tinyapps.org / blog

Windows 10: Privacy nightmare #

July 29 - the big Windows 10 release day. Rather than trying an unreliable workaround that was making the rounds, I followed RiotShielder's advice and downloaded an ISO from Microsoft, installing over a Windows 8.1 virtual machine (because you must upgrade your existing Windows OS to get a valid Windows 10 key before doing a clean install (recover the key with Nir's ProduKey)).

When installation completes, be sure to click the tiny "Customize" link on the "Get going fast" screen; you may (not) be surprised at how invasive Microsoft has become. Here's a taste (these are all enabled by default):

  1. "Personalize your speech, typing, and inking input by sending contacts and calendar details, along with other associated input data to Microsoft."
  2. "Send typing and inking data to Microsoft to improve the recognition and suggestion platform."
  3. "Use pge prediction to improve reading, speed up browsing, and make your overall experience better in Windows browsers. Your browsing data will be sent to Microsoft."
  4. "Automatically connect to suggested open hotspots. Not all networks are secure."
  5. "Automatically connect to networks shared by your contacts."
  6. "Send error and diagnostic information to Microsoft." (The toggle switch to enable or disable was hidden below the screen; a near-invisible scroll bar was required to view it.)

Number five apparently refers to Wi-Fi (Non)Sense, which Claus covered in some detail.

Much more about the mounting privacy problems in Windows 10 from Heini Järvinen:

By default, when signing into Windows with a Microsoft account, Windows syncs some of your settings and data with Microsoft servers, for example "web browser history, favorites, and websites you have open" as well as "saved app, website, mobile hotspot, and Wi-Fi network names and passwords". Users can however deactivate this transfer to the Microsoft servers by changing their settings.

More problematic from a data protection perspective is however the fact that Windows generates a unique advertising ID for each user on a device. This advertising ID can be used by third parties, such as app developers and advertising networks for profiling purposes.

Also, when device encryption is on, Windows automatically encrypts the drive Windows is installed on and generates a recovery key. The BitLocker recovery key for the user’s device is automatically backed up online in the Microsoft OneDrive account.

Microsoft’s updated terms also state that they collect basic information "from you and your devices, including for example "app use data for apps that run on Windows" and "data about the networks you connect to."

Users who chose to enable Microsoft’s personal assistant software "Cortana" have to live with the following invasion to their privacy: "To enable Cortana to provide personalized experiences and relevant suggestions, Microsoft collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device. Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more." But this is not all, as this piece of software also analyses undefined "speech data": "we collect your voice input, as well your name and nickname, your recent calendar events and the names of the people in your appointments, and information about your contacts including names and nicknames."

But Microsoft’s updated privacy policy is not only bad news for privacy. Your free speech rights can also be violated on an ad hoc basis as the company warns:

"We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to", for example, "protect their customers" or "enforce the terms governing the use of the services".

At the very least, be sure to create a local account and customize the privacy settings after installation. Better yet, migrate to a truly free operating system; Richard Stallman was right all along.

/windows | Jul 29, 2015

Mount USB drives as read-only in Windows #

via a quick registry edit (no reboot required - tested in XP SP2, 7 SP1, and 8.1). Simply save the following text as an .reg file and double click to merge:
Windows Registry Editor Version 5.00

To restore mounting removable disks as read-write, just change "00000001" to "00000000", resave the file, and double click to merge. Not as sound as a hardware write blocker like the Forensic UltraDock, but might come in handy for less sensitive work.


/windows | Feb 17, 2015

Tiny freeware apps from Sector Seven #

Jonathan Gallant kindly informs us of Sector Seven's tiny freeware offerings:

/windows | Dec 23, 2014

Batch encrypt existing ZIP files #

zipcloak encrypts all unencrypted entries in a ZIP file, but it does not support wildcards in filenames (e.g., *.zip) for batch processing, nor does it allow passing the password in an argument; one must enter and reenter the password manually:
C:\>zipcloak.exe foo.zip
Enter password:
Verify password:
encrypting: baz.txt
encrypting: bar.txt
or jury-rig something like expect.

Happily, T. Furukawa crafted a patch for zipcloak that adds a password option, so batch processing is much easier:
C:\>for %f in (*.zip) do zipcloak -p password %f
Download the patch and/or binary from the above link or this local cache.

Batch password-protecting existing ZIP files can also be done with WinRAR (Select ZIP files > Tools > Convert archives > Compression... > Set password...) or PeaZip (Select ZIP files > Convert > Enter password / keyfile (optionally set algorithm to ZipCrypto under the Advanced tab for compatibility with Windows' built-in ZIP handling)). Note that filenames within ZIP archives are not encrypted; see Filenames display without entering the password when an encrypted Zip file is opened for more information and a workaround. Further note that the encryption algorithm used by zipcloak and ZipCrypto is very weak.

/windows | Nov 22, 2014

Find and optionally rename very long file names and paths #

Green Award Cut Long Names 1.9 [322k] + Find and optionally shorten / rename filepaths exceeding 255, 260, or any number of characters. Screenshot

/windows | Nov 15, 2014

Download emcopy.exe directly from EMC (rather than some random FTP site) #

I just learned about emcopy.exe, a file copy utility from EMC similar (and superior in some ways) to xcopy, robocopy, xxcopy, etc. Finding and downloading it is not as straightforward as it should be; here's what worked for me:
  1. Signup for a free account at https://support.emc.com.
  2. Click link in activation email to complete signup process and then sign in.
  3. (Before continuing to step 4, I clicked "Download Center Registration" on the https://support.emc.com/downloads page and registered; not sure if that was required, as the form output was rather ambiguous.)
  4. The direct download link for the archive containing emcopy.exe (https://download.emc.com/downloads/DL32449_CIFS-Tools.zip.zip (yes, there are two .zip file extensions), which I originally found mentioned here, did not initially work for me even after signing in (though a bit later it did start working - not sure if this had anything to do with the Download Center Registration). I had to go to https://support.emc.com/downloads/82_Celerra, click the Title column, search the page for "CIFS Tools.zip", and click the link there to download (MD5: c5e480a84e6dd7d8d3b2f2186a549d0c | October 30, 2013 | 8.5 MB).
  5. Once unzipped, you'll find 32 and 64 bit versions of emcopy.exe 04.14 in disk3/apps_7.1.72.1/CifsTools/emcopy/nt/ as well as a readme.txt file in the directory just above.

/windows | Oct 26, 2014

Ad Muncher #

Great story from developer Murray Hurps: Ad Muncher's 15 Year History. Here are a few excerpts:
"I loved low-level code, doing a lot of x86 assembly coding on a 386DX-40. When Windows 95 came along, I stayed at the low level and loved finding ways to do novel things on the new platform ... Our first installer was 29kb in size, which included the filter list ... Popups started to become more common around this time (X10's popunder ads were a notable source of complaints from users, wonder why?), so I implemented a rudimentary JavaScript processor, which traced script execution paths and tried to determine which paths to popup functions were automatic (bad popups) and which needed user input (good ones). Ad Muncher was still 100% x86 assembly at this point."

After 15 years as shareware, Murray is generously releasing Ad Muncher for free.

/windows | Oct 19, 2014

Microsoft Virtual Machine Converter adds P2V support #

Microsoft® Virtual Machine Converter (MVMC) 3.0 is a Microsoft-supported, stand-alone solution for the information technology (IT) pro or solution provider who wants to convert virtual machines and disks from VMware hosts to Hyper-V® hosts and Windows Azure™ or alternatively convert a physical computer running Windows Server 2008 or above server operating systems or Windows Vista or above client operating systems to a virtual machine running on Hyper-V host.

(via The Deployment Bunny)

/windows | Oct 15, 2014

Blocking BadUSB #

USB KEYBOARD GUARD from G DATA attempts to block BadUSB attacks by requiring users to approve newly-detected USB keyboards.

(via Robert Penz, who also points to Christian Vogel's Linux instructions for blocking BadUSB)

UPDATE: Claus Valca has more information on BadUSB and USB KEYBOARD GUARD.

/windows | Oct 12, 2014

VirtualObjectives #

offers a number of free utilities, including:

/windows | Oct 05, 2014

Subscribe or visit the archives