Seeing as how it's heavily 10 based, any of the smarter folks taken a look at Server/Server Essentials techpre 3 from a privacy standpoint? From having run a few of the scripts and tweak/block/OOSU10 (because privacy settings page like most is non-accessible), it actually looks fairly clean overall given it lacks Cortana and virtually all "apps".
i noticed you haven't added any rules to OUTPUT table, i'm not sure why, are you blocking everything by default? personally i would do the dns block and set the OUTPUT default do drop, then just add whatever rules to get what i need working... i'm never going to put that crapware on my pc, so i really don't worry about it, but would be nice to have a good default rule set for iptables that can be loaded from a file that blocks everything except basic connectivity
IP address ranges to block (not hostnames / HOST file) I'd like to block this at my network firewall / router in addition to all of my PCs. Does anyone have a final / working list of IP address ranges to block (not hostnames)? thorin0815 got started on one here : /threads/63767-Microsoft-Anti-Spy-PeerBlock-List?p=1113133#post1113133 but says he was in a hurry and his list is not complete.
MarvinFS comprehensive script ok now... READ CAREFULLY before applying the script! still it was tested on my personal win10 and win8.1 systems... being searching and reading a lot recently and had born this comprehensive script for de-bloating windows 10 (it does not uninstall any updates!!!! use other methods or just add it in here) also i've commented stuff i don't need, caz i'm working in corporate network, i need some stuff, as spooler, de-bloated search, group policies etc... free to modify it! hope it'll help someone! please do make comments on bugs or whatever some of the disabled tasks are potentially spyware - feel free to disapprove it! and post it! if you are interested - i personally use this particular script, along with an Acrylic approach (wildcard dns server with special hosts file), a modified MS Wildcard Domain Blocklist (MS-WDB), a blocklist for peerblock and a customized rules WFC app... instructions: first download a copy of setacl app from here helgeklein.com/setacl/ it grants all kinds of permissions in Windows env. copy and rename the executable to c:\windows\system32\setaclx64.exe (i've used x64 version, if you are on x86 just rename 32bit version to c:\windows\system32\setaclx64.exe anyways) redirect errors output to a file to control the process or set up a large scroll back buffer in you command prompt suck i can't post it here since i don't have more than 20 post! so i'm attathing pastebin pastebin.com/ennfgYKB
if I put : - Cortana online search is off. - Diagnostics and usage data is Basic. - Allow telemetry in Local group policy disabled. - Location and "Getting know you" are both off. is that enough ?
Here are my current firewall blocks, by IP range: Code: 23.212.108.0/24 64.4.0.0/18 65.52.0.0/14 111.221.29.0/24 157.56.91.77 168.61.0.0/16 168.62.0.0/15 It seems to be catching most stuff, but bing.com doesn't work (a sacrifice I'm willing to make).
here is couple more (it was posted earlier in this thread or some other thread on MDL) Code: 131.253.0.0/16 134.170.0.0/16 137.116.0.0/16 137.117.0.0/16 157.54.0.0/15 157.60.0.0/16 161.69.0.0/16 178.255.0.0/16 191.232.0.0/14 191.236.0.0/14 199.166.0.0/16 204.79.0.0/16 23.102.0.0/16 23.203.0.0/16 23.45.0.0/16 23.96.0.0/13 23.99.0.0/16 64.20.0.0/16 69.172.0.0/16 74.125.0.0/16 93.184.0.0/16
I really want to upgrade to Windows 10, but have begun seeing stories come out about the new Terms and how they affect your privacy. It looks like the default Windows 10 system puts copies of your data out on the "cloud", gives your passwords out, and targets advertising to you. The main reason I am looking to upgrade is that Bitlocker is not available on Windows 7 Pro, but is on Windows 10 Pro, and Microsoft no longer offers Anytime Upgrades to Windows 7 Ultimate. However, I don't want to give away my privacy for security. The other option is to wait until October to see what the Windows 10 Enterprise version offers, but it may not be available through retail.
Gonna add this to the powershell privacy script I use oem wise Out of curiousity is it possible to convert the firewall rules over to powershell using the new-netfirewall rule command in powershell?
Code: New-NetFirewallRule -Name "MS Telemetry" -Direction Outbound -RemoteAddress "23.212.108.0/24,64.4.0.0/18,...etc..." -Action Block
DNS_QUERY_NO_HOSTS_FILE - I knew that looked familiar... I had to double check, saw it in dnsapi.dll when I loaded it into Hex Editor. Mind you, that dll had more than one DNS_xxxx phrase entered.
dem methods *edit of shame by the undersigned I noticed your sig and your methods seem really clean! Props! If I were to follow all the links in your sig, I ought to be good regarding Win10 telemetry, right? Or at least more or less on the same level as the OP in this thread..? Or should I still go for the other tweaks as well? I like the fact that yours seem easily reversible (or redoable) which might prove useful as updates come along. Was thinking of following your posts + perhaps PeerBlock. I was thinking of going the PeerBlock route as it's been mentioned (/rumored perhaps, IIRC though was actually observed) that M$ can basically bypass the Windows Firewall in some scenarios... However I see you (in the link you gave out in the post I quoted) [and plenty of others] recommend using Windows firewall rules.. Do you think going with WF might be enough? I don't want to be looking WAY too much into this, but I just did a clean install and I would rather do things the proper way so I don't need to be reinstalling my OS every few months (a la XP days, no? ) & I do appreciate my privacy; even if only out of principle. Thanks in advance. Any input will be greatly appreciated!
As soon as I find some time I will open a new thread "Windows Firewall with Advanced Security on Local Computer " & "Windows Filtering Platform", be patient.
We need some firewall compilation, with powershell so its easy to see. Like this Powershell Set-NetFirewallRule -DisplayName search -Action Block That will definitely block Cortana and SearchUI.exe
I want to improve on this... I think we can make a way to detect the telemetry tracking updates that are installed. Delete them. Then add to black list the KBs we don't want installed. Also why can't we make this work on previous versions of Windows such as 7 and 8?