Posted on Mar 20, 2017 by Caleb Chen

Microsoft Windows 10 has a keylogger enabled by default – here’s how to disable it


windows 10 keylogger

Many Windows 10 users are unknowingly sending the contents of every keystroke they make to Microsoft due to an enabled-by-default keylogger. This function has been around since the beginning of Windows 10, and is a prime example of why you should never go through the default install process on any Operating System. Windows 10 privacy has been a hot button issue since its release years ago. The French government even issued a warning to Microsoft last year, telling them to:

Stop collecting excessive data and tracking browsing by users without their consent.

It seems Microsoft only paid attention to the latter half of that warning. While many Windows 10 users may have technically given their consent, most – when informed that this has happened – will want to disable the Windows 10 keylogger ASAP.

How to disable Microsoft keylogger in Windows 10

According to Microsoft FAQ, to disallow Microsoft, and who knows what other entities, from using “your typing and handwriting info to improve typing and writing services”:

1. Go to Start, then select Settings > Privacy > General.
2. Turn off Send Microsoft info about how I write to help us improve typing and writing in the future.

If this was ever on while you used Windows 10, there’s no way for you to know that Microsoft has deleted your information. They promise to disassociate their copy of your keystroke history from your identity, but the info is still out there in their hands and, again, pointedly was not initially anonymized.

More detailed instructions are available here.

Microsoft Windows 10 and Windows 7 still vulnerable to Event Tracing (Windows) ETW keyloggers

Last year, at Ruxcon, the CyberPoint Security Research Team unveiled a Proof of Concept that demonstrated using ETW to keylog USB keyboards. The “good” news is that this technique wouldn’t work on most Windows laptops as their keyboards are usually connected via PS2 instead of USB. However, there is no way to turn off ETW because it is crucial to Windows functionality and this is still an active way that a malicious actor could log your keystrokes.

Keyloggers are a very real privacy and security threat. If you must use Windows 10, make sure to disable the default enabled Microsoft keylogger, but be aware that Microsoft has other holes that make keystroke logging possible still.

About Caleb Chen

Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization. Caleb holds a Master’s in Digital Currency from the University of Nicosia as well as a Bachelor’s from the University of Virginia. He feels that the world is moving towards a better tomorrow, bit by bit by Bitcoin.


VPN Service

Leave a Reply to Tim Onstad Cancel reply

Your email address will not be published. Required fields are marked *

119 Comments

  1. boblq

    May I request to see Bill Gates key log? WTF, Where do these guys get off?

    9 months ago
    Reply
    1. Jon

      When you move into a position whereby you have to convince Bill Gates to use your product over Google, Apple, etc. then YES, you can implement a system that allows you to do that better.

      Exaggeration (from both of us) aside, if it is ever discovered that Microsoft is using the information in as nefarious a manner as Google is using IT’S data collection, then I will match you in outrage against Microsoft.

      9 months ago
      Reply
    2. Hellscreamgold

      turn in your Android phone, iphone, Google, and Firefox browser too – likely many other things that collect the same data.

      Don’t become a sheeple listening to FUD

      9 months ago
      Reply
      1. Kenneth

        The issue here is that this type of data collection (keyloggers, location, etc) is turned on by default. At least Android and Firefox (the two I use on a daily basis) do not have this kind of data collection turned on by default.

        9 months ago
        Reply
      2. antimon555

        FUD saves lives.

        9 months ago
        Reply
    3. Braheem Hazeem III

      Sure, but you won’t get anything since he hasn’t worked at MS for years, if you are gonna be mad at MS try to at least know who runs the company.

      9 months ago
      Reply
  2. disqus_em5YfkbWdk

    Google’s Chrome browser (and Firefox and Safari) has a similar option enabled by default as well, but no article trying to shame them for it? iOS and Android devices do it too, yet everyone acts like Microsoft is the only big bad wolf in the entire forest.

    9 months ago
    Reply
    1. Tyler Swindell

      Exactly, it’s built right into Gboard. Dumb news article…

      9 months ago
      Reply
    2. Jon

      Not only does Google do the same thing, but they SELL the profile they create about you to advertisers.
      At least Microsoft is using the info as a means to improve the user’s life, not their own wallets.

      9 months ago
      Reply
      1. Elrigh

        Oh, poor little Microsoft-Fan.
        One of the next Windows 10 Updates will include personalized Ads IN the Explorer.

        9 months ago
        Reply
        1. Hellscreamgold

          Oh, poor little liberal…

          And there will be a way to turn them off. And?

          That’s like saying that a browser includes ways for ads to be displayed in the browser….

          Give us a break.

          9 months ago
          Reply
          1. xeromage

            How does not wanting your OS to spy on you and feed you ads mark you as a liberal? Do you just use that as a general insult? Seems like being conservative with your personal privacy would be a thing we would all agree on, regardless of political leanings…

            9 months ago
          2. Animus

            Don’t buy the OS that “spies” on you then. Or use a cracked version (like every sane person does) that will not be able for microsoft to spy on you with.

            9 months ago
          3. AziD

            You do realize that there is NONE differences in a legit and pirated windows else than how the os is handling the key?. A “cracked” windows is just fooled by a emulated windows registration server locally. ANYTHING else is the same and you can disable any geo and telemetry (and other things) easy. A pletora of tools is also aviable with a simple google search to disable what is unseen in the menus.

            5 months ago
          4. Blademagic

            If you bought a brand new calculator, and found out that when looking for specific functions, you get an ad for the calculator company to buy another calculator, wouldn’t you be pissed? I don’t care about ads on YouTube videos or websites because I can choose not to use those sites and they are generally free. However, I *bought* my computer and the OS that came with it, and I sure as hell don’t want advertising coming at me from something that I bought. You can say something like, “oh, well you bought your TV, and you still get ads on those” (not implying that you actually said these words, just an example), but it’s not the TV that is giving me the ads, it’s the channels that are giving me ads. I can choose not to have TV channels if I decide to only watch stuff like DVD’s or something, and I would never get an ad. However, with the new Windows update, they place ads in your explorer, meaning that, even if you’re not doing anything except for moving files around, you may be shown an ad. That just doesn’t make sense.

            9 months ago
          5. Mr. D

            Yup. Also every softwares that I know use the word ‘license’. This means, unlike hardwares, these softwares aren’t sold to us, they didn’t become ours, we paid in order to be allowed to use them. The softwares still belong to the company, so they can do anything they want. If you dislike it, then you don’t use it.

            9 months ago
          6. Trond (Deplorable) Larsen

            That’s what they think

            9 months ago
          7. Animus

            >Windows
            >buy it

            Are we living in 2000? Oh wait, I forgot. People were cracking windows even back then.

            9 months ago
          8. Audrey L. Holloway

            Malware disguising as “cracks” or “keygens” was around here since the beginning of the time. Now it’s just more risky to use with the new methods of getting permanent STI (software transmitted infection) – into the BIOS or hard disk firmware.
            To everyone their risk assessment.

            9 months ago
          9. designgears

            Irrelevant, you install it and use it, therefore you agreed to the terms.

            9 months ago
          10. Baudman

            1984

            8 months ago
          11. Clive Gerada

            You may not own it, but you paid money for it. They already have the cash, taking your data and pushing you adverts is EVIL.

            9 months ago
          12. James L Hood

            Nope, you don’t get your DVD’s ad free. Nor Blu-ray. They all come with ads before the movies.

            9 months ago
          13. Clifford Chang

            They aren’t targeted at you personally though

            9 months ago
          14. Αιγέας Τσολάκογλου

            but a browser shows other people’s content that i haven’t bought and they want to make money by selling ads

            of course, I’m still free to choose which servers i accept traffic from, but i think it’s mostly fair that people say that if you want to view my content, you will pay for it by watching these ads.

            i’ve already paid for a license of windows 10 (or the manufacture of the product I bought did for me) and i want to view my own content

            would you accept ads on your fridge every time you tried to open it?

            how about ads on the pillow that you bought.

            9 months ago
          15. M3EEKS

            Liberal?
            Clearly, he is a stinkin’ Presbyterian…Those guys and their silly opinions on Operating Systems

            9 months ago
        2. bob bray

          Sad,that can be done without server side. And Windows 10 phone uses Edge not ie. Oh the phone mine uses PowerShell not explorer it’s disabled.

          9 months ago
          Reply
      2. Paulo “InstaREKT” Ødegård

        Oh no! Google sell your information! Not. If you’d actually have read their privacy statement you’d know Google AdSense is a self-owned subsidiary. They don’t sell your information, they just use it. Also, you can delete most of that data from your profile if you want. “What about the stuff that doesn’t fit under most?” That’s your username, email and other public information you gave them, stupid. Delete your Google account if you’re really that paranoid.

        9 months ago
        Reply
        1. Lost my cookies

          “They don’t sell your information, they just use it.”

          To sell ads

          9 months ago
          Reply
          1. Paulo “InstaREKT” Ødegård

            You don’t know how the world works, do you? Nothing is free and ads are Google’s biggest source of income. They partner with ad providers to give you ads based on your activity, benefiting both parties. If they didn’t do it like that, you’d have to pay to use their services. Can you imagine a Wikipedia with ads? No, because they’re a non-profit. Google, however, is not a non-profit. They have billions upon billions of gigabytes stored on their servers, do you think they’ll just be able to live off of Candy Crush purchases and music distribution?

            9 months ago
      3. Kiev

        “At least Microsoft is using the info as a means to improve the user’s life, not their own wallets”
        Another sap who thinks M$ made Windows 10 free out of the kindness of their heart.
        Thanks to their insane EULA, they can (and do) sell your information to anyone they feel like selling it to, and they sell back doors to government agencies.

        6 months ago
        Reply
    3. Reason

      Windows 10 is the operating system on your computer. It’s not your web browser. It’s not your phone.

      But you know that… don’t you.

      9 months ago
      Reply
      1. Jack07

        But you are writing more things in your browser, facebook, skype or on phone than in your OS.
        I’m not trying to defend MS, but this is just a piece of this puzzle.

        9 months ago
        Reply
        1. JustinBailey

          People are arguing that there is a huge difference between browser history and saved credit card and password information for autofill and predictive text reasons which is obviously present in your browser vs logging every single keystroke for god-only-knows-why. There is literally *no good reason* for a key logger to ever run on any device that you are using unless you just want to give away private information at some point because that is absolutely what will happen on a long enough timeline.

          9 months ago
          Reply
        2. Cherokee Nelson

          I will take a moment especially on a stressful day to extract my feelings on my journal or a quick comment to note pad or even sticky notes. I am sure that I am not the only person to utilize the “accessories” imbedded in the OS

          9 months ago
          Reply
        3. boosook

          So what? What you write in chrome is not sent to google. If you write a WhatsApp message in the web interface, for example, it is not sent to google. There’s a great difference.

          9 months ago
          Reply
          1. backbydemand

            Bet your life on that?

            9 months ago
        4. rmhartman

          You do realize that a keylogger gets everything, right?

          9 months ago
          Reply
      2. rmhartman

        Ignore this post.

        9 months ago
        Reply
      3. wylekat

        There is a Win10 phone…

        9 months ago
        Reply
      4. Animus

        >implying a phone does not have an OS
        >implying that microsoft will do more harm using a keylogger than other companies

        please…

        9 months ago
        Reply
      5. Slobodan

        But I run windows mobile 10 on my phone!

        9 months ago
        Reply
    4. Jesus Smith

      So you’re equating the browser history that I want with the blanket logging of my keystrokes on a desktop operating system?
      I also have the choice of keyboards on my Android systems.
      I don’t remember Apple or Google being convicted of criminal customer harming behavior on multiple continents.

      9 months ago
      Reply
      1. Animus

        >I don’t remember Apple or Google being convicted of criminal customer harming behavior on multiple continents.

        HAHAHAHHAHHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHH

        You are either an anti-windows fag or you rely 100% on fb news.

        9 months ago
        Reply
        1. Animusslurps

          Stop sucking microsofts dick Animus, they’re one of the most evil companies along with Apple and Google

          5 months ago
          Reply
    5. boosook

      Yeah, because sending your browser history is the same thing as sending EVERYTHING you type, in whatever application, right?

      9 months ago
      Reply
    6. Jim Carter

      You make way too much sense to get through to the chronically paranoid!

      9 months ago
      Reply
    7. James

      Rather than cop an attitude, why not just tell us the information? I happen to hate Google and their Chrome at least as much as I hate Microsoft, so I’m very open to what you seem to be saying.

      9 months ago
      Reply
    8. Tim Onstad

      Do you actually know what a KEYLOGGER is? It doesn’t sound like you do.

      It isn’t just monitoring keystrokes. That is done by the majority of software written and is done to simply assist the user in operating the software. There is no record kept of the keystrokes used in any way.

      A KEYLOGGER, records the keystrokes and allows another party to read your keystrokes any time they want to.

      I’m reasonably sure Firefox DOES NOT have a KEYLOGGER and reasonably sure that the other software you’ve mentioned don’t as well (but I’m not overly familiar with these software so I can’t say 100%).

      9 months ago
      Reply
    9. F_Delicto

      Write the article for those and I’ll turn them off, too.

      9 months ago
      Reply
  3. CYBΞRNΔUŦ

    It is NOT a keylogger, and this article is just conspiracy paranoia. There’s little evidence that the author has enough background in computer science or security to tell a keylogger from a key lime pie. What it does is collects information about your use of the product, including some text and voice input, and returns some of that data to Microsoft for use in tuning performance and improving voice recognition and spell-checking. If you want to turn it off you can, but there is no reason to believe it is doing anything nefarious. Also, if you are worried about this then there are some other things going on with your computer and on the internet that you ‘really’ don’t want to know about and you should turn off your computer immediately… and probably take it to an incinerator.

    9 months ago
    Reply
    1. Patrick

      no evidence given that is is not, whereas the microsoft quote indicates: “your typing and handwriting info to improve typing and writing services”

      9 months ago
      Reply
      1. CYBΞRNΔUŦ

        A keylogger in this sense is a program installed on a target machine to covertly record the keystrokes and mouse clicks of a user who is unaware they are being monitored. This is usually done with malicious intent to collect your account information, credit card numbers, user names, passwords, and other private data.

        This is not what they are doing. Microsoft didn’t hide the fact that they were collecting statistical data. It’s all right there in the EULA in plain English that people agreed to, and you are always free to turn it off. Also, it does not collect everything you type, just specific data.

        Do you really think Microsoft is using Windows 10 to steal everyone’s online banking passwords or credit card numbers? If this were the case we would know about it because it is not hard to monitor your outgoing packets to see what they are collecting, so every IT professional and computer nerd would be pretty pissed off and Microsoft would be taken to court.

        9 months ago
        Reply
        1. Patrick

          idea: that it is above the skill level of majority of it professionals to monitor outgoing packets to see what they are collecting

          9 months ago
          Reply
          1. CYBΞRNΔUŦ

            Yes it is… that wasn’t my point.

            9 months ago
          2. PulloGorko102

            If an I.T. professional doesn’t know how to use Wireshark or some other packet sniffer to know what packets are being sent out of the network, they probably shouldn’t be calling themselves I.T. professionals.

            9 months ago
          3. Tim Onstad

            An IT professional would know the packets are encrypted so there is no point in using Wireshark (without the encryption key). There is no way to determine what information is leaving your system.

            An IT professional would also know that to monitor the packets, you would have to use an external system to ensure that you got all the packets leaving the system (including those from a possible back-door built into the OS).

            9 months ago
          4. PulloGorko102

            We are talking about monitoring traffic from your own system going to one of Microsoft’s servers. There are two keys, a public key and a private key. The public key is known between sender and receiver (server), private key remains on your own machine….. So you do have access to your own key.

            9 months ago
          5. Tim Onstad

            In public key encryption, which is what you are talking about, both parties have access to the public key and the private key, which is used to decrypt the message, will be with Microsoft ONLY because they have to decrypt the message, it is NOT on your machine.

            Microsoft should be using asymmetric keys (different), not symmetrical keys (same) for encryption/decryption for the obvious reason that they DON’T WANT ANYONE to read the encrypted information. Someone mentioned symmetrical keys being used by Microsoft which is extremely unlikely because anyone can have access to the encrypted information and Microsoft isn’t that stupid.

            Also, not a single expert in security has read the encrypted traffic. There is not a single mention of an analysis of the information being sent to Microsoft because NO ONE has read the encrypted traffic going to Microsoft. NOT A SINGLE ONE.

            The NSA can break the encryption that Microsoft uses but they aren’t telling.

            Also, which you are probably not aware of, Microsoft is probably using double encryption where the data is encrypted on your system and then it is encrypted when it is being sent to Microsoft. That makes it a lot more difficult to view the original data.

            I have used encryption in programming and that’s what I would do. Make sure it is a lot more difficult for anyone to access the data.

            There are also other methods of ensuring the data is protected from hacking the key which are not well known, but make it a lot more difficult to know if you have actually broken the encryption.

            9 months ago
          6. PulloGorko102

            100% agree

            9 months ago
          7. James L Hood

            idea: professionals have jobs to look for just this sort of activity.
            Results: So far, have you seen any proof beyond “this is my interpretation of the EULA / lamens version printed on screen”?

            9 months ago
        2. Tim Onstad

          The only requirement for a keylogger is that it logs the keystrokes of the system it is running on.

          It doesn’t have to be hidden.

          By its very nature, recording a user’s keystrokes is malicious – its an act of spying on the user.

          9 months ago
          Reply
          1. CYBΞRNΔUŦ

            This is not what they are doing. I agree that a keylogger doesn’t have to be hidden, but it does to be used in a malicious manner, which a lot of times they are not. There are plenty of non-malicious uses for keyloggers, but this is not a keylogger, and there is no evidence that what they are doing is malicious either way.

            9 months ago
          2. Tim Onstad

            As a programmer, I just don’t understand why you think that a keylogger isn’t a keylogger.

            Its all the name. Its logs the keys. That’s all it does.

            Microsoft calls it a keylogger. The people who helped develop Windows 10 as part of the insider’s program called it a keylogger.

            Any software that logs the keys is a keylogger. By definition.

            9 months ago
          3. CYBΞRNΔUŦ

            I can do some programming as well, but I’m more on the ‘security’ side of things. Do you have any evidence that they are actually logging all of your keys? Because if you do I would love to see it… I sure haven’t found any yet.

            9 months ago
          4. Tim Onstad

            Its been reported in numerous articles that Windows 10 comes with a keylogger.

            The people who developed Windows 10 – insider preview – stated that it came with a keylogger which would be removed when Windows 10 was released – they didn’t get this information out of thin air.

            Microsoft states that it is collecting information about ‘how you write’ (ie logging your key strokes).

            This can only be done with a keylogger. Nothing else can collect your keystrokes except a keylogger.

            9 months ago
          5. CYBΞRNΔUŦ

            I no longer believe you are a programmer if you believe “collecting information about how you write” can’t be done without logging all of your keystrokes. By “programmer” do you mean you “know little bit of HTML”? Yes, I’m being a bit of an ass here, but damn dude.

            Writing an article on the internet does not make you a security expert, or even a techie. Anyone can write an article, and none of the articles I’ve seen on the subject were written by anyone I would consider an expert.

            9 months ago
          6. Tim Onstad

            What can I say? I’ve only been programming for over 20 years, but if it makes you feel better to think that I’m not, feel free.

            As a programmer or not if it makes you feel better, Windows 10 comes with a keylogger and once again Microsoft is being vague about the information it is actually collecting. We collect information about ‘how you write’. This is as vague as hell. Microsoft is being deliberately vague.

            Microsoft has a lot of lawyers. The only reason Microsoft would be vague would be to hide what it actually is doing and that is collecting keystrokes using a keylogger.

            9 months ago
          7. CYBΞRNΔUŦ

            Non of the security experts I know believe this is a keylogger, and until someone shows me a single shred of evidence that it is, which you have not done, then my position stands. Them being vague isn’t evidence.

            But seeing as though you REALLY want to believe this. Go ahead. I’m done.

            9 months ago
          8. Tim Onstad

            Obviously, you don’t know any security experts.

            9 months ago
          9. CYBΞRNΔUŦ

            ¯_(ツ)_/¯

            9 months ago
          10. Tim Onstad

            You are not going to see the evidence of it logging keys. Its a simple matter to hide a process so you never know its running and encrypt any information being collected.

            Microsoft states that it is collecting ‘how you write’, i.e. your keystrokes.

            If I was writing the software for the keylogger, I would look for keywords and only log all of the keystrokes if one of those keywords were triggered. Also I would ensure that I could remotely activate various keylogging functions.

            9 months ago
          11. CYBΞRNΔUŦ

            I see no encrypted data being sent to Microsoft. And when I do, it wont be encrypted for long… You are trying very hard to prove that it is possible, without showing any evidence that it is actually happening. And you obviously aren’t going to do that, so it’s been fun, but I’m done with this conversation.

            9 months ago
          12. CYBΞRNΔUŦ

            Sorry, I didn’t mean it was not encrypted at all. I am quite tired of this conversation that I never expected to turn into this.

            Microsoft telemetry data is encrypted using TLS v1.2 which is decrypted using session key logging and Wireshark. If you want to have a look for yourself, go ahead…

            As you will see if you analyze it yourself, about 1MB of telemetry data is being sent to Microsoft over a 12 hour period, and as the average packet size is just over 3KB, it’s clear that when you
            take into account the encryption overhead very little data is being sent
            to Microsoft.

            9 months ago
    2. Mercenary_Soldier

      @disqus_vVWP7R0Sch:disqus

      Well, the question I have for you is “Why would you actually WANT it on in the first place?” What benefit are you getting in exchange for sending information to Microsoft about what you type into your keyboard? You are getting no benefit at all, while having your privacy violated.

      And fine. So let us say that Microsoft is NOT doing anything nefarious with the data that you type into your keyboard. What about hackers? What if hackers steal the data from Microsoft servers or from the web traffic while the data is being transferred to Microsoft servers? Think of the sensitive information they would have access to. In conclusion, only a brainless idiot would keep this setting on. I take it you are a brainless idiot, correct?

      9 months ago
      Reply
      1. CYBΞRNΔUŦ

        It’s not that I ‘want’ it on or not. I don’t care. I turned it off when I installed Windows to conserve bandwidth. They are not collecting everything you type into the keyboard, and I don’t care as far as privacy is concerned because they are not collecting anything that would be useful to hackers. Collecting telemetry data is common and (for the most part) not frowned upon in the IT world, aside from some more extreme cases. I don’t keep sensitive data (or really anything) on the cloud because I don’t want it to be stolen by hackers, but no, I am not worried about them hacking into Microsoft and stealing my telemetry data.

        I would argue that all Windows users benefit because they are using the statistical data to improve Windows.

        Brainless idiot out. Have a nice day.

        9 months ago
        Reply
        1. Kranky Old Guy

          Arguing that you don’t care about privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

          9 months ago
          Reply
          1. CYBΞRNΔUŦ

            I DO care about privacy! I use both Signal and Tor. I am very careful with what I do on and offline, and I don’t put private information on social media because I don’t want the NSA, CIA, FBI, foreign powers, or other hackers to know my every detail.

            The point of my argument was that this is not a keylogger. Snowman would agree with me on that. And I never said I don’t have anything to hide… being a hacker, I have PLENTY to hide. Nice quote though.

            9 months ago
          2. Tim Onstad

            Microsoft has stated that Windows 10 has an inbuilt keylogger. This is not someone else’s opinion – it comes from Microsoft.

            The keylogger was supposed to be removed when Windows 10 was released to the public but Microsoft kept it in there which it appears from its functionality, it always intended to do.

            https://community.norton.com/en/forums/how-turn-windows-10s-keylogger-yes-it-still-has-one

            http://www.geek.com/apps/microsoft-clears-the-air-on-windows-10-keylogger-1606160/

            9 months ago
          3. CYBΞRNΔUŦ

            Show me where Microsoft called it a “keylogger” in their own words. You can’t because it is not.

            9 months ago
          4. CYBΞRNΔUŦ

            You didn’t actually read any of that, did you? Microsoft never replied to them…

            9 months ago
          5. Tim Onstad

            I did actually read it and assumed that if it wasn’t true, since it was on the Microsoft site, it would have been corrected.

            Microsoft also did not make an official response to the question of a keylogger but they did edit the original comment to make it more ‘polite’.

            The people with the insiders programs stated that Windows 10 came with a keylogger which was going to be removed when Windows 10 was released. This was from several people from the insider’s program. However, the keylogger was kept in when it was released to the public.

            Microsoft refers to ‘how you write’ being sent as telemetry – this can only be done with a keylogger.

            I’m doing a detailed search for ‘keylogger’ from Microsoft – if I find anything I’ll get back to you.

            9 months ago
          6. CYBΞRNΔUŦ

            Microsoft are not the ones that “edited for politeness”. That was the original poster.

            Once again, they have never called it a “keylogger”.

            Trust me on this, dude, you chose the wrong person to debate this with. You are wasting your time, and debating a topic you don’t fully understand with someone who very much does. I know how to use wireshark and other software to monitor, log and analyze my outgoing traffic…

            9 months ago
          7. Tim Onstad

            There is no way you can determine what information is being sent from your computer because it is being encrypted. You’ll get the packets using Wireshark but the data will be meaningless – its encrypted, you cannot read the data.

            Anyone who says they are using Wireshark to monitor the telemetry is not doing it.

            9 months ago
          8. CYBΞRNΔUŦ

            You use session key logging to get the symmetric session key used to encrypt TLS traffic to a file. You can then point Wireshark at said file and presto!

            9 months ago
          9. Tim Onstad

            That method can be used for Chrome and Firefox because they support logging the symmetric session key to a file.

            I can find no mention of the same technique can be used for Windows 10 and I seriously doubt Microsoft would allow access to the decryption key using this method.

            Some relevant links would be appreciated.

            9 months ago
        2. Tim Onstad

          You do realize that you’ve just called yourself a ‘Brainless idiot”?

          The call you made is “signing off” on your end and you identified yourself as “Brainless idiot”, i.e. “Brainless idiot is signing off”

          Just for your information:

          The Patriot Act gives the NSA the right to collect bulk data without any legal process. The Patriot Act also allows for direct connection to the tech companies so the NSA can collect data at any time. Verify this via the web.

          Microsoft has a history of sharing data with the NSA – it was the first company to volunteer its services for the data collection program called Prism which was run by the NSA. Microsoft’s slogan at the time was “Your privacy is our priority”. Verify this via the web.

          Microsoft also has a copy of the encryption key for Bitlocker for each system. SUPPOSEDLY, if you change your encryption key, then it will not be sent to Microsoft but I find this highly unlikely since Microsoft took a copy of the Bitlocker encryption key in the first place. This information can be verified on the web.

          The German head of Microsoft has made a statement that Microsoft is collecting all user browser history. Microsoft has also made a clear statement that they are collecting user browser history. You should be able to find this on the web.

          The NSA was not given the right by the Patriot Act to directly collect user information from Microsoft so that it could determine when you started ‘Candy Crush’ and how long you used it for. The NSA is collecting valuable information about user activity including browsing. The NSA doesn’t care how long your computer took to boot or if the latest update crashed your system.

          9 months ago
          Reply
          1. CYBΞRNΔUŦ

            I am not the one who originally called me a “brainless idiot”, you have heard of sarcasm, no?

            I know all about the Prism program, but it is not what we are talking about. Although I do have my own issues with that (and with similar things the CIA and FBI are doing), I was never surprised by it whatsoever. They are a spy agency… Spying is what they do, and it’s not going to go away any time soon. The more connected we become, the more information they (and foreign powers) are going to collect. And the more powerful computers become, the more effectively they will be able to make sense out of that information. And that’s true whether we like it or not.

            9 months ago
          2. Tim Onstad

            I’m glad, I was a little alarmed.

            There are degrees of information. The NSA can collect telephone call times and then infer who was talking to which person and other connections. Then there is stripping your computer for all the information they can milk which is an invasion of privacy.

            This invasion of privacy doesn’t have to be accepted because its not acceptable.

            9 months ago
      2. Rick

        This only tracks the touch-screen keyboard input and the words you enter into it to improve suggestions. You would WANT it on in the same way as you want it on your iOS or Android device when typing or not if that is your prerogative.

        9 months ago
        Reply
  4. Braheem Hazeem III

    More tinfoil hat shit, BRB gonna go jerk off in front of my Kinect and let MS watch.

    9 months ago
    Reply
  5. bitingthetable

    Good god, the author of this article knows absolutely nothing

    9 months ago
    Reply
  6. Bamasux

    Meh. I trust Microsoft more than I do the government

    9 months ago
    Reply
  7. StoneCypher

    so i turned on wireshark and i saw no evidence of my keystrokes being logged. moreover, it doesn’t make sense for keystrokes to be logged for a feature like this.

    where is your evidence, please?

    9 months ago
    Reply
    1. Tim Onstad

      The data is encrypted by Microsoft and you wouldn’t be able to see any evidence. The keystroke data would be collected as a chunk and then sent encrypted so you wouldn’t know what was being sent.

      The information about keylogging comes from Microsoft, its not someone else’s opinion. Windows 10 has an inbuilt keylogger which logs your key strokes and it can be turned off (and probably can be remotely turned back on if someone wanted to do that).

      https://community.norton.com/en/forums/how-turn-windows-10s-keylogger-yes-it-still-has-one

      http://www.geek.com/apps/microsoft-clears-the-air-on-windows-10-keylogger-1606160/

      I’m reasonably sure that Microsoft will not just record the keystrokes and no other information. What they will probably do is to collect metadata with the keystrokes such as a timestamp and the the context of the key being pressed – i.e. what web pages were open and programs that were running.

      9 months ago
      Reply
  8. PulloGorko102

    Caleb, do you know what a keylogger is? What’s your Computer science background?

    9 months ago
    Reply
    1. Tim Onstad

      A keylogger is a program that reads keystrokes and then records that information. That is all a keylogger is and the code to write a keylogger is really quite simple.

      Most programmers write software that monitors keystrokes, I’ve done it numerous times but I’ve never logged the keystrokes, ever. To log someone’s keystrokes is a malicious act whether they know about it or not.

      The information that Windows 10 has a keylogger is old news – its been reported numerous times since Windows 10 was released to the public.

      The information that Windows 10 comes with a keylogger comes from Microsoft.

      9 months ago
      Reply
    1. Чья Чьё

      corps. give a sh//t what an ordinary person thinks about or believes in. Whatever fuss you make – there is no changes at all. Money and greed – that’s all matters for ’em. It’s all about wicked competition no one wins but rich. We are already every of us part of some system here and there. So why bother give all they need all the privacy (including ragged pants left from grandma). Let ’em have it all and get chocked. Privacy is as illusionary as time machine, we all know it’s impossible to cr8 and still we keep arguing what we do with this. Make litter online as much as possible – the only way to get rid of them, heh.

      9 months ago
      Reply
  9. Daniel William Scutt

    I wanted to point out that these are glaring and obvious settings in your settings manager. If you aren’t checking these on a clean install and turning off what bothers you, you’re an idiot. This article was stupid. The author is stupid. This whole thing is stupid. If you aren’t a gamer and hate Windows so much, try a Mac or a Linux/Chrome OS install.

    9 months ago
    Reply
  10. Chris

    I mean, if Microsoft really wants to know I only use Windows 10 for video games and porn, all they had to do was ask.

    9 months ago
    Reply
  11. Francis Booth

    For the people defending Microsoft and saying Google does the same thing. I CHOOSE to allow Google to collect my information. If I didn’t want that then I would simply not use Google and switch to something else. What you people don’t realize is that you CANT switch off Windows. Yes there is Mac and Linux (which I use) but the point is this. An operating systems’ job is to allocate resources to programs THAT IS IT. The fact that Microsoft is abusing its power in the market to universally spy on every Windows user is both criminal and orwellian as it is sneaky.

    The fact that Microsoft has such an enormous lead in the OS market makes this kind of thing highly unethical since a majority of these users cannot or will not switch their OS due to one reason or the other. The fact that this is not having more opposition scares me.

    The claim of “I have nothing to hide” is not justification for allowing this to happen. You do not post your logins and passwords, you do not broadcast your social security number to the world. It’s called a right to privacy for a reason. Just because you have nothing to hide does not mean full disclosure of your activities. You may not see it but this is getting very close to Orwell’s thought crime.

    9 months ago
    Reply
  12. kgbudge

    “If you must use Windows 10,”

    then I mourn for you. I really do.

    9 months ago
    Reply
  13. Jim Carter

    Google does the same and it DOES improve anticipation of words and phrases, saving me typing and time. If privacy rules your life, go back to the 70s. Scrap the Internet and every connected device. Get a typewriter, pens, pencils, a sharpener and lots of paper and stamps. Revive that corded home phone too!

    9 months ago
    Reply
    1. H4ppytulip

      I disagree there is nothing you can do, You could use a hardware firewall. Chip now cannot be network accessed. At least as long as the firewall is not vulnerable. so its still there being a vulnerability on the PC, but it cannot be remote accessed, rendering it useless ?? Or, like putting your safe inside a safe, if u like =]

      9 months ago
      Reply
  14. Deserttrek

    turned it off long ago, didn’t know the details of what it did, looked sinister

    9 months ago
    Reply
  15. Charisse

    One very large faux pas in the article. The author mentioned “TLast year, at Ruxcon, the CyberPoint Security Research Team unveiled a Proof of Concept that demonstrated using ETW to keylog USB keyboards. The “good” news is that this technique wouldn’t work on most Windows
    laptops as their keyboards are usually connected via PS2 instead of USB.”

    Except that PS/2 (As a keyboard connection) has not been used in years. Every desktop keyboard has been USB for at least the last 5-6 years.

    9 months ago
    Reply
  16. Shark

    idi*ts.. clueless idi*ts.

    get some facts before writing an article….

    6 months ago
    Reply
  17. Kiev

    Windows 10 users are the dumbest of the dumb. They literally use a bundle of spyware for an operating system.
    And, as if that weren’t bad enough, they then have the nerve to seek out other Windows users to call them morons for not “upgrading”. They remind me of dumbf**k witch burners.

    6 months ago
    Reply
    1. Paul Snooker

      You’re the dummy if you think “They” can’t get your EVERYTHING . Once one log into the internet everything is exposed and it does NOT matter which OS you use, so give it a rest clown

      4 months ago
      Reply
  18. Civvie420

    All this data collection for advertising is crap anyways. Every time I buy something on-line, the geniuses that receive that collected data then provide it to advertisers who in turn bombard my browser with ads for the product THAT I ALREADY BOUGHT!

    5 months ago
    Reply
  19. keylover

    Look if they have been doing this and they have it’s an issue that the NSA needs to address and they need to be held accountable for their crimes but once again like under Obama nothing will happen it’s all about the money and who tells the puppets what they can and can not do

    5 months ago
    Reply
  20. TairikuOkami

    schtasks /Change /TN “MicrosoftWindowsTextServicesFrameworkMsCtfMonitor” /Disable
    schtasks /End /TN “MicrosoftWindowsTextServicesFrameworkMsCtfMonitor”

    4 months ago
    Reply
  21. Lilian Brown

    Good. Thanks for nice explanation.

    4 months ago
    Reply