Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How much telemetry is collected by windows 8.1? something odd I noticed


  • Please log in to reply
10 replies to this topic

#1 rp88

rp88

  • Members
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 AM

Posted 06 December 2015 - 03:31 PM

I did a search of my hard-drive today looking for files which had been modified today (by searching for datemodified:today), I do this sometimes, anyway, one of the things which came up was a file called Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx .

I wondered what this was so took a look at it, it opens a thing in event viewer which then shows within it a list of "information" events (that is events classed as "information" rather than "error"s or "critical" bugs). The "source" for ALL these events is "Application-Experience", their dates and times go right back to when the computer was new. They all have "general" descriptions reading :

"Compatibility fix applied to C:\[path of an exe file]
Fix information:[program name], {[code of numbers and letters with some dashes separating them]}, 0X{some other number]"

The "details" "xml view" then shows some more information including precise times, "event IDs", "threadIDs", the "name" of my computer, a "channel", a "security userID", a "processID", a "fixID", a start time, "flags", the file's path and two microsoft URLs.It doesn't do this for every program but there are a lot for ms office programs, a lot for 7z and there seems to be one for every time I run vlc media player akong with a few relating to avast antivirus.

What is this log about, is this just data being collected or is it being sent to microsoft? I am pretty sure that the customer experience improvement program is disabled on this machine, so is this information just being archived but not sent on to ms? Is this data only data about crashes(No, it can't be only about crashes because some of the entires correlate to times when programs were running fine)? Is this data only about crashes and settings under which the programs were running (it could be this)? Or is this data about everything including what files I had open at the time, what exactly was open when a certain program crashes or what file a certain program was used to open (as in when you right click on a file and open with a particular program, so the program starts and imeediately opens the selected file)?

Can anyone explain what this data is precisely, if it's just about the settings of the programs that's fine, if it's about what files were open, what I typed at time X on day Y and such then it's creepy. Is this just the modern equivalent of windows xp's famous "would you like to send an error report"(but I've never seen any of those prompts on windows 8.1 when programs have crashed) or is this something else?

I had rejected certain updates a while back to stop certain extra features being added to windows 8.1's telemetry and the CEIP, does this mean that that sort of data collection (and transmission or not? CEIP is turned off so is this stuff just staying on my system?) is going on anyway despite me not having those KB updates? Also does the existence of these little pieces of information every time certain programs are opened mean those programs always have some kind of "crash" during opening, vlc runs fine but always takes a little while to open, does this mean that the reason it takes a while is because my system is having to fiddle around with settings each time so that it can run?
Thanks

Edited by rp88, 06 December 2015 - 03:33 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 GoFigure

GoFigure

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Olney, Illinois
  • Local time:02:58 AM

Posted 06 December 2015 - 05:11 PM

CEIP has been around for years and only collects data about Microsoft products and some third party apps that connect with Microsoft products.  It has no user identifiable information in it.  You can opt out though it appears the data is still collected just in case you ever opt in.  Since June it seems like several of the updates have enabled privacy settings that were initially not allowed by the user so you need to check any settings you set limiting what Microsoft has access to.

 

It is interesting to note that Microsoft in update KB3080149 included the statement "Reduces the network connections on a Windows system that doesn’t participate in the Customer Experience Improvement Program (CEIP)."

So by not participating you are being 'punished'.

 

There are other updates that add telelmetry to consent.exe and also add additional diagnostic and telemetry data collection.  They say they are just collecting metadata, which is the same data the NSA claims to be collecting.  The question is does using the same term mean the same thing.  Privacy in Windows today is questionable.



#3 rp88

rp88
  • Topic Starter

  • Members
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 AM

Posted 10 December 2015 - 05:12 PM

"Since June it seems like several of the updates have enabled privacy settings that were initially not allowed by the user so you need to check any settings you set limiting what Microsoft has access to."
Could you please specify where these settings are to be found, so I can see if any seem to be in a configuration which I would not have set them to. I didn't install those updates which added extra data collection and telemetry features to the system but there migth have been other changes made.

"You can opt out though it appears the data is still collected just in case you ever opt in"
By that you mean that it is likely that the data is being collected by this thing I found but not actually send anywhere except for being stored on my system? But if that is the case why do the information events listed within it contain microsoft URLs in their descriptions, if they aren't being sent to those URLs?

"It has no user identifiable information in it."
Any idea what informaton it might HAVE though, if it running on here, and I'm not sure how to tell if it is. Because even if it isn't something that can be linked back to me it might still be something I wanted kept private (Say I was working on a novel which had yet to be published, I wouldn't want copies of it to end up outside of my hands and floating around in a database somewhere, it doesn't matter if that novel has a "this was made on Mr A's computer on the Bth of C 2015" label attached or not, it's still the sort of thing one wants to keep to oneself until ready.). Will the data be things like file contents? or file names? or just program settings and bug crash reports (though even then bug crash reports might dicuss what file was open when the crash happened)?

Thanks

Edited by rp88, 10 December 2015 - 05:13 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 JohnC_21

JohnC_21

  • Members
  • 22,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 10 December 2015 - 05:21 PM

Look in Task Scheduler. There may be multiple tasks created in the Customer Experience Improvement Program folder. You can right click and disable or delete the Tasks.



#5 Jaycan

Jaycan

  • Members
  • 443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:58 PM

Posted 10 December 2015 - 05:22 PM

Hi ..

Read the full details on KB3080149 - Microsoft Support << from here if you are concerned ..

 Thanks -



#6 rp88

rp88
  • Topic Starter

  • Members
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 AM

Posted 10 December 2015 - 05:50 PM

Thanks JohnC_21, I looked in that folder of task scheduler, they all seem to be enabled, but they all say in the description "If the user has consented to participate in the CEIP program then this task sends data to ms, if not this task does nothing". They all display as having run fairly recntly and doing so on an approxiamtely dail basis. Should I consider disabling these tasks or could dong so lead to problems of any kinds? I wish I knew exactly what they were doing, because if I could be sure it was just things like crash data (crash data not including details of the file open in a given program when it crashed) I would be fine with that being sent to ms (if it's being sent I'm still not sure how to tell, is there something I can check elsewhere to see if I'm opted into the CEIP I certainly never remember opting into it though), whereas if it's data relating to the exact files open at the time of a crash or other private things then I ought to disable those tasks, if doing so desn't cause problems.
Thanks


Jaycan, that link to the kb helped actually, from looking in detail and seeing it's release date I know I didn't do that update* but looking down the page I came across a note that one can check if the CEIP is running by looking in "Action Center > Change Action Center settings > Customer Experience Improvement Program settings", I looked and that showed that CEIP was turned off on my machine. So maybe those tasks are just collecting data but not sending it anywhere, I still fell unsure though.
Thanks

*prmarily because of how vague the description of it is

Edited by rp88, 10 December 2015 - 05:51 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 JohnC_21

JohnC_21

  • Members
  • 22,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 10 December 2015 - 05:56 PM

By installing an update you may have unintentionally allowed CEIP. I deleted the tasks in the CEIP folder but you can disable them if you like.

 

Edit: Also make sure tasks in the Disk Diagnostics folder are disabled as that sends telemetry also.


Edited by JohnC_21, 10 December 2015 - 05:59 PM.


#8 rp88

rp88
  • Topic Starter

  • Members
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 AM

Posted 10 December 2015 - 07:45 PM

I always do disbaling over deleting when it comes to scheduled tasks, just on the off chance one might ever need to re-enable something. I'll take another look later in the CEIP and sik diagnostics folders, and see preciesly what's there, I'll post a list of the tasks here. Certainly within disk diagnostics I don't want to end up disabling anything which helps with the health of the HDD, so in there I'll need to be particularly careful about locating which tasks might be telemetry.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 JohnC_21

JohnC_21

  • Members
  • 22,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 10 December 2015 - 07:53 PM

All Disk Diagnostics tasks were disabled on my computers. I just mentioned it in case it was enabled on yours. You can see what it sends in the Task Scheduler Description.



#10 GoFigure

GoFigure

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Olney, Illinois
  • Local time:02:58 AM

Posted 14 December 2015 - 04:25 PM

You are fighting a losing battle.  Microsoft has committed to reinstalling and enabling data collection tasks in future updates and this will not be mentioned since there is no change the hidden code within the updates will check to see if the files and settings have been changed and if so it will replace and fix them.  The only way to tell that it has occurred is to check the settings after every update.  This has already occurred in Windows 10 and will be rolled down to Windows 7 and 8.1.  If you run/follow DestroyWindowsSpying this was noted by the developer, that even though it was removed, it is back after running updates.



#11 JohnC_21

JohnC_21

  • Members
  • 22,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 14 December 2015 - 04:38 PM

I believe this link was posted before but it shows which updates for 7 and 8 include telemtry.

 

http://forum.notebookreview.com/threads/updates-to-hide-to-prevent-windows-10-upgrade-disable-telemetry.780476/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users