I'm not surprised. But it doesn't represent actual traffic, and it says nothing about what data it is. When all outgoing connections are blocked, as in this case, you may end up with more connection attempts than if that connection had been allowed to go through. Anyway, here's a few things that are going to happen in idle state regardless of whether or not telemetry data is being transmitted: Network connectivity indicator checks for Internet connectivity WU client checks for OS updates Store checks for app updates Licensing service checks activation Live tile for weather app queries the weather Live tile for Store queries list of apps and preview images Live tiles for money, sports, news, whatever apps query headlines, query preview images Any other app could be making background requests NTP synchronizes clock Certificates are checked for revocation Teredo client tries to establish IPv6/v4 transitioning (the large amount of 3544/UDP packets) All those connections are going to go to different services, and when you combine that with the fact that many are reachable through multiple IPs or are hosted on CDNs you will end up with a multitude of different IPs for the same service. E.g., the WU service resolves to 6 different IP addresses. And of course all of those are going to be tried when you're blocking all outgoing connections. I've been thinking of doing something like this also. But done properly the traffic would have to go through an intercepting proxy. IP stats alone aren't telling you much.
Of course, it is possible to easily block! Simply turn the router off and plug off (unplug) any cables and everything is done. If it still does not help, remove Windows for ever, and finally Microsoft can be freely to dream of a bright future without giving any support and updates and also without any broken window. Microsoft, it is only the broken dreams.
the most funny thing about all of this, is infact, they could send ANY information with something simple like the weather app, where even there, all the communication are encrypted. Meaning, they could send and receive any information from any application, even the trusted one from them, that you wont ever know, ever.
Could you clarify what you mean by "ANY" information? And how an app running in a sandboxed container would go about accessing that information? Also, since it's trivial to intercept traffic from any of the preinstalled apps in the clear, where's that supposedly undecryptable communication? I'm not seeing it.
what?. What ever they want to send. They can cover anything with all the traffic they are having. Just for fun, do a vm and sniff all the traffic and see what I do mean.
In other words you have no idea what the traffic is really about. Have you actually looked at the decrypted traffic? Because I have, and I don't see what you mean. What have you seen that I've been missing?
The person has seen nothing. Just another Windows 10 hater full of paranoia and has no real clue what they are talking about. Just repeats what others post. Nobody can see all this "data being stolen from us" because IT ISN'T FREAKING HAPPENING. All these paranoid privacy groups and individuals have had more than enough time to find proof and they haven't found squat and I guarantee they never will, but will keep on whining about it.
FUD helps generate page clicks. It would seem to help if Microsoft were a little more transparent about Win 10 telemetry. Now of course the tinfoil hat crowd won't believe anything Microsoft says, but transparency is a good thing regardless.
So you think that Microsoft is lying? In all the interviews and privacy policy? Why do you use their product if you don't believe them?
You have looked at the decrypted traffic? What about the encrypted traffic? Have you looked at the ETL files and if so what is in there? You have provided us with a MS link "Configure telemetry and other settings in your organization" that does absolutely nothing, as this OS still contacts approximately 70 different IP weekly and the sending of information continues. If you block these IP's from contacting they will try 7000 to 8000 times to connect per week. You can not suggest that this is acceptable practice? There is no privacy in this OS, out of the box, even if the privacy settings are set up. I find that a bit disgusting. Regards