Microsoft strikes again, flags anti-telemetry HOST file changes as malware

Microsoft does not have a great record when it comes to data collection. Starting with the release of Windows 10, when they insisted that they needed to collect essentially every possible kind of metadata from users in the name of maintaining the platform, only to later admit that at least half of that data collection wasn't necessary after all, Microsoft's built-in telemetry has been a pain point for privacy-conscious users for years.

Windows 10's telemetry system was a major contributor to the slow uptake of Windows 10, and Microsoft's later decision to add the same telemetry, retroactively, to Windows 8 and 7 as well was even harder to defend; neither older OS, after all, needed to be maintained in perpetuity the way Windows 10 did, and both were mature OSes and much more stable to begin with, so why did they need to harvest users' metadata? I'd still like to know; Microsoft never explained.

Naturally, Windows users generally, and Windows 7 users in particular, started looking for workarounds for Redmond's telemetry bullshit. Third party applications like Spybot's Anti-Beacon, or O&O ShutUp10, began to proliferate, turning off telemetry for users that cared enough to take steps to do so; meanwhile, Microsoft continued to ignore calls by data privacy advocates and activists to turn off the telemetry, or at least to allow all of their users to opt out.

Late last week, Microsoft finally responded. As reported by bleeping computer:

Since the end of July, Windows 10 users began reporting that Windows Defender had started detecting modified HOSTS files as a 'SettingsModifier:Win32/HostsFileHijack' threat.

When detected, if a user clicks on the 'See details' option, they will simply be shown that they are affected by a 'Settings Modifier' threat and has 'potentially unwanted behavior,' [...] it seems that Microsoft had recently updated their Microsoft Defender definitions to detect when their servers were added to the HOSTS file.

Users who utilize HOSTS files to block Windows 10 telemetry suddenly caused them to see the HOSTS file hijack detection.

I can attest to this not being restricted to Windows 10, or to Windows Defender; Microsft Security Essentials running on Windows 7 started exhibiting this same behaviour on my own system last Wednesday. Apparently, having already paid for the privilege of using Windows 7 or 8 is not enough; we're now expected to pay again, by allowing Microsoft to harvest our metadata, even though the operating systems themselves are either out-of-service, or approaching end-of-service.

So, what's a Windows 7 or 8 user to do? Well... personally, I switched to Linux.

Specifically, I switched to Pop!_OS, which seemed well-aligned with my game-centric use case. And while it's been a bit of a learning curve, I have to say that the experience of switching to Pop!_OS in 2020 was far less painful than my attempt to switch to Ubuntu in 2019. I won't say that it's been flawless, but it's been nearly flawless, and I won't be switching back.

Good job, Microsoft! You've finally manage to make using your products so unattractive that even a procrastinator like me has finally pulled the rip cord, and bailed on you. Sayonara, and good riddance!

If you're still on an older version of Windows, and wondering what to do next, I cannot recommend strongly enough that you make the shift to Linux. Don't accept an OS that acts like malware, or a giant corporate overlord who never listens to your concerns, and who does not care if you stay or go. Installing your new OS takes only minutes -- a far cry from my last Windows 7 install, which took hours, and even then needed me to install ethernet and graphics card drivers separately, along with hours' worth of updates, and OMG why didn't I do this years ago?

Time saved during OS installation leaves lots of time to acclimatize yourself to the new OS environment... which will still leave you lots of time to actually get back to using your PC. Seriously, I don't have a single regret, and I don't think you will, either. Give it a shot; you've got nothing to lose, except Microsoft's baggage.

In a long overdue move, Microsoft might finally tell you what data they're collecting, and let you delete it, in Windows 10

File this one under "It's about fucking time, Microsoft." As reported by TechRadar:

In a move that will certainly please privacy-conscious users, it seems that Microsoft is about to introduce the ability to view and delete the telemetry data that Windows 10 collects, according to new options that have popped up in the operating system’s latest preview builds.

[...]

Last April, after taking what seemed like endless heat on the issue, Microsoft clarified what personal data Windows 10 collects on a basic level (the minimum amount of telemetry data you can elect to send).

But as Ghacks spotted, the most recent preview builds of Windows 10 (released this month and last month) have a pair of new options at the bottom of the Diagnostics & Feedback screen: ‘Diagnostic data viewer’ and ‘Delete diagnostic data’.

At the moment, these are merely placeholders which don’t function or do anything when clicked, but hopefully they will be live for those testing Windows 10 soon enough.

As a result, it’s not clear exactly what their function is at this point, but it seems obvious enough: the former should allow the user to fully view all the diagnostic data being collected on their system, and the latter should facilitate its deletion.

It's important to note that Microsoft haven't announced anything about this themselves, yet, and nobody's seen this feature in action, either, so there's a lot of assumptions in this report. In particular, there's no indication yet whether this functionality would be available to all Windows 10 users, or whether Microsoft might end up restricting it to high-priced SKUs of the OS, as they've previously done with tools like the Group Policy Editor, or the ability to turn off the "Microsoft Consumer Experience."

Still, assuming that Windows 10 Home users get access to these tools, too, it could be a long-overdue addition to the privacy and personal information management tools that the OS should always have included. Honestly, giving users a greater degree of control over Windows 10's telemetry bullshit is the kind of thing that might have convinced me to switch, had they done it back when switching was still a free upgrade.

Now, of course, upgrading will cost extra, which means that I still won't be switching until the time comes to buy a new PC... which won't happen for me until AMD releases new, Spectre-free CPU designs, which is about the only "feature" that I'd really consider switching PCs to obtain (and, no, I'm not even considering switching to Intel). In the meantime, regardless of which version of Windows you're running, you should still be running an anti-telemetry application like SpyBot's Anti-Beacon as well. Don't forget, Microsoft's telemetry bullshit isn't restricted to Windows 10 anymore.

Windows 10 breaches Dutch data protection law

I had a feeling that Microsoft's anti-consumer data collection bullshit wasn't done getting them into trouble with European regulators, but I'll admit that I wasn't expecting the next chapter in that story to come out of the Netherlands.

As reported by ZDNet's David Meyer:

Microsoft breaches the Dutch data protection law in the way it processes the personal data of people using the Windows 10 operating system, the country's data protection agency has said.

On Friday, Dutch data protection authority (DPA) the Autoriteir Persoonsgegevens said that Microsoft doesn't tell Windows 10 Home and Pro users which personal data it collects and why. It also said the firm makes it impossible for users to give their valid consent to their personal data being processed, due to the multiple ways in which that data might subsequently be used.

The data watchdog added that Microsoft "does not clearly inform users that it continuously collects personal data about the usage of apps and web surfing behaviour through its web browser Edge, when the default settings are used".

"It turns out that Microsoft's operating system follows about every step you take on your computer. That results in an intrusive profile of yourself," said Wilbert Tomesen, the regulator's vice-chairman. "What does that mean? Do people know about this, do they want this? Microsoft needs to give users a fair opportunity to decide about this themselves."

The issue, naturally, is telemetry.

While Microsoft offers users an overview of the categories of data that it collects through basic telemetry, it only informs people in a general way, with examples, about the categories of personal data it collects through full telemetry, the regulator said.

"The way Microsoft collects data at the full telemetry level is unpredictable. Microsoft can use the collected data for the various purposes, described in a very general way. Through this combination of purposes and the lack of transparency Microsoft cannot obtain a legal ground, such as consent, for the processing of data," it said.

It's hard to say exactly what effect this will have. When France's data watchdog had issues with Windows 10, Microsoft was able to find a bare-minimum level of compliance which resulted in a closed file, and mostly cosmetic changes to Windows' telemetry, an outcome that they're clearly hoping to replicate (ZDNet's piece quotes Microsoft Windows privacy officer Marisa Rogers as prioritizing compliance with the Dutch data protection law, while sharing "specific concerns with the Dutch DPA about the accuracy of some of its findings and conclusions"), so it could be that very little will actually change this time, either.

But with Windows 10 still struggling to win converts, and signs that Windows 7 users are leaving Windows entirely, for Linux, it's hardly good news for Microsoft that Windows 10's data collection and privacy issues are once again back in the news. They'd clearly hoped that this issue would go away, but since they haven't actually fixed the problem, that may be unlikely.

Hey, Microsoft! Do you want to know what will make this problem go away, completely, and forever? Let people turn the telemetry completely off. If telemetry is opt-in, rather than can't-really-opt-out-but-there's-a-lower-level-of-intrusiveness-available-you-pussies, people will stop complaining about the telemetry system. You might even win some converts amongst dug-in Windows 7 users (no promises, though - those folks have dug in pretty deeply).

Oh, and before I forget.... If you're reading this, then you should be running Spybot's Anti-Beacon, or something similar. Don't forget that Microsoft retconned this telemetry bullshit into Windows 7 and 8/8.1, too, so you should be taking steps to protect your own privacy, regardless of which Windows version you use. Microsoft sure as shit aren't going to.

Microsoft finally reveal what data they're collecting with Windows 10.

From the "It's about fucking time" file: Microsoft, openly admitting that they're feeling the heat on privacy issues, especially in the EU, have finally let us know what data they're collecting via Windows 10's telemetry system... and, presumably, via Windows 7's and 8's telemetry systems as well, since telemetry was retconned into to both older operating systems late last year.

As you might expect, there's lots of coverage on this one; the announcement itself is here, and well worth reading if you want all the details on Microsoft's revamped data collection policies. Important as the details of the policy itself are, though, the reaction that Microsoft are getting with this disclosure may well be just as important, if not more important, to the future of Windows 10 and Microsoft as a whole.

Microsoft's announcement is a little dry, though, and Tom's Hardware has a pretty good summary of the changes:

Privacy concerns have plagued Windows 10 for a while. Microsoft previously encouraged you to share information when you got started with the operating system, and when the Anniversary Update debuted in August 2016, it removed the ability to easily disable the Cortana virtual assistant. You could still control what it could access--ranging from your emails and installed apps to your speech and location data--but not turn it off.

That problem remains in the Creators Update. Now, though, Microsoft requires you to set each individual setting before you get started, which means its data collection should come as less of a surprise, and the company has worked to reduce the amount of information it collects. These reductions are particularly noticeable in regard to diagnostic info, as Windows and Devices Group EVP Terry Myerson explained in the blog post:

Aside from sharing new information to inform your choices, our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure. We looked closely at how we use this diagnostic data and strengthened our commitment to minimize data collection at the Basic level. As a result, we have reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level.

[...] The Creators Update will also make it easier to figure out what each setting does. Why does Microsoft want you to provide your location, enable speech recognition, and let it use your data to offer "tailored experiences" and targeted ads? Right now that isn't clear, but this update will offer more details about each item and provide a "Learn more" link that lets you get even more information about how the settings affect your privacy.

This is the kind of transparency that users have been asking for ever since Windows 10 rolled out nearly a year and a half ago. If Microsoft had been willing to tell people what data they were collecting, why they were collecting it, where they were sending it, when they were sharing it, and who they were sharing it with, back before the GWX campaign descended into the depths of deceit and coercion that saw Microsoft installing Windows 10 on PCs whose users had clearly declined... well, it might have been enough.

Now, though? With Windows 7 at nearly 50% of the PC OS market, and growing in popularity, I think it's safe to say that the relationship of trust that would leave users disposed to believe Microsoft's claim here, i.e. that basic data collection was necessary to Windows 10's maintenance, has been largely eroded, especially with those users who are dug in with Windows 7 and not planning to upgrade anytime soon, if ever. Especially since data collection isn't actually necessary to maintaining a PC's OS. As PC Gamer put it:

Savvy users would disagree that a system can't be secure without sending usage data back to Microsoft. In that regard, today's announcement isn't going to wash away the waves of criticism Microsoft faces over privacy, but at least the company is being much more transparent.

It doesn't help that Microsoft are doing this only after EU regulators demanded it, either. From TechRadar:

As you may be aware, with the Creators Update, Microsoft has already made some big changes to Windows 10’s installation process, highlighting privacy settings more clearly, and giving the user simple sliders to turn off elements such as usage of location data or targeted ads.

[...] Despite this move, back in February, EU data protection bigwigs told Microsoft it still wasn’t doing enough with privacy, and that the company needed to clearly explain what kinds of personal data are processed, and to what end.

And this blog post is a direct reaction to that demand, as Myerson notes: “This feedback – in line with the feedback we have received from the European Union’s Article 29 Working Party and national data protection authorities that have specifically engaged us on Windows 10 – was essential for Microsoft to identify and implement improvements in our privacy practices.”

In short, Microsoft didn't do this because users demanded it; if users' feedback was the critical ingredient here, these changes would have happened at least as early as the Anniversary Update, if not sooner. No, Microsoft did this because EU regulators forced them to. Kudos to them for finally making these obviously necessary changes, but this isn't some sort of principled stance on users' privacy; if it was, Microsoft would be allowing users to turn the data collection off completely.

Or, as Computerworld puts it:

"The Windows 10 Creators Update is a significant step forward, but by no means the end of our journey.” [Microsoft’s Windows and Devices Group Privacy Officer Marisa] Rogers added, “In future updates, we will continue to refine our approach and implement your feedback about data collection and privacy controls.”

Hey, Microsoft, how about an option for “none” when it comes to data collection?

Of course, users willing to install a third-party program like SpyBot's Anti-Beacon can turn the data collection off completely, but third-party solutions shouldn't be necessary here; your PC's operating system should not behave like malware, or require anti-malware to keep it in check.

I don't know whether these changes will be enough to kick-start Windows 10's stalled growth; these privacy changes are definitely the most-requested and most impactful changes in the Creators Update. I suspect that Windows 7's "dug in" user base isn't going to be won over by this belated ¾-measure; until Microsoft give users the option to turn off data collection entirely, I suspect that Windows 10 will stay stagnant, while Windows 7 continues to thrive. If that's so, then it's possible that Microsoft will still find their way to Jesus, so to speak, on the Windows 10 issues that users have been most vocal about.

Reminder: Windows 10 has serious privacy issues

In addition to being stuffed with a wide range of privacy problems, one of Windows 10's more off-putting "features" was the fact that you couldn't control when it updated itself, and what it installed in the process, and would even reset your privacy settings back to Microsoft's default settings, as demonstrated in videos like this one:

Apparently there are some people who didn't get that memo, though, because I'm still seeing "news" stories like this one, from PC World:

Last night, I finally upgraded my main PC to Windows 10’s major Anniversary Update. I’d been putting it off because of the devastating webcam bug introduced in the Anniversary Update—a deal-breaker for me—but now that a registry hack remedy’s surfaced ahead of an official fix, the allure of Forza Horizon 3 proved too great. So I finally forced the update. Sure, having to practically reinstall your entire OS is a headache, and it rendered my file-packed PC unusable for hours, but the process went smoothly enough.

This morning, I sat down with a fresh cup of coffee, ready to sling words while Forzadownloads in the background. And that’s when I saw it pop up on my screen.

A “Get Office” notification.

What. The. Hell.

It’s no secret that Windows 10’s stuffed with revenue-generating hooks for Microsoft, but I find the idea of a paid-for operating system shoving straight-up ads in my face distasteful, and disabled the Get Office ads and every other ad-related setting months ago. After a bit of poking and prodding, I discovered that beyond reinstalling the Get Office app that surfaces those notifications, the Anniversary Update also re-enabled Start menu and lock screen ads, essentially tossing my explicit choice to disable them out the window. And it did so without consent or even a notice that these changes were happening in the background.

Funnily enough, several other customizations I’d made to the Windows 10—from disabling ad tracking in Windows Store apps to tweaking the BitTorrent-like distribution of updates to my wallpaper—remained intact after the upgrade. As far as I can tell with a quick perusal, these ad-pushing settings are the only ones that changed when I installed the Windows 10 Anniversary Update.

Not cool, Microsoft. Not cool.

No, Brad Chacos, it's not cool. It's also not new, and it's something that people like you were supposed to be reporting on, during Microsoft's big GWX push.

Seriously, this kind of horseshit is why I refused to switch to Windows 10, even when it was being given away for "free." Of course, Windows 10 Home was never truly free, no matter what Microsoft said at the time. Remember, if you're not paying for it, then you're not the customer -- you're the product being sold.

Bottom line: if you're running Windows, then you should be running Spybot Anti-Beacon. That doesn't just apply for Windows 10, either; Microsoft has added their "telemetry" crap to earlier versions of Windows, too, which is why I recommend Spybot's Anti-Beacon over options like O&O ShutUp10 -- ShutUp10 only runs on Windows 10, while Anti-Beacon runs on Windows 7 & 8, as well. Microsoft has proved, beyond any doubt at all, that they cannot be trusted to respect your privacy, or to respect your clearly-expressed wishes on the subject of privacy, so take the steps to defend yourself.

Turn off the ads in Windows 10

Thanks, Cybershack:

How to disable ads on the Windows 10 lock screen
Disabling ads on the Windows 10 lock screen simple requires you to disable a setting called Windows Spotlight. You can find this by following the steps below.

1. Open the start menu and open the Settings app
2. Select "Personalisation"
3. Select "lock screen" from the menu on the side
4. Under background, change "Windows Spotlight" to either "picture" or "slideshow"
5. Toggle "get fun facts, tips, tricks and more on your lock screen" to off

How to disable ads in the Windows 10 start menu
Windows 10 will occasionally show "suggested" apps in your start menu. Once again, these are fairly easy to get rid of.

1. Open the start menu and open the Settings app
2. Select "Personalisation"
3. Select "start menu" from the menu on the side
4. Toggle "occasionally show suggestions in Start" to off

How stop Windows 10 tracking you for targeted ads
This is a bit more ominous than it sounds, but Windows 10 is able to track your usage across apps you've gotten from the Windows Store. This information is then used to provide you with more personalised ads in other apps. If you want to switch this off, you can do this be following the steps below.

1. Open the start menu and open the Settings app
2. Select "Privacy"
3. Toggle "let apps use my advertising ID for experiences across apps" to off

Don't forget to install SpyBot Anti-Beacon, too, and update it frequently, and make sure you check your privacy settings after each Windows Update, since Windows 10 can (and will) add new privacy settings and reset your existing privacy settings, all without notifying you or asking your permission.

Microsoft now straight up trolling on Windows 10 updates.

Seriously, WTF?

Microsoft has faced criticism for changing the pop-up box encouraging Windows users to upgrade to Windows 10.

 

Clicking the red cross on the right hand corner of the pop-up box now activates the upgrade instead of closing the box. And this has caused confusion as typically clicking a red cross closes a pop-up notification.

So, just to recap, your options when told that it's time to upgrade are now:

1. "Upgrade now," which starts the upgrade right away; 
2. "OK," which schedules the upgrade for later; and 
3. closing the window... which now also schedules the upgrade for later. 

Microsoft is still claiming that "Customers can choose to accept or decline the Windows 10 upgrade," which seems rather disingenuous since the pop-up box doesn't have a single option on it anywhere which leads to that result.

The change occurred because the update is now labelled "recommended" and many people have their PCs configured to accept recommended updates for security reasons. This means dismissing the box does not dismiss the update.

Brad Chacos, senior editor at the PC World website, described it as a "nasty trick".

Yeah, no shit, Brad. But that's today's Microsoft for you: hard at work, losing friends and alienating customers.

By the way, if you're still auto-installing Windows updates whenever Microsoft tells you to, it's long past time to stop. You might also want to look into GRC|Never10, to stop Windows from upgrading anyway, even against your wishes, because Microsoft clearly cannot be trusted to respect your wishes. And if you aren't already running Spybot's Anti-Beacon, then you should consider doing that, too (those of you who have been upgraded to Windows 10, whether or not you actually chose to upgrade, can run O&O ShutUp10 instead).

And, seriously, people... Linux. If you are tech savvy at all, you should be at least looking into running a dual-boot Linux set-up. I know that I am, and will be actually setting it up in about a month, as my summer vacation project, with a goal of completely "defenestrating" when Microsoft sunset Windows 7 ahead of schedule. Because that's obviously their next move.