Hardware-based detection of Win10 Telemetry?

Discussion in 'Windows 10' started by MonarchX, Nov 30, 2019.

  1. MonarchX

    MonarchX MDL Expert

    May 5, 2007
    1,655
    289
    60
    How can hardware, such as routers, be used to detect all Win10 telemetry? Each outgoing signal can be logged, can't it? With driver-based logs, why can it not be possible to spot each and every Win10-based telemetry?
     
  2. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    3,382
    672
    120
    if your good with routing tables u can use any of the free cisco routing software to see telemetry.
     
  3. MonarchX

    MonarchX MDL Expert

    May 5, 2007
    1,655
    289
    60
    Why hasn't anyone else done that yet?
     
  4. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    3,382
    672
    120
    what makes u think they havent not everyone post in this site.
     
  5. MonarchX

    MonarchX MDL Expert

    May 5, 2007
    1,655
    289
    60
    There is much information that indicates that it is not possible to fully disable Windows 10 Telemetry and that there is simply too much of it.
     
  6. toyo

    toyo MDL Senior Member

    Aug 14, 2009
    343
    217
    10
    Time to stop worrying then, stop risking to break your Windows installs, and start using Linux for highly sensitive workloads.
     
  7. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,037
    986
    60
    The problem is encryption. Most telemetry hides behind encrypted tunnels and connections. Inspecting it is not entirely possible with e.g. Burp/WireShark because MITM those connections often breaks them entirely. It's also unclear if genuine URLs/Domains submitting stuff or not. So you might think your smart on blocking "mytelemetry.com" but you never know if connections for e.g. WUS do not submit stuff too and you can't disable it without breaking it.

    You can use Pi-Hole/AdGuard Home (both foss projects) install it on a Raspberry-PI and log, but that won't help, you only reduce the amount, at the end MS has to fix this entirely and not external tools or hardware. MS already did btw changed the telemetry but's not enough. So if you really want to do something, sign a petition and vote against telemetry, this way the government will stop this (soon or later). MS already got punished several times by GDPR and DSGVO and it's getting better (because of it).
     
  8. MonarchX

    MonarchX MDL Expert

    May 5, 2007
    1,655
    289
    60
    That way telemetry from Win10 can compromise overall privacy and anonymity of people using Tor-over-VPN, can't it?
     
  9. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,037
    986
    60
    #10 CHEF-KOCH, Dec 2, 2019
    Last edited: Dec 3, 2019 at 07:30
    This is a difficult question. There are bunch of scenarios to consider.

    • Is DNS-over-HTTPS enabled? (DOH gets integrated in Windows 10 but is for now not enabled by default) If yes, telemetry can go trough firewall as well as hosts. I posted it here. This tunnel is encrypted and no one could look into it, MITM isn't possible without breaking the connection. However, its pure speculation that MS will "abuse" it for telemetry. But what i say is that it's possible.If I would be NSA, CSIA, CNSA etc I would find such a method "interesting" since you can't be bused, because as said, intercepting is not possible without MITM and MITM breaks it. Keep in mind that legitimate apps can use Port 53 not only for DNS queries (e.g. in order to bypass censorship).
    • If you want fully transparency then do not use any encryption, because only this way you can check what's going in and out. But some exploits as well as MITM scenarios working on lower encrypted channels like SSL/TLS 1.0 etc. There are tools like WireShark and Burp which can intercept those connections.
    • Bypassing TOR or a VPN is not so easily possible, if you mean that you can "smuggle" traffic trough the encrypted outgoing stream from a VPN/Tor connection, the answer would be yes. But you can before you start a Tor Server or a VPN block/limit the outgoing stream via traditional blocking methods like HOSTS (assuming you inspected the traffic before and that all domains are on such a list).
    • MS could smuggle telemetry as well as bits of tracking information trough e.g. WUS, this is possible. Legitimate connection can, of course, also including telemetry related data however, again encryption.. No one actually inspected it because MS encrypt the stream, the VPS connection changes (other domains/IP's appearing). Which makes the whole thing intransparent! And that's why MS should get punished by GDPR/DSGVO, and they already got punished but there is still the antitrust question because some governments e.g. Germany fears that with every "feature update" or KB update MS changes something so that no one know if it includes telemetry too or not. Again it's not transparent, I guess it starts with the fact that the provided MS changelog is more than vague and overall says nothing, which causes antritrust.
     
  10. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    3,382
    672
    120
    no matter what u do u will never be 100% anonymous online.