Windows 10 Privacy - Keylogger

[John.D]

If I wanted MS to snoop on me, they could rent out next door. Which arent gonna happen lol

 

[trag3dy]

It seems pretty simple to me.  How do you expect Cortana or learn or inking to get better if they don't record those things?  I understand your privacy concerns, but people want "better and easier".  It's that simple.  If you don't like it, don't use it.

I must have missed where they made it a law to use Windows 10...

Actually if I'm being honest I would uninstall Cortana completely if I could. It's probably the only feature of 10 that I don't actually like.

So really, I don't expect Cortana to learn anything about me.

[BajiRav]

This is why I am confused about the need for this feature. If you turn on Cortana I would expect certain amounts of privacy reduction as that is the nature of the feature, but this is separate from Cortana. This is recording your text and speech even with Cortana turned off. As I'm requested to enable Cortana after installation. Cortana isn't enabled by default, but this is.

No one said Microsoft wants your banking details, but they do want details. Irrespective of what Microsoft wants a system wide recording of keystrokes and voice data should be concerning to people. Even if Microsoft has no intention of doing "bad" things with the data (which I am sure they don't intend to do "bad" things) you're left wondering about the risks in face of the recent high profile hacking cases. Even ignoring the hacking scenario... I think it is a very large step in the wrong direction for MS to, by default, record such a wide berth of user data. The majority of users don't change the defaults and without them making use of things like Cortana this seems like a strong sign of how Microsoft intends to make back the "free" Windows 10 upgrade costs (by trying to rival Google in the ad revenue department due to their attempt at a richer profile of the user... Google gets search and browsing... Microsoft gets every typed and spoken word).

Since everyone keeps saying this isn't a keylogger... Please, enlighten me to the definition of a Keylogger... A keylogger doesn't have to be malicious, it just needs to record key strokes.

[Torolol]

I know this was an issue that came up many times during the Insider Preview stage and it was swatted down as a "Beta only" deal from Microsoft.

This was widely touted as not sticking around for RTM.

I obtained the RTM build from MSDN to install a tester VM and I am greeted with the same reality in Windows 10 RTM. Why is Microsoft recording typed text by default?

well...:

1. Current RTM atually sitll a 'Beta' and thus still keylogging by default.
2. Microsoft 'forgot' that promise to not keylogging at RTM by default.
3. Current version of Win 10 is not Beta anymore (point 1 is wrong), and Microsoft did not forget about it (point 2 is wrong), but deliberately decided to keep the keylogging activity by default. In this case Microsoft can longer be trusted.

Pick your poison.

[neo1911]

Some batch script was posted on MDL forums to disable keylogger and telemetry. I tried but the creator still needs to refine the script as it is not working correctly.

Edited July 31, 2015 by d5aqo

[Ryoken]

I like how everyone just thinks there's someone at Microsoft reading everything you type.. Seriously.. none of you are that interesting.. Not to mention that while it records keystrokes, that doesn't mean it sends them all, as is, or that they are stored in a way that has ANY way to access and read back exactly what you typed.

 

MS isn't after your Passwords, or bank account, or anything. They are after habbits. Thinks like developing URL and Word prediction. And this sort of stuff is not new, it's been a part of every Windows OS since XP to various degrees. 

 

Of all the security concerns in the world today, this is SO far down the list it's silly. You should be more worried about your bank keeping all their Passwords in Paintext in the DB and stuff like that, which is far more likely to come back to haunt you, then MS taking over the world with their keylogger that doesn't do what you think it does.

[neo1911]

I like how everyone just thinks there's someone at Microsoft reading everything you type.. Seriously.. none of you are that interesting.. Not to mention that while it records keystrokes, that doesn't mean it sends them all, as is, or that they are stored in a way that has ANY way to access and read back exactly what you typed.

MS isn't after your Passwords, or bank account, or anything. They are after habbits. Thinks like developing URL and Word prediction. And this sort of stuff is not new, it's been a part of every Windows OS since XP to various degrees. 

Of all the security concerns in the world today, this is SO far down the list it's silly. You should be more worried about your bank keeping all their Passwords in Paintext in the DB and stuff like that, which is far more likely to come back to haunt you, then MS taking over the world with their keylogger that doesn't do what you think it does.

Microsoft themselves may not use it. But they make some significant amount of money by selling all your info to third parties. So all your personal data is passed on to several more companies. You get more advertising, you get more spam. You might even also start getting spam calls on your registered mobile number.

[Osiris]

Some batch script was posted on MDL forums to disable keylogger and telemetry. I tried but the creator still needs to refine the script as it is not working correctly.

Keep us posted on when its good to go

[neo1911]

Here is the text to create a batch file.

Copy the quoted text in to notepad and save it as Disable-Telemetry.bat file (Selecting save type as All Files)

@echo off


title Disable/Enable Windows Telemetry
color 1f
:Begin UAC check and Auto-Elevate Permissions
:-------------------------------------
REM  --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"


REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
echo:
echo   Requesting Administrative Privileges...
echo   Press YES in UAC Prompt to Continue
echo:


    goto UACPrompt
) else ( goto gotAdmin )


:UACPrompt
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"


    "%temp%\getadmin.vbs"
    exit /B


:gotAdmin
    if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
    pushd "%CD%"
    CD /D "%~dp0"
:--------------------------------------


:Check the key:
(reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry"|find /i "0x0")>NUL 2>NUL
if %errorlevel% NEQ 0 GOTO :KEYOFF


:KEYON
echo ============================================================
echo Windows Telemetry currently disabled.
echo Would you like to re-enable it? (Y/N)
echo ============================================================
echo.
choice /c yn /n
If %ERRORLEVEL% NEQ 1 GOTO :QUIT


Echo Deleting Telemetry Registry key
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /F>NUL 2>NUL
IF %ERRORLEVEL% NEQ 0 GOTO :ERROR
Echo.


Echo Windows Telemetry enabled
Echo.
goto :QUIT




:KEYOFF
echo ============================================================
echo Windows Telemetry is currently enabled.
echo Would you like to disable it? (Y/N)
echo ============================================================
echo.
choice /c yn /n
If %ERRORLEVEL% NEQ 1 GOTO :QUIT


Echo Changing Registry key
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry">NUL 2>NUL
if %errorlevel% equ 1 REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /F>NUL 2>NUL
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /D 0 /T REG_DWORD /F>NUL 2>NUL
IF %ERRORLEVEL% NEQ 0 GOTO :ERROR
Echo.


Echo Windows Telemetry disabled
Echo.
goto :QUIT




:QUIT
echo ============================================================
echo Press any key to exit...
echo ============================================================
pause>NUL
goto :EOF


:ERROR
echo ============================================================
echo The script ran into an unexpected error setting reg key.
echo Press any key to exit...
echo ============================================================
pause>NUL
goto :EOF

 

Run it as an administrator.

If telemetry is running, it will ask you to disable it. If it is already disabled, it will ask you to enable it.

The choice is yours.

Thanks to MDL member murphy78 for his work.

 

Edit: This tweak is almost same as the one posted on 1st page of the topic by me. Even though the telemetry comes up as disabled, it is hard to prove that it has actually been disabled.

More testing needs to be done.

[+Asmodai MVC]

So is this suggesting that the method on the first page (of this thread) doesn't properly disable the data collection? or is it suggesting that turning it off via the GPE only does nothing unless you are on an enterprise version?

Neither the UI options nor using GPE COMPLETELY disable sending telemetry data to Microsoft on non-Enterprise versions of the OS.  I wouldn't say the settings do nothing as they do reduce the amount of telemetry data sent but they do not completely disable it.

[f0rk_b0mb]

So how come you're on Neowin? I mean, your data is on their computers after all...

Because Neowin (or any website i regular) is not sending data behind my back to the mothership.  

[Ian W]

Even though the telemetry comes up as disabled, it is hard to prove that it has actually been disabled.

Could the same not be said about telemetry in previous versions of Windows? Why do we feel the need to venture into conspiracy territory?

[neo1911]

Could the same not be said about telemetry in previous versions of Windows? Why do we feel the need to venture into conspiracy territory?

Previous versions of Windows used to gather data anonymously and I remember Microsoft explicitly stating that the data collected was anonymous and not used to identify you.

But now Microsoft has seen how much revenue can be generated by having every information of their users down to the last keystroke. They also mention that they will profile you based on your data. (I hate this bull$*** reason that we profile you to give you richer ads and improve our software)

Collecting data while under public preview is OK. But collecting it forever from unsuspecting gullible users is EVIL.

Now I put Microsoft under same category as Google and Apple. Just private info greedy corporations who will collect all the data they want. They will tell you that it would be used to improve customer experence. But in the end they will design their OS in such a way that every tap every click would be designed to extract money from you. The whole OS would transition itself into one giant pile of IAP.

[Noir Angel]

Try this as a batch file. Worked for me

sc delete DiagTrack
sc delete dmwappushservice
cd C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger
echo "" > AutoLogger-Diagtrack-Listener.etl 
cacls  AutoLogger-Diagtrack-Listener.etl  /d SYSTEM
pause

Data collection: I'm cool with.

Reading the contents of my files and sending them back to Microsoft. Yeah, that I'm not cool with.

[vcfan]

Microsoft should also include a free tinfoil hat with every free upgrade of windows 10

[chrisj1968]

This seems to be strictly directed at the enterprise edition. I've tried to use the .reg script on page 2 and got an error message that it doesn't exist in a script of some sort. Home might be different in some way.

 

scratch that. the batch file listed above does work in shutting down telemetry. even on home edition

[farmeunit]

I'm pretty sure they don't need to know what's on my calender to make the OS better.

They do to help predict what you're doing next in your day and to have it show up certain places for you automatically.

Similar to Google Now, it know when I go to work and come home so it can help me navigate routes or tell me traffic.  If they're going cross-platform, this functionality will carry over to phones, etc., where this becomes important.  They're not just telling you have have an appointment, they're telling you how to get there, the weather, surrounding places of interest, etc..

[Raa]

Because Neowin (or any website i regular) is not sending data behind my back to the mothership.  

Okay, let's take paranoia to the extreme for a second. And how do you know they aren't?

 

[adrynalyne]

Because Neowin (or any website i regular) is not sending data behind my back to the mothership.  

That you know of.

[neo1911]

They do to help predict what you're doing next in your day and to have it show up certain places for you automatically.

Similar to Google Now, it know when I go to work and come home so it can help me navigate routes or tell me traffic.  If they're going cross-platform, this functionality will carry over to phones, etc., where this becomes important.  They're not just telling you have have an appointment, they're telling you how to get there, the weather, surrounding places of interest, etc..

I am tired of Companies trying to get my info to spoonfeed me what it thinks I should do. Slowly and slowly in future, we will become so lazy to even think what to do next unless prompted by our mobiles.

[Kelxin]

I like how everyone just thinks there's someone at Microsoft reading everything you type.. Seriously.. none of you are that interesting.. Not to mention that while it records keystrokes, that doesn't mean it sends them all, as is, or that they are stored in a way that has ANY way to access and read back exactly what you typed.

 

MS isn't after your Passwords, or bank account, or anything. They are after habbits. Thinks like developing URL and Word prediction. And this sort of stuff is not new, it's been a part of every Windows OS since XP to various degrees. 

 

Of all the security concerns in the world today, this is SO far down the list it's silly. You should be more worried about your bank keeping all their Passwords in Paintext in the DB and stuff like that, which is far more likely to come back to haunt you, then MS taking over the world with their keylogger that doesn't do what you think it does.

Is it fun having your head in the sand?

 

Lets break it down like this.   They're collecting data.   We know this because they've said it.   What data are they collecting?  No one knows.  How are they storing it?  No one knows.   How is it transferred?  (Encrypted / clear text?)  No one knows.  Who has access to those files / data stream?   No one knows.   Considering even hacking companies are getting the living crap hacked out of them and all of their personal data spread all over the internet, do you really want Microsoft to take your data and put it as low hanging fruit for some script kiddie to blow into an SQL database and bulk grab EVERYTHING about you and do bulk searches for anything interesting such as login details or credit card numbers?

 

When this boils down, it should be a CLEAR and UP FRONT CHOICE.   Anything beyond that from Google, Apple OR Microsoft in my opinion is down right shady!  (Like Apple storing images / data AFTER they've said they've deleted it, or Google backing up your photos and data after you've completely uninstalled the application that was supposed to do it.)

 

At least when my bank keeps my login details in plain text they're FDIC insured!  When Microsoft stores my bank details in plain text, who's going to fraud protect that?  Beyond that, we've also seen that companies only cough up the fact that they've been breached after someone else points it out.

[adrynalyne]

Is it fun having your head in the sand?

 

Lets break it down like this.   They're collecting data.   We know this because they've said it.   What data are they collecting?  No one knows.  How are they storing it?  No one knows.   How is it transferred?  (Encrypted / clear text?)  No one knows.  Who has access to those files / data stream?   No one knows.   Considering even hacking companies are getting the living crap hacked out of them and all of their personal data spread all over the internet, do you really want Microsoft to take your data and put it as low hanging fruit for some script kiddie to blow into an SQL database and bulk grab EVERYTHING about you and do bulk searches for anything interesting such as login details or credit card numbers?

 

When this boils down, it should be a CLEAR and UP FRONT CHOICE.   Anything beyond that from Google, Apple OR Microsoft in my opinion is down right shady!  (Like Apple storing images / data AFTER they've said they've deleted it, or Google backing up your photos and data after you've completely uninstalled the application that was supposed to do it.)

 

At least when my bank keeps my login details in plain text they're FDIC insured!  When Microsoft stores my bank details in plain text, who's going to fraud protect that?  Beyond that, we've also seen that companies only cough up the fact that they've been breached after someone else points it out.

It is a clear and upfront choice.  Don't choose Express Settings when installing Windows.  

The court of Neowin has already convicted Microsoft of mishandling data and getting hacked, all before it has actually happened.

[Kelxin]

It is a clear and upfront choice.  Don't choose Express Settings when installing Windows.  

NO.  This is the head in the sand approach!  

I did a custom install, turned off ALL of those settings, then went to Start ->  Settings -> Feedback & Diagnostics and it was still set to Automatic (Recommended) and Enhanced.

 

The only way that I've found to actually disable this completely is to add this registry key: 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
"AllowTelemetry"=dword:00000000

and run run this to disable and stop two services:

sc config "DiagTrack" start= disabled
sc stop "DiagTrack"
sc config "dmwappushservice" start= disabled
sc stop "dmwappushservice"

[neo1911]

I am baffled how few members have given their soul to Microsoft on a silver platter and believe whatever Microsoft does is for their own good. 

But on the other hand, some members are also displaying critical thinking qualities. 

Right now few experts at MDL are still testing whether the above batch script disabled telemetry completely or not. We will know in a few days.

[adrynalyne]

I am baffled how few members have given their soul to Microsoft on a silver platter and believe whatever Microsoft does is for their own good. 

But on the other hand, some members are also displaying critical thinking qualities. 

Right now few experts at MDL are still testing whether the above batch script disabled telemetry completely or not. We will know in a few days.

Do you have Windows 10 installed?

 

If so, this is all very hypocritical.