserve the below copyright notice in all copies of the Content and ensure that both the copyright notice and this permission notice appear in those copies.

Accredited educational institutions, such as K-12 schools, universities, private or public colleges, and state community colleges, may download and reproduce Content for distribution in the classroom for educational purposes. Publication or distribution outside the classroom requires express written permission.

Except as provided above in this section, no portion of the web site may be copied, imitated, published, transmitted, broadcast or distributed, in whole or in part.

Followed by the Copyright section at the end:

2. Grant of Rights
(A) Copyright Grant - Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free copyright license to reproduce its contribution, prepare derivative works of its contribution, and distribute its contribution or any derivative works that you create.
(B) Patent Grant - Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed patents to make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its contribution in the software or derivative works of the contribution in the software.
3. Conditions and Limitations
(A) No Trademark License- This license does not grant you rights to use any contributors’ name, logo, or trademarks.
(B) If you bring a patent claim against any contributor over patents that you claim are infringed by the software, your patent license from such contributor to the software ends automatically.
(C) If you distribute any portion of the software, you must retain all copyright, patent, trademark, and attribution notices that are present in the software.
(D) If you distribute any portion of the software in source code form, you may do so only under this license by including a complete copy of this license with your distribution. If you distribute any portion of the software in compiled or object code form, you may only do so under a license that complies with this license.
(E) The software is licensed “as-is.” You bear the risk of using it. The contributors give no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
(F) Platform Limitation - The licenses granted in sections 2(A) and 2(B) extend only to the software or derivative works that you create that run on a Microsoft Windows operating system product.

Naturally, IANAL so it might pay to ask the original contributor for clarification - it can't hurt.

ewemoa · « **Reply #111 on:** September 22, 2015, 05:37 AM »

Thanks -- I'd started looking at the license terms but didn't allocate the energy to continue far

I was contemplating the idea of making your script "installable" via Scoop and was wondering what to do about the module it depends on. I guess there may be an option to make the module "installable" by Scoop too and create a dependency for it...

4wd · « **Reply #112 on:** September 22, 2015, 07:50 AM »

I was contemplating the idea of making your script "installable" ...
-ewemoa (September 22, 2015, 05:37 AM)

~~Still playing around with the next version, kind of got side-tracked (Real Life ... who needs it) I'll try and get it done in the next day or two.~~

The following requires:

An elevated Powershell console (it will immediately exit if the console isn't elevated);
The Windows Update Powershell Module installed.
Minimum Powershell version required should be v2+ since that's what WUPM requires, (I'm not sure if there's any specific cmdlets that require a later version).
Some knowledge of Powershell ExecutionPolicy so I'm not answering questions

PoSh-Update.ps1

Code: PowerShell [Select]

<#
.SYNOPSIS
   Performs Windows updates with removal of unwanted installed and pending updates.
.DESCRIPTION
   Reads a list of unwanted KB numbers from PoSh-Update.ini and uninstalls them from
   the system and hides them in pending updates.
   Optionally installs any other pending updates.
.REQUIREMENTS
   Powershell v2+
   Windows Update Powershell Module (https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc)
   Elevated Powershell console
.INSTALLATION
   Extract files to a folder, PoSh-Update.ini is to reside in the same folder as
   PoSh-Update.ps1
 
   See included PoSh-Update.ini for format.
 
.PARAMETER <paramName>
   None
.EXAMPLE
   C:\PoSh-Update> powershell.exe -noprofile -executionpolicy bypass -File ".\PoSh-Update.ps1"
#>
 
#Requires -runasadministrator
 
$ErrorActionPreference = 'silentlycontinue' # Prevent error messages screwing up my nice output
$global:restart = $false                    # Flag for restart requirement on (un)install
 
# Checks passed KB number against updates installed on system, attempts to uninstall if found
Function Check-Installed {
  Param(
    [String]$KB
  )
 
  if (!(Get-HotFix -Id $KB)) {
    Write-Host $KB": Not installed" -ForegroundColor yellow -NoNewline
    Return $false
  } else {
    Write-Host $KB": Found, attempting uninstall" -ForegroundColor red -BackgroundColor Black -NoNewline
    $command = "wusa.exe"
    $args = "/uninstall /quiet /norestart /kb:" + ($KB -replace "kb","")
    
    $proc = Start-Process $command -ArgumentList $args -Wait -PassThru
    switch ($proc.ExitCode) {
      0       { Write-Host " Successful " -ForegroundColor Green -BackgroundColor Black }
      3010    { Write-Host " Successful - restart required " -ForegroundColor Green -BackgroundColor Black;
                $global:restart = $true
              }
      default {
        Write-Host " Failed (Exit code:" $proc.ExitCode")" -ForegroundColor Red -BackgroundColor Black;
        Write-Host "See https://support.microsoft.com/en-us/kb/290158 for an explanation"
              }
    }
    Return $true
  }
}
 
# Function to search list of pending updates for occurance of passed KB number from
# unwanted list
Function Check-Pending {
  Param(
    [string]$KB
  )
  
  for ($i = 0; $i -lt $updCol.Count; $i++) {
    if ($updCol[$i].KB -imatch $KB) {
      Write-Host ", " -ForegroundColor Yellow -NoNewline
      Write-Host "found pending," -ForegroundColor Red -BackgroundColor Black -NoNewline
# Try hiding the update
      Hide-Update $KB
# Remove from Update collection regardless of result since we don't want it
      $global:updCol.Remove($updCol[$i]) # | Out-Null
# Return TRUE if it was found
      Return $true
    }
  }
# If it wasn't found then there's no reason to hide it
  Write-Host " or pending" -ForegroundColor Yellow
  Return $false
}
 
# Function to hide an update using KB number
Function Hide-Update {
  Param(
    [string]$idKB
  )
  $test = (Hide-WUUpdate -KBArticleID $idKB -Confirm:$false)
  if ($test.Status -match "H") {
    Write-Host " successfully hidden" -ForegroundColor Green
  } else {
    Write-Host " hiding unsuccessful " -ForegroundColor Red -BackgroundColor Gray
  }
}
 
Function Install-Updates {
# Convert array of remaining KB IDs to string using Output Field Separator ($ofs)
# then pass to Get-WUInstall
  $ofs = '","'
  $KBList = '"'+[string]$updCol.KB+'"'
  Get-WUInstall -KBArticleID $KBList -AcceptAll -IgnoreReboot -Verbose
}
 
 
# Read list of unwanted KBs into an object
$uwList = Get-Content PoSh-Update.ini
# Fetch list of available updates into an object
Write-Host "Fetching list of pending updates from Microsoft servers ... please wait" -BackgroundColor Black
$updates = Get-WUList -MicrosoftUpdate -IsNotHidden -NotCategory Driver
Write-Host $updates.Count "pending update(s)" -BackgroundColor Black
 
$global:updCol = {$updates}.Invoke() # Copy object array to collection so we can remove items
$init = $updCol.Count                # Initial number of updates before cull
 
# For each item in the Unwanted list, iterate through collection to check for installed/pending
$uwList | foreach {
  if (!(Check-Installed $_)) { Check-Pending $_ | Out-Null }
}
 
# Results of cull
Write-Host ""
Write-Host "PoSh-Update.ini contained a total of" $uwList.Count "update(s) to ignore." -BackgroundColor Black
Write-Host "A total of" ($init - $updCol.Count) "update(s) removed from pending update list." -BackgroundColor Black
Write-Host "There is/are" $updCol.Count "update(s) left to install." -BackgroundColor Black
Write-Host ""
 
# If a restart was indicated during uninstallation, indicate it otherwise offer to install
# remaining updates
if ($restart) {
  Write-Host "A restart was indicated to complete uninstallation of one or more updates." -ForegroundColor Yellow -BackgroundColor Black
  Write-Host "Please do so before attempting installation of further updates."
  Write-Host ""
  Write-Host "You may re-run this script after a restart."
} else {
  Write-Host "Preparing to install remaining updates:"
  $updCol | Format-Table KB, Status, Size, Title -AutoSize
 
# Simple Yes/No requester
  $a = new-object -comobject wscript.shell 
  $intAnswer = $a.popup("Continue with installation:", 0, "", 4) 
  If ($intAnswer -ne 6) { 
    Exit       # No
  } else {
    Install-Updates
  }
}

Execution:
Extract PoSh-Update.ps1 and PoSh-Update.ini to a folder.

Open an elevated Powershell console, change to the folder:
powershell -noprofile -executionpolicy bypass -File "PoSh-Update.ps1"

What it does:
Checks for the existence of certain KB hotfixes, (read from the file PoSh-Update.ini, one per line), if it finds one it will attempt to uninstall using WUSA, it will also mark the update as Hidden so it's not downloaded in the next auto-update.

NOTE: Checking and uninstalling updates takes a few minutes, don't be impatient.

Sample output:

Windows 10 Privacy Concerns

USUAL DISCLAIMER: It works for me.

ewemoa · « **Reply #113 on:** September 25, 2015, 11:57 PM »

Sadly, the only reference I have handy at the moment is a rather dryly written college text book sitting on my bookshelf. I can tell you that all versions of Windows have "let's naively use the MAC address to create our IPv6 address!!" disabled by default...
-Innuendo (September 06, 2015, 01:59 PM)

Found the following:

Privacy extensions are enabled by default in Windows (since XP SP1), OS X (since 10.7), and iOS (since version 4.3). Some Linux distributions have enabled privacy extensions as well.

via: https://en.wikipedia...rg/wiki/IPv6#Privacy

FWIW, was examining an Android device with Cyanogenmod 12.x on it, and for the one in question, the extensions didn't seem to be enabled as a portion of the mac address appeared to be easily readable off of the IPv6 address of a network interface.

Innuendo · « **Reply #114 on:** September 27, 2015, 10:17 AM »

FWIW, was examining an Android device with Cyanogenmod 12.x on it, and for the one in question, the extensions didn't seem to be enabled as a portion of the mac address appeared to be easily readable off of the IPv6 address of a network interface.
-ewemoa (September 25, 2015, 11:57 PM)

I found an excellent Q&A on SuperUser here that goes into detail about how to turn on privacy extensions for nearly every desktop OS.

If anyone running Windows is curious to know if the privacy extensions are enabled on their PC, one can open a command prompt and type the following:

netsh interface ipv6 show privacy

As for mobile OSes, it's quite a bit more murky. I found an Android app on the Play Store called IPv6Configthat will show if your device is using privacy extensions and offer to enable them, but it requires root. Unfortunately, my ISP does not use IPv6 routing so I was unable to test it.

ewemoa · « **Reply #115 on:** September 27, 2015, 06:08 PM »

Thanks for the links.

IIUC, it may be relatively straight-forward to check from a terminal app in Android whether privacy extensions are in use:

[Select]

ip a

The result may show information for various network interfaces -- for WiFi, a typical interface name is wlan0. Examine the displayed MAC address and IPv6 address -- roughly, if the last 3 bytes are the same in both, I think it's a good bet that (at least for that interface) the extensions are not in use.

Deozaan · « **Reply #116 on:** September 28, 2015, 12:12 AM »

Thanks for the links.

IIUC, it may be relatively straight-forward to check from a terminal app in Android whether privacy extensions are in use:

[Select]
ip a

The result may show information for various network interfaces -- for WiFi, a typical interface name is wlan0. Examine the displayed MAC address and IPv6 address -- roughly, if the last 3 bytes are the same in both, I think it's a good bet that (at least for that interface) the extensions are not in use.
-ewemoa (September 27, 2015, 06:08 PM)

Seems disabled by default for my on the latest stock Android (Lollipop 5.1.1)!

If anyone running Windows is curious to know if the privacy extensions are enabled on their PC, one can open a command prompt and type the following:

netsh interface ipv6 show privacy
-Innuendo (September 27, 2015, 10:17 AM)

I ran that command and got these results:

[Select]

>netsh interface ipv6 show privacy
Querying active state...

Temporary Address Parameters
---------------------------------------------
Use Temporary Addresses : enabled
Duplicate Address Detection Attempts: 3
Maximum Valid Lifetime : 7d
Maximum Preferred Lifetime : 1d
Regenerate Time : 5s
Maximum Random Time : 10m
Random Time : 5m27s

The "enabled" part makes me think I have the privacy option enabled, but when I check out ipconfig /all, I see my MAC in my IPv6 address...

Or maybe I'm just reading the results incorrectly.

ewemoa · « **Reply #117 on:** September 28, 2015, 01:16 AM »

[Select]
>netsh interface ipv6 show privacy
Querying active state...

Temporary Address Parameters
---------------------------------------------
Use Temporary Addresses : enabled
Duplicate Address Detection Attempts: 3
Maximum Valid Lifetime : 7d
Maximum Preferred Lifetime : 1d
Regenerate Time : 5s
Maximum Random Time : 10m
Random Time : 5m27s
-Deozaan (September 28, 2015, 12:12 AM)

I tried the command for a Windows environment and observed "enabled" as well.

when I check out ipconfig /all, I see my MAC in my IPv6 address...

FWIW, for ipconfig /all, when I look at the value for "Physical Address" and compare it with "Link-local IPv6 Address", I don't see much similarity.

Deozaan · « **Reply #118 on:** September 28, 2015, 06:51 PM »

FWIW, for ipconfig /all, when I look at the value for "Physical Address" and compare it with "Link-local IPv6 Address", I don't see much similarity.
-ewemoa (September 28, 2015, 01:16 AM)

You're right! I was misreading it. I was looking at the value for "DHCPv6 Client DUID" (which contains my entire MAC) rather than "Link-local IPv6 Address."

Thanks!

ewemoa · « **Reply #119 on:** December 08, 2015, 08:06 PM »

The following requires:
An elevated Powershell console (it will immediately exit if the console isn't elevated);
The Windows Update Powershell Module installed.
Minimum Powershell version required should be v2+ since that's what WUPM requires, (I'm not sure if there's any specific cmdlets that require a later version).
Some knowledge of Powershell ExecutionPolicy so I'm not answering questions
-4wd (September 22, 2015, 07:50 AM)

Spent some time wondering where Hide-WUUpdate was only to discover that this was added in the Windows Update Powershell Module in version 1.4.6 as mentioned here:

https://www.powershe...ges/PSWindowsUpdate/

Had inadvertently tried the 3 attachment links on the Module page and those happened to be for 1.3.4, 1.4.3, and 1.4.5...doh!

ewemoa · « **Reply #120 on:** December 08, 2015, 08:47 PM »

BTW, it seems that if Windows Update is already running, changing the hidden status of an update (via Powershell, say) doesn't appear to be reflected in Windows Update's UI until after a subsequent "Check for Updates" operation. At least it didn't here during a test.

May be that was obvious, but FWIW...

4wd · « **Reply #121 on:** December 09, 2015, 06:26 PM »

Spent some time wondering where Hide-WUUpdate was only to discover that this was added in the Windows Update Powershell Module in version 1.4.6 as mentioned here:

https://www.powershe...ges/PSWindowsUpdate/

Had inadvertently tried the 3 attachment links on the Module page and those happened to be for 1.3.4, 1.4.3, and 1.4.5...doh!
-ewemoa (December 08, 2015, 08:06 PM)

I use this link:

Windows 10 Privacy Concerns

ewemoa · « **Reply #122 on:** December 09, 2015, 07:08 PM »

That's what I ended up using in the end

dr_andus · « **Reply #123 on:** December 30, 2015, 09:02 AM »

Has anyone tried or heard about this one yet?

10se1ucgo/DisableWinTracking · GitHub

DisableWinTracking - Uses some known methods that attempt to disable tracking in Windows 10. (Telemetry, DiagTrack Log, Services, hosts-file, IP blocking, Windows Defender / WifiSense, OneDrive)

Edit: In the meantime I found a Reddit thread on it with quite a few comments:
I made my own user-friendly Windows 10 privacy tool for inexperienced users

tomos · « **Reply #124 on:** April 13, 2017, 09:42 AM »

Disclaimer:
I haven't used this software, so not recommending, but I know that the company is reputable and they make good solid (in my experience) image backup software:

O&O ShutUp10
https://www.oo-software.com/en/shutup10

claims to be updated for Windows 10 'Creator' update
says is portable

O&O ShutUp10 means you have full control over which comfort functions under Windows 10 you wish to use, and you decide when the passing on of your data goes too far.

Using a very simple interface, you decide how Windows 10 should respect your privacy by deciding which unwanted functions should be deactivated.

O&O ShutUp10 is entirely free and does not have to be installed – it can be simply run directly and immediately on your PC. And it will not install or download retrospectively unwanted or unnecessary software, like so many other programs do these days!

YT video