Windows 10 sends your PC data 5500 times to Microsoft and Non-Private IPs

[dfsdfgfkjsefoiqzemnd]

6 hours ago, SynicalFox said:

Google continuously tracks you on the internet and uses that information to present you with ads relating to your interests and they use your data to bring up information that pertains to something you search up often

Only if you're lazy or stupid enough to let them.  Cutting Google completely out of your PC and life is real easy.

[Nowak]

1 minute ago, Captain Chaos said:

Only if you're lazy or stupid enough to let them.  Cutting Google completely out of your PC and life is real easy.

Google Analytics is everywhere. Also, majority of ad networks are Google-owned.

[dfsdfgfkjsefoiqzemnd]

1 minute ago, Daring said:

Google Analytics is everywhere. Also, majority of ad networks are Google-owned.

Ghostery takes care of both analytics and ads.

 

[Nowak]

Just now, Captain Chaos said:

Ghostery takes care of both analytics and ads.

 

Okay, you win.

[LokiFire]

It is said that there are many paedophile's among us.

 

I still do not get what you all care about unless you NEED to hide your activity. 

[Ex14]

Once Again for those  of you who didn;t read/only read last pages

IT HAS BEEN DEBUNKED. <- Proper ZDNet Article explaining why it's just FUD or at least this whole debacle

[zMeul]

3 hours ago, Ex14 said:

 Proper ZDNet Article explaining why it's just FUD or at least this whole debacle

except ZDNet is a lapdog for MS: http://techrights.org/2013/05/14/zdnet-msft-staff/

 

---

"propper" you say?

from ZDNet:

Quote

Mr. Crust's list has another 549 connection attempts on port 80, which is plain old HTTP. Windows doesn't have a web server installed by default, so those are all incoming connections, with Windows trying to retrieve data from Microsoft's servers. They're not sending it the other direction.

except the fact that you don't need a HTTP server to send/receive data through port 80

[vanished]

6 minutes ago, zMeul said:

except ZDNet is a lapdog for MS: http://techrights.org/2013/05/14/zdnet-msft-staff/

 

---

"propper" you say?

from ZDNet:

except the fact that you don't need a HTTP server to send data through port 80

oh no, do I sense an impending debunk of the debunk?  This is getting 3crazy5me

[FunkyFeatures]

I wonder if this forum has a :popcorn: emote

aww no. It doesn't... Well: Now you know that this thread is pure popcorn with a tad bit of salt... misinformation is thrown everywhere noone knows what to believe

[suicidalfranco]

31 minutes ago, FunkyFeatures said:

I wonder if this forum has a :popcorn: emote

aww no. It doesn't... Well: Now you know that this thread is pure popcorn with a tad bit of salt... misinformation is thrown everywhere noone knows what to believe

just keep this around when you need popcorn

[FunkyFeatures]

8 minutes ago, suicidalfranco said:

just keep this around when you need popcorn

-snip-

Ty!

[Tieox]

I am curious, those of us whom are privacy advocates and are gamers, what is your OS configuration and browser setup?

 

My curiosity is to what lengths you've gone too in order to give yourself comfort within a Windows desktop environment for gaming.

 

 

[stconquest]

10 minutes ago, Kierax said:

I am curious, those of us whom are privacy advocates and are gamers, what is your OS configuration and browser setup?

 

My curiosity is to what lengths you've gone too in order to give yourself comfort within a Windows desktop environment for gaming.

 

 

Windows firewall... uhmm, that's it.  Oh, and a password on my wireless signal.  I am quite comfortable with my Windows environment.   

 

I believe I am the only one that went full tin foil suit.  

 

MS taking your data while you use their software is not something you have total say over, not much say at all actually.  Bending over and advocating that it can never be considered something to investigate is a place I can never go.  I want to know.

[suicidalfranco]

4 hours ago, Kierax said:

I am curious, those of us whom are privacy advocates and are gamers, what is your OS configuration and browser setup?

 

My curiosity is to what lengths you've gone too in order to give yourself comfort within a Windows desktop environment for gaming.

 

 

Linux (Fedora specifically) as the main OS for everyday stuff, Windows on a VM just for gaming. Every IP used by MS for "telemetry" are blacklisted on the Linux host cause Windows' host file can't be trusted any more.

As for browser i use Firefox with ABP, Noscript, Ghostery (all three of them are well known and self explanatory) and Session Manager (add-on that allows me to save/backup my current session on a local file that i can then share with my other PCs and VMs and pick up from where i left).

[dfsdfgfkjsefoiqzemnd]

6 hours ago, Kierax said:

My curiosity is to what lengths you've gone too in order to give yourself comfort within a Windows desktop environment for gaming.

 

- internal disk 1 and 2 (RAIDed) : Windows 7 install (with carefully selected manual updates) for those games that won't run in Linux (GTA5 and Assetto Corsa in my case)

- internal disk 3 : Windows 7 install (with carefully selected manual updates) for specific tasks at work (proprietary software and hardware keeps me on Windows there, the rest of my work is done in Linux)

- internal disk 4 : Linux for everything I normally do

- hot swap : Windows Vista install (with carefully selected manual updates) for those 2 times in 10 years that I'll need to actually use Windows for something personal.

 

 

Ideally I'd put the Windows installs in a VM under Linux, but my poor old CPU (i5-2500) just wouldn't be able to handle games that way.  I'm on the verge of upgrading though, just need to figure out the best solution in terms of graphics cards. 

 

Each Windows install has a Linux VM in case I need to browse or look something up real quick.

As for browser setup : Firefox with Ghostery and HTTPS Everywhere.  No flash, not accepting 3rd party cookies, clearing all cookies and history on exit, java only on the work install.  Furthermore, on the Windows installs I have CCleaner doing a full sweep on startup.

 

-----

 

How often Crusty's Win10 install tried to contact MS servers isn't that important.  Of course it's going to try time and time again if it fails despite knowing it has a network connection. 

 

My main question is : What data would the OS have sent out if it had actually managed to make said contact? 

Just because the initial "hey, I'm install #1234 and run on a PC that consists of parts A, B, C and D" handshake may be fairly innocent, doesn't mean that it can't send out more sensitive data once it knows it has a connection to the MS servers.

Unfortunately this question still hasn't been answered, probably because the data is encrypted.  (technet says it is indeed encrypted). 

 

That brings me on to another point.  Why bother encrypting the data when it's so innocent and non-identifiable?  Because they care about our privacy?  If you believe that, I have a bridge to sell you.  If the data is indeed non-identifiable, there is no need for encryption. 

 

 

IMO Barnacules is the main authority on Windows.  I'll wait for his investigation into this (he said he wanted to do an in-depth video on this subject), and at that point I'll form my final opinion, knowing that we have enough data rather than just MS' promises that it's all okay.

In the meantime all the vague and secretive stuff (wanting to stop publishing KB articles, coincidentally shortly after people started using those to weed out the telemetry- and upgrade-related ones, refusing to disclose what exactly is in this so-called "telemetry" data, etc etc) means that as far as I'm concerned MS is guilty until proven innocent. 

I wish I could treat them as "innocent until proven guilty", but innocent people don't do stuff in secret and certainly don't stay quiet when they have the ability to prove their innocence.

[LAwLz]

16 hours ago, Ex14 said:

Once Again for those  of you who didn;t read/only read last pages

IT HAS BEEN DEBUNKED. <- Proper ZDNet Article explaining why it's just FUD or at least this whole debacle

There are a lot of legitimate things said in that article, such as NTP not being spying. But there are lots of stupid shit as well, like "Windows doesn't have a web server installed by default, so these are all incoming connections". He didn't even tell us if it was the source or destination port. When I made this post my source port was a random number, and the destination port was 80. I don't run a web server on my computer, but it still tries to connect to port 80 when I browse a website (actually it uses port 443 but you get the point).

Ed is quite frankly an idiot. He is a hardcore Microsoft fanboy who has basically dedicated his entire career to defending Microsoft (just look at the articles he has written).

If you see an article written by him, take it with a grain of salt. He is probably keeping some info from you.

[Tieox]

It's quite interesting to see the lengths some have gone to ensure their comfort online.  My Windows 10 Home install has O&O's ShutupWindows10 on all recommended, and limited recommended, 

 

https://www.oo-software.com/en/shutup10

 

I also only use a local account, and while I use Chrome as preference over Firefox, I run ABP and Ghostery.

 

For most of my daily tasks I use my Mac Mini the PC is basically a gaming/forum machine.

[Mikensan]

Shouldn't be too hard to setup a MITM proxy to handle SSL/TLS connections and get some packet captures. Backtrack / Kali makes this very easy if you don't have an internet gateway / firewall / UTM that would do this for you. Out of boredom and curiosity I might do this tonight.

 

My opinion on information gathering and why it's best to protect yourself even if you've done nothing you THINK is illegal. (Download movies through TOR and think you're safe? Not really hard to ID somebody behind TOR if they use their daily computer to download movies. Thumb-printing data is not new)

Spoiler

To those that keep going on about the information being "non-identifiable" is a little short sighted. Granted a fresh install - all information gathered and reported will be mostly the same. However after you've "settled in" you've now created a thumbprint by the software you have installed and combination of hardware. Criminal investigators can also use the traffic that leaves your network to create a "thumbprint" and look for similar behavior out of other IP addresses to identify TOR users. That is why using a bootable thumb drive or isolated environment to use TOR is recommended. (Some might want to speak out about the horrors in their country anonymously)

 

I too somewhat believe in transparency if you're doing everything legally - however data can be interpreted and manipulated to make you guilty. Imagine you do something unknowlingly illegal due to some weird ass law within your state or country - they can take what you thought was innocent and use it against you. It isn't about being paranoid so much as it is protecting yourself. If you get arrested by the police and you're innocent, do you start running your mouth or shut up and wait for a lawyer? 

 

 

[dragosudeki]

51 minutes ago, Captain Chaos said:

That brings me on to another point.  Why bother encrypting the data when it's so innocent and non-identifiable?  Because they care about our privacy?  If you believe that, I have a bridge to sell you.  If the data is indeed non-identifiable, there is no need for encryption. 

 

I wish I could treat them as "innocent until proven guilty", but innocent people don't do stuff in secret and certainly don't stay quiet when they have the ability to prove their innocence.

I agree with a lot of your points, but disagree with specific ones.

All data connections should be encrypted in my opinion. regardless of whatever data is supplied. I'm starting to wonder if your truly an advocate of complete privacy when you tell them to leave it unencrypted. 

I also have to disagree with your "innocent until proven guilty" reasoning. Your reasoning pretty much also claims that people who want to keep their privacy are also suspicious, since you are technically now doing stuff in secret. Also, just because they are quiet doesn't make them more/less innocent. Acting slowly is sometimes the best way to ensure you are not misinterpreted. Pretty sure they'll do something eventually...

[Trixanity]

Regarding the whole port 80 and web server business. The author of the ZDnet article was pretty bad at explaining that. What I assume he means is that there would be no incoming traffic on port 80 unless you're running a web server. It's reserved for http traffic, hence the talk about server hosting. 

 

So what that means is that Windows is sending http traffic to a server. 

 

What's weird is that some traffic uses http, while other traffic uses https: meaning it's secure. I thought we had come to an agreement that all traffic should be secure by now hence https is the standard so it's odd that Microsoft would utilize http for some data, regardless of the content. So I'd prefer if it was all https instead of http whereas it seems some want it to be all http for some inexplicable reason. 

 

I haven't looked at the source data but it seems like at least the majority is harmless traffic with some of it being somewhat questionable as to its purpose. 

[samcool55]

I'm happy on W7, and i use glasswire to kick every program i don't like in the nuts so it stops sending stuff i don't want.

 

 

[LAwLz]

2 hours ago, Trixanity said:

What's weird is that some traffic uses http, while other traffic uses https: meaning it's secure. I thought we had come to an agreement that all traffic should be secure by now hence https is the standard so it's odd that Microsoft would utilize http for some data, regardless of the content. So I'd prefer if it was all https instead of http whereas it seems some want it to be all http for some inexplicable reason. 

I haven't looked through the data, and I probably won't since I got better things to do, but I am going to assume that all the private information such as the telemetry data is sent over HTTPS, and stuff like checking if you got Internet access is sent over unencrypted connections. You want as few points of failures as possible for some things.

[Ex14]

4 hours ago, LAwLz said:

There are a lot of legitimate things said in that article, such as NTP not being spying. But there are lots of stupid shit as well, like "Windows doesn't have a web server installed by default, so these are all incoming connections". He didn't even tell us if it was the source or destination port. When I made this post my source port was a random number, and the destination port was 80. I don't run a web server on my computer, but it still tries to connect to port 80 when I browse a website (actually it uses port 443 but you get the point).

Ed is quite frankly an idiot. He is a hardcore Microsoft fanboy who has basically dedicated his entire career to defending Microsoft (just look at the articles he has written).

If you see an article written by him, take it with a grain of salt. He is probably keeping some info from you.

 

17 hours ago, zMeul said:

except ZDNet is a lapdog for MS: http://techrights.org/2013/05/14/zdnet-msft-staff/

 

---

"propper" you say?

from ZDNet:

except the fact that you don't need a HTTP server to send/receive data through port 80

Say what you want, but lets not kid ourselves too much with our tinfoil hat conspiracies.

You can call the ZDNet biased or what not but it doesn;t help the fact CheesusCrust removed his post. Talk about a lack of confidence in your own "findings".

[zMeul]

Just now, Ex14 said:

You can call the ZDNet biased or what not but it doesn;t help the fact CheesusCrust removed his post. Talk about a lack of confidence in your own "findings".

by himself or by the mods?

 

as for the conspiracy, there isn't one! MS already admitted they are collecting data

[Ex14]

21 minutes ago, zMeul said:

by himself or by the mods?

 

as for the conspiracy, there isn't one! MS already admitted they are collecting data

who knows? 
 

They are collecting data, but what data exactly is unknown.

I just cant stand the extreme tinfoil hat theories/negativism surrounding MS.

It's not beneficial to us in the long run.