Windows 10 Tech Preview keylogging - Cry me a river

Updated: December 5, 2014

The reasons why I haven't ranted and whined and spread fear about the alleged story of a keylogger in Windows 10 Technical Preview are many. One, instead of writing populistic articles designed to spread panic and garner clicks, I focused on actually studying the problem and deciding whether it is a problem. Two, I wanted to let everyone else write whatever they want, and then give you a calm and calculated outlook on the issue at hand.

We had the same thing with the NSA surveillance, and let's not forget the rumors about the Secure Boot thingie, which turned out to be not as biggie as everyone made it. Then, Heartbleed was another hot topic. Now, Microsoft is once again in the crosshairs, and that's because they want to collect data during a beta program. Let's elaborate.


Note: Image taken from Wikimedia, licensed under CC BY-SA 3.0.

Hidden agenda, not

I like honesty. It's very important, this thing called honesty. For instance, if Mozilla were honest about their decision to include ads in the new tab page in the form of sponsored tiles, I wouldn't have said a single bad word. But they chose to wrap the whole thing in marketing slogans using phrases like exciting and enabling user experience that set off my bullshit klaxon.

Then, I'm also mostly a Linux user. I make bread and sweatmeats and pies out of Linux. Therefore, I have no vested interest defending Microsoft and their decision. For example, I completely hate the moronic product they call Windows 8.1, and I turned to be totally right that this was going to fail, and fail it did, and now we have Windows 10, which has given us back the Start menu. But even I get pissed off when people single out Microsoft just because they happen to be what they are. A clumsy giant.


Ah, Windows 10. So what's the big deal? As it turns out, Microsoft allows anyone to download the Windows 10 Technical Preview for a whole year before the official release and test the new operating system. They disclaimed this free gift with a clearly stated and honest intention to collect user data - including keystrokes and audio recordings and other telemetrics and teleinchers and whatever else can be collected in a digital form off a computer - during the testing phase. Hence, you use, they collect. Honesty, good.

This transformed into a story about alleged - which is not true, because Microsoft clearly announced their desire to do exactly that - keylogging taking place in Windows 10, and how they were leeching off people's private information, passwords and whatnot. And a storm exploded across the Web, with tons of vehement opponents of this scheme facing the many staunch defenders on the other side of the fence.

So first thing first, Microsoft did not lie or deceive anyone. It's written right there, so if you do not like what they do with the stuff they give away for free, then you should not be using Windows 10 Tech Preview. Take it or leave it. Regardless of whether Microsoft is morally in the right or wrong to demand your private data in return for some free testing.

A matter of perspective

The notion of having a keylogger in your operating system is disturbing, because it is associated with malicious activities, and the kind of thing security companies want you to avoid. Well yes, you sure don't want your personal information out there, right?

All right. So how about this. Any smartphone or tablet application, when installing, will tell you what it supposedly wants and needs, in terms of permissions and access to user data and system functions. Many programs will tell you that they may go through your contacts, change your network configurations and other sensitive bits and pieces of your ecosystem. And yet, no one complains about this.

Android, perspective

On your smartphones and tablets, when you search using the voice function, or try to guess a song, your words, lyrics and your uniquely identifiable audio signature are all sent to the so-called cloud, where the data is processed in a distributed manner, in order to give you relevant results in a very short period of time. And yet, no one complains about this.

In order to use your smartphones and tablets effectively, you must be signed into an account of some sort, usually associated with the company selling you the product. This means anything you do is automatically associated with that email. For instance, were I to use my Samsung Note tablet to watch adult entertainment videos, the content would be somehow linked to the Gmail account that I used during the device setup. Can I use Android without this? Probably not. Indeed, no one complains about this.

However, when Microsoft decides to do this for a short period of time during a beta program, it suddenly becomes a big frigging issue. That's perspective to you. How Microsoft is treated, versus how Google or Facebook are treated.

If you use Facebook, even the text you write and decide not to post eventually is being retained on their servers, I read somewhere, and because it's on the Internet, it must be true. In essence, if you type down shit and then regret it, it is still kept somewhere, even though people reading your posts may not see them.

People voluntarily tag themselves and their friends in the photos they share. They voluntarily help image and video processing software tools and algorithms detect their faces in thousands of pictures readily available online to pretty much anyone. People actively write where they go, where they work and travel, the kind of food they eat, their hobbies, books, and still more. All of this goes way beyond a nerdy technical preview program that clearly states its intention and purpose. We're talking everyday, production consumer software that is so deeply rooted in personal space, it's practically one of those Middle Earth trees that walk. Bad analogy, but you get the idea.

Empty wall

My list of examples is endless. Software all around you demands your personal info. Companies have dedicated their entire business strategies to playing with your data and making money out of it. You participate like a willing little drone without batting an eye. All of a sudden, Microsoft is the devil for asking you a bit of technical information that can help them better a future product. This is not going to be a part of their final release. They allow you to keep using the operating system with a local account, and you're not forced to do any online integration. And yet, the Internet loses its shit. So, yes, more perspective. In fact:

People exaggerate highly improbable scenarios, and ignore and downplay daily issues. Everyone's terrified of nuclear reactors, when the total death toll from related accidents is less than 100 people to this day. Flu is barely a concern, and it kills millions every year. Accordingly, Microsoft's beta program is the devil. And self stupidity on social networks is a normal part of life, right, and we should continue tagging ourselves and friends and tell about the morning dump and #swag and #yolo and such shit.

The technical side of things

Of course, there's also the simple matter of what is really going on. Ignorance breeds fear. There's nothing like people inventing crap to fill in the gaps in their intellect and knowledge, and these are often worse than the truth.

Here, it's suddenly become a witchhunt, and you're being lubed by NSA, and it gets worse and worse, when in fact, we are merely talking about a beta product that you do not have to use, and in fact, you should not use on any of your production systems. Microsoft actually recommends you do not.

Furthermore, what is really happening under the hood? Do you even know? The thing is, before you can make a call, you need data, hard and solid facts. Otherwise, it's all pointless Internet crap, like most of the stuff out there.

Let's briefly take a look at the Windows 10 Task Scheduler. Under Windows, you will find an entry called Customer Experience Improvement Program. This one has several jobs scheduled to run every few hours, including two interesting lines called Consolidator and Uploader. If you look at their description, they clearly tell you they upload data and such. Then, if you look at the command line, there's an actual name of the executable file that runs and does stuff, including necessary flags.

Scheduled tasks, general info

Scheduled tasks, actions

Has anyone bothered firing up Wireshark and then running this tool to actually see what it does, what it uploads, where and why, whether the connection is encrypted or not, and what kind of data might be transmitted, if at all? Has anyone actually bothered doing this analysis on the Windows 10 box itself, and then also testing the network traffic by sniffing at the router or from a dedicated network sniffer? What about installing the software in a virtual machine and doing the same test? Of course not. Or if they have, there's nothing interesting report, because, well, there's nothing interesting to report.

Indeed, all of this may trigger red lights. Right? RIGHT? But now go to your Windows 7 box, and take a look at the Task Scheduler. It has the same entry, the same kind of tasks, it's all there. Almost identical. Aha! I got you there, didn't I?

Oh, what now, chumps? You did not notice that you might actually be sending kernel performance metrics to Microsoft daily? So their OS can be improved and become more effective? It's been like five years, and you've only discovered this now, after reading this article? The point is, no one really knows or cares, and nothing horrible is happening except general paranoia.

Back on topic, which is Windows 10, I have not seen one shred of evidence that points to anything even remotely accurate, which would help narrow down the technical discussion to sensible points. For example, is the data secure enough? Is Microsoft doing their best to protect this data? What kind of data is being collected? Is the connection secure, or are we talking plain text? Some people also mention IE data collection under the hidden AppData directory in your user folder, but my testing revealed nothing of the kind, and so I do not want to fuel any silly speculation until someone presents me with hard, scientific evidence. Till then, it's just rumors and hyperboles.

However, you can - and should - go through the Windows privacy settings and tweak them to your liking. Do you let your apps auto-update, use your geo-location, picture and other personal data? Can your apps access your camera or microphone? Have you actually gone through all the options and made sure the system is configured to your liking?

Microphone settings

Worst case scenario

Now, let's assume that Microsoft does collect quite a bit, including passwords. If you have deployed Windows 10 on a test box, like a sensible geek that you are, then they will know the password to your Wireless networks. Good. Now, they only need to triangulate that with your IP address, your network provider, narrow it down to your actual home or work address, send a SWAT team with a laptop, and they will be able to hax0r your network.

They might also know you watch pr0n, or that you have several computers in your home, some of which have highly private and secure names like COMPUTER1 and WIFE. Then, they might also know you have opened three PDF files and all those images that you upload to Facebook anyway. And so it goes.

If you are using Windows 10 on a production box, you do have a bit of a problem. You're not very smart. On top of that, Microsoft may now have your actual bank account password, and they sure need it, because they are running fiscally low now.

The last piece is serious. Not because Microsoft might collect that data. But because digital data is volatile and highly mobile. It could, if stored, fall into the wrong hands, by accident or luck or mistake or whatever, and then, Microsoft is going to have a much bigger problems than nerdy rage. Which means they ought to take the data collection program very seriously, for the sake of their own business reputation. And that alone should satisfy your inner demons. Money is the best motivator. And that's actually the ONLY thing that is important here. How is Microsoft going to protect the data. The rest is bullshit.


Windows 10 Technical Preview is a great way of getting enthusiastic power users acquainted with the new operating system by Microsoft, and it allows the vendor to improve the product toward the final release. The terms of use are clear and stated upfront, so no one can pretend they are stupid and clueless. It does not make the license agreement or its terms fair, noble, pure or anything else, but there's no deception here, and no hidden agenda. You sent Gmail invites to all your friends back in 2005, and Google mapped your entire social circle before there was any social network out there. So chill out. Relax. It's all good.

You should remember that the TP is all about beta testing. There's risk involved, so keep it off your production systems, for a hundred different reasons OTHER than the actual data collection thingie. And keep in mind the way your data might be handled. If you are aware of this, then you are in control of what you do. Like anything else on the Internet. If you know this, then all is well, and you can sleep quietly. We're done.


You may also like: