-
-
Notifications
You must be signed in to change notification settings - Fork 174
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Delete default0 ghost telemetry user #30
Comments
Also, why do you think that it's for telemetry? Wasn't able to find anything with a quick search |
Hi @MPeti1 , thanks for starting the discussion and your attention to the script that I was really not sure of. It's a controversial user discussed often in context of a backdoor in Windows 10. It's is created by an update and there has never been any official information of its purpose/reason of creation from Microsoft. It gives access to your computer without your control / access so I decided to add it to privacy.sexy. It's however safe to delete 1, 2. As it's safe to delete and only, and it's so controversial I decided to add it to the list. It was added after a suggestion from a fellow computer forensics contributor:
More information:
|
Thank you! It now makes sense I think. I've read a bit, and it seems to be an error that hasn't been fixed for a long time. Microsoft seems to know about the problem, they promised a fix at least 2 times, but on both occasions the communication has been dropped, it seems. Note: the second link may require log in to your MS account (???), but if you use a temporary container in Firefox (there's a plugin to simplify it), then it will work normally. It could also work with just creating a temporary profile in about:profiles too Well, I think it's best to leave this script available. It's so big of a mistery, that I would say your concern is grounded |
At the same time, what do you think about defaultuser1? I only have this. Do you have information about that one? |
I actually have no idea. But asked the question to the forensic ghost friend. Forwarding is response:
His suggestion is to do a clean install from same ISO to same machine & then cross check if that defaultuser1 account still created. He's pretty sure it won't be found. He also recommends to not use many tools but just use a trusted one like privacy.sexy, this way one can work privacy friendly without any doubt that his or her logs of activities are been sent anywhere without his consent. |
There the script in the "Privacy cleanup" folder named "Delete default0 ghost telemetry user". I've taken a look at what it does, and for some reason I wanted to list the users on my system so I ran
net user
. What I see is that there's nodefaultuser0
, but there is adefaultuser1
.Could the 2 be related, or is
defaultuser1
something different?The text was updated successfully, but these errors were encountered: