Re: The Windows 10 New World Order
hello there
again, this time i'm back to shake the bars, of those who are fearful of what windows10 exactly collects. well. sit back, grab a cup a coffee. here comes a very nice long explanation of exactly what it collects.
this will help those who stumbles on this topic, to be even more fearful of windows. use it less. and to rant more.
and for those who uses it, and manages it, to sigh, and say. what a pain MS is becoming,
so lets all have a nice group hug. and have a good read. and a laugh. and say. well, these are the times.
smile.
this info is taken from microsofts web pages, and so it must be taken with a pinch of sault.
4, 3, 2, 1, lift off!
thank you for The Tech Report who brought this article together.
There are 4 telemetry levels which Windows 10 can be set to:
0) Security
1) Basic
2) Enhanced
3) Full
You set the level via Computer Configuration->Administrative Templates->Windows Components->Data Collection and Preview Builds->Allow Telemetry which you set to Enabled and choose the level. If you choose 0 on non-enterprise versions, it is equivalent to choosing 1.
The help in Group Policy Management Console says "[a] value of 0 indicates that no telemetry data from OS components is sent to Microsoft", which is obviously not saying "[a] value of 0 means that no telemetry data at all is sent to Microsoft" but might be read as such on a first glance at the long paragraph.
In regedit, it's HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection and a DWORD called DataCollection. It is set to 2 by default in Enterprise. Oddly, setting to 1 via the above Group Policy does not change this value, which I still have not got to the bottom of.
The levels:
0) Security: "gathers only telemetry info that’s required to keep Windows devices secure".
This collects "OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop)" and sends it to Microsoft, and in response receives a link and downloads its settings file from Microsoft’s servers. So a Windows install's telemetry settings is always under Microsoft's control, and is device specific. Microsoft knows the device ID.
If you use the Malicious Software Removal Tool (MSRT), its infection report will be sent and will contain information including device info and IP address.
If you use Windows Defender, it will get anti-malware signatures, and send diagnostic information, User Account Control settings, UEFI settings, and IP address.
Level 1, Basic, is required for Windows Update telemetry without which Windows Update will break. So even on Enterprise or future Server editions, unless you have WSUS or SCCM managing your updates (or want to run without updates, you need Basic telemetry or higher.
1) Basic: "gathers a limited set of info that’s critical for understanding the device and its configuration."
Required if you use Windows Update and want it to work. At the Security level, "Microsoft can’t tell whether an update successfully installed" so Windows Update will no doubt be broken.
Basic includes everything in Security level, and is designed "to identify problems that can occur on a particular device hardware or software configuration" e.g. "it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version."
It sends "basic" device info, including (but not limited to) camera resolution and display type, IE version, battery capacity and type, mobile operator network and IMEI number, CPU number of cores and speed, memory info, firmware info, number of drives, whether it's a VM.
It sends "the amount of time a connected standby device was able to fullsleep, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app."
It sends info "about how the telemetry client is functioning, including uploaded events, dropped events, and the last upload time."
It sends "a list of apps and Internet Explorer add-ons that are installed on a device" including "the app name, publisher, version, and basic details about which files have been blocked from usage", "a list of accessory devices, such as printers or external storage devices, that are connected to Windows PCs", and driver info.
It sends "Windows Store app downloads, installations, and updates, Store launches, page views, suspend and resumes, and obtaining licenses."
This is the minimum setable level for Windows 10 Home, Pro, Mobile, and effectively for Enterprise, Education, IoT Core or future Server editions with Windows Update enabled.
2) Enhanced: "gathers info about how Windows and apps are used and how they perform."
Enhanced includes everything in the Security and Basic levels, and is designed "to improve experiences by analyzing user interaction with the operating system and apps. Info from this level can be abstracted into patterns and trends that can help Microsoft determine future improvements."
This is the default, and per the above is analyzing what users do on a per-user and whole world basis.
It sends info about "[o]perating system events [...] including networking, Hyper-V, Cortana, and other components", "[o]perating system app events [...] resulting from Microsoft apps that were downloaded from the Store or pre-installed with Windows, including Photos, Mail, and Microsoft Edge and "events that are specific to certain devices, such as Surface Hub and Microsoft HoloLens."
Unless the user turns it off in Settings->Privacy, Enhanced enables Linguistic Data Collection which is designed "to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary" by sending for analysis your typing, stylus writing, and speech input.
Also at level 2, if, the telemetry client detects a problem" with anything on the Windows install that it decides "requires gathering more detailed instrumentation, then the telemetry client will only gather info about the events associated with the specific issue, for no more than 2 weeks."
"if, the operating system or an app crashes or hangs, Microsoft will gather the memory contents of the faulting process only at the time of the crash or hang", so any app crash at telemetry level 2 or above sends the full memory image back to Microsoft -- in my view, this one is particularly problematic w.r.t. web browsers or plugins.
3) Full: "gathers info necessary to identify and to help fix problems, following [an] approval process"
Full includes everything in the Security, Basic and Enhanced levels, and is designed to allow "Microsoft engineers [to] use the following capabilities to get the information" they need from a device to debug an issue.
All devices in the Windows Insider Program are automatically set to this level. WIP devices also "will send events that can show Microsoft how pre-release binaries and features are performing."
When telemetry reports a "device experiences problems that are difficult to identify or repeat using Microsoft’s internal testing", and a Microsoft engineer deems "additional info becomes necessary", they will make a "diagnostics request" to "Microsoft’s privacy governance team" and if approved they will have Microsoft's permission so can then:
• run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
• get registry keys.
• gather user content, such as documents, if they might have been the trigger for the issue.
_______________________________________________ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
