Skip to content
Naked Security Naked Security

Pirate sites ban Windows 10 over privacy worries

Paranoia has spiked over the notion that Microsoft plans to keep people from running software they never bought.

shutterstock_286318676

There’s been a good amount of privacy freak-out over Windows 10.

Concerns have been sparked by things such as the Wi-Fi password sharing feature and the fact that Windows 10 by default shares a lot of your personal information – contacts, calendar details, text and touch input, location data, and what Ars Technica calls “a whole lot more” – with Microsoft’s servers.

Of late, that paranoia has spiked over the notion that Microsoft plans to keep people from running conterfeit software.

The notion came out of Microsoft’s new Windows 10 update procedures, which, coupled with the company’s Services Agreement, could allow Redmond to block pirated content and unauthorized hardware and reach right out and wipe torrents clean off of people’s hard drives.

Fear spread that, in the words of one report, “Microsoft has practically baked DRM [digital rights management] into the core of Windows 10”.

Cooler heads pointed out that this a) wasn’t new, seeing that the new service agreement was published on 4 June and took effect 1 August, and b) is simply wrong, since the service agreement applies to services, not to Windows 10 – specifically, it looks like it applies only to services provided directly from Microsoft, including Xbox, Xbox Live and Microsoft’s Windows Games.

In other words, Microsoft can’t disable a copy of a third-party software installed on your hard drive.

Such clarifications haven’t stopped the paranoia about a piracy kill switch.

It’s gotten to the point where, as TorrentFreak reports, some smaller pirate sites have become so concerned that Windows 10 systems will phone home with too many hints about their users, that the sites’ administrators have started blocking Windows users from the BitTorrent trackers hosted on their sites.

One of those sites, iTS, released a statement which referred to Windows 10’s “outrageous privacy violations”, which, it says, include…

[sending] the contents of your local disks directly to one of their servers.

“Obviously,” the administrators continue, “this goes way too far and is a serious threat to sites like ours which is why we had to take measures.”

Thus, since Thursday, Windows 10 has officially been banned from iTS until “special versions” surface that undo this purported privacy wreckage.

The statement also references what iTS calls “one of the largest anti-piracy companies”, MarkMonitor.

That actually turns out to be a company that Microsoft has worked with for years in areas such as the monitoring of phishing attacks.

Other torrent tracking sites are considering following in the footsteps of iTS, including BB and FSC – all of these being smaller pirate sites found on the dark web, as opposed to larger, well-known sites such as The Pirate Bay.

TorrentFreak quotes a statement from BB to its users:

We have also found [Windows 10] will be gathering information on users’ P2P use to be shared with anti-piracy groups.

What's particularly nasty is that apparently it sends the results of local(!!) searches to a well known anti-piracy company directly, so as soon as you have one known p2p or scene release on your local disk … BAM!

And similar warnings have gone out from FSC to its users:

As we all know, Microsoft recently released Windows 10. You as a member should know, that we as a site are thinking about banning the OS from FSC. That would mean you cannot use the site with the OS installed.

Is there anything to back up this level of fear?

As Ars Technica notes, Windows 10 does in fact step up the data collection compared with earlier Windows iterations, due in large part to extra services such as the digital assistant Cortana.

Such new services use more data and consequently bloat up the service and privacy agreements with far more verbiage, as Microsoft presumably tries to keep itself out of a Google-esque spot of trouble over unclear privacy policy.

But it seems that convenience is the only thing that might keep users locked into this mainlining of data back to Microsoft’s servers.

You can keep much of your privacy – and your personal data along with it – on your PC, if you have the fortitude to flip quite a few toggles during installation.

As TorrentFreak notes, educating users about how to configure the new OS for optimized privacy, as Ars has done, might be a tad more helpful than barring the gates against Windows 10 users.

True, if the piracy sites’ gates are barred, Windows 10 users might be that much less inclined to avail themselves of pirated games, software or other content that could harbor dangerous malware.

But beyond leaving users to the mercy of the moat alligators, barring the gates just doesn’t do much to illuminate just what privacy threats are swimming around in those waters or how to properly wrestle with them.

Image of Windows 10 courtesy of Anton Watman / Shutterstock.com.

29 Comments

Here’s a thought…. don’t steal software then you don’t have to worry about it!!

Reply

The problem is not stealing software, but the monitoring. If they can sniff in your hard drive, then anyone else can too. Maybe not today, maybe not tomorrow, but at some point someone will figure out the way to hack that feature and windows will be searching for passwords and any other sensitive files and send all of that in a nice package to hackers.

I think a lot of people who can upgrade for free to windows 10 will wait until the dust settles.

Reply

Keep in mind that not all P2P downloads are stolen. Having the software installed is not indicative of a crime, just as having a firearm in the house (where permitted) is not indicative of a crime.

Reply

A lot of game comapnies were using and some still do use P2P for sending out large patches. Blizzard did it (I think they still do). P2P protocol is not in itself anything to worry about. Using it to download software or movies you didn’t buy is. That being said Microsoft needs to make it default off for all he sending home to Big Brother settings. Having to go through almost 12 pages of settings AND having to go online to turn off tracking from the Microsoft account is VERY VERY confusing and needs to be changed. Privacy should never be that hard to get.

Reply

That’s exactly the same as having your house searched witouth a warrant, by any random corporation.

It is pointless if you do not have stolen items in your house. If somebody comes to your house with a contract saying that your house will be inspected you do not sign it just because you think that you have nothing to hide.

Reply

“You can keep much of your privacy – and your personal data along with it – on your PC, if you have the fortitude to flip quite a few toggles during installation.”

What about after installation? If you have to make these choices at installation time that’s horrible.

Reply

Agreed !!
In a new installation process an new user may not know what to toggle or where it is.

Many such choices are buried in a separate dialog “Advanced Settings” (or something similar), which many users feel is beyond their knowledge. Therefore these privacy settings remain at their “Default” (no privacy) state.

Reply

Or at least tell us what those options are, Sophos.

Reply

Oops: looks like editing snipped out the part where I said that Ars gives detailed instructions. Here’s the article link again: http://arstechnica.com/information-technology/2015/08/windows-10-doesnt-offer-much-privacy-by-default-heres-how-to-fix-it/

Reply

It has already been reported that W10 keeps sending data to MS after all the privacy monkey bars had been switched off in the monkey GUIs.

You can verify with wireshark.

Reply

you mean copy. As stealing assumes that the “thing” is missing on the other end =P

Reply

I’m afraid you have to let language move with the times. In the UK, if you steal a car for a joyride then you will almost always be charged with TWOCcing (taking without consent), because “to steal” implies “permanently to deprive.” So if you dump the car, even if it’s been pranged, you’re showing that you didn’t mean to keep it.

But in common language, if you drive off in my car without asking me, I’ll happily say you stole it.

And if you copy our software – especially given that I am well aware of how much hard work goes into it – without paying what you are supposed to (whether that be signing up for the free versions or handing over money for the paid ones), I will happily say “you stole it.”

Reply

Of course, if you have a firewall, you could always block any Windows 10 traffic destined for Microsoft servers if you really are that worried.

I don’t see why I wouldn’t want piracy sites to block my PC if it is running Windows 10. It might make Windows 10 tablets, laptops and phones much less valuable to thieves. Almost enough to make you want to upgrade to Windows 10!

I don’t suppose Chromebooks transmit any information to Google, do they, or Macbooks to Apple.

Reply

Windows 10 firewall doesn’t works. Windows also uses other firewall-allowed programs to disguise OS traffic.

The easier way to verify that is to use the resource monitor to check that third party applications keep uploading data to genuine.microsoft.com.

Also, blocking MS websites in the hosts file is circunvented by W10.

Reply

“is simply wrong, since the service agreement applies to services, not to Windows 10 – specifically, it looks like it applies only to services provided directly from Microsoft, including Xbox, Xbox Live and Microsoft’s Windows Games”

That’s a lie. We are not navie like the kool aid adicts iZombies being feed Apple propaganda.

Windows links to that agreement, so it applies to Windows 10. End point. No argument against that.

Also, Windows 10 automatically runs Xbox apps, even if the used do not have an y xbox. The xbox apps are “core os applications” and cannot be removed. The xbox apps tie the user to the contract, idependently of any other way to do that.

Also, windows 10 is distributed “as a service”, so any “serivice” EULA from MS applies to W10.

This is a cheap shot to try to force the red pill in our gorges.

Reply

I am not doing anything questionable on My win 10 os. Under the data tab it appears I have moved more data in the last 30 days than I do when torrenting.

ATM moment my total data moved from this os for the month is 976GB. I have disable the update file sharing so I can only assume my data drive has been scanned. Not sure whats been sent, but 976GB is a lot of data for 30 days. I have 3tb of data collected, and most of that is not legit.

My torrent os has only moved 70GB. So it makes you wonder. It looks like I need to go a step further and isolate all the dirty data from win 10 entirely.

Reply

That’s odd. My work W10 PC has all of the default settings, so it should be sending the maximum amount of data to MS, and in the last 30 days I’ve used slightly under 21Gb.

Have you checked the “Usage details” to see which apps are using all that data? On mine, I’ve used 13Gb in Firefox, 1Gb in OneDrive, 800Mb for remote access tools, 750Mb for Google Update, 660Mb for Outlook, and various other apps. The System entry comes in at 2.68Gb.

Reply

I did some tweaks right after i installed windows 10. All my cracked softwares are safe and they are fine. Chill people, don’t over react on this. TBH, my windows 10 is CRACKED too. So to those who is overacting, take a chill pill and relax. The situation is not as bad as you think. I still updating my windows as usual but nothing happened to me.

Reply

Will Sophos be releasing rulesets or something similar so that a Sophos UTM device could be used to block clients behind it from connecting to the privacy compromising Microsoft services?

Reply

I don’t have Windows 10 installed. The thing is that tracking down every bit communications is tricky, time consuming, and not guaranteed to be complete unless spend a few days of quality time with a sniffer-type of device capturing traffic. Once I’ve got a list of communcations, almost certainly some of it has to be blocked off-box since Microsoft is now bypassing host file blocks. It would not surprise me to hear of Windows 10 bypassing some software firewalls in a similar manner. A hardware firewall would be ideally suited for keeping Windows 10 from providing too much information to Microsoft. What I would very much like is to be able to install a new hardware firewall and set check boxes with three broad categories: (1) block communications with no visible impact. (2) block communications that will reduce functionality – thinking of Cortana here. (3) block Windows updating in such a way that I can go into the firewall’s management interface and manually make my own choices about what patches/drivers/updates to install and what patches to block. I would be a nice bonus to get a hardware firewall doing the functionality that Adblock Plus currently does for its supported browsers.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!