Windows 10: privacy concerns

Let's talk about the really cool stuff: privacy. First of all: seriously, Microsoft? What the hell?

Check out the previous post, which comments on the installation, issues and bugs.

wtf

Windows 10 is essentially a huge privacy issue. Everything is captured or checked, and not everything can be disabled. This is just wrong. I disabled pretty much everything that could give them my data, and I'm pretty sure they still have a lot of it. Cortana? Not available here anyway, so I couldn't care less. OneDrive syncronization? Meh, I think that one I forgot to disable. Oh, send data to Microsoft for improving stuff? Never!

I wanted to comment on two things some people posted on Twitter. The first one is regarding Bitlocker, from here, has the following text:

Crypto Relevance: If you turn on device encryption, the new Windows automatically encrypts the drive and backs it up to Bitlocker. And then backs up your Bitlocker key to your OneDrive account. In the clear. And their new "non-privacy agreement" gives them
permission to vacuum up and use whatever is on your OneDrive account. What could possibly go wrong?

I don't if that is accurate, but I couldn't find anything that could do that. Why does it backs up the key to OneDrive? Wouldn't that be pointless? I mean, the idea is to encrypt your data, and there should be only two way of recovering it with Bitlocker: the password/key/whatever, or the recovery file. The second one I really don't like and I prefer to delete it. The password should be enough for me. But backing up to OneDrive? That doesn't make any sense.

Anyway, for "fun", consider that is true and your machine is seized by the government. Now they have your drives, but can't really force you to type the password. They ask Microsoft to release your data on OneDrive, and assuming they do (and probably will under most of the circumstances), they got access to your key. So they can now decrypt the drive, destroying the principle of having an encrypted drive. So why encrypt with Bitlocker? I mean, if they can get the key, just don't bother encrypting. That might buy you some time to get a proper defense, but in the end you're still screwed. Backing up the key to a cloud service that could be accessed by third-parties defeats the whole purpose of encrypting a disk! Unless it's a laptop, which could be stolen. Thieves don't usually really know how to decrypt data anyway. I hope.

But ok, let's ignore that for now until we have more information. Let's consider the second tweet regarding NSA and backdoors. Yes, I can confirm: you have all those options. But even my sister, who doesn't even study anything computer-related and couldn't care less about security, disabled those features. And I'm pretty sure that, if I check, she disabled like over 50% of them. Anyway, let's consider a few points:

  1. Wi-Fi Sense. That's the most useless thing I ever saw. Yeah, sure, share my wifi password with anyone I know on Outlook (who the hell uses Outlook?!) and Skype (...). Seriously, why? Sometimes I have two wifi networks at home, one for me and one for guests, so I don't have to share my password. Why? Because I want to. Also because I can isolate those networks to avoid some attacks. But come on, sharing the password is weird. And sharing with Facebook? Why?! The weirdest thing is that it wants to share with your Facebook contacts. Imagine that. A lot of people in the whole world knowing your wifi password. Yey! That's a huge fail for me. And yes, my sister disabled that.

  2. Windows Defender. On the screenshot it shows that Microsoft can enable it back if you disable it for a while. Again, why?! I don't need Windows Defender, I have my own protection tools (yes, I do use an antivirus on Windows, don't ask me why). But now we can't really disabled it? But wait! Did anyone try to disable service? Just like Windows Update.

  3. Windows Update. You can't disable it. You don't have the "download and install later", although you have an option to "schedule a restart", which seems to be the same for me. But yeah, you could disable it by disabling the services. But then I raise the following question: in case of a security patch, is it better to stay vulnerable than receive buggy patches because your GTA V might crash now? Come on. Oh, and did I tell you that Windows Update now uses torrent (I believe it's torrent) to share updates all over your network and the internet? Imagine that! I wonder how long it's gonna take for someone to hack that!

  4. Telemetry. Just check the screenshot, it's fun! Now 0 and 1 have the same value! Yey logic!

  5. Ads. People are scared that Microsoft will use your data for showing you ads, just like pretty much everyone is doing nowadays. I've been playing with Windows 10 with some quite restrict privacy settings and so far I haven't seem any ad on my system, except those shitty weird ones on Skype. So far, so good.

Yeah, Windows 10 is going to be interesting. I'm afraid that it hides many other secrets that we still don't know, and that NSA or anyone else is watching us way better now. Some people are calling it the "Windows 10 botnet", which I consider mostly accurate and funny. At least from the network point of view, Windows 10 updates have been crashing any downloads from Microsoft in the last days here, so I consider it as a botnet doing a DoS attack. But nevertheless, it's an interesting system that we still haven't even began to understand.

Good luck.