Disabling the WIN 10 Upgrade Nagging

In June 2016, this nagging became much more intrusive. MS began squatting on your machine with the Win 10 install files. They then began installing Win 10 without warning on unsuspecting users.

Given the privacy and security concerns with Win 10, you may not  want to be nagged to update, here’s how to stop the Windows 10 upgrade notifications and run Windows 7 or 8 forever.

There are a few methods which worked in the past but no longer stop the nagging and surreptitious install of Win 10. Never10 is the current tool that most easily disables the upgrade.

Windows 10 as Spyware

Current users of Windows 7 or 8 have been offered free upgrades to Windows 10. This would be tempting except for the liability that this may create. As we all know, there is no such thing as a free lunch.

Many experts deem lots of the new so-called features to be spyware. It is one thing to find an application misbehaving; it is entirely different to use an OS designed to allow Microsoft (MS) to monetize your data and squat on your computer hard drive. Built into the Windows 10 OS are spying and data-mining features that deliver data to MS which MS then uses to generate profits.

The long-winded Microsoft Services Agreement runs to 40,000 words of impenetrable legalese and you must agree to everything in it to get your new OS. Unfortunately, or is it predictably, the agreement appears to grant Microsoft the right to read, save, and share anything stored on or accessed using any computer running MS Windows as well as any computer using MS products or services. By default, all of this snooping is turned on and I have serious concerns that it may be impossible to entirely prevent this snooping.

Portions of Microsoft’s privacy policy, which is part of the services agreement, indicates that the MS may use a keylogger to collect users’ data. This means, if you open a file and type, MS has access to what you type, and the file containing the what you type. This may also apply to voice information from speech processing software. Of course, MS offers a way to shut-off all this logging, but you have to believe that it actually works and stays off.

If you are careful in planning your upgrade to Windows 10, and if you have the technical knowledge, then you can probably upgrade the OS while preserving your professional obligation to protect client confidentiality and privacy, at least initially.

To maintain privacy and confidentiality you should use Microsoft’s Media Creation tool. This gives you a copy of the OS installation files. You’ll need at least a 6 GB USB drive. You can use it on multiple PCs. During an upgrade, the installation will look to see if you already have a product key. To do a clean install you may need to have your Windows 7 or 8 product key. You should tape it on your PC. Keep the USB since there’s no other way to get back to Windows 10 if anything unexpected happens. Doing the installation otherwise may allow MS to scrape data from your computer.

By clicking on “Express Settings” during installation you give away your contacts, calendar details, text and touch input, location data, and a whole lot more. It is clear that MS wants to monetize the confidential information on your computer. This creates a serious liability for Canadian private investigators who maintain personal identifiers and other confidential information on Windows 10 machines. Under Canada’s Personal Information Protection and Electronic Documents Act (PEPIDA), by accepting the terms of the Microsoft Services Agreement you have chosen to share this information and in most cases that may be illegal. Accepting this agreement may also put private investigators in contravention of their licencing statutes.

If you click on the small “Customise settings” button at installation, you must toggle many settings on two pages to ‘off’. Don’t forget to include Wi-Fi Sense. Using the Privacy App to turn-off the data stream to MS for those who have already installed the OS using “Express Settings” will be even more confusing to the average user. After doing all the above, Windows 10 continues to send confidential data to MS unless you dig into the registry and group policy editor. Stopping the snooping will disable many features like the digital assistant Cortana that MS is marketing as a reason to upgrade to Windows 10. However, what I am describing here only describes what we can see. Without conducting packet-level analysis, we you don’t really know what data is being sent back to Microsoft, and by which service.

You will also need to go into Windows Firewall and turn-off the rules that allowed a whole slew of Microsoft applications to transmit information.

Windows 10 Home comes with full-disk BitLocker encryption. To enable it, you must use a Microsoft account and the recovery key needed to decrypt your drive resides on Microsoft’s servers. Doing this violates your professional obligations. However, Windows 10 Pro doesn’t have this restriction: you can use BitLocker with a local account and keep your key out of the cloud. Most investigators would use Windows 10 Home and theoretically, a third party could decrypt their drives remotely.

The data stream from your PC to MS is bad enough, but somebody will learn to intercept this data stream and this will leave you open to a targeted attack. If the hacker releases the stolen data and it is tracked back to you or your computer, then your career is likely over. You can expect some form of action under PEPIDA and/or prosecution under your licencing statute. This data breach will almost certainly result in a civil suit and adverse publicity. Who would hire a PI or researcher like that?

Another concern is how updates are delivered. Like Bittorrent, Win 10 updates will be distributed from other Win 10 PCs  This presents an extreme risk, as you don’t know where the update is really coming from. You have to know enough to choose how your updates are delivered.

Privacy & the PI

Let’s address this situation realistically from the perspective of the PI or researcher determined to use Windows 10.

Let’s assume that you are a trusting individual. You trust MS government officials, litigants, lawyers, and everybody else to not understand or care that you accepted the Microsoft Service agreement that grants MS access to all your confidential data and the right to save and share it. You must also trust that your own technical expertise is up to the task of properly installing Windows 10 to circumvent all the efforts of MS to access your data.

At the outset, you pay extra for the Pro version to set-up disk encryption with a local account because you are security conscious.

First, you try to install the OS without it being connected to the Internet to ensure it doesn’t scrape data from your PC. This doesn’t work, as it needs connectivity to complete the installation. You discover that you must use the clean install method (using Microsoft’s Media Creation tool) described above to isolate your PC from the Internet to ensure that MS doesn’t scrape data from you computer during the installation. There are reports of Win 10 install files being placed on your computer on Patch Tuesday to use your PC to further distribute the OS installation files. You must learn how to get your patches from only a trusted source and to prevent MS from using your PC to distribute the OS.

Second, upon ensuring that it will not scrape data from your PC during installation, you toggle two pages of settings to ‘off’ and lose many of the new features.

Third, you edit registry and group policies to staunch the continuing flow of data to MS. Doesn’t everybody know how to do this without damaging the usability of the OS?

Fourth, in Windows Firewall, you turn-off the rules that allow MS applications to transmit information to MS.

Fifth, you then choose how your updates are delivered to prevent updates from untrusted sites. You ensure that updates come from trusted computers in your own network.

Sixth, you conduct packet-level analysis and shut-off any service that continues to send data to MS. Doesn’t everybody know how to do this and have the time to do it?

Finally, with every update and patch, you do a packet-level analysis to make sure your privacy and security is intact.

Of course, sending all this private and confidential data to MS is not necessary to have a functioning OS and applications. It is only necessary for MS profits and probably some government snooping.

Next, how to stop the Win 10 install nagging.

JonDo

For anonymous web surfing, at a minimum, two components are required: a proxy and a browser that doesn’t identify you. At the office, I have both and much more to protect my privacy and provide anonymity. If I have to use a Windows computer at a client’s offices, then temporary measures have to be undertaken.

The simplest solution for this, without using an anonymous VPN, is the JonDo Proxy program that will hide your IP address (Java application) and JonDoFox, a Firefox profile optimized for anonymous and secure web surfing. Using the USB doesn’t leave any traces on the computer for some snoop at the client’s office to uncover. This need Windows as the OS.

For more privacy and anonymity, you can use JonDo/Tor-Secure-Live-DVD, a secure, pre-configured environment for anonymous surfing and more. This has its own OS based on the Debian GNU/Linux OS. The live system contains proxy clients for JonDonym, Tor Onion Router and Mixmaster remailer and much more.

The advantage of the live system is that it is on a DVD, which prevents any other system from writing something dangerous to the DVD.

Using these do not make it impossible to uncover individual users, as there is no such thing as a 100% security, but for most users, this will be adequate for most situations. If you are concerned about this, I suggest you read the surveillance reports on the law enforcement page.

Web Proxies & User Agents

A web proxy provides an easy way to change your IP address while surfing the Internet. They don’t require software or modification to your networking settings.  You just enter a website address and the sites you visit through the proxy see an IP address belonging to the proxy rather than your IP address.

I am very cautious about using web proxies as you never know who actually operates it and what data they might collect as you use it. You also don’t know  to whom they might give that data. On the other hand, I have found one that has a useful feature.

nroxy offers all the usual web proxy features plus something interesting–it offers the ability to change the user agent.  For example, some web sites cannot be viewed properly using Firefox. Sometimes it is an old site that requires MS Internet Explorer (IE) or it may be a site designed for mobile devices. This proxy offers user agents typical of 5 mobile devices and a long list of browsers.

To get the information I need I am finding it necessary to switch user agents more often. Usually, I use the User Agent Switcher extension that adds a menu and a toolbar button to switch the user agent of a browser. It allows you to chose from three versions of IE or an iPhone. Selecting the iPhone user agent often reveals additional  functionality on the site. The extension is available for Firefox and will run on any platform that this browser supports including Windows, OS X and Linux.

Now I have another option when I need to change the user agent and I get the additional proxy features as well.

National Missing and Unidentified Persons System

If you are looking for someone in the USA and cannot find anything, you might want to look at NamUS.

According to the site, “the National Institute of Justice’s National Missing and Unidentified Persons System (NamUs) is a national centralized repository and resource center for missing persons and unidentified decedent records. NamUs is a free online system that can be searched by medical examiners, coroners, law enforcement officials and the general public from all over the country in hopes of resolving these cases.”

Unreliability of Eye Witnesses

Some jurisdictions allow expert testimony about the unreliable nature of eye witness testimony.  One example is Commonwealth of Pennsylvania v. Benjamin Walker, No. 28 EAP 2011-Supreme Court of Pennsylvania.

I recommend that anyone interested in this subject read The Invisible Gorilla: How Our Intuitions Deceive Us which is about attention, perception, memory, reasoning, and how they can cause problems in eye witness testimony.

Another book to read is Picking Cotton: Our Memoir of Injustice and Redemption which is about a man falsely accused of rape by a woman who said that she memorized certain characteristics about her attacker so she “wouldn’t forget”.

When things get complex

Advangle helps you build complex web-search queries in Google and Bing.

You can quickly build a query with multiple parameters (such as the ‘domain’, ‘language’ or ‘date published’) and immediately see the result of this query in Google or Bing search engines. Any condition in a query can be temporarily disabled without removing it to allow you to try several combinations of different conditions and choose the one that works best.

Turn Your PC into an iPhone

Some web sites cannot be viewed properly using Firefox. Sometimes it is an old site that requires MS Internet Explorer (IE) or it may be a site designed for mobile devices.

The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser. It allows you to chose from three versions of IE or an iPhone. Selecting the iPhone user agent often reveals additional  functionality on the site. The extension is available for Firefox and will run on any platform that this browser supports including Windows, OS X and Linux.

The Internet Profile & Identity

In the industrialized countries, a person’s Internet profile is given far too much credence. If you become involved in Investigative Internet Research, then you must combine the Internet profile you develop with authoritative public records and content from a variety of database aggregators.

This is of critical importance as more than one person often uses the same screen name or a screen name may be used maliciously. The more data you collect, the more likely that you will attribute some data to the wrong person.

Mapping a person’s identity is nothing more than comparing gender, race, location, religion, friends, family, car, pictures, etc. to what you know about the subject and what you find in a variety of sources. This ensures that all the data is consistent and relates to only one person. It will also identify inconsistencies in the collected data, which you may choose to investigate. The identifiers are the subject’s name, along with age, gender, race, employer, location, religion, friends, family, car, pictures, etc..

Finding a Secure Workspace

Recently, when working at a client sites, I’ve taken to occasionally using Windows to Go. This is Microsoft’s little-used secure workspace feature for Windows. It allows you to boot into a secure workspace located entirely on a USB key. This enables you to use Windows without relying on the operating system, applications, or storage on the host device. It creates a secure workspace on any machine that can boot from a USB drive without trusting the host machine. I have even devised a way to use a Virtual Machine (VM) in this workspace. Because the workspace doesn’t rely on the host operating system, the workspace on the USB drive isn’t at risk of compromise from a host machine and the VM protects the USB workspace. This saves me from constant use of my ‘Safe Mode on steroids’ or reinstalling Windows from a drive image on a client’s machine. However, it is too slow and requires too much effort to maintain. A similar live Linux USB seems to offer faster performance and it is easier to maintain the VM.

Defence Against the Dark Arts

I wander through the nether regions of the Internet and Dark Net looking for data to support my clients’ causes. This exposes me to severe risks from the nasty creativity of Beelzebub’s demonic gangsters and hackers.

It seems that a Windows system only lasts about 1/2 hour before getting infected without some form of anti-virus (AV). I regularly boot a clean live Linux USB, and then scan for viruses. This is like Safe Mode on steroids. In most instances, I find something malicious missed by the typical AV programs. However, this is only a temporary measure.

I am migrating to Linux for Investigative Internet Research because very little Linux malware exists in the wild. I only need AV on the Linux file server (or an email server if I had one). I do this because an infected Windows computer may upload infected files or an uninfected one might access infected files on the Linux machine, which then allows it to infect other Windows systems. AV on the file server isn’t protecting the Linux system–it’s protecting the Windows computers from themselves. I recommend the paid version of ESET Antivirus and Security Software as it doesn’t try to upsell you on other services.

The Old YouTube Scrape Trick

The Old YouTube Scrape Trick

Don’t be fooled by the old YouTube scrape trick. A scrape is an old video downloaded from YouTube which is then presented as a new and original eyewitness account of a different event.

Defeating The Old YouTube Scrape Trick

Amnesty International provides a handy tool called YouTube DataViewer.  Enter the video’s URL and it will extract the clip’s upload time and all associated thumbnail images. This data isn’t readily accessible via YouTube, however, this two-pronged approach allows you to identify the earliest upload, which is probably the original version.  Conducting a reverse search on the thumbnails often uncovers web pages containing the original version of the video along with other uses of it.

Disk Encryption

TrueCrypt, the ultimate encryption freeware, abruptly announced that the software is no longer secure after Microsoft ended support for Windows XP. It was the most popular application of its type and it was widely to communicate securely and encrypt sensitive files or folders. Currently, the TrueCrypt home page advocates moving to Microsoft BitLocker.

Unfortunately, in the Windows 10 Home edition, the full-disk BitLocker encryption must use a Microsoft account and the recovery key needed to decrypt your drive resides on Microsoft’s servers. With this arrangement, theoretically, a third party could decrypt your drives remotely. However, Windows 10 Pro doesn’t have this restriction: you can use BitLocker with a local account and keep your key out of the cloud.

Under such circumstances, users should stay away from both TrueCrypt and BitLocker and shift to some other free file encryption software.

Veracrypt entered market within months after Truecrypt died and seems to be the best of the alternatives. There are other free TrueCrypt alternatives like AESCrypt, FreeOTFE, and DiskCryptor. Here are the download sites for the alternatives: