Category Archives : Proclamation of Doom

Privacy in Windows 10



Windows 10 was officially released last week.  In the wake of the release, concerns have surfaced about privacy and control issues which are enabled by default in all popular versions of the new Windows – including Enterprise edition.  We’ll take a look at what reasonable steps you could (or should) make to your install.

First off, it is worth taking note of what edition you are running.  Right clicking on the Start menu and selecting ‘System’ will yield the pertinent info:

Your edition of Windows 10


I am running Windows 10 Enterprise N, however most of what follows should apply to Pro and perhaps even Home edition.

Windows 10 Settings

Your first stop should be the Settings dialog.  Note that if you’d prefer to import registry settings, jump to the bottom of this article.

This shouldn’t be confused with the traditional Control Panel.  You can navigate easily here by clicking on the notifications icon in the system tray, or by right clicking on the Start menu and selecting ‘Settings’.


The Windows 10 Settings


We’ll look at the most important places from this menu.


You’ll want to read carefully through each tab in the Privacy dashboard.  I have taken screenshots of each one from the RTM build, showing what I’ve disabled.  I don’t like sharing my personal info as a general rule, so I’ve been quite liberal in disabling mostly everything.

Privacy-General Privacy-Location







These are suggestions, you may or may not want some of the options enabled, depending on what apps and applications you are running.

Updates & Security

Some big things in this new version – the biggie being the Automatic download and installation of Windows Update patches,  You might want to disable how you receive your updates, you can do this by going into the Advanced settings.

Updates-Security-Installing  Updates-Security 

Updates-UpdateSettings  Updates-UpdateSettings-Advanced

I’d recommend disabling some of these settings.  They aren’t necessarily as nefarious as some have made out on the Internet, but there’s some value in taking some control over when and how your system updates.  More on this in the Group Policy section, below.

Windows Defender

Unless you have a really good reason to do so, I DO NOT recommend disabling Windows Defender.  However, there’s no harm in disabling the sharing of Defender information with Microsoft or others:



If you use (or plan to use) a Microsoft Account, you might want to review what you share with the ‘Cloud’.

Accouints-Sync  Accounts-Signin

Network & Internet

WiFi Settings – WiFi Sense

If you don’t want to inadvertently share your WiFi details with contacts, you may want to disable WiFi Sense.  You do this through the Network & Internet settings.

wifi-settings  wifi-settings-sense 


The next section requires a bit more work.

Group Policy

Policy is usually used by Network Administrators or Power Users to take more control over PCs.  You’ll need to run the Group Policy Editor with elevated permissions (i.e as Administrator).

Here is the Group Policy Editor (gpedit.msc.  Note that you can export to text file all the options.  This is recommended if you want to free search for specific values.


Exported text


First off, why not use the policy to disable sending of diagnostic data (Windows Enterprise only):

Disable Telemetry (Sending Diagnostic Information)

Simply locate the “Allow telemetry” policy and enable, then set to zero (0) – applies to Enterprise edition only.

For non-Enterprise edition folks, you can try to disable Telemetry by modifying a registry value.

Open up the Registry Editor by launching regedit as an administrator.  Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection, select AllowTelemetry, change its value to 0, then apply.

GroupPolicy GroupPolicy-Telemetry

Disable auto-install of Windows Updates

[Updated: 06/08/2015]

I couldn’t verify that the group policies below were actually having any effect, so I took a look at previous registry settings instead.  I’ll leave these policy bits in for reference, but you may want to try the registry option instead.

This one may or may not work, you need to ensure you have configured both “Configure Automatic Updates” and “Allow Automatic Updates immediate installation” policies:

GroupPolicy-Updates GroupPolicy-WindowsUpdates-AutoInstall

Workaround – Registry

I took a look at previous OSes – particularly registry settings and then applied them to Windows 10 Pro and Enterprise editions. 
Lo and behold, they abided by the settings!

Controlling Windows Updates with WSUS

Therefore, it stands to reason that if you operate a Windows Server Update Services (WSUS) server and you want Windows 10 clients to get updates from your WSUS server, you might want to apply this registry change.  Windows 10 operating systems appear to WSUS as ‘Windows Vista’ (for Windows 10 Pro) or ‘Windows Vista Enterprise (N) Edition’ for Windows 10 Enterprise (N):


Computers running Windows 10 listed in the WSUS Computers list

When configured successfully to use WSUS, there’s a slight change to the Windows 10 Windows Update settings page:

image image

It stands to reason that you could omit the WSUS values to control how Windows Updates are applied.  Here are the registry settings:

Windows Registry Editor Version 5.00

“WUServer”=”http://<your WSUS server>:8530”
“WUStatusServer”=”http://<your WSUS server>:8530”


I located the possible values and meanings for the above settings via TechNet:

Entry Name Value Range and Meanings Data Type
AUOptions Range = 2|3|4|5 Reg_DWORD
2 = Notify before download.  
3 = Automatically download and notify of
4 = Automatic download and scheduled
installation. (Only valid if values exist for ScheduledInstallDay and ScheduledInstallTime
5 = Automatic Updates is required, but end
users can configure it.
NoAutoUpdate Range = 0|1 Reg_DWORD
0 = Enable Automatic Updates.
1 = Disable Automatic Updates.
ScheduledInstallDay Range = 0|1|2|3|4|5|6|7 Reg_DWORD
0 = Every day.
1 through 7 = The days of the week from
Sunday (1) to Saturday (7).
(Only valid if AUOptions equals
ScheduledInstallTime Range = n; where n = the time of day in 24-hour format
UseWUServer The WUServer value
is not respected unless this key is set.
AutoInstallMinorUpdates Range = 0|1 Reg_DWORD
0 = Treat minor updates like other
1 = Silently install minor updates.

For more information on these settings and what their values represent, check out TechNet.

Controlling Windows Updates without WSUS

If you do not use WSUS, try just setting these values in the registry:

Windows Registry Editor Version 5.00


Disable Web Search from Start Menu

Finally, I found disabling the obligatory “desktop and web” search in the Start Menu significantly speeds up the Start Menu.  Policy = “Do not allow web search”:


Cleanup: Remove Services

There are two key Windows Services which appear to participate in the sending of diagnostic data, Diagnostic Tracking Service “DiagTrack”and WAP Push Message Routing Service “dmwappushservice”.


Launch a Command Prompt as Administrator and execute the following:

sc delete DiagTrack

sc delete dmwappushservice

I haven’t noticed any ill-effects from removing these two Windows Services.

Registry Import

If you’d prefer to simply import that changes I made, copy this text and save it into a text file on your system (filename with a .reg extension) and import into the registry.

Windows Registry Editor Version 5.00








































































The following links were helpful in compiling this article

Key issues with the proposed mandatory data retention law

There’s a post up on Labor leader Bill Shorten’s site addressing Labor’s position in regards to the draft mandatory metadata retention legislation and specifically to recommendations included in the Parliamentary Joint Committee report, released late Friday.

Honestly, it’s not very encouraging.  I really think Labor should be outright blocking the passage of the bill (ideally it should be scrapped altogether) until many of the key issues are directly addressed in the legislation itself.  For example, the PJCIS report highlights some glaring problems, notably:

  • The Bill does not explicitly require data to be destroyed at the end of the retention period,
  • The Bill is silent on the issue of data security,
  • The Bill does not prevent offshore storage

.and undoubtedly plenty more. 

The main problem is that the PJCIS report doesn’t make any specific recommendations to address these shortcomings.  For example,  this:  “To give effect to this recommendation, the Committee recommends that the Data Retention Implementation Working Group develop an appropriate standard of encryption to be incorporated in to regulations” is fairly useless.

..and this gem, which offloads details until a later date (a common theme in most of the report’s recommendations):  “The Committee recommends that the Explanatory Memorandum to the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 clarify the requirements for service providers with regard to the retention, de-identification or destruction of data once the two year retention period has expired”.

Based on the above alone, detailed data about Australians could be stored unencrypted offshore and still be compliant with the legislation.  The risk of a data breach is almost palatable!  Imagine all the potential for identity theft, fraud, disclosure of confidential business information (most emails are sent unencrypted), blackmail…. the list of threats goes on.  If this legislation is passed without serious rework the Government shall be  guilty of severe negligence.

How can anyone with a functioning brain seriously support a bill with such glaring issues that even a joint committee appear lost in the woods?  This is dire stuff, folks.

Anatomy of a phishing attempt

This morning, I received an e-mail which the various spam/mail filters managed to miss.  With only a passing glance, I recognised this as a phishing attempt, and nearly gave it no further thought.  However, being on an iPhone, the “from” address field had been truncated (to appear as “AppleStore@apple.e…”:


After a quick think, I decided that this would be worth a bit of a write up – for those who might potentially get caught out by this kind of thing.  I forwarded the e-mail to a GMail account, so I could get a better view of the whole e-mail:


Which brings us to…

Anatomy of a phishing attempt

Why don’t we have a look at this particular e-mail and decide why you shouldn’t fall for it?  Let’s do it by the numbers:

1. Sender address

Although you can’t see it by default on an iPhone, the full address of the sender is listed as”. 

Note how it doesn’t originate from an “” domain?  Anything official will likely come from an apple domain or sub domain (like  The important part are the words to the far right – immediately prior to the domain extension (.com, .net, .org etc.).

Note that some phishing attempts can appear to come from legitimate sender addresses, so this alone shouldn’t be replied upon.

2. Subject line

The e-mail’s subject line is: “Billing Information Update !” notice the extra exclamation point at the end?  Nearly always, official corporate e-mail will omit any superfluous punctuation marks, like this.

3. Introduction

Although not always a rule, an e-mail like this would usually be personalized.  In this case “Dear Apple Customer” is vague and impersonal.  If they have access to your account details, they’ll known your first and last name, not just your e-mail address.

4. Body text (A)

You might not be a scholar of the English language, but this e-mail ought to feel disjointed, from a grammatical point of view.  Official corporate e-mails have almost certainly been reviewed by a legal team and would very rarely contain any broken or inaccurate English.

“It has come to our attention that your account Billing Information records are out of date.

That requires you to update your Billing Information.”

The second “floating” sentence isn’t correct, another indicator of a phishing attempt.  The e-mail also isn’t formatted with Apple’s corporate colour, style or logo which may or may not mean something.

5. Body Text (B)

Given customers are a good source of income, it is HIGHLY unlikely that anyone is going to close a customer’s account due to stale data. 

Thus the claim “Failure to update your records will result in account termination.” is almost certainly a bogus threat, aimed to alarm the reader into swift (and unwise) action.

6. The Links

The links in the e-mail do not go to an official domain name.  This is another key aspect, enticing users to another website which may even look exactly like the real website, but is built to capture your sensitive information, such as your account and password. 

Don’t trust links in these emails (even if they look legitimate), go to the official website yourself if you want to verify your account information, or get in touch with the company in question.

7. The Footer

Most legitimate corporate e-mail (as well as official Government e-mails) usually contain footer text with legal disclaimers.  In this case:

    Forget your password? Click here If you have any questions about our privacy policy, click here to contact our customer service center. We hope you found this message to be useful. However, if you’d rather not receive future e-mails of this sort from, unsubscribe here. Please note that product prices and availability are subject to change. Prices and availability were accurate at the time this newsletter was sent; however, they may differ from those you see when you visit AppleStore. Copyright Notice © 2004 – 2013 Apple All rights reserved.

The links, again, do not go to legitimate domains, and in fact the “unsubscribe” link even references someone else’s e-mail address.  Classic.  There’s even a mention of “” which has nothing to do with Apple, it looks like they skimmed the footer of a newsletter!.


Applying a small amount of cynicism when receiving alarming emails will help you avoid being the victim of phishing attempts.  Always ask yourself if you trust the source of the email and whether or not the email appears to be legitimate.

This was a very poor phishing attempt, there are others which are more sophisticated, but all of which would not pass the validation I’ve listed here.

Warning Signs

If it doesn’t display well (like on an iPhone) forward the message to another e-mail account and take a look on a larger screen. 

Worst case scenario, get in touch with the company in question using their official website or contact phone numbers.

Please pass this along to any friends or family who you think could benefit from these tips.  Together we can defeat scammers and phishing attempts.