[HN Gopher] O&O ShutUp10++ - Free anti-spy tool for Windows 10, 11
___________________________________________________________________
O&O ShutUp10++ - Free anti-spy tool for Windows 10, 11
Author : gibspaulding
Score : 317 points
Date : 2021-10-09 12:52 UTC (10 hours ago)
(HTM) web link (www.oo-software.com)
(TXT) w3m dump (www.oo-software.com)
| unstatusthequo wrote:
| Is it similar to WPD? https://wpd.app/
| schleck8 wrote:
| yes, and to privatezilla. however the latter hasn't been
| updated in half a year and i don't know whether WPD is
| officially compatible with windows 11
| XzetaU8 wrote:
| From their page:
|
| "WPD 1.5 and DashboardX 1.0 with Windows 11 support coming in
| mid-October!"
| tomc1985 wrote:
| Sounds like this does the same thing as Blackbird
| mmgutz wrote:
| The UI is confusing (double negatives). Does Red "Disable
| Inventory Collector" mean that is enabled? Red, to me, usually
| means off on a toggle switch.
|
| It's explained in the help.
| zalebz wrote:
| agreed. I've been using this and similar tools for several
| years and the cognitive load for every single setting is
| infuriating. especially given the very obvious underlying
| reason everyone is launching this tool.
| gigel82 wrote:
| There are a lot of open source scripts and tools on GitHub for
| accomplishing the same goal (in various state of being out-of-
| date, abandoned, etc.); I started collecting the ones that appear
| somewhat active here: https://github.com/TemporalAgent7/awesome-
| windows-privacy
|
| I plan on going through them to weed out duplicates and duds. You
| shouldn't trust any of those blindly, but definitely read through
| the code; I'm particularly interested in coming up with a list of
| services and scheduled tasks that can be safely disabled without
| impacting any of the applications and services I'm using (I want
| Windows Update, OneDrive, Office, Defender, Store and store apps,
| MS Account login and Xbox Gaming for example, which most tools
| want to disable).
| stevenicr wrote:
| I want similar, although I don't want oneDrive - the level of
| spying that's used for is unacceptable imho.
| cma wrote:
| I noticed a media disk drive grinding away the other day,
| nothing made sense to be causing it. Turns out Chrome now scans
| all your drives and sends executables back to Google by default
| or something (software_reporter_tool.exe), even if you are a
| software developer in competition with them (practically all
| software developers since Google are essentially all-
| encompassing at this point).
|
| Is it intuitive to anyone that a third party web browser would
| be doing this by default?
| RachelF wrote:
| Spybot anti-beacon is also good. It also stops MS Office from
| "phoning home"
| marcodiego wrote:
| Free as in beer. I wouldn't trust such an intrusive proprietary
| application on my machine from a vendor who doesn't need to care
| about its reputation.
| midasuni wrote:
| How did you get windows in there in the first place?
| PicassoCTs wrote:
| You mean windows. Neither do i. Linux and VMs for the
| proprietary crap.
| nfriedly wrote:
| Are you talking about this tool or Windows itself?
| marcodiego wrote:
| Actually it can be seen as both.
|
| You're replacing an abusive part with another with the same
| potential of abuse and you can't check of modify either of
| them.
| lvass wrote:
| Confirmed abuse isn't the same as potential abuse.
| jeroenhd wrote:
| I can get behind that mindset, but if you're using Windows
| you've already given up your ability to introspect your system.
| The same is true for most of macOS/iOS and large parts of the
| basic feature set found in Android. Most Windows programs, both
| freeware and paid, are closed source, that's just the way that
| ecosystem functions.
|
| These companies can exist the same way Winrar can exist: give
| people the tool for free, wait for them to want to use it at
| their business and sell the subscriptions there. Businesses are
| much more wary if pirated software than consumers so Winrar
| manages to survive to this day. To me, the amount of telemetry
| collected from modern crapware indicates a lack of trust in the
| product from even the developers themselves, which in turn
| proves to me that the product isn't very good on some level I
| might not be able to see.
|
| Just because something is free doesn't mean it's not reliable
| if there are business subscriptions funding the product itself.
| The way programs stalk their customers these days used to be
| rare and the O&O team seems to follow the old software shop
| practices rather than "modernising" and adding the very thing
| they try to block to their own product.
| marcodiego wrote:
| It is possible to use windows as a mere kernel. Much desktop
| software on a modern linux distro is portable. Even your
| example, winrar, can be replaced by peazip or 7zip.
|
| I actually saw some people using mostly FLOSS on windows as a
| step before full migration away from it.
| MauranKilom wrote:
| Had the same thought, but upon investigation I don't see the
| incentive for the vendor to do something shady with it.
|
| They have a clear business model: Develop software for Windows
| that companies need. See their About page: https://www.oo-
| software.com/en/company
|
| Hence, it is clear what benefit they draw from releasing this
| software for free: Marketing. They are not in the business of
| brokering user data or mining bitcoin covertly. This tool isn't
| even installed, it's "run once". To me, that's about as
| trustworthy as it could be.
| judge2020 wrote:
| Windows will most likely consider this malware, since it is
| effectively piracy (removes activation checks) and it does
| mess with Windows Defender by disabling a bunch of phone-home
| stuff like malware sample submission. If you're already
| getting people to disable Windows Defender and/or make an
| exception for the exe, it's suddenly super easy to also embed
| some custom C&C into it, either for mass use (eg. using a
| Windows service to have machines participate in a ddos
| botnet) or for targeted use - when a specific network block
| downloads it, the C&C sends a different payload that quietly
| looks for git credentials or trade secrets and ships them
| off.
|
| They technically don't have an incentive now, but if they
| ever get one, it'll be super easy to abuse this position to
| embed malware. Don't think of the threat as the current
| company, but someone buying them for $millions and quietly
| doing this years later.
| OrvalWintermute wrote:
| Windows won't treat this like malware, because, all the
| other similar products out there are not treated as malware
| either.
|
| because it does not run as a service/persist, it will be
| undone by the next big windows update anyways.
| schleck8 wrote:
| It is not considered malware by Smart Screen from what I
| can tell. Kaspersky doesn't have any issues with it either,
| and I've run both the original and the ++ Version of
| ShutUp.
|
| This is portable by the way, so I don't really see the
| point in worrying about rogue company takeovers.
| marcodiego wrote:
| > I don't see the incentive for the vendor to do something
| shady with it.
|
| Now.
|
| It is not a matter of having incentives. It is a matter that
| they can abuse and you simply have no way to check or control
| it.
| breakfastduck wrote:
| You have no way to check if this app is sending network
| requests back 'home'? That doesn't seem correct at all.
| marcodiego wrote:
| For such an intrusive application there are many ways to
| hide it. Not saying they do it, but I see no way to check
| it unless looking at the source code.
| stinos wrote:
| Is it possible to circumvent Wireshark, Procmon and the
| likes? Otherwise those 2 combined give pretty good
| insight in what an application is doing wrt I/O.
| jabits wrote:
| Looking at the source code is pretty useless unless you
| compile it yourself...
| MauranKilom wrote:
| Well, two possibilities that come to my mind:
|
| - Run it in a Windows VM. The program could detect this
| and not phone home in this case, of course.
|
| - Monitoring on network level (wireshark on same network,
| Pi-hole, router itself...). This is virtually impossible
| for the program to circumvent.
|
| You could also audit the changes it made to the system
| (resorting to stuff like diffing disk images before/after
| if you really want zero trust) to verify that nothing
| sneaky was left after running the program once.
| loldk wrote:
| Incentives are literally just reasons for doing things. So
| naturally I don't follow your logic at all.
| iratewizard wrote:
| They're a Microsoft gold partner. Their reputation is on the
| line.
| marcodiego wrote:
| Their with microsoft, you mean. Considering microsoft's
| reputation with regard to telemetry and other abuses, I'd say
| it doesn't mean much.
| iso1210 wrote:
| You're happy enough to take Microsoft products, how much
| worse can a microsoft gold partner be?
| iratewizard wrote:
| Partners aren't with Microsoft. They're vendors and service
| providers that live off of scraps from the mothership. If
| they were to do something malicious, it would potentially
| cost them their business. I'm sure Microsoft itself doesn't
| care if under 1% of desktops use tools like this to turn
| off their telemetry.
| Ardren wrote:
| Fair enough, though O&O has been around for ages (24 years) and
| I don't remember hearing anything bad about them (and have used
| their software in the past).
| LinuxBender wrote:
| I've not done any in-depth analysis of this app, but have used
| it on a machine that required windows 10 at the time. My family
| and friends have also used it. I can say that after they use
| it, the DNS activity to the Microsoft tracking endpoints
| appears to stop and other DNS activity is reduced but I am no
| windows expert so I can not say for sure if 100% of telemetry
| is truly nullfied. The real time dependencies on the activity
| DNS/HTTPS endpoints does appear to be removed after usage. From
| a network perspective it does stop the "chattyness" of Windows
| 10.
| marcodiego wrote:
| I mean, it doesn't make much sense to replace an abusive
| feature with a software that has the same abusive potential.
|
| If it was open source, then maybe there would be some reason
| to trust it.
| LinuxBender wrote:
| It is sad that things like this are even required in the
| first place. I would really like to have more trust and
| confidence in Microsoft. To earn that trust they could
| provide one page with all PowerShell sub-commands and links
| from each command to a man/help page with real world
| examples so I don't have to trawl through technet and
| google or random github gists.
|
| They could also give people a true option during
| installation to really for-really-real disable telemetry
| regardless of what license _home, pro, enterprise, ltsc_
| they are using.
| marcodiego wrote:
| Fragmentation is not in ms best interest, but they could
| actually license just the nt kernel with a bootloader
| capable of launching it. Then people could build nt based
| distros with carefully chosen packages. Just like it is
| done with GNU/Linux.
|
| Maybe some one could write an application to delete as
| many files as possible from a pristine windows copy to
| turn it simply into a kernel launched by a bootloader. Is
| there any project that does that?
| LinuxBender wrote:
| That's an appealing idea. From watching the behavior of
| XBox One and Windows 10, I would be really surprised if
| they created such a thing. It really seems more like they
| want people to have dumb terminals with their binaries
| pseudo-cached and operate more like a mainframe/cloud
| model.
| unicornporn wrote:
| > I can not say for sure if 100% of telemetry is truly
| nullfied.
|
| I'll leave this here: https://ameliorated.info/
|
| No Windows Update for you, so security is debatable.
| LinuxBender wrote:
| This looks interesting. Is there something like a Vagrant
| build image for this so that you can easily automate the
| build process to pick up the updates and adjust the
| configuration/customization in a json or yaml file?
| kosasbest wrote:
| I prefer the script[0] instead of the hacked ISO since you
| can install the script in later versions of W10 using your
| own preferred ISO.
|
| Only caveat: There's no way of telling what versions of W10
| it's compatible with (I imagine it breaks some versions). I
| have an old VM with AME installed and manually enabled
| updates by hacking the registry. (You could also alter the
| .BAT script to enable updates, but you have to know what to
| remove).
|
| This project is cute, but I only ever used it for an
| offline sandbox for running low resource games and cracked
| versions of Photoshop. I am scared as shit to connect this
| thing to the Internet. I only connect to receive updates.
|
| [0] https://wiki.ameliorated.info/doku.php?id=documentation
| _20H2
| unicornporn wrote:
| > Since AME is no longer maintained
|
| What do you mean by that? AME 21H1 was released just the
| other day.
|
| > This project is cute, but I only ever used it for an
| offline sandbox for running low resource games and
| cracked versions of Photoshop.
|
| It's perfect for VM use, but I would never use it as my
| main OS.
| kosasbest wrote:
| Wow only learning that now. I thought the project got
| abandoned
|
| Thanks for the update!
| vgeek wrote:
| The simplest way to test any software you're suspicious of on
| Windows is Sandboxie (https://sandboxie-plus.com/downloads/).
| Any files or registry changes are persisted to a separate
| location in the filesystem, so it is pretty easy to catch
| misbehaving software. For software like this, it will negate
| the utility of the software due to being in a sandboxed
| environment, but it will least give an idea of the registry
| keys and files that may be modified.
| marcodiego wrote:
| This is not convenient to do at every update. On a windows
| system were there is no known concept of built-in package
| manager it is even more complicated. I've seen windows apps
| that automatically update themselves.
|
| Also, since it is very intrusive, I don't think running it
| into a sandbox may give good diagnostics.
| vgeek wrote:
| If this program has to be run persistently, then it won't
| provide much, since a malicious program could wait X days
| prior to downloading a payload. It is mostly useful for
| looking for one time changes like registry settings and
| verifying that the program doesn't place a bunch of random
| .bat or .exe's in obscure folders.
|
| Windows loves to silently update things, even if it ends up
| breaking everything, too. Especially drivers where it isn't
| super obvious that it was updated and something just stops
| working. Windows 10 is _way_ more aggressive with forcing
| updates than 7/8 were, automatically re-enabling Windows
| Update after 30 days of disabling. The easiest solution
| that I've found is just blocking everything at the DNS
| level. They can obviously use IP addresses as a workaround
| if they really want telemetry, but I haven't had issues
| after blocking a bunch of MS domains in the hosts file.
| neilv wrote:
| Debian and Linux are here to help:
|
| https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/
|
| (The easiest Debian install experience might be to ignore the
| scary official documentation, simply burn that hybrid installer
| image raw to a USB stick or DVD+R, boot it on your target PC, and
| have an Ethernet cable handy until you boot your installed
| pristine Debian and then can enable install of "non-free"
| firmware. If you need help, I'd use Web search.)
| wellan741 wrote:
| For Windows 10 i prefere w10privacy, open source and plenty of
| options
| glenneroo wrote:
| It's definitely not open source. In their FAQ (which is only in
| German):
|
| > Wieso ist die Software nicht Open-Source? "Die Community"
| konnte mithelfen, die Software weiterzuentwickeln etc. ...
|
| "Why is this software not Open-Source?"
| wellan741 wrote:
| Oh yeah you're right! I must be more tired than i thought
| freebuju wrote:
| There's privatezilla too. If you consider Microsoft Defender
| (real time scanning & sample submissions) to be a spy tool, there
| are easy scripts available to permanently disable it, apparently
| recent Windows versions decided not to honor instructions
| disabling WD via registry or local group policy.
| inside65 wrote:
| I've been using this since W10 came out. It works, but as others
| mention, some parts seem to stop working magically over time.
| IG_Semmelweiss wrote:
| Its not magic. Its windows update happening in the background
|
| I went from perfect system health , progressively into blue
| screen death, it got so bad that it happened every 2 hours
| after spiking my i7 to 100% cpu use. The decline happened
| within a month of a win10 update back in Aug/Sept.
|
| A couple of MS support tickets and a windows reinstall later, I
| finally gave up had to do a complete fresh PC install to fix.
|
| No issues since but i still get the occasional 100% cpu clock.
|
| Ive also turned on windows10 selective update download.
| rkagerer wrote:
| _I went from perfect system health, progressively ... it got
| so bad ... decline happened ... I finally gave up had to do a
| complete fresh PC install to fix_
|
| Sounds like every Windows since 3.1. Instead of telemetry I
| wish they'd focus on making an OS that stays robust and
| performant indefinitely.
| Shadonototra wrote:
| Beautiful app, lightweight, and great UX, straight to the point
|
| An example to follow
| GordonS wrote:
| Microsoft has faced so much criticism for their approach to
| telemetry - I don't really understand why they don't at least
| provide the _option_ to opt out of all telemetry.
|
| If they left it enabled by default, but provided an _option_ to
| opt-out, realistically only a small segment of users would do so,
| and most of them would likely be power users who are already
| taking other steps to try to prevent telemetry being collected
| and /or sent. So they'd take an insignificant hit to telemetry,
| but would gain a _lot_ in goodwill.
|
| Any reason not to do this?
| [deleted]
| 0xFreebie wrote:
| Because they are pivoting to being an ad company like Google.
| dannyw wrote:
| Telemetry isn't just a tool for product managers, but it's also
| a goldmine for national security agencies (more than just the
| NSA; Bing is unblocked in China for a reason).
|
| Anti-government meme made with GIMP at a specific timestamp?
| One search through the telemetry logs to find who exported a
| file at that exact moment.
|
| Any data collection is also government surveillance unless
| proven otherwise.
| matthewfcarlson wrote:
| Microsoft provides a tool that allows you to see all
| telemetry that's captured
|
| https://blogs.windows.com/windowsexperience/2018/01/24/micro.
| ..
|
| I don't work for microsoft anymore but I laugh at these sorts
| of suggestions. I don't know much about bing but I do know a
| decent bit about the telemetry pipeline and the idea of an
| anti government meme detection is ludicrous at best.
| Dylan16807 wrote:
| > the idea of an anti government meme detection
|
| That's a fun strawman you made, but the actual idea in the
| post was that telemetry might note when different programs
| do events like save.
| [deleted]
| jeffbee wrote:
| Imagine believing that Windows telemetry contains such data.
| jgod wrote:
| Imagine not knowing about The Coalition for Content
| Provenance and Authenticity https://c2pa.org/
| jmnicolas wrote:
| Imagine trusting Microsoft.
| PaulKeeble wrote:
| GDPR requires the opposite, data collection has to be opt in. I
| don't really see why the telemetry they capture doesn't count
| as peoples personal data honestly, it should given how much
| behavior information is available from it.
| matthewfcarlson wrote:
| I believe it's only opt in when it contains user identifying
| information. Information on did a feature work or not and how
| long search indexing took isn't particularly sensitive once
| you strip off any device identifiers.
| arriu wrote:
| But... You've just described how fingerprinting on the web
| works. How is this not uniquely identifying information?
| keyle wrote:
| The simple fact that this even has to exist is hilarious.
| OrvalWintermute wrote:
| I agree, but in part, it is how the Windows business model has
| changed.
|
| Older versions of Windows were the product, and the customer
| was the end user
|
| With New versions of consumer Windows, user data is the
| product, companies and advertisers are the customer, and end
| users are the data source.
|
| Commercial/Server versions of Windows not so much.
| kukx wrote:
| I wonder how long they will stay a "Gold Microsoft Partner" after
| this.
| ChoGGi wrote:
| Quite awhile; I'd imagine. It's not a new tool.
| cricalix wrote:
| It's existed for several years now, so apparently at least
| several years.
| vetinari wrote:
| Probably as long as they pay the golden partner fee (some 3800
| eur/year).
| k4rli wrote:
| This is not a new tool. Has existed for years.
| temac wrote:
| Iirc this software exist since the release of windows 10, or
| maybe shortly after, so I guess they can stay "gold partner"
| forever. There is probably nothing in that program attempting
| to prevent them to release that kind of software, and MS is not
| Apple...
| WithinReason wrote:
| O&O ShutUp10++
|
| "Gold Microsoft Partner"
| nix23 wrote:
| Gold competency:
|
| To attain a competency, partner must: Pass
| required exams and skill validation. Meet performance
| requirements. Pay the annual fee.
|
| $4,730
| TLLtchvL8KZ wrote:
| I prefer https://privacy.sexy/ - it generates a script that I can
| read/edit.
| chaz72 wrote:
| This is great!
| https://github.com/undergroundwires/privacy.sexy/tree/master...
| looks like the raw data (yaml) for all these commands,
| including commands for macOS. With that, it's at least
| plausible to audit these commands.
|
| I probably still won't trust it on a critical system without a
| reputable audit though, I think I'd still prefer to either
| trust Microsoft or Apple or go run OpenBSD or Linux instead.
| TedDoesntTalk wrote:
| What O&O stand for?
| MauranKilom wrote:
| > O&O Software GmbH was established in 1997 in Berlin, Germany
| by Oliver Falkenthal and Olaf Kehrer. The idea for the name
| "O&O" originated back in 1991 in the form of O&O Systemtechnik
| GbR, a company offering software specifically for students
| whilst the two founders were still studying. The name "O&O"
| came about spontaneously, as both founders first names begin
| with the letter "O". In 1998, on the 10th February to be exact,
| O&O Defrag V1.0 was released, and the company that you see
| today was born.
|
| https://www.oo-software.com/en/company
| uo21tp5hoyg wrote:
| > The name "O&O" came about spontaneously, as both founders
| first names begin with the letter "O".
| Wurstmann wrote:
| I'd rather use group policies to disable telemetry etc.
| glenneroo wrote:
| Congratulations professional Windows administrator. You are
| definitely not their target audience. And using group policies
| to disable the 100 different things this tool disables would be
| a ton of work... and I'm not even sure you can disable
| everything this tool does via group policies?
| GekkePrutser wrote:
| > I'm not even sure you can disable everything this tool does
| via group policies?
|
| Apparently you cannot:
|
| > On May 2017 a security researcher named Mark Burnett
| demonstrated that disabling the default data collection
| toggles, found in Windows 10's settings app, are entirely
| useless. Furthermore he showed that even through using
| intensive group policy modifications, in a process heavily
| scrutinized and iterated upon over several days, he was not
| able to prevent Windows 10 from sending critical, personally
| identifiable information with certainty.
|
| From: https://wiki.ameliorated.info/doku.php?id=faq
|
| In my last job I had contact with Microsoft and I approached
| them about datamining issues several times. I noticed they
| simply don't understand the concerns at all. Microsoft is
| becoming a highly 'data driven' company and every time I
| approached them about data gathering the response was along
| the lines of "Oh but we only use this for improving your
| performance / our products / whatever". They think it matters
| what the purpose is, they don't understand (or they don't
| want to!) that some people are against telemetry whatever the
| reason.
|
| Our own company is thinking along similar lines, with the
| exception of the German parts of the business, for whom we
| had to make some exceptions. I'm not German but I'm heavily
| aligned with their thinking on this.
| rhexs wrote:
| The O&O team needs to post more pictures of Frida. Great tool,
| first download on every Windows install for years.
| gizmodo59 wrote:
| Off topic:
|
| Unfortunately I can only use windows 10/11 as AMD has no driver
| for RAID on Linux. https://www.amd.com/en/support/chipsets/amd-
| socket-strx4/trx...
|
| Using Asus hyper with 4 nvme drives on RAID. Anyone else in this
| situation?
| switch007 wrote:
| Does it do a kind of raid that Linux software raid doesn't
| support?
| nix23 wrote:
| You don't need a raid-driver for linux:
|
| https://raid.wiki.kernel.org/index.php/RAID_setup
|
| That AMD-"raid" is Software too..the same as linux.
|
| ~pure Hardware raid's never need drivers, because you tell the
| hardware (raid controller) to present the hard-disks as one (or
| whatever you want) device to the Operating-system. Some
| management tools are sometimes used (start raid scrubbing etc).
|
| BTW: Don't use Raid5 if you don't have a UPS (if you use
| software raid), or a battery buffered write-cache (hardware
| raid) aka write-hole:
|
| https://serverfault.com/questions/844791/write-hole-which-ra...
| sentai77 wrote:
| I...o.o.o..o.
| p1peridine wrote:
| > Free _antispy_ tool for Windows 10 and 11
|
| > Gold Microsoft Partner
|
| Why would MS partner with a company that makes software to
| "bypass" their spyware?
|
| Why would O&O partner with a company that has spyware in the OS,
| then proudly display the Gold MS partner badge on the same page?
|
| Why is the source code obfuscated?
|
| Think about it.
| ro_bit wrote:
| The company makes more than just that tool, and particularly
| makes other W10 apps. The company itself is a gold partner,
| which, as nix23 posted -
|
| Gold competency: To attain a competency, partner must:
| Pass required exams and skill validation. Meet
| performance requirements. Pay the annual fee.
|
| $4,730
|
| It seems less malevolent in that light
| tumblewit wrote:
| Its funny how Windows and Android, the two most widely used
| operating systems, are a privacy nightmare and basically spyware
| at this point. Remember you can install tools and ROMs that are
| privacy focussed but also realise only a minor percentage of the
| users bother or are aware of these.
|
| I wonder what the sales pitch would be to sell privacy focussed
| products to the average Joe.
| Fnoord wrote:
| I don't think it is funny, nor coincidence. A lot of people are
| poor and have to sell themselves out with privacy. They cannot
| afford a premium brand like Apple.
| yyyk wrote:
| Apple isn't any better - Apple gets the hash of every program
| you run on a Mac.
| tibbetts wrote:
| I think Apple has (with varying success) been making that pitch
| for several years.
| ekianjo wrote:
| There's no privacy on Apple with a closed source ecosystem
| and all the iCloud connectivity syncing your every move.
| reayn wrote:
| The "closed source ecosystem" is not nearly as restrictive
| as people make it out to be and is something that you
| willingly sign up for when buying apple products.
|
| Not sure where you got the idea of "icloud syncing your
| every move" but literally every icloud implementation can
| be disabled at your discretion.
|
| I for one only have my reminders, wallet, calendar and
| drive synced.
|
| Even with that said, none of this implies a lack of privacy
| in any way.
| spacebear wrote:
| Your every move is quite literally transmitted to Apple.
| That's how Find My works.
| d3nj4l wrote:
| Find My data is end to end encrypted.
| reayn wrote:
| Find my can be disabled...
|
| And it's sole purpose is to help people find their
| devices, it's saved many people i know from a very large
| catastrophe.
| mavhc wrote:
| "the researchers' iPhone transmitted more kinds of data,
| including device location, the device's local Internet
| Protocol (IP) address and the Wi-Fi network identifiers --
| the MAC addresses -- of other devices on the local network,
| including home Wi-Fi routers."
| judge2020 wrote:
| Both of these are the cheaper option in their respective
| market. iOS and macOS are expensive because the hardware is
| expensive (as in, the hardware in part pays for the development
| of the software), and Linux is expensive in that it's almost
| always more time-consuming to set up since it doesn't have
| Windows' first-class driver, hardware, and software support.
| gizmodo59 wrote:
| Not sure why macOS (M1) is expensive here. For the
| hardware/performance/software you get it's not really
| expensive if you compare the alternatives like surface or any
| of the intel based laptops. Sure, you can get a cheap laptop
| for under 500$ but that won't last long either.
| netr0ute wrote:
| > since it doesn't have Windows' first-class driver,
| hardware, and software support.
|
| Ironically, Linux sometimes has better driver and software
| support for specialized things like Thunderbolt ethernet
| adapters, or software if it was written for MacOS but later
| adapted to Linux because of their similarity within the scope
| of POSIX. And, because Windows can't run 16-bit software on
| 64-bit CPUs at all, Linux has the total advantage here
| because WINE works with 16-bit as well.
| bravetraveler wrote:
| Agreed! Just wanted to pile on, the driver thing is a bit
| hit/miss.
|
| Broadcom/Realtek (sometimes)? Good luck.
| Intel/AMD/Aquantia? Probably good to go.
|
| There are vendors that give Linux first-class support; buy
| them.
|
| edit: Realtek is a little hard to pinpoint, they tend to
| have drivers... but fairly buggy.
|
| I have to replace the r8169 module or something similar
| with r8125 for my (onboard) networking to work under
| _stress_. If I push too much bandwidth, it 'll just drop.
| 2Gkashmiri wrote:
| come on. i use an old dell latitude e7440 which i run kde
| neon on. takes 15 minutes to get installed and i can get
| surfing in 16. No nonsense, no nothing. i assume newer
| devices would be better but "time consuming to set up" is
| something i have not seen in the last 3-5 years of my using
| 100% exclusively linux devices.
| squizzel wrote:
| Can you throw out some example tools and ROMs?
| entropie wrote:
| I used that a few years ago and liked it:
| https://www.lineageos.org/
| squareof wrote:
| One can even take it a step further and use microg.org to
| get lineagos with optional google services. Has worked
| great for me last year or so.
| nazgulsenpai wrote:
| Seconding this. LineageOS with microG has been great,
| combined with Aurora Store's anonymous Play Store for the
| singular app I require that doesn't have an FOSS
| alternative.
| dominojab wrote:
| the main problem nowadays is Google Services SafetyNet,
| you cant get banking , and other apps working. they want
| security in exchange for freedom.
| tyrfing wrote:
| Simplewall for Windows:
| https://www.henrypp.org/product/simplewall
| spicybright wrote:
| How does this compare to TronScript?
|
| https://www.reddit.com/r/TronScript/
|
| https://github.com/bmrf/tron/blob/master/README.md#use
| xeromal wrote:
| The people who normally get spyware can't operate it.
| LeoPanthera wrote:
| TronScript is hugely overkill. It makes changes that the vast
| majority of Windows users, even privacy conscious ones, would
| not want.
|
| I dread to think how many well-meaning sons and daughters have
| run it on their parents and relatives PCs and then left,
| leaving behind a system that is now a nightmare to use.
|
| Also, it takes _literally hours_ to run. I mean, what the hell?
| ShutUp10 is done in seconds.
| zwaps wrote:
| Lovely how on mobile, the reddit page is blocked: you need the
| app to access it.
| shmde wrote:
| https://i.reddit.com/r/TronScript/
|
| Or
|
| https://old.reddit.com/r/TronScript/
|
| If you have trouble opening any reddit website on mobile
| change "www" with just the letter 'i' or 'old'.
|
| Once they don't allow these workarounds I am leaving reddit
| for good.
| spicybright wrote:
| Seriously though. I have old reddit UI always on by default
| and forget to keep adding the "old" prefix when posting
| links, so apologies.
|
| I will leave reddit too if they remove the old version.
| lvass wrote:
| Or
|
| https://libredd.it/r/TronScript/
| makeworld wrote:
| Or more lightweight: https://teddit.net/r/TronScript
| benbristow wrote:
| It has a GUI
| schleck8 wrote:
| Can someone explain these two decisions for me?
|
| >DO NOT DOWNLOAD TRON FROM GITHUB, IT WILL NOT WORK!! YOU NEED
| THE ENTIRE PACKAGE FROM r/TronScript
|
| > Download Tron. The download links are in the top post in
| /r/TronScript. If you download the self-extracting .exe file,
| run it and it will extract tron.bat and the \resources folder
| to the current directory. Copy both of them to the Desktop of
| the target
|
| Why package a BAT file with an EXE? Even if it has to be
| distributed in a container, why not a simple ZIP?
|
| And the subreddit literally has a thread with a table that
| contains download links and a torrent, why would you not
| include that in the readme?
| christophilus wrote:
| Fedora is my preferred solution to this problem.
| npteljes wrote:
| I agree. The winning move is not to play. To fiddle with
| Windows' privacy settings, and expecting them to respect the
| users privacy, is like asking an abusive partner nicely to not
| be abusive. Promises will always be broken, and in new and
| unexpected situations, the partner will act on their character,
| not on their promises. And Microsoft has a documented history
| of this behavior.
| marderfarker2 wrote:
| https://ameliorated.info/ works too
| concinds wrote:
| This reminds me of the old "Windows XP Service Pack 4", or
| Windows 7 Minimalist ISOs that were going around. Generally,
| even the _idea_ of using an OS downloaded from a random site
| (big Linux distributions excepted) is a security nightmare:
| you 're trusting random, anonymous people not to put malware
| deep enough into the OS image where it won't easily be found.
| See XcodeGhost that got caught way after the fact.
|
| Same exact reason people should strongly consider staying
| away from LineageOS builds and other such things, where the
| dev team of half a dozen non-vetted anonymous forum users is
| responsible for everything running on your phone. The "open-
| source means security because code gets vetted" argument only
| applies to big projects like Chromium, where hundreds of
| major corporations with world-class software engineers
| review, and contribute to the source code. Not to Lineage,
| where every phone model has its own build and dev team, and
| each build gets used by maybe a few hundred or thousand
| people, and reviewed by practically nobody. If there was one
| single Lineage build for all phones, I'd feel much more
| comfortable with it.
|
| Though I have zero reason to distrust the Ameliorated folks,
| you generally never want to mess with software (especially
| OSes) downloaded from anyone other than the official vendor.
| The risk of using this is much higher than running
| proprietary ShutUp10, which is already non-zero since it's
| proprietary.
| sodality2 wrote:
| With Windows Update removed, and no way to patch the system
| without a full reinstall, I would not use ameliorated.info in
| any important capacity. The complete unability to patch zero-
| days makes it very unattractive. They recommend to just take
| admin privs from the default user. If you're this serious
| about privacy, use Linux. If you NEED Windows for a program,
| use a VM and nothing else. If you NEED Windows as your daily-
| driver... then you shouldn't be risking your daily driver
| with this. The ONLY update you can apply is simply to just
| reinstall the operating system. I do appreciate this kind of
| stripped-down build procedure, but fail to see a good-enough
| use case.
|
| > Furthermore, as touched upon on the main page, 94% of
| critical Windows 10 vulnerabilities can be mitigated by
| revoking administrator privileges from the default user.
| judge2020 wrote:
| I'd just like to touch upon that 94% figure. It's from this
| source[0], which actually says:
|
| > Of these critical vulnerabilities, 94% were found to be
| mitigated by removing admin rights, up from 85% reported
| last year.
|
| It's a very fine line, but they're mitigated by _not
| running stuff as admin_ , not just removing admin rights
| from the main user's account. With Ameliorated, people will
| still want to set up software as admin and install to
| Program Files, so if they take the advice from the FAQ,
| they might think they're fine just having a separate Admin
| account they use for UAC pop-ups to install the programs,
| while leaving their main as a standard user, which is
| indeed not going to solve any zero-days compared to users
| just being able to click 'yes' at UAC.
|
| 0: https://web.archive.org/web/20170310043706/https://www.a
| vect...
| m0guz wrote:
| I don't trust these tools as any Windows Update can override the
| setting, or Microsoft can add a new "feature" and continue
| collecting telemetry data from that. For example; Disk Space
| Cleanup (cleanmgr.exe) tool has been trying to connect to
| internet since last year's Windows 20H2 updates. I use Binisoft's
| Windows Firewall Control (wfc)[0], set level to Moderate and
| check logs regularly. There is also simplewall tool [1] which has
| predefined Windows list to block.
|
| [0] binisoft.org/wfc
|
| [1] https://github.com/henrypp/simplewall
| squarefoot wrote:
| Agreed. I would use them to avoid ads and annoyances, but
| Windows, as a closed system, to me remains untrustworthy. I'd
| never ever use it for banking, communications or store personal
| data. But if I'm using music software or games, those utilities
| would make the experience less annoying.
| dartharva wrote:
| A lot of recommendations here, but it's surprising no one has
| suggested Sophia Script yet:
|
| https://github.com/farag2/Sophia-Script-for-Windows
|
| IMO the best and most holistic solution for debloating and de-
| botnetting Windows.
| npteljes wrote:
| Very nice that I turn off everything I want one time, but what
| about the next update that will randomly toggle some settings
| back? How about new settings for new features that are added?
|
| I think it's foolish to go use software like this, and expect
| some privacy to happen. Windows and its user are just not on the
| same page.
|
| What refreshed my hope in IT is the FOSS ecosystem. Where
| software is passively uncaring about me, the user, instead of
| working actively against me, which is the case in most of
| proprietary stuff nowadays.
| mcbishop wrote:
| For some of us (me), tools like this are the difference between
| no privacy oversight and some oversight. I aspire to be a
| privacy-aware person rocking Linux, but in the meantime...
| npteljes wrote:
| I appreciate this aspect of the ShutUp10. By its existence
| and popularity, it spreads the message that there is such a
| thing as privacy, and that it's important.
| stinos wrote:
| _what about the next update that will randomly toggle some
| settings back?_
|
| Well, you run the tool again. It even tells you to do that
| after making changes.
| npteljes wrote:
| I acted like this for a long time, and my trust remained
| broken.
| nvr219 wrote:
| Then perhaps this tool and this operating system are not
| for you... Windows is good for some things, privacy ain't
| one of them, and you need to either live with it, work hard
| to protect your privacy within it, or leave it.
| estaseuropano wrote:
| Great, this is the most constructive answer. Eternal
| useless pessimism instead of at least trying simple steps
| to solve the issue.
|
| Great credit to the authors of the tool. I used it many
| times when I was stuck with windows - and I'm grateful that
| they did all the work to make it.
| npteljes wrote:
| I'm quite a pessimist otherwise, but I don't think my
| comment really reflects that. I just reported that as a
| human being, I'm tired of, and fed up with fighting a
| system that disrespects me, belittles me, overrides my
| decisions.
|
| For the longest time I felt that I have the upper hand.
| That I could install a software for my every need, limit
| this, change that, bend the whole system to my will. But
| the realization grew on me, that me and the system are
| wanting two very different things. And whatever I do, I
| won't win. At most, we can be engaged in a cat-and-mouse
| game, as long as I'm up for fighting for it. If I'm not,
| then my cause is lost.
|
| With this realization, I felt betrayed by the entity I
| otherwise liked very much. And this is the feeling I
| wanted to convey with my previous comment.
| spockz wrote:
| I read it like GP lost faith because the settings were
| turned on so frequently. Not because the tools don't
| work.
| KronisLV wrote:
| I think it's a pretty good idea to automate this sort of
| software and schedule it to run whenever the OS restarts,
| or at the same time every day (or multiple times,
| depending on usage patterns).
|
| I don't think it's possible to (easily) figure out when
| to run something right after the updates change any
| settings, but it's a good idea to automate away manual
| work as much as possible!
|
| The person that you're replying to certainly has a point
| about having to run the tool manually being a hassle.
| Sadly, at the moment there are also no ways to automate
| running the tool (that i know of), since it's GUI only,
| as opposed to offering CLI functionality or silent launch
| options.
| mejutoco wrote:
| I did not take the comment in the same light. I think it
| is great that people are creating such software. Seems
| useful for many users.
|
| But looking at the broader context npteljes has a point.
|
| Why fight an insecure tool (let's say Windows is insecure
| for the sake of the argument, I do not have a strong
| opinion about it) then patch the security on top. Surely
| the obvious choice is to stop using the insecure tool.
|
| Sometimes people want a technical answer, when the answer
| is to do the obvious. I don't think that is pessimism.
| Forbo wrote:
| The most constructive answer is to stop
| using/supporting/supplying demand for software that
| doesn't respect the user. Rather than people trying to
| remove the same warts over and over, progress could be
| made on a more permanent solution; namely, identifying
| gaps in the open source ecosystem where the only current
| solutions are proprietary.
| andrepd wrote:
| But I have already solved the issue: I stopped using
| Windows.
| [deleted]
| stinos wrote:
| Assuming you mean trust in MS in general and not in what
| the OS does: broken trust isn't easy to fix, and this tool
| indeed doesn't do much in that regard, but it does fix some
| of the things which lead to the broken trust i.e. what the
| OS is doing.
| devwastaken wrote:
| Historically tools like these were broken by windows updates
| and could not keep up with Microsoft's violent efforts in
| breaking them. You can't even turn off windows defender in the
| registry anymore, which is the sole reason windows performs
| terribly on low end devices. It sends the CPU and 5400rpm disk
| to 100% use all the time.
|
| Windows is a threat to national security and Microsoft must be
| sanctioned. Business if they wish to avoid crypto lockers and
| actually care about "cyber security" will drop windows in favor
| of Mac/Linux.
| neogodless wrote:
| Interesting.
|
| My friend just put Windows 11 on his (original) Surface Go
| (Pentium Gold 4415Y, 8GB RAM, 128GB), and he cannot stop
| raving about how fast it is. He said he was considering
| putting Linux on it, but he isn't feeling the need to now. To
| be sure, that's not a 5400rpm desk, though, yeah, I haven't
| had to suffer through one of those in over a decade!
| devwastaken wrote:
| It will be slow in the coming months. Windows has very fast
| UI response on fresh installs and degrades over time. It's
| really not an achievement to have responsive UI in 2021,
| Microsoft just hires the bottom of the barrel and bases
| everything on group studies, which yields the worst
| outcomes.
| npteljes wrote:
| I agree. Windows is malware. Its good or bad bits are
| irrelevant, it's perfectly usable as an OS, but in the
| meantime it's loaded with malicious intent and its business
| advantage is ruthlessly exploited at every turn. So I don't
| think that the tool itself is that much useful either. It's
| good popularity for their creators, that's for sure, who very
| successfully jumped on the Win10 telemetry paranoia
| bandwagon.
|
| And who I think should change to Linux or BSD is not just
| business, it's governments especially. How they enable an
| auto-updating system of another superpower is beyond me.
| teawrecks wrote:
| Installed manjaro Linux as a dual boot. Loving it.
| jakobdabo wrote:
| I have to use Windows once in a while (circumstances).
|
| Best way to forget about the existence of spyware (aka
| telemetry) that I found is to not connect a Windows box
| directly to internet. I configured my router to give it a
| gateway and DNS IPs which don't exist in the network. Eat that,
| Microsoft. And I can still connect to internet by manually
| setting a SOCKSv5a proxy to the router in Firefox and other
| software that I trust (make sure there is no automatic proxy
| discovery mechanism in the router).
| qwertox wrote:
| Wow! Thank you for that tip. Block the machine's internet
| access with a firewall but connect the browsers over a SOCKS
| proxy.
|
| I mean, I do have a couple of containers up and running on a
| Raspberry Pi offering nothing but intranet SSH services while
| the containers are connected via OpenVPN to differnt VPN
| servers, so that I can use different browsers which connect
| via SOCKS each to one container in order to have one browser
| per country on one machine.
|
| It never occurred to me that I can use this same technique
| (but without OpenVPN) in order to disallow that machine to
| connect to the internet but still have a working browser...
| Jenk wrote:
| Since the 21H1 update you might start noticing connection
| drops since a new wlan autoconfig feature has been added: if
| windows can't ping home reliably, it will restart your nic.
|
| Yep.
| mdiesel wrote:
| Link please? I run Windows for work, which includes
| connecting to industrial networks with no Internet
| connectivity. If this happens, it's going to be a
| nightmare.
| keewee7 wrote:
| I don't think the reason for this is malicious. Back in
| 2012-2018 many Windows laptops belonging to friends and
| relatives had frequent WiFi issues. The only reliable way
| to fix the issue was to restart the NIC.
| dataflow wrote:
| Damn, that's hostility on another level. Do you have a link
| to more reading on this?
| sydney6 wrote:
| RedHat's NetworkManager already does something pretty
| similar [1].
|
| [1] https://wiki.archlinux.org/title/NetworkManager#Checkin
| g_con...
| nazgulsenpai wrote:
| > `Disable advertisements via Bluetooth`
|
| A screenshot of the application on the website shows this option.
| I don't understand; are advertisements via Bluetooth some kind of
| Windows functionality and how does it work?
| schleck8 wrote:
| Windows has a P2P update distribution feature so I would not be
| surprised
| lini wrote:
| Perhaps they mean BT Beacon advertising? A small BT device can
| broadcast a notification to other BT devices nearby. It is used
| in some places for marketing.
| ThatCaio wrote:
| Advertising as in broadcasting, not as in marketing.
|
| Some Bluetooth LE devices use advertising as a way to
| constantly send out payloads without a direct receiver.
| Saris wrote:
| BLE Beacons, they send your device ID a couple times a second
| as a broadcast.
| dmos62 wrote:
| It still amazes me how prevalent closed-source is on Windows.
| Even hacker-oriented, non-commercial things are closed-source.
| larodi wrote:
| everything is closed source, apart from the building blocks
| that comprise it. all clouds are closed source, most of the
| finance is closed source, MacOS is closed source, iOS - too.
| games - closed source, critical infrastructure - closed.
|
| okay...let's think. lets take for example postgresql. all right
| is opensource, we all love it. but how some company uses it -
| well this is not open source. only few businesses dare to be
| open source and typically open the non-critical parts.
|
| why so much pressure on MS?
|
| the idea that the world is embracing opensource is absolutely
| disconnected with the reality ever since the idea of open
| source came to existence.
|
| once again - even when the building are open source, the way
| they are tied together is usually not. and their usage in
| business systems - also not open source. period.
|
| there is fair chance, that whoever is reading this comment
| works is paid by a company that is using open source, but is
| not open sourcing.
| marcodiego wrote:
| Me too. I think the "windows way" get into the mindset of its
| users.
___________________________________________________________________
(page generated 2021-10-09 23:00 UTC)