How can hardware, such as routers, be used to detect all Win10 telemetry? Each outgoing signal can be logged, can't it? With driver-based logs, why can it not be possible to spot each and every Win10-based telemetry?
There is much information that indicates that it is not possible to fully disable Windows 10 Telemetry and that there is simply too much of it.
Time to stop worrying then, stop risking to break your Windows installs, and start using Linux for highly sensitive workloads.
The problem is encryption. Most telemetry hides behind encrypted tunnels and connections. Inspecting it is not entirely possible with e.g. Burp/WireShark because MITM those connections often breaks them entirely. It's also unclear if genuine URLs/Domains submitting stuff or not. So you might think your smart on blocking "mytelemetry.com" but you never know if connections for e.g. WUS do not submit stuff too and you can't disable it without breaking it. You can use Pi-Hole/AdGuard Home (both foss projects) install it on a Raspberry-PI and log, but that won't help, you only reduce the amount, at the end MS has to fix this entirely and not external tools or hardware. MS already did btw changed the telemetry but's not enough. So if you really want to do something, sign a petition and vote against telemetry, this way the government will stop this (soon or later). MS already got punished several times by GDPR and DSGVO and it's getting better (because of it).
That way telemetry from Win10 can compromise overall privacy and anonymity of people using Tor-over-VPN, can't it?
This is a difficult question. There are bunch of scenarios to consider. Is DNS-over-HTTPS enabled? (DOH gets integrated in Windows 10 but is for now not enabled by default) If yes, telemetry can go trough firewall as well as hosts. I posted it here. This tunnel is encrypted and no one could look into it, MITM isn't possible without breaking the connection. However, its pure speculation that MS will "abuse" it for telemetry. But what i say is that it's possible.If I would be NSA, CSIA, CNSA etc I would find such a method "interesting" since you can't be bused, because as said, intercepting is not possible without MITM and MITM breaks it. Keep in mind that legitimate apps can use Port 53 not only for DNS queries (e.g. in order to bypass censorship). If you want fully transparency then do not use any encryption, because only this way you can check what's going in and out. But some exploits as well as MITM scenarios working on lower encrypted channels like SSL/TLS 1.0 etc. There are tools like WireShark and Burp which can intercept those connections. Bypassing TOR or a VPN is not so easily possible, if you mean that you can "smuggle" traffic trough the encrypted outgoing stream from a VPN/Tor connection, the answer would be yes. But you can before you start a Tor Server or a VPN block/limit the outgoing stream via traditional blocking methods like HOSTS (assuming you inspected the traffic before and that all domains are on such a list). MS could smuggle telemetry as well as bits of tracking information trough e.g. WUS, this is possible. Legitimate connection can, of course, also including telemetry related data however, again encryption.. No one actually inspected it because MS encrypt the stream, the VPS connection changes (other domains/IP's appearing). Which makes the whole thing intransparent! And that's why MS should get punished by GDPR/DSGVO, and they already got punished but there is still the antitrust question because some governments e.g. Germany fears that with every "feature update" or KB update MS changes something so that no one know if it includes telemetry too or not. Again it's not transparent, I guess it starts with the fact that the provided MS changelog is more than vague and overall says nothing, which causes antritrust.