Possible to block all Windows 10 "phone home" traffic with an external firewall?

Discussion in 'Windows 10' started by jackskellin, Aug 6, 2015.

  1. jackskellin

    jackskellin MDL Novice

    Jul 20, 2015
    6
    6
    0
    Let's face it... Windows 10 wants to send data to Microsoft. We also are losing more of our privacy and the ability to update the OS on our own terms.


    I am currently working overseas and am not able to test this out right now... but does anyone know if it would be possible to just block the traffic Windows 10 wants to send to Microsoft?


    Let's say that eventually, tools are released to let us install updates on our own terms. If the traffic Windows 10 tries to send to Microsoft is blocked by an external firewall, then our privacy and update worries would be over.


    Any thoughts?
     
  2. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,724
    1,952
    210
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. jackskellin

    jackskellin MDL Novice

    Jul 20, 2015
    6
    6
    0
    I'm glad someone finally agrees with me. I have been replying to posts on Reddit and not getting much support.

    Another thing... all of the tweaks people are making to try and stop telemetry traffic probably aren't going to be enough. Microsoft could just update the OS and create another process that sends traffic. And I think the EULA states that they can also change your settings.
     
  4. windooooooooows

    windooooooooows MDL Novice

    Aug 3, 2015
    12
    14
    0
    Thank you both so much, I have been thinking about the exact same thing but couldn't find a good firewall.


    I disabled Telemetry with all the fixes (registry etc.), had Telemetry hosts in my hostfile.... and guess what? Today I noticed it was phoning home again. To another brand new vortex subdomain that I haven't seen around on any host file lists. It also bypassed my registery tweaks and all the other methods.


    Thanks so much for smoothwall.
     
  5. windooooooooows

    windooooooooows MDL Novice

    Aug 3, 2015
    12
    14
    0
    For those interested by the way, it was :

    vortex-bn2.metron.live.com.nsatc.net vortex-cy2.metron.live.com.nsatc.net At the time of writing it is not in any hosts lists
     
  6. dvbman

    dvbman MDL Junior Member

    Apr 23, 2015
    67
    29
    0
    And it's worse than it sounds.:laie:
     
  7. slayer9450

    slayer9450 MDL Member

    Aug 3, 2015
    144
    62
    10
    #7 slayer9450, Aug 6, 2015
    Last edited: Aug 6, 2015
    Interesting. Up until now I had only heard of TinyWall. How's it compare? And a more general question. Do third party firewalls block the hardcoded telemetry whitelist in dnsapi.dll that I'm hearing about?
     
  8. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,724
    1,952
    210
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. jackskellin

    jackskellin MDL Novice

    Jul 20, 2015
    6
    6
    0
    Thanks for the info pisthai!
     
  10. P-Dude

    P-Dude MDL Novice

    Feb 9, 2009
    18
    0
    0
    Since Smoothwall is a router software, if you already have a router that allows you to set up rules to regulate traffic you're all set up already and only need to set up rules to block traffic as you see fit. Personally, I have become particularly fond of pfSense, another router software.
     
  11. 0oo0

    0oo0 MDL Novice

    Jul 29, 2015
    4
    2
    0
    I recommend you to use free ( it run on BSD ) pfSense because it is open source firewall and you have VPN by default ( OVPN - IPSEC ) and lot of others packages not available on smoothwall at this moment:

    - pfblocker - you can easy block traffic to countries, hackers-spy-tracker servers... it will live update the lists from net.
    - suricata or snort - Intruder detection system, analyze live traffic for known vulnerabilities and attacks and block the offender IP.
    - squid - proxy traffic; monitor & filter traffic and restrict access to bad sites, advertise servers, trackers ...
    - captive portal ( add another layer of protection for your LAN - WIFI ).
    ...

    all you need is an old PC with 2-4 Gb Ram and 2 or more Ethernet cards/ports and you are good to go.
    I recommend old brand silent PC like: Lenovo M58p and Fjitsu Siemens E5730 with IAMT so you can debug/restart/turn on-off from anywhere in the world if required... ~100$

    At this moment I am using a list found here to block Microsoft telemetry servers but to allow MS updates, I also block the rest of trackers and spy servers all over the world... and of course cut all the traffic from/to high risk spy-intrusion countries: China, Russia, Ukraine...