Jump to content

Search the Community

Showing results for tags 'telemetry'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 20 results

  1. I IN NO WAY TAKE ANY CREDIT FOR THIS IT WAS TAKEN FROM MDL FORUM AND SOME POSTS MY MEMBERS ON THIS FORUM! Manual: Tools: Microsoft Telemetry Tools Bundle v1.31 Windows 10 Lite v9 Private WinTen v0.1h Blackbird v6 v1.0.79.3 [Works with Win 7/8/8/1/10] O&O ShutUp10 v1.6.1403 WPD - Windows Privacy Dashboard v1.3.1323 WindowsSpyBlocker v4.25.0 Spybot Anti-Beacon v3.1 [Works with Win 7/8/8/1/10] W10Privacy v3.3.1.0 Destroy Windows Spying v1.0.1.0 [Works with Win 7/8/8/1/10] [NOT RECOMMENDED AS NOT UPDATED ANYMORE] Disable Windows 10 Tracking v3.2.1
  2. While many fled from GitHub to GitLab following Microsoft acquiring the code hosting service, GitLab has come under a bit of fire of its own with plans they had been working on around telemetry support that would begin tracking its users and potentially sharing the data with third-party firms. After announcing planned changes to their terms of service, following customer outrage they quickly stepped down on those plans. Below is an email GitLab sent out to their customers that was also then shared with Phoronix. Dear GitLab users and customers, On October 23, we sent an email entitled "Important Updates to our Terms of Service and Telemetry Services" announcing upcoming changes. Based on considerable feedback from our customers, users, and the broader community, we reversed course the next day and removed those changes before they went into effect. Further, GitLab will commit to not implementing telemetry in our products that sends usage data to a third-party product analytics service. This clearly struck a nerve with our community and I apologize for this mistake. So, what happened? In an effort to improve our user experience, we decided to implement user behavior tracking with both first and third-party technology. Clearly, our evaluation and communication processes for rolling out a change like this were lacking and we need to improve those processes. But that's not the main thing we did wrong. Our main mistake was that we did not live up to our own core value of collaboration by including our users, contributors, and customers in the strategy discussion and, for that, I am truly sorry. It shouldn't have surprised us that you have strong feelings about opt-in/opt-out decisions, first versus third-party tracking, data protection, security, deployment flexibility and many other topics, and we should have listened first. So, where do we go from here? The first step is a retrospective that is happening on October 29 to document what went wrong. We are reaching out to customers who expressed concerns and collecting feedback from users and the wider community. We will put together a new proposal for improving the user experience and share it for feedback. We made a mistake by not collaborating, so now we will take as much time as needed to make sure we get this right. You can be part of the collaboration by posting comments in this issue: https://gitlab.com/gitlab-com/www-gitlab-com/issues/5672. If you are a customer, you may also reach out to your GitLab representative if you have additional feedback. I am glad you hold GitLab to a higher standard. If we are going to be transparent and collaborative, we need to do it consistently and learn from our mistakes. Sincerely, Sid Sijbrandij Co-Founder and CEO GitLab So all is well for now and they have no stated plans for user behavior tracking / telemetry in their popular collaboration software built around Git. Source
  3. Microsoft surreptitiously adds telemetry functionality to July 2019 Win7 Security-only patch Unannounced, Microsoft has added telemetry functionality to the July 2019 Security-only Update for Windows 7 KB4507456. Alerted on Patch Tuesday by an anonymous poster: Warning for group B Windows 7 users! The “July 9, 2019—KB4507456 (Security-only update)” is NOT “security-only” update. It replaces infamous KB2952664 and contains telemetry. Some details can be found in file information for update 4507456 (keywords: “telemetry”, “diagtrack” and “appraiser”) and under http://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=7cdee6a8-6f30-423e-b02c-3453e14e3a6e (in “Package details”->”This update replaces the following updates” and there is KB2952664 listed). It doesn’t apply for IA-64-based systems, but applies both x64 and x86-based systems. Microsoft included the KB2952664 functionality (known as the “Compatibility Appraiser”) in the Security Quality Monthly Rollups for Windows 7 back in September 2018. The move was announced by Microsoft ahead of time. With the July 2019-07 Security Only Quality Update KB4507456, Microsoft has slipped this functionality into a security-only patch without any warning, thus adding the “Compatibility Appraiser” and its scheduled tasks (telemetry) to the update. The package details for KB4507456 say it replaces KB2952664 (among other updates). Come on Microsoft. This is not a security-only update. How do you justify this sneaky behavior? Where is the transparency now. Susan, we need your Pinocchio with a loooooong nose. Source: Microsoft surreptitiously adds telemetry functionality to July 2019 Win7 Security-only patch (AskWoody)
  4. Mozilla to run a Firefox Origin Telemetry experiment in development versions of Firefox Mozilla announced a push to improving privacy for all users of the Firefox web browser recently. The organization began to enable Tracking Protection functionality for all new installations with the release of Firefox 67.0.1 Stable, and plans to flip the switch for existing installations as well if settings were not modified by users already. The new default level blocks "some" trackers in private and regular browsing windows, and known tracking cookies. The previous setting blocked some known trackers in private windows only. The companies and individuals that operate these trackers and sites may react to the change, and Mozilla wants to be prepared for that. The organization plans to run an experiment in development versions of the Firefox web browser to detect workarounds by these organizations and individuals. Mozilla is aware of the sensitive nature of the data and decided that it would need a better way to analyze the data that would not potentially reveal sensitive information. Firefox Origin Telemetry Mozilla developed Firefox Origin Telemetry for that specific use case. The component is built on top of Prio, a "privacy-preserving data collection system developed by Stanford Professor Dan Boneh and PhD candidate Henry Corrigan-Gibbs". Mozilla wants to collect blocklist totals only. We will use Firefox Origin Telemetry to collect counts of the number of sites on which each blocklist rule was active, as well as counts of the number of sites on which the rules were inactive due to one of our compatibility exemptions. By monitoring these statistics over time, we can determine how trackers react to our new protections and discover abuse. Firefox Origin Telemetry needs to be validated before it could land in release versions of Firefox. Mozilla plans to run a test starting with Firefox 69 Nightly. Prio requires that data is collected by two independent parties and Mozilla plans to meet the requirement in release versions. For this initial test, however, Mozilla will run both data collection servers. The collected data falls within the organization's "data collection policies" for pre-release versions of the Firefox web browser. The test runs on 1% of the Firefox Nightly population as that is all that is required to validate the API. Firefox Nightly users who don't want to participate in the experiment may disable Firefox's ability to install and run studies, and to send technical and interaction data to Mozilla. Both options can be configured on the about:preferences#privacy under Firefox Data Collection and Use. Additional information is provided on Mozilla's Security blog. Closing Words Mozilla is open when it comes to the collecting of Telemetry data while companies like Google don't reveal much at all when it comes to that and the experiments that they run. The openness puts Mozilla in a difficult spot as it may be criticized for the decisions it makes; Google is not criticized nearly as much as it is usually tight-lipped in all those regards. Source: Mozilla to run a Firefox Origin Telemetry experiment in development versions of Firefox (gHacks - Martin Brinkmann)
  5. ADN

    W10Privacy 2.7.0.1

    W10Privacy can display common Windows 10 security settings that can be activated as well as deactivated within the program. It also allows importing and exporting of your changes. While there are a lot of Windows 10 privacy tools out there, many of them lack the detail this program has. Of course, this means that it might take you a bit longer to go through your choices. For those who don’t want to go into detail you can choose from 3 predefined settings. While the design is very simple, there are also 3 colors so that you can easily spot the these 3 settings: Green - Recommended - this is a conservative mode. Yellow - Conditionally recommended - probably the best bet but look over the choices. Red - Restricted - think of this as geek mode. Better know what you're doing. Must run as administrator. Also, other similar apps don’t always have a back or set a restore point making them a bit scary. This program however does offer a save, save as and load options so you can backup and import or export your settings anytime. W10Privacy has a built in update checker and a handful of user settings as well. Homepage Changelog Download
  6. Canonical's Will Cooke revealed in an email to the Ubuntu development list that the company plans to collect more diagnostic data from desktop. Many programs and operating systems collect diagnostic data. While the degree varies from program to program, it is fair to say that diagnostic data may provide developers with insights into issues and feature popularity. Canonical wants to collect data such as the Ubuntu version, hardware information and selected location during installation to "focus our engineering efforts on the things that matter most to our users". Cooke revealed what the data that Canonical plans to collect would include: Ubuntu Flavour Ubuntu Version Network connectivity or not CPU family RAM Disk(s) size Screen(s) resolution GPU vendor and model OEM Manufacturer Location (based on the location selection made by the user at install). No IP information would be gathered Installation duration (time taken) Auto login enabled or not Disk layout selected Third party software selected or not Download updates during install or not LivePatch enabled or not The company won't collect or store user IP addresses but wants to use Popcon and Apport. Popcon collects data on package use and Apport will be configured to send anonymous crash reports. All data is sent over HTTPS and aggregate information is made available publicly so that anyone may look them up. This would reveal the number of Ubuntu users on AMD or Intel hardware, or how many users select Germany or China as the location. Cooke notes that the data collecting will be opt-out, but that users can uncheck a box during installation or in the Gnome privacy settings to turn the collecting off. Any user can simply opt out by unchecking the box, which triggers one simple POST stating, “diagnostics=false”. There will be a corresponding checkbox in the Privacy panel of GNOME Settings to toggle the state of this. Closing Words Canonical, at least at this stage, does not want to collect as much data as Microsoft does on Windows 10. That's a good thing, and it is even better that the company plans to display an opt-out choice to users during installation and in the privacy settings. While some privacy advocates might have liked an opt-in choice better, giving users an option at all is something that is not self-evident anymore in this day and age. Ghacks.net
  7. Beginning with the April 2018 feature update, Microsoft will release a tool that allows Windows 10 users to inspect diagnostic data collected and sent to Microsoft's telemetry servers. Windows Insider Program members can test the app starting today. Earlier this week I noted a pair of mysterious (and inactive) links in the Privacy settings of recent preview releases of Windows 10, apparently offering the ability to view and delete telemetry data. Today, Microsoft officially confirmed that the next public release of Windows 10 will include a Windows Diagnostic Data Viewer utility. The app will allow anyone with an administrator account to inspect the telemetry data being collected from a device and sent to Microsoft through the Connected User Experience and Telemetry component, also known as the Universal Telemetry Client. Microsoft's enterprise customers have had this capability for some time, using a bare-bones tool available to IT professionals. The new viewer is considerably more polished and intended for use by nontechnical Windows 10 users. Members of the Windows Insider Program will have access to the Windows Diagnostic Data Viewer app in a new build scheduled to be delivered later today. Although the app will be delivered through the Microsoft Store, users won't be required to sign in with a Microsoft account to download and install it. In a blog post published today, Marisa Rogers, Privacy Officer in Microsoft's Windows and Devices Group, positioned the new tool as a way to be "fully transparent" about what data is collected from a device. I haven't been able to use the tool yet, but a pair of screenshots Microsoft released confirm that most of this data is intended to give Microsoft details about the type of hardware and apps in use by the 600 million-plus Windows 10 devices. Article
  8. A tool created to use some of the known methods of disabling tracking in Windows 10. How to Use You can either: A. Run the binary uploaded to the Release tab as an Administrator and select which options you'd like B. Install Python and the dependencies listed below and run the script from an elevated command prompt and select which options you'd like Silent Either can be run with the -silent argument as of v3.1. This will perform all available options of the version you're using. You still need to run it as administrator. Homepage Download Changelog :
  9. WindowsSpyBlocker is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems . The initial approach of this application is to capture and analyze network traffic based on a set of tools. It is open for everyone and if you want to contribute or need help, take a look at the Wiki To capture and analyze network traffic for the telemetry option, QEMU virtual machines are used on the server virtualization management platform Proxmox VE based on : Windows 10 Pro 64bits with automatic updates enabled. Windows 8.1 Pro 64bits with automatic updates enabled. Windows 7 SP1 Pro 64bits with automatic updates enabled. Homepage Download Changelog :
  10. The next feature update for Windows 10, Windows 10 version 1803, will feature new privacy settings and improvements that give users and administrators more control over data on the device. Windows 10 users and admins may change privacy-related settings in several ways on machines running Windows 10. They may change some privacy options under Settings > Privacy, make modifications using policies, or change Registry keys related to privacy. The privacy options in Settings controlled application access to data up until now almost exclusively. You could turn a feature, say access to the microphone or notifications, off completely, or allow access on an individual basis only. Microsoft started to improve the privacy settings in the Fall Creators Update. If you open the Location controls in that version of Windows 10, you will notice that disabling location will make it unavailable to apps, Windows, and services. The most recent Windows 10 Insider Build, version 17074, features three new entries under privacy in the Settings application. Windows 10 version 1803: privacy improvements You find the new entries Videos, Documents and Pictures there. All three allow you to block application access to the system folders but you may also notice that you may deny Windows access to these folders as well. The description reads: Allow access to the documents/videos/pictures library on this device. If you allow access, people using this device will be able to choose if their apps have documents/videos/pictures library access by using the settings on this page. Denying access blocks Windows and apps from accessing the documents/videos/pictures library. A click on the change button turns access on or off on the device. You may also turn off application access only by flipping the preferences switch under "allow apps" on the page. This prevents applications from accessing the library but not Windows. Last but not least, you may allow specific applications access but deny access to all other apps. What happens if you disable access for Windows? It is unclear at this point in time. I ran a quick test after disabling access to the pictures library but did not notice any issues. Using File Explorer, I could still browse the folder and apps. I fired up Paint 3D and could load images using drag and drop, and could also save files to the folder. Windows Defender scanned the folder as well. It is possible that the functionality is not fully implemented yet, or that the access restriction only applies to automated processes. Ghacks.net
  11. At Microsoft, we use Windows telemetry to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry gives users a voice in the operating system’s development. This guide describes the importance of Windows telemetry and how we protect that data. Additionally, it differentiates between telemetry and functional data. It also describes the telemetry levels that Windows supports. Of course, you can choose how much telemetry is shared with Microsoft, and this guide demonstrates how. To frame a discussion about telemetry, it is important to understand Microsoft’s privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at privacy.microsoft.com. These principles guided the implementation of the Windows telemetry system in the following ways: •Control. We offer customers control of the telemetry they share with us by providing easy-to-use management tools. •Transparency. We provide information about the telemetry that Windows and Windows Server collects so our customers can make informed decisions. •Security. We encrypt telemetry in transit from your device and protect that data at our secure data centers. •Strong legal protections. We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right. •No content-based targeting. We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows telemetry system. Customer content inadvertently collected is kept confidential and not used for user targeting. •Benefits to you. We collect Windows telemetry to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all of our customers. This article applies to Windows and Windows Server telemetry only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, telemetry controls, and so on. This article describes the types of telemetry we may gather, the ways you might manage it in your organization, and some examples of how telemetry can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers. Use this article to make informed decisions about how you might configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For the purpose of this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services. We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting [email protected] Overview In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM. For Windows 10, we invite IT pros to join the Windows Insider Program to give us feedback on what we can do to make Windows work better for your organization. Understanding Windows telemetry Windows as a Service is a fundamental change in how Microsoft plans, builds, and delivers the operating system. Historically, we released a major Windows version every few years. The effort required to deploy large and infrequent Windows versions was substantial. That effort included updating the infrastructure to support the upgrade. Windows as a Service accelerates the cadence to provide rich updates more frequently, and these updates require substantially less effort to roll out than earlier versions of Windows. Since it provides more value to organizations in a shorter timeframe, delivering Windows as a Service is a top priority for us. The release cadence of Windows may be fast, so feedback is critical to its success. We rely on telemetry at each stage of the process to inform our decisions and prioritize our efforts. What is Windows telemetry? Windows telemetry is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways: •Keep Windows up to date •Keep Windows secure, reliable, and performant •Improve Windows – through the aggregate analysis of the use of Windows •Personalize Windows engagement surfaces Here are some specific examples of Windows telemetry data: •Type of hardware being used •Applications installed and usage details •Reliability information on device drivers What is NOT telemetry? Telemetry can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not telemetry. For example, exchanging a user’s location for local weather or news is not an example of telemetry—it is functional data that the app or service requires to satisfy the user’s request. There are subtle differences between telemetry and functional data. Windows collects and sends telemetry in the background automatically. You can control how much information is gathered by setting the telemetry level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data. If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see Manage connections from Windows operating system components to Microsoft services. The following are specific examples of functional data: •Current location for weather •Bing searches •Wallpaper and desktop settings synced across multiple devices Much More Information Here - Too Long To Post All
  12. A firmware update to the Netgear R7000 router adds a new feature that will concern privacy advocates. The update allows Netgear to start "collecting analytics data" and the release notes warn that: "NOTE: It is strongly recommended that after the firmware is updated to this version, you log back in to the router's web GUI and configure the settings for this feature." Netgear says that the data collection is to help it "isolate and debug technical issues" and does not -- according to the company -- include details such as the websites that are visited, but it will still be a cause of concern for many people. It's hard not to draw parallels with Windows 10 which has managed to upset many users with its telemetry settings. The data that's being collected by Netgear is what many people would consider to be personal information, but the company makes no apologies for the firmware update. It is possible to disable the telemetry, but it remains to be seen how many people are aware of how this can be done -- or, indeed, how many know that the new settings exist. An article on the Netgear support website gives an idea of the sort of information that might be collected in this way: Technical data about the functioning and use of our routers and their WiFi network can help us to more quickly isolate and debug general technical issues, improve router features and functionality, and improve the performance and usability of our routers. Such data may include information regarding the router's running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network. Source: Privacy warning: Netgear routers copy Windows 10 and start 'collecting analytics data' (BetaNews)
  13. Microsoft is refining its telemetry to better determine when your Windows PC can be automatically upgraded Credit: Pixabay Microsoft is slowly rolling out Windows 10 Creators Update, but has switched into high gear with changes to the telemetry system that helps it detect when a PC is ready to be upgraded. The branding of those recent patches, however, is confusing to many Windows customers. On April 24, Microsoft issued a new version—the 10th revision in the past year—of the KB 3150513 snooping patch for computers running Windows 7, 8, 8.1, and Windows 10 builds 1511 and 1607. Billed as the “latest compatibility definition update for Windows,” KB 3150513’s description says: This update provides the latest set of definitions for compatibility diagnostics that are performed on the system. The updated definitions will help enable Microsoft and its partners to ensure compatibility for all customers who want to install the latest Windows operating system. Installing this update also makes sure that the latest Windows operating system version is correctly offered through Windows Update, based on compatibility results. On May 1, Microsoft re-issued the snooper patch, but only for Win10 Anniversary Update version 1607 systems and with new names: 2017-05 Update for Windows 10 Version 1607 for x86-based Systems (KB 3150513) 2017-05 Update for Windows 10 Version 1607 for x64-based Systems (KB 3150513) Several people on the AskWoody Lounge have remarked that the new names ensure that the patches will bubble up to the top of any sorted list of installed updates. (Also note that 32-bit Windows patches are rarely identifed as “x86,” which makes these names rather odd.) Blogger Günter Born took apart the May 1 version of KB 3150513 and discovered that it included scanning files dated April 27. Now it seems the patch has been updated again—the second reissue this month—only for version 1607. Blogger EyesOnWindows, on the Lounge, rifled through his Windows Update log and confirmed that the latest version of the telemetry patch was installed on May 5. According to the release data in the KB article, the scanning files were last updated on May 3. Bottom line: If you’re running Windows 10 Anniversary Update and haven’t blocked updating, you’ll likely see one entry in your Update history for “Update for Windows 10 Version 1607 for x64-based Systems (KB3150513),” and two entries for “2017-05 Update for Windows 10 Version 1607 for x64-based Systems (KB3150513).” Although the names may confuse, Microsoft is refining its telemetry to better determine when your PC running version 1607 Anniversary Update should be automatically upgraded to version 1703 of the Creators Update. Of course, if you block the automatic upgrade to 1703, you’ll be able to control for yourself when your computer upgrades. Discussion continues on the AskWoody Lounge. Source: Microsoft has reissued KB 3150513 snooping patch twice this month (InfoWorld - Woody Leonhard)
  14. One of the complaints about Windows 10 ever since the operating system's introduction was that it was not really clear what date Microsoft's Telemetry and data collection services collected, and transferred to the company. Linked to that was the missing option to turn the collecting off for good -- this is reserved to LTSB Enterprise versions. The only built-in option that users had until now was to set the collecting to basic. Several privacy tools for Windows 10 come with options to block Microsoft Telemetry servers so that communication won't take place anymore. Microsoft announced in early 2017 that it would change privacy options in the Windows 10 Creators Update version. One of those changes was a reduction of Telemetry levels from three, to just Basic and Full. You can switch between the two diagnostic levels by opening the Settings application (Windows-I), navigating to Privacy > Feedback & Diagnostics, and selecting the other option -- Full or Basic -- on the page. Windows 10 Full and Basic Telemetry The Feedback & Diagnostics page of the Settings application reveals little information on what is being collected. Microsoft did publish two articles recently that offer information in great detail on what it collects in basic and full Telemetry modes. The listings are a hard read, and the basic listing is especially difficult to go through as it is highly technical in nature. The full listing is a bit better, as it is less technical. Basic Telemetry on Windows 10 If you go through the basic telemetry listing on the Technet site -- linked above -- you will find listed the following information among many, many other entries: Operating system name and version, locale. Date and time. Locally defined, unique ID for device, and device class (e.g. Server or Desktop). Various unique user, machine and application identifiers. Various information about the system, both in hash form and strings, e.g. OEM manufacturer information, device name, TMP version, active microphones, firmware, networking information, license state, license key, processor, speech settings, storage, display, and more. (see Census listings there). Full Telemetry on Windows 10 The full Telemetry listing includes information on the basic level, as it is included, and information on data that is only collected if full is enabled. The format is better, as it is less technical in nature. Header information: OS name, version, build and locale, User ID, Xbox UserID, Environment (e.g. application ID), diagnostic event name, HTTP header information, device ID (unique), device class, event collection time, diagnostic level. Device, Connectivity, and configuration data: Device properties: OS, installation type, processor, memory, storage, firmware and battery information, OEM details, hardware chassis type, color and form factor, virtual machine. Device capabilities: information about camera, touch and process capabilities, TPM, virtualization hardware, voice, number of displays, DPI and resolution, wireless capabilities, OEM information, advanced camera capture mode. Device preferences: User settings, user-provided decice name, domain or cloud joined, domain name hash, MDM settings, Bitlocker, Secure Boot and encryption settings, Windows Update, default app and browser choices, default language settings, app store update settings, Enterprise and commercial ID. Device peripherals: information on connected peripherals including names, models, manufacturers, drivers. Device network info: Networking information including available SSIDs and BSSIDs, connectivity status, proxy, DHCP and other details, IP address type, hashed IP address, data transfer rates, IMEI or MCCO, and more. Product and Service usage: App usage: Usage statistics, content searches within app, reading activity, user navigation and interaction with app and Windows features, time of and count of app and compoinent launches, duration, user interaction methods and duration. App or product state: Start menu and taskbar pins, app launch state, personalization impressions delivered, user interaction with UI controls or hotspots, User feedback, caret location or position within documents and media files. Login properties: Login success, failure, sessions and state. Product and Service data: Device health and crash data: information about device and software health including crash and hang dumps, system settings, error codes and messages, user generated files, details about abnormal shutdowns, hangs or crashes, crash failure data. Device performance and reliability data: performance information, including user interface interaction duration, on/off performance, user input responsiveness, disk footprint, power and battery live, service responsiveness. Software Setup and Inventory data: Installed applications and install history: Names, IDs, package family names, publisher, type of software, install date, method, install directory, installation type, more. Device update information: Update readiness analysis, number of applicable updates, downlad size and source, Windows Update machine ID, Update Server and service URL, and more. Content Consumption data: Movies: Technical video information, e.g. height or width, encoding, stream instructions, if there is an error, URL for a specific two second chunk of content. Music & TV: Service URL for song being downloaded, content type, local media library collection statistics, region mismatch. Reading: App accessing content and status, and options used to open a Windows Store Book, language of book, time spent reading, content type and size. Photos App: File source data, image & video resolution. Browsing, Search and Query data: Microsoft browser data: Text typed in address bar and search box, selected for Ask Cortana Search, browser ID, URLs, page title, auto-completed text, service response time. On-device file query: kind of query, number of items requested and retrieved, file extension of search result user interacted with, launched item kind, name of process, hash of search scope, state of indices. Inking Typing and Speech Utterance data: Voice, inking and typing: Type of pen used, pen gestures, palm touch coordinates, input latency, ink strokes written, text of speech recognition results, APP ID, language information. Licensing and Purchase data: Purchase history: Product and Edition ID, product URI, offer details, date and time, purchase quantity and price, payment type. DRM and license rights details, license type, usage session. Article source Other source: This Is the Data Microsoft Collects from Your Windows 10 PC
  15. Windows telemetry is getting a lot more transparent. Mike Mozart Microsoft has published the full range of data that Windows 10 version 1703, the Creators Update, will collect in its default "basic" telemetry setting. The company has also provided details on the kinds of information that can be captured in the optional "full" telemetry setting. Since it was first released there has been widespread concern about Windows 10's data collection, as the operating system collects various kinds of data and sends it back to Microsoft. The company says it uses this information to determine how well systems are running and get a heads up on problems that users are facing. Telemetry isn't new to Windows, but prior to Windows 10 it was always opt-in, through schemes such as the Customer Experience Improvement Program and Windows Error Reporting. If you didn't want to send anything, you could turn it all off. In Windows 10, however, that changed: while the Windows 10 Enterprise version, available to software assurance subscribers, enabled customers to disable telemetry, the regular consumer editions (Windows 10 Home and Windows 10 Pro) did not. At release, there were three options (Basic, Enhanced, Full); as of the Creators Update there are only two (Basic and Full). Basic is the default setting, though members of the Windows 10 Insider Program have their systems set to Full. This mandate, combined with the lack of documentation—Microsoft has never said precisely what the various options mean—has provoked many complaints from privacy-conscious Windows users. The Creators Update represents Microsoft's first real reaction to the outcry. The operating system itself is more explicit about obtaining consent for privacy settings. The out-of-box experience shown during installation has a new settings screen for privacy options, and existing Windows 10 users will be asked to choose their privacy settings during the process of upgrading to the Creators Update. Microsoft has also extended the documentation within the product and online to be clearer and more explicit about what each privacy option controls and what the consequences are of turning the options on and off. But it's publishing the full set of data points that the Basic setting can collect that's the biggest change. Making this available should go some way towards alleviating fears about how invasive the OS is. There isn't a full list of Full telemetry mode data, however; while the company is offering documentation of the kinds of data it can collect, it isn't doing so in the same exhaustive way as it is for the Basic setting. The company is also not offering documentation for older Windows 10 versions nor for the data collection in Windows 7 or Windows 8.1. Enlarge / The privacy settings that people upgrading to the Creators Update will see. Microsoft Marisa Rogers, the "privacy officer" of the Windows and Devices Group, told us that the telemetry data is genuinely useful to making Windows better. As an example the company offered us, there was a problem with the Windows Alarm app. The Alarm app can have more complicated interactions than one might think, due to its interactions with system sleep (it can wake a machine up if necessary) and the notification framework. Some Windows users reported that their alarms weren't consistently going off. As is often the case with annoying bugs, the problem was intermittent, appearing to occur randomly and hence difficult to reproduce for debugging. With information collected at the Full level from a broad range of affected machines, the company's developers were able to ascertain the precise combination of factors leading to problems, and discovered that alarms became more unreliable as they grew older. The bug was fixed, and a patch was deployed. Another problem the company described to us was that certain combinations of audio drivers and audio hardware were resulting in audio that was broken or missing certain special effects. The telemetry data enabled the exact pairings of drivers and hardware that had issues to be pinpointed, enabling a fix to be developed. Microsoft has also been open about how it uses this kind of information to stagger rollouts of major Windows updates. The Creators Update, like the major updates before it, will initially be offered only to configurations that Microsoft has high confidence in; OEM systems that have been explicitly tested are one example. As Microsoft's tracking registers more successful installations—more pieces of third-party software working correctly, more drivers and hardware functioning properly—Windows Update will offer the update to a wider range of PC configurations. After a few weeks, the floodgates will be opened and it will be offered to every system aside from those with known, specific incompatibilities. These phased deployments depend on telemetry data. These practical experiences have also shown Microsoft that some data isn't useful. Accordingly, Rogers said that in the Creators Update this information is no longer being collected, and the total volume of data has dropped by about half. The final alteration being made for the Creators Update is an greater control over the voice data that Cortana collects. The online privacy dashboard will soon include a new section to review and delete any voice data that Microsoft holds. These improvements are unlikely to appease that minority of users that regard the mandatory telemetry as an unacceptable intrusion, but greater clarity about what data gets collected is nonetheless a step forward. Source: Microsoft opens up on Windows telemetry, tells us most of what data it collects (ars TECHNICA - Peter Bright)
  16. Karlston

    What we know about KB 3150513

    On March 15, the Thursday after Patch Tuesday, Microsoft re-re-released KB 3150513. It’s innocuously titled “Latest compatibility definition update for Windows,” but it’s raised a lot of suspicion for those of us who prefer our Windows snooping overt, not covert. Microsoft’s description: This update provides the latest set of definitions for compatibility diagnostics that are performed on the system. The updated definitions will help enable Microsoft and its partners to ensure compatibility for all customers who want to install the latest Windows operating system. Installing this update also makes sure that the latest Windows operating system version is correctly offered through Windows Update, based on compatibility results. Which is enough to get my tinfoil hat twitching. We had a similar not-quite-documented appearance of KB 3150513 back in September. Here’s what we know for sure: The update includes files called Appraiser.sdb and Appraiser_telemetryrunlist.xml. It was offered on just about every version of Windows you can name. The KB article lists prerequisites, but there are versions for Win10 1607, 1511, Windows 8 (!) and 8.1, and Win 7 RTM (!) and SP1. In addition @ch100 documents that a version is also available for Windows Server 2016, for the first time. When it appeared in September, poster K hid it, but it re-appeared two additional times. At the time, I documented that it appeared twice, with two different dates, May 4 and May 11, 2016. In September, @abbodi86 viewed it as a precursor to upgrading to the Win10 Anniversary Update (released July 2016): it’s an update for the system’s compatibility database, which is related the famous schedule task “Microsoft Compatibility Appraiser”. This diagnostics is required to see if the current machine is applicable for RS1 upgrade through WU. Yes, it may involves sending “telemetry” feedback but isn’t whole Windows 10 is already telemetry-connected? With regard to the March 15 release, @PKCano says: This is being offered on all versions of Windows. It is a compatibility definition update. A new release for Win10, but Win7 and Win8.1 are seeing the earlier version appear if they installed KB2952664 (Win7) or KB2976978 (Win8.1) with the recent updates. The latter are prerequisites. It is also showing up in Win10. And @abbodi86 says Appraiser KB2952664 and Telemetry DiagTrack are built-in Windows 10 since RTM. Both KB2952664/KB3150513 are only needed for upgrade they have nothing useful for current Windows 7 (well, except providing MSFT with Appraiser statistics) And @ch100: Other versions were released in the past for Windows 10 1511. To me, without having the full details, it indicates that the functionality from KB2952664 in Windows 7 is built-in at least in Windows 10 1511 and 1607. Otherwise we wouldn’t see KB3150513 being on offer for those versions of Windows 10. There was no KB3150513 release for Windows 10 1507. Does anybody else have some definitive information on this beast? Is there any reason at all to install it, unless you plan on upgrading to the Win10 Creators Update version as soon as it’s available (which is an incredibly poor choice, but more about that later)? Source: What we know about KB 3150513 (AskWoody.com) What we know about KB 3150513 (AskWoody Lounge)
  17. Microsoft Re-Releases Snooping Patches KB 2952664, KB 2976978 Earlier versions of the Win7 and 8.1 patches kicked off enhanced snooping routines, and there's no indication what's changed in these versions We don't know what KB 2952664 (for Windows 7) and KB 2976978 (for Windows 8.1) actually do. But both patches have been shown in the past to trigger a new Windows task called DoScheduledTelemetryRun. The patches appeared in the Automatic Update chute earlier todayas Optional, so they won't be installed unless you specifically check and install them. But in the past, the Optional versions have been converted rapidly to Recommended, and thus installed on most machines. The last release of KB 2952664 went from Optional to Recommend in a week. Microsoft's descriptions of the patches are quite bland: GWX, of course, is Microsoft's malware-like "Get Windows 10" campaign that plagued Windows 7 and 8.1 users last year. I last wrote about the patches on Oct. 5, 2016: The revision dates on the KB articles don't instill any confidence. When I wrote about KB 2952664 last October, I noted that the KB article was up to revision 25, dated Oct. 4, 2016. The current KB article, dated Feb. 9, 2017, is at revision 11. I have no idea what's up. Why is Microsoft releasing this CEIP diagnostic program on a Thursday? Why isn't it being held for next Tuesday's Monthly Rollup? Why does it fall outside the announced schedule of Security Only and Monthly Rollup patches? Why did the revision numbers change? But I do know that earlier versions of these patches triggered new snooping scans, whether the Customer Experience Improvement Program is enabled or not. And I do know that Microsoft hasn't documented much at all. Discussion continues on the AskWoody Lounge. AskWoody Lounge - Comments Source Alternate Source: Windows KB2652664 And KB2976978 Telemetry Updates Re-Released (Again)
  18. Broken down, this works out to 3967 connection attempts to 51 different Microsoft IP addresses. You can see full tabulated results on Voat. With Microsoft facing unprecedented levels of criticism for its lack of transparency over spying components, these findings will serve only to add fuel to the fire. The fact that it was the Enterprise edition of Windows 10 that was used for testing is likely to raise further questions. http://betanews.com/2016/02/06/windows-10-phones-home-a-lot-even-with-all-reporting-and-telemetry-disabled/ Windows 10 telemetry network traffic analysis, part 1 Curious about the various telemetry and personal information being collected by Windows 10, one user installed Windows 10 Enterprise and disabled all of the telemetry and reporting options. Then he configured his router to log all the connections that happened anyway. Even after opting out wherever possible, his firewall captured Windows making around 4,000 connection attempts to 93 different IP addresses during an 8 hour period, with most of those IPs controlled by Microsoft. Even the enterprise version of Windows 10 is checking in with Redmond when you tell it not to — and it's doing so frequently. Like many of you, I am concerned about the telemetry, spying and other surveillance features, known or unknown, of Windows 10. It has concerned me enough to push me to Linux Mint as my main operating system. Even so, I wanted to better understand Windows 10, but internet search results for a decent windows 10 traffic analysis leave a lot to be desired. As such, I decided to do my own investigating on what, exactly, Windows 10 is doing traffic-wise, and post the results. For this analysis, I wanted to simply analyse the network traffic of Windows 10 on a clean install, and just let it sit and run without using it. What I have done for this analysis: I have installed DD-WRT on a router connected to the internet and configured remote logging to the Linux Mint laptop in #2. I have installed Linux Mint on a laptop, and setup rsyslog to accept remote logging from the DD-WRT router. I have installed Virtualbox on the Linux Mint laptop, and installed Windows 10 EnterprisePNG on Virtualbox. I have chosen the customized installation option where I disabled three pages of tracking options. I have configured the DD-WRT router to drop and log all connection attempts via iptables through the DD-WRT router by Windows 10 Enterprise. Aside from installing Windows 10 Enterprise, and verifying the internet connection through ipconfig and ping yahoo.com, I have not used the Windows 10 installation at all (the basis for the first part of this analysis) Let Windows 10 Enterprise run overnight for about 8 hours (while I slept). I use perl to parse the data out of syslog files and insert said data into a Mysql database. I use perl to obtain route data from whois.radb.net, as well as nslookup PTR data, and insert that into the Mysql database. Lastly, I query and format the data for analyzing. Here is the roughly 8-hour network traffic analysis of 5508 connection attempts of an unused, base install of Windows 10 Enterprise (NOTE: I did not remove any 192.168.1.x home network IP addresses from the analysis): individual connection attempts by IP address,port, and protocol: select distinct(ip_address),port,protocol,count(ip_address) as attempts from rejected_connections group by ip_address order by attempts desc; ip_address port protocol attempts 94.245.121.253 3544 UDP 1619 65.55.44.108 443 TCP 764 192.168.1.1 53 UDP 630 192.168.1.255 137 UDP 602 65.52.108.92 443 TCP 271 64.4.54.254 443 TCP 242 65.55.252.43 443 TCP 189 65.52.108.29 443 TCP 158 207.46.101.29 80 TCP 107 207.46.7.252 80 TCP 96 64.4.54.253 443 TCP 83 204.79.197.200 443 TCP 63 23.74.8.99 80 TCP 45 23.74.8.80 80 TCP 45 65.52.108.103 443 TCP 29 134.170.165.251 443 TCP 27 23.67.60.73 80 TCP 21 65.52.108.27 80 TCP 21 157.56.96.58 443 TCP 19 134.170.51.247 443 TCP 18 23.67.60.97 80 TCP 18 134.170.165.253 443 TCP 18 65.55.138.126 443 TCP 18 131.253.40.53 443 TCP 16 134.170.58.118 443 TCP 15 131.253.61.100 80 TCP 14 104.73.92.149 80 TCP 14 157.56.96.123 443 TCP 14 157.56.77.139 443 TCP 13 65.55.138.111 443 TCP 12 40.117.145.132 443 TCP 12 131.253.40.59 80 TCP 12 23.210.63.75 80 TCP 12 65.55.113.13 80 TCP 11 134.170.51.246 443 TCP 9 134.170.58.190 443 TCP 9 191.232.80.58 443 TCP 9 207.46.114.58 443 TCP 9 23.193.225.197 80 TCP 9 134.170.115.62 443 TCP 9 104.73.160.51 80 TCP 9 104.73.160.16 80 TCP 9 23.210.5.16 80 TCP 8 157.56.77.138 443 TCP 8 131.253.61.84 80 TCP 8 23.217.138.11 80 TCP 8 23.193.230.88 443 TCP 7 198.41.214.183 80 TCP 6 13.107.3.128 443 TCP 6 198.41.215.186 80 TCP 6 198.41.214.186 80 TCP 6 198.41.214.184 80 TCP 6 104.73.143.160 443 TCP 6 157.55.240.220 443 TCP 6 198.41.215.185 80 TCP 6 72.21.81.200 80 TCP 6 23.193.251.132 80 TCP 6 23.193.236.70 443 TCP 5 72.21.91.8 80 TCP 5 23.217.138.25 80 TCP 4 131.253.61.96 443 TCP 4 131.253.61.82 443 TCP 3 23.102.17.214 443 TCP 3 23.101.156.198 443 TCP 3 23.74.9.198 80 TCP 3 104.73.153.9 443 TCP 3 23.74.9.217 80 TCP 3 23.9.123.27 80 TCP 3 94.245.121.254 3544 UDP 3 23.101.187.68 123 UDP 3 104.91.188.21 80 TCP 3 131.253.61.66 443 TCP 3 23.217.138.122 80 TCP 3 23.101.115.193 443 TCP 3 198.41.215.182 80 TCP 3 198.41.214.187 80 TCP 3 23.210.48.42 443 TCP 3 104.208.28.54 443 TCP 3 23.217.138.18 80 TCP 2 23.193.238.90 443 TCP 2 23.217.138.90 80 TCP 2 23.217.138.43 80 TCP 1 23.67.60.65 80 TCP 1 65.52.236.160 443 TCP 1 157.56.144.215 3544 UDP 1 23.96.212.225 443 TCP 1 157.56.144.216 3544 UDP 1 65.52.108.252 443 TCP 1 65.52.108.94 443 TCP 1 134.170.179.87 443 TCP 1 104.73.138.217 443 TCP 1 104.91.166.82 80 TCP 1 104.73.160.58 80 TCP 1 137.116.74.190 80 TCP 1 23.217.138.97 80 TCP 1 Extended data for each distinct connection attempt: select distinct(t1.ip_address),nslookup,port,protocol,connection_attempts,route,origin,description from (select distinct(ip_address) as ip_address,port,protocol,count(ip_address) as connection_attempts from rejected_connections group by ip_address order by connection_attempts desc ) as t1 join (select distinct(ip_address) as ip_address,nslookup,route,origin,description from routing_data group by ip_address) as t2 where t1.ip_address=t2.ip_address order by connection_attempts desc; ip_address nslookup port protocol connection_attempts route origin description 94.245.121.253 3544 UDP 1619 94.245.64.0/18 AS8075 MICROSOFT 65.55.44.108 443 TCP 764 65.52.0.0/14 AS8075 MICROSOFT 65.52.108.92 msnbot-65-52-108-92.search.msn.com 443 TCP 271 65.52.0.0/14 AS8075 MICROSOFT 64.4.54.254 443 TCP 242 64.4.0.0/18 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 65.55.252.43 msnbot-65-55-252-43.search.msn.com 443 TCP 189 65.52.0.0/14 AS8075 MICROSOFT 65.52.108.29 msnbot-65-52-108-29.search.msn.com 443 TCP 158 65.52.0.0/14 AS8075 MICROSOFT 207.46.101.29 80 TCP 107 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 207.46.7.252 80 TCP 96 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 64.4.54.253 443 TCP 83 64.4.0.0/18 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 204.79.197.200 a-0001.a-msedge.net 443 TCP 63 204.79.197.0/24 AS8151 Microsoft Corporation 23.74.8.99 a23-74-8-99.deploy.static.akamaitechnologies.com 80 TCP 45 23.74.8.0/23 AS20940 Akamai Technologies 23.74.8.80 a23-74-8-80.deploy.static.akamaitechnologies.com 80 TCP 45 23.74.8.0/23 AS20940 Akamai Technologies 65.52.108.103 443 TCP 29 65.52.0.0/14 AS8075 MICROSOFT 134.170.165.251 443 TCP 27 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.67.60.73 a23-67-60-73.deploy.static.akamaitechnologies.com 80 TCP 21 23.67.60.0/24 AS7922 Comcast Cable Communications, Inc. 65.52.108.27 msnbot-65-52-108-27.search.msn.com 80 TCP 21 65.52.0.0/14 AS8075 MICROSOFT 157.56.96.58 443 TCP 19 157.56.0.0/16 AS8075 MICROSOFT 134.170.51.247 443 TCP 18 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.67.60.97 a23-67-60-97.deploy.static.akamaitechnologies.com 80 TCP 18 23.67.60.0/24 AS7922 Comcast Cable Communications, Inc. 134.170.165.253 443 TCP 18 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 65.55.138.126 443 TCP 18 65.52.0.0/14 AS8075 MICROSOFT 131.253.40.53 443 TCP 16 131.253.32.0/20 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 134.170.58.118 443 TCP 15 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 131.253.61.100 80 TCP 14 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 104.73.92.149 a104-73-92-149.deploy.static.akamaitechnologies.com 80 TCP 14 104.64.0.0/10 AS31377 Akamai Technologies 157.56.96.123 443 TCP 14 157.56.0.0/16 AS8075 MICROSOFT 157.56.77.139 443 TCP 13 157.56.0.0/16 AS8075 MICROSOFT 65.55.138.111 443 TCP 12 65.52.0.0/14 AS8075 MICROSOFT 40.117.145.132 443 TCP 12 40.64.0.0/10 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 131.253.40.59 80 TCP 12 131.253.32.0/20 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.210.63.75 a23-210-63-75.deploy.static.akamaitechnologies.com 80 TCP 12 23.210.48.0/20 AS16625 Akamai Technologies 65.55.113.13 80 TCP 11 65.52.0.0/14 AS8075 MICROSOFT 134.170.51.246 443 TCP 9 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 134.170.58.190 443 TCP 9 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 191.232.80.58 443 TCP 9 191.232.0.0/13 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 207.46.114.58 443 TCP 9 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.193.225.197 a23-193-225-197.deploy.static.akamaitechnologies.com 80 TCP 9 23.193.224.0/20 AS20940 Akamai Technologies 134.170.115.62 443 TCP 9 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 104.73.160.51 a104-73-160-51.deploy.static.akamaitechnologies.com 80 TCP 9 104.64.0.0/10 AS31377 Akamai Technologies 104.73.160.16 a104-73-160-16.deploy.static.akamaitechnologies.com 80 TCP 9 104.64.0.0/10 AS31377 Akamai Technologies 23.210.5.16 a23-210-5-16.deploy.static.akamaitechnologies.com 80 TCP 8 23.208.0.0/14 AS31377 Akamai Technologies 157.56.77.138 443 TCP 8 157.56.0.0/16 AS8075 MICROSOFT 131.253.61.84 80 TCP 8 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.11 a23-217-138-11.deploy.static.akamaitechnologies.com 80 TCP 8 23.217.138.0/24 AS7922 Akamai Technologies 23.193.230.88 a23-193-230-88.deploy.static.akamaitechnologies.com 443 TCP 7 23.193.224.0/20 AS20940 Akamai Technologies 198.41.214.183 80 TCP 6 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 13.107.3.128 443 TCP 6 13.104.0.0/14 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 198.41.215.186 80 TCP 6 198.41.215.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 198.41.214.186 80 TCP 6 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 198.41.214.184 80 TCP 6 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 104.73.143.160 a104-73-143-160.deploy.static.akamaitechnologies.com 443 TCP 6 104.64.0.0/10 AS31377 Akamai Technologies 157.55.240.220 443 TCP 6 157.55.0.0/16 AS8075 MICROSOFT 198.41.215.185 80 TCP 6 198.41.215.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 72.21.81.200 80 TCP 6 72.21.81.0/24 AS15133 EdgeCast Networks, Inc. 23.193.236.70 a23-193-236-70.deploy.static.akamaitechnologies.com 443 TCP 5 23.193.224.0/20 AS20940 Akamai Technologies 72.21.91.8 80 TCP 5 72.21.91.0/24 AS15133 EdgeCast Networks, Inc. 23.217.138.25 a23-217-138-25.deploy.static.akamaitechnologies.com 80 TCP 4 23.217.138.0/24 AS7922 Akamai Technologies 131.253.61.96 443 TCP 4 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 131.253.61.82 443 TCP 3 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.101.156.198 443 TCP 3 23.100.0.0/15 AS8075 MICROSOFT 104.73.153.9 a104-73-153-9.deploy.static.akamaitechnologies.com 443 TCP 3 104.64.0.0/10 AS31377 Akamai Technologies 23.9.123.27 a23-9-123-27.deploy.static.akamaitechnologies.com 80 TCP 3 23.9.112.0/20 AS16625 Akamai Technologies 94.245.121.254 3544 UDP 3 94.245.64.0/18 AS8075 MICROSOFT 23.101.187.68 123 UDP 3 23.100.0.0/15 AS8075 MICROSOFT 104.91.188.21 a104-91-188-21.deploy.static.akamaitechnologies.com 80 TCP 3 104.91.176.0/20 AS20940 Akamai Technologies 131.253.61.66 443 TCP 3 131.253.61.0/24 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.122 a23-217-138-122.deploy.static.akamaitechnologies.com 80 TCP 3 23.217.138.0/24 AS7922 Akamai Technologies 23.101.115.193 443 TCP 3 23.100.0.0/15 AS8075 MICROSOFT 198.41.215.182 80 TCP 3 198.41.215.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 198.41.214.187 80 TCP 3 198.41.214.0/24 AS13335 CloudFlare, Inc.665 3rd Street Suite 200San Francisco, California 94107US 23.210.48.42 a23-210-48-42.deploy.static.akamaitechnologies.com 443 TCP 3 23.210.48.0/20 AS16625 Akamai Technologies 104.208.28.54 443 TCP 3 104.208.0.0/13 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.18 a23-217-138-18.deploy.static.akamaitechnologies.com 80 TCP 2 23.217.138.0/24 AS7922 Akamai Technologies 23.193.238.90 a23-193-238-90.deploy.static.akamaitechnologies.com 443 TCP 2 23.193.224.0/20 AS20940 Akamai Technologies 23.217.138.90 a23-217-138-90.deploy.static.akamaitechnologies.com 80 TCP 2 23.217.138.0/24 AS7922 Akamai Technologies 23.217.138.43 a23-217-138-43.deploy.static.akamaitechnologies.com 80 TCP 1 23.217.138.0/24 AS7922 Akamai Technologies 23.67.60.65 a23-67-60-65.deploy.static.akamaitechnologies.com 80 TCP 1 23.67.60.0/24 AS7922 Comcast Cable Communications, Inc. 65.52.236.160 443 TCP 1 65.52.0.0/14 AS8075 MICROSOFT 157.56.144.215 3544 UDP 1 157.56.0.0/16 AS8075 MICROSOFT 23.96.212.225 443 TCP 1 23.96.0.0/14 AS8075 MICROSOFT 157.56.144.216 3544 UDP 1 157.56.0.0/16 AS8075 MICROSOFT 65.52.108.252 443 TCP 1 65.52.0.0/14 AS8075 MICROSOFT 65.52.108.94 msnbot-65-52-108-94.search.msn.com 443 TCP 1 65.52.0.0/14 AS8075 MICROSOFT 134.170.179.87 443 TCP 1 134.170.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 104.73.138.217 a104-73-138-217.deploy.static.akamaitechnologies.com 443 TCP 1 104.64.0.0/10 AS31377 Akamai Technologies 104.91.166.82 a104-91-166-82.deploy.static.akamaitechnologies.com 80 TCP 1 104.91.166.0/23 AS20940 Akamai Technologies 104.73.160.58 a104-73-160-58.deploy.static.akamaitechnologies.com 80 TCP 1 104.64.0.0/10 AS31377 Akamai Technologies 137.116.74.190 80 TCP 1 137.116.0.0/15 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK 23.217.138.97 a23-217-138-97.deploy.static.akamaitechnologies.com 80 TCP 1 23.217.138.0/24 AS7922 Akamai Technologies is for awhile longer (hours? days? weeks?) to get a more complete snapshop of connection attempts before I move on to further analysis of Windows 10. All Credits To CheesusCrust The Source
  19. Microsoft Reduces the Amount of Telemetry Data Collected from Windows 10 PCs Other privacy changes implemented for Microsoft users First and foremost, Microsoft is introducing a new privacy dashboard on the web that lets users see and manage privacy data, including search history, location activity, and Cortana’s Notebook - information that the digital assistant requires to provide a more personal experience. In order to access this dashboard, you need to sign in with your Microsoft account and connect to account.microsoft.com/privacy, with Redmond promising to add more functionality and categories over time. Windows 10 changes As far as Windows 10 is concerned, Microsoft is announcing a new setup experience for users who install the new OS. The new option replaces the previous Express settings presented during the Windows 10 install, Microsoft says. Those upgrading from Windows 7, Windows 8 or performing a new clean install should be able to see what Microsoft describes as “simple but important settings,” while those who are already on Windows 10 will be asked to update privacy settings with a notification. These new settings will make their debut with the Creators Update, and will be integrated into an insider build shipping soon. The telemetry settings in Windows 10 will be simplified from three different levels to just two, namely Basic and Full. The Enhanced level will no longer be offered, and users who picked this one will be prompted to switch to Basic or Full after installing the Creators Update. But what’s more important is that the Basic level will collect a reduced amount of telemetry data from Windows 10 computers, according to Microsoft. “This includes data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft,” the firm says. Users will be given full control over their privacy settings and will obviously be allowed to change them at a later time from the Settings app in Windows 10. Source
  20. How Windows 10 Data Collection Trades Privacy For Security Here's what data each telemetry level collects and the price you pay to send the least telemetry to Microsoft Windows 10’s aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft. But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That’s because doing so can decrease the effectiveness of Windows 10’s security features. Microsoft isn’t merely hoovering up large amounts of data because it can. The company has repeatedly reiterated its stance that Windows 10 does not collect the user’s personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality. With the current shift to Windows-as-a-service, Microsoft plans to release more updates to the operating system more frequently, and it will use telemetry data to understand how people are actually using Windows and applications. Microsoft can use the information to figure out what new features are needed or to prioritize changes to existing components. For Microsoft, more data means more security But the telemetry data is used for more than how to improve or evolve Windows. There is an actual security impact, too. Knowledge is power, and in the case of Windows 10, that usage data lets Microsoft beef up threat protection, says Rob Lefferts, Microsoft’s director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender, such as Application Guard and Advanced Threat Detection (these two features are available only to customers with Windows 10 Enterprise with Anniversary Update and Enterprise E5 subscriptions). As Windows 10’s built-in security tool, Windows Defender uses real-time protection to scan everything downloaded or run on the PC. The information from these scans is sent back to Microsoft and used to improve protection for everyone else. For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences. Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns, Microsoft needs access to technical data, such as what processes are consuming system resources, hardware diagnostics, and file-level information like which applications had which files open, Lefferts says. Taken together, the hardware information, application details, and device driver data can be used to identify parts of the operating system are exposed and should be isolated into virtual containers. How Windows 10 telemetry levels affect security and administration IT admins can control what telemetry is sent back to Microsoft using group policy objects—if they are using an enterprise version of Windows 10 and a Microsoft administration tool, of course. (Consumer versions of Windows don’t provide this capability, which is why there are now third-party telemetry blockers on the market, though not all telemetry can be blocked.) The Privacy option in Settings lets administrators choose one of three telemetry levels: Basic, Enhanced, and Full. Windows 10 Home and Pro are set by default to Full. Windows 10 Enterprise and Education are set by default to Enhanced. But there’s a fourth level called Security available only in Windows 10 Enterprise and Education editions, and only through group policies (not via Settings). Available to admins only, Security level sends the least data. The Security level sends less telemetry to Microsoft than the Basic level does. And it collects enough technical data about Windows’s Connected User Experience and Telemetry component settings, the MSRT (Malicious Software Removal Tool), and Windows Defender to keep Windows, Windows Server, and System Center secure. At the Security level, only OS information, device ID, and device class (server, desktop, mobile device) are sent to Microsoft, along with the MSRT report that contains information about the infection and IP address. Windows Defender and System Center Endpoint Protection provide diagnostic information, user account control settings, UEFI (Unifieid Extensible Firmware Interface) settings, and IP addresses. (If this latter information shouldn’t be sent, then turn off Windows Defender and use a third-party tool instead.) If the goal is to not have any data go to Microsoft, using the Security level is the best option. But it has one big drawback: Windows Update won’t work, because Windows Update information—such as whether the update installation succeeded or failed—does not get collected at the Security level. MSRT also won’t run if Windows Update is not working. Thus, it requires a lot of IT involvement to keep the systems updated and secure if the telemetry level is set to Security. Basic level is the least a user can choose within Windows. For most users focused on privacy, the Basic level is probably the best option for limiting what gets sent to Microsoft. The Basic level sends device information like application compatibility and usage information in addition to the information sent from the Security level. This can include the number of crashes and the amount of processor time and memory an application used at a time. System data can help Microsoft know whether a device meets the minimum requirements to upgrade to the next version. Data from the Basic level helps identify problems that can occur on a particular hardware or software configuration. The types of data collected include device attributes, such as camera resolution, display type, and battery capacity; application and operating system versions; networking devices, such as the number of network adapters; IMEI number (for mobile devices) and mobile operator network; architecture details, such as processor, memory type, and firmware versions; storage data, such as number of drives, type, and size; and virtualization support. The Basic level also collects and transmits compatibility details, such as how add-ons work with the browser, how applications work with the operating system, and whether peripherals like printers and storage devices would work with the next version of the operating system. Enhanced level aids user-experience improvements. The Enhanced level, the default setting for Windows 10 Enterprise and Education, also sends data on how Windows, Windows Server, System Center, and applications are used; how they perform; and their reliability. This includes operating system events, such as those from networking, Hyper-V, Cortana, storage, and file system; operating system application events, such as those from Server Manager, Mail, and Microsoft Edge; device-specific events such as data from Microsoft HoloLens; and all crash dumps. Data collected from the Enhanced level helps Microsoft improve user experience because the company can use the detailed information to find patterns and trends in how the applications are being used. Enhanced is the minimum level needed for Microsoft to identify and address Windows 10, Windows Server, and System Center quality issues. The Full level makes your PC an open book. The Full level—the default for consumer versions of Windows—is the free-for-all level that has privacy folks worried, because it includes significant technical data, which Microsoft claims is “necessary to identify and help to fix problems.” At the Full level, devices send information related to reliability, application responsiveness, and usage along with all crash dumps. Data collection has changed in Windows Telemetry data is not new to Windows 10. Microsoft used telemetry in previous versions of Windows and Windows Server to check for updated or new Windows Defender signatures, verify Windows Update installations, and gather reliability information through the RAC (Reliability Analysis Component) and Windows CEIP (Customer Experience Improvement Program). What’s changed is that Windows 10 has expanded the scope to better understand the type of hardware being used, basic system diagnostics, logs of how frequently features are being used, what applications have been installed, how users are using those applications, and the reliability data from device drivers. Microsoft says it tries to avoid collecting personal information, but it can happen. For example, crash dumps can contain the contents of a document that was in memory at the time of the crash. The news that Microsoft would include threat intelligence content such as indicators and reports of past attacks from FireEye’s iSight Intelligence product into Windows Defender Advanced Threat Protection, there were concerns that FireEye would gain access to some of the telemetry data. But Microsoft says that is not part of the FireEye deal. Microsoft’s plan to put advertising on users’ lock screens and Start screens—and block IT admins from disabling them—has also fanned the flames of security fear. After all, similar advertising from the likes of Google ad Facebook relies heavily on the intense collection of personal data to target the ads. It’s worth noting that Windows is not intentionally collecting functional data, such as the user’s location when the user is looking at local weather or news. The application may collect such data, but not the Windows 10 operating system—and thus not the Windows 10 telemetry. Of course, Microsoft collects personal information from its own applications. Cortana is such an example, but users can turn off Cortana completely. Overall, IT organizations should be able to find a telemetry level they’re comfortable with in terms of privacy, while not sacrificing the core security of Windows. They may have to pay the price of higher admin costs if they use the lowest telemetry level (Security), but only if they choose to do so. Source AskWoody's Word On This Article
×
×
  • Create New...