Page 1 of 6 123 ... LastLast
Results 1 to 10 of 60
  1. #1
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default Blocking Windows 10 spying/telemetry.

    After lab analysis for a few days, I believe I have a definitive list of what to block in Web Filter relating to the ridiculous amount of telemetry MS is gathering with Windows 10. We've found that basically Windows 10 is a keylogger in some cases, and even sends camera/microphone data in 40Mb bundles!

    Anyway, enter this into your customer block list, and you are good to go.

    choice.microsoft.com
    choice.microsoft.com.nstac.net
    cs1.wpc.v0cdn.net
    df.telemetry.microsoft.com
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    pre.footprintpredict.com
    redir.metaservices.microsoft.com
    reports.wes.df.telemetry.microsoft.com
    services.wes.df.telemetry.microsoft.com
    settings-sandbox.data.microsoft.com
    sqm.df.telemetry.microsoft.com
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    ssw.live.com
    statsfe1.ws.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    telemetry.appex.bing.net
    telemetry.microsoft.com
    telemetry.urs.microsoft.com
    vortex-sandbox.data.microsoft.com
    vortex-win.data.microsoft.com
    vortex-sandbox.data.microsoft.com
    vortex.data.microsoft.com
    watson.telemetry.microsoft.com
    watson.telemetry.microsoft.com.nsatc.net
    koos likes this.

  2. #2
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,111

    Default

    Were these results with the corresponding 'privacy' settings in win 10 turned off?

  3. #3
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default

    I found that even with privacy settings completely turned off, the telemetry was still being sent!

    Also, even with use of the following tools;

    DoNotSpy10
    O&O ShutUp10
    Spybot Anti-Beacon 10

    Telemetry was STILL being sent in some cases. (although GREATLY reduced) Interestingly, in some cases Telemetry was being sent 'bypassing' VPN/Proxy on windows. So even with you used Peerblock it may not necessarily block it. Also note - MS seems to be 'turning back on' some telemetry. I recommend removal of telemetry activity in "Task Scheduler" and also GPEDIT.MSC of telemetry policies as a precaution. The best solution seems to be URL blocking in UTM/NGFW/Firewall in this case.

    I've called Win10 the greatest spy tool ever released. I really like 10.. But I understand the risk of using it, and have taken measures to mitigate the vast majority of that risk. For the general unaware public, it's going to be a disaster. Also keep in mind, hackers could quite easily exploit all of this outbound telemetry. MITM, etc. Also businesses can peel it apart with their appliances and snoop on it. This won't end well.

  4. #4
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default

    Updated list;

    65.55.108.23
    65.39.117.230
    23.218.212.69
    134.170.30.202
    137.116.81.24
    204.79.197.200
    23.218.212.69
    a-0001.a-msedge.net
    choice.microsoft.com
    choice.microsoft.com.nstac.net
    corpext.msitadfs.glbdns2.microsoft.com
    corp.sts.microsoft.com
    compatexchange.cloudapp.net
    cs1.wpc.v0cdn.net
    diagnostics.support.microsoft.com
    df.telemetry.microsoft.com
    feedback.windows.com
    feedback.search.microsoft.com
    fe2.update.microsoft.com.akadns.net
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    pre.footprintpredict.com
    redir.metaservices.microsoft.com
    reports.wes.df.telemetry.microsoft.com
    services.wes.df.telemetry.microsoft.com
    settings-sandbox.data.microsoft.com
    sls.update.microsoft.com.akadns.net
    sqm.df.telemetry.microsoft.com
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    ssw.live.com
    statsfe1.ws.microsoft.com
    statsfe2.update.microsoft.com.akadns.net
    survey.watson.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    telemetry.appex.bing.net
    telemetry.microsoft.com
    telemetry.urs.microsoft.com
    vortex-sandbox.data.microsoft.com
    vortex-win.data.microsoft.com
    vortex-sandbox.data.microsoft.com
    vortex.data.microsoft.com
    watson.live.com
    watson.microsoft.com
    watson.ppe.telemetry.microsoft.com
    watson.telemetry.microsoft.com
    watson.telemetry.microsoft.com.nsatc.net

  5. #5
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,654

    Default

    I'd love to see these broken up by category. Some of this is okay to block, but as an institutional network with residential students it's not okay for me to block things that might, for example, break the Cortana voice service.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.1.1 to protect 500Mbits for ~400 residential college students and associated staff and faculty

  6. #6
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default

    Quote Originally Posted by jcoehoorn View Post
    I'd love to see these broken up by category. Some of this is okay to block, but as an institutional network with residential students it's not okay for me to block things that might, for example, break the Cortana voice service.
    Good idea. I'd like to do it, but the time to do it would be exhausting.

    However, MS also seems to bundle things in some cases. So if you block telemetry for one thing, there may be 'bits' of Cortana in there as well. For HIPPA and PCI compliancy, looks like many of us are going to have to cone up on this stuff. We can't have this data leaking out at sensitive firms!

  7. #7
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,111

    Default

    From what little I've seen, if you want Cortana to work then you aren't going to keep win10 from exfiltrating anything.
    My biggest concern with win10 is it keylogging and exfiltrating authentication... just user names and passwords for every local and cloud service,...... shrug.
    Reality is I don't have time to deal with Windows 10 data control so it's dead to me except for home users.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,174

    Default

    If you're doing all this have you done the GPO work to disable live logons? Most of this flat doesn't work if you can't merge the domain account with the web.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default

    Quote Originally Posted by fasttech View Post
    From what little I've seen, if you want Cortana to work then you aren't going to keep win10 from exfiltrating anything.
    My biggest concern with win10 is it keylogging and exfiltrating authentication... just user names and passwords for every local and cloud service,...... shrug.
    Reality is I don't have time to deal with Windows 10 data control so it's dead to me except for home users.
    This is a can of worms.. Microsoft is sending out so much data, and it's readily intercepted. Hackers will at some point be able to exploit this. Businesses with appliances set in MITM mode will peel apart the data, even if their employees are home on the company VPN with BYOD - tons of personal telemetry. It's a treasure trove for the NSA. Interestingly, none of this seems to impact live logins so far.

    Still testing of course.

  10. #10
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    946

    Default

    Quote Originally Posted by Mayahana View Post
    For HIPPA and PCI compliancy, looks like many of us are going to have to cone up on this stuff. We can't have this data leaking out at sensitive firms!
    Isn't "very specific" data required to be protected for HIPAA and PCI compliance?
    Just seems doubtful Microsoft's newest Windows would alienate themselves from the finance and healthcare industries...clearly the "general default" install would not be recommended, but this never was the case with earlier version either. No?
    P.S. I again thank the bit gods for Untangle. BAM!
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

Page 1 of 6 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2