Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Remove anti-privacy, anti-security, and general nuisance “features” from Win 10 (github.com/dfkt)
82 points by luu on Aug 16, 2015 | hide | past | favorite | 53 comments


I unfucked Windows 10 by installing Fedora instead.

This is the first time in probably four years that I'm using Linux on my main desktop again, and it's been a pleasure. Things like SLI and dual monitors just work - I remember last time I had a Linux desktop these things were a nightmare. A surprising amount of my games on Steam (152 of 400) support Linux.

Zero regrets so far!

edit: Sorry, I didn't mean this to become a Linux bragging post. This looks like a great project! I appreciate the effort people are putting in to making W10 usable.


I'm kind of sad games work so well, because recently my time has been sunk into playing Civ 5 again!


Heh, I know that feeling! My vice atm is Cities: Skylines.

I'm honestly really surprised how smooth the transition was for me. I expected it to be a bit rough - I only did the install telling myself "I'll give this a go for a week or so" - but I really can't see myself moving back any time soon.

Even sleep works - and it works better than it ever did on OSX or Windows.


Windows 10 is orders of magnitude more usable than any Linux desktop that I've seen. All this does is toggle a bunch of settings for you.

To make Fedora even remotely usable I had to un-Mac OS X it by installing a bunch of third party tweak tools and plugins because they took all of the major UI anti-patterns from OS X.


I completely disagree. Fedora seems to take OS X and make it much more usable and more intuitive and it cuts out the cruft.

Any cursory glance of any Windows forum on the internet will show you that it is indeed not more usable than any of its competitors.

I've personally set up children and elderly people with Fedora and it's orders of magnitude better than Windows in these cases seeing as it's almost impossible for the average user to mess up.

Perhaps installing Fedora on your mac book was a headache, but have you ever tried to install OS X on non-apple hardware? It's worse than any other OS. If you bought Ubuntu certified hardware (as you did with Apple) you'd have no problem with Linux, so it's disingenuous to compare the two.

Sorry, but Windows isn't an OS for "normal" people, it's an OS people use because they have to for some reason (games, work). It doesn't "just work" and it's not miles ahead of any other OS, and certainly not more stable. I've had my Fedora desktop up for months at a time without anything crashing, this typically can't be said for Windows in my experience.


I've also personally set up children and elderly people with Windows and on hardware that Fedora and other Unixes won't even run on like tablets, without a problem.

And you'll never see a problem like this on Windows - https://ask.fedoraproject.org/en/question/38845/graphical-de...


>I've also personally set up children and elderly people with Windows and on hardware that Fedora and other Unixes won't even run on like tablets, without a problem.

This isn't typical though. I've seen literally thousands of posts about how "every time I come over I have to fix my parents computer" and 99% of the time it's a windows machine.

>And you'll never see a problem like this on Windows

https://social.technet.microsoft.com/Forums/windows/en-US/5b...

http://windows.microsoft.com/en-us/windows7/why-is-my-screen...

https://social.technet.microsoft.com/Forums/windowsserver/en...

Pretty similar.


We can concede that any platform can have problems despite the fact that we ourselves have not encountered them. If your only measuring stick is the existence of problems as seen on the 'net, you haven't really proven your point that somehow Fedora is for normal people but Windows is not.

Maybe it's different for me because I'm from the east coast, but all of the people that I know running Windows at home are certainly normal. My wife, a teacher, is running a Surface Pro 3 which replaced her iPad + laptop. My dad (a retired plumber) runs Windows but my mom has a Macbook Air. Almost all of the college students in my family went with Windows on a laptop or a hybrid.

I have Fedora F21 running and it's probably the best performing Linux desktop that I've seen and the most usable (after taking away all of the OS X idioms of course), but unless the only thing you want to do is run Chrome more slowly than you could on Windows, then I wouldn't recommend it for normals (edit: because from what I've seen, it's generally a buggier environment than Windows. Now that could be mostly because I installed a bunch of buggy plugins for Gnome, but I also had hardware issues that Windows did not have).


This is a lose-lose scenario. If you don't trust a closed operating system in the first place, why would you then, after performing these steps, trust the system that it really does what it says it does. The point is that you don't know, and you can never be sure. The solution is to either trust or not, switch or stay, there is no middle path, because any middle path implies some amount of non-trust.


> This is a lose-lose scenario. If you don't trust a closed operating system in the first place

I don't trust open systems either. I don't have the time to audit them. If I did, I wouldn't trust myself to catch everything. I don't trust "enough eyes make all bugs shallow" either.

Case in point: Canonical written "features" in Ubuntu, and OpenSSL bugs in general.

> why would you then, after performing these steps, trust the system that it really does what it says it does.

Don't trust: verify with wireshark? Alternatively, trust the people who wrote this to have run wireshark. Alternatively, "Trust but verify."

I generally trust Microsoft and FOSS to not be actively malicious on their own behalf.

I trust neither Microsoft nor FOSS to do their privacy due diligence, write perfect software, to be free of capitalistic or engineering pressure to add privacy harming features, nor to be free from subversion by state actors (NSA etc.)

What's your superior counter-proposal, under these conditions?

> The point is that you don't know, and you can never be sure.

Fundamental truth of computing, not "windows 10". I can't even trust the code I write myself to be free of security or privacy issues due to my own mistakes or lack of consideration.

> The solution is to either trust or not, switch or stay, there is no middle path, because any middle path implies some amount of non-trust.

I reject the thesis that trust is binary. Were I to accept it, I trust nobody - everyone is vulnerable to being subverted by blackmail, intimidation, making mistakes, etc.

Trust of system is also not the only factor influencing my use of a system. I trust a deeply buried cement brick more than any computer, but I can't use the web with it. I have very different trust needs for my bank servers, my workstation, my catstation, and my gaming console.


You are making an apples and oranges comparison. On the one hand you have something that theoretically (and sometimes provably) is checked by people besides the project maintainers. You are absolutely right, but even taken your framing OSS OSs are orders (yes, plural) of magnitude more trustworthy than even older versions of Windows than 10. The privacy violations in 10 are large enough to make the system unusable by anyone that works with sensitive data (be it code, medical records, personal information, proprietary information etc).


> Canonical written "features" in Ubuntu

Oh come on. Canonical did not hide what they were doing, and enabled an option to disable it in the first place. You could try finding better examples than that.


> Canonical did not hide what they were doing,

Did Microsoft? This is news to me if so, and I'd be interested in reading up on any sources for this you might have.

> and enabled an option to disable it in the first place.

Microsoft added several options to disable things. While I certainly agree that those options have some gaps and/or are outright bugged, I'm not convinced there's any difference in intent or motivation, which is the bigger factor to me when it comes to trust of character.


basically what microsoft did with windows 10.


> I generally trust Microsoft and FOSS to not be actively malicious on their own behalf.

Yup, I completely agree. I trust both of them.

But I don't trust third-party programs made for Windows because I always have to un-check something just to not get some junk program attached to its installation. I've never encountered with a single such request since I made the switch to Linux two or three years ago.


While there are serious issues with Canonical, Mozilla, and other people in the "open source" community[1], there is a huge difference in both magnitude and intent between the problems with Canonical/Mozilla and what Microsoft is doing in Windows 10.

[1] That's one of the reasons some of us promote Free Software instead of Open Source.


I don't trust open systems either.

Don't put words in my mouth please.

I reject the thesis that trust is binary. Were I to accept it, I trust nobody - everyone is vulnerable to being subverted by blackmail, intimidation, making mistakes, etc.

You seem to be using a different definition of the word trust than I did. Everyone is vulnerable, does that mean you cannot trust anyone? No, you certainly can, that is the whole point of trust.


> Don't put words in my mouth please.

It's not my intent to. I'd ask that you clarify exactly how I have, if I have.

>> I reject the thesis that trust is binary. Were I to accept it, I trust nobody - everyone is vulnerable to being subverted by blackmail, intimidation, making mistakes, etc.

> You seem to be using a different definition of the word trust than I did.

Did any of the earlier discussion about what I do and don't trust Microsoft & FOSS with seem on the right track?

> Everyone is vulnerable, does that mean you cannot trust anyone?

It means I cannot trust in an absolute, binary fashion, of 100% certainty that it will not be misplaced. I can only trust that they'll probably do the right thing (tm).

> No, you certainly can, that is the whole point of trust.

EDIT: Added context now that new lines have shown up. Also added replies.


This is a misreading of "either," I think. Read not as "You and I both distrust open systems," but as "I distrust both closed and open systems."


I think you're right! Thanks for helping clarify.


i use linux for my personal things, but this is not a very good argument for most people. wouldn't you trade 1 in 100 chance of the spying affecting you for a much more usable OS? Some people i know get Non-metaphorical headaches from trying yo get computer things to work.

Even people who are power users can only use Windows for games and some enterprise apps.

So you either don't use a computer at all or use Windows and sometimes OSX.


IMO Linux (specifically fedora with GNOME) is a much more usable OS than either Windows or OS X. You could argue that this isn't true for the average user, but my parents have no problem with it and neither do any of my nephews and nieces.

I could see some people needing office software, but the average user really can get by with LibreOffice.


It's good to read the scripts first. You might want to use some of the "features" this removes e.g. the Windows Store, the msftncsi.com host (network status indicator / captive portal test).


What's the difference between a sensitive/private email being composed on a smart phone or a Windows 10 laptop or desktop?

It used to be that only the smartphone knew your location, what you type, who you are, who you are emailing, etc. The difference now is that desktops and laptops running Windows 10 do too.

This seems to upset people, but the same people were/are OK with using smart phones. I don't get it, of course I don't use smart phones either and have no plans to use Windows 10. But when all my Android and iPhone friends complain about Windows 10, I just scratch my head and wonder these things.


? The issue isn't that Windoes knows your location when you type an email, it's that it sends all this information and much more to Microsoft. If I type an email on my iPhone it doesn't get sent to Apple (unless, of course, I'm using my iCloud email account).

Additionally, Apple is very clear which what they collect and what gets sent to Apple. They go through it when you set your iOS or Mac OS X device up. It's not hidden in some "advanced setup" link.


On OSX there are a ton on Apple services phoning home for all sorts of reasons, all the time. Try installing Little Snitch some time and be amazed. And I wouldn't be surprised to see the same on the iOS devices. Any Apple device is super noisy on the network with just mDNSResponder alone.

Most of them are also for useful features, it's just that they are all talking over the wire and potentially exfiltrating user information. I don't think that people realize how much data is sent around all of the time.

Here is a non-exchaustive list just to give an idea:

* locationd -> gs-loc.apple.com:443

* apsd -> .push.apple.com:80,443,5223

* mapspushd -> .ls.apple.com:80

* UserEventAgent -> :80

* ntpd -> time.apple.com

* ocspd -> :80,443

* ...

I didn't put all services. Notice that some data is not even encrypted.


They are different computing environments. A desktop PC is a general-purpose standalone computer, whereas a smartphone without a network connection is of limited use. A desktop OS like Windows 10 creates a dependency on "the cloud" that many people find crippling, rather than enabling.


It seems there are a few assumptions here which are not true:

desktop computer (also laptops) know your location, what you type, who you are (sort of), who you are emailing, etc. and it has been so for a while but it used to be third party software, websites, governments, corpo or malware that would collect and use this data.

Cell phones are tracking devices you can use to make a phone call, people using those devices doesn't mean they are ok with the surveillance that come with it.

When your friends complain they're complaining that the surveillance is creeping its way back into an OS.


>This seems to upset people, but the same people were/are OK with using smart phones.

I don't think this is the case. People have complained about that too and personally I take a lot of precautions to protect my data.

Pretty much every reddit thread on the subject has a top comment akin to "Who cares? everyone else is doing it", and your comment seems to be a more well thought out version of the same sentiment.

We've known for a while the NSA is abusing our technology and working with large corporations to spy on us, but at this point there is almost no way around it except to stop using technology (and even then you can be spied on by other sophisticated equipment like drones).

I don't really think this is any type of excuse or justification. Just because people have no control over the spying doesn't mean people like it or are "okay" with it. The only other option is to give up most technology and stop participating in the world, which is absurd.


People are extremely irrational when it comes to privacy. They've been brainwashed into believing that they have some kind of right to privacy, which is absolutely insane.

This kind of irrational paranoia is extremely common amongst tech people, especially on HN. I can't think of anything that could slow down progress more than fear of transparency. Yet I can't blame these people because they clearly don't know better.

I regularly try to have discussions around the benefits of transparency and the unsustainable nature of privacy, but it's such a touchy subject that it inevitably gets buried.


Good effort for sure but I'm still really sketched out by the sheer amount of monitoring crapware on Windows 10: what stops MS from re-enabling all of this stuff?

After all you and I will need to leave auto-updating on default in order for the OS to stay safe in Internet context. Which effectually means that MS can enable/replace all of these services at any given time. I get that trusting closed source code is always iffy but trusting closed source software that -intentionally- sets out to monitor and document your every move seems a less than optimal path to walk. Will stay on Windows 7 for now and if no better offering comes along from MS I will move to a Linux solution (or even OSX if my privacy stands a better chance of being protected than on Windows). Sad in a way cause I'm fundamentally fine with Windows from a work perspective, it gets stuff done for me.


Like, this disables a lot of actual features -- the Xbox stuff, Windows Store... I get some people don't use that stuff, but it's generalizing from a local preference to a global one to call these "anti-features" and the like as some in this thread have. Features you don't use are not the same as features nobody uses.

Meanwhile disabling UAC so you can run a pile of batch files off the Internet sounds like a terrible idea to me.


The batch files are small so it's easy to verify what they do at least!


Even if one reviews them and finds them not actively malicious (which on cursory review seems likely) there's still the question of how well they're written. If I am not mistaken, the PowerShell script to remove the bundled Metro apps (what's the deal with removing the Calculator anyway?) is littered with wildcards. The bigger point is that you shouldn't be disabling UAC anyway, and anyone who suggests it is immediately on my list of people I don't fully trust.


The person who wrote the aforementioned batch files for Windows 10 also created "firefox-tweaks" [1]. These also contain some very dubious and/or irresponsible suggestions [2] which implies the author doesn't actually know what they are doing.

[1] https://github.com/dfkt/firefox-tweaks/blob/master/firefox-t...

[2] https://github.com/pbiggar/firefox-tweaks/commit/635779c7939...


A good word for these is anti-features, introduced by Benjamin Mako Hill. https://en.wiktionary.org/wiki/anti-feature


I'm all for scripts to help set these things up fast, but never in a million years will i download some random .bat file to just click and run. Especially without documentation of each operation it's going to perform.

I know i can just read the code, but i'm not skilled enough with windows to know if there's something else snuck in there or not.


> but never in a million years will i download some random .bat file to just click and run.

I think that in this particular case you can trust the random bat file more than Microsofts official binary blob OS.


Why on Earth would you think that?


Is there no 'curl http://example.com/script.sh | sh' equivalent for windows? It's really popular among the typical js/ruby/mongodb crowd so I guess it is safe and secure.


You might have been joking, or you might have been serious. If you were joking, my reply is for the benefit of readers other than yourself.

Aside from the obvious risks of downloading and immediately executing internet code, which are indeed risks but of course we all accept them on a regular basis...

... and aside from the mildly more subtle risks that the HTTP server is doing something sinister, e.g. with browser-agent, and so you're not getting the code you think you're getting...

... even aside from these issues, curl-and-pipe-to-sh is dangerous because of its failure modes.

https://www.seancassidy.me/dont-pipe-to-your-shell.html


I was sarcastic, thanks for that great link!


You're joking, but of course there is such an equivalent. See instructions on https://chocolatey.org/ for an example.


There's no curl in default Windows installation, but "bitsadmin.exe /transfer" can do pretty much the same, and the shell (cmd.exe) has been around since Windows 95. So, actually, yes, but unfortunately without a pipe.


I agree, a little documentation would go a long way here. Id really like to read a post saying actually what it does too, it wouldbe interesting to see how effective it is.


What exactly should be documented? The commands? The service names? The DNS records being sinkholed? The redirect-to-127.0.0.1 trick?

There are blog/post links in various comments in these files, I should note.

I'm not sure how documentation would help with the "might sneak something in" issue either. If anything, if you're feeling paranoid / reasonably cautious, you should ignore the documentation in favor of documentation you source yourself - if you can't trust the author to write the commands, you can't trust the author's documentation of the commands either.


Honeatly if i was running 10, id have definatly run though it, sorry poorly worded on my behalf. I should have just said id like to read a post on what he has done, any negative effects it may have and if he thinks he missed anything.


Seriously? Did you even look at it?


I agree that the scripts are very readable, but even if therobot24 might be able to understand them, there are many people who wont. Verifying it yourself doesn't work for the non-hacker crowd.

The solution is that someone trustworthy vouches for the files.


[deleted]


In the README:

> Another warning: data-harvesting-services-removal.bat will be flagged as malware, since it tries to automatically alter the hosts file. You can either allow it, or add the hosts manually via the data-harvesting-hosts.txt file.


Is it just me, or is this like third or forth open source program posted here that does the same thing?


does this contain fixes for things explained in https://news.ycombinator.com/item?id=10053420? i think listing what it does would be cool. because after that revealation disabling everything and anything still may not be enough.


Thank you! This is what a Windows solution looks like.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: