There are a lot of open source scripts and tools on GitHub for accomplishing the same goal (in various state of being out-of-date, abandoned, etc.); I started collecting the ones that appear somewhat active here: https://github.com/TemporalAgent7/awesome-windows-privacy
I plan on going through them to weed out duplicates and duds. You shouldn't trust any of those blindly, but definitely read through the code; I'm particularly interested in coming up with a list of services and scheduled tasks that can be safely disabled without impacting any of the applications and services I'm using (I want Windows Update, OneDrive, Office, Defender, Store and store apps, MS Account login and Xbox Gaming for example, which most tools want to disable).
I noticed a media disk drive grinding away the other day, nothing made sense to be causing it. Turns out Chrome now scans all your drives and sends executables back to Google by default or something (software_reporter_tool.exe), even if you are a software developer in competition with them (practically all software developers since Google are essentially all-encompassing at this point).
Is it intuitive to anyone that a third party web browser would be doing this by default?
If you're sure that's actually Google's application doing it, and can show it happening with clear evidence, then I recommend reporting it to the media and everyone else you can think of. That sort of behaviour is essentially espionage and I'm sure it would be enough to get Chrome banned from many places which were previously happy to use it.
> In addition, if you have opted in to automatically report details of possible security incidents to Google, Chrome will report information about unwanted software, including relevant file metadata and system settings linked to the unwanted software found on your computer.
I don't think I ever opted in to this but they may have have had tricky wording or I just didn't catch it. From searching around, there seems to be no way to opt out of the scan itself (not the submission) except denying read permissions to the software_reporter_tool.exe's folder. So if you have spinning drives that you want to keep idle when not in use, for power and longevity reasons, you are SOL without remembering each time you setup a machine.
After installation, programs should not engage in deceptive or unexpected behavior. Some examples of deceptive or unexpected behavior include:[...]Preventing the user from controlling the software[...]The user must have a meaningful opportunity to review and approve any principal and significant updates or settings changes.
Disclosure is especially important if data collection is a non-obvious feature of the software.
Pure unadulterated hypocrisy. Not surprising coming from Google.
> Don't scare the user. Software must not misrepresent the state of the user's machine to the user, for example by claiming the system is in a critical security state or infected with viruses.
Yet Google Chrome continues to tell users that many harmless executables are malware even after they have been informed of the false positive many times.
Maybe they should prevent people from downloading Chrome instead.
It has done this for years. Its not new behavior. Also why I use Firefox and Comodo Firewall. I would remove all privs on the file in Windows to stop it. Deleting will only be temporary.
are there recommendations for a powerful Windows firewall that can be run locally? I have noticed there are DNS calls often resolving from my machine (via pihole), but my local firewall is oblivious to those connections and never alerts me to local application making those calls.
It seems this is the same engine as ESET antivirus scanner:
>As applied in Chrome Cleanup, ESET’s technology is used by Google to alert users about unwanted or potentially harmful software attempting to get on users’ devices through stealth, for example, by being bundled into the download of legitimate software or content. Google Chrome, using ESET’s security technology, then provides users with the option to remove the unwanted software. Chrome Cleanup operates in the background, without visibility or interruptions to the user. It deletes the unwanted software and notifies the user once the cleanup has been successfully completed.
Someone might post a binary build there soon with 94 (until yesterday they only had the ancient 89), but you can build it yourself as well (on my 32-core 5950x with 64Gb RAM it took 2.5+ hours to build, just to be prepared for that).
Thank you, found it. It looks like it's not a new thing, it's been around for at least 6 years; it's possible they recently expanded its scope to scan more of one's disk which would be unfortunate. Found some details here for how to disable it: https://www.ghacks.net/2018/01/20/how-to-block-the-chrome-so...
Very nice that I turn off everything I want one time, but what about the next update that will randomly toggle some settings back? How about new settings for new features that are added?
I think it's foolish to go use software like this, and expect some privacy to happen. Windows and its user are just not on the same page.
What refreshed my hope in IT is the FOSS ecosystem. Where software is passively uncaring about me, the user, instead of working actively against me, which is the case in most of proprietary stuff nowadays.
Historically tools like these were broken by windows updates and could not keep up with Microsoft's violent efforts in breaking them. You can't even turn off windows defender in the registry anymore, which is the sole reason windows performs terribly on low end devices. It sends the CPU and 5400rpm disk to 100% use all the time.
Windows is a threat to national security and Microsoft must be sanctioned. Business if they wish to avoid crypto lockers and actually care about "cyber security" will drop windows in favor of Mac/Linux.
I agree. Windows is malware. Its good or bad bits are irrelevant, it's perfectly usable as an OS, but in the meantime it's loaded with malicious intent and its business advantage is ruthlessly exploited at every turn. So I don't think that the tool itself is that much useful either. It's good popularity for their creators, that's for sure, who very successfully jumped on the Win10 telemetry paranoia bandwagon.
And who I think should change to Linux or BSD is not just business, it's governments especially. How they enable an auto-updating system of another superpower is beyond me.
My friend just put Windows 11 on his (original) Surface Go (Pentium Gold 4415Y, 8GB RAM, 128GB), and he cannot stop raving about how fast it is. He said he was considering putting Linux on it, but he isn't feeling the need to now. To be sure, that's not a 5400rpm desk, though, yeah, I haven't had to suffer through one of those in over a decade!
It will be slow in the coming months. Windows has very fast UI response on fresh installs and degrades over time. It's really not an achievement to have responsive UI in 2021, Microsoft just hires the bottom of the barrel and bases everything on group studies, which yields the worst outcomes.
I have to use Windows once in a while (circumstances).
Best way to forget about the existence of spyware (aka telemetry) that I found is to not connect a Windows box directly to internet. I configured my router to give it a gateway and DNS IPs which don't exist in the network. Eat that, Microsoft. And I can still connect to internet by manually setting a SOCKSv5a proxy to the router in Firefox and other software that I trust (make sure there is no automatic proxy discovery mechanism in the router).
Since the 21H1 update you might start noticing connection drops since a new wlan autoconfig feature has been added: if windows can't ping home reliably, it will restart your nic.
I don't think the reason for this is malicious. Back in 2012-2018 many Windows laptops belonging to friends and relatives had frequent WiFi issues. The only reliable way to fix the issue was to restart the NIC.
Link please? I run Windows for work, which includes connecting to industrial networks with no Internet connectivity. If this happens, it's going to be a nightmare.
Thanks for the link! I'm searching for 'reboot' and 'restart' but I don't see anything mentioned about rebooting -- only a restart of the network service. Are you sure it actually reboots the PC?
Wow! Thank you for that tip. Block the machine's internet access with a firewall but connect the browsers over a SOCKS proxy.
I mean, I do have a couple of containers up and running on a Raspberry Pi offering nothing but intranet SSH services while the containers are connected via OpenVPN to differnt VPN servers, so that I can use different browsers which connect via SOCKS each to one container in order to have one browser per country on one machine.
It never occurred to me that I can use this same technique (but without OpenVPN) in order to disallow that machine to connect to the internet but still have a working browser...
I'm quite a pessimist otherwise, but I don't think my comment really reflects that. I just reported that as a human being, I'm tired of, and fed up with fighting a system that disrespects me, belittles me, overrides my decisions.
For the longest time I felt that I have the upper hand. That I could install a software for my every need, limit this, change that, bend the whole system to my will. But the realization grew on me, that me and the system are wanting two very different things. And whatever I do, I won't win. At most, we can be engaged in a cat-and-mouse game, as long as I'm up for fighting for it. If I'm not, then my cause is lost.
With this realization, I felt betrayed by the entity I otherwise liked very much. And this is the feeling I wanted to convey with my previous comment.
I did not take the comment in the same light. I think it is great that people are creating such software. Seems useful for many users.
But looking at the broader context npteljes has a point.
Why fight an insecure tool (let's say Windows is insecure for the sake of the argument, I do not have a strong opinion about it) then patch the security on top. Surely the obvious choice is to stop using the insecure tool.
Sometimes people want a technical answer, when the answer is to do the obvious. I don't think that is pessimism.
The most constructive answer is to stop using/supporting/supplying demand for software that doesn't respect the user. Rather than people trying to remove the same warts over and over, progress could be made on a more permanent solution; namely, identifying gaps in the open source ecosystem where the only current solutions are proprietary.
I think it's a pretty good idea to automate this sort of software and schedule it to run whenever the OS restarts, or at the same time every day (or multiple times, depending on usage patterns).
I don't think it's possible to (easily) figure out when to run something right after the updates change any settings, but it's a good idea to automate away manual work as much as possible!
The person that you're replying to certainly has a point about having to run the tool manually being a hassle. Sadly, at the moment there are also no ways to automate running the tool (that i know of), since it's GUI only, as opposed to offering CLI functionality or silent launch options.
Assuming you mean trust in MS in general and not in what the OS does: broken trust isn't easy to fix, and this tool indeed doesn't do much in that regard, but it does fix some of the things which lead to the broken trust i.e. what the OS is doing.
Then perhaps this tool and this operating system are not for you... Windows is good for some things, privacy ain't one of them, and you need to either live with it, work hard to protect your privacy within it, or leave it.
For some of us (me), tools like this are the difference between no privacy oversight and some oversight. I aspire to be a privacy-aware person rocking Linux, but in the meantime...
I appreciate this aspect of the ShutUp10. By its existence and popularity, it spreads the message that there is such a thing as privacy, and that it's important.
> Due to the fact that the script includes more than 150 functions with different arguments, you must read the entire Sophia.ps1 carefully and comment out/uncomment those functions that you do/do not want to be executed.
I agree. The winning move is not to play. To fiddle with Windows' privacy settings, and expecting them to respect the users privacy, is like asking an abusive partner nicely to not be abusive. Promises will always be broken, and in new and unexpected situations, the partner will act on their character, not on their promises. And Microsoft has a documented history of this behavior.
With Windows Update removed, and no way to patch the system without a full reinstall, I would not use ameliorated.info in any important capacity. The complete unability to patch zero-days makes it very unattractive. They recommend to just take admin privs from the default user. If you're this serious about privacy, use Linux. If you NEED Windows for a program, use a VM and nothing else. If you NEED Windows as your daily-driver... then you shouldn't be risking your daily driver with this. The ONLY update you can apply is simply to just reinstall the operating system. I do appreciate this kind of stripped-down build procedure, but fail to see a good-enough use case.
> Furthermore, as touched upon on the main page, 94% of critical Windows 10 vulnerabilities can be mitigated by revoking administrator privileges from the default user.
I'd just like to touch upon that 94% figure. It's from this source[0], which actually says:
> Of these critical vulnerabilities, 94% were found to be mitigated by removing admin rights, up from 85% reported last year.
It's a very fine line, but they're mitigated by not running stuff as admin, not just removing admin rights from the main user's account. With Ameliorated, people will still want to set up software as admin and install to Program Files, so if they take the advice from the FAQ, they might think they're fine just having a separate Admin account they use for UAC pop-ups to install the programs, while leaving their main as a standard user, which is indeed not going to solve any zero-days compared to users just being able to click 'yes' at UAC.
This reminds me of the old "Windows XP Service Pack 4", or Windows 7 Minimalist ISOs that were going around. Generally, even the idea of using an OS downloaded from a random site (big Linux distributions excepted) is a security nightmare: you're trusting random, anonymous people not to put malware deep enough into the OS image where it won't easily be found. See XcodeGhost that got caught way after the fact.
Same exact reason people should strongly consider staying away from LineageOS builds and other such things, where the dev team of half a dozen non-vetted anonymous forum users is responsible for everything running on your phone. The "open-source means security because code gets vetted" argument only applies to big projects like Chromium, where hundreds of major corporations with world-class software engineers review, and contribute to the source code. Not to Lineage, where every phone model has its own build and dev team, and each build gets used by maybe a few hundred or thousand people, and reviewed by practically nobody. If there was one single Lineage build for all phones, I'd feel much more comfortable with it.
Though I have zero reason to distrust the Ameliorated folks, you generally never want to mess with software (especially OSes) downloaded from anyone other than the official vendor. The risk of using this is much higher than running proprietary ShutUp10, which is already non-zero since it's proprietary.
What a bunch corporate-authoritarian fearmongering BS.
The community is NOT stupid. All it takes is one person to find out someone is trying to be malicious, and mass ostracisation will take place. For most of civilization we didn't need corporate overlords to tell us who to trust --- that's a very very recent development.
where hundreds of major corporations with world-class software engineers
People can get doxxed and ruined in real life. News spreads quickly. If you try to deceive a whole community of intelligent humans you'll get found out sooner rather than later, and unlike the slap-on-the-wrist lawsuit that at best companies get from trying the same, it is much worse for an individual. But of course, that doesn't fit the narrative...
>DO NOT DOWNLOAD TRON FROM GITHUB, IT WILL NOT WORK!! YOU NEED THE ENTIRE PACKAGE FROM r/TronScript
> Download Tron. The download links are in the top post in /r/TronScript. If you download the self-extracting .exe file, run it and it will extract tron.bat and the \resources folder to the current directory. Copy both of them to the Desktop of the target
Why package a BAT file with an EXE? Even if it has to be distributed in a container, why not a simple ZIP?
And the subreddit literally has a thread with a table that contains download links and a torrent, why would you not include that in the readme?
TronScript is hugely overkill. It makes changes that the vast majority of Windows users, even privacy conscious ones, would not want.
I dread to think how many well-meaning sons and daughters have run it on their parents and relatives PCs and then left, leaving behind a system that is now a nightmare to use.
Also, it takes literally hours to run. I mean, what the hell? ShutUp10 is done in seconds.
I probably still won’t trust it on a critical system without a reputable audit though, I think I’d still prefer to either trust Microsoft or Apple or go run OpenBSD or Linux instead.
Thanks for sharing this. I tried 3 of the tools mentioned in this thread, in addition to having tried the O&O tool before, and https://privacy.sexy/ resonated with me the most. It's the easiest to understand and also makes it much easier to make smaller incremental changes. Due to the "revert" toggles and heavy commenting, it's easy to roll back if anything breaks.
If only they would just use normal checkboxes, available on Windows since the 80s, instead of these stupid ambiguous slider-switches, they would be perfectly clear with the additional advantage that you can use them while colourblind. Check to disable, uncheck to enable. It's the result of another idiotic attempt at UI "modernity".
(Then again, the double negatives in Windows' own Group Policy Editor, where some if not all of this stuff is also configurable, are just as confusing sometimes; but there, at least the UI controls themselves don't add any more ambiguity.)
here are some checkboxes in winaero inder the "disable windows ads" title:
[x] stop unwanted apps windows auto-installs
[x] start menu suggestions
[x] ads in explorer
notice how the first checkbox has "stop" and the second and third don't? to me, if "ads in explorer" is checked, it means you have ads in explorer. not to the winaero guys though. if "ads" are checked, no ads. sometimes. sometimes if "stop ads" is checked, no ads.
my favorite is android, where you have a toggle, and depending on how it's set, the description of the toggle changes. so you have the toggle "off" and it says "disable this feature."
Yes, this tool is very confusing to use. It is hard to tell if the slider has to be red or green to disable something. I have a mix of green and red and with most of them it say recommended "yes". So is my current setting the recommended setting because it say yes or does the yes mean the recommended setting is to disable it? Is disable it then the green or the red knop? This app needs a complete UI redesign to be useful
agreed. I've been using this and similar tools for several years and the cognitive load for every single setting is infuriating. especially given the very obvious underlying reason everyone is launching this tool.
Microsoft has faced so much criticism for their approach to telemetry - I don't really understand why they don't at least provide the option to opt out of all telemetry.
If they left it enabled by default, but provided an option to opt-out, realistically only a small segment of users would do so, and most of them would likely be power users who are already taking other steps to try to prevent telemetry being collected and/or sent. So they'd take an insignificant hit to telemetry, but would gain a lot in goodwill.
Telemetry isn't just a tool for product managers, but it's also a goldmine for national security agencies (more than just the NSA; Bing is unblocked in China for a reason).
Anti-government meme made with GIMP at a specific timestamp? One search through the telemetry logs to find who exported a file at that exact moment.
Any data collection is also government surveillance unless proven otherwise.
I don’t work for microsoft anymore but I laugh at these sorts of suggestions. I don’t know much about bing but I do know a decent bit about the telemetry pipeline and the idea of an anti government meme detection is ludicrous at best.
With all due respect, the danger to a telemetry pipeline is almost always downstream effects, like court orders to intercept network data or human assets that knowingly exfiltrate data. Even if you assume that Microsoft has the best of intentions and that all of the telemetry is for the purposes of improving the software experience, it’s a naive assumption that this doesn’t increase the attack surface substantially. With no user accessible kill switch and with all teams operating with good intentions, you still stand to create scenarios like telemtry-for-surveillance, even if the probability of such a scenario is small in the grand scheme of things.
GDPR requires the opposite, data collection has to be opt in. I don't really see why the telemetry they capture doesn't count as peoples personal data honestly, it should given how much behavior information is available from it.
I believe it’s only opt in when it contains user identifying information. Information on did a feature work or not and how long search indexing took isn’t particularly sensitive once you strip off any device identifiers.
I can get behind that mindset, but if you're using Windows you've already given up your ability to introspect your system. The same is true for most of macOS/iOS and large parts of the basic feature set found in Android. Most Windows programs, both freeware and paid, are closed source, that's just the way that ecosystem functions.
These companies can exist the same way Winrar can exist: give people the tool for free, wait for them to want to use it at their business and sell the subscriptions there. Businesses are much more wary if pirated software than consumers so Winrar manages to survive to this day. To me, the amount of telemetry collected from modern crapware indicates a lack of trust in the product from even the developers themselves, which in turn proves to me that the product isn't very good on some level I might not be able to see.
Just because something is free doesn't mean it's not reliable if there are business subscriptions funding the product itself. The way programs stalk their customers these days used to be rare and the O&O team seems to follow the old software shop practices rather than "modernising" and adding the very thing they try to block to their own product.
It is possible to use windows as a mere kernel. Much desktop software on a modern linux distro is portable. Even your example, winrar, can be replaced by peazip or 7zip.
I actually saw some people using mostly FLOSS on windows as a step before full migration away from it.
Hence, it is clear what benefit they draw from releasing this software for free: Marketing. They are not in the business of brokering user data or mining bitcoin covertly. This tool isn't even installed, it's "run once". To me, that's about as trustworthy as it could be.
For such an intrusive application there are many ways to hide it. Not saying they do it, but I see no way to check it unless looking at the source code.
- Run it in a Windows VM. The program could detect this and not phone home in this case, of course.
- Monitoring on network level (wireshark on same network, Pi-hole, router itself...). This is virtually impossible for the program to circumvent.
You could also audit the changes it made to the system (resorting to stuff like diffing disk images before/after if you really want zero trust) to verify that nothing sneaky was left after running the program once.
Is it possible to circumvent Wireshark, Procmon and the likes? Otherwise those 2 combined give pretty good insight in what an application is doing wrt I/O.
Windows will most likely consider this malware, since it is effectively piracy (removes activation checks) and it does mess with Windows Defender by disabling a bunch of phone-home stuff like malware sample submission. If you're already getting people to disable Windows Defender and/or make an exception for the exe, it's suddenly super easy to also embed some custom C&C into it, either for mass use (eg. using a Windows service to have machines participate in a ddos botnet) or for targeted use - when a specific network block downloads it, the C&C sends a different payload that quietly looks for git credentials or trade secrets and ships them off.
They technically don't have an incentive now, but if they ever get one, it'll be super easy to abuse this position to embed malware. Don't think of the threat as the current company, but someone buying them for $millions and quietly doing this years later.
It is not considered malware by Smart Screen from what I can tell. Kaspersky doesn't have any issues with it either, and I've run both the original and the ++ Version of ShutUp.
This is portable by the way, so I don't really see the point in worrying about rogue company takeovers.
I've not done any in-depth analysis of this app, but have used it on a machine that required windows 10 at the time. My family and friends have also used it. I can say that after they use it, the DNS activity to the Microsoft tracking endpoints appears to stop and other DNS activity is reduced but I am no windows expert so I can not say for sure if 100% of telemetry is truly nullfied. The real time dependencies on the activity DNS/HTTPS endpoints does appear to be removed after usage. From a network perspective it does stop the "chattyness" of Windows 10.
I prefer the script[0] instead of the hacked ISO since you can install the script in later versions of W10 using your own preferred ISO.
Only caveat: There's no way of telling what versions of W10 it's compatible with (I imagine it breaks some versions). I have an old VM with AME installed and manually enabled updates by hacking the registry. (You could also alter the .BAT script to enable updates, but you have to know what to remove).
This project is cute, but I only ever used it for an offline sandbox for running low resource games and cracked versions of Photoshop. I am scared as shit to connect this thing to the Internet. I only connect to receive updates.
This looks interesting. Is there something like a Vagrant build image for this so that you can easily automate the build process to pick up the updates and adjust the configuration/customization in a json or yaml file?
It is sad that things like this are even required in the first place. I would really like to have more trust and confidence in Microsoft. To earn that trust they could provide one page with all PowerShell sub-commands and links from each command to a man/help page with real world examples so I don't have to trawl through technet and google or random github gists.
They could also give people a true option during installation to really for-really-real disable telemetry regardless of what license home, pro, enterprise, ltsc they are using.
Fragmentation is not in ms best interest, but they could actually license just the nt kernel with a bootloader capable of launching it. Then people could build nt based distros with carefully chosen packages. Just like it is done with GNU/Linux.
Maybe some one could write an application to delete as many files as possible from a pristine windows copy to turn it simply into a kernel launched by a bootloader. Is there any project that does that?
That's an appealing idea. From watching the behavior of XBox One and Windows 10, I would be really surprised if they created such a thing. It really seems more like they want people to have dumb terminals with their binaries pseudo-cached and operate more like a mainframe/cloud model.
The simplest way to test any software you're suspicious of on Windows is Sandboxie (https://sandboxie-plus.com/downloads/). Any files or registry changes are persisted to a separate location in the filesystem, so it is pretty easy to catch misbehaving software. For software like this, it will negate the utility of the software due to being in a sandboxed environment, but it will least give an idea of the registry keys and files that may be modified.
This is not convenient to do at every update. On a windows system were there is no known concept of built-in package manager it is even more complicated. I've seen windows apps that automatically update themselves.
Also, since it is very intrusive, I don't think running it into a sandbox may give good diagnostics.
If this program has to be run persistently, then it won't provide much, since a malicious program could wait X days prior to downloading a payload. It is mostly useful for looking for one time changes like registry settings and verifying that the program doesn't place a bunch of random .bat or .exe's in obscure folders.
Windows loves to silently update things, even if it ends up breaking everything, too. Especially drivers where it isn't super obvious that it was updated and something just stops working. Windows 10 is _way_ more aggressive with forcing updates than 7/8 were, automatically re-enabling Windows Update after 30 days of disabling. The easiest solution that I've found is just blocking everything at the DNS level. They can obviously use IP addresses as a workaround if they really want telemetry, but I haven't had issues after blocking a bunch of MS domains in the hosts file.
Fair enough, though O&O has been around for ages (24 years) and I don't remember hearing anything bad about them (and have used their software in the past).
Partners aren't with Microsoft. They're vendors and service providers that live off of scraps from the mothership. If they were to do something malicious, it would potentially cost them their business. I'm sure Microsoft itself doesn't care if under 1% of desktops use tools like this to turn off their telemetry.
There's privatezilla too. If you consider Microsoft Defender (real time scanning & sample submissions) to be a spy tool, there are easy scripts available to permanently disable it, apparently recent Windows versions decided not to honor instructions disabling WD via registry or local group policy.
A screenshot of the application on the website shows this option. I don't understand; are advertisements via Bluetooth some kind of Windows functionality and how does it work?
Perhaps they mean BT Beacon advertising? A small BT device can broadcast a notification to other BT devices nearby. It is used in some places for marketing.
Its not magic. Its windows update happening in the background
I went from perfect system health , progressively into blue screen death, it got so bad that it happened every 2 hours after spiking my i7 to 100% cpu use. The decline happened within a month of a win10 update back in Aug/Sept.
A couple of MS support tickets and a windows reinstall later, I finally gave up had to do a complete fresh PC install to fix.
No issues since but i still get the occasional 100% cpu clock.
Ive also turned on windows10 selective update download.
I went from perfect system health, progressively ... it got so bad ... decline happened ... I finally gave up had to do a complete fresh PC install to fix
Sounds like every Windows since 3.1. Instead of telemetry I wish they'd focus on making an OS that stays robust and performant indefinitely.
I'm thinking about buying a Windows box just so I can run Flight Sim 2020. I was hesitating because of all the malware, telemetry, and advertising that is Windows today. This is helpful.
Sure wish I could run MSFS 2020 in Linux. (I have X-Plane for Linux but the whole-earth scenery of MSFS 2020 is pretty compelling.)
NextDNS offers “ Native Tracking Protection “
Which is currently in BETA.
…
“Block wide spectrum trackers — often operating at the operating system level — that track your activity on a device. This could include all the websites you visit, everything you type or your location at all times.”
That AMD-"raid" is Software too..the same as linux.
~pure Hardware raid's never need drivers, because you tell the hardware (raid controller) to present the hard-disks as one (or whatever you want) device to the Operating-system. Some management tools are sometimes used (start raid scrubbing etc).
BTW: Don't use Raid5 if you don't have a UPS (if you use software raid), or a battery buffered write-cache (hardware raid) aka write-hole:
Its funny how Windows and Android, the two most widely used operating systems, are a privacy nightmare and basically spyware at this point. Remember you can install tools and ROMs that are privacy focussed but also realise only a minor percentage of the users bother or are aware of these.
I wonder what the sales pitch would be to sell privacy focussed products to the average Joe.
Both of these are the cheaper option in their respective market. iOS and macOS are expensive because the hardware is expensive (as in, the hardware in part pays for the development of the software), and Linux is expensive in that it's almost always more time-consuming to set up since it doesn't have Windows' first-class driver, hardware, and software support.
> since it doesn't have Windows' first-class driver, hardware, and software support.
Ironically, Linux sometimes has better driver and software support for specialized things like Thunderbolt ethernet adapters, or software if it was written for MacOS but later adapted to Linux because of their similarity within the scope of POSIX. And, because Windows can't run 16-bit software on 64-bit CPUs at all, Linux has the total advantage here because WINE works with 16-bit as well.
Agreed! Just wanted to pile on, the driver thing is a bit hit/miss.
Broadcom/Realtek (sometimes)? Good luck. Intel/AMD/Aquantia? Probably good to go.
There are vendors that give Linux first-class support; buy them.
edit:
Realtek is a little hard to pinpoint, they tend to have drivers... but fairly buggy.
I have to replace the r8169 module or something similar with r8125 for my (onboard) networking to work under stress. If I push too much bandwidth, it'll just drop.
come on. i use an old dell latitude e7440 which i run kde neon on. takes 15 minutes to get installed and i can get surfing in 16. No nonsense, no nothing.
i assume newer devices would be better but "time consuming to set up" is something i have not seen in the last 3-5 years of my using 100% exclusively linux devices.
Not sure why macOS (M1) is expensive here. For the hardware/performance/software you get it’s not really expensive if you compare the alternatives like surface or any of the intel based laptops. Sure, you can get a cheap laptop for under 500$ but that won’t last long either.
I don't think it is funny, nor coincidence. A lot of people are poor and have to sell themselves out with privacy. They cannot afford a premium brand like Apple.
Seconding this. LineageOS with microG has been great, combined with Aurora Store's anonymous Play Store for the singular app I require that doesn't have an FOSS alternative.
The “closed source ecosystem” is not nearly as restrictive as people make it out to be and is something that you willingly sign up for when buying apple products.
Not sure where you got the idea of “icloud syncing your every move” but literally every icloud implementation can be disabled at your discretion.
I for one only have my reminders, wallet, calendar and drive synced.
Even with that said, none of this implies a lack of privacy in any way.
"the researchers' iPhone transmitted more kinds of data, including device location, the device's local Internet Protocol (IP) address and the Wi-Fi network identifiers — the MAC addresses — of other devices on the local network, including home Wi-Fi routers."
everything is closed source, apart from the building blocks that comprise it. all clouds are closed source, most of the finance is closed source, MacOS is closed source, iOS - too. games - closed source, critical infrastructure - closed.
okay...let's think. lets take for example postgresql. all right is opensource, we all love it. but how some company uses it - well this is not open source. only few businesses dare to be open source and typically open the non-critical parts.
why so much pressure on MS?
the idea that the world is embracing opensource is absolutely disconnected with the reality ever since the idea of open source came to existence.
once again - even when the building are open source, the way they are tied together is usually not. and their usage in business systems - also not open source. period.
there is fair chance, that whoever is reading this comment works is paid by a company that is using open source, but is not open sourcing.
> O&O Software GmbH was established in 1997 in Berlin, Germany by Oliver Falkenthal and Olaf Kehrer. The idea for the name “O&O” originated back in 1991 in the form of O&O Systemtechnik GbR, a company offering software specifically for students whilst the two founders were still studying. The name “O&O” came about spontaneously, as both founders first names begin with the letter “O”. In 1998, on the 10th February to be exact, O&O Defrag V1.0 was released, and the company that you see today was born.
I don't trust these tools as any Windows Update can override the setting, or Microsoft can add a new "feature" and continue collecting telemetry data from that. For example; Disk Space Cleanup (cleanmgr.exe) tool has been trying to connect to internet since last year's Windows 20H2 updates. I use Binisoft's Windows Firewall Control (wfc)[0], set level to Moderate and check logs regularly. There is also simplewall tool [1] which has predefined Windows list to block.
Agreed. I would use them to avoid ads and annoyances, but Windows, as a closed system, to me remains untrustworthy. I'd never ever use it for banking, communications or store personal data. But if I'm using music software or games, those utilities would make the experience less annoying.
You do need to remember to re-run this after any major “feature” update on Windows as Microsoft have a way of “forgetting” settings they don’t like or coming up with new ways to violate users’ privacy. This is definitely not foolproof, but it is one of many tools in the arsenal.
Congratulations professional Windows administrator. You are definitely not their target audience. And using group policies to disable the 100 different things this tool disables would be a ton of work... and I'm not even sure you can disable everything this tool does via group policies?
> I'm not even sure you can disable everything this tool does via group policies?
Apparently you cannot:
> On May 2017 a security researcher named Mark Burnett demonstrated that disabling the default data collection toggles, found in Windows 10's settings app, are entirely useless. Furthermore he showed that even through using intensive group policy modifications, in a process heavily scrutinized and iterated upon over several days, he was not able to prevent Windows 10 from sending critical, personally identifiable information with certainty.
In my last job I had contact with Microsoft and I approached them about datamining issues several times. I noticed they simply don't understand the concerns at all. Microsoft is becoming a highly 'data driven' company and every time I approached them about data gathering the response was along the lines of "Oh but we only use this for improving your performance / our products / whatever". They think it matters what the purpose is, they don't understand (or they don't want to!) that some people are against telemetry whatever the reason.
Our own company is thinking along similar lines, with the exception of the German parts of the business, for whom we had to make some exceptions. I'm not German but I'm heavily aligned with their thinking on this.
Iirc this software exist since the release of windows 10, or maybe shortly after, so I guess they can stay "gold partner" forever. There is probably nothing in that program attempting to prevent them to release that kind of software, and MS is not Apple...
(The easiest Debian install experience might be to ignore the scary official documentation, simply burn that hybrid installer image raw to a USB stick or DVD+R, boot it on your target PC, and have an Ethernet cable handy until you boot your installed pristine Debian and then can enable install of "non-free" firmware. If you need help, I'd use Web search.)
I plan on going through them to weed out duplicates and duds. You shouldn't trust any of those blindly, but definitely read through the code; I'm particularly interested in coming up with a list of services and scheduled tasks that can be safely disabled without impacting any of the applications and services I'm using (I want Windows Update, OneDrive, Office, Defender, Store and store apps, MS Account login and Xbox Gaming for example, which most tools want to disable).