Microsoft Windows 10 has a keylogger enabled by default
Many Windows 10 users are unknowingly sending the contents of every keystroke they make to Microsoft due to an enabled-by-default keylogger. This function has been around since the beginning of Windows 10, and is a prime example of why you should never go through the default install process on any Operating System. Windows 10 privacy has been a hot button issue since its release years ago. The French government even issued a warning to Microsoft last year, telling them to:
Stop collecting excessive data and tracking browsing by users without their consent.
It seems Microsoft only paid attention to the latter half of that warning. While many Windows 10 users may have technically given their consent, most – when informed that this has happened – will want to disable the Windows 10 keylogger ASAP.
How to disable Microsoft keylogger in Windows 10
According to Microsoft FAQ, to disallow Microsoft, and who knows what other entities, from using “your typing and handwriting info to improve typing and writing services”:
1. Go to Start, then select Settings > Privacy > General.
2. Turn off Send Microsoft info about how I write to help us improve typing and writing in the future.
If this was ever on while you used Windows 10, there’s no way for you to know that Microsoft has deleted your information. They promise to disassociate their copy of your keystroke history from your identity, but the info is still out there in their hands and, again, pointedly was not initially anonymized.
More detailed instructions are available here.
Microsoft Windows 10 and Windows 7 still vulnerable to Event Tracing (Windows) ETW keyloggers
Last year, at Ruxcon, the CyberPoint Security Research Team unveiled a Proof of Concept that demonstrated using ETW to keylog USB keyboards. The “good” news is that this technique wouldn’t work on most Windows laptops as their keyboards are usually connected via PS2 instead of USB. However, there is no way to turn off ETW because it is crucial to Windows functionality and this is still an active way that a malicious actor could log your keystrokes.
Keyloggers are a very real privacy and security threat. If you must use Windows 10, make sure to disable the default enabled Microsoft keylogger, but be aware that Microsoft has other holes that make keystroke logging possible still.