Thursday, August 13, 2015

Windows 10: The War On Privacy

Companies like Microsoft, Apple and Google should be the champions of our privacy. But these companies throw us under the bus just like every other company.

Windows 10 ups the ante by taking out options where you can tell it not to phone home, and even worse, phones home sometimes even where there are options to tell it not to. The folks over at Ars Technica have a great story about this issue.

It gets even more insidious. Reading the comments, it appears that Windows will selectively ignore the HOSTS file, which has been around as long as Windows has been around. This HOSTS file lets you map Internet address to other address.

Using the HOSTS file, you could for example make your computer stop connecting to "ads.somecompany.com" by mapping it to the IP address of 0.0.0.0, making all application and browser requests for that address simply fall into the void.

This mechanism of Windows has rarely been used, and today you'll mostly see it in adware blocking type apps and other situations where you don't want an application in Windows phoning home.

Now, the real story here to me is that Microsoft is now selectively bypassing HOSTS in the cases where you add Microsoft's own servers to the list in order to stop Windows 10 from phoning home without your permission.

 Below you can see the stock file that comes with Windows. It was a great feature for many years and still can be as long as you don't put an address that Microsoft will bypass the HOSTS for, and right now that list of exceptions is unknown.

HOSTS is typically located at c:\windows\systerm32\drivers\etc

Now that HOSTS can't be trusted, the only way to stop Windows 10 from phoning home is to use a dedicated firewall on your network, whether it be features built into your router or a dedicated machine. If you have the right router, you can flash it to DD-WRT open source firmware and turn it into a $1000 router.

In the war on privacy, pretty much everyone is your enemy, and the battlefield is sitting on your desk. And in the war on privacy, you are a combatant whether you wish to be or not.

No comments:

Post a Comment