Jump to content

Welcome to Obsidian Forum Community
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

Installed Windows 10


  • Please log in to reply
87 replies to this topic

#81
Raithe

Raithe

    Lurking Caped One of the Obsidian Order

  • Members
  • 3310 posts
  • Location:Deepest, Darkest, South of England
  • Pillars of Eternity Silver Backer
  • Kickstarter Backer
  • Deadfire Backer
  • Fig Backer

Hey, if we're going to keep current on this..

 

Forbes - Windows 10 Data Tracking Spying Levels

 


....

Back in November Microsoft confirmed Windows 10’s worst kept secret: its extensive telemetry (or ‘spying’ as it has been labelled) cannot be stopped. What no-one realised until now, however, is just how staggering the extent of this tracking really is…  

 

Blowing the lid on it this week is Voat user CheesusCrust whose extensive investigation found Windows 10 contacts Microsoft to report data thousands of times per day. And the kicker? This happens after choosing a custom Windows 10 installation and disabling all three pages of tracking options which are all enabled by default.

 

The raw numbers come out as follows: in an eight hour period Windows 10 tried to send data back to 51 different Microsoft IP addresses over 5500 times. After 30 hours of use, Windows 10 expanded that data reporting to 113 non-private IP addresses. Being non-private means there is the potential for hackers to intercept this data. I’d argue this is the greatest cost to owning Windows 10. 

...



#82
Bartimaeus

Bartimaeus

    (11) Wizard

  • Members
  • 1754 posts
  • Steam:Ask!
I'm still on Windows 7 until all that stuff is sorted out. :p

#83
ShadySands

ShadySands

    The Guy on the Couch of the Obsidian Order

  • Members
  • 3208 posts
  • Pillars of Eternity Silver Backer
  • Kickstarter Backer
  • Lords of the Eastern Reach Backer
  • Deadfire Silver Backer
  • Fig Backer
  • Black Isle Bastard!

It's a feature™



#84
Elerond

Elerond

    One of the Obsidian Order

  • Members
  • 2649 posts
  • Location:Finland
  • Pillars of Eternity Silver Backer
  • Kickstarter Backer
  • Deadfire Backer
  • Fig Backer

http://www.zdnet.com...ateur-analysts/

 

"First of all, 602 connection attempts were to 192.168.1.255, using UDP port 137. That's the broadcast address where Windows computers on a local network announce their presence and look for other network computers using the NetBIOS Name Service. It's perfectly normal traffic.

 

Another 630 of those connection attempts were Domain Name System lookups to the router itself, 192.168.1.1, using UDP port 53. That address is the router itself.

Why is Windows performing those DNS lookups? One big reason is that's how Windows checks whether you have access to the Internet. If there's a problem with your Internet connection, you get a yellow overlay on the network icon down at the right side of the taskbar.

 

To do that test, Windows first performs a DNS lookup of www.msftncsi.com. It then makes an HTTP request to retrieve the page ncsi.txt from that site. This file is a plain-text file and contains only the text "Microsoft NCSI." (NCSI stands for Network Connection Status Icon.) Finally, it performs a DNS query for dns.msftncsi.com.

 

The whole procedure is extensively documented .

 

DNS queries aren't "spying." Neither are NetBIOS name broadcasts on your local network. So far, that's 22.3 percent of the so-called traffic that's easily accounted for as "not spying," unless you think there's something sinister about a two-word text file that has been downloaded trillions of times from that poor Microsoft server.

Next up is a staggering 1,619 connection attempts using UDP port 3544 to the address 94.245.121.253, which Mr. Crust was unable to identify, along with another five attempts using the same port to other servers.

 

That address does indeed belong to Microsoft. It's a Teredo server, teredo.ipv6.microsoft.com. Teredo is an Internet standard that is used to supply an IPv6 address to a PC that speaks only IPv4, making it easier to perform secure and reliable communication between two endpoints without having to worry about network translation. It's also well documented and doesn't involve any exchange of information other than IP addresses.

 

In short, Windows keeps trying to make a simple connection using its IPv6 capabilities, but the router keeps dropping those connection attempts. So it keeps trying again and again.

That's another 1,624 entries we can add to the "not spying" list. So far, by my tally, more than 52 percent of the connection attempts are completely harmless and involve no data collection at all.

 

Another three connection attempts are using port 123. That's the Network Time Protocol, which devices use to retrieve the current time from authoritative servers on the Internet. Setting the clock on your computer is not "spying."

 

Mr. Crust's list has another 549 connection attempts on port 80, which is plain old HTTP. Windows doesn't have a web server installed by default, so those are all incoming connections, with Windows trying to retrieve data from Microsoft's servers. They're not sending it the other direction.

 

Many of the addresses on the list belong to content delivery networks (CDNs) like Akamai Technologies and CloudFlare. Some of those downloads are possibly trying to refresh live tiles in the provisioned MSN apps (News, Sports, Weather, Money, and so on). There are perhaps some updates to the Windows Store in there too.

 

We might know more if Mr. Crust had allowed his machine to complete some of those connections so he could perform some actual traffic analysis. But he didn't, so we can't.

We can, however, safely conclude that none of those connections would involve any "spying."

 

Which leaves us with 2,100 connection attempts in eight hours over port 443. Those are secure (HTTPS) connections designed to exchange data so that it can't be intercepted in transit.

 

We have no idea how many secure connections that machine would have made in eight hours had Mr. Crust actually allowed them to complete. The number would almost certainly have been smaller, perhaps by an order of magnitude or even two.

 

And of course, those connections are not all about telemetry.

 

The most important one is the Software Licensing Service, which checks the state of Windows activation periodically. By dropping those connections, Mr. Crust is not allowing those activation and validation checks to complete. Windows gets very cranky when that happens, which could explain why there were more than 1,700 connection attempts to a handful of addresses in a single range of IP addresses managed by Microsoft.

 

Other content that gets delivered securely over port 443 includes Windows updates, Windows Defender updates, and updates from the Windows Store for apps that are provisioned on every Windows 10 machine. Windows 10 attempts to contact OneDrive, also securely, to see if there are any saved settings for the current user. There are lists of known malicious websites that get delivered to the SmartScreen service in a hashed and encrypted format.

 

And yes, there is certainly some telemetry data in there. We have no idea whether Mr. Crust changed the default Diagnostic and Usage settings to Basic. If he had, there would probably be a single ping to Microsoft's servers when the machine starts up, which would disclose what that setting was, whether Windows Defender was up to date, and whether his installation had experienced any failures in software or driver installation.

 

If he had kept the Enhanced or Full settings, Windows would periodically deliver a batch of anonymized usage data to Microsoft. (Of course, since he wasn't actually using the machine, there would be no data to exchange.) But we don't know, because Mr. Crust didn't actually do any traffic analysis."

 

 

Windows 10 sends questionable information to MS, which is mainly used to create marketing profile for user, but Forbes' article is just plainly wrongly and write somebody that don't seem to know what they are talking about, and in my opinion it does more damage than good as it is so easy to show that it is just hogwash.


  • Raithe likes this

#85
teknoman2

teknoman2

    (9) Sorcerer

  • Members
  • 1367 posts
  • Pillars of Eternity Backer
  • Kickstarter Backer
  • Deadfire Backer
  • Fig Backer

 

Hey, if we're going to keep current on this..

 

Forbes - Windows 10 Data Tracking Spying Levels

 

 


....

Back in November Microsoft confirmed Windows 10’s worst kept secret: its extensive telemetry (or ‘spying’ as it has been labelled) cannot be stopped. What no-one realised until now, however, is just how staggering the extent of this tracking really is…  

 

Blowing the lid on it this week is Voat user CheesusCrust whose extensive investigation found Windows 10 contacts Microsoft to report data thousands of times per day. And the kicker? This happens after choosing a custom Windows 10 installation and disabling all three pages of tracking options which are all enabled by default.

 

The raw numbers come out as follows: in an eight hour period Windows 10 tried to send data back to 51 different Microsoft IP addresses over 5500 times. After 30 hours of use, Windows 10 expanded that data reporting to 113 non-private IP addresses. Being non-private means there is the potential for hackers to intercept this data. I’d argue this is the greatest cost to owning Windows 10. 

...

 

 

you can disable that stuff but you have to dig really deep in the registry and other places that the average user doesn't even know exist

you even need to modify system files

 

i tried a trick. i installed and activated windows 10 in my brother's pc (he had genuine win 7 unlike me) and then moved the SSD to my pc... it seemed to work at first but a few hours later i got a message saying "this copy of windows is not genuine" would have been funny if it actually worked


Edited by teknoman2, 09 March 2016 - 10:02 AM.


#86
Gfted1

Gfted1

    Forum Moderator

  • Moderators
  • 5838 posts
  • Location:Chicago, IL
  • Pillars of Eternity Backer
  • Kickstarter Backer

i tried a trick. i installed and activated windows 10 in my brother's pc (he had genuine win 7 unlike me) and then moved the SSD to my pc... it seemed to work at first but a few hours later i got a message saying "this copy of windows is not genuine" would have been funny if it actually worked


Funny enough, I had a similar issue that Win10 fixed. One day my HD started making a "grinding" noise so I bought a new one and mirror copied the old one onto the new one. As soon as I installed it into my PC I got the same "this copy of windows is not genuine" along with a thoughtful link to MS website to buy it. I couldn't even use the Windows Update feature because it thought I was running a bum copy of Windows. I had resigned myself to dealing with that annoying popup every few hours until on day I was using Chrome and noticed a little download window at the bottom asking if I wanted to download and install Win10. I gave it a try, it worked like a charm and everything has been great since.

#87
Sarex

Sarex

    (12) Mage

  • Members
  • 1895 posts
Funny enough, I had a similar issue that Win10 fixed. One day my HD started making a "grinding" noise so I bought a new one and mirror copied the old one onto the new one. As soon as I installed it into my PC I got the same "this copy of windows is not genuine" along with a thoughtful link to MS website to buy it. I couldn't even use the Windows Update feature because it thought I was running a bum copy of Windows. I had resigned myself to dealing with that annoying popup every few hours until on day I was using Chrome and noticed a little download window at the bottom asking if I wanted to download and install Win10. I gave it a try, it worked like a charm and everything has been great since.

 

I think they tied the key to the motherboard now, probably the MAC address.



#88
teknoman2

teknoman2

    (9) Sorcerer

  • Members
  • 1367 posts
  • Pillars of Eternity Backer
  • Kickstarter Backer
  • Deadfire Backer
  • Fig Backer

 

Funny enough, I had a similar issue that Win10 fixed. One day my HD started making a "grinding" noise so I bought a new one and mirror copied the old one onto the new one. As soon as I installed it into my PC I got the same "this copy of windows is not genuine" along with a thoughtful link to MS website to buy it. I couldn't even use the Windows Update feature because it thought I was running a bum copy of Windows. I had resigned myself to dealing with that annoying popup every few hours until on day I was using Chrome and noticed a little download window at the bottom asking if I wanted to download and install Win10. I gave it a try, it worked like a charm and everything has been great since.

 

I think they tied the key to the motherboard now, probably the MAC address.

 

yes, that's how it works. if you have an OEM key and you change mo-bo you're done, with a retail key their customer service can unbind it from the previous mo-bo so you can use it in the new.

well i found a genuine win10 OEM key for 20 euro so i dont really have to deal with that stuff anymore. worst case scenario: in a few years when i will get a new mo-bo i will get a new key for another 20 (40 for 2 OEM keys beats 200 for a retail key)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users