
Remove anti-privacy, anti-security, and general nuisance “features” from Win 10 - luu
https://github.com/dfkt/win10-unfuck
======
shocks
I unfucked Windows 10 by installing Fedora instead.

This is the first time in probably four years that I'm using Linux on my main
desktop again, and it's been a pleasure. Things like SLI and dual monitors
_just work_ \- I remember last time I had a Linux desktop these things were a
nightmare. A surprising amount of my games on Steam (152 of 400) support
Linux.

Zero regrets so far!

edit: Sorry, I didn't mean this to become a Linux bragging post. This looks
like a great project! I appreciate the effort people are putting in to making
W10 usable.

~~~
thejosh
I'm kind of sad games work so well, because recently my time has been sunk
into playing Civ 5 again!

~~~
shocks
Heh, I know that feeling! My vice atm is Cities: Skylines.

I'm honestly really surprised how smooth the transition was for me. I expected
it to be a bit rough - I only did the install telling myself "I'll give this a
go for a week or so" \- but I really can't see myself moving back any time
soon.

Even sleep works - and it works better than it ever did on OSX or Windows.

------
cautious_int
This is a lose-lose scenario. If you don't trust a closed operating system in
the first place, why would you then, after performing these steps, trust the
system that it really does what it says it does. The point is that you don't
know, and you can never be sure. The solution is to either trust or not,
switch or stay, there is no middle path, because any middle path implies some
amount of non-trust.

~~~
MaulingMonkey
> This is a lose-lose scenario. If you don't trust a closed operating system
> in the first place

I don't trust open systems either. I don't have the time to audit them. If I
did, I wouldn't trust myself to catch everything. I don't trust "enough eyes
make all bugs shallow" either.

Case in point: Canonical written "features" in Ubuntu, and OpenSSL bugs in
general.

> why would you then, after performing these steps, trust the system that it
> really does what it says it does.

Don't trust: verify with wireshark? Alternatively, trust the people who wrote
this to have run wireshark. Alternatively, "Trust but verify."

I generally trust Microsoft and FOSS to not be actively malicious on their own
behalf.

I trust neither Microsoft nor FOSS to do their privacy due diligence, write
perfect software, to be free of capitalistic or engineering pressure to add
privacy harming features, nor to be free from subversion by state actors (NSA
etc.)

What's your superior counter-proposal, under these conditions?

> The point is that you don't know, and you can never be sure.

Fundamental truth of computing, not "windows 10". I can't even trust the code
I write myself to be free of security or privacy issues due to my own mistakes
or lack of consideration.

> The solution is to either trust or not, switch or stay, there is no middle
> path, because any middle path implies some amount of non-trust.

I reject the thesis that trust is binary. Were I to accept it, I trust
_nobody_ \- everyone is vulnerable to being subverted by blackmail,
intimidation, making mistakes, etc.

Trust of system is also not the only factor influencing my use of a system. I
trust a deeply buried cement brick more than any computer, but I can't use the
web with it. I have _very_ different trust needs for my bank servers, my
workstation, my catstation, and my gaming console.

~~~
ekianjo
> Canonical written "features" in Ubuntu

Oh come on. Canonical did not hide what they were doing, and enabled an option
to disable it in the first place. You could try finding better examples than
that.

~~~
MaulingMonkey
> Canonical did not hide what they were doing,

Did Microsoft? This is news to me if so, and I'd be interested in reading up
on any sources for this you might have.

> and enabled an option to disable it in the first place.

Microsoft added several options to disable things. While I certainly agree
that those options have some gaps and/or are outright bugged, I'm not
convinced there's any difference in intent or motivation, which is the bigger
factor to me when it comes to trust of character.

------
lmz
It's good to read the scripts first. You might want to use some of the
"features" this removes e.g. the Windows Store, the msftncsi.com host (network
status indicator / captive portal test).

------
w8rbt
What's the difference between a sensitive/private email being composed on a
smart phone or a Windows 10 laptop or desktop?

It used to be that only the smartphone knew your location, what you type, who
you are, who you are emailing, etc. The difference now is that desktops and
laptops running Windows 10 do too.

This seems to upset people, but the same people were/are OK with using smart
phones. I don't get it, of course I don't use smart phones either and have no
plans to use Windows 10. But when all my Android and iPhone friends complain
about Windows 10, I just scratch my head and wonder these things.

~~~
metric10
? The issue isn't that Windoes knows your location when you type an email,
it's that it sends all this information and much more to Microsoft. If I type
an email on my iPhone it doesn't get sent to Apple (unless, of course, I'm
using my iCloud email account).

Additionally, Apple is very clear which what they collect and what gets sent
to Apple. They go through it when you set your iOS or Mac OS X device up. It's
not hidden in some "advanced setup" link.

~~~
zimbatm
On OSX there are a ton on Apple services phoning home for all sorts of
reasons, all the time. Try installing Little Snitch some time and be amazed.
And I wouldn't be surprised to see the same on the iOS devices. Any Apple
device is super noisy on the network with just mDNSResponder alone.

Most of them are also for useful features, it's just that they are all talking
over the wire and potentially exfiltrating user information. I don't think
that people realize how much data is sent around all of the time.

Here is a non-exchaustive list just to give an idea:

* locationd -> gs-loc.apple.com:443

* apsd -> .push.apple.com:80,443,5223

* mapspushd -> .ls.apple.com:80

* UserEventAgent -> :80

* ntpd -> time.apple.com

* ocspd -> :80,443

* ...

I didn't put all services. Notice that some data is not even encrypted.

------
dingdingdang
Good effort for sure but I'm still really sketched out by the sheer amount of
monitoring crapware on Windows 10: what stops MS from re-enabling all of this
stuff?

After all you and I will need to leave auto-updating on default in order for
the OS to stay safe in Internet context. Which effectually means that MS can
enable/replace all of these services at any given time. I get that trusting
closed source code is always iffy but trusting closed source software that
-intentionally- sets out to monitor and document your every move seems a less
than optimal path to walk. Will stay on Windows 7 for now and if no better
offering comes along from MS I will move to a Linux solution (or even OSX if
my privacy stands a better chance of being protected than on Windows). Sad in
a way cause I'm fundamentally fine with Windows from a work perspective, it
gets stuff done for me.

------
cwyers
Like, this disables a lot of actual features -- the Xbox stuff, Windows
Store... I get some people don't use that stuff, but it's generalizing from a
local preference to a global one to call these "anti-features" and the like as
some in this thread have. Features you don't use are not the same as features
nobody uses.

Meanwhile disabling UAC so you can run a pile of batch files off the Internet
sounds like a terrible idea to me.

~~~
nej_simon
The batch files are small so it's easy to verify what they do at least!

~~~
cwyers
Even if one reviews them and finds them not actively malicious (which on
cursory review seems likely) there's still the question of how well they're
written. If I am not mistaken, the PowerShell script to remove the bundled
Metro apps (what's the deal with removing the Calculator anyway?) is littered
with wildcards. The bigger point is that you shouldn't be disabling UAC
anyway, and anyone who suggests it is immediately on my list of people I don't
fully trust.

------
arthurfm
The person who wrote the aforementioned batch files for Windows 10 also
created "firefox-tweaks" [1]. These also contain some very dubious and/or
irresponsible suggestions [2] which implies the author doesn't actually know
what they are doing.

[1] [https://github.com/dfkt/firefox-
tweaks/blob/master/firefox-t...](https://github.com/dfkt/firefox-
tweaks/blob/master/firefox-tweaks.txt)

[2] [https://github.com/pbiggar/firefox-
tweaks/commit/635779c7939...](https://github.com/pbiggar/firefox-
tweaks/commit/635779c79393d017a1a73dbc38e230546e724a35)

------
liw
A good word for these is anti-features, introduced by Benjamin Mako Hill.
[https://en.wiktionary.org/wiki/anti-
feature](https://en.wiktionary.org/wiki/anti-feature)

------
therobot24
I'm all for scripts to help set these things up fast, but never in a million
years will i download some random .bat file to just click and run. Especially
without documentation of each operation it's going to perform.

I know i can just read the code, but i'm not skilled enough with windows to
know if there's something else snuck in there or not.

~~~
lcswi
Is there no 'curl [http://example.com/script.sh](http://example.com/script.sh)
| sh' equivalent for windows? It's really popular among the typical
js/ruby/mongodb crowd so I guess it is safe and secure.

~~~
jholman
You might have been joking, or you might have been serious. If you were
joking, my reply is for the benefit of readers other than yourself.

Aside from the obvious risks of downloading and immediately executing internet
code, which are indeed risks but of course we all accept them on a regular
basis...

... and aside from the mildly more subtle risks that the HTTP server is doing
something sinister, e.g. with browser-agent, and so you're not getting the
code you think you're getting...

... even aside from these issues, curl-and-pipe-to-sh is dangerous because of
its failure modes.

[https://www.seancassidy.me/dont-pipe-to-your-
shell.html](https://www.seancassidy.me/dont-pipe-to-your-shell.html)

~~~
lcswi
I was sarcastic, thanks for that great link!

------
r3bl
Is it just me, or is this like third or forth open source program posted here
that does the same thing?

------
jetm9
does this contain fixes for things explained in
[https://news.ycombinator.com/item?id=10053420](https://news.ycombinator.com/item?id=10053420)?
i think listing what it does would be cool. because after that revealation
disabling everything and anything still may not be enough.

------
aluhut
Thank you! This is what a Windows solution looks like.

