I've read all the threads pertaining to Windows 10 on MDL and have not seen a specific reference to a keylogger. Perhaps I missed it. I'm sure this will be news to some people. Those who said they were using this as their primary OS probably haven't seen this or given it a lot of thought. I'll continue testing it, but will set Windows Firewall to block all outbound traffic.
Over-paranoid. The legal agreement to me sounds like it's describing the touch keyboard, you know "autocorrect" - it has to know what you are typing before it can suggest something else.
That service would only be useful on a device with cellular radio. Not likely many of those would be servers.
I just managed to disable the dmwappushsvc service. Just open the registry and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmwappushsvc There you just have to look for the "Start" entry. Double click it and change the value to "4". This will disable the dmwappushsvc service after a restart.
It's just something people aren't used to. People aren't used to anybody capturing their keystrokes in any fashion. We've all been told how bad keylogging is since they became a thing. I honestly don't think this is the same thing. I'm pretty sure that they're just having an addon for Internet Explorer to copy the data you input into text fields where auto-fill would normally work. Yes, this is a huge issue if you're doing banking or any other sorts of things on IE, but as long as the "keylogging" program is not running, it wouldn't do anything. I'm pretty sure that if you use chrome or firefox, this is a non-issue.
not sure what the encryption is. Wild guess, something like blowfish and that has yet to be broken (afaik). I would also assume its better encryption than the esd's since this is data coming from users, not just an esd. anyway, a lot of assumptions in this post lol
Actually no longer assumptions as that is the wireshark report that notes all the communication that goes over the eth0. Now we just need to see what exactly is being sent. In other words sift through it. This is what we know right now: 111 74.737974000 192.168.138.140 65.55.108.23 TLSv1.2 4219 Application Data 23 19.158727000 192.168.138.140 192.168.138.2 DNS 85 Standard query 0x818b A statsfe2.ws.microsoft.com 84 73.855487000 192.168.138.140 192.168.138.2 DNS 85 Standard query 0xb40e A vortex.data.microsoft.com We can close the Application reporting using host blocking. Normally you don't have to do this for an operating system as its kinda used with software cracking. In other words block IP of 65.55.108.23 to disable Application Data reporting.
to add to your collection Code: 131.253.34.30 - settings-sandbox.data.microsoft.com 131.253.34.23 - vortex-sandbox.data.microsoft.com This seems to have something going with Metro Apps, at least in part. Code: vortex.data.microsoft.com/collect/v1
