[REPO] Windows 10 TELEMETRY REPOSITORY

ParentalControls and WindowsFeedback removed successfully using DISM OFFLINE and atm no problems on my fresh install

CloudExperienceHost not yet tried but I already tried ShellExperienceHost it give Start Menu critical error
So my opinion don't remove CloudExperienceHost

 

I had some issues when I removed CloudExperienceHost from my .wim file. Such as my taskbar icons and the context menu not showing up. I haven't tried removing it from an online system yet though.

 

Just would like to leave this bit of information about using the HOSTS file to block telemetry.

It doesn't work. Microsoft uses the const DNS_QUERY_NO_HOSTS_FILE in their software. (especially the telemetry related stuff)


I just confirmed it, and it's easy to do.

Add common microsoft telemetry servers to hosts, reboot, find that they still connect to proper IP, restore hosts file, reboot, no change.

tlr
Use Windows Firewall

 

You need to login to view this posts content.

 

@hydranix:
Yep, confirmed.

 

I have done it on OpenWRT via dnsmasq + forcing all connections to use my intern dns:

Code:

# install iptables-mods:
opkg install iptables-mod-nat-extra
# force all llokups to use our dns:
nano /etc/firewall.user
# add these lines:
iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53
# add all ip-ranges you want to block like:
iptables -I INPUT -j DROP -s 64.4.0.0/18
iptables -I FORWARD -j REJECT -d 64.4.0.0/18
# block domains:
nano /etc/dnsmasq.conf
# add lines like:
address=/doubleclick.com/0.0.0.0
# restart your router, first connection could take some time

I copied together all domains i could find, then i removed the ones which blocked Visual-Studio related services as i need them. MSDN is still broken though.


hxxp://pastebin.com/raw.php?i=5J1JG51F (as i can not post it raw)



Some additional ip-ranges:

Code:

#---------- firewall.user ----------#
# MS unknown
iptables -I INPUT -j DROP -s 8.254.200.14
iptables -I FORWARD -j REJECT -d 8.254.200.14
iptables -I INPUT -j DROP -s 8.254.208.254
iptables -I FORWARD -j REJECT -d 8.254.208.254

# MS Spynet
iptables -I INPUT -j DROP -s 23.96.0.0/13
iptables -I FORWARD -j REJECT -d 23.96.0.0/13
iptables -I INPUT -j DROP -s 191.236.0.0/14
iptables -I FORWARD -j REJECT -d 191.236.0.0/14

# MS Telemetry Command
iptables -I INPUT -j DROP -s 65.52.0.0/14
iptables -I FORWARD -j REJECT -d 65.52.0.0/14

# Comodo CA
iptables -I INPUT -j DROP -s 178.255.83.0/26
iptables -I FORWARD -j REJECT -d 178.255.83.0/26

#MS SearchUI.exe
iptables -I INPUT -j DROP -s 204.79.195.0/24
iptables -I FORWARD -j REJECT -d 204.79.195.0/24
iptables -I INPUT -j DROP -s 204.79.196.0/23
iptables -I FORWARD -j REJECT -d 204.79.196.0/23

# MS OneDrive
iptables -I INPUT -j DROP -s 207.46.0.0/16
iptables -I FORWARD -j REJECT -d 207.46.0.0/16

 

good work, thanks for the info, i would use drop instead of reject everywhere though

 

can somebody tell me how to block telemetry using ESET firewall?

 

Just wiped 10 Pro and installed 10 Enterprise LTSB

GPEDIT - Disabled Defender and turned off Telemetry

Anything else needed to stop this SKU from Spying or is that enough ?

 

I'll save you all the trouble and tell you that nothing will ever be "enough".
I too have LTSB. I did ALL the tweaks. Still observe data sent off to Microsoft servers through unblockable paths like svchost.
You can certainly limit the spying by doing all the tweaks, but you cannot escape it.

 

Ah well, thanks, I've had enough of trying to block this stuff, all I succeeded in doing with Pro was breaking stuff and blocking myself from MS sites

Least there are no apps in LTSB, that'll do

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

I did on Pro, and the reason for installing LTSB was so I didn't have to mess about with things like that any more

I'm not bothered any more, unless a one click 100% working program gets released, I`ll leave it as it is

 

Please provide some evidence of this happening if you have also used the firewall rules blocking Microsoft's services (eg searchui.exe which pings bing no matter what if you don't block it.) and/or Peerblock to do so. Because I can do the same and there is nothing bar utterly essential network traffic transmitted once you have done so, which has nothing to do with telemetry or spying but *has* to occur if you want internet access.
Fiddler screencap, etc will do. Been hoping someone could do so for weeks. So far nobody has been able to back up this "impossible to block them" claim.

@Nucleus thanks for reposting that KMS related info - been looking for that particular tweak again for *days* as couldn't for the life of me remember what it was called!

 

...

 

Disabling them sounds a better option then, SFC shouldn't re-enable them again

 

...

 

They didn't on my Pro install (Even after SFC), and up to now on Enterprise, they're still disabled, haven't run SFC though