Something I am currently researching in the hope I can delete any already gathered data pending a need to drop my evorim firewall for a few secondds in order to validate by 2023 turbotax (which has been changed from 2022 to apparently allow data to be sent to microsoft using some microsoft process I've not ferreted out yet.
---
http://hackmag.com/security/what-data-windows-10-sends-to-microsoft-and-how-to-make-it-stop/
What data Windows 10 sends to Microsoft and how to stop it
Written by hackmag
Since its rise Windows was a natural habitat for all kinds of malware. Now the OS itself seems to have become one big trojan. Right after being installed it starts acting weird. The data flows in rivers to dozens of servers belonging to Microsoft and its partner companies. We will try to look into complaints of espionage manners of Windows 10 and find out what data it sneaks and where it sends it.
WARNING!
All the information was obtained through author’s personal research and is published for educational purposes. Neither the editorial staff nor the the author bear any responsibility for any damage caused by the intervention in the OS performance.
Microsoft > NSA
The first reports of new Windows’ strange behavior have emerged as early as the technical preview was delivered. Windows 10 creates a considerable amount of internet traffic even if there are no web applications running whatsoever. At the time this issue was pinned on diagnostics and statistics collected for software debugging. Microsoft experimented on the new product’s operation with various configurations and users acted as beta-testers. Well, it seems quite sensible. Although, nothing has changed after the release: even more complaints have risen.
«This weekend we upgraded my 14-year-old son’s laptop from Windows 8 to Windows 10. Today I got a creepy-ass email from Microsoft titled ‘Weekly activity report for [my son]’, including which websites he’s visited, how many hours per day he’s used it, and how many minutes he used each of his favorite apps. I don’t want this. I have no desire to spy on my boy. Microsoft advised me to turn off activity reporting in my account’s Family section if I did not want to receive such e-mails. There was no such issue in Windows 8.» This quotation from an e-mail send to writer and activist Cory Doctorow by his friend was posted on Boing Boing blog. Many reviewers claim that user data is still being collected – regardless of the account preferences set otherwise. The only thing you can really turn off is the activity reporting itself, in other words you will not receive the e-mails.
pict-00_MS_W10-conf
It is remarkable that the Privacy Statement particularly declares the gathering of various information by certain means embedded into Windows 10. Of course the overwhelming majority of Windows users will not even skim through the document, and those few who will read it, might feel perplexed. This lengthy document is full of vaguely and intricately worded statements, that make it hard to recognize the changes in privacy policies that will occur after installing Windows 10. The answer is: you can simply forget about your privacy, you won’t have it anymore. Human rights activists are unison in the opinion that the system immediately starts to gather all data it can get hold of. The data is mostly of the following types.
Biometric data
Samples of voice and pronunciation of certain words;
samples of handwriting (via handwriting input);
text samples (typed in any application).
Geolocation data
Current location;
locations history including temporary location marks.
Technical data
Information on equipment including ID numbers of the devices;
information on networks joined both wireless and by cable;
telemetric data;
data from any built-in sensors.
Behavioral analysis
Web search history;
visited websites log;
Windows startup and shut down time;
startup and shutdown time of every application.
Purchasing activity
Applications downloaded from Windows Store;
clicking on contextual ads;
clicking on personalized ads.
The list can go on although the above is quite enough for our research. Running ahead, I should mention that not all the accusations against Windows 10 were proven true. For example, Czech news portal AE News claimed that OS sends images from the webcam to the Microsoft servers. Whereas during our test once we connected the webcam, the system only installed the drivers. We have detected no irrelevant or unauthorized actions with the camera at all.
Watching the watchman
There are plenty of tools a hacker can use to scrutinize any software. For our test we prepared a computer with an empty SSD, a virtual machine, Wireshark sniffer, an HTTP-proxy and Fiddler debugger, TCP View bandwidth monitoring tool, a registry snapshot tool and several auxiliary utilities. We preferred the versions that run without installation. Wireshark and Fiddler are the only applications that require installation so they were last to be put to use. Hence, the system remained virginal over the most part of the test. We have analyzed network traffic both with default Windows 10 settings and after gradually turning off all the “spying” features.
According to the official documents the user is spied by: Windows, its ever integrated search engine Bing, voice assistant Cortana, MSN services, Microsoft Office suite, cloud storage client OneDrive, Outlook, Skype, Silverlight and Xbox Live. You can read more about it on Microsoft website. Now let’s see how the information is gathered.
| 
