tinyapps.org / blog

Windows 10: Privacy nightmare #

July 29 - the big Windows 10 release day. Rather than trying an unreliable workaround that was making the rounds, I followed RiotShielder's advice and downloaded an ISO from Microsoft, installing over a Windows 8.1 virtual machine (because you must upgrade your existing Windows OS to get a valid Windows 10 key before doing a clean install (recover the key with Nir's ProduKey)).

When installation completes, be sure to click the tiny "Customize" link on the "Get going fast" screen; you may (not) be surprised at how invasive Microsoft has become. Here's a taste (these are all enabled by default):

  1. "Personalize your speech, typing, and inking input by sending contacts and calendar details, along with other associated input data to Microsoft."
  2. "Send typing and inking data to Microsoft to improve the recognition and suggestion platform."
  3. "Use pge prediction to improve reading, speed up browsing, and make your overall experience better in Windows browsers. Your browsing data will be sent to Microsoft."
  4. "Automatically connect to suggested open hotspots. Not all networks are secure."
  5. "Automatically connect to networks shared by your contacts."
  6. "Send error and diagnostic information to Microsoft." (The toggle switch to enable or disable was hidden below the screen; a near-invisible scroll bar was required to view it.)

Number five apparently refers to Wi-Fi (Non)Sense, which Claus covered in some detail.

Much more about the mounting privacy problems in Windows 10 from Heini Järvinen:

By default, when signing into Windows with a Microsoft account, Windows syncs some of your settings and data with Microsoft servers, for example "web browser history, favorites, and websites you have open" as well as "saved app, website, mobile hotspot, and Wi-Fi network names and passwords". Users can however deactivate this transfer to the Microsoft servers by changing their settings.

More problematic from a data protection perspective is however the fact that Windows generates a unique advertising ID for each user on a device. This advertising ID can be used by third parties, such as app developers and advertising networks for profiling purposes.

Also, when device encryption is on, Windows automatically encrypts the drive Windows is installed on and generates a recovery key. The BitLocker recovery key for the user’s device is automatically backed up online in the Microsoft OneDrive account.

Microsoft’s updated terms also state that they collect basic information "from you and your devices, including for example "app use data for apps that run on Windows" and "data about the networks you connect to."

Users who chose to enable Microsoft’s personal assistant software "Cortana" have to live with the following invasion to their privacy: "To enable Cortana to provide personalized experiences and relevant suggestions, Microsoft collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device. Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more." But this is not all, as this piece of software also analyses undefined "speech data": "we collect your voice input, as well your name and nickname, your recent calendar events and the names of the people in your appointments, and information about your contacts including names and nicknames."

But Microsoft’s updated privacy policy is not only bad news for privacy. Your free speech rights can also be violated on an ad hoc basis as the company warns:

"We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to", for example, "protect their customers" or "enforce the terms governing the use of the services".

At the very least, be sure to create a local account and customize the privacy settings after installation. Better yet, migrate to a truly free operating system; Richard Stallman was right all along.

/windows | Jul 29, 2015

"What else do _you_ do?" #

ZAPHOD BEEBLEBROX: . . . [W]hat's your name?
MAN: I don't know. Why, do you think I ought to have one? It seems odd to give a bundle of vague sensory perceptions a name.
ZARNIWOOP: Listen. We must ask you some questions.
. . .
ZARNIWOOP: How long have you been ruling the Universe?
MAN: Ah, this is a question about the past is it?
MAN: How can I tell that the past isn't a fiction designed to account for the discrepancy between my immediate physical sensations and my state of mind?
ZARNIWOOP: Do you answer all questions like this?
MAN: I say what it occurs to me to say when I think I hear people say things. More I cannot say.
. . .
ZARNIWOOP: People come to you, yes?
MAN: I think so.
ZARNIWOOP: And they ask you to take decisions—about wars, about economies, about people, about everything going on out there in the Universe?
MAN: I only decide about my Universe. My Universe is what happens to my eyes and ears. Anything else is surmise and hearsay. For all I know, these people may not exist. You may not exist. I say what it occurs to me to say.
ZARNIWOOP: But don't you see? What you decide affects the fate of millions of people.
MAN: I don't know them, I've never met them. They only exist in words I think I hear.
. . .
MAN: But it's folly to say you know what is happening to other people. Only they know. If they exist.
ZARNIWOOP: Do you think they do?
MAN: I have no opinion. How can I have?
. . .
ZARNIWOOP: But don't you see that people live or die on your word?
MAN: It's nothing to do with me, I am not involved with people. The Lord knows I am not a cruel man.
ZARNIWOOP: Ah! You say... the Lord! So, you believe in...
MAN: My cat. I call him the Lord. I am kind to him.
ZARNIWOOP: All right. How do you know he exists? How do you know he knows you to be kind, or enjoys what you think of as your kindness?
MAN: I don't. I have no idea. It merely pleases me to behave in a certain way to what appears to be a cat. What else do you do? . . .


From Douglas Adams' The Hitchhiker's Guide to the Galaxy: Secondary Phase (Original BBC Radio Series). See also The Original Hitchhiker Radio Scripts: 10th Anniversary Edition and The Hitchhiker's Guide To The Galaxy: The Complete Radio Series.

/misc | Jul 19, 2015

Download Flash videos #

(including those embedded in JW Player) with the Grab Any Media extension for Google Chrome. Installation and usage instructions. Piracy PSA.

/misc | Jul 17, 2015

Air travel essentials for long flights #

Bose QuietComfort 20i Acoustic Noise Cancelling HeadphonesAvoid noise fatigue+++++Next to water, the single most important in-flight item in my opinion.
Flight SprayAvoid dry nose++++Much more effective than the damp washcloth I used formerly.
No-Jet-Lag"For the relief of tiredness and jet lag associated with flying"?Despite taking as directed, not really sure if this had any effect, though there are plenty of positive reviews on Amazon.
Source Naturals NADH 20mg"Helps relieve drowsiness and restores alertness and energy"++++Definitely seemed to help keep me awake when needed.
Herbatonin 3mg Plant Melatonin"Helps support normal sleep patterns when disrupted by travel and changing time zones"++++Definitely seemed to help get me to sleep when needed.
Vitalsox Graduated Compression SocksPossibly help prevent Deep Vein Thrombosis and Pulmonary Embolism?Did not really feel any difference, but also did not develp DVT (not that I ever have).
Memory Foam Neck PillowDoze in relative comfort-Despite hours of research (and a slew of positive reviews on Amazon), this did not work for me at all - gave away after landing. The vast majority of reviews are overwhelmingly positive, however.
WaterAvoid dehydration (and in-flight meals)+++++A must.

/misc | Jun 26, 2015

Time to replace traditional password managers like KeePass, 1Password, LastPass, et.al.? #

"Master Password is a stateless password generator. It doesn't store, collect or transmit any secrets. It makes them ubiquitously available, on-demand, depends on nothing but your private master password, and is fully open source.

How Does It Work?

The user is expected to remember the following information:

In practice, the secret master password is the only extra thing users will actually need to remember. Their full name, they'll hopefully remember regardless. If the site is always named after the bare domain name, it needn't explicitly be remembered but can be found in the browser's address bar. The counter and type need only be remembered if they are changed from their default values."

/misc | Jun 26, 2015

Cross-platform, ad hoc, recursive file transfer via HTTP #

Recursively copy desired_dir located on server to current directory on client without having to fool around with usernames, passwords, config files, FTP, NetBIOS, Bonjour, etc:

On server: cd desired_dir && python -m SimpleHTTPServer

On client: wget -r -np http://server_ip_address:8000/

/nix | Jun 21, 2015

Ramana Maharshi on thought #

/misc | May 10, 2015

The Oracle of God #

Yet still there whispers the small voice within,
Heard through Gain's silence, and o'er Glory's din:
Whatever creed be taught, or land be trod,
Man's conscience is the oracle of God.

-- Byron

(via Gentle World)

/misc | Apr 08, 2015

iPhone: Resize photos before texting via Messages #

While the Mail app in iOS offers to resize photos before sending (Small, Medium, Large, Actual Size), the Messages app does not; in fact, there is no built-in method for resizing photos before texting them, resulting in unnecessarily large files being sent. Even the popular photo editor Snapseed does not offer a resize option. Searching the App Store was (as usual) an exercise in futility, but a too-lengthy (i.e., over 30 second) Google search turned up the aptly-named Resize Image, which makes resizing photos and then texting them (or posting to Twitter, Facebook, Instagram) a breeze.

/mac | Apr 01, 2015

"Restore Failure #

Could not validate source - Operation not supported" kept appearing in Disk Utility as I tried unsuccessfully to restore a bootable USB flash drive image to a new USB flash drive. The asr workaround did not work either, returning Source volume format on device "/dev/disk3" is not valid for restoring. Could not validate source - error 254.

By happy chance, I stumbled onto Max's answer which credited drgeoff's reply, which linked to PureDarwin's Disk images page. The secret was to convert the image format to raw before writing with dd (attempting to restore even the converted image via Disk Utility returned the same "Restore Failure" error above).

Here is the process I used to backup my DiskWarrior bootable USB flash drive and restore it to a new flash drive:


  1. Insert USB flash drive to be imaged
  2. Open Disk Utility
  3. Click root of USB flash drive
  4. Click "New Image"
  5. Select desired Image Format (tested restore of "read-only" and "compressed (bzip2)" images successfully)
  6. Save image to desired location


  1. $ hdiutil convert /path/to/image_created_above.dmg -format UDTO -o new_image.img
  2. Remove the .cdr extension that hdiutil automatically appended to new_image.img
  3. Run Disk Arbitrator and set to "Block Mounts"
  4. Plug in new USB flash drive (WARNING: all contents will be erased) and note the assigned device name in Disk Arbitrator's Disks Window (e.g., diskx)
  5. $ sudo dd if=/path/to/new_image.img of=/dev/rdiskx bs=8192
    (Pipe through pv or use a dd alternative like dcfldd to easily track progress.)

In retrospect, it might've been better to avoid Disk Utility altogether and simply use dd to create the image:

$ sudo dd if=/dev/rdiskx | bzip2 -9f > usb_image.bz2

obviating the need to convert with hdiutil before restoring:

$ bzip2 -dc usb_image.bz2 | sudo dd of=/dev/rdiskx

UPDATE: It appears that dd/bzip2 creates a more faithful image than Disk Utility's compressed (bzip2) format does:

For Disk Utility to achieve similar results as dd/bzip2, one would need to select "entire device" as the Image Format and then compress the image afterwards in Terminal: $ bzip2 -9f usb_image.dmg > compressed_usb_image.bz2. And, before restoring the image, it would need to first be converted with hdiutil as shown above. Back to dd for imaging disks!

/mac | Mar 19, 2015

Subscribe or visit the archives