You are here: Home / Why You Should NOT Upgrade to Windows 10

Why You Should NOT Upgrade to Windows 10

by Hawke Robinson last modified Jul 26, 2016 10:11 PM
With the final days of the "free upgrade" to Windows 10, a lot of people are pressuring others to upgrade, and stating that you are "dumb" of you don't upgrade. Well, if care even the least bit about privacy, then you should NOT "upgrade" to Windows 10... ever... Here is why...
Why You Should NOT Upgrade to Windows 10

Windows 10, we finally fixed everything.

Whenever anyone asks me if they should accept the Windows 10 "upgrade", my response is typical to most people asking me for technical advice, I tell them "it depends".

If you care at all about privacy, then the very simple answer is "do NOT 'upgrade' to Windows 10".

For those wanting a more nuanced response...

Regular listeners of my Tech Talk With Hawke show on KYRS, or readers of my blog, know my show topics were primarily about the impact of technology on privacy, security, and civil rights. I am a big fan of the enabling power of technology, but always trying to find the balance between functionality and security. So you know my biases regarding privacy issues. http://techtalk.hawkenterprising.com/show-archives

There are many reasons in general why Windows 10 is a terrible choice. You don't have to go to the rant sites such as http://itvision.altervista.org/why-windows-10-sucks.html, you can find plenty of testimonies from Microsoft Surface Pro users, and the rest of the population showing very large numbers of hits on your favourite web search engine. And the indicators that Windows 10  may be seriously contributing to killing the PC industry: http://www.theinquirer.net/inquirer/news/2461191/pc-sales-are-falling-faster-than-expected-and-its-all-windows-10s-fault (though of course arguments can be made there are also many other variables such as hybrid devices, stagnant PC computer-gaming industry, lack of incentive to upgrade (except for AR/VR fans), etc.)

But specifically for concerns regarding privacy, Windows 10 is quite nasty...

So, for those asking, I first ask if you care about your personal privacy (or your family, or your children, or you business, or your intellectual property, etc.).

You might be be surprised how many people respond nowadays that they don't actually really care about their privacy any more.

10 years ago far more indicated concern, but some either no longer care, or most have just given up the battle as "too much effort". For those folks, I tell them go ahead then, though letting them know they are completely exposing themselves to constant spying by Microsoft and many others, and the likely associated security holes that always presents.

For those that respond they have some concern, but are not "privacy nuts" (such as myself? :-) ), I drill down a little more, and let them know there are options to reduce the level of spying, though it can be a bit of a PITA for the truly non-techies to do so effectively, and at a cost to some functionality.

If they aren't willing to consider a real upgrade, to something like variants of Linux, BSD, etc. right now, then I recommend they decline the Windows 10 "upgrade" for now, but inform them they will either have to make a real upgrade to another OS when their current Windows 7/8 OS is no longer supported, or they will likely have to pay a fair amount of money $100+ to Microsoft for Windows 10 when they do so, since it is supposed to be the "last version of Windows", being perpetually upgraded from here onward.

For those that respond they care about privacy, but don't know how to deal with it, and have been brainwashed towards apathy by people telling them that "privacy no longer exists, so don't bother trying", but they would like things were better, rather than just complaining ineffectively about it. I help them upgrade to Linux, OpenBSD or other OSes that provide more control and privacy for their users, based on a quick use case analysis of their needs.

And for those techies, that really do care about privacy, I tell them, absolutely do NOT upgrade to Windows 10 on any of your regular systems, only those that you don't really use, and isolate those systems on your network from any other systems.

Of course for businesses, never upgrade to the "latest and greatest", unless there is an overwhelming business NEED (not want), that you must do so. Wait for things to stabilize.

In my case, I "upgraded" my Surface Pro 2 to 10 (had many problems, well publicized by others, because of it), and the Windows partition on my Asus ROG. I will not be upgrading my Alienware, my XPS, my HP laptop, nor any of my desktops to Windows 10.

The Surface I only use for taking notes when in classes at university, and not for anything personal.

The Asus ROG is my primary laptop, but I spend 95% of the time booting into 3x+ encryption levels running Linux OpenSuse (with some VM installed version of older Windows for older apps like Campaign Cartographer and the like). For the less than 5% of the time I actually boot into windows, the Windows partition only has video games for playing with my (now teenage) kids.

I pretty much only use my Mac for music composition and performance as Synthetic Zen (though I am gladly using the Mac less and less, as Bitwig is Java-based and fully cross platform and as it matures, I can do more of my music under Linux).  I haven't upgraded my MacBook Pro to Yosemite because it will break several of the music drivers and apps (though it would make my ROLI Seabridge RISE work over Bluetooth if I did so), and I never installed any Windoze on my Mac (partitioned or virtual).

Even if you take all these steps to "secure" Microsoft's Windows 10, for example going through all the steps here: http://www.zdnet.com/article/how-to-secure-windows-10-the-paranoids-guide/ (among many other sites trying to help), not surprisingly, it still will not be fully secured for those with privacy concerns.

I wish I wasn't currently deep in the middle of my research project for http://www.rpgresearch.com, because I would love to quickly set up a lab (correctly, as I did for my paper published by the SANS Institute for my GCIH certification and research on the still relevant (though dated) ongoing vulnerabilities in Microsoft's VPN implementations), with full traffic sniffing and analysis (I have all the equipment at my fingertips to do so), and do an accurate assessment, unlike the munged, failed, sad newbie attempt back in February by ChessusCrust on voat (which they later deleted: https://voat.co/v/technology/comments/835741 ). http://thehackernews.com/2016/02/microsoft-windows10-privacy.html further echoed by Gordon Kelly on Forbes http://www.forbes.com/sites/gordonkelly/2016/02/11/microsoft-makes-windows-10-u-turn/#3884a0139743, and others on other sites, (don't listen to those reports about thousands of attempts, they totally screwed up by blocking all traffic, rather than "capturing" all traffic).

However, even for those scoffing at privacy issues, (though correctly pointing out some of the core flaws in the Kelly / ChessusCrust "report") admit that unless you buy the Enterprise edition, you are missing options to really dial back more of the telemetry information being sent: "A side note here: Actual network administrators configuring Windows 10 Enterprise have hundreds of Group Policy options at their disposal, including fine-grained controls over telemetry and privacy settings. There's even a fourth option, not available to users of retail and OEM Windows 10 editions, that dials telemetry back to an absolute minimum." http://www.zdnet.com/article/when-it-comes-to-windows-10-privacy-dont-trust-amateur-analysts/

Note: "Microsoft's documentation that it all telemetry data transmissions are encrypted,"... "Many of the addresses on the list belong to content delivery networks (CDNs) like Akamai Technologies and CloudFlare. Some of those downloads are possibly trying to refresh live tiles in the provisioned MSN apps (News, Sports, Weather, Money, and so on). There are perhaps some updates to Windows and the Windows Store in there too."... "[if had] changed the default Diagnostic and Usage settings to Basic. If he had, there would probably be a single ping to Microsoft's servers when the machine starts up, which would disclose what that setting was, whether Windows Defender was up to date, and whether his installation had experienced any failures in software or driver installation."..."If he had kept the Enhanced or Full settings, Windows would periodically deliver a batch of anonymized usage data to Microsoft."

And the supposed promise of future abilities to further decrease telemetry information turned out to be false, outdated information as well: http://www.forbes.com/sites/gordonkelly/2016/02/11/microsoft-makes-windows-10-u-turn (the same mistaken article, has an update about the upgrades, that is worth noting, specifically: "Microsoft’s official press agency in the UK, 3MZ has confirmed it was at fault for the supply a misleading quote from Microsoft and that no Windows 10 updates have been announced for 2016 which will offer increased telemetry control." It would have been good news if they were offering such an update, but alas apparently no such luck for the privacy conscious.

"Some examples of the type of collected information include your name, e-mail address, preferences and interests; location, browsing, search and file history; phone call and SMS data; device configuration and sensor data; voice, text and writing input; and application usage." ...  "

“We may also access, disclose and preserve information about you when we have a good faith belief that doing so is necessary to:

  1. comply with applicable law or respond to valid legal process from competent authorities, including from law enforcement or other government agencies;
  2. protect our customers, for example to prevent spam or attempts to defraud Microsoft’s customers, or to help prevent the loss of life or serious injury of anyone;
  3. operate and maintain the security of our products and services, including to prevent or stop an attack on our computer systems or networks; or
  4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services—however, if we receive information indicating that someone is using our products or services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.”

This would suggest that the data really isn’t anonymous and could be turned over to law enforcement or some other government entity."

http://www.slaw.ca/2016/05/26/is-windows-10-spying-on-you/

And remember, if your data is being sent "over the wire" to Microsoft, many other parties along the routes could intercept (even though encrypted), not to mention all the "partners" to MS, and of course the potential law enforcement further encroachment probabilities.

So, decide for yourself, you now have a fair amount of information to arm yourself with, and make the best informed decision that best fits whatever is the "right" decision for you, your family, friends, and businesses.

 -Hawke Robinson (July 26, 2016)

http://techtalk.hawkenterprising.com

 

References

http://www.zdnet.com/article/how-to-secure-windows-10-the-paranoids-guide/

http://www.theinquirer.net/inquirer/news/2461191/pc-sales-are-falling-faster-than-expected-and-its-all-windows-10s-fault

http://www.zdnet.com/article/when-it-comes-to-windows-10-privacy-dont-trust-amateur-analysts/

http://www.forbes.com/sites/gordonkelly/2016/02/11/microsoft-makes-windows-10-u-turn/#3884a0139743

http://www.forbes.com/sites/gordonkelly/2016/02/11/microsoft-makes-windows-10-u-turn (in case above link breaks from extension)

http://thehackernews.com/2016/02/microsoft-windows10-privacy.html

https://voat.co/v/technology/comments/835741

http://www.slaw.ca/2016/05/26/is-windows-10-spying-on-you/

http://www.rpgresearch.com

http://www.syntheticzen.com

https://www.sans.org/security-resources/malwarefaq/pptp-vpn.php

http://www.windowscentral.com/no-windows-10-not-spying-your-pc-thousands-times-day

http://itvision.altervista.org/why-windows-10-sucks.html

 

 

 

 

 

 

 

Navigation