Windows 10 Privacy - Keylogger


Recommended Posts

+LogicalApex

I know this was an issue that came up many times during the Insider Preview stage and it was swatted down as a "Beta only" deal from Microsoft. This was widely touted as not sticking around for RTM.

I obtained the RTM build from MSDN to install a tester VM and I am greeted with the same reality in Windows 10 RTM. Why is Microsoft recording typed text by default? This is a major privacy drop for Windows. This coupled with automatic BitLocker key backups to OneDrive and you're left wondering if MS has any care left for privacy and security in Windows.

I'm not wanting a flame filled topic, but a clear discussion of this forward march for Windows. Easy access to your BitLocker recovery key can greatly aid state actors in accessing your data even when you've used Window's Built In encryption. This is, essentially, a sharing of your encryption key. A major problem. Additionally, enabling the recording of text and speech by default is very troubling. I could understand if MS enabled features limited to Cortana when you've enabled Cortana with a clear explanation of what is being collected and why, but this is at the install screen for the entire OS. Additionally, I'm not a Windows Insider and I'm using the MSDN provided RTM ISO shared by MS directly.

 

For the privacy focused like myself I can't help but see Windows 10 as a major step in the wrong direction.

 

Windows 10 RTM Tester - Install Shot 2.PNG

Windows 10 RTM Tester - Install Shot 3.PNG

Edited by LogicalApex
  • Like 3
Link to post
Share on other sites
ryokurin

Android does the same thing.  It's used to improve suggestions. This includes Audio.  As for bitlocker, it tells you this.  Windows 8 did it also. There has to be a way of recourse to get data back for consumers.  Join a domain, or don't use a microsoft account if it bothers you. 

  • Like 3
Link to post
Share on other sites
Draconian Guppy

this is different than a keylogger though

Link to post
Share on other sites
+trag3dy

Maybe I just wasn't paying attention but I thought it was more or less like googles analytics that would help tailor searches (and other things) to your interests when using Cortana?

In any case you can turn both of those options off during the installation process as it clearly shows in the OPs screen shots.

Link to post
Share on other sites
1337ish

Did you post this from Chrome lol?

Joking aside this is actually really common on every platform now, Apple lets you store your keychain stuff on their servers, Chrome backs up your saved passwords and reports address bar key entry etc. As long as its optional its no biggie tbh.

  • Like 1
Link to post
Share on other sites
Ian W

That BitLocker can store backup keys in the cloud is not new; even Windows Vista could optionally backup BitLocker keys (and EFS recovery certificates) in a user's Digital Locker at Windows Marketplace if a user had the Secure Online Key Backup update installed.

I assume that if a user does not want BitLocker to automatically archive keys, that said user should use a local account and should not link to a Microsoft Account or OneDrive.

Link to post
Share on other sites
Draggendrop

I am at least happy that we have choice and can use local account for desktop work in a somewhat secure environment.

  • Like 2
Link to post
Share on other sites
123456789A

Nothing to see here, move along.

  • Like 6
Link to post
Share on other sites
Anibal P

turn the feature off and quit complaining, it is NOT a "keylogger" stop spreading FUD it's pathetic 

  • Like 3
Link to post
Share on other sites
Ian W

Note also that options to collect personalization information are not new as similar services have existed in prior versions of Windows. The Tablet PC Input Panel, for example, could optionally send handwriting samples to Microsoft, and Windows Speech Recognition included an option for a user to allow it to analyze documents and e-mail to improve accuracy of the local recognizer, and as of Windows 7, includes an option to submit speech information to Microsoft to improve future versions of the feature.

Link to post
Share on other sites
Torolol

yes its has been improved, before it was app specific keypress collection, and now it OS wide operations.

will your typed passwords and login info recorded by it? absolutely. Especially if Microsoft decided that you must accept patches that will not honor your choice to the Turn Off the services.

Link to post
Share on other sites
+LogicalApex

this is different than a keylogger though

How so? A Keylogger is a program that captures key-presses...

Keystroke logging has become an established research method to study writing processes.[6][7] Different programs have been developed to collect online process data of writing activities,[8] including Inputlog, Scriptlog, and Translog.

In terms of legitimate uses, Keystroke logging can be a suitable research instrument in a number of writing contexts. These include studies on cognitive writing processes, description of writing strategies, the writing development of children with and without writing difficulties, spelling, first and second language writing, and specialist skill areas such as translation and subtitling. Keystroke logging be used in research specifically on writing, it can also be integrated in educational domains for second language learning, programming skills, and typing skills.

Source: https://en.wikipedia.org/wiki/Keystroke_logging

turn the feature off and quit complaining, it is NOT a "keylogger" stop spreading FUD it's pathetic 

It is a keylogger... Obviously, I don't think Microsoft aims to log into you bank account using the data, but it is an important thing to discuss at any rate... From a privacy perspective it is worthy of a question.

..... What a waste of a thread. 

I'd disagree... Discussing the loss of privacy and the implications of a keylogger in the OS is valid. Especially with the extent and frequency of recent data breaches. It is a valid discussion. How does Microsoft limit its data collection? Do they tie it to user accounts? What do they do to limit capturing of passwords and usernames and the like. Again, worthy of a discussion as this is a major shift for the computing industry...

But I do understand that discussions can often be hard to have. Judging by the lack of one here. I'll just conclude that privacy is a non-issue. At least among the crowd here...

  • Like 6
Link to post
Share on other sites
+Eternal Tempest

Microsoft's seems to be abandoning the we don't do x with your data, and doing what Google, Apple are doing.

Link to post
Share on other sites
Dot Matrix

Well, obviously Microsoft is the evil ones here, even though Apple and Google do it. But that's ok, because they're the darling childs of the market. They can do no wrong.

 

^ Pretty much what I've gotten from this thread.

Link to post
Share on other sites
+Eternal Tempest

Well, obviously Microsoft is the evil ones here, even though Apple and Google do it. But that's ok, because they're the darling childs of the market. They can do no wrong.

 

^ Pretty much what I've gotten from this thread.

The past fanboy level of enthusiasm of Ms is better then X, due to not doing X,Y,Z arguments tend to invoke a strong counter response when MS is starting to do what the other's have been. I've already disabled the options in Privacy, and what apps can access on Win10 on the laptop.

Link to post
Share on other sites
+LogicalApex

Well, obviously Microsoft is the evil ones here, even though Apple and Google do it. But that's ok, because they're the darling childs of the market. They can do no wrong.

 

^ Pretty much what I've gotten from this thread.

What does Google and Apple have to do with this? Obviously, if they do so then it is a problem for them as well... The topic is Windows 10, which is obviously a MS product, but that doesn't mean I think this is a good practice if anyone else does it.

But for some reason we can't have discussions anymore. It is always reduced to brand loyalty as a way to deflect or minimize.

Microsoft spent years branding against this practice with its Scroogled campaign...

Link to post
Share on other sites
Osiris

I agree with Logical Apex its a worthy discussion, and a bad sign that asking such questions is met with responses like 'stop complaining' or ''abcd' do it too so its all good'

I was unaware inking was also sent also thought this was only applicable to the insider program, very surprised it's in the final release.

Clearly a lot of people aren't concerned with these topics and that's fine but i'd definitely like more information from MS on what is collected, how it is secured and if its tied to personal id.  Even basic things like how does it differentiate between collecting data regularly and not collecting your bank information?  Is inprivate mode a contradiction, what privacy do you have if its collecting data when in this mode?

  • Like 2
Link to post
Share on other sites
+Eternal Tempest

What does Google and Apple have to do with this? Obviously, if they do so then it is a problem for them as well... The topic is Windows 10, which is obviously a MS product, but that doesn't mean I think this is a good practice if anyone else does it.

But for some reason we can't have discussions anymore. It is always reduced to brand loyalty as a way to deflect or minimize.

Microsoft spent years branding against this practice with its Scroogled campaign...

I also have concerns about changes in a computer OS to have the constant monitor, identification.

Especially enabled by default, now MS goals may be authentic about customer, privacy, but the face if a hacker, or state agency can gain access pass the protection.

Link to post
Share on other sites
neo1911

Nothing to see here, move along.

People have liked your ignorant post. Hats off to them.

But a simple reg trick will disable telemetry and keyboard logger.

 

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
"AllowTelemetry"=dword:00000000

 

Save this as txt file and rename the txt extension to reg.

Then run that reg file and install the key.

cayR8f6.png

reeb6my.png

All sending of data and keystroke settings are greyed out and disabled.

  • Like 3
Link to post
Share on other sites
Dot Matrix

What does Google and Apple have to do with this?

Why not include them if you want to talk about this? Why single out Windows?

Link to post
Share on other sites
DemonicHawk

People have liked your ignorant post. Hats off to them.

But a simple reg trick will disable telemetry and keyboard logger.

 

...

Actually, there's no indication that that registry trick does anything at all. There's a group policy setting with the exact same name and setting it to 0 gives the same effects.

The description however clearly indicates that a value of 0 is only applicable to enterprise versions.

 

win10telemetry.png

  • Like 1
Link to post
Share on other sites
Osiris

Why single out Windows?

By virtue of the forum the topic is in and the specific Windows 10 settings being discussed? 

The ability to limit it to one OS, which the user is using doesn't preclude a civil discussion on it without resorting to what apple and google are doing.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Richard C.
      As topic title says, the setting app itself opens and works fine, however when I ever I try and click "data usage" the app closes silently.
       
      A log is shown of it now workning in reliability, and I've posted it here.
       

       
      I've tried running dism and it says it found no corruption, I've tried using an alternate user account, and I've tried using the windows update troubleshooter, they all say everything is fine. 
       
      Any idea on what to do next?
    • By Premgenius
      I wasn't able to find anything useful, in terms of how to hide/remove the File Size and File Type shown under the File name when Windows Explorer is set to Tiles view, any suggestions?
       

    • By Stoffel
      Hi guys, it's been a while.
      I'm looking for some information about using Storage Spaces in Windows 10 with USB3 external drives.
      At the moment i have 3 HD's storing my Movies and TV series., I do have a bunch of extra USB3 HD's not in use. those 3 HD's contain about 6TB of data.
       
      I'm wondering if it's worth putting all these HD's into a Storage Pool with Parity so if one HD would crash i can recover everything easy. Just as some form of extra security.
       
      I'm aware that this is not the ideal backup situation, or  that there are better option by going with a NAS. I'm not interested in that discussion at the moment, they are all to expensive :) I'm just looking for some info from people using Storage Spaces with parity that can confirm that it actually works reliably over time.
       
      Anybody here that has experience with Storage Spaces in Win 10 with USB3 HD's? Please give me your opinion!
    • By farmeunit
      I have never seen this before and I'm waiting to hear from the company that does our imaging software, as well.
       
      We have a blocked inheritance OU for a temporary location during imaging to stop policies from interfering with anything, then they're moved to an OU with basic policies until moved to their final location.  This have worked fine for 2 years.  I have one cart that started out as two laptops that had issues.  I re-imaged them and everything was fine.  I needed to do the whole care anyway, so re-imaged those.  I held back 3 to finish updates and all 3 of them exhibit the same issue.  I can DM the files to someone if the want to see them. 
       
      Basically, in the bad one, it has this:D
       
      The good one this:
       
      They are not in that OU any longer, so I don't know why it not pulling the GPOs.  It's actually pulling computer GPO, but not User GPOs.
       
      I have tried removing/adding computers to the domain, but nothing changes.  I tried deleting the security database from machine and did a GPUDATE /FORCE and nothing changes.
       
      Also:
      The Block Inheritance flag is only difference in GPRESULT in that section.
    • By Dutchie64
      Hi all,

      Playing around with Cortana on my WIn10 PC, and running into some Cortana related issues. Everything in the Settings app and Cortana is configured and working as far as I can tell...

      First one is Calendar related:
      I'm running the Win10 Calendar app, and using my Google account for the appointments etc. I also added Cortana to add reminders for me,. All this works fine.
      If I now ask Cortana for my schedule for say the next day, it finds results and gives me a list.
      But it ONLY shows me the name of the Calendar entry, no time block or even the day, e.g. just 'Appointment X'. This makes it useless when you have multiple appointments for one, and no time table finishes it off.

      Odd things is also that the Calendar entries ( in month view) are shown as  " 19 GymTime " . Hovering over it will give you the popup with a more correct " date - GymTime 19 - 20 " overview.
      Clicking on  a day gives me a full overview of appointments with the correct start/end times too.
      It looks like some of the information is lost for Cortana?
       
      Funny detail is that Cortana on my phone DOES show me a nice overview of dates, time (in e.g. 19:00-20:00) and appointment entry.
      Same Calendar data form Google, same MS account, same Cortana.... Jay Android?

      Second one is Music:
      I cannot seem to link Cortana to Groove, only online services are listed under the Music notebook. I CAN start Groove via Cortana, but cannot let Groove play an artist or alike via a Cortana request.
      Anyone has a trick for this?

      cheers for any tips,

      rob