Even With Telemetry Disabled, Windows 10 Talks To Dozens of Microsoft Servers

An esteemed reader writes: Curious about the various telemetry and personal information being collected by Windows 10, one user installed Windows 10 Enterprise and disabled all of the telemetry and reporting options. Then he configured his router to log all the connections that happened anyway. Even after opting out wherever possible, his firewall captured Windows making around 4,000 connection attempts to 93 different IP addresses during an 8 hour period, with most of those IPs controlled by Microsoft. Even the enterprise version of Windows 10 is checking in with Redmond when you tell it not to — and it's doing so frequently.

Surprised?

[gstoddart]

Is anybody surprised by this?

Microsoft has pretty clearly telegraphed they don't give a shit about what the people who own the machines want, and they're going to do whatever the fuck they want.

That Microsoft is doing this is surprising in no way to me.

Microsoft simply can't be trusted to not just do what they please here.

Re:Surprised?

[Cederic]

You'd be surprised. A decade of ultra-thin client architectures mean most business systems are now accessed via the browser and don't need Windows.

If using Windows breaks regulatory compliance, loses business or causes business sensitive information to be leaked, Windows is history.

Re:Surprised?

[gl4ss]

yeah difference with vista and 8/10(same fucking thing) is that vista they tried to make usable and with 8/10 theyre trying to use the customer.

Re:Surprised?

[sims+2]

Performance wise yes with enough resources it was fine. But the oem's never sold stock systems with "enough" for the entire time vista was on the market.
The low end systems today with windows 10 still don't have the power to make vista work as intended.
Plus i've never encountered a windows vista system with more than 4GB stock memory most came with just 2GB or less.
Windows 7 handles it a bit better. However there is currently a bug with the windows update process and any system with less than 4GB of memory will page out to disk while trying to install the second set of 124 updates. Msft hasn't admitted to that yet either though.

Imho no one anywhere should even have the option to buy a new windows system with less than 4GB.

Re:Surprised?

[Midnight+Thunder]

No I was surprised that they were able to stay in business after the launch of vista and the windows 8 disaster.

Given the alternatives, I am not surprised people have stayed with them. Not, because the alternatives are bad, but because of the investment in terms of money and human skill sets.

The real alternatives are MacOS and Linux, but they have their own issues. MacOS limits your hardware choice to one company, even if some may argue it is the 'more user friendly OS' and Linux still doesn't feel like it has the user facing polish it could have, then add to the fact that there doesn't seem to be a desktop UI that seems to have a strong continual investment in improving the experience that the lowest common denominator of uses would appreciate.

The way I see it:
    - Linux is a great server OS, but weak on the desktop
    - MacOS is strong on the desktop, but weak on the server
    - Windows is average everywhere

The above also indicates why I believe many companies choose Windows: it may not be the best at anything, but works well enough for must general use cases and allow companies to deal with one vendor and not need a high level of expertise.

Re:Surprised?

[gstoddart]

Performance wise yes with enough resources it was fine. But the oem's never sold stock systems with "enough" for the entire time vista was on the market.

Well, was that Microsoft lying about minimum requirements, or OEMs ignoring them?

Because, really, way back in the day with Windows 3.11 when machines were sold with 4MB of RAM ... it was still unusable with only one application running.

Companies have been selling Windows machines with too damned little RAM for 25 years.

Re:Surprised?

[gstoddart]

Boo hoo .. the multi-billion dollar corporation who spends billions of dollars annually can't maintain product releases and instead has decided the world gets to be their beta testers as they go to a shitty rolling release of incomplete software they've announced they'll force people to get.

I'm sorry, are we supposed to feel sorry because MS no longer wishes to to proper release engineering and life cycle management of their products? All so they can jam ads and analytics into our machines without our permission?

Fuck that.

Re:Surprised?

[sims+2]

Microsoft lying about minimum requirements.
The question is why?
It doesn't really cost msft anything to change the arbitrary requirements. They ought to have been upped to 4GB years ago.
At the same time they could have written the system in such a way that it didn't use 2.7GB while updating.

Vista was bad for performance and the UAC was extra naggy by default they even scaled UAC back by default in windows 7+
8/8.1 has a terrible stock ui without a touch screen (should have been a system requirement if they were going to tell everyone else to gtfo) better with classic shell.
10 is a compromise between 7 and 8 but the start menu is still screwed up.

Re:Surprised?

[ttucker]

During the Windows 8 disaster, the Linux community was making the same mistake of forcing their users into a new UI paradigm that they didn't want....

Re:Surprised?

[Archtech]

There's a strange type of inertia that applies to large companies. Even when they completely screw the pooch, they tend to hang on for years and years after the fact.

The bigger and more hierarchical the company, the greater the power of groupthink. It gets so that nobody who tells the truth and talks about the real facts and figures can survive within about five levels of management of the executive suite. Anyone who does immediately gets the bum's rush: incompetence, insubordination, bad judgement, blamed for someone else's incompetence or malfeasance, face doesn't fit, socially inept, politically incorrect... the list goes one for ever.

Hence the top management never gets to hear the truth; everything they do is praised to the skies. And they start to think they are wonderful, too, until they hit the wall at 90 mph. Sorry to Godwin, but Hitler was one of the all-time classic examples. For years he kept firing the best generals until he was surrounded by mediocre yes-men; then he probably wondered why nobody could get anything done.

If the truth were known, our corporations are infested by thousands of would-be Hitlers who lack what it takes even to be a petty tyrant.

Re:Surprised?

> Mac OS limits your hardware choice to one company, even if some may argue it is the 'more user friendly OS'

I believe we can say Apple is not user's money friendly.

Perhaps they don't want to risk their end-user business model; if they could create a separate company for the enterprise market, maybe that could work.

> and Linux still doesn't feel like it has the user facing polish it could have

Well, things can be improved, for sure, but I feel it's already on par with Mac OS. And it has been ahead of Windows for some time already...

> then add to the fact that there doesn't seem to be a desktop UI that seems to have a strong continual investment in improving the experience that the lowest common denominator of uses would appreciate

Unity is the classical counter-example here, but I must recognize Gnome serves LCD uses very well, though I'm really more a KDE|Xfce user.

KDE has been shown to unsuspecting users as the new Windows interface and has been praised to no end. As I work with Windows 7, I must cringe everyday about how less friendly it is -- even if compared to Xfce.

Recently, I've been testing KDE Plasma and found it _very_ good looking and polished; for comparison with Windows 10, I didn't try it yet, but from Youtube videos, Deepin looks on par if not better than W10 experience.

> - Linux is a great server OS, but weak on the desktop

Not really. I've been using since many years and it has constantly improved by leaps and bounds. I'm willing to admit it has some distance to cover regarding games, but that doesn't mind at all on the enterprise and I'd say most end-users are not gamers -- they really want to make homework, create pdfs, use spreadsheets, watch Internet videos, watch multimedia created with their smart phones... lots and lots of things which don't really require Windows.

Linux has some really nice offerings on the desktop besides Ubuntu.

> - MacOS is strong on the desktop, but weak on the server

They seem not interested in servers. For the prices they charge, they also seem not interested in desktops; for them, it appears, it's a post-PC world.

> - Windows is average everywhere
> The above also indicates why I believe many companies choose Windows: it may not be the best at anything, but works well enough for must general use cases and allow companies to deal with one vendor and not need a high level of expertise.

A valid point, no doubt. And therein lies the source of our problems: whatever Windows does, someone does that better. It's hard to live with a product perceived as inferior. But most know no other alternative. So Linux and BSD (Mac OS included) are not to blame, in fact...

Another point is that companies really need someone to talk to. Apple has a lot of ground to cover on that regard (and I believe they probably should start a division if they ever want to be relevant here), Linux has some companies which don't care about the desktop (Red Hat), some that care (Canonical) and are slowly becoming relevant and others IMHO who are too small or somewhat undecided (e.g. SuSE).

In my country, if I were a company, I bet I could easily hire someone for in-premises Windows desktop support; not so sure with Canonical. For servers, I bet it would be easy to get contacted by Red Hat, SuSE or Oracle.

For end-users, things are surprisingly easier because: a. nobody gets good Windows support anyway and b. Linux support on the Internet is first-quality.

Re:Surprised?

[AmiMoJo]

I read TFA, the guy is an idiot and screwed up the test.

He configured the router to drop all connections. So Windows tries to access Windows Update, and it fails. So it tries the next server on the list, which fails. Strange, the interface has an IP address, try the next one...

Windows also has this thing called the Out Of Box Experience. It's been there since at least 98, probably before. The first time you log in, it runs a few things so you can choose your preferences and set important stuff up. If you ignore it, it will carry on looking for updates from the Windows Store, updates for live tiles in the start menu etc.

Every OS enables a load of crap by default. This is not surprising at all.

Unlike the guy in TFA, I bothered to do this properly. If you disable everything and don't use Windows Store apps then the only traffic is to Windows Update.

This is what happens when your source is a Reddit knock-off full of people who found Reddit too civil.

Re:Surprised?

[Anne+Thwacks]

If a company chooses Unix, then they're "locked in" to Unix, as well. The idea that there's some kind of MS-specific "lock in" is hogwash.

Except that, for the most part, Command line and APIs, even for X in Unix have changed little since 1978, so the "lock-in" is more the equivalent of having the odd pillow between you and where you want to go than the Windows/Apple 10 foot high concrete wall.

In the main, Unix API changes are for very good reasons (Unity and systemd being very visible, but highly atypical examples), whereas Windows API changes are intentional, put there to force upgrades on the user base for commercial reasons.

Once a company chooses Unix, it is hard to imagine they would go back, except at the point of a gun.

Re:Surprised?

[NormalVisual]

Anyone who does immediately gets the bum's rush: incompetence, insubordination, bad judgement, blamed for someone else's incompetence or malfeasance, face doesn't fit, socially inept, politically incorrect... the list goes one for ever.

It's not just big companies where this happens, and it's not limited to the C-levels and their minions. In my experience, there are far too many in management at all levels that can't deal with the blow to the ego of being told that choices that they've made aren't good ones. Rather than actually think about what they've been told, they perceive it as unwarranted personal criticism even in the face of overwhelming objective evidence.

Re:Surprised?

[encad]

Your probably right, but all this wouldn't happen, if Microsoft would clearly (and hopefully auditable) state, what they actually transmit and how to stop it (in every version).
Most of this FUD is allowed to spread, because everyone, with the exception of very large enterprise customers, is left in the dark.
The stuff with retrofitting the invasive telemetry into 7/8/8.1 and pushing every private customer very hard to updates wasn't helpful either.

So for me personally this W7 machine will be the last with windows, running as long as somehow possible. I don't want cloud stuff (not working on 1 Mbps connections), I don't want telemetry I can't control or shut off and, last but not least, I still have no freaking idea on the future use of a W10 license (rebuild of maschine, failing parts, yadda yadda yadda).

That isn't trustful.

[jellomizer]

For the enterprise version we really need it predictable so it can be managed. Even if talking to MS is harmless and overall a good thing, it means you are having your computer talk to something you may not want too.

At work we are still on Windows 7 with little chance going over to 10 because of stuff like this. (I would prefer Linux, but our management is stuck in the 1990s)

Re:That isn't trustful.

[Bite+The+Pillow]

Can't wait until the DoD moves forward with Windows 10 and defense contractors have to disable this telemetry reporting.

There will be a way, at that point, or there will be problems.

Re:That isn't trustful.

[MightyMartian]

I think being open about what is being transmitted would help. I concede that in modern operating environments, there's a lot of checking for updates and patches, and while we do run a Windows Update Server at the main office (mainly to save some bandwidth and give us more granular control over updates), many of our road warriors and people at the branch offices still have their computers being updated directly by Windows own update services. That means data on software installed is going to Microsoft's servers, but the trade off is we keep our systems up to date.

However, we have a number of government contracts that require safe storage of data, including assuring that no confidential data is transmitted to unauthorized third parties or out of the country. At that point it gets iffy, and I'm trying to put my head around whether "telemetry" data puts us at risk in the breach of contract department. Particularly now as we just got a three year extension on contract which will take us through 2019, we are preparing for large scale upgrades. We've already updated our Windows servers to 2012 R2, and are now in the process of deciding whether to go through the irritation of Windows 7 licenses, or just jump to Windows 10, which has been working fairly well in our test environment.

Microsoft needs to come clean here, and explain what exactly is being sent to their servers.

This is big news, actually

[cfalcon]

The Microsoft shills normally go down one of these paths:

1)- "You can turn it off if you pay for it"
(this ignores that you can't really buy enterprise and is malicious behavior in general, ignores that you can't turn stuff off in pro- but now it ALSO ignores that EVEN ENTERPRISE HAS NO TOGGLES!)

So it's BIG news because it means that even Enterprise is tucked into their botnet.

2)- "But google does this on their phone OS"
(this ignores that a phone OS isn't the same as a desktop OS, ignores that phones are pretty terrible at privacy and that this is due to several vendor lock-ins that don't have good outs, ignores that there's phones that DON'T do this, and is just generally so full of false equivalences that it's ludicrous on the face of it)

3)- "I have nothing to hide / you're old if you care"
(this is something a marketer would say, not a rational person- no one actually wants to buy or use spy tech)

4)- 'You can turn it off"
(this article is the latest showing that NO YOU CANNOT- someone will post one of the scripts or spybots or whatever that purports to disable it, and might even, but if you need some crazy tech solution to get your OS to MAYBE not spy on you ludicrously, it's a terrible OS)

So finding it in Enterprise destroys (1) even further, and is interesting for (4) as well.

I'm sure it won't stop them shills shilling though.

Re:This is big news, actually

[kheldan]

3)- "I have nothing to hide / you're old if you care"

I, and I'll easily assume that many, many others, are getting pretty damned sick and tired of hearing that line from idiots who have been so thoroughly indoctrinated, that they probably don't even consciously know that they're parroting it. It is a fact that, after a certain point in the development of a human being, desiring privacy is a normal, natural, healthy thing for a person to want. Not wanting or caring about your private life being private is an abberation, a sign that something is wrong. This whole faux culture of 'sharing everything with everyone' is some sort of a sickness and it needs to stop.

By the way, cfalcon, just to be sure you understand me: I'm agreeing with you on all counts, not attacking you.

Re:This is big news, actually

[Beeftopia]

3)- "I have nothing to hide / you're old if you care"

Response: "I may have nothing to hide, but my personal information is none of your gorram business."

If my information is valuable to you, you need to compensate me for it, if I'm interested in selling it. You have no right to take what is mine.

Telemetry confirmed?

[Vegan+Cyclist]

Has anyone analyzed the data being sent? Or is this a big assumption? Could this be other apps that were installed by default 'calling home'? I'm not doubting that MS might do this, but in all fairness, this seems example seems like unsubstantial speculation....and a pretty weak 'test to boot. Remember that high school class who put sprouts by a wifi router and found the 'closer plants died'? I did the same thing for fun, and found the closer sprouts actually grew faster and more abundantly, probably since they were warmer. Shouldn't we suspend judgement until further tests and confirmation is made...?

Blocking connections probably increases attempts

[enosys]

If you block connections, what would have normally been one successful connection can become many connection attempts. It's also possible that retries for the same thing would use different IP addresses. Someone needs to try an experiment like this without the blocking. A log of the data being transmitted would also be interesting. A lot of that is probably encrypted, but https monitoring via wildcard certificate MITM could capture some in decrypted form.

More analysis required

[GuB-42]

One problem with the approach used is that the firewall is configured to drop all connections. This is not a realistic picture.
An analysis of the content would also be interesting because even with telemetry disabled, there are plenty of reason for connecting to Microsoft servers such as software updates. Most of them are port 80 and port 443. Port 80 is normal http traffic and is easy to analyse, port 443 is encrypted so it is a bit harder but if you can add your own certificate authority to the windows install, you can try doing man-in-the-middle. There is also UDP port 3544 which is related to IPv4 - IPv6 transition, which in itself is probably harmless but may hide other connection attempts (that's one of the reasons why you won't get a realistic picture by dropping everything).

The only thing this experiment tells us is that Windows communicates with MS servers even with telemetry disabled. It smells but without further analysis, it is not very useful information.

Re:privacy and security.

[cfalcon]

> If MS was collecting information like that wouldn't they be in equally as much trouble?

NO! Read your Windows 10 EULA. It points to the privacy agreement, and that says that you give legal permission for all your keystrokes to be sent to Microsoft, along with pretty much everything else. Microsoft believes they are covered legally- the EULA grants vastly more invasive stuff than the software provides... so far...

Re:The way to fight this

[KGIII]

LOL Except Windows 10 doesn't actually use the hosts file for this. They're hard-coded IP addresses and you can't block them with the hosts file. You can add 'em all you want, it won't help. Folks have shown video of this. They've added the domains to the hosts file and then used Wireshark (that's what the interface looked like, as I recall) and there's still outbound communication with the very same IP addresses at the very same level. Nope, hosts isn't gonna cut it.