I too noticed a lot of data being sent from my computer in the disguised form of 'Error Reporting', every day it's uploading more than 10-12 MB(in a single instance), to the ips that start with 65.5x range, I observed this for three days. And that's a lot of log data, which I don't know what is it in as visually, I don't see any errors, although I do see some errors regarding metro apps(mostly bing news & finance apps) in event viewer. I'm fine with error logging & reporting(which I never turned off), which may help MS in bringing a better OS, but I'm not comfortable in logging & retrieving the logs about everything and anything I do(although I don't do any illegal activities but I still need my privacy). I never had or observed this in preview builds of previous MS OSs. In my event viewer, I also see these messages about some logging which I don't much about what it is logging: Code: The maximum file size for session "AutoLogger-Diagtrack-Listener" has been reached. As a result, events might be lost (not logged) to file "C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl". The maximum files size is currently set to 33554432 bytes.
Yes, this seems to be what they're doing. They're building a bunch of logs and perhaps some string data, bundling them up in a data package, and shipping it off to the vortex. Even blocking stuff with the hosts file could potentially cause problems with logs and data building up if given enough time. Luckily, that's not an option since it's time-bombed.
Actually I started doing the research on this to look into it. I was seeing issues with the way logging occurred with the Windows Error Reporting service. At this time I highly recommend disabling Windows Error Reporting. I don't wanna go into the specifics.
That's exactly what I've done some three days back(after observing for three days continuously that around 10-12 MB of data is being sent to MS servers in a single instance, so it could be sending more data some other time as well). And since I stopped error reporting service(for the last three days) I didn't have any scenarios like I explained above when it comes to data being sent to MS serves. Although, some data may still be sent to MS servers in small amounts(while I'm working), but I don't bother about it. I'll leave a feedback to MS on this mentioning this. I don't know about others, but I also see lot of disk writes/reads continuously with Windows 10TP, when I see what program/service continuously reading/writing data from & to disks, I see 'system' services accessing various log files at various places in system drive. This disk reads/writes happens continuously even when I'm not doing anything, so is the CPU usage which almost all the time stays anywhere between 10-25% of it's total CPU capacity(again by 'system' services). My usage scenario is exactly what it used to be when I had Windows 8/8.1(couple of browsers with 5-6 tabs each, occasional documents), but never had this type of hdd/cpu usage. Hopefully, MS fixes this unnecessary hdd/cpu usage in the next build.
I'll be honest the Telemetry stuff doesn't concern me all that much. Those are mostly event logs concerning the computer when stuff crashes. However the Application Data is more alarming along with the use of the Windows Error Reporting Service logs is concerning. We can counter the even logs by running this command in power shell: wevtutil el | Foreach-Object {wevtutil cl "$_"} However we need to see how fast the logs are being made.
Heck, I don't even care if they want to check what applications I use, as I said earlier, I'm more than OK if MS wants to collect some data to make a better OS(which is the whole point of Technical Preview). But after seeing that much data sent to MS servers just in a single instance, made me to think about it. Especially in my case, it's not that I have huge bunch of softwares installed on my system so the amount of data being sent to MS servers can be justified (presuming they are collecting data of all applications). And to be specific, I've two browsers (google chrome, slimjet), MS Office 2013, Notepad ++ & Skype for desktop installed on my system other than the default software that comes with Windows 10TP installation. And one more thing is that I didn't face even a single error with any application(either metro or non-metro) that I used so far. This Windows TP is as stable as Win 8.1. That's why I was more skeptic about it. Any way, as I mentioned earlier, since stopping error reporting service, I didn't have any instances where data is being sent to MS servers in unusual amount. I'm more than happy with Windows TP 10, except for the continuous high disk/cpu usage by system services, I hope that will be fixed in the next build, otherwise I always have the option to go back to Windows 8.1. I would say most of us are more 'curious'(about what it is being collected) than 'concerned' about all this data collection of Microsoft.
i'm just posting what everyone else is thinking (or at least should be thinking) that has read this thread: M$ was surely already funneling data to the NSA with previous OS releases... now they're going to be doing it blatantly. i'm glad someone posted this, but this should be a clear warning to everyone not to use Windows 10 now or in the future. we are living in a horrible age for the PC and user data and this proves it even more.
What's more important is to figure out what data is being transferred over the encrypted line to MS application Data wise. I can pull out a few tools to see whats going on... on a packet basis before the encryption takes place. At this point with the wireshark data there a encryption handshake that takes place between the host and the server. We need to find the data then trace it to the local source. We can start by looking into Packet Sniffing. @stayboogy: It's more important to figure out what so we can figure out why. Now lets see what tools I need. I'm gonna say Wireshark, ZenMap, and some reversers.
is it stored as an encrypted dataset? Because, if they only encrypt it just before sending it, it would be pretty easy to hex edit and simply look at the contents for strings and text formats. We already know it's including those event logs, but when it decides to encrypt stuff is the question.
I just tried to point out that M$ is not such a bad company. If someone is really heavily concerned about what M$ or others are collecting, then it's maybe better for them to have a sep. PC with a special setup or certain tweaks or just to stay off the Internet in general. But still thanks for sharing your findings and recommendations.