do you use tools/utilities after a fresh windows 10/11 installation from scratch or an update ?

[binaryzero]

I haven't installed Windows without using a TS for more than a decade, plug in a network cable, boot with PXE, rockin' and rollin'...

Install media is rolled up monthly with the LCU, localised (with en-US being the backup locale), and the OneDrive installation file (C:\Windows\System32\OneDriveSetup.exe) updated to the latest enterprise build. Besides the things mention, the install media is otherwise stock, this process is automated.

TS applies the Windows image, drivers, and installs updates from WSUS\SUP (if media hasn't been updated with the LCU). Edge is updated to the latest stable build, and OneDrive is configured to install for all users (removing the AppData installs per user). The latest build of PowerShell 7 is installed, and Microsoft 365 Apps (Office, latest Current\Semi-Annual channel builds) is optionally installed if selected during the initial wizard (or added as a step in the TS). 

From the OS customisations perspective, the unattended file handles majority of the windows config (Company\user info, license, language locale, and a handful of other settings), the built-in Administrator account (SID 500) is disabled, and a local admin account (password either hardcoded or managed by Windows LAPS) is created. PowerShell 2 is disabled, and a handful of other hardening preferences are configured (some machines can be non-domain joined). Consumer experience is disabled, file extensions and drive list are enabled in Explorer. Otherwise group policy handles the rest of the config, i.e. RDP (servers\if required for workstations), firewall, security, taskbar preferences etc.

Overall if it's a basic PC build (i.e. no other applications, which can be installed during the TS or post-install) it takes about 20-25 minutes to complete (depending on the machine). Once at the login screen, it's ready to go. Clean and consistent, handy when you're deploying large amounts of machines, or single.

[goretsky Supervisor]

On 20/01/2024 at 03:13, cooky560 said:

Plenty of people legally have windows licenses in the EU, so they were sold somehow to those users!

However even if the GDPR thing was not an issue, it doesn't remove my point that your claim about the telemetry being anonymous and private is false, by virtue of the collection of device IDs and IP addresses.

Hello,

Please go back and very carefully read the first article I linked to in my December 29th post, in particular the fifth paragraph--it starts right under a heading labeled "1. Safety and Reliability" data.

Regards,

Aryeh Goretsky

[aphanic]

On 20/01/2024 at 14:03, binaryzero said:

[Deployment procedure]

Something tells me that's a bit over the top for OP 😅, but a good way to go about it at scale.

[cooky560 Veteran]

On 21/01/2024 at 07:44, goretsky said:

Hello,

Please go back and very carefully read the first article I linked to in my December 29th post, in particular the fifth paragraph--it starts right under a heading labeled "1. Safety and Reliability" data.

Regards,

Aryeh Goretsky

 

Perhaps I'm reading this wrong, but it says "We collect a limited amount of information to help us provide a secure and reliable experience. This includes data like an anonymous device ID, device type, and application crash data which Microsoft and our developer partners use to continuously improve application reliability."

A device ID combined with an IP is enough to identify the device, therefor it's not anonymous or private regardless of them adding the word "anonymous" to the front of it, if I say to you "we keep it anonymous by collecting your passort number, but not your name" it doesn't make it anonymous (While I'm aware this isn't what's happening here, I'm trying to give an example), it's enough for them to build a pattern of what particular device does, and therefor it's not anonymous. While the log itself might not include your account ID, there will somewhere (for example in sign in logs) be a log that links device ID, IP and Microsoft account, it would be trivial for Microsoft to link the data together, and I see no reason to believe they don't do this in the documentation provided here, or the more detailed stuff in the developer documentation. If you can find anywhere that Microsoft states that it either dumps these IDs before logging the data, or otherwise doesn't log my IP / device IDs people let me know, and I will then retract my comments.

This document also claims:

"3. Advertising Data We Don’t Collect
Unlike some other platforms, no matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you."

It also says that they don't analyse content for the purpose of selling ads, it doesn't mean they don't analyse it for other purposes. I'm sorry but since the Windows 8 days I've had no reason to trust Microsoft with my data,  data is their business model now. 

Which having read the terms of service and privacy for "new outlook" and it's "cloud sync" (which the user cannot opt out of) is simply untrue.

Edited January 21 by cooky560

[adrynalyne]

On 21/01/2024 at 04:33, cooky560 said:

A device ID combined with an IP is enough to identify the device

This is not PII nor does it violate GDPR. 
 

As for the rest:

I feel like you are operating more on what’s not said and making a conclusion from it. 

[puma1]

Any benefit you feel you get from using such "tools" is not worth the potential dangers you are introducing. 

[puma1]

On 21/01/2024 at 06:33, cooky560 said:

 

Perhaps I'm reading this wrong, but it says "We collect a limited amount of information to help us provide a secure and reliable experience. This includes data like an anonymous device ID, device type, and application crash data which Microsoft and our developer partners use to continuously improve application reliability."

A device ID combined with an IP is enough to identify the device, therefor it's not anonymous or private regardless of them adding the word "anonymous" to the front of it, if I say to you "we keep it anonymous by collecting your passort number, but not your name" it doesn't make it anonymous (While I'm aware this isn't what's happening here, I'm trying to give an example), it's enough for them to build a pattern of what particular device does, and therefor it's not anonymous. While the log itself might not include your account ID, there will somewhere (for example in sign in logs) be a log that links device ID, IP and Microsoft account, it would be trivial for Microsoft to link the data together, and I see no reason to believe they don't do this in the documentation provided here, or the more detailed stuff in the developer documentation. If you can find anywhere that Microsoft states that it either dumps these IDs before logging the data, or otherwise doesn't log my IP / device IDs people let me know, and I will then retract my comments.

This document also claims:

"3. Advertising Data We Don’t Collect
Unlike some other platforms, no matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you."

It also says that they don't analyse content for the purpose of selling ads, it doesn't mean they don't analyse it for other purposes. I'm sorry but since the Windows 8 days I've had no reason to trust Microsoft with my data,  data is their business model now. 

Which having read the terms of service and privacy for "new outlook" and it's "cloud sync" (which the user cannot opt out of) is simply untrue.

Why aren't you using something like Linux? That language you are reading doesn't mean anything unless you take them to court. They can (and many companies definitely have done and DO) whatever the F they want while having such language. You have no idea, and between the telemetries fully baked in on Windows 10 +, and all the other 3rd party apps, plug ins, browsers sending and receiving massive amounts of data about your machine..  IP and Device ID.. your thinking they rely on one identifier to see who you are or your machine. Theres massive amounts of metadata from your internet usage alone that allows any large entity to identify you and your machine completely without having to touch your machine directly. If your that concerned with your privacy, you literally are on the worst OS for this. Tell me you use Android next.  

[cooky560 Veteran]

On 21/01/2024 at 17:54, puma1 said:

Why aren't you using something like Linux? That language you are reading doesn't mean anything unless you take them to court. They can (and many companies definitely have done and DO) whatever the F they want while having such language. You have no idea, and between the telemetries fully baked in on Windows 10 +, and all the other 3rd party apps, plug ins, browsers sending and receiving massive amounts of data about your machine..  IP and Device ID.. your thinking they rely on one identifier to see who you are or your machine. Theres massive amounts of metadata from your internet usage alone that allows any large entity to identify you and your machine completely without having to touch your machine directly. If your that concerned with your privacy, you literally are on the worst OS for this. Tell me you use Android next.  

No I don't use Android, assumptions don't strengthen your comment at all. 

I am using Linux semi-regularly, however certain applications I use require Windows, and don't work too well in Wine, so for some tasks, I have to use Windows. I'm also aware that the mere act of being online isn't fantastic for avoiding telemetry, however I do take steps that I can to mitigate this.

However even if none of this was true, it doesn't change the fact that the claim collection from Windows telemetry is private and anonymous is false, which means you failed to dispute the only point of my post.

[puma1]

On 21/01/2024 at 17:03, cooky560 said:

No I don't use Android, assumptions don't strengthen your comment at all. 

I am using Linux semi-regularly, however certain applications I use require Windows, and don't work too well in Wine, so for some tasks, I have to use Windows. I'm also aware that the mere act of being online isn't fantastic for avoiding telemetry, however I do take steps that I can to mitigate this.

However even if none of this was true, it doesn't change the fact that the claim collection from Windows telemetry is private and anonymous is false, which means you failed to dispute the only point of my post.

I didn't want to dispute your post. I don't think you have to be fine combing their terms to know that w10 is data mining its users. Doesn't everyone know that?

[cooky560 Veteran]

On 22/01/2024 at 05:06, puma1 said:

I didn't want to dispute your post. I don't think you have to be fine combing their terms to know that w10 is data mining its users. Doesn't everyone know that?

They do, hence my querying the claim that the data was somehow anonymous and private. I would love to believe it's true, but I don't see any evidence of that either on the linked pages, or in the technical documentation

[goretsky Supervisor]

On 21/01/2024 at 04:33, cooky560 said:

 

Perhaps I'm reading this wrong, but it says "We collect a limited amount of information to help us provide a secure and reliable experience. This includes data like an anonymous device ID, device type, and application crash data which Microsoft and our developer partners use to continuously improve application reliability."

A device ID combined with an IP is enough to identify the device, therefor it's not anonymous or private regardless of them adding the word "anonymous" to the front of it, if I say to you "we keep it anonymous by collecting your passort number, but not your name" it doesn't make it anonymous (While I'm aware this isn't what's happening here, I'm trying to give an example), it's enough for them to build a pattern of what particular device does, and therefor it's not anonymous. While the log itself might not include your account ID, there will somewhere (for example in sign in logs) be a log that links device ID, IP and Microsoft account, it would be trivial for Microsoft to link the data together, and I see no reason to believe they don't do this in the documentation provided here, or the more detailed stuff in the developer documentation. If you can find anywhere that Microsoft states that it either dumps these IDs before logging the data, or otherwise doesn't log my IP / device IDs people let me know, and I will then retract my comments.

This document also claims:

"3. Advertising Data We Don’t Collect
Unlike some other platforms, no matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you."

It also says that they don't analyse content for the purpose of selling ads, it doesn't mean they don't analyse it for other purposes. I'm sorry but since the Windows 8 days I've had no reason to trust Microsoft with my data,  data is their business model now. 

Which having read the terms of service and privacy for "new outlook" and it's "cloud sync" (which the user cannot opt out of) is simply untrue.

Hello,

Microsoft has stated that the telemetry data is anonymized, and the DPAs which have investigated this seem to be satisfied with their anonymization practices.  There is no mention of IP addresses as part of their telemetry collection.

You have every right to be concerned about Microsoft's business practices, and seek out their competitors' offerings, and I suppose as one of their competitors I should somehow encourage that, but when it comes to collecting telemetry, it is far better for it to be anonymous than not.  Simply put, from a business perspective, the risks far outweigh any possible advantages to their business.

Trying to come up with scenarios that can apply simply because they don't exclude it is a rabbit hole.  Microsoft's telemetry collection makes no mention of storing telemetry data in a secret lunar base, either, for example.  Just because I can conceive that they might operate an off-planet data center does not mean that they are doing so.

Regards,

Aryeh Goretsky
 

[puma1]

On 22/01/2024 at 05:12, goretsky said:

Hello,

Microsoft has stated that the telemetry data is anonymized, and the DPAs which have investigated this seem to be satisfied with their anonymization practices.  There is no mention of IP addresses as part of their telemetry collection.

You have every right to be concerned about Microsoft's business practices, and seek out their competitors' offerings, and I suppose as one of their competitors I should somehow encourage that, but when it comes to collecting telemetry, it is far better for it to be anonymous than not.  Simply put, from a business perspective, the risks far outweigh any possible advantages to their business.

Trying to come up with scenarios that can apply simply because they don't exclude it is a rabbit hole.  Microsoft's telemetry collection makes no mention of storing telemetry data in a secret lunar base, either, for example.  Just because I can conceive that they might operate an off-planet data center does not mean that they are doing so.

Regards,

Aryeh Goretsky
 

Hi Aryeh, how so a competitor?

[adrynalyne]

On 22/01/2024 at 07:49, puma1 said:

Hi Aryeh, how so a competitor?

Pick a Linux distro, chromeOS, or macOS. Despite any misgivings one may have with them, and despite market share, they are competitors. 

[goretsky Supervisor]

On 22/01/2024 at 07:49, puma1 said:

Hi Aryeh, how so a competitor?

Hello,

Microsoft and my employer compete in the security software and services space.

Regards,

Aryeh Goretsky