Cryptocurrency Mining

Cryptocurrency is the term given to currency such as bitcoin, ether, or any of the other digital currencies out there. So how does this work?

Cryptocurrency runs on what is called a blockchain, a ledger or document that is duplicated over networks of computers. As this is updated, it is made available to the holder of cryptocurrency. Every transaction is recorded of every cryptocurrency. The blockchain is run by miners. Their computers tally up the transactions. They update the transactions and also make sure of the authenticity of the information received. In payment, miners are paid fees for each transaction. The buyers and sellers agree on the value of the cryptocurrency as it fluctuates.

The transactions are made peer-to-peer without a mediator like a bank. The buyer and seller do not know who the other is, but everyone in the blockchain knows about the transaction as they are made public.

If I wanted to buy something that costs $10,000, and find a seller that accepts cryptocurrency, I would try to find out the current exchange rate get the public cryptocurrency address, say bitcoin, and we would stay anonymous to each other. I would then have my Bitcoin installed to his computer, say 10 bitcoins rated at $1000 each. My bitcoin client would sign the transaction with his private key. The transaction would be verified and transferred and recorded.

Cryptocurrency mining includes adding transaction to the blockchain and releasing new currency. They use special computers, hardware and software, to do this. Lately they’ve taken to using browsers and apps for cryptomining. There is a javascript that they can add to your website. Sometimes they will let you know they are using this, sometimes not. When it was first used it didn’t generate that much money for the miners but now that bitcoin rates have increased, it seems there has been another surge with it.

Coinhive is an alternative to browser ad revenue. They have a javascript for people to put on their website. They are using your computer to mine the bitcoin. Mining takes a lot of power so they look for other ways to use it. A good ad blocker can prevent you from using some of these types of sites. I just got the message from my adblocker when trying to get to coinhive.com. It is used to mine a cryptocurrency called Monero. The owners of the site get 70% of the currency and Coinhive gets the rest. You may never even know it is taking place if you visit a site using this, except maybe your computer runs a little slower. Users with WordPress can even get a plugin for using Coinhive.

One month last year, Malwarebytes blocked 248 million attempts to borrow resources from the Coinhive script. Many of the sites using Coinhive are porn sites or heavily covered with ads anyway. A good antivirus or ad blockers can help. You can also turn off javascript from your browser. Download and use Opera which will block cryptocurrencies.

Coinhive cryptomining scripts were found recently in 19 apps in the Google Playstore. One of the apps had over 100,000 users. They have since been removed from the store.

Here are some of our source articles to find out more:
https://www.benzinga.com/
https://www.symantec.com/
https://www.pcmag.com/
https://www.bleepingcomputer.com/
https://thenextweb.com/

Has this ever happened to you?

You are browsing the Internet and maybe you look at some items and then it seems every where you go you are seeing the same things or related items that you just looked at. Maybe you abandoned a shopping cart or changed your mind about the purchase. Maybe you started filling out a form and stopped in the middle of it. They can’t possibly know what you typed, right? Or can they?

In an article by Motherboard.com, they cite a study done by Princeton University about boundaries. Or rather “No Boundaries.” How do you think Pinterest or Facebook or other social media sites get the information? There are sites such as FullStory that allow website owners to capture every keystroke a user makes. They use “session replay” scripts to capture what the customers are doing on their sites. You can see some of the major companies who use fullstory.com here.

Now more than ever it is important to read websites’ terms and conditions. They may collect things like medical conditions, personal data, credit card info. Passwords may even be “accidently” included in the data.

So what can you do? Run AdBlock Plus in your browser. According to the Princeton study, AdBlock has been updated to block all these scripts, thanks to the study.

This video shows FullStory capturing a user’s data as it is being entered into a form.

Terms of Use

A member of the Victor crew just finished a thriller book obtained through Amazon Prime’s KindleFirst program. It is called Terms of Use by Scott Allan Morrison. The premise is there is a social network called Circles. They undergo a cyber attack. Soon one of the workers is murdered and the main character, Sergio Mansour, uncovers evidence of a conspiracy but he has somehow become the suspect.

On the run with his new girlfriend, Malina, they try to figure out what is going on. Not knowing it in the beginning, Sergio finds out Malina’s sister was murdered and blames it directly on Circles. Not knowing who he can trust he works it out with Malina and they continue to find the truth.

The crux of the mystery is that what was found was “socialbots,” bots that parade as people and interact with people and learn using AI algorithms. The bots were going to be used in a bigger plot to sway people to vote for a certain president whose agenda was to bring the US to own over a third of the earth’s rare earth metals. Once in, a Chinese diplomat was going to blackmail him into not doing this as China would lose out a lot of their economy over this.

The scary part was reading about what the socialbots did. How many times do we “friend” someone that is a friend of a friend that we don’t know. That is how the socialbots got onto so many contact lists. You figure, hey they know them so they must be ok. Then the ideas from their feeds find their way onto your feed and can sway the population that easily. When people signed up, it was said their profile could be used in experimentation and since they clicked the button it was ok. How many of us read the terms of use pages, really? Something to think about.

Password security

We’ve talked about passwords before and yet it is such an important thing because of all the breaches we see. Some people say they don’t have anything that important so it doesn’t matter or they say they need to use the same password for everything.
This is a totally bad practice and attitude to have about this. Think about all your accounts where you have purchased items, or your banking or credit card accounts. Do you really want to use the same password for everything? Once they breach one account, say your email, they can look through that to find what other accounts you are subscribed to and have a field day. This is even how identities are stolen.

Here are some things you can do:
Go to HaveIBeenPwned.com and check your email for pwnage.
Also click on their password tab and check to see if your passwords are on any common lists.
Use a password manager like LastPass.
Use 2 step verification. Use an authenticator, too.

Once you download LastPass, set it up with a hard to hack easy to remember password (the first video below gives some suggestions on how to find one.) You can then import all the passwords saved to your browsers. Once you have LastPass you can also run a kind of audit check for recommendations on which passwords to change – it will show you duplicates or not so secure passwords you already have.

Firefox Quantum

Firefox just got faster. Two times faster. This past week, Firefox updated to Firefox Quantum (Version 57.0.) There are two versions – one for regular browsers and one for developers. It is built on a new engine for better and faster page loading. It also will use less memory than previously, and they say it is 30% lighter than Chrome.

It has built in privacy modes. You can block even hidden trackers by turning on tracking protection. When you block the ads and scripts that are bogging you down, the page loads even faster.

If there’s a page you want to see later, you can save it to Pocket to view later. There is a library where it will place these articles as well as your bookmarks. You can search with other search engines with just a click. You can also customize it with themes or placement of icons for your tools and addons. You can take screenshots without adding an extension – it’s built right in.

Whaling Attacks

We recently came across the term “whaling” so of course, we needed to know more about it. Here is what the Victor crew found out. It is a form of phishing aimed at high-profile business executives, managers, CEOs, etc. They are going after the “big fish.” The emails sent to them are more official looking and target a particular person. A regular phishing attack usually goes out to a lot of people trying to lure anyone. Whaling is also considered “spear phishing” where it is an attempt to target an individual person or company.

As with phishing, whaling is used to get a person to reveal sensitive information, such as login credentials, to an account. They do this by trying to scare the individual into giving this information up.

Whaling goes so far as to make a web page or email that looks like the legitimate one. You may even be enticed into downloading a program in order to view a page or to get your information. It may come in the form of a false subpoena, message from the FBI, or some kind of legal complaint against you.

Be aware of what you are clicking. If you can, hover over the link and see where it is taking you. Try putting the URL in an analyzer, such as VirusTotal or TrendMicro to see if it is safe. If in doubt, don’t click or download anything you are unsure of.

Other Uses for Social Media

Maybe you love, maybe you hate it but social media is here to stay. Many people used it as their lifeline during the past storm in Texas, known as Harvey. Many used Twitter or Facebook or Instagram to let people know they were in stuck and needed to be rescued. Still others used social media to let people know they were able to help.

The U.S. Coast Guard preferred for people to call them or 911 but people had trouble getting through. People even turned to Airbnb to offer their homes as shelters for those in need. The Hurricane Harvey Texas Rescue Facebook group offered ways to help those trapped or in need of rescue.

Passwords: should you use the one you want?

If you are looking for a password, you can check to see if the password you want to use has ever been used. Just go to the Have I Been Pwned website and look at the Passwords link. They now have a list of the passwords that have been breached. You can test your password against it and it will tell you if it’s been breached but it will also tell you it may not be a good password even if it’s not been breached.

Here is what you get if your password has been used before and found on a breach list:

Have I been pwned Pwned Passwords - yes

Here is what it looks like if it hasn’t:

Have I been pwned Pwned Passwords - no

About Blikis

So what is a bliki? The Victor crew came across this work and wondered. Well, in short terms it is a mashup of BLOG and WIKI. Blog is already a shortening of weB LOG. WIKI is a Hawaiian word meaning quick. So let’s look at all these terms.

What is a blog?
A blog is posts put on a site diary-style. People use them to report news, rant, keep journals, etc. They are quite popular. If you have a blog, you are probably the only who posts on it. Some blogs may have guest authors contributing or employees if it is a news blog. There are many popular blog softwares out there such as WordPress, Blogger, Typepad. In the case of WordPress, you can either use their blog at wordpress.com or download the software at wordpress.org and install it yourself using your own domain.

What is a wiki?
A wiki is usually run on wiki software. It generally doesn’t have just one owner or leader but rather is open to the public to edit or to a group of users to edit. This is not as carefully planned out since anyone can contribute. There may be misspellings, poor grammar, etc. Wikipedia is probably the most popular wiki. Wikis may also not be reliable as to its actual content as we are all humans and have our own opinions and experiences that may influence our contributions.

What is a bliki?
So now we come to explaining this. Some explanations are that it is a blog with wiki support, or a blog that allows others to edit and contribute. This goes beyond the usual comments only you would find on a regular blog. There are wiki plugins for WordPress.

Google Maps Tips

The Victor crew found an article on PCMag.com about some things that you can do with Google Maps mobile app that not everyone may know about. From this app, you can add stops, you can hail a ride (taxi or Uber, for instance), travel through time in Street View, create a private map, remember where you parked. These are just a few of the tips listed along with short videos.

Ransomware

The Victor crew has heard a lot of news lately about a cyber attack nicknamed WannaCry using ransomware. Ransomware is holds an infected computer hostage until a ransom is paid, usually in bitcoin, money that is virtually untraceable. This latest attack has caused global problems. In the UK, hospitals have been attacked. In the US, FedEx fell victim. If you use a Macintosh computer you are most likely safe as these attacks are targeted at PC users. If you are still running Windows XP you are even more vulnerable as there are no more patches being made for these systems.

Here are some things you can to do to prevent this from happening to you:

Keep your computer up to date. Do the patches for your operating system.
Make sure to do security updates for your security service.
Only open attachments from the person you know and trust.
Be careful of programs or other items you may want to download.
Back up your computer to an external hard drive.
Keep copies of your files on cloud services.

If you do get infected and don’t want to pay the ransom, which has been about $300-$600, you will have to flatten your machine (reinstall your OS). If you have kept your files on a cloud service or on an external hard drive, you will have defeated them. You will need to reinstall all your programs if you haven’t backed up the entire system.

The predictions are that today there will be even more as people turn on their computers if they haven’t been kept up to date.

Sources:
http://www.foxnews.com/tech/2017/05/15/ransomware-how-to-protect-yourself.html
http://abcnews.go.com/US/simple-things-protect-ransomware-attacks/story?id=47410339

Why it’s important to keep doing your updates

The Jody Victor crew ran across an article that is truly disturbing.

A flaw in Microsoft Office given the ID CVE-2017-0199 has quite a history. This vulnerability allowed remote attackers to use Microsoft products to execute arbitrary code and take over computers. Ryan Hanson found the flaw last year. He spent some time to see if it could be made more deadly before contacting Microsoft in October 2016. Microsoft did not patch this right away. If they told people of a change in Word settings that would fix the flaw, then word would be out that there was a flaw with more ramifications.

They decided to release a fix in a later update. However, they sat on it and took their time. They started working on a solution in January but attacks had already begun. Through links in email, computers were infected with software that allowed eavesdropping. McAfee saw some attacks on April 6 of this year and blogged about it April 7. April 9, a program was for sale underground for hackers to exploit the flaw. On Tuesday, April 11, the flaw was finally patched in an update.

They don’t know how many computers were hacked or how much money was stolen before this exploit was patched. If you don’t automatically patch your PC, please do so now!

Source:
http://www.reuters.com/article/us-microsoft-cyber-idUSKBN17S32G

New type of phishing attacks affecting browsers

The Victor crew came across an urgent matter. If your browser is Chrome or Firefox, be aware of a new phishing attack. An attacker can send you an email with a link to a malicious website. You could visit a site that will either infect your computer or make you think you are signing in with your credentials as they trick you into thinking you are accessing the correct site.

The people from Wordfence, a security plugin for WordPress found this last Friday, April 14, 2017. They set up a demo site to show what is happening. It is well worth it to check their article and see if you are affected and what to do. They have set up a demo using a medical site, epic.com, so you can test your browser and browser settings. You can visit their demo site here in Chrome or Firefox. To compare the demo site with the real site they faked for comparison, you can click here to visit the real site here.

This does not affect Windows or Safari browsers. Currently there is a fix for Firefox browsers. Here is what you do:

Open your Firefox browser
Type about:config in the address bar
Search for ‘puny’ (without quotes)
You should see network.IDN_show_punycode set for ‘false’
Double click it to make it ‘true’

Chrome currently does not have a fix for it.

Server is down

Last week, there was a major outage of Amazon’s cloud servers on the east coast in VA. It lasted a few hours and caused havoc with many websites. It’s not often that this happens, but when it does, it causes problems in many places.

If you use any of their services, you can check the status of their servers here. Even if you don’t keep your website on their servers, you can find some of your apps having problems. Think Alexa, Nest, etc. Some major websites depend on these services as well and you may find them down as well.

If you are having trouble reaching a site, you can go to isitdownrightnow.com. The home page of this site has a list of major services listed with (hopefully) a green box to let you know it is running. It includes sites such as Netflix, Facebook, Youtube, Google, Yahoo, and the like. There is also a list on the right site of sites last checked and some sites that are currently down.

Oh, and human error was blamed for the massive Amazon server outage.

The Victor Crew

Yahoo!

Yahoo has recently been in the news again lately due to yet another problem with data breaches. Having a Yahoo account, this Victor crew member has received an email from Yahoo about it.
Yahoo Email
In this message, they tell me that they are investigating the creation of forged cookies. They say they are taking steps to secure accounts. They say this forged cookie may have been created in 2015 or 2016 and they believe it to be connected to the September 22, 2016 data theft. They also give some actions you can take.

They suggest using a Yahoo Account Key which is something we will investigate ourselves at a later time. This user is on the verge of dismissing this account altogether although it was my first email created back in the 90s. I have added 2-step verification as well as changed the password.

Yahoo Email
Another email as a reminder from Yahoo states a reminder to secure to secure the account. They suggest updating to the Yahoo Mail app on android or iOS. They suggest to turn off insecure apps.

Yahoo Email
As I logged into the account after the above emails, there was a link to update security settings to block apps with less secure login. I am not sure what this entails yet, but will let you know when I find out.

Mobile Phone Number Hijacking

We’ve written a few times about password security. But what if your phone number gets hijacked? This is not having your phone stolen but rather having your phone number taken from you. You no longer can use the two-step verification because someone else has the number they have on file for it. So how does a phone number get hijacked in the first place? The Victor crew wanted to learn more.

It can start with a text that looks like it came from your carrier. It may have a number or a login page for you to enter some information. All they need is your call-in pin and they can start the process of porting your number over to their phone. You actually think you are talking to a representative of your carrier. Once they have your number, they can use the “forgot password” function of all your apps and get a code sent to them to reset the passwords. Think of all the apps you have – your bank, your email, your wallet. So what can you do?

Here are some ideas from Forbes:

  • Put a passcode on your account with your carrier. Make sure whoever you are talking to uses that passcode with you. If a hacker tries to use it, hopefully the representative is on the ball and asks for the passcode.
  • Use the mobile carrier specific email address to access the account. Forbes suggests you have an address as your current primary one, one just for a mobile carrier, and one for all your sensitive accounts like banking. This way your primary account can’t be used to steal your phone number.
  • Disable online access to your wireless account. You will have to go the store to make changes but it won’t get hacked.
  • Ask your carrier to make changes with photo ID required.

Some other thoughts:

  • Use a password manager and let it generate passwords.
  • Don’t have the same security questions on all sites and don’t answer them truthfully.
  • Do not connect your mobile number to sensitive accounts. Create a new Gmail email address and don’t connect a phone number to it. Use Google Authenticator with one-time passcode generator to use it. They suggest using a Google Voice number.
  • Use a security key. Yubikey is a physical security key device. There are also devices you use a USB port for.
  • Use biometric authentication – fingerprint for example.

Can you hear me?

Don’t say yes! If someone calls from an unknown number and asks, “Can you hear me?,” don’t say ‘yes.’ It will be recorded and they will have your voice saying yes in agreement and may use it to authorize changes on a phone bill, utility bill, or credit card bill.

The Victor crew thinks this sounds a lot like the old ‘slamming’ fraud where a phone company would ask you a few questions and if you said ‘yes’ to anything they would change your phone billing method, mostly to a much higher rate with another company.

Right now this is mostly happening in Virginia, although similar complaints came from the Pittsburgh Better Business Bureau in October.

Police are urging people that if they receive this type of call, to hang up immediately and don’t answer.

http://www.foxnews.com/tech/2017/01/27/can-hear-me-scam-has-police-urging-people-to-hang-up-immediately.html

Gmail Alert

If you use Gmail, like many others, the Victor crew wants you to be aware of a new phishing attack going around. This one is even fooling tech-savvy and security conscious people. They are trying to steal usernames and passwords for Gmail.

It starts as an email that appears to come from someone you know and may even have an image of an attachment you might think is from the sender. If you click on it, it will give a preview, like Gmail normally does but instead, a new tab will open and want you sign in to your Gmail account again. Make sure you look at the address bar and see only https://accounts.google.com… If you see “data:text/html,” before it, (data:text/html,https://accounts.google.com/ServiceLogin?service=mail), DO NOT ENTER YOUR LOGIN!

If you think you may have already fallen for this attack, change your Google password.

https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
http://www.pcmag.com/news/351113/dont-fall-for-this-sophisticated-gmail-phishing-scam

Another Data Breach

By now you have heard there was another data breach reported … from Yahoo. This is the biggest breach to date. A while ago they reported a breach of 500 million accounts after which they had contacted people asking them to change their passwords. It turns out there were more than a billion accounts hacked. This included names, usernames, passwords, phone numbers, emails, security questions/answers, backup emails.

If you haven’t already after the breach reported in September, you need to change your password. NOW. If you are using this email account for any other account, you need to change the other accounts as well. People tend to use the same username/email/password combinations. The Victor crew also advises you to turn on 2-step verification. That way if anyone does get into your account, you can be notified.

Bottom line, if your identity and information means anything to you, make sure to keep your information secure as you possibly can. Use a password manager. Use a different password for every site.

Here is what the latest email from Yahoo looked like:

NOTICE OF DATA BREACH

Dear [Name of User],
We are writing to inform you about a data security issue that may involve your Yahoo account information. We have taken steps to secure your account and are working closely with law enforcement.

What Happened?
Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.

What Information Was Involved?
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system we believe was affected.

What We Are Doing
We are taking action to protect our users:
• We are requiring potentially affected users to change their passwords.
• We invalidated unencrypted security questions and answers so that they cannot be used to access an account.
• We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.

What You Can Do
We encourage you to follow these security recommendations:
• Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
• Review all of your accounts for suspicious activity.
• Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
• Avoid clicking on links or downloading attachments from suspicious emails.
Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.

For More Information
For more information about this issue and our security resources, please visit the Yahoo Security Issues FAQs page available at https://yahoo.com/security-update.

Protecting your information is important to us and we work continuously to strengthen our defenses.

Sincerely,

Bob Lord
Chief Information Security Officer
Yahoo

Blast from the Past!

By now, you are (hopefully) running the latest Windows OS (if you’re not a MAC). Here is an interesting page from Richmond University for their faculty staff from 1998 – back when Windows 95 was the latest Windows OS. It shows how to open or close a window on the Windows 95 OS. Very retro.

In case the link gets taken down, the Victor crew gives you this screen shot:

Open and Close a Window

Have a Blessed Christmas!
The Victor crew

TOR networks and the deep web

You may have watched some crime dramas or other shows where the resident geek goes on the deep web or Tor network. Anyone can access this but you need a special browser. Here’s what the Victor crew found out:

Tor stands for “the onion router”. The web addresses will end in “.onion”. You will need to be careful because some of these sites can be nasty and contain scams. It works by anonymizing your activity so it can’t be detected. People in other countries use this if websites are blocked in their country. For instance, they may need to go to “https://facebookcorewwwi.onion/” to access facebook.com/ or “http://3g2upl4pq6kufc4m.onion/” to access DuckDuckGo search engine. you can search the web for more sites. Here is a directory we found: https://thehiddenwiki.org/ that lists some sites.

The Tor browser is slower than your usual browser but people use it to bypass censorship. The Tor Browser is a modified Firefox version that you can download here. Remember to be careful of the sites you visit.

http://www.howtogeek.com/272049/how-to-access-.onion-sites-also-known-as-tor-hidden-services/

Passwords

Yes, another article about passwords. There seems to be new breaches every week of major sites where passwords are compromised. The Victor crew wants to bring home some information about this.

Only 29 percent of consumers change their password for security. The reason most people change their password is because they forgot it. In an interesting study, Type A and Type B personalities offer different insights.

Type A
Bad password behavior stems from their needing to be in control. They believe they are organized but this puts them at risk. 35% of them reuse passwords because they want to remember them all. Detail oriented people have a system to remember passwords (maybe not such a bad thing).

Type B
Their bad password behavior comes from convincing themselves that their accounts matter little to hackers. They prefer a password easy to remember.

Many people know their password is bad yet they use it anyway. Many were found to include initials, names, pet’s names, important dates, and other information readily available on social media sites.

The longer and more complex the password, the harder it is to crack.

The Victor crew

https://www.helpnetsecurity.com/2016/09/29/risky-password-practices/

Ever need music clip for a video?

With all the copyright laws out there, if you need music for videos, here’s a site where you can generate AI music. At Jukedeck, you can choose genre (instruments), moods, and length. They have also have a list of pre-made downloads. Every track is unique and royalty free.

If you set up an account, you can save your downloads for future use. This was originated at Cambridge University by a team of composers, producers, engineers, academics, and machine learning experts.

The downloads are free for small businesses or individuals if you give them credit or $0.99 per download without credit. For businesses with 10 or more employees the cost is $21.99 per download. If you need to buy the copyright, it is $199 and you own it outright.

Here are some samples:

Need a small web site?

Have you ever wanted to learn how to code a website from scratch? A good starting point might be to go through a W3Schools.com tutorial. Their homepage starts you with HTML. Currently the latest is HTML5. There are tutorials, references, and examples to get you started. Along with HTML, you should learn CSS (this stands for cascading style sheets) and is what gives webpages their style – color, fonts, and other design features.

The next recommendation is to learn JavaScript and jQuery. These are the basic essentials you need to make a nice looking website. Each page would be an individual and you would have to edit these pages themselves but it is a good starting point to get your feet wet.

This is fine for a simple site but you would need to go a lot further to make a dynamic site that uses a database. You might be better off calling a professional.

Last week to get your Windows 10 for free!

Well, it’s finally coming this week. After Friday, Windows 10 will cost you a mere $119.99 per machine. What you need to know is that you r should not use the Express settings. By skipping custom settings, you will be agreeing to data collection and tracking.

If you went ahead and did do express settings, you can change it. Go to Settings > Privacy > Speech, inking & typing. Click on the Stop Getting to Know Me button. You can actually go down the list under Privacy and turn off or on what you want.

Windows 10

Jody Crew