X-Recipient: archive-cygwin AT delorie DOT com X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 3E1D0385DC1F Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=free.fr Authentication-Results: sourceware.org; spf=none smtp.mailfrom=akiki AT free DOT fr Date: Mon, 11 May 2020 18:25:01 +0200 (CEST) From: akiki AT free DOT fr To: cygwin Message-ID: <331531811.-1550186875.1589214301322.JavaMail.root@zimbra76-e14.priv.proxad.net> In-Reply-To: <1325932087.-1622514822.1587585031094.JavaMail.root@zimbra76-e14.priv.proxad.net> Subject: Very dangerous hacking ? Surprising relationship between cygwin and Microsoft MIME-Version: 1.0 X-Originating-IP: [185.230.125.94] X-Mailer: Zimbra 7.2.0-GA2598 (ZimbraWebClient - GC81 (Win)/7.2.0-GA2598) X-Authenticated-User: akiki AT free DOT fr X-Spam-Status: No, score=0.5 required=5.0 tests=BAYES_50, FREEMAIL_FROM, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces AT cygwin DOT com Sender: "Cygwin" Hi, On doing an habitual "cygcheck -rs", I was interrogated and ALARMED to see some register keys speaking cygwin : HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\ microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cygwin.com (default) = 0x00000000 NumberOfSubdomains = 0x00000001 HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\ microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cygwin.com (default) = 0x00000000 NumberOfSubdomains = 0x00000000 Examining the registry under cygwin: cd /proc/registry/HKEY_CURRENT_USER/... ; Positioned on Internet Explorer\, I found 4 sub-keys : DOMStorage DomStorageState EdpDomStorage Main These keys are very populated : "ls -lR|wc -l" give me 1285 lines, and I can read many traces of my use of internet about bank vpn ... For DOMStorage an EdpDomStorage a list of URL is indicated with dates between July 2019 and Apr 2020 The values attached to cygwin.com URL as for others are 4 bytes values - no clear meaning. To conclude, Microsoft spy and register all sites you access, cygwin.com in particular. I hope only with Edge, but I am not sure of that. I have never see in cygcheck, such reference to cygwin with chrome, firefox , opera ... May be something is done to mask them. Sorry for my bad English. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple