Microsoft

6 search engines that abuse your privacy (and 3 that actually preserve it)

The following is a share from the folks over at @Techwarn – Enjoy

With the rise of modern browsers, search engines have become seamlessly integrated into our internet experience. Gone are the days of typing out “www.google.com”—now one only needs to type a query into the search bar (or address bar, in many cases), and in come the results.

Because of this streamlined experience, we’re less likely to think critically about what search engines we use. On Chrome? Sure, Google will do. Internet Explorer? Take me away, Bing!

The problem with this laissez-faire attitude is that it has a sizeable effect on how we experience the internet. Not only do search engines vary in their algorithms, thus impacting search results, but they also have radically different privacy policies. Depending on who you’re doing your searching with, you could be putting random facts about yourself up for sale.

The Naughty List

Google

The scope of data collection: Enormous (don’t forget, Google follows you on YouTube)
Ads: Yes
Noteworthy characteristics: It probably knows everything about you *sinister laugh*

Google may be the most popular search engine around—in 2014 it hosted 67.5% of all searches in the U.S.—but it’s a terrible choice when it comes to privacy.

As the search engine’s privacy policy informs visitors, Google tracks just about everything, including your search queries, your IP address, your phone number, your hardware settings—and more!

According to Google, all of this data collection is done for the benefit of users:

“We collect information to provide better services to all of our users – from figuring out basic stuff like which language you speak, to more complex things like which ads you’ll find most useful, the people who matter most to you online, or which YouTube videos you might like.”

If that degree of intrusiveness makes you queasy, though, fear not: You can always make Google forget about you. You can also prevent Google from knowing your location data in the future by using a VPN extension on Chrome.

Once you clear your slate, you might also want to check out one of the search engine options on the Nice List.

Yahoo

The scope of data collection: Large
Ads: Yes
Noteworthy characteristics: Its affiliated email system was recently hacked

Things have not been good for Yahoo lately, what with the disclosure that some 500 million Yahoo Mail accounts were hacked. That event alone turned many privacy-minded individuals away from the company.

Yahoo’s search engine isn’t anything to write home about (it’s “powered by Bing”), but it does have an ad interest manager that lets you stop Yahoo from tailoring the ads you see. It doesn’t stop ads from appearing altogether, but it at least makes the browsing experience slightly less stalkerish.

Bing

The scope of data collection: Large
Ads: Yes
Noteworthy characteristics: It knows almost as much about you as Google does

The second most popular search engine in the U.S. (partially because it “powers” other search engines), Bing also records your search queries and other relevant information. However, because it is not integrated with as many popular platforms like Google (like YouTube), it could be seen as slightly less intrusive.

That still isn’t saying much. A visit to Bing’s privacy page paints a detailed picture of all the lovely things you share when you do a search:

“When you conduct a search, or use a feature of a Bing-powered experience that involves conducting a search or entering a command on your behalf, Microsoft will collect the search or command terms you provide, along with your IP address, location, the unique identifiers contained in our cookies, the time and date of your search, and your browser configuration.“

All in all, that’s some fairly identifiable non-identifiable information.

AOL

The scope of data collection: Large
Ads: Yes
Noteworthy characteristics: Filled with nostalgia for anyone online in the 90s

AOL (sometimes written as Aol.) is similar to Yahoo in that it is “powered by Bing.” It’s also similar to its purple competitor in that it faced a privacy scandal of its own: In 2006, the company published the search histories of 650,000 users.

Frustratingly, AOL’s privacy page is far less detailed than those of other search engines. Rather than giving you a list of exactly what data it collects, the page remarks, “We collect and receive information about you and your device when you give it to us directly when you use our Services, and from certain third-party sources.” There are no hyperlinks for further explanation, no pleasant footnotes.

Basically, use AOL at your privacy’s risk.

Ask

The scope of data collection: Large
Ads: Yes
Noteworthy characteristics: Its search toolbar is often bundled with other software, and it’s hard to get rid of

Ask (known as Ask Jeeves in another life) has grappled with its identity during its 20-year existence. Sometimes a question and answer site, sometimes pure search, it has lately slunk to the back of the pack in terms of volume.

Thankfully, it’s much more straightforward than AOL when it comes to letting you know what information it collects, including, “your mobile device’s geographic location (specific geographic location if you’ve enabled collection of that information, or general geographic location automatically).” Reassuring stuff.

What makes Ask a bit more aggravating, however, is its occasional role as a “browser hijacker.” Sometimes when you download an application from the internet, it will bundle in a “helpful” Ask search toolbar which you’ll install because you didn’t read the conditions when you were blindly clicking “Accept, Accept, Accept…” The result: Ask becomes your automatic search engine on all your browsers.

Even if such practices aren’t malware per se, they can still be pretty annoying, especially given all the data Ask can suddenly get its hands on.

Lycos

The scope of data collection: Large
Ads: Yes
Noteworthy characteristics: It’s still around

Lycos has gone through many iterations since the Dotcom Bubble and has even been sighted trying to spin off a brand of wearables. Will this new incarnation work? You be the judge.

Like other search engines on the naughty list, Lycos harvests a lot of data, including your IP, browser, and platform. It makes a point of saying that it collects “aggregate search terms,” which at least suggests that individual searches are not tied to your IP (hopefully).

The Nice List

Ixquick

The scope of data collection: Non-existent
Ads: No
Noteworthy characteristics: Open search results with proxy service

ExpressVPN is no stranger to Ixquick. The search engine has been wowing the privacy-minded since 1998, and despite having slower loading speeds than other services, it offers relatively strong results.

One feature that sets Ixquick apart is that it gives users the option to open search results in a proxy window, thus allowing them to view pages anonymously. The load times can be fairly slow, however, so it might not be practical for those on a deadline.

Ixquick takes a reassuring approach to privacy. The site proclaims, “You have a right to privacy,” and, “The only real solution is quickly deleting your data or not storing them to begin with.”

ExpressVPN wholeheartedly agrees.

StartPage

The scope of data collection: Non-existent
Ads: Yes
Noteworthy characteristics: The performance of Google without privacy infringement

StartPage is an offshoot of Ixquick that queries Google, basically acting as a go-between. That means you get all the power of a Google search minus the disclosure of your personal information. The only downside is that you still get ads, but at least they aren’t aimed at you.

StartPage, like Ixquick, offers a proxy option for exploring search results. However, it is still somewhat slow and sometimes results in page rendering errors.

Another great thing about StartPage? It stopped recording users’ IP addresses in 2009.

DuckDuckGo

The scope of data collection: Non-existent
Ads: No
Noteworthy characteristics: It offers a Tor service (3g2upl4pq6kufc4m.onion)

ExpressVPN previously reviewed DuckDuckGo and loved it. It doesn’t collect your IP address or other information, but it does record searches—it just aggregates them without affiliating them with other data.

DuckDuckGo is also unique in that it offers an onion service. This characteristic, along with its speed, makes it a top pick.

Of course, DuckDuckGo’s algorithm opts for the crowd-sourced over the corporate. A search on the current U.S. presidential election in the “News” category brought up Wikipedia articles as the top two hits, so be sure to look further down the list if you want more variety.

Source: https://www.expressvpn.com/blog/6-search-engines-abuse-your-privacy/

Microsoft is reportedly acquiring #GitHub

#Microsoft is reportedly acquiring #GitHub – and we are now expecting the announcement sometime this week.

New reports out of Redmond this weekend have Microsoft set to purchase the popular coding site GitHub. Bloomberg is citing “people familiar with the matter,” stating that the deal could be announced as early as tomorrow.

The new story follows similar reports late last week of discussions between the two parties. The deal certainly makes sense for Microsoft, as the software giant continues to actively court developers. As for GitHub, the company is said to have been “impressed” by Satya Nadella, who has actively courted coders and coding initiatives since taking the reins at the company, back in 2014.

“The opportunity for developers to have broad impact on all parts of society has never been greater,” Nadella told the crowd at his address during last year’s Build. “But with this opportunity comes enormous responsibility.”

Dramatic, perhaps, but acquiring GitHub would give the company access to some 27 million software developers — though not all of them are thrilled by the idea of GitHub being taken over by Microsoft.

More to come.

VMware, Windows 10 Customization Specification Not Completing

Here are details of my setup – in fact, I started over from scratch to document my steps.
This seems to be a new problem occurring with Windows 10, version 1709

 

Install of new VMware guest for the purpose of being a template

  1. Create new VM, named it windows_10_enterprise_version_1703
  2. Remove floppy drive
  3. Uncheck networking (for install)
  4. Mount ISO and enable, click OK to save settings

Install of OS on the guest virtual machine

  1. Boot newly created VM (windows_10_enterprise_version_1703)
  2. Step through the installation until completion
  3. Complete language settings to arrive at Windows desktop
  4. Enable the ‘Administrator’ account as its disabled by default
  5. Log out of installation user (the account I named ‘install’)
  6. Log into the ‘Administrator’ account
  7. Enter control panel, user and delete the ‘install’ user account.
  8. Install VMWare tools, Reboot once
  9. Shutdown

 

Prepare VM to be a template

  1. Edit the VM settings
  2. Connect networking
  3. Disconnect CD Drive
  4. Click OK
  5. Convert VM to a Template

 

Customization Specification Setup

  1. Create new specification, (I named mine Windows Desktop – DHCP)
  2. Applied registration information
  3. Computer Name – Use the virtual machine name
  4. Windows License – Left this blank (unchecked include server licensing information)
  5. Administrator Password – Set password, choose the option to automatically login as Administrator
  6. Time Zone – Set my desired time zone
  7. Run Once – Left this blank (blank for now, later intend on applying KMS details)
  8. Network – Use standard network setting (DHCP)
  9. Workgroup or Domain – For now just Workgroup and left workgroup name as ‘WORKGROUP’
  10. Operating System Options – Generate New Security ID (SID)
  11. Ready to complete – Clicked OK

Deploying template

  1. Right-click on the template – New VM from the template
  2. Gave a simple name – TEST01
  3. Selected Datacenter, Selected Cluster
  4. Selected Storage
  5. Selected Options (Customize VM) and (Power on the virtual machine after creation)
  6. Selected ‘Windows Desktop – DHCP’ from customized guest OS options
  7. Clicked Next, then Finish and wait …

 

Where things get stuck

  1. After the first boot, the guest gets an IP address from the network
  2. Customization starts in the background and system reboots
  3. When the system resumes I arrive at the following screen
  4. The system customization never completes, and I find my VM’s stuck at the “Let’s start with region …” screen

And, I’ll update this as soon as I find a solution, but for now…  I’m stuck

Log Shared via Pastebin:  https://pastebin.com/ETpuLX3U

 

Update: March 18, 2018

I’ve had others also test this using the latest ISO for Windows 10 – en_windows_10_enterprise_version_1703_updated_march_2017_x86_dvd, they too now encounter this same issue.  So the problem seems to be with the build of Windows 10 that was released.

I am going to download another build from MSDN and see if there is a change.

 

Update: March 19, 2018

I was able to get this working by way of reinstalling Windows 10 using the following ISO build: en_windows_10_multi-edition_vl_version_1709_updated_sept_2017_x64_dvd

Was even able to apply Windows updates and redeploy without error.

 

Hyper-V, and Automatic Virtual Machine Activation in Windows Server 2016

Windows Server 2012 R2 introduced a feature called “Automatic Virtual Machine Activation” (AVMA), and now in Windows Server 2016, this feature has been carried forward. This feature was primarily designed for Web Hosters but found usefulness in internal Hyper-V server for testing lab machines.

What is Automatic Virtual Machine Activation (AVMA)?

Automatic Virtual Machine Activation is a feature that handles the activation process for an instance of Windows Server inside a Hyper-V virtual machine so it does not need to directly contact any other system to activate the Windows Server instance.

AVMA is engineered to digitally facilitate the guest virtualization rights allowance of the Windows Server Datacenter license. If the physical host is properly licensed to run Windows Server Datacenter, then any number of virtual instances running the same or a lower edition and the same or earlier version of Windows Server is included.

Requirements for Automatic Virtual Machine Activation?

You must have a Datacenter Edition of Windows Server 2012 R2 or Windows 2016 installed as the management operating system with the Hyper-V role enabled. AVMA is a feature of the operating system, not Hyper-V itself.

How to Configure a Virtual Machine for AVMA?

When prompted for a license key, you simply give it the key that matches the operating system of the virtual machine.

Guest Operating System’s and Keys

Windows Server 2012 R2 Essentials
K2XGM-NMBT3-2R6Q8-WF2FK-P36R2

Windows Server 2012 R2 Standard
DBGBW-NPF86-BJVTX-K3WKJ-MTB6V

Windows Server 2012 R2 Datacenter
Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW

Windows Server 2016 Essentials
B4YNW-62DX9-W8V6M-82649-MHBKQ

Windows Server 2016 Standard
C3RCX-M6NRP-6CXC9-TW2F2-4RHYD

Windows Server 2016 Datacenter
TMJ3Y-NTRTM-FJYXT-T22BY-CWG3J

These keys will be accepted by any operating system but if AVMA is not detected they will move into an unlicensed mode.

Ref: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn303421(v=ws.11)

 

Windows Server 2016 Core: Active Directory Domain Services

To lower my memory footprint in my home lab I decided to move from into Windows Server 2016 Core.  That said running Active Directory Domain Service seems to be the perfect candidate to start with my new architectured lab environment.

There are several prerequisites required for enabling ADDS, but I am not going to get into those here as if your reading this, there is a good chance you already know what those are.

We will be installing what is commonly referred to as a new forest/domain.

Step 1: Validate your hostname, IP address, and DNS settings

  1. Log into the console of your Windows Server 2016 Core System
    You need to log in as an administrator and should arrive at a command prompt
  2. Enter the command Sconfig and press enter
    The Server Configuration tool interface should be displayed
  3. Use the setting options to validate your host’s configuration

 

Step 2:  Installing Domain Services 

  1. From the Windows Server 2016 Core command prompt type: powershell then press enter.
    This will change your shell mode to PowerShell allowing you to use additional commands.
  2. Type Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
    This will install the ADDS roles on the Windows Server 2016 Core System
  3. When completed type: Install-ADDSForest -DomainName yourdomain.tld
    Here is where you choose the name of your domain to be installed.
  4. You will be required to provide a recovery password, please enter one and take note of it
  5. Next, you will be asked to confirm the pending changes and allow the server host to be restarted
    Click yes to continue
  6. Your server will be restarted and return as a Domain Controller

 

Step 3: Validate DC Services

  1. From the Windows Server 2016 Core command prompt type: powershell then press enter.
    This will change your shell mode to PowerShell allowing you to use additional commands.
  2. Issue the following command line: Get-Service adws,kdc,netlogon,dns
    This will return details on the installed services 
  3. Issue the command Get-SmbShare
    This returns details about available shares, specifically the systvol and netlogon shares
  4. Use the get-eventlog command to review logs
    Example: get-eventlog “Directory Service” | select entrytype, source, eventid, message