Microsoft has been pushing out updates to get Windows 7 and Windows 8 users “ready” for Windows 10, but a handful of recent updates appear to be more focused on data collection and less on features or user experience.
Windows 10 has a number of built-in data collections tools enabled by default, such as sending physical whereabouts, Web browser history, contacts and calendar records, and “typing and linking” data, among other telemetry, to Microsoft servers. This monitoring is part of Microsoft’s Customer Experience Improvement Program (CEIP) and is designed to “improve the products and features customers use most often and to help solve problems,” Microsoft said.
Some users have opted to not upgrade to Windows 10 over privacy concerns. But three updates have added similar data collection capabilities to machines running Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1, and Windows Server 2008 R2 SP1.
One of the updates, KB 3068708 (for customer experience and diagnostic telemetry) is tagged as mandatory, while the other two -- KB 3075249 (which adds telemetry points to consent.exe in Windows 8.1 and Windows 7) and KB 3080149 (intended for customer experience and diagnostic telemetry) -- are considered optional. The mandatory update superseded a nonsecurity update (KB 3022345) released back in April, which created the Diagnostics and Telemetry Tracking service.
The new Windows service increases the amount of diagnostic data that CEIP can collect, and it collects data for third-party applications using the Application Insights service. Application Insights lets developers track performance issues, crashes, and other problems within their applications.
The data is sent to two hard-coded addresses: vortex-win.data.microsoft.com and settings-win.data.microsoft.com. Hard-coding the server names means users can’t block access with a hosts file. While Microsoft has said no personal or identifiable information is collected via these tools, the fact that users on older systems are opted into CEIP certainly indicates a growing awareness at Microsoft of the value of user data.
The easiest way to prevent the Diagnostic and Telemetry Tracking service from sending any data is to not install the mandatory update at all and to remove it -- and the optional fixes -- from Windows Update so that they don’t get installed by mistake later. If the updates have already been installed, they can be uninstalled via Control Panel by looking up the KB identifier for updates. They can also be removed by running the
wusa /uninstall command from an elevated command prompt.
The biggest issue with the CEIP and the new Diagnostic and Telemetry Tracking service being pushed onto older operating systems is the fact that it’s still not clear exactly what is being collected and sent. There are concerns that despite opting out of CEIP, the service continues to send data.
Windows users who don’t want to be part of the collection program should have a clear and straightforward way to opt out, which doesn’t appear to exist at the moment. Attempts to contact Microsoft about this issue have not yet elicited a response.