0161 726 5997 Info@FoxSecurity.co.uk

It’s been close to 18 months since the arrival of Windows 10.  In that time, Microsoft has (deservedly) received endless criticism to the new OS’s approach to user privacy.

Not much has changed since the release, with Microsoft sticking to its original policy regarding user privacy – i.e. it’s not changing.  Many technical folks have come up with a variety of solutions to the problem.  Some get very close to blocking Microsoft’s telemetry data from being sent back to HQ, but none are perfect.  The company has hardcoded many of the destinations into multiple components of the OS so blocking it is a much more involved matter than simply editing the hosts file.
But now there is a glimmer of hope that the company might be changing its stance on the issue.  It’s not because they have suddenly realised that user privacy is a great selling point or the morally correct thing to do. The real reason is because a Swiss data privacy watchdog has threatened to prosecute Microsoft for their alleged breaches of their laws with this constant uploading of telemetry data.  MS has stated that it will significantly alter the privacy settings, and the Swiss privacy body has announced that it is not going to take the matter any further.

So what are the changes that we’re going to see?

Well nothing is happening immediately, but the “Creators’ update”, which is the next major update for Windows 10 and is due in the next few months will integrate a new way of modifying the privacy settings so that users will get a much simpler interface for accessing and changing the information that is sent back to Redmond.

mew privacy settings

It still doesn’t fix the problem entirely.  While you’ll be able to switch off location-based ads and functionality, along with some of the speech recording aspects of Cortana, there will still me some information that cannot be disabled completely.

windows privacy 2

The lower level versions – Home and Pro will allow users to select “basic” and “full telemetry uploads, but Microsoft claim they are minimising the amount of data collected under “basic”.  It will still send details of drivers, installed apps, error reporting and internet connection quality.  It’s a shame that the company is still remaining quiet on what other details will be sent.  They are still using phrases referring to data that is “vital to the operation of Windows”, so it still could mean whatever they want it to mean in reality.

Businesses who need to adhere to confidentiality, integrity and availability requirements may have a hard time even after this change in justifying the use of Windows 10 if they still can’t disable the remote uploads of logging data.  Although MS have stated that it only uploads system information closely related to the issue at hand, there’s no reason why poor timing couldn’t mean that this crash data includes sensitive information such as passwords or encryption keys.

There are other alternatives if you’re still not happy with Microsoft’s offerings.  Many of these involve editing the registry or altering group policies using gpedit.msc.  There’s also a number of applications that aim to make these changes much simpler, although they vary significantly in quality.

One which is gaining a great deal of positive feedback at the moment is a free download from O&O software, called “Shutup10”.  It doesn’t need to be installed – it can be run directly and doesn’t include any hidden downloads in the installers.

 

Once running, it presents the user with an extensive list of settings which can be disabled or re-enabled:shutup 10 screenshot

There are options to apply all settings at once, or just the recommended privacy settings, but you will need to be careful with which ones are selected, as there could be unforeseen consequences, such as microphones/cameras not working in Skype.  Make sure that you create a system restore point before making any changes using this software, or you may find you’ve locked something down that wasn’t correctly understood at the time and it could prove difficult to revert back to normal.