AVG Antivirus is an antivirus application that uses tracking of user interactions. It uses Avast services for this tracking as well as its own.

AVG Antivirus has an installer that points at an End User License Agreement. Before the user is able to read this, it has already started tracking the user. The End User License Agreement does not even allow copy and paste to save selected information for a later point, but is available online as well. Usage behaviour tracking is described as “information about your […] use of Solutions”.

7.1. The term “Data,” as used in this Agreement and the Privacy Policy, means: (a) the information you provide to Vendor, another member of the Vendor Group, or a Vendor Partner in the course of ordering Solutions, including your name, billing address (including postal code), email address, phone number, payment card or account number, payment card or account verification code, payment card commencement date and expiration date, the account password you select for your account with Vendor or another member of the Vendor Group, and other Billing Data as defined in Vendor’s Privacy Policy (the “Privacy Policy”, which you can find here) (collectively, “Transaction Data”); (b) information Vendor, another member of the Vendor Group or a Vendor Partner collects in the course of processing and fulfilling your orders for Solutions, including information about the make, model, operating system and other identifying details of your Device, the name of your Internet service provider, your Internet Protocol (IP) address; and (c) information about your installation and use of Solutions ((b) and (c) collectively being referred to as “Service Data” in the Privacy Policy).

Is it spyware?

We use the ASCs definition of Tracking Software and Spyware:

Tracking software

Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program.”

Spyware

In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.”

Since the term adequate is not well defined in the ASCs context, we use both the European GDPR and compare Information, Consent and Control to what is standard for Windows itself.

Information

Very insufficient: hidden deep within a page long EULA, user tracking is mentioned.

Consent

Bad: tracking starts before the user is informed.

Control

Good: after installation, the settings allow to disable selected telemetry. It is possible to disable telemetry for marketing without disabling.

AVG Antivirus is an antivirus application that uses tracking of user interactions.

AVG Antivirus has an installer that points at an End User License Agreement. Before the user is able to read this, it has already started tracking the user. The End User License Agreement does not even allow copy and paste to save selected information for a later point, but is available online as well. Usage behaviour tracking is described as “information about your […] use of Solutions”.

7.1. The term “Data,” as used in this Agreement and the Privacy Policy, means: (a) the information you provide to Vendor, another member of the Vendor Group, or a Vendor Partner in the course of ordering Solutions, including your name, billing address (including postal code), email address, phone number, payment card or account number, payment card or account verification code, payment card commencement date and expiration date, the account password you select for your account with Vendor or another member of the Vendor Group, and other Billing Data as defined in Vendor’s Privacy Policy (the “Privacy Policy”, which you can find here) (collectively, “Transaction Data”); (b) information Vendor, another member of the Vendor Group or a Vendor Partner collects in the course of processing and fulfilling your orders for Solutions, including information about the make, model, operating system and other identifying details of your Device, the name of your Internet service provider, your Internet Protocol (IP) address; and (c) information about your installation and use of Solutions ((b) and (c) collectively being referred to as “Service Data” in the Privacy Policy).

Is it spyware?

We use the ASCs definition of Tracking Software and Spyware:

Tracking software

Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program.”

Spyware

In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.”

Since the term adequate is not well defined in the ASCs context, we use both the European GDPR and compare Information, Consent and Control to what is standard for Windows itself.

Information

Very insufficient: hidden deep within a page long EULA, user tracking is mentioned.

Consent

Bad: tracking starts before the user is informed.

Control

Good: after installation, the settings allow to disable selected telemetry. It is possible to disable telemetry for marketing without disabling.

COMODO Internet Security installs a scheduled task for telemetry. Users are not aware of this kind of tracking (Source).

AdAware Free is a antivirus/antimalware application that uses tracking of user interactions.

Transparency of this tracking is lacking. The installer submits every page change of its user interface to a Lavasoft server, including installation and machine identification numbers and further system information. Their privacy policy does not mention this transmission of data.

Referencing other AdAware software, the Privacy Policy admits to collect data during installation, but tries to describe the IP address as not tracing back to a user. Contrary to that, in the European Union, IP addresses are recognized as Personally Identifiable Information.

Is it spyware?

We use the ASCs definition of Tracking Software and Spyware:

Tracking software

Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program.”

Spyware

In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.”

Since the term adequate is not well defined in the ASCs context, we use both the European GDPR and compare Information, Consent and Control to what is standard for Windows itself.

Information

Bad: No information found during installation, nor in privacy policy.

Consent

Bad: without information, user consent cannot be expected.

Control

Bad: except for blocking the telemetry host, there is no way to control.

Malwarebytes is a antivirus/antimalware application that uses tracking of user interactions.

Transparency of this tracking is mediocre. There is no explicit information during installation, but the user is able to opt-out in Malwarebytes’ Settings. The help describes the collected data insufficiently:

“If you check this box, you will be sending us information that helps us do our jobs. We like to know what countries Malwarebytes is being used in, and the breakdown of subscriptions, Premium Trial versions, and Free versions. Our Research organization likes to keep track of what malware we are detecting and how often. We can learn that from what you send us, and that allows us to serve you more effectively. For a full list of information that is collected, please see our Privacy Policy. We hope that’s fine with you as well.”

Contrary to this general information, many clicks within the software are transmitted, including installation and machine identification numbers.

Their Privacy Policy is at least pointing out behaviour tracking, though the full list is missing:

“You may opt out of usage and threat statistics collection in certain Malwarebytes products within the settings. Threat statistics collection includes detection samples and their corresponding statistics. Usage statistics includes behavior usage tracking.”

This immunizer was for Malwarebytes for Windows. Malwarebytes for MacOS shares this information with third party Crashlytics.

Is it spyware?

We use the ASCs definition of Tracking Software and Spyware:

Tracking software

Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program.”

Spyware

In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.”

Since the term adequate is not well defined in the ASCs context, we use both the European GDPR and compare Information, Consent and Control to what is standard for Windows itself.

Information

No sufficient information during installation. Can later be found in settings if looking for it. Privacy policy only has limited information on tracked data.

Consent

No consent requested during installation.

Control

No control during installation. Can be disabled in settings, but is tied to good threat analysis telemetry. Setting partially gets ignored in MacOS version.

McAfee Total Protection is an antivirus application that uses tracking of user interactions.

The McAfee installer references a privacy policy while user behaviour tracking has already started to submit installer usage. It at least points at user behaviour tracking:

"We automatically collect information about your interactions with the Services as well as devices on which the Services are installed. In some cases, we automatically collect information about other devices connected to the same network as the device on which the Services are installed."

While the McAfee user interface boasts with headlines like My Privacy, there is no setting related to telemetry at all.

Is it spyware?

We use the ASCs definition of Tracking Software and Spyware:

Tracking software

Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program.”

Spyware

In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.”

Since the term adequate is not well defined in the ASCs context, we use both the European GDPR and compare Information, Consent and Control to what is standard for Windows itself.

Information

Partial: The Privacy Policy includes a bold sentence mentioning user behaviour tracking.

Consent

Bad: the installer starts tracking even before the user reads the Privacy Policy.

Control

Bad: no control over telemetry at all.

McAfee Total Protection is an antivirus application that uses tracking of user interactions.

The McAfee installer references a privacy policy while user behaviour tracking has already started to submit installer usage. It at least points at user behaviour tracking:

"We automatically collect information about your interactions with the Services as well as devices on which the Services are installed. In some cases, we automatically collect information about other devices connected to the same network as the device on which the Services are installed."

While the McAfee user interface boasts with headlines like My Privacy, there is no setting related to telemetry at all.

Is it spyware?

We use the ASCs definition of Tracking Software and Spyware:

Tracking software

Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program.”

Spyware

In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.”

Since the term adequate is not well defined in the ASCs context, we use both the European GDPR and compare Information, Consent and Control to what is standard for Windows itself.

Information

Partial: The Privacy Policy includes a bold sentence mentioning user behaviour tracking.

Consent

Bad: the installer starts tracking even before the user reads the Privacy Policy.

Control

Bad: no control over telemetry at all.

Trend Micro Maximum Security is an antivirus application that uses tracking of user interactions.

Trend Micro is open about the data it collects. Its installer has a page dedicated to data handling, which refers to the target=”_blank”>Trend Micro Maximum Security Data Collection Notice. This notice is very detailed. It reveals that Google Analytics is used by the product and cannot be disabled:

"It is necessary to collect this data to provide the security functions on this product."

It also reveals that user behaviour tracking (“User interaction with product UI”) can be disabled by disabling “Share computer performance information with Trend Micro”.

Since Trend Micro is open about user behaviour tracking and allows to disable it, it does not fall into the Spyware category. Due to it still including tracking, this immunizer was added.

Is it spyware?

We use the ASCs definition of Tracking Software and Spyware:

Tracking software

"Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program."

Spyware

"In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user."

Since the term adequate is not well defined in the ASCs context, we use both the European GDPR and compare Information, Consent and Control to what is standard for Windows itself.

Information

Good: there is a dedicated page in the installer mentioning collected data, including user behaviour tracking.

Consent

Good: well described in Data Collection Notice.

Control

Good: well described in Data Collection Notice.

Trend Micro Maximum Security is an antivirus application that uses tracking of user interactions.

Trend Micro is open about the data it collects. Its installer has a page dedicated to data handling, which refers to the target=”_blank”>Trend Micro Maximum Security Data Collection Notice. This notice is very detailed. It reveals that Google Analytics is used by the product and cannot be disabled:

"It is necessary to collect this data to provide the security functions on this product."

It also reveals that user behaviour tracking (“User interaction with product UI”) can be disabled by disabling “Share computer performance information with Trend Micro”.

Since Trend Micro is open about user behaviour tracking and allows to disable it, it does not fall into the Spyware category. Due to it still including tracking, this immunizer was added.

Is it spyware?

We use the ASCs definition of Tracking Software and Spyware:

Tracking software

"Software that monitors user behavior, or gathers information about the user, sometimes including personally identifiable or other sensitive information, through an executable program."

Spyware

"In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user."

Since the term adequate is not well defined in the ASCs context, we use both the European GDPR and compare Information, Consent and Control to what is standard for Windows itself.

Information

Good: there is a dedicated page in the installer mentioning collected data, including user behaviour tracking.

Consent

Good: well described in Data Collection Notice.

Control

Good: well described in Data Collection Notice.

Users of Visual Studio might find unexpected Internet connections from the IDE, performed by Azure Application Insights. Microsoft describes it as:

Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.

The amount of monitoring is described as:

Application Insights is aimed at the development team, to help you understand how your app is performing and how it’s being used. It monitors:

* Request rates, response times, and failure rates – Find out which pages are most popular, at what times of day, and where your users are. See which pages perform best. If your response times and failure rates go high when there are more requests, then perhaps you have a resourcing problem.
Dependency rates, response times, and failure rates – Find out whether external services are slowing you down.
* Exceptions – Analyze the aggregated statistics, or pick specific instances and drill into the stack trace and related requests. Both server and browser exceptions are reported.
Page views and load performance – reported by your users’ browsers.
* AJAX calls from web pages – rates, response times, and failure rates.
* User and session counts.
* Performance counters from your Windows or Linux server machines, such as CPU, memory, and network usage.
* Host diagnostics from Docker or Azure.
* Diagnostic trace logs from your app – so that you can correlate trace events with requests.
Custom events and metrics that you write yourself in the client or server code, to track business events such as items sold or games won.

Users of Visual Studio might find unexpected Internet connections from the IDE, performed by Azure Application Insights. Microsoft describes it as:

Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.

The amount of monitoring is described as:

Application Insights is aimed at the development team, to help you understand how your app is performing and how it’s being used. It monitors:

* Request rates, response times, and failure rates – Find out which pages are most popular, at what times of day, and where your users are. See which pages perform best. If your response times and failure rates go high when there are more requests, then perhaps you have a resourcing problem.
Dependency rates, response times, and failure rates – Find out whether external services are slowing you down.
* Exceptions – Analyze the aggregated statistics, or pick specific instances and drill into the stack trace and related requests. Both server and browser exceptions are reported.
Page views and load performance – reported by your users’ browsers.
* AJAX calls from web pages – rates, response times, and failure rates.
* User and session counts.
* Performance counters from your Windows or Linux server machines, such as CPU, memory, and network usage.
* Host diagnostics from Docker or Azure.
* Diagnostic trace logs from your app – so that you can correlate trace events with requests.
Custom events and metrics that you write yourself in the client or server code, to track business events such as items sold or games won.

Users of Visual Studio might find unexpected Internet connections from the IDE, performed by Azure Application Insights. Microsoft describes it as:

Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.

The amount of monitoring is described as:

Application Insights is aimed at the development team, to help you understand how your app is performing and how it’s being used. It monitors:

* Request rates, response times, and failure rates – Find out which pages are most popular, at what times of day, and where your users are. See which pages perform best. If your response times and failure rates go high when there are more requests, then perhaps you have a resourcing problem.
Dependency rates, response times, and failure rates – Find out whether external services are slowing you down.
* Exceptions – Analyze the aggregated statistics, or pick specific instances and drill into the stack trace and related requests. Both server and browser exceptions are reported.
Page views and load performance – reported by your users’ browsers.
* AJAX calls from web pages – rates, response times, and failure rates.
* User and session counts.
* Performance counters from your Windows or Linux server machines, such as CPU, memory, and network usage.
* Host diagnostics from Docker or Azure.
* Diagnostic trace logs from your app – so that you can correlate trace events with requests.
Custom events and metrics that you write yourself in the client or server code, to track business events such as items sold or games won.

Users of Visual Studio might find unexpected Internet connections from the IDE, performed by Azure Application Insights. Microsoft describes it as:

Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.

The amount of monitoring is described as:

Application Insights is aimed at the development team, to help you understand how your app is performing and how it’s being used. It monitors:

* Request rates, response times, and failure rates – Find out which pages are most popular, at what times of day, and where your users are. See which pages perform best. If your response times and failure rates go high when there are more requests, then perhaps you have a resourcing problem.
Dependency rates, response times, and failure rates – Find out whether external services are slowing you down.
* Exceptions – Analyze the aggregated statistics, or pick specific instances and drill into the stack trace and related requests. Both server and browser exceptions are reported.
Page views and load performance – reported by your users’ browsers.
* AJAX calls from web pages – rates, response times, and failure rates.
* User and session counts.
* Performance counters from your Windows or Linux server machines, such as CPU, memory, and network usage.
* Host diagnostics from Docker or Azure.
* Diagnostic trace logs from your app – so that you can correlate trace events with requests.
Custom events and metrics that you write yourself in the client or server code, to track business events such as items sold or games won.

Users of Visual Studio might find unexpected Internet connections from the IDE, performed by Azure Application Insights. Microsoft describes it as:

Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.

The amount of monitoring is described as:

Application Insights is aimed at the development team, to help you understand how your app is performing and how it’s being used. It monitors:

* Request rates, response times, and failure rates – Find out which pages are most popular, at what times of day, and where your users are. See which pages perform best. If your response times and failure rates go high when there are more requests, then perhaps you have a resourcing problem.
Dependency rates, response times, and failure rates – Find out whether external services are slowing you down.
* Exceptions – Analyze the aggregated statistics, or pick specific instances and drill into the stack trace and related requests. Both server and browser exceptions are reported.
Page views and load performance – reported by your users’ browsers.
* AJAX calls from web pages – rates, response times, and failure rates.
* User and session counts.
* Performance counters from your Windows or Linux server machines, such as CPU, memory, and network usage.
* Host diagnostics from Docker or Azure.
* Diagnostic trace logs from your app – so that you can correlate trace events with requests.
Custom events and metrics that you write yourself in the client or server code, to track business events such as items sold or games won.

CCleaner is a popular cleaning tool that has recently added telemetry. Piriform explains the telemetry as:

As the world’s favorite device cleaning and optimization company, we want to keep your devices working better, for longer, and help protect your privacy online.

In order to do this, we are required to collect some data so we can offer you the best PC cleaning, optimization and privacy tools available. Our Privacy Policy documentation, and in particular our Products Policy, covers the data we collect and what it’s used for and how it is stored.

The step to add telemetry, the way users were (not?) informed and the availability of options to disable it caused CCleaner to appear on this list.

As a CCleaner Pro user, you can disable this in its Options > Privacy.

VMWare has a tracking system called VMWare CEIP in recent versions of the virtualization solution VMWare Workstation. They describe it as:

[…] VMware collects technical information about our customer’s use of such products for the purposes set forth below, such as to improve VMware products and services, and advise our customers on how best to deploy and use our products and services. The data collected through this Customer Experience Improvement Program (“CEIP”) is separate from the configuration, performance, usage, and consumption data that we collect and use to facilitate delivery of our products and services (such as tracking entitlements, providing infrastructure related support, monitoring the performance, integrity and stability of the infrastructure, and preventing or addressing service or technical issues) (“Operational Data”).

And details on what gets collected is available as well:

Types of Data Collected under the Customer Experience Improvement Program

For customers participating in the Customer Experience Improvement Program, VMware regularly collects technical information about your organization’s use of our products in association with your organization’s VMware license key(s). Depending on the nature of the product, and whether the product offers Standard and/or Enhanced participation levels, the technical information collected consists of all or any of the following data:
Configuration Data

Technical data about how a customer’s organization has configured VMware products and related environment information. Examples include version information, configuration settings and technical data relating to the devices accessing those products or third party applications or systems used in connection with the VMware product.
Feature Usage Data

Data about how a customer organization uses the VMware product. Examples include details about which features the customer organization uses and metrics of user interface activity.
Performance Data

Data about the performance of VMware products. Examples include metrics of the performance and scale of VMware products, response times for user interfaces, and details about customer API calls.
Product Logs

These are logs that are generated during the active deployment of VMware products. Typically, product logs record systems events and state during product operations in a semi-structured or unstructured form. This data is only collected under the Enhanced participation level.

Such information is collected in association with customer identifying information (e.g. customer assigned license key(s), customer IDs, and entitlement account numbers relating to the customer) via a variety of automated means. Limited personal data may be collected, depending on the product and level of participation (Standard or Enhanced). Typically, this personal data only identifies the Customer IT administrator who operates the product for the customer. Customers should not enter personal data or sensitive personal data (or any other information that may allow an individual to be identified) when naming systems such as their hosts, VMs, or dashboards. To the extent we collect personal data, we will process it in accordance with our Privacy and Service Notices.

Google Chrome can send anonymous (and non-anonymous) usage statistics and crashed-related data to Google.

Quoting Google, they include:

These reports usually won’t include any personal information about you, but they might include:

• Your Chrome settings
• Where you click
• How much memory is used by Chrome
• Web pages you visit that contain phishing or malware
• Web pages you visit where you’ve entered text using speech
• Your device’s operating system, manufacturer, and model.
• If Chrome crashes while you’re using it, some personal information might be included. This will depend on what was happening at the time of the crash.

This immunizer sets global group policies to block these.

If you just rarely use Edge and don’t want it to be your default, apply this immunizer to prevent it from trying to become your default browser.

This immunizer forces the Microsoft Edge browser to communicate your wish to not be tracked to all visited websites.

The Follow Creators function in Microsofts Edge browser submits all URLs to a Bing server, see this article on TheVerge:

“Microsoft Edge now has a creator follow feature that is enabled by default,” says Rivera in a conversation with The Verge. “It appears the intent was to notify Bing when you’re on certain pages, such as YouTube, The Verge, and Reddit. But it doesn’t appear to be working correctly, instead sending nearly every domain you visit to Bing.”

Preloading makes Microsoft Edge load the Start and New Tab pages automatically each time you sign into Windows. This speeds up loading the browser, but also means a contact that might be unnecessary if you will not use Edge. We recommend to use this immunization unless you’re a heavy Edge user.

Do you want to share your browsing history with Microsoft?

Microsoft has a long policy describing what data it collects and stores:

Microsoft Edge saves your browsing history, which is made up of info about the websites you visit, on your device. If the Diagnostics data setting is set to Full, this browsing history is sent to Microsoft, which helps us find and fix problems and improve our products and services for all users. If you choose to turn on Tailored experiences, we will use this browsing history to personalize your experiences with Windows and other products and services. Separately, if you choose to enable browsing history within the Cortana Notebook Permissions, your browsing history is also sent to Microsoft so Cortana can help personalize your experience.

eBook reading telemetry is also covered by Edge:

By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data.

Even by default, basic diagnostic data would be transmitted.

We recommend to disable this telemetry.

Firefox will update it’s cached information on extensions you’ve installed once per day. By applying this immunization, you can prevent this background action.

Firefox opens certain connections to try to detect if you are on a public WiFi that needs login, or if your connection supports IPv6.

From their documentation:

Firefox’s captive portal feature tests whether your network connection requires logging in, for example, on a public wi-fi hotspot, by regularly connecting to http://detectportal.firefox.com/success.txt. Firefox will also make connections to this URL to check if your current network supports IPv6.

You can disable this.

Firefox recommends addons and features on new tabs. Use this immunizer to disable these.

This Firefox setting allows Mozilla to disable extensions remotely.

This is a good feature that allows to disable harmful extensions, but also regularly contacts the server containing the blocklist.

We recommend to disable if you want to shut down communications to the max.

Starting with Firefox 80, Firefox pings the server location.services.mozilla.com on each start to determine the users country based on his or her IP address. According to Mozillas documentation, this is used to display relevant content and pick a search engine fitting the users country. Users who do not want Firefox to store and use their country can disable it through this immunizer.

Firefox supports Microsofts Family Safety, which works by analyzing URLs using a Man-in-the-Middle approach. As a privacy recommendation, we suggest to disable this feature.

Firefox’ Phishing Protection, based on Googles Safe Browsing, checks URLs against a list of known bad URLs. For this feature, a list of bad URLs is regularly downloaded from Googles servers.

Speculative Loading tries to speed up your Internet Browsing by guessing you might click on a link you’re hovering, and loading them in the background before you click. By applying this immunizer, this is deactivated.

Trackign done on new tabs in Firefox. Described by Mozilla as:

When you view or click on a sponsored shortcut, Firefox sends anonymized technical data to our partner through a Mozilla-owned proxy service. The code for this proxy service is available on GitHub for interested technical audiences. This data does not include any personally identifying information and is only shared when you click on a sponsored shortcut.

Mozilla Firefox can send a wide range of information to Mozilla in case of crashes and on a daily basis. To quote the official public wiki of the Mozilla project:

It’s helpful for Mozilla’s engineers and decision-makers to be able to measure how Firefox behaves in the real world. The Telemetry feature provides this capability by sending performance and usage info to Mozilla. As you use Firefox, Telemetry measures and collects non-personal information, such as performance, hardware, usage and customizations. It then sends this information to Mozilla on a daily basis and we use it to improve Firefox.

You can view the data Firefox would transmit by visiting about:telemetry within Firefox.

This immunizer ensures that this transmission is disabled.

This will help to stop the telemetry in Mozilla Firefox by creating or updating the global Firefox configuration to not use telemetry.

Mozilla publishes telemetry information it collects on its Telemetry portal, where the interested user can read about the information Mozilla collects during everyday use of the Firefox browser.

Mozilla Firefox can send a wide range of information to Mozilla in case of crashes and on a daily basis. To quote the official public wiki of the Mozilla project:

It’s helpful for Mozilla’s engineers and decision-makers to be able to measure how Firefox behaves in the real world. The Telemetry feature provides this capability by sending performance and usage info to Mozilla. As you use Firefox, Telemetry measures and collects non-personal information, such as performance, hardware, usage and customizations. It then sends this information to Mozilla on a daily basis and we use it to improve Firefox.

You can view the data Firefox would transmit by visiting about:telemetry within Firefox.

This immunizer ensures that this transmission is disabled.

Firefox creates thumbnails of the pages shown on new tabs. Some users do not want the content of previously visited pages shown on every new tab. You can use this immunizer to remove this behaviour.

If Firefox gets updated, it will load a website that can display change notes. This could be used to track if you are up to date and whether you are always using an up to date browser.

By using this immunizer, you set up Firefox to always just load your defined homepage.

WebGL in Firefox is a security risk (see ArchWiki, see StackExchange). We recommend to disable it.

If you do not want to disable WebGL completely, this immunizer allows to reduce the risk coming from it.

Opera SiteCheck is a security feature of Opera browsers submitting the domain name of every visited website to Opera to check if it may contain fraud. This even happens in private browsing mode. Google Safe Browsing is actually much better in terms of privacy by verifying domains locally.

The Vivaldi browser allows to set the Do Not Track flag that can be transmitted to all visited websites.

We recommend this setting for all users.

Blizzard Games like World of Warcraft have a dedicated telemetry server they contact. The file at Battle.net/Telemetry/Policies (location depends on OS, on Windows it’s in %ProgramData%, on macOS it’s in /Users/Shared/) gives a hint at the types of telemetry events that might be tracked, listing the following categories:

• network
• process
• traffic
• log
• connect
• logon
• disconnect
• processStart
• processFinish
• probe
• http
• journal
• pingdom
• survey
• agent
• atlas
• ngdp
• tact
• pro
• d3

This telemetry service was seen in what seems like offline games (for example Civilization V or VI) to track usage.

Quoting the GameAnalytics documentation:

GameAnalytics is a leading analytics and data management platform designed to help game developers monitor and optimize the performance of their games. We provide a powerful set of tools, including real-time monitoring, custom dashboards, flexible event types, IAP and ad revenue tracking, A/B testing, and a suite of data processing tools – giving you complete control of your data and helping you turn it into insights.

Good Old Games, a store for DRM free games, offers a dedicated client to manage a customers collection of games. Their product page even advertises:

Your Privacy

Designed to protect your privacy.
No spying

We’re not spying on data from your computer.
No data sharing

We’ll never share your personal data with third parties.
Your data belongs to you

With a single click, you can remove your imported data from our servers.

At the same time, there are plenty of connections to insights-collector.gog.com, without information on what is done with this data. The option to remove this data with a single click was not found at the time of adding this immunizer.

Razers Game Scanner service might be slowing down computers and could be tracking.

This immunizer is about a few telemetry calls made by browser games made with Unity we received reports about. Tested games continue to work without issues with telemetry disabled.

The Nvidia GeForce Experience includes a telemetry package (source) that’s reporting back some data well described in their GeForce Experience Privacy Policy:

To make this happen, we need to know your PC’s hardware, software for gaming and content creation (including settings, usage, and how well they run), GeForce Experience feature usage, and geographical region.

If you opt-in to recommendations, we will show you games, apps, and rewards that you might enjoy. If you opt-in to sharing technical data, you’ll send us error logs to help us find and fix bugs. You can configure collection and usage of your data by visiting Privacy Settings.

This has been added because it’s clearly Tracking Software.

The Nvidia GeForce Experience includes a telemetry package (source) that’s reporting back some data well described in their GeForce Experience Privacy Policy:

To make this happen, we need to know your PC’s hardware, software for gaming and content creation (including settings, usage, and how well they run), GeForce Experience feature usage, and geographical region.

If you opt-in to recommendations, we will show you games, apps, and rewards that you might enjoy. If you opt-in to sharing technical data, you’ll send us error logs to help us find and fix bugs. You can configure collection and usage of your data by visiting Privacy Settings.

This has been added because it’s clearly Tracking Software.

The Nvidia GeForce Experience includes a telemetry package (source) that’s reporting back some data well described in their GeForce Experience Privacy Policy:

To make this happen, we need to know your PC’s hardware, software for gaming and content creation (including settings, usage, and how well they run), GeForce Experience feature usage, and geographical region.

If you opt-in to recommendations, we will show you games, apps, and rewards that you might enjoy. If you opt-in to sharing technical data, you’ll send us error logs to help us find and fix bugs. You can configure collection and usage of your data by visiting Privacy Settings.

This has been added because it’s clearly Tracking Software.

Wacom tablet drivers includes code that uses Google Analytics to track your computer usage. After public exposure, they now include a description on their website:

If a user agrees to participate, from time to time, the data is collected through Google Analytics and sent to Google Analytics’ server, not Wacom’s server. Wacom does not collect MAC addresses and product serial numbers. Although Google Analytics (Apps version) collects IP addresses, we are unable to access to such IP address data.

More details about what is collected follows.

The Wacom software driver will collect a sample of information such as the pen tablet models, how customers use our hardware and the names of the software applications being used when a Wacom device is in use, and the Wacom Desktop Center and Wacom Tablet Properties control panel (Windows) or Wacom Tablet preferences pane (macOS) will collect basic app usage data.

The Experience Program now seems to be optional and the user informed before it is in use.

LibreOffice has it’s telemetry disabled by default currently, but is able to submit telemetry data to The Document Foundation when set up to do so.

Use this immunizer to change its state from here instead of inside LibreOffice.

Microsoft Office 2013 (also called Office 15) includes telemetry options that collect a range of personal information, including:

• The file names of Office files that are in the Most Recently Used list.
• The names of add-ins and solutions that interact with Office.
• System information such as user name and computer name.
• […]

You can use this immunizer to let Office know it should not collect or transmit telemetry data.

Microsoft Office 2013 (also called Office 15) includes telemetry options that collect a range of personal information, including:

• The file names of Office files that are in the Most Recently Used list.
• The names of add-ins and solutions that interact with Office.
• System information such as user name and computer name.
• […]

You can use this immunizer to disable the scheduled tasks that are involved in this telemetry.

Microsoft Office 2016 (also called Office 16) includes telemetry options that collect a range of personal information, including:

• The file names of Office files that are in the Most Recently Used list.
• The names of add-ins and solutions that interact with Office.
• System information such as user name and computer name.
• […]

You can use this immunizer to let Office know it should not collect or transmit telemetry data.

Microsoft Office 2016 (also called Office 16) includes telemetry options that collect a range of personal information, including:

• The file names of Office files that are in the Most Recently Used list.
• The names of add-ins and solutions that interact with Office.
• System information such as user name and computer name.
• […]

You can use this immunizer to disable the scheduled tasks that are involved in this telemetry.

Microsoft Office 2019 (also called Office 17) includes telemetry options that collect a range of personal information, including:

• The file names of Office files that are in the Most Recently Used list.
• The names of add-ins and solutions that interact with Office.
• System information such as user name and computer name.
• […]

You can use this immunizer to let Office know it should not collect or transmit telemetry data.

Microsoft Office includes telemetry options that collect a range of personal information, including:

• The file names of Office files that are in the Most Recently Used list.
• The names of add-ins and solutions that interact with Office.
• System information such as user name and computer name.
• […]

You can use this immunizer to let Office know it should not collect or transmit telemetry data.

This immunizer blocks a range of telemetry services from Apple products. While Apple telemetry can usually be disabled, some people feel better with this additional layer of stopping it.

Now called Windows Defender Antivirus cloud protection, it includes key telemetry events.

Microsoft describes it as:

The Microsoft Active Protection Service is the cloud service that enables:

• Clients to report key telemetry events and suspicious malware queries to the cloud
• Cloud to provide real-time blocking responses back to the client

This immunizer blocks part of Windows’ built in telemetry services by blocking IPs (Internet addresses) associated with the telemetry using the Windows Firewall.

Windows supports biometric features like fingerprint scanners. You can disable Biometrics using this immunizer, if you feel unsafe about your biometric data on your computer.

Windows 10 October 2018 update (also called 1809) allows to synchronize your clipboard with the cloud to be able to access it from all machines you are logged into.

While this can be a helpful feature for some, others use password managers to store sensible data, and use the clipboard to paste it into software or websites.

We regard the cloud sharing of clipboard information to be an unnecessary risk. We recommend to use this protection.

Cortana is Microsofts voice assistant. To be able to give you answers on your personal data, it needs access to it. If you do not intend to use Cortana, we recommend that you use this immunizer to disable it.

This immunizer adds restrictions to Microsofts voice assistant Cortana, including for example blocked access to contacts.

Windows 10 includes a Maps app, which sports an offline mode. To avoid the offline maps to be updated automatically without your consent, we recommend to disable auto updates. This will ensure no updates will take place on metered connections (where Windows does not recognize you’re on such a connection) or while doing things that require a highly responsive Internet, like gaming.

Windows Media Player can look up meta data for CDs and music files played. By using this immunizing, you’re blocking these transmissions of meta data. Recommended if you do not need Media Player to display more information than locally available.

Windows Media Player has a preference for Usage Tracking. Use this immunizer to disable that.

OneDrive is Microsofts online storage that can be used like a local drive in Windows.

If you do not use OneDrive, we recommend to use this immunizer to let Windows know you do not intend to use OneDrive.

OneDrive is Microsofts online storage that can be used like a local drive in Windows.

If you do not use OneDrive, we recommend to disable the OneDrive services.

Quoting Microsoft:

In the Windows Feeds area, you can choose which apps have access to your diagnostic information.

Disable using this immunizer.

Microsoft Window monitors the health of your hard disks as part of its telemetry. This causes your disks to spin up once per hour.

To avoid this part of Windows’ telemetry, you can use this immunizer.

This immunizer is for Enterprise customers. It follows Microsoft documentation (issue 19):

Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following

The following registry steps are applied by this immunizer.

When pinning a site to the Start menu, Microsoft Edge can gather Live Tile metadata from ieonline.microsoft.com.

If you do not want Microsoft to be contacted on pinning sites as tiles to the Start menu, use this immunizer.

Windows Recall is a Windows feature that records screenshots during your computer use, extracts any texts and stores them in a separate database, and allows you to browse this history, see Microsoft Windows 11: Retrace your steps with Recall.

The AI in use for this feature is running locally. Manually defined websites can be excluded from recording, and you can temporarily disable this feature.

We regard this as a privacy nightmare – you wouldn’t run around with a camera recording your real live 24/7, right? – and have added it’s disabling as a recommendation to the software.

Windows Spotlight shows information on the lockscreen (e.g. changing backgrounds), action center and in settings.

To reduce communications were not necessary, we disable Spotlight in the places mentioned above when you select the maximum level.

Microsoft uses diagnostic data to determine which tips to show you. You can disable showing tips using this immunizer.

This setting allows you to control whether Windows is allowed to access your accounts location. This can be a useful feature, e.g. for finding lost devices – disable only if you are sure you do not need location based services like this.

It is recommended to disable this part of Windows to avoid that data is collected and sent to Microsoft.

Quoting a public description of the Inventory Collector:

The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.

AIT stands for Application Impact Telemetry. AIT is a part of Microsofts Customer Experience Improvement Program, which is described by Microsoft with these words.

When you choose to participate in the CEIP, your computer or device automatically sends information to Microsoft about how you use certain products. Information from your computer or device is combined with other CEIP data to help Microsoft solve problems and to improve the products and features customers use most often.

This immunizer will disable the AIT part of CEIP.

AIT stands for Application Impact Telemetry. AIT is a part of Microsofts Customer Experience Improvement Program, which is described by Microsoft with these words.

When you choose to participate in the CEIP, your computer or device automatically sends information to Microsoft about how you use certain products. Information from your computer or device is combined with other CEIP data to help Microsoft solve problems and to improve the products and features customers use most often.

This immunizer will disable the AIT part of CEIP.

Windows Consumer Features will automatically install some apps suggested by Microsoft.

We highly recommend to use this immunizer to block this Windows 10 feature.

Using the Background Access Applications immunizer, you can stop Microsoft Windows 10 from starting some apps in the background.

We recommend this option to give you more control over what runs on your computer at any given time.

CEIP stands for Customer Experience Improvement Program. If enabled, it collects and sends user experience data to Microsoft to improve future versions of Windows.

It is described by Microsoft with these words.

When you choose to participate in the CEIP, your computer or device automatically sends information to Microsoft about how you use certain products. Information from your computer or device is combined with other CEIP data to help Microsoft solve problems and to improve the products and features customers use most often.

We can disable CEIP using Group Policies.

CEIP stands for Customer Experience Improvement Program. It collects and sends user experience data to Microsoft to improve future versions of Windows.

It is described by Microsoft with these words.

When you choose to participate in the CEIP, your computer or device automatically sends information to Microsoft about how you use certain products. Information from your computer or device is combined with other CEIP data to help Microsoft solve problems and to improve the products and features customers use most often.

We can disable the Scheduled Tasks that exist for CEIP.

This setting allows you to control whether Windows is allowed to access your device location. This can be a useful feature, e.g. for finding lost devices – disable only if you are sure you do not need location based services like this.

Windows Error Reporting, or simply WER, transmits information about crashing applications to Microsoft.

We usually recommend to keep using this feature, but if you want to deactivate it, you can use this immunizer.

Windows Error Reporting, or simply WER, transmits information about crashing applications to Microsoft.

We usually recommend to keep using this feature, but if you want to deactivate it, you can use this immunizer.

Windows Feedback is a feedback and telemetry system build into Windows 10.

Unless you want to actively participate by providing Feedback to Microsoft, we recommend to use this immunizer to disable Windows Feedback.

Windows Feedback is a feedback and telemetry system build into Windows 10.

Unless you want to actively participate by providing Feedback to Microsoft, we recommend to use this immunizer to disable Windows Feedback.

Microsoft can collect your handwriting information on tablet computers to improve their handwriting recognition.

It is described by Microsoft as:

Data about handwriting samples sent from the Handwriting Panel is used to help Microsoft improve handwriting recognition.

This immunizer allows to disable all location services on Windows.

As a security measure, we recommend to disable access to attached cameras on Windows’ lock screen.

This immunizer blocks even more Windows servers than those blocked by Telemetry Hosts. It is recommended only to those wanting maximum privacy and a minimum of Windows background connections.

The Windows Advertising ID is used by Microsoft to provide so called relevant ads. It allows apps to track your identity over app borders.

Microsoft describes the ID with these words:

Windows generates a unique advertising ID for each user on a device, which app developers and advertising networks can use to provide more relevant advertising in apps. When the advertising ID is enabled, apps can access and use it in much the same way that websites can access and use a unique identifier stored in a cookie. Thus, app developers (and the advertising networks they work with) can use your advertising ID to provide more relevant advertising and other personalized experiences across their apps.

The Remote Registry service allows your computer registry (a configuration storage) to be accessed and modified from remote computers.

This can be useful in corporate networks, but we recommend to disable it on private computers.

The immunizer allows you to disable the Sensors feature of Windows. This feature provides application with access to features like your location.

This immunizer can block useful features like auto-adjustment of screen brightness and should be used only when maximum privacy is your goal.

The immunizer allows you to disable the Sensors feature of Windows. This feature provides application with access to features like your location.

This immunizer can block useful features like auto-adjustment of screen brightness and should be used only when maximum privacy is your goal.

Steps Recorder is a Windows tool to record your screen. This can have legit reasons, e.g. when you want to record some steps to provide them to a support instance.

If you feel saver if it cannot run and record, use this immunizer, which uses a group policy to stop it.

The Steps Recorder can record usage steps, including pictures of your screen. Microsoft describes its purpose with these words:

Steps Recorder (called Problems Steps Recorder in Windows 7), is a program that helps you troubleshoot a problem on your device by recording the exact steps you took when the problem occurred. You can then send this record to a support professional to help them diagnose the problem.

We recommend to disable this feature unless you are asked to use Steps Recorder by a trusted person.

Without this immunizer, Windows might send home diagnostic data to adjust personalized ads (Source).

This immunizer sets the Diagnostics Tracking (also called Connected User Experiences and Telemetry) to be blocked in the Windows’ Firewall.

Microsoft describes it as:

The Diagnostic and Telemetry service collects diagnostics information about functional issues on Windows systems that participate in the Windows Customer Experience Improvement Program (CEIP). CEIP reports don’t contain contact information, such as your name, address, or telephone number. This means CEIP won’t ask you to participate in surveys or to read junk email, and you won’t be contacted in any other way.

It is required if you want to use the achievements system in some Windows games. If you do not rely on this feature, we recommend to disable this option.

This immunizer applies a Windows setting that lets Windows know it should not use telemetry.

This immunizer blocks access to a few dozen Internet servers that are contacted by Windows to submit telemetry data.

This immunizer disables the Diagnostics Tracking in Windows, also called Connected User Experiences and Telemetry.

Microsoft describes it as:

The Diagnostic and Telemetry service collects diagnostics information about functional issues on Windows systems that participate in the Windows Customer Experience Improvement Program (CEIP). CEIP reports don’t contain contact information, such as your name, address, or telephone number. This means CEIP won’t ask you to participate in surveys or to read junk email, and you won’t be contacted in any other way.

It is required if you want to use the achievements system in some Windows games. If you do not rely on this feature, we recommend to disable this option.

Microsoft might use your computer and bandwidth to share their updates with other Windows users. This they call Delivery Optimization.

Microsoft described Delivery Optimization with these words:

Windows updates, upgrades, and applications can contain packages with very large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization can accomplish this because it is a self-organizing distributed cache that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based Windows Update servers.

We set this to the useful setting that shares updates within your local file, not allowing to share updates over your Internet connection, to avoid slowdowns and possible additional costs for your bandwidth.

Microsoft describes the activity history on their website as:

Activity history in Windows 10 helps keep track of the things you do on your PC. It’s the apps and services you use, the files you open, and the websites you browse—and when you do these things. Your activity history is collected and stored locally on your device, and if you’ve signed in to your PC with a Microsoft account and given your permission, Windows sends your activity history to Microsoft. Once your activity history is in the cloud, Microsoft uses that data to enable cross-device experiences, to provide you with personalized experiences and relevant suggestions, and to help improve Microsoft product and services.

We recommend that you use this immunizer to disable this feature.

The Windows start menu has a web search integrated. This means that all keywords you type into the start menu to search for apps or documents might be searched for on the Internet. Since Internet connections are rarely anonymous, this would allow Microsoft to create profiles of your local searches. We recommend to disable this option.

WiFi sense is a Microsoft system that tracks your usage of wireless networks and initially was designed to automatically share your networks with friends or even friends of friends without sharing passwords.

In Windows 10 version 1803, Wi-Fi Sense was removed.

We recommend to apply the immunizer for Wi-Fi Sense to stop sharing your network details with Microsoft.

By using this immunizer, you can stop apps sharing and syncing non-explicitly paired wireless devices over uPnP. This immunizer is recommended.

Let’s read what Acer states about the Acer User Experience (AUE) Improvement Program does:

The Acer User Experience app is used to collect customer behaviors when using Acer PC products and send the information back for further analysis. This aids in improving the user experience and satisfaction of new products or updated versions of existing products.

What Acer does not tell is which data exactly is collected and transmitted, which would be essential for any data collection.

We recommend to disable this immediately if it was pre-installed by Acer on your computer.

SmartByte is a service intended to boost network speed while streaming on Dell computers.

It sometimes comes preinstalled and users do not feel notified about it’s telemetry, which caused it to be targeted by this immunizer.

HP CEEment is a telemetry module that is part of HP software.

HP itself describes CEEment as:

CEEment stands for Customer Experience Enhancement. CEEment (HPCEE.exe) is the reporting tool that HP uses to collect and study anonymous data. You can activate CEEment when you set up your computer. Or, you can activate using HP Advisor or HP Support Assistant at any time.

Some of the data reported using CEEment includes your model number, OS, region, locale, and BIOS version. If you wish to know specifically which data was collected, launch HP Support Assistant. Click Settings, scroll down to the bottom of the Health Analysis tab, and then click View information collected by HP.

HP Touchpoint Analytics is a telemetry module pre-installed on HP devices.

Reports about this can for example be found on ComputerWorld: HP stealthily installs new spyware called HP Touchpoint Analytics Client. Details on collected data can be found at this AskWoody post and include lists of installed hard- and software.

• ApplicationsInstalled
• Battery
• Biosphere
• Bios
• DiskLogical
• DiskPhysical
• DiskSelfTest
• Display
• DriverCrash
• EnvironmentVariable
• Graphics
• HPBios
• HPBiosSensors
• HPITImage
• HpsaMessages
• HpsaUpdates
• InstalledWindowsUpdates
• MemoryPhysical
• Memory
• Network
• OperatingSystem
• PnPDevice
• PnPDriver
• Processor
• RealTimeClock
• Security
• SmartDrive
• StorageUsage
• System
• SystemSlots
• SystemStateMonitor
• SystemState
• Thermal
• WebHistory
• WindowsEvents
• WindowsProcesses
• WindowsServices
• WindowsUpdates

Using the Intel Computing Improvement Program, you share a lot of personal information with Intel. Here is an excerpt from their Privacy Policy, showing what kind of data gets collected and transmitted.

If I participate in the Intel® Computing Improvement Program, what data is collected and how is it used?

Intel wants to provide the best computing experiences. To accomplish this, we would like your permission to collect, use, and combine information to understand:

• The categories of websites you visit, but not the URL itself
  
• How you use your computer
  
• System information from your computer
  
• Other devices in your computing environment

Usage information contains:

• Software usage: for example, frequency and duration of application usage such as Intel® Driver & Support Assistant, but not the application content itself such as specific actions or keyboard input.
  
• Feature usage: for example, how much RAM you usually use or your laptop’s average battery life.
  
• Other devices in your computing environment
  
  • Includes universal plug and play devices and devices that broadcast information to your computer on a local area network: for example, smart TV model and vendor information, and video streaming devices.
  
  
• The categories of websites you visit, but not the URL itself,
  
  • The information collected includes categorized web browsing history that shows how long and how often you visited specific categories of sites (i.e. social media, personal finance, or news). All site visits are classified into one of 30 categories. We do not collect URLs, web pages titles, or user-specific content without explicit permission from you.

Collected system information contains, but is not limited to:

• Your device manufacturer
  
• CPU model
  
• Memory and display configuration
  
• OS version
  
• Software versions
  
• Region and language settings
  
• Regional location and time zone

If I participate in the program, is there any personal information in the data collected?

The information we collect:

• Will not include any directly identifying personal information such as name, email address, IP address, or MAC address
  
• Will not include the URL (web address) for specific sites visited
  
• Will not be used to identify or contact you

If these types of information are requested from you, you will first be prompted for additional consent.

The information we collect does include a randomly generated identifier that allows combining information from your system over time to better understand usage trends.

How is my data shared?

The information collected may be shared with Intel partners who are required to keep this information confidential and limit usage in accordance with your consent. For more information see intel.com/privacy

The information collected may be processed by authorized service providers who are required to keep this information confidential and limit usage in accordance with your consent. For more information see intel.com/privacy

Lenovo Customer Feedback Program can be preinstalled on Lenovo systems and communicates telemetry data over the Internet.

Lenovo itself describes this telemetry:

In Windows 8, 8.1 and 10, Lenovo may also include an application in the preload called “Lenovo Experience Improvement”. This keeps track of what preloaded applications are uninstalled within the first 90 days of system use. The data is uploaded to a server in the United States at various times during the first 90 days. The data does not include any personally identifiable information (PII)

It can be argued that transmitting data always involves IP addresses, which are regarded as PII by many legislations.

Lenovo Experience Improvement collects telemetry data on Lenovo systems.

The website Should I Remove It? describes it as:

The Lenovo Experience Improvement application is an option program that is pre-installed with various PC models. It is designed to provide feedback to Lenovo about the user’s usage and overall experience using the computer by reporting any errors, etc. […] Regardless if the user decides to participate, the program will install itself in the Startup using the Windows Startup Task Schedule arn will launch on reboot/login. Removing the software is safe and will not effect the functionality of the laptop as it is not required.

Adjust is an app analytics platform. They advertise their product for example with how this company used it:

Find out how ABA English did it

By syncing comprehensive in-app and campaign data to their own business intelligence system, ABA English have created in-depth user behaviour models which have enabled them to see exponential growth. In three short years they’ve acquired over 12 million users, with the majority of them using their apps.

Discover how they….

Tracked all in-app events and synced all data back to their own BI platform to tie together the entire user journey

It is used in popular software like Avira Antivirus or G-DATA Internet Security Light, rendering them Tracking Software or Spyware.

Quoting Adobe:

Marketo Engage uses in-depth profiles, real-time behavioral and demographic data, and the power of AI to personalized web experiences, landing pages, emails, and more. Even anonymous visitors get experiences hand picked just for them.

Appsflyer is a marketing analytics platform according to their own website:

AppsFlyer is the world’s leading mobile attribution & marketing analytics platform, helping app marketers around the world make better decisions.

AppsFlyer’s People-Based attribution breaks down data silos providing marketers with unified access to data on every touchpoint along the user journey.

It has been added because we encountered apps that do not inform the user about the use of AppsFlyer. Since any contacts to third parties can be regarded as sharing PII (Personally Identifiable Information) in the European Union (IP addresses are PII), software using third party web servers can be regarded as tracking, and without proper information, consent and control, as Spyware.

Avocet is an advertisement network.

It has been added because we encountered apps that do not inform the user about the use of Avocet. Since any contacts to third parties can be regarded as sharing PII (Personally Identifiable Information) in the European Union (IP addresses are PII), software using third party web servers can be regarded as tracking, and without proper information, consent and control, as spyware.

CloudBees allows publishers to track rollout of software:

CloudBees Feature Management is a feature flag management solution used by engineering and product teams to mitigate release risk and improve developer productivity and by product management teams for ultimate control and measurement of feature releases.

While in itself this is a useful feature, tracking through third party services requires information to the user. CloudBees was added because it was seen in use without user information.

Fiksu was found to be used, among other trackers, by the password manager LastPass, on Android.

Firebase Crashlytics is a platform that allows developers to track crashes:

Firebase Crashlytics is a lightweight, realtime crash reporter that helps you track, prioritize, and fix stability issues that erode your app quality. Crashlytics saves you troubleshooting time by intelligently grouping crashes and highlighting the circumstances that lead up to them.

Our issue with Crashlytics is that it is often implemented to track more, often tracking and submitting even every application start:

Crashlytics automatically starts collecting crash reports as soon as you add the SDK, but you can also customize your setup by adding opt-in reporting, logs, keys, and even tracking of non-fatal errors.

Google Analytics is an analytics platform used by many mobile and desktop apps.

It has been added because we encountered apps that do not inform the user about its use. Since any contacts to third parties can be regarded as sharing PII (Personally Identifiable Information) in the European Union (IP addresses are PII), software using third party web servers can be regarded as tracking, and without proper information, consent and control, as Spyware.

HockeyApp is, among other things, an analytics platform:

Distribution, crashes and analytics are just a part of the story. We’ve built App Center with powerful new features and services that help you build better apps in record time.

HockeyApp is transitioning into Microsofts newer App Center. It has been since we’ve seen this analytics platform used without user information, consent or control, e.g. by BitDefender security solutions, rendering them Spyware.

Quoting Hotjar:

Traditional web analytics tools help you analyze traffic data. But numbers alone can’t tell you what users really do on your site — Hotjar will.

LogMeIn is a business communication platform that uses telemetry. We encountered access to their telemetry servers probably coming from a LastPass installation, without active user consent, thus we regard it at least as tracking.

Mixpanel is an app analytics platform allowing to analyze user behaviour:

Analyze user behavior across your sites and apps. Then send messages and run experiments from what you learned–all in Mixpanel.

It is used in popular software like Avira Antivirus, rendering them Tracking Software or Spyware.

Mopub is an advertisement network.

It has been added because we encountered apps that do not inform the user about the use of Mopub. Since any contacts to third parties can be regarded as sharing PII (Personally Identifiable Information) in the European Union (IP addresses are PII), software using third party web servers can be regarded as tracking, and without proper information, consent and control, as Spyware.

ThreatMetrix is a port scanner used by some shop websites without user consent. A German analysis can be found here. For security and privacy reasons, we strongly recommend to use this immunization.

Paddle is a payment provider that can include analytics. Contact to analytics.paddle.com is sometimes made without user consent. One known case is GPG Tools for macOS, where analytics.paddle.com might be reported install of vendors.paddle.com due to the shared IP. Even a license activation endpoint should be mentioned in a privacy policy though.

Pushwoosh hit the press as russian software, disguised as American software, used e.g. by the army. Full Reuters article here.

The background seems to be that the Delaware company did outsource work to a Russian company, but claims to have terminated that in February 2022.

Two important quotes from the Reuters article are:

“Pushwoosh collects user data including precise geolocation, on sensitive and governmental apps, which could allow for invasive tracking at scale,” said Jerome Dangu, co-founder of Confiant, a firm that tracks misuse of data collected in online advertising supply chains.

“The data Pushwoosh collects is similar to data that could be collected by Facebook, Google or Amazon, but the difference is that all the Pushwoosh data in the U.S. is sent to servers controlled by a company (Pushwoosh) in Russia,” said Zach Edwards, a security researcher, who first spotted the prevalence of Pushwoosh code while working for Internet Safety Labs, a nonprofit organization.

Pushwoosh advertises itself as:

Get in close contact with your audience on mobile and web. Convert higher engagement into monetary value with customer-centric messaging fueled by Pushwoosh.

In the current global situation, we don’t really want to have e.g. geolocation of U.S. soldiers processed in Russia. But since it clearly is collecting telemetry data, it earns it’s place on the Anti-Beacon list for that alone.

RedShell is a tracking module that comes shipped with games like Civilization VI, The Elder Scrolls Online, the Total War series and more.

Twilio describes Segment as a cross-platform analytics data collector:

Use one API to collect analytics data, across any platform.
Join 20,000+ businesses that use Segment’s software and APIs to collect, clean, and control their customer data.

Segment is one of a bunch of trackers used without user notice in LastPass, as reported for example on AndroidPolice, referencing e.g. Exodus and researcher Mike Kuketz.

Used e.g. in games like Stellaris from Paradox Interactive before the user has a chance to accept the privacy policy, Braze offers “Reporting and analytics”.

We did add this as a possible tracking platform, and recommend to immunize.

Games from Paradox Interactive like Stellaris (installed through Steam) include telemetry that is performed even before the privacy policy is shown.

This is a recommended immunizer.

TrackJS is a Javascript library to track errors on websites. It is loaded with each page load, thus allowing tracking, and reports even regular console output, which can be a security issue when used in combination with code with low security that dumps debug information to the console.

In games like Stellaris from Paradox Interactive, it is used before any privacy policy is shown, thus without user consent.

This immunizer is recommended.