Windows 10 Privacy - Keylogger

By +LogicalApex
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

+LogicalApex MVC

Posted
  • MVC
Posted (edited)

I know this was an issue that came up many times during the Insider Preview stage and it was swatted down as a "Beta only" deal from Microsoft. This was widely touted as not sticking around for RTM.

I obtained the RTM build from MSDN to install a tester VM and I am greeted with the same reality in Windows 10 RTM. Why is Microsoft recording typed text by default? This is a major privacy drop for Windows. This coupled with automatic BitLocker key backups to OneDrive and you're left wondering if MS has any care left for privacy and security in Windows.

I'm not wanting a flame filled topic, but a clear discussion of this forward march for Windows. Easy access to your BitLocker recovery key can greatly aid state actors in accessing your data even when you've used Window's Built In encryption. This is, essentially, a sharing of your encryption key. A major problem. Additionally, enabling the recording of text and speech by default is very troubling. I could understand if MS enabled features limited to Cortana when you've enabled Cortana with a clear explanation of what is being collected and why, but this is at the install screen for the entire OS. Additionally, I'm not a Windows Insider and I'm using the MSDN provided RTM ISO shared by MS directly.

 

For the privacy focused like myself I can't help but see Windows 10 as a major step in the wrong direction.

 

Windows 10 RTM Tester - Install Shot 2.PNG

Windows 10 RTM Tester - Install Shot 3.PNG

Edited by LogicalApex
  • +Asmodai, f0rk_b0mb and Kelxin
  • Like 3
Link to comment
https://www.neowin.net/forum/topic/1266376-windows-10-privacy-keylogger/
Share on other sites
Enthusiast

ryokurin

Posted
Posted

Android does the same thing.  It's used to improve suggestions. This includes Audio.  As for bitlocker, it tells you this.  Windows 8 did it also. There has to be a way of recourse to get data back for consumers.  Join a domain, or don't use a microsoft account if it bothers you. 

  • +ekoht, Eric and corrosive23
  • Like 3
Grand Master

trag3dy

Posted
Posted

Maybe I just wasn't paying attention but I thought it was more or less like googles analytics that would help tailor searches (and other things) to your interests when using Cortana?

In any case you can turn both of those options off during the installation process as it clearly shows in the OPs screen shots.

Proficient

purrcher

Posted
Posted

A reddit post a few months back might be useful to you:https://www.reddit.com/r/Windows10/comments/31rxsv/disable_keylogger_windows_10/

Not sure if I agree with it or not, but when I tried it on a system last time nothing seemed to break (but i don't use the modern apps or cortana so it might effect those things).

  • +LogicalApex and +Audioboxer
  • Like 2
Veteran

1337ish

Posted
Posted (edited)

Did you post this from Chrome lol?

Joking aside this is actually really common on every platform now, Apple lets you store your keychain stuff on their servers, Chrome backs up your saved passwords and reports address bar key entry etc. As long as its optional its no biggie tbh.

Grand Master

Ian W

Posted
Posted

That BitLocker can store backup keys in the cloud is not new; even Windows Vista could optionally backup BitLocker keys (and EFS recovery certificates) in a user's Digital Locker at Windows Marketplace if a user had the Secure Online Key Backup update installed.

I assume that if a user does not want BitLocker to automatically archive keys, that said user should use a local account and should not link to a Microsoft Account or OneDrive.

Grand Master

Ian W

Posted
Posted

Note also that options to collect personalization information are not new as similar services have existed in prior versions of Windows. The Tablet PC Input Panel, for example, could optionally send handwriting samples to Microsoft, and Windows Speech Recognition included an option for a user to allow it to analyze documents and e-mail to improve accuracy of the local recognizer, and as of Windows 7, includes an option to submit speech information to Microsoft to improve future versions of the feature.

Grand Master

Torolol

Posted
Posted

yes its has been improved, before it was app specific keypress collection, and now it OS wide operations.

will your typed passwords and login info recorded by it? absolutely. Especially if Microsoft decided that you must accept patches that will not honor your choice to the Turn Off the services.

Grand Master

+LogicalApex MVC

Posted
  • Author
  • MVC
Posted

this is different than a keylogger though

How so? A Keylogger is a program that captures key-presses...

Keystroke logging has become an established research method to study writing processes.[6][7] Different programs have been developed to collect online process data of writing activities,[8] including Inputlog, Scriptlog, and Translog.

In terms of legitimate uses, Keystroke logging can be a suitable research instrument in a number of writing contexts. These include studies on cognitive writing processes, description of writing strategies, the writing development of children with and without writing difficulties, spelling, first and second language writing, and specialist skill areas such as translation and subtitling. Keystroke logging be used in research specifically on writing, it can also be integrated in educational domains for second language learning, programming skills, and typing skills.

Source: https://en.wikipedia.org/wiki/Keystroke_logging

turn the feature off and quit complaining, it is NOT a "keylogger" stop spreading FUD it's pathetic 

It is a keylogger... Obviously, I don't think Microsoft aims to log into you bank account using the data, but it is an important thing to discuss at any rate... From a privacy perspective it is worthy of a question.

..... What a waste of a thread. 

I'd disagree... Discussing the loss of privacy and the implications of a keylogger in the OS is valid. Especially with the extent and frequency of recent data breaches. It is a valid discussion. How does Microsoft limit its data collection? Do they tie it to user accounts? What do they do to limit capturing of passwords and usernames and the like. Again, worthy of a discussion as this is a major shift for the computing industry...

But I do understand that discussions can often be hard to have. Judging by the lack of one here. I'll just conclude that privacy is a non-issue. At least among the crowd here...

Grand Master

Dot Matrix

Posted
Posted

Well, obviously Microsoft is the evil ones here, even though Apple and Google do it. But that's ok, because they're the darling childs of the market. They can do no wrong.

 

^ Pretty much what I've gotten from this thread.

Grand Master

+Eternal Tempest MVC

Posted
  • MVC
Posted (edited)

Well, obviously Microsoft is the evil ones here, even though Apple and Google do it. But that's ok, because they're the darling childs of the market. They can do no wrong.

 

^ Pretty much what I've gotten from this thread.

The past fanboy level of enthusiasm of Ms is better then X, due to not doing X,Y,Z arguments tend to invoke a strong counter response when MS is starting to do what the other's have been. I've already disabled the options in Privacy, and what apps can access on Win10 on the laptop.

Grand Master

+LogicalApex MVC

Posted
  • Author
  • MVC
Posted

Well, obviously Microsoft is the evil ones here, even though Apple and Google do it. But that's ok, because they're the darling childs of the market. They can do no wrong.

 

^ Pretty much what I've gotten from this thread.

What does Google and Apple have to do with this? Obviously, if they do so then it is a problem for them as well... The topic is Windows 10, which is obviously a MS product, but that doesn't mean I think this is a good practice if anyone else does it.

But for some reason we can't have discussions anymore. It is always reduced to brand loyalty as a way to deflect or minimize.

Microsoft spent years branding against this practice with its Scroogled campaign...

Grand Master

Osiris

Posted
Posted

I agree with Logical Apex its a worthy discussion, and a bad sign that asking such questions is met with responses like 'stop complaining' or ''abcd' do it too so its all good'

I was unaware inking was also sent also thought this was only applicable to the insider program, very surprised it's in the final release.

Clearly a lot of people aren't concerned with these topics and that's fine but i'd definitely like more information from MS on what is collected, how it is secured and if its tied to personal id.  Even basic things like how does it differentiate between collecting data regularly and not collecting your bank information?  Is inprivate mode a contradiction, what privacy do you have if its collecting data when in this mode?

  • Ian W and +LogicalApex
  • Like 2
Grand Master

+Eternal Tempest MVC

Posted
  • MVC
Posted

What does Google and Apple have to do with this? Obviously, if they do so then it is a problem for them as well... The topic is Windows 10, which is obviously a MS product, but that doesn't mean I think this is a good practice if anyone else does it.

But for some reason we can't have discussions anymore. It is always reduced to brand loyalty as a way to deflect or minimize.

Microsoft spent years branding against this practice with its Scroogled campaign...

I also have concerns about changes in a computer OS to have the constant monitor, identification.

Especially enabled by default, now MS goals may be authentic about customer, privacy, but the face if a hacker, or state agency can gain access pass the protection.

Grand Master

neo1911

Posted
Posted

Nothing to see here, move along.

People have liked your ignorant post. Hats off to them.

But a simple reg trick will disable telemetry and keyboard logger.

 

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
"AllowTelemetry"=dword:00000000

 

Save this as txt file and rename the txt extension to reg.

Then run that reg file and install the key.

cayR8f6.png

reeb6my.png

All sending of data and keystroke settings are greyed out and disabled.

  • Steven P., +Asmodai and Osiris
  • Like 3
Rising Star

DemonicHawk

Posted
Posted

People have liked your ignorant post. Hats off to them.

But a simple reg trick will disable telemetry and keyboard logger.

 

...

Actually, there's no indication that that registry trick does anything at all. There's a group policy setting with the exact same name and setting it to 0 gives the same effects.

The description however clearly indicates that a value of 0 is only applicable to enterprise versions.

 

win10telemetry.png

Grand Master

Osiris

Posted
Posted

Why single out Windows?

By virtue of the forum the topic is in and the specific Windows 10 settings being discussed? 

The ability to limit it to one OS, which the user is using doesn't preclude a civil discussion on it without resorting to what apple and google are doing.

  • +LogicalApex
  • Like 1
This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • LibreOffice developer takes a dig at Euro-Office in new open letter

      By Ccl Ncc · Posted

      I have never been a huge fan of libre, it feels really good but exactly when you need an advance feature for data wrangling it falls short every time or has bugs. I am all for euro office if they can deliver a good and usable alternative to MS office with backing of govt function.
    • Dell, HP PCs ran into endless reboot, BitLocker recovery loops but Windows 11 isn't to blame

      By grunger106 · Posted

      Go on, I'll bite. How does windows (nice comment on an 'article' which doesn't actually involve it ) lock users out of their data then? Been using it since 3.1 back in 92 and not once have I been locked out of my data? Perhaps you mean Bitlocker? In which case the average user (who doesn't mess about) will have been forced to use a MSA, and in which case the recovery key would have been saved to said account..... If the user did happen to bodge around and not use an MSA then Bitlocker wouldn't have become live (as it cannot without a safe place to store the key) I want to point out Bitlocker and MSA are not connected and you can of course force it on without a safe place to store the key, but you do that with your eyes open. So your standard consumer who knows no better sets up an MSA, gets bitlocker and a recovery key stored off box, with a route to reset their password. All of this notwithstanding the fact, if your data is important, you back it up, no ifs, no buts, no-ones responsibility other than your own. Important data lives in at least two locations, one of which is offline and recovery is tested, otherwise that data wasn't really that important. Disks, fail, laptops get lost, phones end up down the toilet, tablets get stolen, if your only copy of data is on a single device you're doing it wrong.
    • Apple unveils Siri AI, a "reimagined" version of SIri

      By excalpius · Posted

      Clearly that feature isn't for us. It's for the ad spam marketers so they can more directly target us about going to places we might want to go again...but without understanding context clues. Like for the flight someone took for a friend's funeral. We want to be reminded of that every time we open an app, a browser, or email, right? Right, Siri?
    • Is your Apple Watch supported? Check the watchOS 27 compatibility list

      By Aditya Tiwari · Posted

      Is your Apple Watch supported? Check the watchOS 27 compatibility list by Aditya Tiwari Apple kicked off WWDC 2026 with a ton of announcements, mostly centered around Apple Intelligence improvements, the Siri AI, and Liquid Glass updates. However, there is a lot of other stuff that couldn't catch the limelight. Let's talk about watchOS 27 and which models are supported by the newest operating system. According to the Cupertino giant, watchOS 27 will be supported on the following Apple Watch models when it arrives later this year: Apple Watch Ultra 3 Apple Watch Series 11 Apple Watch SE 3 Apple Watch Series 10 Apple Watch Ultra 2 It's a stark contrast with last year's watchOS 26 update, which had almost a dozen Apple Watch models in its list of supported devices. Apple supported models all the way back to Apple Watch Series 6. That said, if you own one of the five models, you'll need an iPhone 11 (or later) with iOS 27 to install the latest update. Yes, Apple has shown some extra love to the iPhone 11, and it old horse supports the iOS 27 update. watchOS 27 beta 1 is now available for developers and interested power users through the Apple Developer Program. So, if you're among those who like to play with fire, you can download it to your supported Apple Watch. Otherwise, the public beta for watchOS 27 will be available next month. The freshly baked Apple Watch update comes with Siri AI - an advanced, fully conversational version of Siri powered by Apple Intelligence due for later this year. A new dynamic app grid features icons for five Siri-suggested apps. You can use a new tap gesture to open a widget in the Smart Stack, and a new Find My app finally clears the mess of Find Devices, Find Items, and Find People on Apple Watch. Workout Buddy can run without an iPhone nearby and offers new insights based on data, including your progress for pace, distance, and workout duration. Apple improved its motion tracking algorithms to measure the distance of indoor treadmill runs and walks more precisely. Speaking of other changes, the music playback on watchOS 27 starts faster and you can create custom passes for any membership or card that uses a QR code or barcode, then easily access them in the Wallet app or pin in the Smart Stack.
    • Apple unveils Siri AI, a "reimagined" version of SIri

      By froggyliver · Posted

      "and pull old flight details from your email during back-and-forth conversations" The Siri I've become to know and trust. I've always wanted to pull info on old flights. /s

  • Recent Achievements

    • Very Popular
      Captain_Eric earned a badge
      Very Popular
    • One Month Later
      amusc earned a badge
      One Month Later
    • One Month Later
      DJC50PLUS earned a badge
      One Month Later
    • Week One Done
      DJC50PLUS earned a badge
      Week One Done
    • Proficient
      Eric Biran went up a rank
      Proficient

  • Popular Contributors

    1. 1
      +primortal
      500
    2. 2
      PsYcHoKiLLa
      229
    3. 3
      ATLien_0
      85
    4. 4
      Steven P.
      76
    5. 5
      +Edouard
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!