Even With Telemetry Disabled, Windows 10 Talks To Dozens of Microsoft Servers

Discussion in 'Windows 10' started by Garbellano, Feb 7, 2016.

  1. Shayne

    Shayne MDL Addicted

    Jul 31, 2009
    752
    181
    30
    Thank you, I will need to look at your script closely :worthy:. I rem off defender and ran it, can not say it ran perfect, with access probs deleting *.rbs, but well into the nineties. Restart, power off and start. This it what my Iptables get from this VM's ip.

    Feb 21 17:56:31 dnsmasq-dhcp[743]: DHCPREQUEST(xxxx) xxx.xxx.xxx.xxx 08:xx:27:xx:b1:D2
    Feb 21 17:56:31 dnsmasq-dhcp[743]: DHCPACK(xxxx) xxx.xxx.xxx.xxx 08:xx:27:xx:b1:D2 LTSB_10240
    Feb 21 17:58:28 kernel: DROP <4>DROPIN=xxxx OUT=tun11 <1>SRC=xxx.xxx.xxx.xxx DST=137.116.74.190 <1>LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=6246 DF PROTO=TCP <1>SPT=49420 DPT=80 SEQ=4216769044 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
    Feb 21 17:58:31 kernel: DROP <4>DROPIN=xxxx OUT=tun11 <1>SRC=xxx.xxx.xxx.xxx DST=137.116.74.190 <1>LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=6247 DF PROTO=TCP <1>SPT=49420 DPT=80 SEQ=4216769044 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
    .
    .
    .
    Feb 21 18:30:37 kernel: DROP <4>DROPIN=xxxx OUT=tun11 <1>SRC=xxx.xxx.xxx.xxx DST=137.116.74.190 <1>LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=6265 DF PROTO=TCP <1>SPT=49426 DPT=80 SEQ=3755668198 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
    Feb 21 18:30:43 kernel: DROP <4>DROPIN=xxxx OUT=tun11 <1>SRC=xxx.xxx.xxx.xxx DST=137.116.74.190 <1>LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6266 DF PROTO=TCP <1>SPT=49426 DPT=80 SEQ=3755668198 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402)
    Looking for a switch ;).

    Regards
     
  2. mrbbq

    mrbbq MDL Addicted

    Jul 18, 2015
    505
    272
    30
    It was my understanding that even when certain tweaks were applied to Home edition they did not actually take effect. Of course it's still the case that a default LTSB install requires far less tweaking and removal of things since they simply aren't there by default, and something like Spybot Antispy Beacon for the telemetry blocking makes doing so far more simple and visible to the "average user".

    It's also ridiculously trivial for someone to prove to themselves that a blocklist for the Microsoft IP ranges is working - in which case all else is not really essential anyway since nothing is able to get in or out even if things are set wrong or still installed. Import blocklist. Attempt to view any Microsoft related server or site or service, and be stunned as it fails to load! Look at the Peerblock log on the main screen right there and you can see it is blocked.

    Set up Peerblock. Import IP range blocklist. Look at displayed log.
    It does not get any simpler than that. There's all the goddamn evidence for anyone to see right in front of their own eyes. See for yourselves that it is working on your own system.
    This isn't rocket surgery. Try it. A blocked site is blocked. End of story.
     
  3. Shayne

    Shayne MDL Addicted

    Jul 31, 2009
    752
    181
    30
    That is what I posted, well the log of iptables drops not peerblock blocks but same thing. Ran abbodi1406 scripted and bam right out of the gate it tries to contact 137.116.74.190. No fix there. Do a whois 137.116.74.190 and it should be clear who my windows 10 is trying to contact even with all these reg edits and task disabled.

    Regards
     
  4. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    16,141
    84,314
    340
    Stopping telemetry doesn't necessary mean stopping all and any connection
    it's the matter of what's the connection for, and how much data involved

    as in the summary i posted, there are several connections to login.live.com, although i'm using local account and most apps are removed
    that doesn't look harmful to me :D
     
  5. Shayne

    Shayne MDL Addicted

    Jul 31, 2009
    752
    181
    30
    I do not know if you can make the statement that unsolicited connects to any location outside your "personal computer" are not harmful unless you know what that connect is being made for and what is being transmitted. Where are the privacy toggles that shut these transmissions off, as I do not have a live account. It should be noted that there are more connections being made that do not involve live.

    Regards
     
  6. kuroda

    kuroda MDL Senior Member

    Aug 25, 2012
    445
    32
    10
    ....I think you want stop the telemetry is to block the sun with a sieve , you close a door M$ open 10 , so it's a never ending battle ...:cool:
     
  7. Shayne

    Shayne MDL Addicted

    Jul 31, 2009
    752
    181
    30
    I do not think so. I think those doors can be only opened with updates, something the ones that use LTSB do not require. I do not believe that there are triggers built into the OS, as of yet. I have to say that this windows 10 has only lead to uses not updating, especially those windows 7 users. ;). This whole free OS based on advertising and selling peoples habits has turned into a cluster. All should realize that this is the end of windows and PC computing within windows as you know it. Data is now power and the ones that need power are on the band wagon for it. Just ask Cortana what's up.

    Regards
     
  8. 100

    100 MDL Expert

    May 17, 2011
    1,347
    1,575
    60
    In fact it creates a Microsoft account for the machine (with an @passport.com address) and logs into that, even when using a local account. My guess is that it's used with the Store.
     
  9. lobo11

    lobo11 TOMAHAWK CHOP

    Feb 16, 2012
    6,585
    5,362
    210
    #109 lobo11, Feb 24, 2016
    Last edited: Feb 24, 2016
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. lobo11

    lobo11 TOMAHAWK CHOP

    Feb 16, 2012
    6,585
    5,362
    210
    Anyone know how to open Group Policy Management Console in Win 10.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. oldsh_t

    oldsh_t MDL Expert

    Dec 23, 2009
    1,081
    532
    60
  12. lobo11

    lobo11 TOMAHAWK CHOP

    Feb 16, 2012
    6,585
    5,362
    210
    #112 lobo11, Feb 24, 2016
    Last edited: Feb 24, 2016
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. lobo11

    lobo11 TOMAHAWK CHOP

    Feb 16, 2012
    6,585
    5,362
    210
    #113 lobo11, Feb 24, 2016
    Last edited: Feb 24, 2016
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. mrbbq

    mrbbq MDL Addicted

    Jul 18, 2015
    505
    272
    30
    #114 mrbbq, Feb 26, 2016
    Last edited: Feb 26, 2016
    The fact it was done on a system with "most apps" removed and not all kind of invalidates it as a telemetry related test anyway. The idea of being more secure by removing *any* point of transmission is the only one that there is any point in practicing. That's security 101. Of course "apps" are going to try to talk to the servers they need.

    If this behavior was still going on WITHOUT them still being present it would be a valid concern. But it's by design that these things communicate.
    It is completely worthless doing any telemetry testing if you're just going to leave things in that need to transmit or receive data anyway. Insert old "locking the door but somehow people are getting in and out... oh I've left this window open too by the way..." analogy.

    People need to realize the options at this point are pretty straightforward. Either accept the limitations of blocking everything firmly and accept that is the only way to stop it - and it does - or you may as well not bother doing telemetry testing because it's going to behave as it is meant to; How they want it to, not how you want it to.
     
  15. Gharlane00

    Gharlane00 MDL Addicted

    Aug 26, 2009
    836
    296
    30
    The problem is that the tin foil hat brigade has whipped themselves into a frenzy with the belief that the weather app is secretly recording their keystrokes and bank passwords and sending the information to MS so that it can be shared with the NSA and the North Koreans. Not really anything to be done about mass hysteria except to stay out the cross fire until they turn on each other.
     
  16. lobo11

    lobo11 TOMAHAWK CHOP

    Feb 16, 2012
    6,585
    5,362
    210
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. joeyjoey

    joeyjoey MDL Novice

    Feb 25, 2016
    25
    2
    0
    what is the method used to block everything and what are the limitations you mention?
     
  18. Gharlane00

    Gharlane00 MDL Addicted

    Aug 26, 2009
    836
    296
    30
    download.jpg

    The limitations should be fairly obvious
     
  19. lobo11

    lobo11 TOMAHAWK CHOP

    Feb 16, 2012
    6,585
    5,362
    210
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  20. dhjohns

    dhjohns MDL Guru

    Sep 5, 2013
    3,262
    1,731
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...