= = => CLICK HERE FOR OUR WEEKLY STEAM GAME GIVEAWAYS < = = =

Windows 10 is CANCER. Do not use it or you WILL regret it later.

SAY NO to automated censorship bans: BOYCOTT Ubisoft's Rainbow Six Siege. If you own the game, write a negative review about it.

A Traffic Analysis Of Windows 10

ET and Rust configuration guides, tips, bugs, etc., plus hardware, software, gaming and technology related subjects in general.
User avatar
Pedro-NF
Site Admin
Posts: 3253
Joined: 03 Nov 2010, 19:59
Location: Brazil
Contact:

A Traffic Analysis Of Windows 10

#1

Post by Pedro-NF » 16 Aug 2015, 14:50

Image

A Traffic Analysis Of Windows 10

A Czech guy did a traffic analysis of data produced by Windows 10, and released his findings the other day. His primary thesis was that Windows 10 acts more like a terminal than an operating system - because of the extent of the "cloud" integration, a large portion of the OS functions are almost dependent on remote (Microsoft's) servers. The amount of collected information, even with strict privacy settings, is quite alarming.

Information transmitted

All text typed on the keyboard is stored in temporary files, and sent (once per 30 mins) to:
oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
reports.wes.df.telemetry.microsoft.com
The implications of this are significant: because this is an OS-level keylogger, all the data you're trying to transmit securely is now sitting on some MS server. This includes passwords and encrypted chats. This also includes the on-screen keyboard, so there is no way to authenticate to a website without MS also getting your password.

Telemetry is sent once per 5 minutes, to:
vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
You might think that "telemetry" has to do with OS usage or similar... turns out it's telemetry about the user. For example, typing a phone number anywhere into the Edge browser transmits it to the servers above. In another example, typing the name of any popular movie into your local file search starts a telemetry process that indexes all media files on your computer and transmits them to:
df.telemetry.microsoft.com
reports.wes.df.telemetry.microsoft.com
cs1.wpc.v0cdn.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com
When a webcam is first enabled, ~35mb of data gets immediately transmitted to:
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
Everything that is said into an enabled microphone is immediately transmitted to:
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.urs.microsoft.com
cs1.wpc.v0cdn.net
statsfe1.ws.microsoft.com
If this weren't bad enough, this behaviour still occurs after Cortana is fully disabled/uninstalled. It's speculated that the purpose of this function to build up a massive voice database, then tie those voices to identities, and eventually be able to identify anyone simply by picking up their voice, whether it be a microphone in a public place or a wiretap on a payphone.

Interestingly, if Cortana is enabled, the voice is first transcribed to text, then the transcription is sent to:
pre.footprintpredict.com
reports.wes.df.telemetry.microsoft.com
df.telemetry.microsoft.com
If Windows is left unattended for ~15 mins, a large volume of traffic starts being transmitted to various servers. This may be the raw audio data, rather than just samples.

Other concerns

While the inital reflex may be to block all of the above servers via HOSTS, it turns out this won't work: Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being transmitted.


How to completely avoid upgrading to Windows 10... forever

Spybot Anti-Beacon for Windows


Image
Image

https://www.fightdogmeat.com
http://www.turnmeup.org
http://www.bitcoinpaypal.info

Twitter: @pedro_corbett

"Was he crazy!"
"Yeah, in a very special way. An Irishman."

(Once Upon A Time In The West, 1968)

Who is online

Users browsing this forum: No registered users and 1 guest