Windows 10 Privacy Hacks; Stop Auto-download of Updates

[Astronomer]

Hi all,

 

Here's what I've compiled so far. If you want to lock your system down and stop the annoying auto-install of updates, this info will help. Sure, some of the new features require sending a boatload of your info to Microsoft servers, but I don't need those features and I want my operating system to just run my programs, thank you very much. Otherwise, Windows 10 is a good incremental update to the Windows OS.

 

After opening "Windows Firewall with Advanced Security", you'll find two pre-defined Outbound rules, both of which are labelled "Search". Try right-clicking and disabling these rules. That was enough to disable Bing searching in the preview builds (before Microsoft provided the option not to include online search results). I cannot test at the time of writing, but it may be enough to prevent connections from being established by the search component to the *.a-msedge.net servers.

 

EDIT #1: Keeping both rules enabled and changing the policy of each to "Block the connection" does the trick. Without taking this measure, it seems that the search component continues to harvest keystrokes and send them to Bing, even if one has toggled the button to omit online search results.

 

EDIT #2: After changing the rules to block, if "Search online and include web results" is re-enabled and the entered search term does not match any local content, an entry to "Search the web" for the term is provided but the instant Bing results remain disabled. Clicking on said entry will convey the search term to Bing, by way of the default browser.

 

Last edited by kerframil on Tue Aug 04, 2015 7:09 am

=====================

 

 If anyone is interested in turning off telemetry entirely, create a 32-bit DWORD in the Windows registry called AllowTelemetry and set it to zero, under the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection

Then turn off the following services:

Diagnostics Tracking Service
dmwappushsvc

Reboot, and you're done.. 

 

http://arstechnica.com/information-technology/2015/08/windows-10-doesnt-offer-much-privacy-by-default-heres-how-to-fix-it/?comments=1

 

http://winaero.com/blog/how-to-disable-telemetry-and-data-collection-in-windows-10/

 

http://winaero.com/blog/how-to-disable-windows-update-in-windows-10-rtm/

 

===================

 I intend to investigate further. In the meantime, I want to point out that it is trivial to manually create a rule that accomplishes the same. In the Outbound rule list, select New Rule then choose Custom (in my case, the Predefined drop-down no longer lists Search as an option). Click Next, Customize, Apply to this service, then select "Windows Search" as the service. Finally, keep clicking Next until the rule has been added. Another method is to match against the Application Package name - as the predefined rule did - rather than the Service name. In my case, the package name is "microsoft.windows.cortana_cw5n1h2txyewy". This method is slightly less convenient because, for some reason, it's not possible limit the scope to an application package until after a rule has been added. 

http://arstechnica.com/information-technology/2015/08/windows-10-doesnt-offer-much-privacy-by-default-heres-how-to-fix-it/?comments=1&start=200

==================

 

 Follow this guide to disable data collection:
http://winaero.com/blog/how-to-disable- ... indows-10/

Also edit your HOSTS file to block these websites:

0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 bingads.microsoft.com
0.0.0.0 www.bingads.microsoft.com

Edited August 12, 2015 by Astronomer

[Merlin007]

Thanks for the info astro. Will certainly give this a gander.

[Mossticles]

If you don't want to edit your hosts file yourself, you can use "Destroy Windows 10 Spying" - it does that for you and more.

 

Hint: Set a restore point before using it. Just in case.

Edited August 13, 2015 by M0stlyHarmless

[Sammy]

Considering how people feel about privacy, and that there are so many places that tell you how to delve into Windows and shut this all off, who came up with this bright idea? Certainly the bright idea of making the default opt-in? The 'user experience' arguments are nice and all. But how many people would actually sacrifice email privacy in order to get it? I wouldnt.

 

One of the reasons I am highly suspicious of this whole thing is that it conveniently bypasses the whole encryption problem the various authorities have to deal with. Since keystrokes are all uploaded to MS and stored they have copies of everything before any encryption is done. So even the strongest encryption in the world is pointless unless it was done elsewhere before a single key was pressed.

[Astronomer]

How to edit your Hosts file:

 

http://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/?PageSpeed=noscript

[hxtr]

If you don't want to edit your hosts file yourself, you can use "Destroy Windows 10 Spying" - it does that for you and more.

 

Hint: Set a restore point before using it. Just in case.

Follow this advice.... it will put 103 host file exclusions. I contend them today in the AM.

 

All good info. I have a cure. Will post later.

[ChknFngr]

http://www.techworm.net/2015/08/windows-10-sends-data-to-microsoft-despite-of-privacy-setting-set-not-to.html

[hxtr]

I think it is best to just run 7 or 8. Fuck windows 10. I am not upgrading anyone else to it.

[Sammy]

It's all about trust. The question is, do people trust Microsoft and Win10.

[hxtr]

It's all about trust. The question is, do people trust Microsoft and Win10.

I would say no and no to that. Then again I have trust issues.

[Sammy]

I guess the funniest part... or saddest... is how some are unconcerned about privacy and hacking problems so long as its cool to use. Facebook generation I guess. Which is fine. But I dont do Facebook nor want my OS to follow its example.

[7Toes]

http://pxc-coding.com/portfolio/donotspy10/  here you go down load this simple its creates a restore point before you do anything

[hxtr]

One thing to think about is when you run updates... they can add these back and can add new ones. So this will be a cat and mouse game from now on.

This is the perfect time for Lunix to rule the world.

[Sammy]

If Linux was actually coordinated in a big way then it would be a significant challenge. But as always that takes money. Lots of money. Especially since you cannot sell it.