Regardless of your privacy settings, Windows 10 Creators Update phones home

[Batu69]

Another research done by an independent IT security analyst shows a number of privacy issues in Windows 10. Even after you have properly configured Windows 10 Creators Update using Group Policy in the Enterprise edition, the operating system may disregard these settings and continue to utilize your bandwidth and "phone home" to send data.

 

Many users use various tricks to turn off telemetry and data collection in Windows 10 which is sent back to Microsoft servers. Once these tweaks are applied, such users feel themselves relatively safe from being spied on. However, it has come to be known that even after you disable telemetry using the official settings, Windows 10 continues to connect to Microsoft's servers and sends plenty of data there. This new finding is something to worry about.

 

The research was performed by Mark Burnett.

Mark Burnett is a security consultant, author, and researcher who specializes in application security, authentication, and hardening Microsoft Windows-based servers and networks. Since 1999 he has worked in numerous areas of IT security, developing unique strategies and techniques for protecting critical assets. Mark is author and coauthor of a number of security books and publishes security articles for several web sites, newsletters, and magazines. Microsoft has three times recognized Mark’s contribution to the Windows community with the Windows Server – IIS Most Valued Professional (MVP) award and four times with the Windows Security MVP award.

Mark set up a virtual machine with the Enterprise edition of Windows 10 and tracked the operating system's traffic. According to him, there was no third-party software installed, the telemetry options were disabled, all built-in UWP apps were removed and no apps were running during the test.

 

His observations are as follows.

 

With IPv6 and Teredo tunneling disabled, Windows 10 is still connecting out to do IPv6 teredo tests.

 

 

Even with Smart Screen disabled, Windows 10 continues to connect to SmartScreen.

The same is true for Telemetry - regardless of the Group Policy state and Registry tweaks, it is still active and sends some data.

 

 

Even if you have not configured OneDrive Sync, there will be a lot of connections to its servers.

 

 

The same is true for error reporting. Even when the service is disabled, Windows 10 makes connections to the related servers.

 

 

Also, Windows 10 connects to KMS validation services regardless of the Group Policy configuration.

 

 

Finally, Windows 10 makes dozens of ad-related connections even in its Enterprise version.

 

 

 

Mark notes that he removed the Paint 3D app but it was silently reinstalled. The operating system even re-created a firewall rule to allow the app automatically!

 

 

So, even if you followed the official guide and configured the OS properly, you can't be sure that you control it.

It is not known which data exactly Windows 10 is sending to Microsoft's servers after everything mentioned above is disabled, but it is obviously expected that disabled areas should not produce traffic.

 

Mark is going to re-verify and repeat his results. Once this is done, he may share more interesting details about his findings.

Windows 10's Privacy related settings are just a ruse to throw unsuspecting users offguard so they think their privacy is being maintained.

 

Repeatedly, it has been demonstrated by various researchers that they are meaningless and do not fully prevent your PC from doing unwanted communications with numerous Microsoft and third party computers. Source: Mark Burnett.

 

Article source

 

 

[nIGHT]

Winsh1t is becoming more and more insecure due to the company's goal of having telemetry to spy on users.

It is only a matter of time when someone can use this telemetry (hack) to damage a lot of systems running Windsh1t 10 0S or even on older Winsh1t 0Ses.

[Karlston]

Frankly I'm not surprised and it again confirms what many have suspected, Windows 10 ignores privacy settings and leaks data like a sieve. Also, I'd suspect that Windows 7/8/8.1 is not much better since Microsoft's adding of snooping to those.

 

Seems the only (and best?)  way to stop it is at the domain level in the router firewall. Microsoft has a nasty unethical habit of reversing users' settings if they don't like the changes, and I wouldn't trust changes in the HOSTS file to have any effect.

 

I wonder if enterprises and government departments will be as keen on Windows 10 now.

[nIGHT]

Yeah, there are probably ways to stop it.

1. Using a domain blocking software like peerblock. I hope it will successfully block those Microsh1t IPs..

2. Router level (complement by @Karlston), this may have a high chance of success blocking telemetry but when we need to update the 0S then it is a hassle to reconfigure it again in the router config page.

3. Install Linux or other OS like ReactOS, as a replacement for Winsh1t.

4. Make a super attractive software and make it only available on other OS except Winsh1t. My most preferred method.

5.Wait til someone finds a way to successfully block these telemetrysh1ts.

 

[thunderpants]

What the hell is happening to Windows?

I've been testing various linux distros recently.

 

Windows 10 will be strictly for offline gaming for me in the future.

Atmo Win 7 is still ok for gaming.

[steven36]

12 hours ago, Karlston said:

Frankly I'm not surprised and it again confirms what many have suspected, Windows 10 ignores privacy settings and leaks data like a sieve. Also, I'd suspect that Windows 7/8/8.1 is not much better since Microsoft's adding of snooping to those.

Actuality Windows 8.1 does a lot of calling home as well too Microsoft  even with updates turned off and doing updates manually and only installing security patches  . I can post you  proof if you like . In order too block most of the crap out you need a good firewall and know what too block . Only thing Windows 8.1 has going for it is it's more stable and you don't need to upgrade too a new version every so often.

 

You can't expect Microsoft  to give you a  built in feature  to block it. Those days ended when Satya Narayana  took over. I'm a realist and as long i don't expect them too do any better ,I don't get my hopes up and I'm never let down. Like I told everyone before it was all smoke and mirrors when they said creators update had better privacy . As long as you  use windows what can you do if there  putting spying patches in security rollups  expect  for block it with a good firewall? This is why i stay on Linux  more than on windows  I don't really care if they turn it into  a full cloud platform . The way there headed I won't be using much longer no ways.

 

Only reason I  was interested in this test that it confirmed  what i was thanking all along there is no reason to pirate Enterprise if you have a legal version of windows as far as privacy is concerned.  I already done my own test on legal versions and know you have too block it with a firewall  or ether be happy getting spied on.  

[tao]

50 minutes ago, steven36 said:

Actuality Windows 8.1 does a lot of calling home as well too Microsoft  even with updates turned off and doing updates manually and only installing security patches...

Yup.

Those who fear concussions must not enter a football field. 

[steven36]

6 hours ago, nIGHT said:

Router level (complement by @Karlston), this may have a high chance of success blocking telemetry but when we need to update the 0S then it is a hassle to reconfigure it again in the router config page.

Router is overkill because like you say you cant block it through router  without breaking windows,  when i was running  windows 10 it was not very hard for me too block it using a ip sniffer and my 3rd party firewall  and i had it  fixed were i could easily allow it. The reason i stop using Windows 10 had nothing too do with privacy it had too do with  stability and them using the consumer for beta testing for business .

 

They send out a new version of Windows 10  every 6mths that's mostly only been tested  on newer hardware and were most insiders are techies  most all of them buy the latest hardware , Then when it's released they put it out in the wild then  the consumer has the headache of  testing it on old hardware  then 3 to 6 mths latter windows for business updates after most of  bugs are worked out. It's a viscous cycle that never ends . It's boring and repetitious unless you think broking you're system is fun 

 

So I just put the version of windows back in my PC  that came with it windows 8.1 and now i only have too worry with security updates once a month tell 2023. 

[DEFIANT]

@steven36

so what do i need to do to lock down windows 8.1? im currently reverted from windows 10 because i could not stop ms driver downloads from downloading. even with all the reg tweaks and group policy settings they would still download as soon as i turned on my internet. infuriating to say the least. any tips you could provide?

[DKT27]

That's some excellent and dedicated research done there.

 

The researcher seems to be in good terms with them, he should contact them and push his findings I think.

[steven36]

41 minutes ago, DEFIANT said:

@steven36

so what do i need to do to lock down windows 8.1? im currently reverted from windows 10 because i could not stop ms driver downloads from downloading. even with all the reg tweaks and group policy settings they would still download as soon as i turned on my internet. infuriating to say the least. any tips you could provide?

I don't know because I cant see what all you're tweaks have blocked and not blocked ...I use Windows 10 Firewall contrail  it has built in ip sniffer and it blocks most telemetry in Windows 8.1 out of the box but windows 10 is more complicated  but not very hard  you just simply change zones  to no updates.

[DEFIANT]

@steven36
Windows 10 Firewall contrail? whats this. i googled it but turned up nothing. im not too worried about win10 at the moment but id like to lock down 8.1. thanks for your time.

[steven36]

1 hour ago, DKT27 said:

That's some excellent and dedicated research done there.

 

The researcher seems to be in good terms with them, he should contact them and push his findings I think.

He do better if contacted the EU and EFF about it. The last time anyone posted there findings they got shunned off as  noobs  by journalist like Ed Bott  who is known too take gifts from Microsoft and the findings were about the same .  Even yesterday when reading Mark Burnett's twitter post some fanboys was questioning his testing and seem not too believe him. Its not like Windows spying on you is anything new . And only  Governments that threaten  to ban there products do they listen too because the only thing they understand is money.

 

Even being faced with being fined by the EU government  all they done was put the settings in the installer were you can set it too basic data collection while installing it but there is no way too turn all of it off  without blocking it with 3rd party tools and software. if you use a router you will break windows.

[DKT27]

32 minutes ago, steven36 said:

He do better if contacted the EU and EFF about it. The last time anyone posted there findings they got shunned off as  noobs  by journalist like Ed Bott  who is known too take gifts from Microsoft and the findings were about the same .  Even yesterday when reading Mark Burnett's twitter post some fanboys was questioning his testing and seem not too believe him. Its not like Windows spying on you is anything new . And only  Governments that threaten  to ban there products do they listen too because the only thing they understand is money.

 

Even being faced with being fined by the EU government  all they done was put the settings in the installer were you can set it too basic data collection while installing it but there is no way too turn all of it off  without blocking it with 3rd party tools and software. if you use a router you will break windows.

 

The first part is contacting the people in question, then follows the rest I think.

[steven36]

36 minutes ago, DKT27 said:

 

The first part is contacting the people in question, then follows the rest I think.

Microsoft has been in and out of court  for  42 years for everything from  being a monopoly to stealing and lost in court many times and they just pay there losses and lawyers when  they lose and pay there lawyers when they win and every year there in some kind of scandal .  And still they manged to get 1.5 billion users and  now they act like they don't even care  about them or there privacy. When you have billions of dollars you can do what ever you  want  be it if you're Microsoft , Apple , Google, Facebook etc.   

 

Mark Burnett made that post  on twitter about Windows 10  and  twitter sells you're data if he was really worried about  his privacy he would not be posting there with his real name.

 

Twitter puts trillions of tweets up for sale to data miners

https://www.theguardian.com/technology/2015/mar/18/twitter-puts-trillions-tweets-for-sale-data-miners

Microsoft is kind of new to the data mining game but these other companies  have been doing it  for years  and are not .. So don't you think that's sort of being a hypocrite ?

[Karlston]

10 hours ago, nIGHT said:

2. Router level (complement by @Karlston), this may have a high chance of success blocking telemetry but when we need to update the 0S then it is a hassle to reconfigure it again in the router config page

 

I've assumed, perhaps wrongly, that Micosoft's telemetry domains are different to their Windows update domains.

 

In any case, the Tomato firmware on my router allows a number of filter groups to be set up and individually enabled/disabled. So, even if there are shared telemetry/update domains, all these domains could be kept in a separate filter to be enabled/disabled as needed.

 

What's needed is a definitive list of telemetry domains for each Windows version. The ones I've seen in various places include ad servers, tracking servers, etc. Heck... one utility that uses the HOSTS file blocked the domain that Windows uses to check for a usable internet connection,msftncsi. Took me a few days to work out why the Windows Network icon said "No internet", yet it worked fine.