Slashdot Mirror
How Windows 7 Knows About Your Internet Connection
An anonymous reader writes "In Windows 7, any time you connect to a network, Windows tells you if you have full internet access or just a local network connection. It also knows if a WiFi access point requires in-browser authentication. How? It turns out, a service automatically requests a file from a Microsoft website every time you connect to any network, and the result of this attempt tells it whether the connection is successful. This feature is useful, but some may have privacy concerns with sending their IP address to Microsoft (which the site logs, according to documentation) every single time they connect to the internet. As it turns out, not only can you disable the service, you can even tell it to check your own server instead."
Interestingly I just noted about this on slashdot a week ago when someone was thinking why Windows was connecting to a Microsoft ip address. It only makes good sense to test that the network connection really is working, but also shows that Microsoft isn't there to violate your privacy like Google. You can easily turn it off or even change what url it requests. If you value your privacy, it's better to pay for your software instead of selling your privacy to marketers in return, like with Chrome OS.
It is possible to disable NCSI by a registry setting if you don’t want Microsoft to be able to check your internet connection.
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
* Under the Internet key, double-click EnableActiveProbing, and then in Value data, type: 0.The default for this value is 1. Setting the value to 0 prevents NCSI from connecting to a site on the Internet during checks for connectivity.
Yet another interesting obscure registry key to target for spyware-malware... the registry database is source of all evil on Windows since his creation....
It's even worse on iPad ::
Even with push notification/email/find my ipad feature turned off, it still try to connect to any known WIFI network or 3G network behind your back. (Ever wonder why you always get your wifi connection instantly right after waking it up?) You can't disable it unless you put it on an airplane mode.
Microsoft is still a bit better than Apple here. With Microsoft you can change the ping URL, the same can't be said for iPad.
iPad is the ultimate spyware.
- open task manager
- goto processes
- kill any programs that I don't need (like Compaq Assistant, Adobe Launcher, etc)
- kill any services I don't need
- make explorer High priority
It frees RAM and makes the computer run faster (less hard drive swapping). Hopefully this internet "IP recorder" service is one of those things I kill off. Although now that I know how to do it permanently, I'll do that instead.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
I had wondered why each time I connect to my wireless network with my Windows machine the interactive firewall tells me svchost.exe is trying to connect to a Microsoft IP and why the icon shows limited connectivity until I load a web page (although I apparently didn't wonder enough to go find out--I just deny the requests or let them expire). Looks like I'll be making some registry changes.
... does the same thing ... it shows what type of connection you have AND will show *local only* when your connection drops or if you have full internet access ...
therefore i wouldn't be surprised to see/hear/find out that it sends that vista sends that same info to ms ...
my 2 cents
http://discussions.apple.com/thread.jspa?messageID=9752344&tstart=0#9752344
http://www.apple.com/library/test/success.html
those who have privacy concerns for this , no doubt happily use an iphone all day long....
On my N900 I made a similar shellscript that outputs to a desktop widget. It tries to fetch Google.com using the domain name and via a static IP, and based on that it can tell me if the connection's totally dead, uses a captive portal, has bad DNS, or if it's a good working connection. Very handy for mooching off unsecured and public wifi. I just click a widget and know all about the connection I'm on.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Insert linux install disk.
If you do not trust Microsoft stop using their software or stop complaining. Privacy concerns are nothing compared to proprietary software that can be executed on your machine whenever Microsoft wants.
Seriously, I know it's hip to hate MS, but why pretend that this is spyware? It's a very nice feature. Whenever I'm traveling and trying to connect to my company VPN from a hotel or airport or restaurant or whatever, it lets me know immediately if I need to open my browser to do so. Back in the XP days, I would just spend a few minutes wondering if I mistyped the WPA key before figuring it out.
It's not like there's any personal info being transmitted. All they know is that a computer running W7 has connected to the internet with a given IP address. Not exactly the most useful information. The logs are probably only kept to help them debug the service.
You laugh at people who get tricked by those "Your computer may be broadcasting an IP address!" malware banners. Why complain about this?
privacy concerns? they know your IP from windows update!
Shush! Don't inject logic into the discussion - let the zealots show the world how paranoia and hate infects the Linux world. After a while you realize why ordinary people don't want to use Linux if there's a risk of becoming one of these losers.
I'm all for privacy, but what is the concern with this feature? Nobody has said that it includes any identifying information in the request, so the only thing Microsoft knows is that someone behind that IP is running Windows. They can't track you (there's no way of knowing that a request the next day from a different location is from the same copy of Windows) and there's no way to map a request to a particular person or computer, so I'm struggling to think of any way the data could be used maliciously.
> This shouldn't be surprising, or particularly important.
Agreed. There is a general antipathy towards MSFT here, but this is a fairly innocuous and important thing for almost everyone. The very few people who have serious concerns about it also can use very restrictive firewalls or change a setting. No big deal.
Also, after the article referenced in this story yesterday, Microsoft could be reading my credit card and bank statements and taking daily webcam photos through my machine, and they still would not even 1% creepy, comparatively.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
Doesn't Vista have this same feature?
call me FOSS im the boss with the sauce and the source
Don't Firefox and Thunderbird also call home every time they start up - or at least the log-file equivalent - when they check for updates?
Oh please! I can make that into a little .reg file and go "See this thing? Go clicky clicky and reboot" and its done, period, the end. ... Then remove the shell or mod them down so you can NOT use them! I bet the machine won't even make 6 months, and you sure as hell won't be updating the thing, because without CLI Linux falls down like a house of cards.
While I understand your point, and your frustration about the state of the various GUI environments for Linux, I really don't think that comparing a .reg file (and thus the Windows Registry) against the various Linux shells illustrates the shortcomings you think it does. For one, any CLI script could very well be turned into exactly the kind of clicky clicky executable file you mention -- with the added benefit that a Linux distro probably wouldn't need to be rebooted. Putting your metaphorical shoe on the other foot, I could just as easily say:
Then remove the registry or mod it down so you can NOT use it! I bet the machine won't even make 6 months, and you sure as hell won't be updating the thing, because without the registry Windows falls down like a house of cards.
If the CLI in and of itself is such the charlie foxtrot, why is it that Windows has been adding more and more CLI functionality with each iteration?
You should NEVER need CLI on a modern OS. The fact that Linux can't live without it just shows how far behind it is in the desktop arena. Embedded and server its great, desktop is shit.
I assume here that by "modern OS" you mean "modern desktop OS", yes? If so, it's easy enough to run a desktop Linux distro without ever touching the CLI -- Ubuntu and Canonical have seen to that, among others. But if you really want to get in there and get your hands dirty with some power user customizations, sure -- you're going to need to use the CLI, whether you're running a Linux distro, Mac OS, or even Windows.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
My Grandma uses Linux. I installed it for her, yes, but I wouldn't expect her to install Windows or any OS for that matter. I didn't have to touch the CLI to install it. I enabled auto-updates, showed her how to "open the Internet", and where the "app store" is. It's been 2 years. She "accidentally" upgraded to the next LTS release by herself, with no CLI -- A single button click...
My Brother, Uncle & Aunt all use Windows. In the same space of time, They've each gotten infected with malware at least twice, some more than others. Two of them have shelled out cold hard cash for Win7 because "it's more secure than Vista", had to take the computer to a technician to do the "upgrade" for them, and both of them have been infected with malware on for Win7.
Grandma tried to use my Uncle's computer -- She said, "Can you make the mouse less shaky, dear, I have shaky hands and I end up making the files disappear" (she means accidentally dragging them into adjacent folders) -- Gnome has drag & drop threshold... My Uncle's OS's window manager doesn't... her response: "Well, just turn it off and on again and go into the Linux." -- She was a bit upset that my Uncle B. didn't have "the Linux"... "Well why don't you have it? It doesn't cost anything, and the whole screen can zoom in when it's hard for me to read..."
She has a point -- it is free, why not have a dual boot just in case the other OS gets hosed?
My 75 year old neighbor started using Linux last year. He couldn't use a CLI to save his life. Same story as my Grandma -- Now they call me to shoot the shit, not guiltily ask me to remove malware -- My brother and uncle have both asked me to install Linux on their computers at the father's day family get together.
Please -- Stop spreading FUD. If these barely computer literate people can use Linux just as well as they can use Windows, I don't see what all the fuss is about.
Didn't we just see an article where it was decided that IPs don't map to people? http://yro.slashdot.org/story/11/05/03/2020205/An-IP-Address-Does-Not-Point-To-a-Person-Judge-Rules
Comment removed based on user account deletion
It's probably safe to say that anyone who is concerned about privacy most likely disables automatic updates anyway.
Welcome to Windows Vista functionality circa 2006 - NCSI is nothing new.
And also, since Windows XP, Windows has come with an NTP client on by default, set to their time server. So they've been "spying" on your IP address for a long time!
ASCII stupid question, get a stupid ANSI
SIGH!
Only when you enable windows update to act on your behalf. Otherwise Windows Update makes no IP connection. Unless its on auto update or YOU trigger it.
Far less phoning home than every damn time you get online.
The Mac address alone is MORE than enough for internet tracking, screw the rest of the phoning home garbage.
SIGH!
logic.... O_o
Happy to see this article as it is just what I have looking for and I am looking forward to another great article from you. As a fashion girl or lady, you must choose a right hair straightener to make you more attractive. You may be interested in http://www.ghd-hair-iron.co.uk
Because MicroSoft can map it to to a MSN account, Skype account or software or service registration they have on you as well. Once they can do that, they can map your traveling with your windows device and essentially know exactly where you drink your coffee, go for business and all that. Maybe it's not automatically considered proof in a court room anymore, but who said legal proof is ever required for invasion of privacy?
I was promised a flying car. Where is my flying car?
Really, really sick of reading the constant anti-MS feature bashing here.
They come up with an elegant solution to a problem, and everyone spurts "wah my privacy" - yeah okay. They get to know someone, somewhere, is trying to use the internet.
Wow, big deal.
These servers are hosting a single file stored away somewhere never to be used for anything else.
The comments to these articles are so much better on HN, so glad I found that site - I now read it more regularly than here, and I think I'm done reading this site unfortunately because of the constant bickering over stupid stuff.
ordinary people don't want to use Linux if there's a risk of becoming one of these losers.
Yes, that must be it...
If you customized the url to your own personal server this could be very helpful in tracking down a stolen laptop.
No, they do not. Some of us are forced to^w^w^w use corporate update thingies.
Apple, by the way, has been doing this for a very, very long time.
Thunderbird, does this with their account wizard which you cannot bypass.
The attack vectors opened up by doing this in a crowded area, are quite amusing.
They also don't know it's *your* IP address. For God's sake, all they're doing is acquiring a list of IP addresses that have Windows 7 installed. That's not particularly revealing information.
Made a .reg file for a lazy friend of mine.. basically, it just reroutes the requests to my server instead, as he trusts me more than microsoft, heh.
Feel free to use it, if you want, or edit it to fit your own preferences.
http://www.jarmund.net/stuff/JarmundNCSI.reg
I take no responsibility, etc...
PS: I'm slightly less evil than google.
this is probably the most boring sig in the world
You forgot to warn everyone about the windows clock! It talks to a Microsoft server without ever telling you. Your right to private timekeeping is being grossly violated by this so-called "feature." Microsoft will never admit it, but they're secretly keeping logs of all your time drifts so that they can sell--"personalize"--your data to everyone. To protect your privacy, delete your clock and replace it with the secure Rolex Timekeeper. Rolex's privacy policy explicitly says that they will NEVER give your current local time to anyone, and best of all, you can examine the Rolex internals yourself and verify that it's security and that it NEVER talks to Microsoft. Best of all, Rolex does not need monthly updates like Microsoft's products, so you can be assured that even if Rolex ceases support, your Rolex Timekeeping device will continue to function securely and reliably. Remember folks, when it comes to privacy, trust Rolex, not Microsoft!
MS has LONG been using our information. And they SELL IT TO HIGHEST BIDDER. You can get information about MS's customers if you pay them (name, addr, and phone). OTH, Google will NOT give you the information that you want (say name, addr, phone). They WILL use the data to target ads at you, but then again, so does Apple, MS, Yahoo, amazon, e-bay, etc.
time.windows.com
Yep, another way they have your IP.
Who cares? It's just an IP.
More to the point, so does Canonical when you run apt-get update. Indeed, they probably actually analyze the logs "in order to catch abusive clients". See, I can make repository maintainers look scary by putting their perfectly valid reasoning in quotes.
The road to tyranny has always been paved with claims of necessity.
Even worse, Microsoft knows *ALL* IP addresses!
They just don't always know who it belongs to...
you know, losers don't want to learn and get frustrated when others learn. That's their life.
I've known about this since we started testing Windows 7 at work last year. How? We run WebSense. Windows 7 constantly complained about possibly needing additional login credentials. Being that I work in a healthcare facility where the nursing areas really only need a basic, non-intrusive machine, I had to find out how to disable this. It's actually much easier if you use the group policy editor. We've got one in AD, but you can simply use the local group policy editor (gpedit.msc). The option is under Computer Configuration -> Administrative Templates -> System -> Internet Communication Management -> Internet Communication settings. Simply enable the option to "Turn off Windows Network Connectivity Status Indicator active tests." Furthermore, you can also change the location this checks against with group policy, but I cannot remember where that setting was.
Why bother with manually editing the registry in the first place?
Yes, you found the registry setting but unfortunately it seems you don't realize that even Windows has evolved here and there. Editing the registry for these kind of settings hasn't been required ever since Windows XP yet some people still like to do things the hard way (or only copy information from others without thinking things through).
Windows has been using the Microsoft Management Console (mmc.exe) for quite some time now. One of the key features? Allowing you to quickly setup management "consoles" which give direct access to specific settings which you won't find in the regular settings and menus.
In short: It allows you to either setup scripts of your own or use already existing ones. If you go to the 'administrative tools' and startup, say, 'computer management' to setup local users/groups you're actually starting mmc which is then using "compmgmt.msc".
And guess what? Not all these scripts are available in your comfy administration tools.
So; start menu -> run program (or hit win-r) and type "gpedit.msc".
Now go to computer 'configuration' (I think; I use a localized version) -> admin scripts/templates -> network -> status indicator.
Guess what? No need to manually mess in your registry and risk to screw things up. Better yet; here you can even (ab)use this for your local setups. Say you don't care about the Innernet being available but your router. "if router lives then internet".
Simply use the settings you'll find there and change the URL.
Really folks; I'm no Windows admin by far but ever since I started using Win7 more professionally the first thing I did was check how it worked and how you could control it. If you do that you'll see that messing in the registry manually is hardly required these days.
Just like with Linux you merely need to know what scripts to use ;-)
If it didn't connect to a Microsoft server to test connectivity, somebody would be screaming about the hundred million pings per day they were receiving.
Windows also connects to Microsoft's time server. There are many other time servers, but most of them aren't sized for hundreds of millions of connections per day.
My computer is leaking my IP Address to internet! Not a big deal, there are a whole lot of other services: Windows Update, Time Syching (most people will have that on), Weather (some people), 8000 different software update checks etc. If you are paranoid about your system checking if you can pull a file from an MS server, then disconnect your machine from the net, because everything else is going to scare the hell out of you.
I left Microsoft about 18 months ago, with no ill feelings. I can tell you that within the company, with a very few exceptions, people take personal privacy very seriously. With a service like NCSI the only time anyone might look at the logs would be to diagno
I left Microsoft about 18 months ago, with no ill feelings. I can tell you that within the company, with a very few exceptions, people take personal privacy very seriously. With a service like NCSI the only time anyone might look at the logs would be to diagnose a problem. Just possibly someone might count IP addresses per country to compare with sales, to estimate piracy rates. If an employee needs to access the crash report database, she must sign an agreement to protect the privacy of the person whose computer crashed. The exceptions are the a**holes whose job is to sell online ads, and who want any and all information that they pray will help them target the ads more effectively. As far as I know, none of the techniques have been shown to be effective.
It's one thing to ignorantly bash Microsoft products, but it's another thing to bash them on a surprisingly useful feature. There are a few controversial features on Windows 7, but this one is not one of them. If you're so worried about what Microsoft can do to anonymously submitted public IP addresses, then please turn off your computer and take up the Amish culture. This is 2011. Chances are you have 5-6 tracking cookies being accessed by various web services on the internet. Get over it.
trollololololol! :)
As much as I am concerned about Microsoft collecting statistics about me, I am more worried about this text file. What are the chances that Windows actually interprets this file when retrieved? What are that chances that it can be used as a remote command? Of course Microsoft would never do such a thing (..) but it is technically possible.
They have a database with all IP addresses. If they are able to link it to you, they may be able to send you a different file with a different command. They may be able to identify you by triggering a non-standard GET from you. Which may include your license key. Or other information from you. They may even be able to instruct your computer to do things behind your back. And they may even be able to use this as a universal kill switch.
But I trust they will never do such a thing...
To Terminate, or not to Terminate, that's the question - SCSIROB
There is a very simple answer to all privacy concern: Just convince Apple, Redhat, Google that all Macs, Linux machines, iOS and Android devices should implement the same functionality by accessing the exact same file, using the exact same request byte for byte as Windows 7 does.
That way, Microsoft gets _everyone's_ IP address, but there is no information content anymore. All that they would know is that the IP address exists. Today they know that the IP address is using Windows 7; that information would evaporate.
It's mildly annoying. When a proxy is blocking people from browsing the web at certain times every Win7 user on site gets this message and to start with they were ringing me up to tell me there were network problems. I expect they will do it again each time they come back from holidays.
As for the blocking policy - I know it is stupid and an actual brake on productivity but management were getting pissed off by seeing a few people on Facebook all day. My solution would have been to redirect everyone going there at work to some site that would scar them for life so it's probably just as well squid is being used to block access at certain hours instead.
Using http to check connectivity seems a bit heavy handed and implies ignorance of just about everything in networking - but remember that way back Microsoft was the company infamous for not even being able to get "ping" right even when they were handed the source code for free.
I vaguely remember from firefox-2 days, one had to delete some bookmark settings, otherwise teh firefux would issue some request at every browser startup. Good thing there's tcpdump...
Or you could just use the Group Policy Editor and achieve the same thing without faffing about...
Yeah, I had a sig once; I got bored of it.
It took this long for people to figure this out? Did network sniffers go out of style or something?
Who uses their own IP for Windows Update? Who even updates direct from the Microsoft servers?
It dont have to,
Dont run WU. Manually download the updates *you* want via another IP.
Dont let Microsoft boss you around. It's *your* computer.
Yes but you can change the NTP server there easily, not having to dig in registeries.
I imagine the load on their server will now drop :)
FREEZE MSFT NCSI! *flashes badge*
Shush! Don't inject logic into the discussion - let the zealots show the world how paranoia and hate infects the Linux world. After a while you realize why ordinary people don't want to use Linux if there's a risk of becoming one of these losers.
When the article is about windows 7, the comment you're replying to is about windows update and your comment is about Linux, I really do wonder if the zealotry is perhaps not where you think it is.
Oh wow weee.
What a useless and idiotic comment.
Everytime you connect to any website, that website knows your IP, woooo!
Instead of focusing on Microsoft, use your mind to think about the massive, MASSIVE amounts of data Google has on you.
Everything from what websites you visit (Search / DoubleClick / Analytics / Syndication), where you live, who you're associated with (mail / buzz / voice), what websites you comment on and possible what comments you make (CAPTCHA, Analytics, DoubleClick), to what you're interested in on the net and where you spend majority of your time.
And then if you've got Android, then they pretty much know your entire life story from who you're associated with / married to / dating / seeing behind your wife's back ... to where you go.
What are you doing on your computer that you are so worried that someone will find out about?
It's funny because I make every effort to turn those features off. Both of them.
I despise ubiquitous automated networking.
Tell me about more of these so-called "features" and I will make sure they are also turned off.
I also delete the BBC News RSS Feed from Firefox when I install it. I make sure to open Firefox and disable lots of features before plugging in my network jack.
No, I still haven't upgraded past Windows XP, and it's features like these that I am wary of.
...and I'm not going into greater detail about what I do, but yes, I am aware that Firefox also has things like automatic updates, phishing and malware checking and Chrome has things like translation services. I don't like those either, and there's more I don't like. But I'm not writing an encyclopedia about the lengths I will go to, to exert control over my computer (...at least not for an anonymous Slashdot comment).
just the fact that the destination is editable makes me wonder how many windows machines are reporting information to botnet owners using this "feature".
Having to work for a living is the root of all evil.
Who uses their own IP for Windows Update? Who even updates direct from the Microsoft servers?
Home users and home users.
Any more questions with obvious answers that I can answer for you?
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Um, just going out on a limb here, but you do realize that you can fairly easily trace an IP address to a street address, right?
http://www.conditions.in.ua/
Yes! It's true! And once they have everyone's IP address documented they're going to ... !! They'll be able to ... !!
What exactly is it they're going to do with our IP addresses?
No sig for you. YOU GET NO SIG!
And the date it gives may be 1984!
I work as a software developer for linux. I've been running linux for a decade. Some things still don't work properly and it's mostly related to hardware support.
I recently got a new laptop for the family and then work upgraded my business laptop. Both of them use a touchpad that doesn't have proper linux support because the vendor doesn't want to release the specs. Thus when running Linux all the fancy multi-touch gestures don't work, horizontal scrolling doesn't work, and I can't configure sensitivity, tap-to-click, disable-when-typing, etc.
Similarly, multi-monitor support is kind of flaky. It doesn't remember which outputs I was using so X always starts up using the laptop display even when it's in a dock.
Lastly, the wireless networking manager in KDE can't connect to a wireless access point that isn't broadcasting its SSID. You need to enable broadcast, configure the network, then disable broadcast again. This is fine when it's your own network, but if it's not yours this is a real pain.
A lot of people complain about how Windows has organized the registry and how awful it is that a normal user can actually change these settings. After all; now we're an even bigger target since this news has hit slashdot!
My guess: those people are running Windows 7 using an Admin account and are now complaining that you they actually have access to all of Windows' tidbits. Talk about ignorance!
If you're using Windows 7 as regular users (which really is perfectly usable) then guess what? The moment you hit run program -> regedit the access level to this setting stops at "NlaSvc\Parameters". You can't go beyond that. Many other sections aren't even accessible at all.
As soon as you run regedit as administrator the extra section like "Internet" appears and others become fully accessible again.
Its like running Linux as root all the time (ok; or using "sudo mc" because then you can get things done) and then whining how all programs you use or run are able to trash your /etc directory. Get a clue already...
I do agree that running a non-admin account in the past (Win XP anyone?) was hardly usable because even changing your startup menu could sometimes be annoyingly painful (read: stupidly difficult). Yet we're talking about Windows 7 here and although MS has enforced some really stupid things upon us in the past I have to say that I think Win7 is a really going into the right direction.
DNS can be fooled.
Now can we please include Microsoft along with Apple and Google on this privacy talks in Congress?
I built my own version of XP with nLite. What do I need more ?
Recipes for USA bankrupt - http://tinypaste.com/0d66f dd = dollar deluge (printed in the infinity)