Windows 10 Privacy - Keylogger

[+LogicalApex MVC]

I know this was an issue that came up many times during the Insider Preview stage and it was swatted down as a "Beta only" deal from Microsoft. This was widely touted as not sticking around for RTM.

I obtained the RTM build from MSDN to install a tester VM and I am greeted with the same reality in Windows 10 RTM. Why is Microsoft recording typed text by default? This is a major privacy drop for Windows. This coupled with automatic BitLocker key backups to OneDrive and you're left wondering if MS has any care left for privacy and security in Windows.

I'm not wanting a flame filled topic, but a clear discussion of this forward march for Windows. Easy access to your BitLocker recovery key can greatly aid state actors in accessing your data even when you've used Window's Built In encryption. This is, essentially, a sharing of your encryption key. A major problem. Additionally, enabling the recording of text and speech by default is very troubling. I could understand if MS enabled features limited to Cortana when you've enabled Cortana with a clear explanation of what is being collected and why, but this is at the install screen for the entire OS. Additionally, I'm not a Windows Insider and I'm using the MSDN provided RTM ISO shared by MS directly.

 

For the privacy focused like myself I can't help but see Windows 10 as a major step in the wrong direction.

 

Edited July 29, 2015 by LogicalApex

[ryokurin]

Android does the same thing.  It's used to improve suggestions. This includes Audio.  As for bitlocker, it tells you this.  Windows 8 did it also. There has to be a way of recourse to get data back for consumers.  Join a domain, or don't use a microsoft account if it bothers you. 

[Torolol]

NSA mandated functionality, its nothing new.

[Draconian Guppy]

this is different than a keylogger though

[trag3dy]

Maybe I just wasn't paying attention but I thought it was more or less like googles analytics that would help tailor searches (and other things) to your interests when using Cortana?

In any case you can turn both of those options off during the installation process as it clearly shows in the OPs screen shots.

[purrcher]

A reddit post a few months back might be useful to you:https://www.reddit.com/r/Windows10/comments/31rxsv/disable_keylogger_windows_10/

Not sure if I agree with it or not, but when I tried it on a system last time nothing seemed to break (but i don't use the modern apps or cortana so it might effect those things).

[1337ish]

Did you post this from Chrome lol?

Joking aside this is actually really common on every platform now, Apple lets you store your keychain stuff on their servers, Chrome backs up your saved passwords and reports address bar key entry etc. As long as its optional its no biggie tbh.

[Ian W]

That BitLocker can store backup keys in the cloud is not new; even Windows Vista could optionally backup BitLocker keys (and EFS recovery certificates) in a user's Digital Locker at Windows Marketplace if a user had the Secure Online Key Backup update installed.

I assume that if a user does not want BitLocker to automatically archive keys, that said user should use a local account and should not link to a Microsoft Account or OneDrive.

[Draggendrop Veteran]

I am at least happy that we have choice and can use local account for desktop work in a somewhat secure environment.

[123456789A]

Nothing to see here, move along.

[Anibal P]

turn the feature off and quit complaining, it is NOT a "keylogger" stop spreading FUD it's pathetic 

[Ian W]

Note also that options to collect personalization information are not new as similar services have existed in prior versions of Windows. The Tablet PC Input Panel, for example, could optionally send handwriting samples to Microsoft, and Windows Speech Recognition included an option for a user to allow it to analyze documents and e-mail to improve accuracy of the local recognizer, and as of Windows 7, includes an option to submit speech information to Microsoft to improve future versions of the feature.

[Torolol]

yes its has been improved, before it was app specific keypress collection, and now it OS wide operations.

will your typed passwords and login info recorded by it? absolutely. Especially if Microsoft decided that you must accept patches that will not honor your choice to the Turn Off the services.

[binaryzero]

..... What a waste of a thread. 

[+LogicalApex MVC]

this is different than a keylogger though

How so? A Keylogger is a program that captures key-presses...

Keystroke logging has become an established research method to study writing processes.^[6][7] Different programs have been developed to collect online process data of writing activities,^[8] including Inputlog, Scriptlog, and Translog.

In terms of legitimate uses, Keystroke logging can be a suitable research instrument in a number of writing contexts. These include studies on cognitive writing processes, description of writing strategies, the writing development of children with and without writing difficulties, spelling, first and second language writing, and specialist skill areas such as translation and subtitling. Keystroke logging be used in research specifically on writing, it can also be integrated in educational domains for second language learning, programming skills, and typing skills.

Source: https://en.wikipedia.org/wiki/Keystroke_logging

turn the feature off and quit complaining, it is NOT a "keylogger" stop spreading FUD it's pathetic 

It is a keylogger... Obviously, I don't think Microsoft aims to log into you bank account using the data, but it is an important thing to discuss at any rate... From a privacy perspective it is worthy of a question.

..... What a waste of a thread. 

I'd disagree... Discussing the loss of privacy and the implications of a keylogger in the OS is valid. Especially with the extent and frequency of recent data breaches. It is a valid discussion. How does Microsoft limit its data collection? Do they tie it to user accounts? What do they do to limit capturing of passwords and usernames and the like. Again, worthy of a discussion as this is a major shift for the computing industry...

But I do understand that discussions can often be hard to have. Judging by the lack of one here. I'll just conclude that privacy is a non-issue. At least among the crowd here...

[+Eternal Tempest MVC]

Microsoft's seems to be abandoning the we don't do x with your data, and doing what Google, Apple are doing.

[Dot Matrix]

Well, obviously Microsoft is the evil ones here, even though Apple and Google do it. But that's ok, because they're the darling childs of the market. They can do no wrong.

 

^ Pretty much what I've gotten from this thread.

[+Eternal Tempest MVC]

Well, obviously Microsoft is the evil ones here, even though Apple and Google do it. But that's ok, because they're the darling childs of the market. They can do no wrong.

 

^ Pretty much what I've gotten from this thread.

The past fanboy level of enthusiasm of Ms is better then X, due to not doing X,Y,Z arguments tend to invoke a strong counter response when MS is starting to do what the other's have been. I've already disabled the options in Privacy, and what apps can access on Win10 on the laptop.

[+LogicalApex MVC]

Well, obviously Microsoft is the evil ones here, even though Apple and Google do it. But that's ok, because they're the darling childs of the market. They can do no wrong.

 

^ Pretty much what I've gotten from this thread.

What does Google and Apple have to do with this? Obviously, if they do so then it is a problem for them as well... The topic is Windows 10, which is obviously a MS product, but that doesn't mean I think this is a good practice if anyone else does it.

But for some reason we can't have discussions anymore. It is always reduced to brand loyalty as a way to deflect or minimize.

Microsoft spent years branding against this practice with its Scroogled campaign...

[Osiris]

I agree with Logical Apex its a worthy discussion, and a bad sign that asking such questions is met with responses like 'stop complaining' or ''abcd' do it too so its all good'

I was unaware inking was also sent also thought this was only applicable to the insider program, very surprised it's in the final release.

Clearly a lot of people aren't concerned with these topics and that's fine but i'd definitely like more information from MS on what is collected, how it is secured and if its tied to personal id.  Even basic things like how does it differentiate between collecting data regularly and not collecting your bank information?  Is inprivate mode a contradiction, what privacy do you have if its collecting data when in this mode?

[+Eternal Tempest MVC]

What does Google and Apple have to do with this? Obviously, if they do so then it is a problem for them as well... The topic is Windows 10, which is obviously a MS product, but that doesn't mean I think this is a good practice if anyone else does it.

But for some reason we can't have discussions anymore. It is always reduced to brand loyalty as a way to deflect or minimize.

Microsoft spent years branding against this practice with its Scroogled campaign...

I also have concerns about changes in a computer OS to have the constant monitor, identification.

Especially enabled by default, now MS goals may be authentic about customer, privacy, but the face if a hacker, or state agency can gain access pass the protection.

[neo1911]

Nothing to see here, move along.

People have liked your ignorant post. Hats off to them.

But a simple reg trick will disable telemetry and keyboard logger.

 

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
"AllowTelemetry"=dword:00000000

 

Save this as txt file and rename the txt extension to reg.

Then run that reg file and install the key.

All sending of data and keystroke settings are greyed out and disabled.

[Dot Matrix]

What does Google and Apple have to do with this?

Why not include them if you want to talk about this? Why single out Windows?

[DemonicHawk]

People have liked your ignorant post. Hats off to them.

But a simple reg trick will disable telemetry and keyboard logger.

 

...

Actually, there's no indication that that registry trick does anything at all. There's a group policy setting with the exact same name and setting it to 0 gives the same effects.

The description however clearly indicates that a value of 0 is only applicable to enterprise versions.

 

[Osiris]

Why single out Windows?

By virtue of the forum the topic is in and the specific Windows 10 settings being discussed? 

The ability to limit it to one OS, which the user is using doesn't preclude a civil discussion on it without resorting to what apple and google are doing.