fix-windows-privacy

[Batu69]

What & Why?

 

With the release of Microsoft's Windows 10 operating system, several innovations have been introduced to the market regarding the privacy settings. What is normality with Apple since long and apparently has been accepted by OSX users, now also became reality for Microsoft users: The analysis of use data and behavior by the US American creator of the software.

 

Over time more and more users published instructions on how to break Microsoft's habit of spying on their users, including for private users whose computers are not part of a company or enterprise domain. I was annoyed that this leads to manually clicking checkmarks on a graphical user interface or running confusing PowerShell scripts and merge several single rule-sets. With the webpage https://fix10.isleaked.com/ I had the idea to build a tool, which is easily extendable and configurable and can automate the process of reaching an adequate level of privacy on the press of a button.

 

Fix Windows 10 Privacy can be used via a GUI or the commandline. Right now it implements about 130 rules, which keep Windows 10 in check, regarding data protection.

 

 

In particular, the new rules for enhanced privacy cover Windows 10 Telemetry: Microsoft collects telemetry data to identify security and reliablity issues and uses diagnostic data of the operating system to analyse and fix problems. However, data that is collected by Microsoft might probably also be used for future business cases. Telemetry data could contain senstive data and personally identifiable information. This is why several Windows Services are disabled by the privacy tools and policies are set, to deny the operating system to collect and send such data.

 

Furthermore, several data leaks are plugged which allow third-party vendors or website owners to query sensitive information about the user. This includes but is not limited to several Web browser restrictions, to prohibit telemetry and "more efficient advertisement".

 

The settings for querying geolocation data, access to caller history information, microphone etc. are configured to allow access by default within the "Privacy"-settings interface. Access to this information is restricted by Fix Windows Privacy as well, and must explicitly be enabled by the user, if access shall be granted.

 

Another breach of privacy that probably is not well known to most users is the storage of application data within the OneDrive Cloud of Microsoft or the usage of Microsofts AI assistant "Cortana". Fix Windows Privacy denies automatic storage of application data such as browser profiles in the OneDrive cloud and disables OneDrive integration on the Windows 10 operating system. Whenever storage of data in the OneDrive cloud is desired, the user must enable OneDrive again.

 

Several changes at the Bitlocker configuration are not as relevant from a data protection point of view, but nontheless important for general protection when using Bitlocker full disc encryption. This includes for example activating the Pre Boot Authentification, so the hard drive will not be decrypted before entering the passphrase and will not be decrypted automatically when a TPM chip is used. In the default configuration Microsoft only allows digits for the passphrase. Fix Windows Privacy changes the Windows config to enable complex passphrases as well.

 

With this tool users have the possibility to check at any time (for example after updates) if any privacy relevant setting is still in the desired state. With another single click all such issues can be fixed again.

 

The tool and all rules are open-sourced on https://modzero.github.io/fix-windows-privacy/ and respectively https://github.com/modzero/fix-windows-privacy.

In order to extend or modify the rules, all one has to do is to edit an XML file, in which all rules are defined. It is not possible to deselect any rules in the current release of the Fix Windows 10 Privacy Tool. An editor for selectiong rules to apply is planned for a future release.

 

OneDrive Cloud users or users of others of the above mentioned features should refrain from using this tool at this time, because the functionality of these services will be limited or disabled after running it.

Authors and Contributors

Fix Windows Privacy has been initiated by Thorsten Schröder (on github) of modzero in 2016. The software was inspired by the following websites:

• https://fix10.isleaked.com/
• http://www.c-amie.co.uk/technical/windows-10-registry-privacy-paths/
• https://www.windows-security.org/
• https://community.spiceworks.com/topic/1751004-some-useful-windows-10-anniversary-registry-values
• http://www.zdnet.com/article/windows-10-telemetry-secrets/
• Group Policy Settings Reference for Windows and Windows Server

The program icon was originally created by http://www.danilodemarco.com/ and modified by Thorsten Schröder.

License

Fix Windows Privacy is free and open source software. The software is published under the BSD 2-Clause License.

Download

A signed installer can be downloaded from Github at https://modzero.github.io/fix-windows-privacy/releases/fix-privacy-setup.msi. The installer and executable programs have been signed with the following certificate:

Issued to: modzero GmbH
        Issued by: DigiCert EV Code Signing CA (SHA2)
        Expires:   Thu Oct 10 13:00:00 2019
        SHA1 hash: 9CA607786293B016FC148FC0F09C23CD89BEB2BD

Support or Contact

visit our website at http://www.modzero.ch.

 

Article source

[Pete 12]

Take care with it , do not block too much , coz it can ruine your ( cumulative !) Win-updates...............

[straycat19]

I prefer the aggressive approach to blocking any version of windows.  Block everything and then see what tries to make a connection when the various programs are run. Allow connections only after suitable research into what it is trying to connect to and why.  I don't make recommendations on what to block or allow, that is up to the individual user, but I also don't trust any of the programs that are supposed to do it for you since they don't block everything they need to and no two programs block the same exact items.  Personally, the reliance on programs to tune a windows installation, instead of taking time to do it manually, is the major problem today with most systems.  I came from the old school of modifying autoexec.bat, config.sys, win.ini, system.ini, protocol.ini,  and other configuration files manually and choosing how my system loads and runs and though I can't tweak it as much today as back then I still prefer to do it manually.