Are Recent Patches to Windows 7/8 Letting Microsoft Spy on You?


PrivateThe recent debate over privacy in Windows now has an added component. Originally, privacy concerns were raised about new system reporting services that are defaults in Windows 10. However, it seems that recent patches by Microsoft to Windows 7 and 8.1 also involve the type of monitoring that many consider intrusive. Here is a quick survey of the new controversy.

Microsoft has apparently decided to add telemetry and data collection features to all its current operating systems from Windows 7 on up. These monitoring services have been implemented by recent updates to Windows 7 and Windows 8.1. These developments have been pointed out and discussed at forums like WinAero and Wilders Security.

Recent updates from Microsoft that are involved with adding monitoring are as follows:

  • KB3021917 Update to Windows 7 SP1 for performance improvements
  • KB3022345 Update for customer experience and diagnostic telemetry
  • KB3068708 (replaces KB3022345) Update for customer experience and diagnostic telemetry
  • KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
  • KB3080149 Update for customer experience and diagnostic telemetry

These updates enable the sending of system data and activities to Microsoft servers on a regular basis.

Also possibly involved are these updates involving upgrading to Windows 10:

  • KB2952664 Compatibility update for upgrading Windows 7
  • KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
  • KB3035583 Update installs get Windows 10 app in Windows 8.1 and Windows 7 SP1

At this point, no one outside of Microsoft can be sure that the eight updates listed above are the only ones that institute some kind of monitoring. These updates can be uninstalled from Control Panel. Scripts for removing them are discussed at the Wilders forum and at gHacks. Once uninstalled, the updates have to be marked as hidden or Windows will try to install them again. As of this writing, it is unknown if any unwanted consequences may result from removing any of these updates. Always back up first.

Although one body of opinion feels that the type of data monitoring that is occurring is standard operating procedure on the Internet nowadays and is something to be lived with, others feel quite the opposite. Wherever you stand, you will want to stay up to date about privacy issues and we will continue to follow developments and provide the facts you need to make informed choices.

Update 31 August - An article at Ars Technica by Peter Bright has helped clarify what kind of telemetry is going on. The monitoring does not seem to be all that intrusive but Bright makes the important point:

But we continue to believe that people who do not wish to be a part of such data collection should have a clear and unambiguous way of opting out, and these opt-outs should be rigorous. Disabling CEIP, for example, should not only prevent systems from sending CEIP data, but it should also prevent systems from retrieving even configuration data from Microsoft's own systems.

Update 9 September - Woody Leonhard has now published an article that adds further clarification. 

Get your own favorite tip published! Know a neat tech tip or trick? Then why not have it published here and receive full credit? Click here to tell us your tip.

This tips section is maintained by Vic Laurie. Vic runs several websites with Windows how-to's, guides, and tutorials, including a site for learning about Windows and the Internet and another with Windows 7 tips.

Click here for more items like this. Better still, get Tech Tips delivered via your RSS feeder or alternatively, have the RSS feed sent as email direct to your in-box.

Please rate this article: 

Your rating: None
Average: 4.7 (61 votes)


Several of these appear to be resisting removal. KB2990214, KB3021917 & KB3022345 do not offer the uninstall button that the others do. KB2952664 appears to be uninstalling but remains on the list when the process is complete. Is there another way to remove these intrusions?

Snowden gave you the proof Micrsoft has put back doors in windows for the NSA. Look it up in Snowdens PDF's.

I'm running vista.any ideas whyim getting diverted to Microsoft windows 10 from my search bar on Firefox.have not long updated 20 updates for Microsoft.theyre a pain in the ass .Linux looks like the way for me

Yet another reason to move to a Linux distro. BTW, MS ICE (Image Composite Editor) is an excellent panorama tool, but it, too, "phones home" to MS (to share photo at their site, to get ads). Again, thanks for listing these security issues.

This is a load of FUD. It's my understanding that these updates simply enhance the CEIP component and don't even come into play unless that feature is enabled (it's disabled by default).

What is the source of your "understanding"? Do you work for Microsoft? Could you please document the exact purpose of the updates? Can you tell us what the Customer Experience Improvement Program (CEIP) actually does? How does the "experience' of a customer get "improved"? Wouldn't monitoring what the customer does be necessary in order to "improve" their experience? Labeling concerns as FUD without explanation is not helpful. Instead you could do the PC community a service by making it clear for average users what these updates are for. And no - vague terms like CEIP are not an explanation.

I submitted my comment mainly because I'm sick and tired off all the FUD, conspiracy theories and general paranoia associated with all this, not to mention the sensationalist headlines. I have the utmost respect for Martin Brinkmann over at Ghacks but, on this occasion, his article is also misleading and includes poor advice.

I could expand on my 40 years background in the industry but not much point really, it's easy to claim but difficult to prove. I also omitted much of the background purely for the sake of brevity.

An extract from the exact same Ars Technica article that you quoted from says this: "most or all of the traffic appears to be contingent on participating in the CEIP in the first place. If the CEIP is disabled, it appears that little or no traffic gets sent".

Can't be much clearer than that, yet, apparently, you chose not to include that vital piece of information.

As for "CEIP" being a vague term; well you included the exact same term (in the quote from the Ars Technica article) and did not see fit to expand on it. I was merely following suit.

Going on the attack does not necessarily make you right Vic.

Users have a right to be concerned. Microsoft isn't being completely transparent and upfront about what the updates do. Do you deny that? Why do you think Martin Brinkman and Peter Bright wrote these articles? Just to spread FUD? You say you have 40 years of experience and you seem to imply that that qualifies you to describe this as FUD and paranoia. Good for you. You should try to understand as well that not everyone has the benefit of "40 years of experience", and not everyone is as "smart" as you to be able to figure out what these updates are about. Nobody would be concerned if everything was clear in the first place, is that so difficult to understand?

Sure, I can fully understand and appreciate users' concerns but that just re-enforces the need for tech blogs to accurately report ALL the facts.

If you Google "Updates for Windows 7 and 8 add spying", you'll see dozens of links to stories all saying the exact same thing. These tech blogs are not researching or investigating, merely replicating. Why? Because it's a good story. Nobody would care if these updates were being reported as harmless, that does not constitute a headline. On the other hand, reporting that they are somehow sinister is almost certain to elicit clicks and comments. And that, my friend, is spreading FUD.

Peter Bright's Ars Technica article is one of very few which actually puts a balanced and level-headed spin on this - I quote again:

"most or all of the traffic appears to be contingent on participating in the CEIP in the first place. If the CEIP is disabled, it appears that little or no traffic gets sent."

Peter also does not have a problem with the data collection per se and does not see it as spying:

"Collecting information about application errors and the way the operating system is used is reasonable. Having an accurate picture of how people use the operating system is likely to produce a better platform in the future; knowing which applications crash, and why, is obviously invaluable if those apps are to be fixed."

That is what I would call responsible reporting. Did you even read his article?

Since you think Peter is the most credible I'd suggest you reread the last paragraph of his article.

You forgot the NSA back doors. I'm an American, and have nothing to hide. But I still run an open source operating system, not Windows or Apple. Bonus: it's better.

Microsoft under its new much-lauded Chief Executive seems determined to get itself black-listed by every computer owner who values their privacy as a right, not a luxury. The Redmond outfit is still attempting to paper over the deceit of pushing out "critical updates" that existed only to assist Microsoft in placing stuff on your computer to promote Windows 10. Friends in the US tell me that Redmond has so far only escaped sanction because it was punting something-for-free, not paid-for -- but that it still isn't out of the woods where that deception was concerned. If it is the case that the company is now seeking to amass data to which it is not reasonably and legitimately entitled, then Microsoft's stockholders need to be ridding themselves of the new man at the top -- and a darn sight quicker than Balmer was de-throned. Ultimately, it's Microsoft's stock price which will suffer as many another follows David Roper's example and decides that if Microsoft is guilty of spying on its customers, then it doesn't deserve any customers, any more.

Hasta la Vista, Microsoft! Gizmo has the answer right here:

Once again Vic is doing some great research for us. Personally I think spying is only going to become more pervasive in the future. The real issue isn't the spying itself but the lack of transparency of those engaged in it. Companies like Microsoft that refuse to be up front about their data collecting are only going to succeed in driving away potential customers as David Roper has indicated.

I am in total agreement with that. If I find it to be true that updates marked as critical are indeed "phoning home", without full disclosure on the part of MS, I would think that organizing a boycott of Microsoft Windows 10 would be in order.
I have never organized a global boycott before, but I learned from the best, and I think it might work. Depends whether anyone comes up with proof that MS is spying in this rather creepy way.

Updates to Win 7 and 8 - if they add spying - are going to be a MAJOR reason that I move to a distro of Linux. I am on Win 7 now and already my HDD light stays on 99% of the time for some reason. I have deleted Apple's Bonjour but that didn't do it.