Discussion in 'Windows 10' started by Yen, Aug 4, 2015.
You need to login to view this posts content.
It's quite interesting to be able to monitor the home network on DNS level. If you need assistance for setting up pi-hole / unbound DNS let me know.
As a side effect you won't be dependent on any upstream DNS out there anymore and your ISP's DNS will be out of work.
This info helps as any list partially only.
It strongly depends which windows 10 edition and which version is running. Also on the update level.
It depends on what's already blocked and as a causality then won't be called anymore. I also can imagine that one's location also plays a role which exact URLs are called....(for instance another prefix)
The posted list has lots of URL's which are never called at LTSC and some important are missing. For instance I never had a call to v10c.events.data.microsoft. but v20. and v10. are quite frequently called.
pihole is nice but it's not exactly whats suitable for a mobile computer that is being connected to different networks.
I think the way to go would be a local DNS proxy on the machine that does the filtering
I connect via VPN to my local network / router wherever I am and from there to the internet...by doing that I can use pi-hole filtering regardless of Wi-Fi spot worldwide.
Besides of that you gain security using (suspicious) public spots since you connect through VPN to your home router which gets the IP addresses from the connected raspberry pi / pi hole's DNS.
Works flawlessly...the only thing you need is to setup a VPN client on the mobile / device....
You need to login to view this posts content.
You are right. I specified what I did at my telemetry post.
That's why I have lesser calls.
I disabled most I could at LTSC setup already.
Anyway health indicator (device performance & health) gets updated anyway and remains green If you do not block login.live.com
MSFT's recommendation to use enhanced level to have it I cannot confirm.
I also have a VPN set up but that interferes with accessing servers at my workplace so when I'm at work I can't easily benefit from a pihole, i know i could make it accesible from the entire internet and set it up for all Network adapters to always be used but that does not sound like the best solution.
I have to keep anything that is related to my workplace and private networks strictly separated since the company where I am working has research data which is confidential. The company has their own security concept. Cannot use pi-hole there, too.
I have realized it for my private stuff only.
My home network consists of a router with VPN server running. There is usually a PC with Kubuntu and LTSC, a TV, a Linux media server and some mobiles which connect via Wi-Fi when I am at home.
Any clients at the home network get the pi-hole (the pi-hole's DNS) internal IP address announced by the router's DHCP.
As soon as I connect from outside to the VPN server via client (on Android I use VpnCilla) it becomes part of the home network and an IP address from there. By that any device which is part of that has to use pi-hole.
I have taken the thread by inserting a new post (OP) of myself starting with a basic summary.
People frequently ask how to simply disable telemetry by on-board means. (GPO)
I have posted how to get some communications silent and how to apply telemetry level 0 = security.
This level is not available by using the privacy settings. Lowest level there is 1 = basic.
Hijacked OP is clearly misleading people into thinking only Enterprise edition supports level 0 = security,
Please rectify that so that people can consider using the better edition of Windows 10, thread-wise: Education.
- has bloat policies applied by default from the get go - bloat does not get downloaded before you have the chance to stop it during setup / no need to do many tweaks and re-apply them when creating new users or doing repair installs / feature upgrades that historically have reverted policies
- policy capabilities are virtually identical with Enterprise edition - you're not missing out on anything
- same end of service as Enterprise i.e. 1 extra year beyond Pro/Home
- is available on both consumer and business ISOs
- has the largest upgrade path choices - can install it over pretty much anything unlike Enterprise that does not properly support upgrading from Home / Core
- is legally available at reduced price / free for most people involved in academics (both students and teachers)
- can opt for domain joining, volume licensing for big universities or small batches / individual retail-like licensing for smaller schools, or even combine both types (for example, class rooms make sense to use domain joining and vl, while principal / secretary can use an isolated, internet-enable edu pc that's more convenient to upgrade)
What's the catch?
- no LTSB/LTSC - overrated and outdated unfixable cancer for potatoes anyway, sooner or later you're gonna want the Store
- some microsoft technology for domains that you will never use (not sure if it still applies)
- is the 2TB RAM even worth mentioning?
Justice for Education!
Thanks for your post. I somehow missed the Education version. I have listed now any version that supports GPO and level 0 (Windows 10 Enterprise (including LTSB/C), Education, IoT and Server editions.)
Well which one to prefer is a personal matter.
We here (I am at work) have Enterprise and LTSC for scientific devices. No Education....
LTSC runs very well on PC's / CPUs which were released before its release.....it's for purists which don't have always the latest hardware. (Qualified and verified HW environment)
But right. I do not want to make people go to LTSC or Enterprise only. Just wanted to point on level 0 and missed education.
P.S.: I did not hijack the thread.
I want to have this thread a sort of alive and I do not want to edit slave's content in my name...
I've used "hijacked" for purely artistic effect
Thank you for taking initiative with this very important Windows 10 thread.
Microsoft keeps being months late in disclosing it's GDPR-compliance instead of publishing everything before new Windows versions are available.
And published solutions are either incomplete, or if applied cripple other aspects of Windows that it should never have been linked with.
Still not a word about the really pesky stuff ( speechruntime / photos / keylogger / hidden feature joggling / cloud experience / gamedvr ).
We definitely need more experimentation to tame this data feeding beast.
I keep monitoring LTSC2019 with level 1.
I had to decide which w10 version I want to monitor and well I decided for LTSC since it fits to my personal needs most.
I would like to monitor more w10 versions, but since I have other devices / OS'es to maintain it would exceed my spare time.
I have to admit even with level 1 LTSC's calls to MSFT's endpoints are manageable by a rather small hosts list. I guess the reason for it is that it has no store and no other online MSFT services additionally.
And when applying the 3 GPO's at first post (level 0) it becomes surprisingly silent.
This might change drastically when using other versions that have got store, cortana, cloud services, MSFT account and more...not to talk about future ideas of MSFT.
Anyway people should not forget that when using those services you have to present something of your private data and to give up some of your privacy.
It, for instance comes along with, that if you ask Cortana something 'they' have to know what it is and by that you unveil your interests and you present how you use it...the very same applies to any cloud services / online accounts.
The color used at OP is not noticeable with dark theme
Thanks for the hint. Have changed back the colours.
I have updated OP to link to your post.
Feel free to post again whenever you have got news.
hi. what is more important things to be disable to be safe and not tracked?