Your data wasn’t just at risk with Windows 10
It was bad enough that Windows 10 came with a whole host of privacy invading tracking software. Now we find out that Windows 7 and 8 are getting retroactive updates for these “features.”
Some of these updates are old – from back in early June. But now that Windows 10 is out and everyone knows how bad it is, experts are taking a closer look at what has been going into the older Microsoft operating systems.
In the recently released Windows 10, Microsoft introduced new Telemetry and Data Collection features which will not give you the option to opt out. These services are collecting various information about the software installed on your PC and even personal data stored on your computer. Microsoft claims they may not be used to personally identify you but no one is comfortable with this kind of shady data collection. This change has had a very negative impression on the Windows 10 OS. Now Microsoft has brought similar Telemetry and Data Collection features mainstream directly to Windows 7 and Windows 8 family of operating systems.
If you have Windows Update enabled in your Windows 7 or Windows 8, you might have noticed that a bunch of new updates are available for your operating system which add more telemetry and data collection services to your OS besides the one already present which you can opt out of. This is a notable change for all users who consider Windows versions prior to Windows 10 as relatively private and safe.
Once these updates are installed, Windows 7 and Windows 8 will start sending collected data using the HTTPS protocol to the following Microsoft servers:
- vortex-win.data.microsoft.com (IP Address = 220.127.116.11)
- settings-win.data.microsoft.com (IP Address = 18.104.22.168)
Another thing that’s out of your control is that the operating system ignores any lines you may have added to the HOSTS file, so you cannot block the IP addresses of those servers in the usual way. They are hardcoded into system files and cannot be turned off easily.
The following updates bring more thorough telemetry and data collecting features to your older operating systems:
- kb3068708 – Update for customer experience and diagnostic telemetry
- kb3022345 – Update for customer experience and diagnostic telemetry
- kb3075249 – Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
- kb3080149 – Update for customer experience and diagnostic telemetry
If you don’t wish to share any data whatsoever with Microsoft, you should not install these updates.
Why is this a Big Deal?
When you bought your Windows 7 OS so many years ago, did you know you were signing up for this? Do you know what data Microsoft is collecting from your machine and sending back? Given Microsoft’s history on security vulnerabilities, do you have confidence that such data will be kept secure? Do you have any confidence that your data isn’t going to a 3rd party for analysis, and that 3rd party is keeping your data secure.
How does this benefit you, anyway?
Note that Microsoft’s so-called “benefits” are never elaborated upon. That’s because the benefits are entirely Microsoft’s. Also note that ” you can select to start or stop participating at any time:”
Most programs make CEIP options available on the Help menu, although for some products, you might have to check settings, options, or preferences menus.
However that is little consolation when you consider that Microsoft can change the rules whenever they want, that they can change the default settings whenever they want (even if you turn this stuff off), and that the vast majority of people will never know to even check this stuff.
“Luckily” that same vast majority of people does not automatically update their software. So they will not likely receive these intrusive updates.
What You Can Do
As always, we have solutions! I think this is a case where you don’t just do one option. Try to implement as many as you can.
- Investigate another OS. Winaero recommends, “Due to such radical changes made by Microsoft in recent months, I think it’s not a bad idea to consider an alternative operating system for daily use. Personally, I already switched to Linux a few years ago after Microsoft started eliminating user choices from Windows. I have stuck with Arch Linux for a while.” There are other Linux solutions such as Ubuntu and RedHat, which are free! Although straightforward enough, the typical user might find installation overwhelming. If you are going to try this I highly recommend doing so on a clean hard drive instead of overwriting your existing Windows OS
- Do not install these update. This really applies to those who do not have automatic updates installed, which is a really bad idea because you will be missing out on so many security updates.
- If you already installed the updates, uninstall them:
- Go to Control Panel and search for Installed Updates
- In the new Installed Updates window search for each of the 4 updates listed above. If you find any, click the uninstall button:
- Some update uninstalls may require a reboot.
- Of course it’s not enough to uninstall because the update could just come right back. Go to Windows Update to see what’s coming up for install, right-click and Hide Update. Hiding it means it won’t be installed, not just removed from your view.
- Look for all 4. You can see I highlighted one, but there’s another one in the list I have to take care of
- Do this before and after you reboot.
- Block the IP addresses that receive your personal data. Microsoft was nice enough to tell us the names of the websites that they were using for data collection. I was nice enough to convert them to IP addresses for you. Here’s how to block those privacy-intruding, data-collecting Windows IP addresses in Windows Firewall:
- From Control Panel, search for Windows Firewall, then click on Advanced settings
- Select Outbound Rules, New Rule. Then click on Custom Rule and next yourself through to the screen that asks for IP addresses. Here you will specify the two remote IP addresses (not local) outlined above by clicking the Add button on the bottom half of the screen. On the next screen choose BLOCK THE CONNECTION
- Next yourself through here and make sure all 3 of these are checked, then give your new blocking rule a nice name on the next screen
Thanks to WinAero and GHack for the information!