Tuesday, September 01, 2015

Windows Telemetry and Tracking Linkpost: Extended Edition

Call it bad timing.

I had only recently composed a rant post about privacy issues in Windows 10.

…and my RSS feed was growing with posts on new tracking issues spotted in Windows 7/8/8.1.

So when my firewall monitoring application GlassWire popped up an alert for a new network connection on my Windows 7 system with a suspicious sounding name -- I was all over it.

2015-08-29 07_31_46-bin

What the heck is diagtrackrunner.exe and what it is doing on my system?!!

Turns out it is yet another telemetry and diagnostics “feature” that has crept into Windows systems including Windows 7 and 8/8.1 versions via recent Windows Updates.

Here is a round-up of recent posts out of my RSS feed list that highlight and discuss Microsoft’s move to stealthy diagnostic and telemetry data collection on Windows 7/8 systems.

On the one hand it is very easy to toss the baby out with the bath-water and just pile on rants regarding Microsoft’s ongoing data-collection practices and techniques. Nobody likes a leaky boat and privacy sensitive computer users are easily offended and suspicious when new tracking features are discovered. Microsoft isn’t doing itself any favors either when information on these updates/features is nebulous, general, or even next-to-impossible to find. Even under the best of intentions and conditions -- assuming that the data collection is truly anonymized and used for best practices with diagnostics and system configuration improvements -- there is always the possibility that these features can be exploited and create a security risk; Lenovo and the Windows Platform Binary Table (WPBT) fiasco ring any bells?

Ars Technica’s writer Peter Bright sums it up nicely:

The concern with the new Diagnostic Tracking service is much the same as with Windows 10's tracking: it's not clear what's being sent, and there are concerns that it can't be readily controlled. The traffic to Microsoft's servers is encrypted, sent over HTTPS, so it can't be easily examined. While the knowledge based articles describing the new service list the DNS names of the servers that the service connects to, there are reports that the service ignores the system HOSTS file. As such, a traditional and simple method for redirecting the traffic doesn't work.


As with the other privacy concerns around Windows, our feeling is that the major issue at stake here is not that Windows is collecting data, but that it put the user in control. Collecting information about application errors and the way the operating system is used is reasonable. Having an accurate picture of how people use the operating system is likely to produce a better platform in the future; knowing which applications crash, and why, is obviously invaluable if those apps are to be fixed.

But we continue to believe that people who do not wish to be a part of such data collection should have a clear and unambiguous way of opting out, and these opt-outs should be rigorous. Disabling CEIP, for example, should not only prevent systems from sending CEIP data, but it should also prevent systems from retrieving even configuration data from Microsoft's own systems. We would also argue that these settings should be made simpler; at the moment there are many individual controls each governing a particular behavior. Some kind of global control to supplement these fine-tuning switches would be an improvement. We like cloud connectivity and online features, but these should be paired with clear user control.

So in the interest of informing Windows users so they can make there own decisions, here is a current roundup of Windows 7/8.1 and Windows 10 privacy, telemetry, and diagnostic information and resources.

In Windows 7/8.1

The first articles (Link#1, Link#2) I posted above mentioned a handful of Microsoft KB’s that point to Windows Updates containing telemetry and diagnostic information collection call-backs to Microsoft.

In tracking down my “diagtrackrunner.exe” mystery, I found the following website that listed those, plus many more Windows Updates for Windows 7/8.1 systems that contain those same features according to the author.

I cannot confirm or validate if all of these are problematic. I can confirm I found most/all of them in auditing my Windows 7/8.1 systems since like a good sysadmin we religiously apply Windows updates to our home systems for security and stability benefit.

The website author didn’t link to the actual Microsoft KB’s. That would have been helpful but it isn’t too hard to do a Google.

But to make things easy, I used a combination of Google searches and the WinUpdatesList utility to provide links to each of the Microsoft KB’s I could find for those listed. This should allow you to do your own additional research and evaluation and decide if you want to keep the update or not, or at least (where possible) opt-out of some of the diagnostic and telemetry data reporting.

The article also provided uninstall “scripts” to use via an administrator-level command-line session to pull them off -- unless you want to do it the long way and use the Windows Control Panel > Programs and Features > Installed Updates panel to remove them.

Also note that while you may consider fully uninstalling and hiding (do not show) some/all of those updates from your Windows 7/8/8.1 system, another option would to be find/disable the service manually rather than fully remove the update.

As a free PSA for Microsoft, let me add that removal or disablement of some/all of these updates could potentially cause stability, security, or reduced feature support for your Windows system. And could possibly impact your ability to upgrade your current Windows system to Windows 10; either smoothly, safely, or at all. M’kay?

Here’s the list/link of the current roundup of subjects under suspicion; re-sorted in KB order.

To be clear, I’m not endorsing the removal of some/all of these updates from your system. Do your own research first and make your own educated decision.

All things considered, I’m currently going with Mr. Peter Bright’s angle and will give Microsoft the benefit of the doubt for now. But will keep in mind the sage wisdom of a certain one-eyed auror, “Constant Vigilance!”

Post update 2015-09-18 - TinyApps blog brings GSD notice of a Windows 7/8-focused privacy and telemetry squashing tool.

From the included README file:

The Microsoft Telemetry Removal Tool (or MTRT) is an automated script that aims to be the most current and complete collection of knowledge found on the internet pertaining to helping Windows 7/8/8.1 users rid themselves of as much Windows 10 "features" and notifications as possible.

== Features ==

This tool covers many areas of the decontamination process, such as:

   - Windows Update Settings: Changed to notify but not download update, optional updates are not packaged with important updates, and PC will not auto-reboot after update.
   - Disable Gwx/Skydrive/Spynet/Telemetry
   - Disable Telemetry scheduled tasks
   - Uninstall Diagnostic Tracking Service and attempt to lock down log file
   - Disable Remote Registry
   - Block hosts: Through the HOSTS file and PersistentRoutes
   - Delete the Windows.~BT, Windows.~WS and Windows.old folders, then attempt to lock them.
   - Remove and block evil updates: updates are uninstalled and then ignored in windows updates.

In Windows 10

You might want to just hop over and re-read this GSD post that addresses Windows 10 privacy issues:

But I decided to try to repackage it again here for more of an updated “all-in-one” resource.

The same team that brought the extended Windows privacy KB listing above also provides a very extensive step-through for increasing the privacy settings in Windows 10.

I’ve previously mentioned here at GSD that there are a number of guides on how to modify the Windows 10 settings -- either during a custom installation upgrade or after the upgrade has gone on. For more information and cross-checking/validation I encourage you to read these articles as well.

Likewise, there are a growing number of Windows 10 scripts and utilities that allow you to lock down many privacy settings in Windows 10, including some not easily accessible to the user.

More attempts at scary-sounding PSA notices first:


I’ve seen the following post comment issued out by Microsoft to a number of bloggers referring to the tools that will be discussed below. So let me save them some time by reposting it here.

“We strongly suggest customers do not install applications of this nature. These types of third-party apps can alter the way the system operates, creating future problems and changing important settings and features.”


Different tools take different approaches and some could significantly cause performance, stability, or security issues of their own if applied. Some whack into the Windows Registry. Some stomp on Windows services. A few even make (or block) specific network communications.  Few make backups of the system settings before changes are applied restricting your ability to roll-back the changes if something breaks.

Proceed at your own risk. I really encourage you to spend some time evaluating and understanding each of the tools listed or linked below before actually using.

Windows 10 Privacy Utilities and Scripts

Still determined?

OK. I did warn you.

Martin Brinkmann’s post provides links and overviews to (currently) six maybe-ready for primetime utilities that can help Windows 10 users manage and take (some) control of privacy in Windows 10.

I highly recommend starting out there, and he has done a great job and a lot of work comparing the features and issues each of them present.

I’ve built a list below using Martin Brinkmann’s initial Windows 10 privacy utility list and have further supplemented it with additional script-based and/or utilities I’ve found.

  1. Destroy Windows 10 Spying - by Nummer. (appears to support Windows 10/8.1/7 versions)
  2. Disable Win Tracking - by “10se1ucgo” on github
  3. DoNotSpy 10 - by pxc-coding
  4. Windows 10 Privacy and Shit - by “A Guest” - (BATch file fix format)
  5. Windows 10 Privacy Fixer - by “lordfiSh” on github
  6. W10 Privacy - German utility but supports German, English, & French languages
  7. O&O Shut Up 10 - by O&O Software - Note that this app provides the ability to set a system restore point before applying settings. That’s a feature that isn’t offered in many of these tools and can be challenging for some users to first do manually themselves. (review #1, review #2)
  8. Spybot Anti-Beacon for Windows 10 and forum download and update notice page. By Safer-Networking.org creators of the SpyBot S&D anti-malware utility.
  9. Windows 10 Enterprise LTSB - Mother of all tweak scripts - App Scripts - by “ericgl” on reboot.pro
  10. Ultimate Windows Tweaker 4 for Windows 10 - The Windows Club - this app contains a wide range of Windows 10 system tweaks, but specific to this post, includes a “Privacy” tab that addresses telemetry, biometric, advertising, search, Cortana, Windows Update sharing, feedback polls, password reveals, Steps Recorder, Inventory Collector and the Application Telemetry gathering. ghacks review
  11. WindowsLies/BlockWindows · GitHub or via Block Windows Spying Simple Script to Stop Spying - Windows batch (BAT) file script (and other stuff) to do a bunch of privacy settings and tweaks. What is nice about this approach is that you can review and modify/REM stuff you don’t want or need if you would like.
  12. AntiSpy for Windows 10 - Ashampoo Windows 10 privacy and tracking configuration utility. (via)

Of course…if all these tracking, telemetry, and privacy issues in Windows is giving you a headache, you could follow the advice of tinyapps.org and decide to chuck-it-all for a truly free OS: List of Free GNU/Linux Distributions - GNU Project - Free Software Foundation

Or if you are willing to try to find a balance between some open and closed source options, but still retain more control that Microsoft has been willing to provide you with, there are many, many good Linux based OS builds that are modern and easier to install/use than ever before on most (but not all) hardware platforms that run Windows.

And you will meet some really great people and communities in the process!

Constant Vigilance!

Claus Valca

No comments: