Are you sure you want Windows 10?

[Country Singer]

Looks like it's (as was noted on a blog I frequently read) "very Googley."  In other words, yeah, it's designed to track everything you do and send that information back to Microsoft. 

No wonder they're giving it away free...I guess this is further proof of the axiom, "There's no such thing as a free lunch."


Here's some links that talk about the extent of Microsoft's super-snooping in Windoze 10:

http://www.theregister.co.uk/2015/07/31/windows_10_download_ransomware/

http://www.newsweek.com/windows-10-recording-users-every-move-358952 (This one may hide itself behind a pay wall)

http://www.theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings

[ProGeek]

Yes, Win10 has Cortana digital assistant like on the phone. It does track your activity. You can disable it and disable your ad ID for the internet. I'd like to say this kind of stuff is not new. Microsoft apps like Office have a digital signature they embed in all your documents that identify your registration. The online cloud service OneDrive scans your files, just as Google does. Internet Explorer and all other browsers identify your IP address to every website you visit. Your internet provider logs every website you visit and every email you send or receive. There are so many more examples. If you want privacy you need to really work at it. A start would be to install Win10 not providing an email address and activate, but don't register it. Use encryption to protect your sensitive files. Stop using web based email like gmail. Stop posting stuff on Facebook. Start using very strong passwords. Never email or text anything that you wouldn't want to see on the 5 o'clock national news.

[stvr]

Good advice

[Son of a son of the south]

I may be a 'newbie' here, but I am a retired computer networking engineer, network administrator, CNA, CNE, MCSE, Cisco Network + ceretified, etc ...  ok, so you get the point - I played with the big boys..  Also true, since my heart attack all of my certifications have expired so my knowledge is 'aged'.  But that doesn't mean things have gotten better - if anything they've gotten worse.

>>EVERYTHING<< you do on a computer leaves an electronic footprint.  If you're connected to the internet via broadband such as a cable modem, your ISP can tell you when you turned your computer on and when you turned it off again.  Oh, so you think you can 'mislead' by using a VPN?  Wrong.  Your computer has to be connected to an ISP to get TO the VPN.  Tracked - busted!

Think your email is 'private' because you use Outlook, or some other client?  Wrong.  Your email is stored in backup format on the email servers you use and mirrored as well.  It's for your protection don'cha know?  {yea, right}  On the networks >I< ran email was mirrored to a secondary server by order of the executive committee.  And that was simply at a corporate level.  EVERYTHING, in or out, was tracked and copied.  That was SOP.  PGP can help, but it's not secure.  Encryption keys can be bypassed or hacked.  While I do not know this as a 'fact', I'd be willing to bet that the NSA already has an application that 'cracks' PGP as easily as a knuckle.  It's been around too long.  PGP predates the Internet, going back to the days of the old BBS's.

If you want to send an email to someone and you really don't want anyone to be able to read it within the next 20 years or so, then write it in a TEXT editor (so there's no digital signature) zip it up in an ENCRYPTED file with an absolutely random password of at least, and I mean AT LEAST, 25 characters that are mixed upper and lower case and include numbers and 'special characters' such as !, @, #, $, %, ^, &, *, (, ), +, ½, ¼, ¢.  Those upper ascii characters such as corners, fractions, cent marks, etc - increase the difficulty of cracking exponentially, but they don;t 'stop' it.  Common phrases, names, birthdays... no good; a complete waste of bandwidth.    And don't use the same password over and over.  Use 'generations' of passwords.  This can be done by making (like) the last line of this email tell the recipient what the password for the next file will be.  And guess what... You got it...  Even THIS is no 'guarantee'.  ZIP started off as PKARC written by Phil Katz back in the early 80's.  It's grown and progressed from there to WinZip today, and Phil has not been involved with it for over 25 years (maybe longer).  It can  be broken.... it's simply a matter of enough time and and the computing power to break it.

You can make it 'difficult' for someone to examine what you're saying, but you cannot 'guarantee' that no one is listening.  Personally I use a program called HTTPSanywhere... so at least the data from my computer to this forum is under 128 bit encryption.  It may not be read along the way, but once it gets here I have no control over who's reading and logging it.  Do you really think that if the government wanted to watch over your shoulder that they're above installing a keylogger on your machine as a trojan?  Do you really think they'd allow MalwareBytes, or the antivirus people to identify their malicious program as what it is?  C'mon... Give me a break.  You either know better than that or you're delusional.

I'm not paranoid.  I'm a realist.  I know I can't 'hide' from big brother.  The best I can hope for is to stay far enough below the radar that Big Brother isn't 'interested' in me.  Personally, I'd suggest you develop the same attitude.

soasots

[tlwagg]

It might be time to switch to Linux.

[Nemo]

Think your email is 'private' because you use Outlook, or some other client?  Wrong.  Your email is stored in backup format on the email servers you use and mirrored as well.  It's for your protection don'cha know?  {yea, right}  On the networks >I< ran email was mirrored to a secondary server by order of the executive committee.  And that was simply at a corporate level.  EVERYTHING, in or out, was tracked and copied. 

soasots

Yes, ask hiLIARy about her private emails.

Nemo

[crplhood]

Telnet onto a router, access email via Pop/smtp on CLI. Send emails never even attached to an email address.

Otherwise, get outlook; configure for pop and SSL on email server and in outlook, then remove check fom box "leave a copy of messages on server"; configure inbox path to receive at a USB or SD card. If need ever be, snap the storage device. Emails gone.

No, there's not a copy only you configure one or a recovery server of some kind is being used, which isn't common. How do I know this so assuredly? I get paid to tell people "I'm sorry, there is no copy of your email in our server because you had it set for pop and configured not to leave a copy."

Wireshark so yummy. Can read your data as its captured during flow. Also can clamp cross talk skimmer to UTP cables and literally watch what is going through. SSL will make it hard to read. Encryption is love.
Edited for clarity

[Nemo]

^^^^^  HUH?

Spring gathering-- I will be there.  I will bring laptop.  You shall be there.  You shall fix laptop.

Nemo

[crplhood]

And by the way, the reason your email provider likely does not keep emails after you delete them is incredibly simple. How much more storage space would an email server need if it kept copies? The model would have to grow with both customer base and time. If they don't keep copies, it only grows with customer base. This is so true that we have to san "I'm sorry, those are deleted," to courts when they subpoena for email data like 20% of the time. The rest of the time, the customer is using IMAP4, which is a smart email protocol which keeps copies and syncs up and down over most email commands, and we are like "haha here is everything the person has not yet deleted."

[Son of a son of the south]

Telnet onto a router, access email via Pop/smtp on CLI. Send emails never even attached to an email address.

Uhhh.... yyeeeaaaa...    If you say so...  but.....
And what's that router connected to?  An ISP?  Not only does the router itself keep logs, but the ISP certainly does.

Otherwise, get outlook; configure for pop and SSL on email server and in outlook, then remove check fom box "leave a copy of messages on server"; configure inbox path to receive at a USB or SD card. If need ever be, snap the storage device. Emails gone.

So you don't think that ISP's mirror servers to prevent down time?  OK, whatever you say.  Course, Just at a mere corporate level we required individual properties to keep  mirrored servers and we mirrored those in the corporate office.  Oh, and we didn't have to answer to the FCC, or thousands of outraged subscribers - just investors.  Email is never "gone"... Just ask Hillary.  More and more of hers is coming back to haunt her.  Every piece she ever send is recoverable.  It's all a matter of how much the person trying to recover it wants to do so and how much money and effort they're willing to put into the process.  By the way... You are aware that Microsoft Word and Outlook both 'watermark' documents they create, right?  It's in the header metadata.

About 2 minutes of research tells me that CHARLOTTEZWEB, the hosting company that handles this site does daily backups on the web servers that are archived into weekly sets.  Now their site doesn't say 'how long' these weekly sets are maintained before the hard drives are reused and overwritten, but odds are it's somewhere in the 90 day range.  Mail servers handle a lot more I/O than web servers and so usually the backups are automated to run in real time through the use of mirrors.

No, there's not a copy only you configure one or a recovery server of some kind is being used, which isn't common. How do I know this so assuredly? I get paid to tell people "I'm sorry, there is no copy of your email in our server because you had it set for pop and configured not to leave a copy."

OK, right...  Now, lets see.  Tech support works in tiers.  1st tier, "monkey with a book".  Second tier, "Escalated support".  Third tier "Engineer"... and when the "engineer" can't figure it out, who do they call?  An MCSE...
Oh yea!  That would have been ME!.  So obviously, I don't have a clue. 

Wireshark so yummy. Can read your data as its captured during flow. Also can clamp cross talk skimmer to UTP cables and literally watch what is going through. SSL will make it hard to read. Encryption is love.

Couple of things here.   First; I guess I didn't mention anything about a "keylogger" being inserted as a trojan and being used to capture every keystroke?  Wireshark sounds like nothing but a stream capture -I've never used that particular program myself.  Then the captured stream data can be deciphered at leisure.  Keyloggers are much more efficient, as they accomplish the same thing without having to 'decipher' anything.  Secondly; the 'key word" in your statement of "SSL will make it hard to read," is "HARD"... not "impossible." 

And by the way, the reason your email provider likely does not keep emails after you delete them is incredibly simple. How much more storage space would an email server need if it kept copies? The model would have to grow with both customer base and time.

How much more storage would the mail server need?  None.  They're not 'stored' in the mail server. They're mirrored in a separate server, then archived in a storage center.  On top of that, do you really think the government is concerned with storage space and/or cost?  Seriously?  Can you say NSA?

As for encryption, let's look at it this way for a moment.  The government is currently using 256 bit encryption for secure communication - and foreign nationals are reading every one of them - almost real time!  The banks are currently using 128 bit encryption to safeguard your money and your browser supports 128 bit encryption.   If foreign governments have people breaking 256 bit encryption, would it not be safe to presume and recognize that the US government has the same capability?  So just how secure do you think your 128 bit encryption REALLY is if some branch of the government really wanted to read it?  A lock only keeps an honest person honest.  Do you think your government is 'honest' with you?

The bottom line is, I don't really care what anyone believes, or doesn't believe.  I don't care what anyone does to try to disguise their activities or actions.  I don't care if they wear a tinfoil hat to protect themselves, or a condom.  It makes me no difference.  I'm not trying to start or feed an argument.  It simply doesn't matter to me.  I was just trying to point out that everything done on a computer and certainly everything done on the Internet creates and leaves a trackable digital footprint. 

I stated the qualifications in my initial post that allow me to make the statements that I do.  These are not what >I< claim, but labels I have been tagged with through other company's certification processes, such as Novell, Cisco, and Microsoft.  Novell CNA = "Certified Netware Administrator"   Novell CNE = "Certified Netware Engineer"  Cisco Network+L3 = "Cisco Certified, level three Networking Engineer"  Microsoft MCSE (Also known as MSCSE) = "Microsoft Certified Solutions Provider".

My only concern is trying to tell people that there's no quick, easy, and given, "You do this and it accomplishes that," solution.  To allow such a statement to go unchallenged is a liability that could cause someone harm.


soasots

[crplhood]

If we are measuring these, grab a meter stick while I go get more stock in tin foil. Sounds like an increase in spending on tin intended for clothing manufacture.

You have forgotten that 95 percent of this forum has non of either of our certs. Many would have trouble installing a program on a thumb drive. And on the flip side, if the NSA is watching and they have decrypt, sure looks suspicious if the average Internet user is throwing around 256 or even their own algorithm. Using something like TOR browser, syncing up email to a fragile drive, and implementing SSL is all they would ever want (and likely never need).

Now my employer backs up all copies left on server daily during DHCP reset and dslam/headend checks. They are kept for 6 months, then overwritten.

As for Hillary, just today the news said that the FBI hasn't been able to recover any deleted emails...

And after the "engineer", which is normally someone without any serious certs, fails, you tell the NA. The NA  (if he or she can) will either repair or call someone who is trained on the email platform. Certs are for resumes.

Don't forget that this is a prepping forum. This isn't Microsoft, Cisco, Comptia, or Novell. Actually, I haven't seen a Novell guide in a book store since like 2004. Unless you plan on working together so that you implement software, since MCSE, and I implement the network so we have a secure forun, most of the technical stuff is falling on deaf ears...not to mention would need a large fortune and to take over comcast, rr, charter, etc.

[ProGeek]

Back to the original topic.  Windows 10 spies on you a little more than 8.1 because of Cortana. In case you missed it in this thread, yes your internet providers saves backups of all your emails that you send and receive and a log of every website you go to. Every website you visit has your IP address that can be traced back to your computer.  Yes, there are things you can do to be more private and less traceable, but most require better than average computer knowledge to achieve and personal discipline. If you want to keep things private, use low/no tech. Pen and paper, US Mail, talk face to face, etc.  I'm considering giving a class on computer privacy at a region meeting later this year for those that are interested.

[cope]

And by the way, the reason your email provider likely does not keep emails after you delete them is incredibly simple. How much more storage space would an email server need if it kept copies? The model would have to grow with both customer base and time. If they don't keep copies, it only grows with customer base.

You do know Google gives me 15 GIG of storage for email Right?
They back that up on multiple servers. Believe me when I say Google doesn't store all my emails on just one computer in one location.
Now I am just one person. Even when I delete something it goes to trash and can sit in the trash for a month or more. Depending on how you have it setup. When I delete something it isn't automatically deleted on all the Google servers around the world. You do realize this right. It does take a while for them to all sync and delete forever.
Then this is just google not all the other email services in the world. There are literally petabytes worth of data being stored at any one time on the planet. Google had many petabytes years ago. Think of what they have now.

[ProGeek]

It may sound ridiculous to you, but they keep copies of every email and logs of every website you visit. That's just the way it is.

[crplhood]

Petabytes of data flow across the i-bone at any time. You cant store everything. Don't troll on the forum.