The age of telemetry and online tracking.

Telemetry has been around for a while, Windows 7 had it, and I believe even Vista might have had it.

Having said this Microsoft did not previously sell this information to third parties not did it previously include personal information. When I say personal information I mean your age gender, approximate location, and online habits. Legally they can not give your name, address, and other details that would allow someone to pin point you in real life. So instead they are selling as much as they can about you without actually telling them who you really are. Mind you Micrrosoft is not the only company that uses telemetry data, recently Nvidia got caught with their hand in the cookie jar as well. Scary, right?

Windows:

Fret not where there is a will there is a way. If like me you spend a lot of time connected to the online world there should be a few applications that you need to explore.

For Windows 10 there are a couple of Telemetry applications that you can install that will kill the services and registry entries that allow Windows to send your data to big brother.

O&O Software has an Antispy-Tool for Windows 10. This is a free download. It’s called O&O ShutUp10. With this tool you can pick and choose in great detail what you want to block and what you want to allow.

03

The folks over at Safer Networking that brought us Spybot Search and Destroy have also built a similar tool. They call their Telemetry removal tool Spybot Anti-Beacon, the link can be found on their download page. This has a portable version so you can run it off a flash drive if you need to.

capture

The first time you run this it will show you what you have blocked and what is still tracking you. If you click the “Show Options” button it will show you the registry keys that will be changed. Click Immunize and restart your computer.

Besides these tools, I have also edited my hosts file and added a bunch of domain names that direct to 0.0.0.0, essentially to nowhere. Spybot also adds a couple hosts entries into the file.

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
0.0.0.0 c.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 ec.atdmt.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 msedge.net
0.0.0.0 msftncsi.com
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn.com
0.0.0.0 rad.live.com
0.0.0.0 rad.msn.com
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 secure.adnxs.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 ssw.live.com
0.0.0.0 static.2mdn.net
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 http://www.msftncsi.com
0.0.0.0 apps.skype.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 m.hotmail.com
0.0.0.0 pricelist.skype.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 s0.2mdn.net
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 ui.skype.com
0.0.0.0 view.atdmt.com
0.0.0.0 watson.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com

*Note not all of the above addresses belong to Microsoft. Most of those URLs preform some sort of tracking so probably a good idea to block them anyways.

Nvidia:

Recently it has been discovered that Nvidia included Telemetry in their driver software. Some believe it is only part of the GForce experience, but that is not the case, it is installed along side the driver.

In order to disable the Telemetry bundled with the Nvidia driver you need to download Autoruns from Sysinternals. Extract the package and run the executable as Administrator. Make sure the everything tab is selected and filter content with the keyword: nvidia. Then proceed to uncheck the following items and then just close the application, followed by a reboot.

capture2

Now Nvidia might not be tracking anything, but that is not the point. Also you will need to do this every time you reinstall the driver.

Web browser:

To hide yourself online, obviously the best technology is a VPN or a proxy server. However these can cost quite a bit of money.

My suggestion is use two of the better online extensions. Electronic Frontier Foundations Privacy badger and uBlockOrigin.

Privacy Badger can be installed right from the eff.org web page. To install uBlickOrigin go to your web browsers extension store to find plugin and install it. For Vivaldi go to the chrome store as it is based on Chromium and all chrome extensions are compatible with it.

Avoid Windows data collection services.

Big_Brother_is_Watching_Wide

One of the biggest issues and concerns that people have with Windows 10 is the fact that it dials back to HQ(Microsoft) and provides usage statistics. The quickest route to avoid this is to install Linux on your machine, something like Linux Mint is what I would recommend. Alternatively there are many documented ways to disable this “feature” in Windows 10, I have done it at home, but since moved back to windows 8.1 with classic shell. Soon I’m moving to Linux, I’m just waiting for Steam OS to be released.
Gaming is the only thing holding me back.
One thing you might not be aware of is that Windows 7 and 8+, are implementing the same Telemetry systems as Windows 10.
Umm, no thanks.
These systems will install on your computer via Windows update.
As such here is a list of the updates you should avoid in order to omit anonymous data collection by your operating system and have it sent back to Microshaft (Microsoft).

(KB2952664) — This update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows. This Update seems to seriously corrupt systems.
(KB2976978) — This update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows.
(KB2990214) — This update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows.
(KB3068708) — This kind of update helps the overall application experience on Windows, by improving the current operating system for upgrade to the latest version of Windows.
(KB3035583) —  will pitch the free Windows 10 upgrade to customers.  which does not seem to cause a problem other than it readies my computer for Microsoft to start sending “reminders” to upgrade (Malware by most definitions).
(KB3022345) — which corrupts system files, as can be seen if your run SFC following this update. 
(KB2977759) — This update will help Microsoft and its partners ensure compatibility for customers who are seeking to install the latest Windows operating system.
(KB2922324) — Looks like this one has been pulled.
(KB3021917) — This update will help Microsoft and its partners deliver better system performance for customers who are seeking to install the latest Windows operating system.
(KB3050265) — General improvements are made to support upgrades to a later version of Windows.
(KB3068708) — This update introduces the Diagnostics and Telemetry tracking service to in-market devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded.

The Malicious update KB’s need to be ripped out by the roots!!
(KB3014460) Effects Win8.x

Source.

Update:

Here is a quick little script to help you remove all and any of the updates you have installed. Paste this into a txt file and then rename it with a .bat extension. Run the batch file with admin rights.

:: KB killer
@echo off
wusa /uninstall /kb:2952664 /quiet /norestart
wusa /uninstall /kb:2976978 /quiet /norestart
wusa /uninstall /kb:2990214 /quiet /norestart
wusa /uninstall /kb:3068708 /quiet /norestart
wusa /uninstall /kb:3035583 /quiet /norestart
wusa /uninstall /kb:3022345 /quiet /norestart
wusa /uninstall /kb:2977759 /quiet /norestart
wusa /uninstall /kb:2922324 /quiet /norestart
wusa /uninstall /kb:3021917 /quiet /norestart
wusa /uninstall /kb:3050265 /quiet /norestart
wusa /uninstall /kb:3068708 /quiet /norestart
END

 

Add and remove the KBs as desired. Please note that not all the KBs described in the article are in the script. Specifically the Windows 8 one.

Here is another script that I found on hakspek.com, paste it into a .txt file and then change the extension to .bat. Then run the batch file as an administrator.

@echo off
echo

echo Step 1: Delete Updates…
echo Delete KB3075249 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3075249
echo Delete KB3080149 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3080149
echo Delete KB3021917 (telemetry for Win7)
start /w wusa.exe /uninstall /kb:3021917
echo Delete KB3022345 (telemetry)
start /w wusa.exe /uninstall /kb:3022345
echo Delete KB3068708 (telemetry)
start /w wusa.exe /uninstall /kb:3068708
echo Delete KB3044374 (Get Windows 10 for Win8.1)
start /w wusa.exe /uninstall /kb:3044374
echo Delete KB3035583 (Get Windows 10 for Win7sp1/8.1)
start /w wusa.exe /uninstall /kb:3035583
echo Delete KB2990214 (Get Windows 10 for Win7 without sp1)
start /w wusa.exe /uninstall /kb:2990214
echo Delete KB2990214 (Get Windows 10 for Win7)
start /w wusa.exe /uninstall /kb:2990214
echo Delete KB2952664 (Get Windows 10 assistant)
start /w wusa.exe /uninstall /kb:2952664
echo Delete KB3075853 (update for “Windows Update” on Win8.1/Server 2012R2)
start /w wusa.exe /uninstall /kb:3075853
echo Delete KB3065987 (update for “Windows Update” on Win7/Server 2008R2)
start /w wusa.exe /uninstall /kb:3065987
echo Delete KB3050265 (update for “Windows Update” on Win7)
start /w wusa.exe /uninstall /kb:3050265
echo Delete KB971033 (license validation)
start /w wusa.exe /uninstall /kb:971033
echo Delete KB2902907 (description not available)
start /w wusa.exe /uninstall /kb:2902907
echo Delete KB2976987 (description not available)
start /w wusa.exe /uninstall /kb:2976987

echo Step 2: Blocking Routes…
route -p add 23.218.212.69 MASK 255.255.255.255 0.0.0.0
route -p add 65.55.108.23 MASK 255.255.255.255 0.0.0.0
route -p add 65.39.117.230 MASK 255.255.255.255 0.0.0.0
route -p add 134.170.30.202 MASK 255.255.255.255 0.0.0.0
route -p add 137.116.81.24 MASK 255.255.255.255 0.0.0.0
route -p add 204.79.197.200 MASK 255.255.255.255 0.0.0.0
route -p add 23.218.212.69 MASK 255.255.255.255 0.0.0.0

echo Step 3: Disabling tasks…
schtasks /Change /TN “\Microsoft\Windows\Application Experience\AitAgent” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Application Experience\ProgramDataUpdater” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Autochk\Proxy” /DISABLE
schtasks /Change /TN “Microsoft\Windows\Customer Experience Improvement Program\Consolidator” /DISABLE
schtasks /Change /TN “Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask” /DISABLE
schtasks /Change /TN “Microsoft\Windows\Customer Experience Improvement Program\UsbCeip” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Maintenance\WinSAT” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ActivateWindowsSearch” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ConfigureInternetTimeService” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\DispatchRecoveryTasks” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ehDRMInit” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\InstallPlayReady” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\mcupdate” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\MediaCenterRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\OCURActivate” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\OCURDiscovery” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscovery” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscoveryW1” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscoveryW2” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PvrRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PvrScheduleTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\RegisterSearch” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ReindexSearchRoot” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\SqlLiteRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\UpdateRecordPath” /DISABLE

echo Step 4: Killing Diagtrack-service (if it still exists)…
sc stop Diagtrack
sc delete Diagtrack

echo Final Step: Stop remoteregistry-service (if it still exists)…
sc config remoteregistry start= disabled
sc stop remoteregistry

echo Done — Reboot!
shutdown -r