Even With Telemetry Disabled, Windows 10 Talks To Dozens of Microsoft Servers

Discussion in 'Windows 10' started by Garbellano, Feb 7, 2016.

  1. Garbellano

    Garbellano MDL Addicted

    Aug 13, 2012
    948
    246
    30
  2. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    7,392
    23,021
    240
    who said it can be disabled? :g:

    includes = doesn't mean only :D
     
  3. lobo11

    lobo11 TOMAHAWK CHOP

    Feb 16, 2012
    6,291
    3,745
    210
    #3 lobo11, Feb 7, 2016
    Last edited: Feb 7, 2016
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. kuroda

    kuroda MDL Senior Member

    Aug 25, 2012
    369
    26
    10
    ...Dont worry.. it's all for a good cause ...Microsoft loves us!:p
     
  5. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,540
    60
    I'm not surprised. But it doesn't represent actual traffic, and it says nothing about what data it is. When all outgoing connections are blocked, as in this case, you may end up with more connection attempts than if that connection had been allowed to go through.

    Anyway, here's a few things that are going to happen in idle state regardless of whether or not telemetry data is being transmitted:
    • Network connectivity indicator checks for Internet connectivity
    • WU client checks for OS updates
    • Store checks for app updates
    • Licensing service checks activation
    • Live tile for weather app queries the weather
    • Live tile for Store queries list of apps and preview images
    • Live tiles for money, sports, news, whatever apps query headlines, query preview images
    • Any other app could be making background requests
    • NTP synchronizes clock
    • Certificates are checked for revocation
    • Teredo client tries to establish IPv6/v4 transitioning (the large amount of 3544/UDP packets)

    All those connections are going to go to different services, and when you combine that with the fact that many are reachable through multiple IPs or are hosted on CDNs you will end up with a multitude of different IPs for the same service. E.g., the WU service resolves to 6 different IP addresses. And of course all of those are going to be tried when you're blocking all outgoing connections.

    I've been thinking of doing something like this also. But done properly the traffic would have to go through an intercepting proxy. IP stats alone aren't telling you much.
     
  6. kaljukass

    kaljukass MDL Addicted

    Nov 26, 2012
    813
    268
    30
    Of course, it is possible to easily block! Simply turn the router off and plug off (unplug) any cables and everything is done.
    If it still does not help, remove Windows for ever, and finally Microsoft can be freely to dream of a bright future without giving any support and updates and also without any broken window.
    Microsoft, it is only the broken dreams.
     
  7. Garbellano

    Garbellano MDL Addicted

    Aug 13, 2012
    948
    246
    30
    the most funny thing about all of this, is infact, they could send ANY information with something simple like the weather app, where even there, all the communication are encrypted.
    Meaning, they could send and receive any information from any application, even the trusted one from them, that you wont ever know, ever.
     
  8. PaulDesmond

    PaulDesmond MDL Magnet

    Aug 6, 2009
    7,008
    7,160
    240
    put in a spoiler please :eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. supersonic124

    supersonic124 MDL Novice

    Nov 23, 2014
    39
    7
    0
    It doesn't seem like he actually tested the group policy option though.
     
  10. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,540
    60
    Could you clarify what you mean by "ANY" information? And how an app running in a sandboxed container would go about accessing that information? Also, since it's trivial to intercept traffic from any of the preinstalled apps in the clear, where's that supposedly undecryptable communication? I'm not seeing it.
     
  11. Garbellano

    Garbellano MDL Addicted

    Aug 13, 2012
    948
    246
    30
    what?.

    What ever they want to send. They can cover anything with all the traffic they are having. Just for fun, do a vm and sniff all the traffic and see what I do mean.
     
  12. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,540
    60
    In other words you have no idea what the traffic is really about. Have you actually looked at the decrypted traffic? Because I have, and I don't see what you mean. What have you seen that I've been missing?
     
  13. michaelmyers

    michaelmyers MDL Member

    May 28, 2015
    109
    29
    10
    The person has seen nothing. Just another Windows 10 hater full of paranoia and has no real clue what they are talking about. Just repeats what others post.

    Nobody can see all this "data being stolen from us" because IT ISN'T FREAKING HAPPENING. All these paranoid privacy groups and individuals have had more than enough time to find proof and they haven't found squat and I guarantee they never will, but will keep on whining about it.
     
  14. reagentc

    reagentc MDL Novice

    Jun 2, 2015
    7
    0
    0
    FUD helps generate page clicks. It would seem to help if Microsoft were a little more transparent about Win 10 telemetry. Now of course the tinfoil hat crowd won't believe anything Microsoft says, but transparency is a good thing regardless.
     
  15. frepsz

    frepsz MDL Junior Member

    Aug 26, 2014
    71
    18
    0
    So you think that Microsoft is lying? In all the interviews and privacy policy? Why do you use their product if you don't believe them?
     
  16. endbase

    endbase MDL Guru

    Aug 12, 2012
    3,684
    1,010
    120
    I could not care less :p
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. Shayne

    Shayne MDL Addicted

    Jul 31, 2009
    722
    168
    30
    You have looked at the decrypted traffic? What about the encrypted traffic? Have you looked at the ETL files and if so what is in there? You have provided us with a MS link "Configure telemetry and other settings in your organization" that does absolutely nothing, as this OS still contacts approximately 70 different IP weekly and the sending of information continues. If you block these IP's from contacting they will try 7000 to 8000 times to connect per week. You can not suggest that this is acceptable practice? There is no privacy in this OS, out of the box, even if the privacy settings are set up. I find that a bit disgusting.

    Regards
     
  18. QuantumBug

    QuantumBug MDL Developer

    Mar 7, 2012
    1,488
    1,322
    60
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...