This article is more than 5 years old

Security researchers have discovered that four recent updates to the Windows 7 and 8 operating systems allow Microsoft to collect a variety of usage information.

Microsoft has already come under fire for Windows 10, whose telemetry feature by default collects usage information from basic error reporting to more enhanced data – including the frequency with which certain apps are used, the memory state of a device if and when a crash occurs, and memory snapshots.

Indeed, some users have been so concerned about privacy on Windows 10 that they have deliberately held off upgrading.

Now Martin Brinkmann of technology blog Ghacks.net has found that four “upgrade preparation” updates for Windows 7 and Windows 8 have activated data collection processes similar to those of Windows 10, probably in the belief that users on these systems will eventually migrate to the newer version of the OS.

The four updates are as follows:

3022345: Update for customer experience and diagnostic telemetry – This update introduces the Diagnostics and Telemetry tracking service to in-market devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet been upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights.

3068708: (Replaced update 3022345.) Update for customer experience and diagnostic telemetry – This update introduces the Diagnostics and Telemetry tracking service to existing devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights.

3075249: Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 – This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels.

3080149: Update for customer experience and diagnostic telemetry – This package updates the Diagnostics and Telemetry tracking service to existing devices. This service provides benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights.

According to The Hacker News, the telemetry services created by these updates interact with the domains vortex-win.data.microsoft.com and settings-win.data.microsoft.com.

Originally, it was believed that these domains were hardcoded, meaning that the Hosts file was automatically bypassed. However, it has since been revealed that these new connections can be blocked via the use of software firewalls.

In order to remove these updates, the best advice is for users to choose not to install them in the first place!

If they have all ready been installed, users can refer to this guide here.

Clearly there are advantages to sharing information with your operating system. Regularly sharing crash reports and app usage can optimize a user’s desktop experience and make interacting with their device all the more personal and fluid.

However, if a user should want to opt-out of this type of arrangement, it shouldn’t take a registry change to do it.

Hopefully Microsoft and other tech giants will realize this fact as privacy continues to shape users’ expectations with regards to what their technology should and shouldn’t do.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.