From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [IPv6:2a01:e0c:1:1599::15]) by sourceware.org (Postfix) with ESMTPS id 3E1D0385DC1F for ; Mon, 11 May 2020 16:25:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 3E1D0385DC1F Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=free.fr Authentication-Results: sourceware.org; spf=none smtp.mailfrom=akiki@free.fr Received: from zimbra76-e14.priv.proxad.net (unknown [172.20.243.226]) by smtp6-g21.free.fr (Postfix) with ESMTP id 5E6C1780375 for ; Mon, 11 May 2020 18:25:01 +0200 (CEST) Date: Mon, 11 May 2020 18:25:01 +0200 (CEST) From: akiki@free.fr To: cygwin Message-ID: <331531811.-1550186875.1589214301322.JavaMail.root@zimbra76-e14.priv.proxad.net> In-Reply-To: <1325932087.-1622514822.1587585031094.JavaMail.root@zimbra76-e14.priv.proxad.net> Subject: Very dangerous hacking ? Surprising relationship between cygwin and Microsoft MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [185.230.125.94] X-Mailer: Zimbra 7.2.0-GA2598 (ZimbraWebClient - GC81 (Win)/7.2.0-GA2598) X-Authenticated-User: akiki@free.fr X-Spam-Status: No, score=0.5 required=5.0 tests=BAYES_50, FREEMAIL_FROM, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2020 16:25:13 -0000 Hi, On doing an habitual "cygcheck -rs", I was interrogated and ALARMED to see some register keys speaking cygwin : HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\ microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cygwin.com (default) = 0x00000000 NumberOfSubdomains = 0x00000001 HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\ microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cygwin.com (default) = 0x00000000 NumberOfSubdomains = 0x00000000 Examining the registry under cygwin: cd /proc/registry/HKEY_CURRENT_USER/... ; Positioned on Internet Explorer\, I found 4 sub-keys : DOMStorage DomStorageState EdpDomStorage Main These keys are very populated : "ls -lR|wc -l" give me 1285 lines, and I can read many traces of my use of internet about bank vpn ... For DOMStorage an EdpDomStorage a list of URL is indicated with dates between July 2019 and Apr 2020 The values attached to cygwin.com URL as for others are 4 bytes values - no clear meaning. To conclude, Microsoft spy and register all sites you access, cygwin.com in particular. I hope only with Edge, but I am not sure of that. I have never see in cygcheck, such reference to cygwin with chrome, firefox , opera ... May be something is done to mask them. Sorry for my bad English.