Im sorry, but this is excessive. edit: Moar FUD!

[blackangst1]

Yeah yeah yeah another Windows spies on me thread. But, the difference is someone took the time to actually document the details.

First, the link.

In summary:

In a Voat thread last week, a user by the name of CheesusCrust published his findings after running a network traffic analysis relating to the telemetry and surveillance features of Windows 10. The results were troubling, to say the least.

While setting up a fresh copy of Windows 10 Enterprise Edition on VirtualBox, the user went through and disabled all three pages of tracking options, one by one. He then left the computer running for eight hours overnight, and returned to find that Windows 10 had attempted to contact 51 Microsoft IP addresses 5,508 times.

After 30 hours, over 112 IP addresses had been contacted.

The user attempted the same experiment once again with a fresh install of Windows 10 as well as a third party tool called DisableWinTracking. He discovered that the name of the tool is slightly misleading, as Windows 10 had contacted 30 IP addresses 2,758 times in the same 30 hour time frame.

Original story HERE

Holy shit!

 

[TheELF]

Yeah yeah yeah another Windows spies on me thread. But, the difference is someone took the time to actually document the details.

Yeah cause it's 1999 and the PC only connects to the net for spying...
Was he logged in with a microsoft account?
Desktop settings get uploaded to the cloud now,just like chrome bookmarks,and I'm guessing they will be checked for synchronisation every now and then.
The same goes for the cloud drive if he logged in with an account that has files on there they were being downloaded.
Windows updates will check for updates and especially on a new installation there will be a lot of files downloaded also they now work with P2P technology,very handy for mobile devices and not only,still accounts for a lot of traffic.

And all of this is before mentioning the obvious, all the metro apps are updating the weather/news-headlines/game offers and so on.

 

[blackangst1]

Those are all very good points, Elf

 

[nerp]

More FUD.

 

[Ketchup]

I am going to look up some more just because, but the first one I looked up is 23.217.138.18. It is assigned to https://www.akamai.com/

Considering that 10 comes with OneDrive, seeing pings to a cloud services provider is not surprising at all. Especially if CheesusCrust was signed into his Microsoft account at the time.

What I would be interested to know if if this person did a similar test with Windows 8 or 7. I am guessing not.

 

[RampantAndroid]

Windows also pings a time server regularly. There are a TON of things, either built into Windows or otherwise that will hit the network. In the day and age where we've got Akamai you could end up hitting multiple IPs depending on load even.

I've said before and I'll say again: to do a proper investigation of this, you need to be installing Fiddler, installing its certificate and turning on HTTPS decryption. Fiddler is network witchcraft...and assuming that the data is being sent as text (and not binary or something) it'll be readable in Fiddler.

 

[MagnusTheBrewer]

This is 2016. Does anyone running ANY OS be it Linux or Bob or, BEOS think their internet usage and computing habits are anonymous?

 

[blackangst1]

I am going to look up some more just because, but the first one I looked up is 23.217.138.18. It is assigned to https://www.akamai.com/

Considering that 10 comes with OneDrive, seeing pings to a cloud services provider is not surprising at all. Especially if CheesusCrust was signed into his Microsoft account at the time.

What I would be interested to know if if this person did a similar test with Windows 8 or 7. I am guessing not.

I wondered the same thing so I asked on his thread

 

[SparkyJJO]

While I do not recall exact details I had run wireshark once on my old XP laptop when trying to diagnose a network problem, and even back then doing "nothing" still had a lot of IP pinging going on.

The important part is not that things are getting pinged or establishing connection, but rather what exactly that connection is for. Hopefully he can clarify, or dig deeper and find out more, otherwise the info isn't really all that useful.

 

[Red Squirrel]

Yeah I really don't like the idea of my computer connecting or interacting with that many outside servers. There's just no reason for it. This whole cloud movement is ridiculous especially in an age where our privacy is constantly being attacked by the government and corporations, we need to do more to protect our privacy instead of just giving it up. Worse is the general public eat up all this because of the coolness factor.

It's one of the reasons I run Linux now. Even with all the crap disabled in windows I still would not feel secure. Though I still like running a packet sniffer once in a while just to make sure there's nothing weird going on my network, and it's kinda interesting to see even local traffic.

 

[KeithP]

Well a Voat thread from CheesusCrust is definitive proof in my book. Even though he offers no information on any data that actually identified the user was transmitted, I am off Windows 10 for sure! 🙄

-KeithP

 

[Rhonda the Sly]

I have configured the DD-WRT router to drop and log all connection attempts via iptables through the DD-WRT router by Windows 10 Enterprise.

The thing about this is that if Windows (or almost any piece of software) doesn't connect on it's first attempt, it will try again at some interval. Note that, from Window's perspective, the PC probably appears to connected to a network but is timing out when sending requests (someone else may need to back me up on that). There's no telling how many of those requests were "duplicates," so to speak.

In the table before the comments it looks like most of the identified IPs are Windows Update and Search/Cortana updates (for whatever reason they update independently of the rest of Window and the App Store).

 

[Elixer]

Well a Voat thread from CheesusCrust is definitive proof in my book. Even though he offers no information on any data that actually identified the user was transmitted, I am off Windows 10 for sure! 🙄

-KeithP

Hey, it was posted on the internet, it must be true!

Let's take a look at what you can disable on Win 10 Enterprise edition:
https://technet.microsoft.com/en-us/library/mt577208(v=vs.85).aspx
Now, since they turned off the "3 pages", what does that bring to the table?

So, a simple look at the table will show us that you need to do more than what this person did.
Like...

When you enable the Don't search the web or display web results in Search Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.

and so on...

So, is this anything new? Nope.
Was this version of Windows configured correct to disable everything? Nope.
Should it be easier to stop everything? Yep.

 

[Ketchup]

I wondered the same thing so I asked on his thread

Good for you. I confess that I didn't make it past his original postings. And did my own Googling on the IP addresses he provided.

 

[BarkingGhostar]

Hey, it was posted on the internet, it must be true!

OK, funny man, you post a lot on the Internet ... :biggrin:

 

[TeknoBug]

Thing is, the Enterprise version shouldn't have that happen when you turn off all the tracking/privacy stuff.

You can add all those IPs to the HOSTS file in Windows\system32\ETC folder and all that traffic should stop.

 

[TeknoBug]

oops

 

[balloonshark]

I'm far from an expert but I always thought you were more secure when your computer is not connecting in/out or listening on ports all the time. All it takes is one vulnerability in whatever is connecting in/out and you could be in trouble. Nobody seems to talk about that fact though.

 

[quikah]

Thing is, the Enterprise version shouldn't have that happen when you turn off all the tracking/privacy stuff.

You can add all those IPs to the HOSTS file in Windows\system32\ETC folder and all that traffic should stop.

To turn off in Enterprise you need to use group policy. The "tester" just used the GUI.

The methodology and analysis is so bad it just makes me cringe. The fact that this has become a news story is sad and pathetic and just proves that most tech "journalists" don't know jack about technology.

I have no idea what he was thinking when he set his firewall to drop everything. A good 50%+ of the connections are probably just retries. There is a default set of tiles (news, weather, store, etc.) that poll for updates regularly, windows activation, etc. None of this stuff is spying.

Guess the "tester" finally figured out what an embarrassment his test was since he deleted his post/username on voat.

 

[Ketchup]

... Guess the "tester" finally figured out what an embarrassment his test was since he deleted his post/username on voat.

Classic!

 

[Executioner]

Microsoft’s telemetry U-turn?

LOL another Forbes article. Maybe MS got so much blow back from all of their telemetry, which they never came out and stated what was actually collected, according to this article in Forbes, they plan to make a change.

In short: Microsoft is taking action. It has decided to release updates “later this year” which will enable users to fully control all background telemetry and data tracking and, if desired, disable it completely. Microsoft also asked me to stress that disabling these background operations is something it would “strongly recommend against”.

So should we get out our party hats and cheer? Yes and no.

http://www.forbes.com/sites/gordonk...mpaign=yahootix&partner=yahootix#1312b6a39743

 

[SparkyJJO]

Hey, even though I think some people are blowing it way out of proportion, if they are listening enough to it to make changes based on it then cool. They didn't always used to listen that well or that quickly.

That said, I'm sure there are people who will never, ever be happy no matter what MS does or does not do.

 

[mpo]

I see the Voat post has been deleted by the user.

 

[Dude111]

Holy shit!

Yes which is why they are tryingh to FORCE everyone to WIn10 so they can be spied on also!! (Older OS's they dont have as much spying ability)

RESISTANCE IS THE ONLY WAY FORWARD!!!!!!!!!

 

[ViRGE]

There's a good article from Ed Bott, who analyzed the data before the user slunk off and deleted everything.

http://www.zdnet.com/article/when-it-comes-to-windows-10-privacy-dont-trust-amateur-analysts/

In short his heart was probably in the right place, but from a technical perspective he was woefully incompetent. Over 50% of the data is just attempted DNS queries, NetBIOS lookups, and IPv6 checks.