Tracking & Cookies in Windows 10

[anonymous]

EdgeCookiesView v1.10  http://www.nirsoft.net
BrowsingHistoryView v2.17  http://www.nirsoft.net
IECacheView v1.58  http://www.nirsoft.net
PrivaZer  v3.0.59
3rd Party Windows 10 Privacy tools
Destroy Windows 10 Spying
W10Privacy

Using the first 3 programs listed above I can tell some of what Microsoft Windows 10 is tracking.

Windows 10 is auto generating cookies before I ever open a browser.  Using EdgeCookiesView will show all Windows apps like Edge, Weather app(weather news section), News app, Money app. Cookies are generated by those app’s and I am sure other’s to.  In other words Edge is the only windows program/app that allows you to say no cookies. As far as I can tell setting Edge to no cookies does not carry over to other windows app’s.  Opening windows apps is just like opening a browser with out giving you the option to block cookies if you want.  It’s amazing how many cookies are showing up (380+) after using these app’s.

The biggest surprise is that windows is tracking any locale file opened.  So I opened 2 locally stored video’s and had this document open and Windows 10 tracked all 3 things as thought it was an internet tracking event.  Using BrowsingHistoryView I could see how all 3 items are tracked, meaning anything I do off the internet is tracked.  No Privacy at all.

Using Privazer program will clear all.  But of course we are supposed to take it for granted that all cookies are safe and harmless.  If they are so safe and harmless why can’t we see exactly what is in them! 380 plus cookies from using 3 windows apps(weather, news, money). Windows 10 does cookies in a different way now, using “C:\Users\username\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat” to store them. Privazer program will clean this and other dat files in use by windows 10.

I am using 3rd party programs for windows 10 privacy settings and only browsing with Firefox and Brave browsers.  All Windows 10 app’s have been removed using 3rd party privacy tools. Running strictly 3rd party programs for internet and any thing else that I might want to do. Not even using file explorer.  Also disabled lots of task scheduler tasks for windows. Made changes to group polices and security policies and services in order to stop windows 10 from spying on everything I do. So far its working windows is still running fine and I have stopped windows from loading cookies on power up. And from tracking my locally used items. Also I am logging onto windows with locale account, no more online in the cloud anything when it comes to windows or Microsoft.  I am old school when it comes to networking and the internet, don’t backup anything to the cloud or use any online services. No social stuff at all especially facebook and lately don’t even use googles stuff.

Below is a list of extensions I use for privacy.

Avast Online Security
Cookie AutoDelete
uBlock Origin
Ghostery – Privacy Ad Blocker

Also using a program called Kill Switch to cut off Internet when not browsing.

For cleaning I use Ccleaner and PrivaZer.

2 users thanked author for this post.

wavy, TJ

Reply | Quote

[Rick Corbett]

It’s not just Windows 10 that tracks your activity. Download/run Privazer‘s small, free, portable Shellbag Analyzer & Cleaner to see how Windows tracks the names and paths of local and network folders you’ve used, including folders you thought you had deleted.

5 users thanked author for this post.

satrow, Bluetrix, Elly, Microfix, woody

Reply | Quote

[Cybertooth]

Does this folder usage information get sent to Microsoft or others outside one’s PC? As long as it doesn’t get sent out without specific request by the user, it doesn’t seem to be a problem. Or is it?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

b, Elly

Reply | Quote

[Elly]

Three questions- may need to post about this in Tools section?

– What is the reputation of the developer and are there any privacy issues in using the tool itself?

– What is the significance of this information? To me? To Microsoft?

and

– Are any problems caused by cleaning all or some of it out? You know… registry cleaners can cause major problems to unaware users… could this?

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

Cybertooth

Reply | Quote

[b]

Cybertooth wrote:

Does this folder usage information get sent to Microsoft or others outside one’s PC?

No.

Cybertooth wrote:

As long as it doesn’t get sent out without specific request by the user, it doesn’t seem to be a problem. Or is it?

No.

Reply | Quote

[Cybertooth]

b wrote:

Cybertooth wrote:

Does this folder usage information get sent to Microsoft or others outside one’s PC?

No.

How do we know?

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

[b]

The system has been researched for 18 years; never a hint of transmission (by Windows XP/7/8/10).

Computer Forensic Artifacts: Windows 7 Shellbags

Can I prove it?; no.

Reply | Quote

[anonymous]

https://www.ghacks.net/2014/06/09/remove-old-shellbag-entries-windows-privacy/
found in comments section:

Dexter said on June 9, 2014 at 8:24 pm

Here’s my PowerShell script that I use after installing Windows, it disables saving ShellBag and few other things by setting ACL to deny write for Everyone http://pastebin.com/Suq9iPYX
Save it with ps1 extension and run with admin privilages
PowerShell -ExecutionPolicy Bypass -Command “& ‘PATH_TO_SCRIPT’”
If you have any other keys that can be disabled this way please post it here

This worked great for me.  Shellbag Analyzer & Cleaner now shows nothing.

Reply | Quote

[TJ]

“Brave Privacy Browser Is Whitelisting Trackers of Facebook and Twitter“

1 user thanked author for this post.

Elly

Reply | Quote

[b]

anonymous wrote:

Windows 10 is auto generating cookies before I ever open a browser. Using EdgeCookiesView will show all Windows apps like Edge, Weather app(weather news section), News app, Money app. Cookies are generated by those app’s and I am sure other’s to. In other words Edge is the only windows program/app that allows you to say no cookies. As far as I can tell setting Edge to no cookies does not carry over to other windows app’s. Opening windows apps is just like opening a browser with out giving you the option to block cookies if you want. It’s amazing how many cookies are showing up (380+) after using these app’s.
…
All Windows 10 app’s have been removed using 3rd party privacy tools.

How can those apps generate cookies if you’ve removed all apps?

Reply | Quote

[anonymous]

Would make sense if user deleted the applications after testing them for this reason…

Reply | Quote

[anonymous]

Windows generated the cookies on power up of computer before opening anything myself.

Reply | Quote

[Rick Corbett]

Cybertooth wrote:

Does this folder usage information get sent to Microsoft or others outside one’s PC? As long as it doesn’t get sent out without specific request by the user, it doesn’t seem to be a problem. Or is it?

It’s impossible to tell because MS doesn’t publish detailed info about what is slurped and what isn’t. However, it seems likely that this ‘folder history’ logging comes under the heading of ‘functional data’ rather than ‘telemetry’ or ‘diagnostic data’.

Have a look at this thread in the Windows Secrets Lounge for more information, including a 2017 link to an article about MS’ distinction between the two (and the use of “inadvertently collected”).

Hope this helps…

4 users thanked author for this post.

JC Zorkoff, TJ, satrow, Elly

Reply | Quote

[b]

Rick Corbett wrote:

It’s impossible to tell because MS doesn’t publish detailed info about what is slurped and what isn’t. However, it seems likely that this ‘folder history’ logging comes under the heading of ‘functional data’ rather than ‘telemetry’ or ‘diagnostic data’.

Functional data is sent to Microsoft to complete a user function:

Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a user’s location for local weather or news is not an example of diagnostic data—it is functional data that the app or service requires to satisfy the user’s request.

Is there any reason to suppose that ‘folder history’ logging is transmitted to Microsoft?

(I know you said “likely”, but to me it’s unlikely.)

Reply | Quote

[anonymous]

The News, Sports, and whatever other Windows 10 store application can use the Edge engines for displaying and other processing of various contents. The default News and Sports applications are curated configurable versions of what you can see when opening Edge.

Reply | Quote

[Rick Corbett]

Elly wrote:

Three questions- may need to post about this in Tools section? – What is the reputation of the developer and are there any privacy issues in using the tool itself? – What is the significance of this information? To me? To Microsoft? and – Are any problems caused by cleaning all or some of it out? You know… registry cleaners can cause major problems to unaware users… could this?

1. I’ve been using Privazer and  Shellbag Analyzer & Cleaner for several years. Both apps are small, free and portable. Checks with Nir Sofer’s CurrPorts shows no external network connections are made of any kind when using either tool (assuming you take the tick out of the ‘Update’ checkbox in Privazer so it doesn’t check online for any new version).

2. Significant or useful? I’ve been trying to think of a good reason why this logging is beneficial… and to whom. I have no use for it and I don’t do anything that would give me any concern if it was handed over to MS… but that doesn’t mean to say that I’m not curious about the purpose of the logging. And that’s the point really… what’s the justification for always-on logging rather than logging that can be toggled on and off if needed for diagnostics.

3. I’ve used both apps many, many times – not just to analyze but to wipe significant amounts of information – with no issues at all in both Windows 7 and 10. Shellbag Analyzer & Cleaner info is similar to cleaning out cookies… the info just rebuilds itself over a period of time as you work. I don’t/won’t use registry cleaners… but I have no problem using Shellbag Analyzer & Cleaner.

Hope this helps…

3 users thanked author for this post.

satrow, Bluetrix, Elly

Reply | Quote

[Bluetrix]

Shellbag Analyzer & Cleaner

Impressive list of reviews on this prog. I will try it out. I don’t see it on Oldergeeks.com, but they can’t try every prog in the cyber world.

Thx for the tip.

 

Reply | Quote

[Microfix]

Tried shellbag analyser earlier on W8.1 Pro x64, conjoured up a large array of paths used and previously used as well as dead paths since clean installation a couple of months back. Still to try it out on W7 and W10..no issues feedback/report connections online, clean.
The fact that these are portable are a bonus (more tools to the USB flash kit)
Thanks for the heads up Rick

W10, the itch you simply cannot scratch!

Reply | Quote

[Microfix]

Revisiting this, as it seems the functions of ‘Shellbag Analyser’ are taken care of within CCleaner albeit with the addition of an extension from singularlabs called CCEnhancer which I occasionally use.

No options other than on/off with the extension which nukes all the shellbags once run on W7/W8.1. Shellbag Analyser will be handy for W10 nevertheless.

I’ll never update CCleaner portable again.
(this was the last safe version prior to Avast takeover)

W10, the itch you simply cannot scratch!

1 user thanked author for this post.

Bluetrix

Reply | Quote

[Bluetrix]

V5.33 product by Avast was the only known infected version of CCleaner I am aware of. I’m not a big fan of Avast, but to their credit they did move quickly in Sept ’17 to fix the rogue version.
I haven’t liked Avast since they bought AVG back in ’16 and ruined it. I use MWB now.

I’m currently using CC 5.44.6, I think it’s up to 5.5ish now. Never used the extension to CC, looks interesting. Shellbags prog on my Win10 1803 machine found a few, but this is 2 years worth, so it isn’t a mountain. I have to start using my computer more (eye roll)

Attachments:

You must be logged in to access attached files.

1 user thanked author for this post.

Microfix

Reply | Quote

[anonymous]

…but that doesn’t mean to say that I’m not curious about the purpose of the logging.

Law enforcement forensic investigation, telemetry(?), maybe somebody will spill the java beans about the real reason one day.

Reply | Quote

[Rick Corbett]

b wrote:

Is there any reason to suppose that ‘folder history’ logging is transmitted to Microsoft? (I know you said “likely”, but to me it’s unlikely.)

I didn’t write that it’s likely ‘folder history’ is transmitted to Microsoft. I wrote that it was likely ‘folder history’ logging comes under the heading of ‘functional data’ rather than ‘telemetry’ or ‘diagnostic data’.

1 user thanked author for this post.

Elly

Reply | Quote

[b]

Exactly. But functional data (as defined in your link) is transmitted to Microsoft.

Reply | Quote

[Rick Corbett]

anonymous wrote:

Windows generated the cookies on power up of computer before opening anything myself.

Could this be because Edge’s default behaviour is to pre-load a ‘Start’ page and ‘New’ tab at Windows sign in (and subsequent page prediction, i.e. data that a user hasn’t asked for)?

This behaviour can be amended easily using either the Local Group Policy Editor (Pro editions) or using a .REG file (Home editions). Let me know if you want further info about how to curtail this behaviour.

The reason for Edge’s behaviour is apparently to give the impression that it’s faster than other browsers… although other browsers could also use the same tricks.

Hope this helps…

2 users thanked author for this post.

Elly, satrow

Reply | Quote

[Rick Corbett]

b wrote:

Exactly. But functional data (as defined in your link) is transmitted to Microsoft.

My link in #325921 isn’t a definition; it’s just a pointer to a thread in the Windows Secrets Lounge.

If you’re referring to the Configure Windows diagnostic data in your organisation article referenced in the WSL thread, well, ‘folder history’ logging doesn’t appear to have much ‘telemetry/diagnostic data’ value so that suggests it’s ‘functional data’. I note that in the Microsoft article, one of the contributors wrote:

“On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.”

I read ‘usually triggers’ as ‘sometimes, not always’… and even then, apparently as the result of a ‘user action’. Your statement was ‘functional data… is transmitted to Microsoft’, which is different to what the Microsoft contributor wrote.

Whilst discussing ‘folder history’ logging, it’s difficult to think of this as a ‘user action’ when the user is unaware of it (until after threads like this). Instead, IMO it’s an OS function which the user has little knowledge of and even less control over (although I see in another post in this thread a method of stopping the data generation… a method that I was previously unaware of).

Have you seen Satya Nadella’s Privacy at Microsoft statement?

“Your data, powering your experiences, controlled by you.”

Well, that log of my ‘folder history’ is 100% my private data, no-one else’s – but IMO it’s not controlled by me unless I use a 3rd-party cleaner or diddle with the OS to stop the collection of my data without my permission in the first place. (So I guess Satya Nadella is… wrong?)

My point is… if this very personal ‘functional data’ *was* transmitted back to Microsoft without me specifically requesting it (remember the Microsoft contributor describing ‘a user action’) then I would not be a happy bunny.

3 users thanked author for this post.

steve1916, satrow, Elly

Reply | Quote

[b]

Rick Corbett wrote:

If you’re referring to the Configure Windows diagnostic data in your organisation article referenced in the WSL thread,

How did you guess?

Rick Corbett wrote:

well, ‘folder history’ logging doesn’t appear to have much ‘telemetry/diagnostic data’ value so that suggests it’s ‘functional data’.

I note that in the Microsoft article, one of the contributors wrote:

“On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.”

I read ‘usually triggers’ as ‘sometimes, not always’… and even then, apparently as the result of a ‘user action’. Your statement was ‘functional data… is transmitted to Microsoft’, which is different to what the Microsoft contributor wrote.

It’s not different to the part I quoted before [edited]:

b wrote:

Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a user’s location for local weather or news is not an example of diagnostic data—it is functional data that the app or service requires to satisfy the user’s request.

That article only refers to data sent to Microsoft as ‘functional data’. (“…collection AND transmission…”)

Rick Corbett wrote:

Whilst discussing ‘folder history’ logging, it’s difficult to think of this as a ‘user action’ when the user is unaware of it (until after threads like this). Instead, IMO it’s an OS function which the user has little knowledge of and even less control over (although I see in another post in this thread a method of stopping the data generation… a method that I was previously unaware of).

So if it’s not a user action it can’t be ‘functional data’. (Unless you’re contradicting yourself.)

Rick Corbett wrote:

Have you seen Satya Nadella’s Privacy at Microsoft statement?

“Your data, powering your experiences, controlled by you.”

Yes; reassuring, isn’t it?

Rick Corbett wrote:

Well, that log of my ‘folder history’ is 100% my private data, no-one else’s – but IMO it’s not controlled by me unless I use a 3rd-party cleaner or diddle with the OS to stop the collection of my data without my permission in the first place.

It’s completely private if it’s collected on your computer. But not without your permission.

Isn’t a lot of other private data stored in the registry for all versions of Windows?

Rick Corbett wrote:

(So I guess Satya Nadella is… wrong?)

No.

Rick Corbett wrote:

My point is… if this very personal ‘functional data’ *was* transmitted back to Microsoft without me specifically requesting it (remember the Microsoft contributor describing ‘a user action’) then I would not be a happy bunny.

Good job it’s not then. (But therefore it’s not ‘functional data’ as referred to in that article.)

Reply | Quote

[anonymous]

? says:

thank you, Rick C. here are a couple more links if interested:

https://ericmathison.com/blog/remove-shellbags-in-windows-for-privacy/

and from microsoft;

https://support.microsoft.com/en-us/help/813711

1 user thanked author for this post.

Rick Corbett

Reply | Quote

[Rick Corbett]

anonymous wrote:

Here’s my PowerShell script that I use after installing Windows, it disables saving ShellBag and few other things by setting ACL to deny write for Everyone

Just be aware that, amongst other things, ShellBags sub-keys in the registry stores your ‘View’ preferences of each folder you access.

So, if – like me – you prefer ‘Details’ view for all folders in preference to Windows’ default ‘Icons’ view then this preference is stored within ShellBags.

If you delete ShellBags keys in the registry – no matter what method is used – then Windows defaults back to ‘Icons’ view each time a folder is accessed.

Hope this helps…

Reply | Quote

[anonymous]

? says:

thank you, Rick Corbett,

according to the step 3 in the microsoft link:      https://support.microsoft.com/en-us/help/813711

“Create and then set the BagMRU Size to 5000 in the registry subkeys you created in step 2.”

i’m guessing that the folder changes (holding Details view) will then be restored?

Reply | Quote

[Rick Corbett]

anonymous wrote:

? says: thank you, Rick Corbett, according to the step 3 in the microsoft link: https://support.microsoft.com/en-us/help/813711 “Create and then set the BagMRU Size to 5000 in the registry subkeys you created in step 2.” i’m guessing that the folder changes (holding Details view) will then be restored?

The BagMRU Size value only determines the overall number of folders which are remembered. If you don’t set a size limit then the OS just keeps on remembering.

(We’re getting off-topic here so, if you want to discuss further, probably best to create a new topic.)

 

Reply | Quote

[TJ]

So you can delete the keys and restore them but then there’s a big chance all your settings are gone, right?
Then to only avoid the storage and sending of private files etc. this method requires a deeper knowledge of each key’s specifics.

Reply | Quote

[b]

There is no sending and no files (in this Windows 7/8/10 folders aspect).

1 user thanked author for this post.

TJ

Reply | Quote

[TJ]

(A late reply, but nevertheless:) Yes, I now see that I mixed things up. My bad.

Reply | Quote

[anonymous]

To kill the WebCache on system start (in standard path installation) create a batch file with the single line

Del C:\Users\{username}\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Place that in the Startup folder. For example, in my Win 7 Pro that is in

C:\Windows\System32\GroupPolicy\Machine\Scripts\Startup

Restart Windows. Find WebCacheV01.dat and check the date to ensure it works.

Reply | Quote

[Rick Corbett]

TJ wrote:

So you can delete the keys and restore them but then there’s a big chance all your settings are gone, right?
Then to only avoid the storage and sending of private files etc. this method requires a deeper knowledge of each key’s specifics.

If you delete the ShellBags record for a folder then the last recorded ‘view’ setting (of the 8 available view choices – small icons, large icons, list, tiles, details, etc.) is lost, as are the last screen coordinates (at each screen resolution you used).

This can be frustrating when you have a preferred coordinate setting (i.e. a particular screen position), have set your ‘most used’ folders to your preferred view (e.g. ‘Details’ view) then lose each preferred ‘per folder’ setting by deleting the relevant ShellBags record(s).

However, the next time you access the same folders, new ShellBags records are created, albeit with default entries and values for ‘view’ mode and screen coordinates.

As is apparent, these details have been tracked/logged for years, not just since the advent of Windows 10. Microsoft – and *only* Microsoft – knows if these details are sent to Microsoft.

Note that ShellBags records do *not* include any information about the actual *content* of a folder. If you work within a folder called ‘secret nuclear destruction project’ then sure, the folder’s name, type of view (one of the 8 previously noted) and last File Explorer screen coordinates will be preserved for the cops (and bucketloads of other info)… but not the incriminating content… ‘mwahahaha.doc’, etc. (just in case you’re working on world domination using Windows 10). 🙂

2 users thanked author for this post.

Cybertooth, TJ

Reply | Quote

[TJ]

Thanks for the comprehensive explanation, Rick.

Yes, I AM working on World Domination. Of Sense and Sensibility! 😉

Reply | Quote

[Rick Corbett]

TJ wrote:

Yes, I AM working on World Domination. Of Sense and Sensibility!

‘Puters just use 0s and 1s. If you’re really, really intent on World Domination then consider using an abacus… apparently the NSA just hates the sound of all those beads clicking. 🙂

1 user thanked author for this post.

Lars220

Reply | Quote

[Author]

Posts