Even With Telemetry Disabled, Windows 10 Talks To Dozens of Microsoft Servers

An esteemed reader writes: Curious about the various telemetry and personal information being collected by Windows 10, one user installed Windows 10 Enterprise and disabled all of the telemetry and reporting options. Then he configured his router to log all the connections that happened anyway. Even after opting out wherever possible, his firewall captured Windows making around 4,000 connection attempts to 93 different IP addresses during an 8 hour period, with most of those IPs controlled by Microsoft. Even the enterprise version of Windows 10 is checking in with Redmond when you tell it not to — and it's doing so frequently.

Surprised?

[gstoddart]

Is anybody surprised by this?

Microsoft has pretty clearly telegraphed they don't give a shit about what the people who own the machines want, and they're going to do whatever the fuck they want.

That Microsoft is doing this is surprising in no way to me.

Microsoft simply can't be trusted to not just do what they please here.

Re:Surprised?

[sims+2]

Performance wise yes with enough resources it was fine. But the oem's never sold stock systems with "enough" for the entire time vista was on the market.
The low end systems today with windows 10 still don't have the power to make vista work as intended.
Plus i've never encountered a windows vista system with more than 4GB stock memory most came with just 2GB or less.
Windows 7 handles it a bit better. However there is currently a bug with the windows update process and any system with less than 4GB of memory will page out to disk while trying to install the second set of 124 updates. Msft hasn't admitted to that yet either though.

Imho no one anywhere should even have the option to buy a new windows system with less than 4GB.

Re:Surprised?

[Midnight+Thunder]

No I was surprised that they were able to stay in business after the launch of vista and the windows 8 disaster.

Given the alternatives, I am not surprised people have stayed with them. Not, because the alternatives are bad, but because of the investment in terms of money and human skill sets.

The real alternatives are MacOS and Linux, but they have their own issues. MacOS limits your hardware choice to one company, even if some may argue it is the 'more user friendly OS' and Linux still doesn't feel like it has the user facing polish it could have, then add to the fact that there doesn't seem to be a desktop UI that seems to have a strong continual investment in improving the experience that the lowest common denominator of uses would appreciate.

The way I see it:
    - Linux is a great server OS, but weak on the desktop
    - MacOS is strong on the desktop, but weak on the server
    - Windows is average everywhere

The above also indicates why I believe many companies choose Windows: it may not be the best at anything, but works well enough for must general use cases and allow companies to deal with one vendor and not need a high level of expertise.

Re:Surprised?

[gstoddart]

Performance wise yes with enough resources it was fine. But the oem's never sold stock systems with "enough" for the entire time vista was on the market.

Well, was that Microsoft lying about minimum requirements, or OEMs ignoring them?

Because, really, way back in the day with Windows 3.11 when machines were sold with 4MB of RAM ... it was still unusable with only one application running.

Companies have been selling Windows machines with too damned little RAM for 25 years.

Re:Surprised?

[sims+2]

Microsoft lying about minimum requirements.
The question is why?
It doesn't really cost msft anything to change the arbitrary requirements. They ought to have been upped to 4GB years ago.
At the same time they could have written the system in such a way that it didn't use 2.7GB while updating.

Vista was bad for performance and the UAC was extra naggy by default they even scaled UAC back by default in windows 7+
8/8.1 has a terrible stock ui without a touch screen (should have been a system requirement if they were going to tell everyone else to gtfo) better with classic shell.
10 is a compromise between 7 and 8 but the start menu is still screwed up.

Re:Surprised?

[Archtech]

There's a strange type of inertia that applies to large companies. Even when they completely screw the pooch, they tend to hang on for years and years after the fact.

The bigger and more hierarchical the company, the greater the power of groupthink. It gets so that nobody who tells the truth and talks about the real facts and figures can survive within about five levels of management of the executive suite. Anyone who does immediately gets the bum's rush: incompetence, insubordination, bad judgement, blamed for someone else's incompetence or malfeasance, face doesn't fit, socially inept, politically incorrect... the list goes one for ever.

Hence the top management never gets to hear the truth; everything they do is praised to the skies. And they start to think they are wonderful, too, until they hit the wall at 90 mph. Sorry to Godwin, but Hitler was one of the all-time classic examples. For years he kept firing the best generals until he was surrounded by mediocre yes-men; then he probably wondered why nobody could get anything done.

If the truth were known, our corporations are infested by thousands of would-be Hitlers who lack what it takes even to be a petty tyrant.

Re:Surprised?

> Mac OS limits your hardware choice to one company, even if some may argue it is the 'more user friendly OS'

I believe we can say Apple is not user's money friendly.

Perhaps they don't want to risk their end-user business model; if they could create a separate company for the enterprise market, maybe that could work.

> and Linux still doesn't feel like it has the user facing polish it could have

Well, things can be improved, for sure, but I feel it's already on par with Mac OS. And it has been ahead of Windows for some time already...

> then add to the fact that there doesn't seem to be a desktop UI that seems to have a strong continual investment in improving the experience that the lowest common denominator of uses would appreciate

Unity is the classical counter-example here, but I must recognize Gnome serves LCD uses very well, though I'm really more a KDE|Xfce user.

KDE has been shown to unsuspecting users as the new Windows interface and has been praised to no end. As I work with Windows 7, I must cringe everyday about how less friendly it is -- even if compared to Xfce.

Recently, I've been testing KDE Plasma and found it _very_ good looking and polished; for comparison with Windows 10, I didn't try it yet, but from Youtube videos, Deepin looks on par if not better than W10 experience.

> - Linux is a great server OS, but weak on the desktop

Not really. I've been using since many years and it has constantly improved by leaps and bounds. I'm willing to admit it has some distance to cover regarding games, but that doesn't mind at all on the enterprise and I'd say most end-users are not gamers -- they really want to make homework, create pdfs, use spreadsheets, watch Internet videos, watch multimedia created with their smart phones... lots and lots of things which don't really require Windows.

Linux has some really nice offerings on the desktop besides Ubuntu.

> - MacOS is strong on the desktop, but weak on the server

They seem not interested in servers. For the prices they charge, they also seem not interested in desktops; for them, it appears, it's a post-PC world.

> - Windows is average everywhere
> The above also indicates why I believe many companies choose Windows: it may not be the best at anything, but works well enough for must general use cases and allow companies to deal with one vendor and not need a high level of expertise.

A valid point, no doubt. And therein lies the source of our problems: whatever Windows does, someone does that better. It's hard to live with a product perceived as inferior. But most know no other alternative. So Linux and BSD (Mac OS included) are not to blame, in fact...

Another point is that companies really need someone to talk to. Apple has a lot of ground to cover on that regard (and I believe they probably should start a division if they ever want to be relevant here), Linux has some companies which don't care about the desktop (Red Hat), some that care (Canonical) and are slowly becoming relevant and others IMHO who are too small or somewhat undecided (e.g. SuSE).

In my country, if I were a company, I bet I could easily hire someone for in-premises Windows desktop support; not so sure with Canonical. For servers, I bet it would be easy to get contacted by Red Hat, SuSE or Oracle.

For end-users, things are surprisingly easier because: a. nobody gets good Windows support anyway and b. Linux support on the Internet is first-quality.

Re:Surprised?

[AmiMoJo]

I read TFA, the guy is an idiot and screwed up the test.

He configured the router to drop all connections. So Windows tries to access Windows Update, and it fails. So it tries the next server on the list, which fails. Strange, the interface has an IP address, try the next one...

Windows also has this thing called the Out Of Box Experience. It's been there since at least 98, probably before. The first time you log in, it runs a few things so you can choose your preferences and set important stuff up. If you ignore it, it will carry on looking for updates from the Windows Store, updates for live tiles in the start menu etc.

Every OS enables a load of crap by default. This is not surprising at all.

Unlike the guy in TFA, I bothered to do this properly. If you disable everything and don't use Windows Store apps then the only traffic is to Windows Update.

This is what happens when your source is a Reddit knock-off full of people who found Reddit too civil.

Re:Surprised?

[Anne+Thwacks]

If a company chooses Unix, then they're "locked in" to Unix, as well. The idea that there's some kind of MS-specific "lock in" is hogwash.

Except that, for the most part, Command line and APIs, even for X in Unix have changed little since 1978, so the "lock-in" is more the equivalent of having the odd pillow between you and where you want to go than the Windows/Apple 10 foot high concrete wall.

In the main, Unix API changes are for very good reasons (Unity and systemd being very visible, but highly atypical examples), whereas Windows API changes are intentional, put there to force upgrades on the user base for commercial reasons.

Once a company chooses Unix, it is hard to imagine they would go back, except at the point of a gun.

Re:Surprised?

[encad]

Your probably right, but all this wouldn't happen, if Microsoft would clearly (and hopefully auditable) state, what they actually transmit and how to stop it (in every version).
Most of this FUD is allowed to spread, because everyone, with the exception of very large enterprise customers, is left in the dark.
The stuff with retrofitting the invasive telemetry into 7/8/8.1 and pushing every private customer very hard to updates wasn't helpful either.

So for me personally this W7 machine will be the last with windows, running as long as somehow possible. I don't want cloud stuff (not working on 1 Mbps connections), I don't want telemetry I can't control or shut off and, last but not least, I still have no freaking idea on the future use of a W10 license (rebuild of maschine, failing parts, yadda yadda yadda).

That isn't trustful.

[jellomizer]

For the enterprise version we really need it predictable so it can be managed. Even if talking to MS is harmless and overall a good thing, it means you are having your computer talk to something you may not want too.

At work we are still on Windows 7 with little chance going over to 10 because of stuff like this. (I would prefer Linux, but our management is stuck in the 1990s)

Re:That isn't trustful.

[Bite+The+Pillow]

Can't wait until the DoD moves forward with Windows 10 and defense contractors have to disable this telemetry reporting.

There will be a way, at that point, or there will be problems.

Re:That isn't trustful.

[MightyMartian]

I think being open about what is being transmitted would help. I concede that in modern operating environments, there's a lot of checking for updates and patches, and while we do run a Windows Update Server at the main office (mainly to save some bandwidth and give us more granular control over updates), many of our road warriors and people at the branch offices still have their computers being updated directly by Windows own update services. That means data on software installed is going to Microsoft's servers, but the trade off is we keep our systems up to date.

However, we have a number of government contracts that require safe storage of data, including assuring that no confidential data is transmitted to unauthorized third parties or out of the country. At that point it gets iffy, and I'm trying to put my head around whether "telemetry" data puts us at risk in the breach of contract department. Particularly now as we just got a three year extension on contract which will take us through 2019, we are preparing for large scale upgrades. We've already updated our Windows servers to 2012 R2, and are now in the process of deciding whether to go through the irritation of Windows 7 licenses, or just jump to Windows 10, which has been working fairly well in our test environment.

Microsoft needs to come clean here, and explain what exactly is being sent to their servers.

Re:This is big news, actually

[kheldan]

3)- "I have nothing to hide / you're old if you care"

I, and I'll easily assume that many, many others, are getting pretty damned sick and tired of hearing that line from idiots who have been so thoroughly indoctrinated, that they probably don't even consciously know that they're parroting it. It is a fact that, after a certain point in the development of a human being, desiring privacy is a normal, natural, healthy thing for a person to want. Not wanting or caring about your private life being private is an abberation, a sign that something is wrong. This whole faux culture of 'sharing everything with everyone' is some sort of a sickness and it needs to stop.

By the way, cfalcon, just to be sure you understand me: I'm agreeing with you on all counts, not attacking you.

Telemetry confirmed?

[Vegan+Cyclist]

Has anyone analyzed the data being sent? Or is this a big assumption? Could this be other apps that were installed by default 'calling home'? I'm not doubting that MS might do this, but in all fairness, this seems example seems like unsubstantial speculation....and a pretty weak 'test to boot. Remember that high school class who put sprouts by a wifi router and found the 'closer plants died'? I did the same thing for fun, and found the closer sprouts actually grew faster and more abundantly, probably since they were warmer. Shouldn't we suspend judgement until further tests and confirmation is made...?

Re:This is big news, actually

[Beeftopia]

3)- "I have nothing to hide / you're old if you care"

Response: "I may have nothing to hide, but my personal information is none of your gorram business."

If my information is valuable to you, you need to compensate me for it, if I'm interested in selling it. You have no right to take what is mine.

Blocking connections probably increases attempts

[enosys]

If you block connections, what would have normally been one successful connection can become many connection attempts. It's also possible that retries for the same thing would use different IP addresses. Someone needs to try an experiment like this without the blocking. A log of the data being transmitted would also be interesting. A lot of that is probably encrypted, but https monitoring via wildcard certificate MITM could capture some in decrypted form.

More analysis required

[GuB-42]

One problem with the approach used is that the firewall is configured to drop all connections. This is not a realistic picture.
An analysis of the content would also be interesting because even with telemetry disabled, there are plenty of reason for connecting to Microsoft servers such as software updates. Most of them are port 80 and port 443. Port 80 is normal http traffic and is easy to analyse, port 443 is encrypted so it is a bit harder but if you can add your own certificate authority to the windows install, you can try doing man-in-the-middle. There is also UDP port 3544 which is related to IPv4 - IPv6 transition, which in itself is probably harmless but may hide other connection attempts (that's one of the reasons why you won't get a realistic picture by dropping everything).

The only thing this experiment tells us is that Windows communicates with MS servers even with telemetry disabled. It smells but without further analysis, it is not very useful information.