Tag Archives: Spyware

Stop Data-Mining Part 1:


Hey All as Promised Here’s More on Win10 Data-Mining

There’s been a lot of shit splatter over W10’s privacy . Sooooo, here’s a few methods to have a relatively more private, safe experience, and to slow the data mining that occurs in Win10. The trade off is disabling some of W10’s so called features.
All settings and tweaks in this article can be easily Undone if you decide to later on.
(beats me why anyone would though)

You may be thinking Huh! how bad can I be being mined?
Well How about we take a peek and see ok? Let’s Open up the Command Prompt by launching CMD as an administrator, and then enter the following:

netstat /a 5

This will run all show all connections to your PC and refresh the list every 5 seconds. You can sit and watch this WITHOUT touching the keyboard for a few minutes and suddenly MORE connections will become active magically LOL. Better yet even more magic occurs if you use your mic or search your PC! A much better way to check this out is to, Open up the Command Prompt by launching CMD as an administrator, and then enter the following:

netstat /a 180>"%SystemDrive%\Users\%username%\Desktop\Results.txt"

This is the same command with some tweaks! It refreshes every 3 minutes instead of 5 seconds and also saves the data to a text file named Results on your desktop. Yes, much easier to review this way. So run this command go have a coffee come back. Ok welcome back. Now Close the Command Prompt window. Next find the Results file sitting on your desktop open and review it.
WOW Huh?
I’ll bet your feeling a bit?Seeing Stars
After seeing that maybe you wish to proceed or just want to read this article. Then let’s get busy.

Basic Fixes

Before / During Win10 Installation
Do not use Express Settings! Select Customize, and make sure EVERYTHING is turned off.
I strongly recommended that you use a Local Account not a Microsoft account.

After Installation
Well this is probally most of you huh? If you are trying to be invisible you’re on the wrong OS period! That said we can make it a PITA to get your info. (Oh PITA = Pain In The Ass). Ok here’s the basics.

Settings > Privacy
Disable everything under EVERY TAB and list item, unless there are some things you really need i do not know what or why, but it is your PC and info. Be sure to be very thorough checking every setting and every link making sure you scroll completely down each page!

Things to Note:

  1. While within the Privacy page, go to Feedback, select Never in the first box, and Basic in the second box. Settings > Update and Security > Advanced Options > Choose how updates are delivered, and turn the first switch off.
  2. Disable Cortana by clicking the Search bar/icon. Leaving this on you may as well not bother with any of this and go on your merry oblivious way. Some information mined by the app includes your contacts, calendar, location, internet history and favorites, speech, inking and typing, and much more. (also any Previously collected data from Cortana will not be deleted.)
  3. Disable web search in Search by going to Settings, and turning off Search online and include web results.
  4. Deleting personalization data from the Microsoft servers, To delete more of the data collected ny Cortana, such as Notebook, Reminders, Places, go to the Bing Settings’ page. Using the account you are using on your computer, click the Clear button for both Clear personal info and Other Cortana Data and Personalized Speech, Inking, and Typing. In both cases, confirm the deletion.
  5. Change the name of your PC by Right click on Start, select System in the menu, then click Rename This PC.

You may have noticed that microsoft is so brazen they name the file Autologger lol.
Telling us all Hey look we are collecting all your data! Rasberry

  1. Let’s Open up the Command Prompt by launching CMD as an administrator, and then enter the following:
    sc delete DiagTrack
    sc delete dmwappushservice
    echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl

  3. Next Open up the Group Policy Editor by launching gpedit.msc as an administrator. Go through:
    Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds.
    Double click Telemetry, hit Disabled, then apply.
    NOTE: This supposedly only works in the Enterprise edition. (cough cough)
    We will get to a decent enough workaround a little later in part 2.
  4. A little side note for the know it alls….
    There are 4 levels of telemetry in Win10.

    level 0: Security. (Enterprise, Education, and IoT Core editions, available to these versions)
    The claim is:
    A value of 0 (Security) will send minimal data to Microsoft to keep Windows secure.

    Level 1: Basic.
    Gathers a minimum set of data which is critical for understanding the device and identifying problems.

    Level 2: Enhanced.
    Gathers data about how you use Windows and its apps and helps Microsoft improve the user experience.

    Level 3: Full.
    Gathers all of the above information and any additional data that may be required to identify and to help fix problems.

    So all in all, EVERY version of Win10 uses telemetry and collects data!
    What is collected Microsoft deems appropriate NOT YOU!
    Regardless of your settings or supposedly being disabled through them!

  5. While still in the Group Policy Editor, go through
    Computer Configuration > Administrative Templates > Windows Components > OneDrive
    Double click Prevent the usage of OneDrive for file storage, hit Enabled, then apply.
  6. While still in the Group Policy Editor, go through
    Computer Configuration > Administrative Templates > Windows Components > Windows Defender
    Double click Turn Off Windows Defender, hit Enabled, then apply.
  7. Next Open up the Registry Editor by launching regedit as an administrator.
    Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection
    Select AllowTelemetry
    Change its value to 0, then apply.

To be continued with even more hairy protection methods in Stop Data-Mining Part 2:

Including Batch files (Bat) for you to create hosts redirect and firewall rules to stifle Microsoft more. Without system errors. And UN-Do files of each. With Extra bonus prizes of alternate applications for Win10 built-ins.

OH WAIT!…. A Last Second Add On Fix… Facebook On The News
The media PSA release from Facebook on how to disconnect your apps leaves out the fact that Win10 users are vulnerable.
Is this by accident or deliberate who knows? As usual they feed you a pile of – Crap
Some of you may want to disconnect from The Latest Facebook screw up.
Unlike Facebook as a whole even!
So here is a quick add on to Manage the linked accounts:
On the top right corner of your Microsoft profile page, you can see the social networking accounts linked to your Microsoft account, under Manage your accounts. Select Facebook or any other connection you want gone, bah-bye, adios then Click on
Remove this connection completely to remove the account from Microsoft.

That said I have used my allotted Bytes so I am outta here.

Published: March 26, 2018

Getting Rid Of Ads!


Sick of Ads on everything!

How do they find me?
How do they know what i was shopping for?
I will try to answer some of these questions here.

How Does It Work?

NAI (Network Advertising Initiative) companies help advertisers show relevant ads — matching these ads with broad interest categories or groups like male clothing shoppers 25-34 or car buyers in Illinois. NAI members distinguish between visitors to a site and users of an app, assigning them to broad interest category groups using information such as the types of websites visited or the demographics of people who use a certain app. For NAI members, IBA/CAA is not about you as an identifiable individual. Instead, NAI member companies make educated guesses about the preferences and interests of consumers like you.

How do I get placed in interest categories and groups?

The basic way you are placed into an interest category or group on a browser is based on your visits to websites. Let’s say an NAI member company partnered with a clothing retail website that you visit. That NAI member would assign an ID to your browser usually by storing a unique ID number in a text file or cookie on your browser. This is then matched to a “clothing shopper” category by pairing that ID number with interest categories/groups in an online database.
So your
Unique ID Number: 871749823
has the additional pairing of
Matched Categories Male, Age 25-34, clothing

Other information can be used to match you into a group, as well. For example, if you have previously purchased blue jeans and shirts from a website. That website would tell the NAI company to also match:
jean buyer and shirt buyer to your assigned ID.

On mobile apps, the process is similar but it uses a different set of technologies.
The mobile operating system you use, like Android or iOS, is likely to provide an identifier specifically for advertisers to use. This Mobile Advertising Identifier functions similarly to a cookie. It enables advertisers to identify your behavior across apps, without needing to use a more permanent phone or tablet identifier. Most of these identifiers include privacy options that allow users to reset the assigned identifier or to opt-out of Cross-App Advertising. To do Cross-App Advertising, the NAI member may work with an app so that it can send them information relevant to your preferences. For example, if you open an app to look for highly rated local pizza parlors, that app may tell the NAI member that a user with your device identifier may be interested in Pizza, and that the user is in Bumf#ck Iowa. This information may be used to show ads for more local pizza joints.

Mobile Device Identifier 3966239-23ZZ-944A-B3C4-8EYUBVBVFISBBS
Matched Categories Male, Age 25-34, Pizza, Bumf#Ck Iowa

How do they find me?

Do you ever see an ad that’s specific to the city you are in? NAI members may sometimes use your location to make sure they don’t serve ads for Bikinis in Alaska or for Winter Coats in Hawaii. So how do advertisers customize ads based on your city,region etc? They use your IP address, assigned to your computer or device on the Internet. You know what they are; they look like this: Basically its your computers Social security number. assigned to you only and associated with general area that your located. Your ISP Internet service provide is based in your general area for starters. Like if you live in Maine your isp is Comcast and they are located in Biddeford Maine. There thats a general location. That is how NAI members sometimes use this information to show ads customized to your region.

Browsers and mobile devices now also include numerous technologies to identify your location, including GPS (Global Positioning System), WiFi triangulation, and iBeacons. These types of location tend to be more precise (like the phone you lost is at Dunkin Doughnuts on Belch St. Moronsville Wyoming) than a location derived from IP Addresses. NAI members are required to obtain Opt-In Consent from you if they want to store your precise location for ad purposes.

How do they know what i was shopping for?

Is there a pair of sneakers popping up as you surf the Internet?
A collar for your pup you’re seeing advertised on several different websites you’ve been browsing?
WTF? How does this happen?

Well the process is basically the same as getting categorized, as described above. Instead of a broad interest category, it is specific product like Blue Jeans or Lawn Tractor This is called Re-targeting. All of NAI’s crap on Interest-Based Advertising and Cross-App Advertising apply this practice. Let’s say you shop for a Zircon Encrusted Tweezers. The website you shopped tells the NAI member it works with to assign a ID they claim is (pseudonymous IE: fictitious) and associate that ID with that particular brand and style of Zircon Encrusted Tweezers. Now, that retailer will know to advertise the exact Zircon Encrusted Tweezers to you. This process does not require retailers to know anything about you as an individual, only someone using that browser wants Zircon Encrusted Tweezers. Advertisers place bids to reach thousands or millions of people that are interested in Zircon Encrusted Tweezers.

Ok Ok I know your not buying a Zircon Encrusted Tweezers, but you get my point of how this in my opinion ABUSE of cookie and GPS tech. is way out of hand. Most of the CLAIMS made by these companies is plain old BS. They think the rest of the world is full of morons and idiots that believe anything. (hence Obama..different topic) Our site AIM (angelinmaine.com) uses cookies. But we do not sell or track or store your info for monetary gains. When you check remember me or leave a menu setting a certain way. Our site sets a cookie only on your computer or device to remember what you typed in for you. They also delete automatically in 30days even if you don’t delete them.

Now how do i get these Bullsh!t ads out of my life?

Well hate to say it but you won’t, but…. we can sure crush a lot of them. So lets get busy. We will start off with basic ad killing before we get into heavy snooping like Microsoft does (more on that a little later) First Deleting your cookie every time you close your browser is a PITA (pain in the ass). You have to re enter user names over and over. So we go to the source and stop it that way.

Roll up your sleeves, folks. It’s time to start silencing those annoying ads and block the data mining.

How to opt out…

OK, here’s how to take control of some of this stuff. Nope, this is not really simple, although if you take a WTF approach it doesn’t take long to set everything to BE-GONE. If just prepairing to install Windows 10, you can kill off most of this by declining the Express settings then choosing the options yourself, refusing any request to let the OS or apps access your location and turning the Cortana search assistant off. If you already installed, well sh!t, you’ll need to do All of the following. Even if you were super-cautious (paranoid even) during setup, make sure to follow step 3.

  1. Go to Settings – Privacy: then go through all 19 Screens there, turn anything of concern off.
  2. The biggest, most universal settings are under General, while the other screens let you choose which apps can and can’t access your calendar, messages, camera, mic, etc. There may well be stuff you may want to leave on – for instance, If you want Windows Calendar app to access my calendar data (obv), You just don’t want it to sell that data when on because you don’t want to be bombarded with flower,chocolate, and diamond sale ads when it’s the Mrs. birthday. Also your Unique Advertising ID Number (explained above) is under the general tab Let apps use my advertising ID for experience across apps(turning this off will reset your ID)

  3. Depending on you, you may want Cortana’s head ripped off then goto Search settings and turn off everything there.
  4. Now you have just a basic file search now, as you killed off suggestions, Otherwise you would be locked into Bing and part of your processor is forever dedicated to listening for voice commands you will never use.

  5. This is crucial set both options to Off. The Personalized ads wherever I use my Microsoft account which is the root of all this, leaving this on Windows 10 becomes a server for targeted ads.
  6. If you set up Windows 10 with a Microsoft account, i know it nags the ever living sh!t out of you to do so with horsesh!t about synchronized files and settings and a OneDrive cloud account during installation, all that Bullsh!t means your OS is signed into that account at all times (think about that). Windows 10 itself is spy ware, not just the apps or pages that you’re signed into. But notice that after a little time go back to that page, the “Personalized ads in this browser” setting has miraculously turned back on again. This is exploiting sessions deliberately as an excuse to reset.

  7. Remove your Microsoft account and use a local account instead. Go to Settings – Accounts – Your Account
  8. This will slow the harvesting, you’ll lose some features like settings synchronization across your PCs and more nagging from stuff Windows Store and OneDrive tho. No biggy i think.

  9. Now goto the freaking source The NAI – Network Advertising Initiative and use the consumer OPT OUT page (which is widely publicized … yea sorta)
    Click the Manage My Browsers Opt Outs this will start the scan.
    Then Click Opt Out Of All and Submit Your Choices
    For Android Click The Learn About Mobile Devices Opt Out
    For An Android App GoTo DAA – Digital Advertising Alliance
    Another Of The 8 Agencies Involved

  10. http://youradchoices.com/control
  11. Note: The Other Agencies are:

  12. Get a pop-up blocker beyond the selective one built into your browser.
    Mongo Suggest: These Are Free btw.
    Stop Ad
    Available for Android,iOS,Windows
    AdBlock Plus
    Available for Android, Chrome, Firefox, Internet Explorer, Maxthon, Opera, Safari and Yandex

Multiple PCs with Windows 10?

Yep do this sh!t to all of those lovely machines, they do claim your Microsoft account OPT-OUT should be universal (ummm ok BS). None of this means fewer ads, but it stops so much information about you being gathered and sold, the ads you do see won’t be relevant to what algorithms have decided your interests are. Windows now has a full blown ulterior motive as you can gather. More or clearer options, may become available, depending on how many people get pissed off at Microsoft about this.

But wait, there’s more…
Oh F me C’mon.

Yup! Windows has way more data mining going on inside.
This is a but small example of the Microsoft and other data mining connections.
I will discuss this and give you the super paranoid edition ways of stopping it!
More on this sh!t soon!
Have Fun,

Published: January 16, 2018

What? Phishing?


Phishing attacks are more rampant than ever before, rising by more than 162% + over 4 years.
The cost worldwide is $4.5 billion every year and over half of internet users get one phishing E-mail per day minimum.
The best defense against phishing attacks is to block malicious E-mails before they reach you is using DMARC
(Domain-based Message Authentication Reporting and Conformance) standard.
Also users (business etc.) that offer E-mail data revealing attacks beyond DMARC (e.g., attacks that fake a brand using domains outside of the brand’s control).
Unfortunately, some phishing E-mails will always make it to the inbox.
And those messages are extremely effective 97% of people cannot
identify a sophisticated phishing E-mail.
That’s where this article comes in.

How to identify a phishing or spoofing E-mail. Share this freely with your friends and co-workers etc (maybe the boss will reward you ;P ).

Don’t trust the displayed name
A very common tactic among thives is to spoof (fake) the display name of an E-mail.
More than 760,000 E-mail threats targeting 40 of the world’s largest brands and found that nearly half of all E-mail threats spoofed the brand in the display name.
Here’s how it works: This asshole phisher wanted to spoof the brand “Bank Of America,” so the E-mail looked like this:

Below is a actual phish email I received.
Notice it’s not from bankofamerica.com but from “urgentaile.com”.
See the general non-personal greeting, then the spelling and grammar. LMAO Nice try moron!
(I forwarded it to abuse@bankofamerica.com so they can deal with the lame ass phisher.)

Since Bank Of America doesn’t own the domain “Urgentaile.com,” DMARC will not block this E-mail on Bank Of America’s behalf, even if Bank Of America has set their DMARC policy for bankofamerica.com to reject messages that fail to authenticate. This fraudulent E-mail, once delivered, appears legitimate because most user inboxes only show the display name. Don’t trust the display name. Check the E-mail address in the header from if looks suspicious, DO NOT open the E-mail.

Look but don’t click

Hover your mouse over any links embedded in the body of the E-mail. If the link address looks weird, DO NOT click on it.
If you want to test the link, open a new window and type in website address directly ratherthan clicking on the link from unsolicited E-mails.

Check for spelling mistakes

Brands are pretty serious about E-mail. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your E-mails carefully and report anything that seems suspicious.

Beware the greeting
Is the E-mail addressed to a vague “Valued Customer?” or “Your Account” If so, be careful legitimate businesses will mostly use a personal greeting with your first and last name.

DO NOT give up personal information
Legitimate banks and most other companies will never ask for personal credentials via E-mail. DO NOT EVER give them.

Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “Account Has Been Suspended” or “Unauthorized Login Attempt.”

Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phishing E-mail. Legitimate businesses ALWAYS provide contact details.

DO NOT click on attachments
Malicious attachments contain viruses and malware are a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. DO NOT open any E-mail attachments you weren’t expecting.

DO NOT trust the header from E-mail address
Phishers not only spoof brands in the display name, but also spoof brands in the header from E-mail address.
Return Path found that nearly 30% of more than 760,000 E-mail threats spoofed brands somewhere in the header from E-mail address with more than two thirds spoofing the brand in the E-mail domain alone.

DO NOT believe what you see
Phishers are extremely good at what they do. Just because an E-mail has convincing brand logos, language, and a seemingly valid E-mail address, does not mean that it’s legitimate.
Be skeptical when it comes to your E-mail messages if it looks even remotely suspicious, DO NOT open it.
Now for the what can you do part!

How and where to report phishing emails and texts.
Forward phishing emails to spam@uce.gov also to the organization impersonated in the email. Your report is more effective when you include the full email header, but most email programs hide this information. To include or possibly copy and paste the raw message in the forward. You can Go to Options, then General Preferences, scroll down to Messages, and select “Show All Headers” or right click on message title and select “View raw message”. These are two common methods. Find out your email servers if neither of these apply.
This is what typical spam titled “Enjoy 90 Days of Proactiv+ & FREE Shipping!” header looks like.

X-Apparently-To: me@yahoo.com; Wed, 19 Jun 2017 00:13:12 +0000
Received-SPF: pass (domain of cagcom.com designates as permitted sender)
X-YMailISG: slxzLYUWLDvxrlNh9bEjUJwuD87aCVjWz1UgEy5wKJemEjhS
X-Originating-IP: []
Authentication-Results: mta1312.mail.gq1.yahoo.com  from=cagcom.com; domainkeys=pass (ok);
from=cagcom.com; dkim=pass (ok)
Received: from  (EHLO updates-182-229.cagcom.com) (
  by mta1312.mail.gq1.yahoo.com with SMTP; Wed, 19 Jul 2017 00:13:12 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=cagcom.com;
 bh=tc92wij1mQSFhJrbEe/J9S3rwmU= ;
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=cagcom.com;
   jVXhN8RJVyH9kZzUxE0= ;
Date: Tue, 18 Jun 2017 23:42:46 +0000
Return-Path: bounce@cagcom.com
To: me@yahoo.com
From: Proactiv+ 
Reply-To: explore@cagcom.com
Subject: Enjoy 90 Days of Proactiv+ & FREE Shipping!
MIME-Version: 1.0
Content-Type: multipart/alternative;
Content-Length: 1329

Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Enjoy 90 Days of Proactiv+ & FREE Shipping!

Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<?xml encoding=3D"UTF-8"><!html><!head><!/head><!body>
<div style=3D"text-align: center;">
<div style=3D"border: 0px solid #eee; width: 600px; height: 881px; max-heig=ht: 803px; min-height: 803; margin: auto; overflow: hidden;"><img src=3D"ht=tp://cagcom.com/uploaded_images/1/1_face.jpg" usemap=3D"#face"><map name=3D="face"><area target=3D"" alt=3D"" title=3D"" href=3D"http://amaog.com/?nc2u==3DbtJ%2flSnfWXQNT379mLX6BT4tUhOhPMOu&s1=3D" coords=3D"7,3,574,664" sha=pe=3D"rect"><area target=3D"" alt=3D"" title=3D"" href=3D"http://amaog.com/=?nc2u=3DbtJ%2flSnfWXQNT379mLX6BT4tUhOhPMOu&s1=3D" coords=3D"323,704,462= ,728" shape=3D"rect">3D""</map><center>
<blockquote>Safe to view your Message.</blockquote>
<div style=3D"display: inline-block;"></div>


File a report with the U.S. Federal Trade Commission at FTC.gov/complaint.
Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.

You can also report phishing email to reportphishing@apwg.org. The Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions and law enforcement agencies, which report here to fight phishing.

Hope this helps keep some of you safe!

Published: July 2, 2017