20% Faster & [Windows] 10% Less Secure

Privacy & Security By Ed Holden | Posted on August 25, 2015

Microsoft’s latest operating system Windows 10 has been making waves in the tech world. With an estimated adoption rate of 20.1% in the first 12 months it is a safe bet to say that Windows 10 will be coming soon to a desktop, laptop or tablet near you. While the speed and efficiency benefits of Windows 10 are evident, we must ask ourselves what security implications this brings?

Technology companies such as Google have made headlines time and time again over their shady security practices and the large amount of data they collect about users. Microsoft seems to have taken a lesson from the likes of Google with Windows 10. In this article we will discuss a handful of “features” which are included in Windows 10 and enabled by default and how they compromise our everyday security. As consumers we have the right to privacy and that includes privacy about our daily activities and browsing activities. These are facts about our lives and how we spend our time which we should share only should we find it necessary and not something we should be obligated to share for the profit of another company.

Windows 10 by default takes the very friendly choice of automatically going through most of your personal data including contacts, calendar, mail and messages with the guise of improving your Windows experience. Information collected from the Operating System is linked with an individualized ID (“Advertising ID”) assigned to you. This information is then uploaded to the Microsoft servers where it is used for the purpose of making your Windows experience better and your operating system smarter.

Smarter means more involved. If you decide security is for you and encrypt your hard drive then Windows automatically stores that data on One Drive which opens up its own set of security issues. The security violations mentioned above go further as Microsoft’s own security policy (See here: http://www.microsoft.com/en-us/privacystatement/default.aspx) state that Microsoft can scan and analyze all information that passes through their services (including outlook, MSN and live) in addition to information obtained from Cortona (enabled by default in Windows 10) - including but not limited to searches, reminders, notes and actions. Your location is also recorded via GPS hardware or Wi-Fi location data if available.

Should you allow the default settings when installing Windows 10 or during an upgrade you will be consenting to all of the above. The good news is that there is something you can do about it. You can protect your privacy with a few easy steps which we will discuss below.

Privacy Settings

  1. Search for Privacy from the start menu
  2. Turn off the following options:

Advertising ID

  1. Search for advertising
  2. Open the “Choose if apps can use my advertising ID” option
  3. Disable the advertising ID

We also suggest disabling Windows 10’s new “Wi-Fi Sense” feature which in essence uploads your Wi-Fi passwords to the cloud and then shares them with all of your contacts so that they can “borrow” your Wi-Fi networks. While this may seem like a handy feature you must consider the security risks that this poses. Protecting your Wi-Fi network can be a crucial part of your regular security regimen and we suggest you disable this feature. Please read on to find out how.

Disable Wi-Fi Sense

  1. Open the Settings pane in Windows 10
  2. Locate “Change Wi-Fi Settings”
  3. Scroll down past your list of Wi-Fi networks
  4. Locate and Disable “Wi-Fi Sense”

While disabling the above options will make Windows 10 “dumber” and disable many of its “learning” abilities it will also make Windows 10 a lot more secure. Everything comes at a price and smarter electronics often come at the price of less security. In modern electronics security should be the priority and not an option, unfortunately that is not the choice of many major tech companies.

At IVPN we value your security. We do not store personal information about our clients, we do not keep logs and we do not assume that security is secondary to “software intelligence”.  If you care about your privacy you can follow the simple steps above to make Windows 10 more secure. We also suggest using a high quality security focused VPN such as IVPN.

We have a live chat team available for inquiries anytime. Happy surfing and stay safe.

-IVPN Team

Security
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.

3 Comments

Ind

27.08.2015

You forgot to mention the fact that Cortana watches you on webcam, listens to your microphone and when you turn Cortana off its still active and transmitting back to Microsoft. You can only stop this with host and firewall rules, no switches.

Michael

27.08.2015

Very interesting post thanks!

I’ll pass it on to some friends.

I still cringe when people ask why I run Linux DD-WRT and VPN, yet they are busting at the seams for this next Windoze Edition and actually still trust Microshaft.

Keep up the excellent work IVPN….and of course these excellent blogs :)

Tim

27.09.2015

Alzo do not think using a proxy at the os level will stop that data nack to MS as I and others have proven the OS has a cal home ceature that overixes the OS proxy config and goes direct instead. So yes indeed it will take some very specific firewall configs and frankly I would also dou le heck it does not also bypasss the vpn client config in the same way it does the proxy confif we tested. The answer here would be foe home use to config your router vpn to ivpn thus taking control from the pc os layer. MS is one to learn wht works and win 10 is straight out of Google’s play book. By offering the os free they are offering as a service and thus in return they get your data. You will notice the enterprise pro editions ha e real security features as no corp is going to allow its data to go back to ms.

The share your Wi-Fi creds is the sthpidezt things ever thought of. Seeing how outlook etc auto add to your contacts. Not everyone you email is a close friend and very well can be an adversary or worse and now you are givi g the free untethered access to your home possibly work networks ans what if gou tend to reuse the same passwords. Consider that your home is full of comm devices all hooked to Wi-Fi. That means with little know how they can listen and watch you thru a xbox kinect or that noce samsung tv wih built in mic and video.

But yeh lets share your password creds with your entire contact list. It seems MS has decided you really did not make a user/password for any secuorty reaso at all so shard it with everyone to take care of that inconvenience. I guess thats the new ms strategy higher safer securoty thru no secuirty.. Sounds like someone was doing lsd while reading Art of war

IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

IVPN TunnelCrack vulnerability assessment Privacy & Security

IVPN TunnelCrack vulnerability assessment

Posted on September 7, 2023 by IVPN Staff

Context TunnelCrack is the combination of two independent security vulnerabilities (LocalNet attack and ServerIP attack) that affect VPN applications. The research paper detailing these vulnerabilities was published and presented on 11 August 2023. IVPN apps were not tested by the researchers, and unlike other providers, we did not receive a vulnerability disclosure.
Most people don't need a commercial VPN to work from home securely Privacy & Security

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.