Slashdot Mirror

← Back to Stories (view on slashdot.org)

ZDNet Writer Downplays Windows 10's Phoning-Home Habits

Posted by timothy on from the you-always-call-you-always-write dept.

jones_supa writes: Gordon F. Kelly of Forbes whipped up a frenzy over Windows 10 when a Voat user found out in a little experiment that the operating system phones home thousands of times a day. ZDNet's Ed Bott has written a follow-up where he points out how the experiment should not be taken too dramatically. 602 connection attempts were to 192.168.1.255 using UDP port 137, which means local NetBIOS broadcasts. Another 630 were DNS requests. Next up was 1,619 dropped connection attempts to address 94.245.121.253, which is a Microsoft Teredo server. The list goes on with NTP, random HTTP requests, and various cloud hosts which probably are reached by UWP apps. He summarizes by saying that a lot of connections are not at all about telemetry. However, what kind of telemetry and data-mined information Windows specifically sends still remains largely a mystery; hopefully curious people will do analysis on the operating system and network traffic sent by it.

7 of 264 comments (clear)

  1. What about by NotInHere · · Score: 5, Informative

    Adding [forbes.com] to forbes links on the front page?

  2. Re:No worse than iPhone by Anonymous Coward · · Score: 1, Informative

    with the telemetry turned off

    How? Last time I checked telemetry couldn't be disabled on 10, not even on the Enterprise version (go read the "fine print" on Microsoft's website, it's quite sneaky).

    https://technet.microsoft.com/library/mt577208%28v=vs.85%29.aspx

  3. Re: wtf is this article by Anonymous Coward · · Score: 2, Informative

    Only if you opt in during the installation

  4. Re:wtf is this article by DRJlaw · · Score: 2, Informative

    I'm not quite sure why you broke out into an inane babbling rant, but the rebuttal article on ZDNet is failed apologism because even the author admits he has no idea what information Microsoft is collecting. He's assuming (because he trusts MS, you see) that the data is anonymized and only used for this or that, but notice how many times he says "possibly", "could", etc.? It's all speculation.

    No, it is not. It is a successful critique of the claim that there were "thousands" of attempts to contact Microsoft to allegedly report nasty telemetry data, when at least 2/3rds were not telemetry data. That's a significant fact to the rest of us.

    TFA: of all, 602 connection attempts were to 192.168.1.255, using UDP port 137. That's the broadcast address where Windows computers on a local network announce their presence and look for other network computers using the NetBIOS Name Service. It's perfectly normal traffic.

    If you can't even figure out that non-routable broadcast traffic cannot report information back to Microsoft, why should we accept the Forbes speculation while rejecting the ZDnet non-speculation concerning that broadcast traffic, similar DNS lookups to a local router, etc.? If the frequency of the supposed attempts was unimportant, then why was it the focus of so much of the reporting?

    Don't accuse others of "insane babbling rants" when you not only have no idea what Microsoft is collecting, but actively refuse knowledge of what is going over the wire. The ZDnet author didn't extend much trust to Microsoft, but simply reported that the huge number reported in connection with the telemetry issue was primarily sensationalistic claptrap.

    TFA: And yes, there is certainly some telemetry data in there.
    * * *
    But we don't know, because Mr. Crust didn't actually do any traffic analysis.

    So do some, instead of engaging in your own chicken-little-like repetition of others' insane babbling rants.

  5. Re:No worse than iPhone by Alumoi · · Score: 1, Informative

    Why the fuck does Win10 contact telemetry.appex.bing.net, ad.doubleclick.net, and watson.live.com whenever you open the fucking Notepad?

    Because Cortana?
    Cortana: It looks like you are trying to type some letters. Would you like help?

  6. Re:Not only am I bothred by the phone-home, by F.Ultra · · Score: 5, Informative

    True that Ubuntu did it by default before (they have since disabled it) but you could easily disable it via the GUI settings. I disabled it and unless I actively do something with the network like surf the web with Firefox or stream music then a "sudo tcpdump -nvpi eth0" on my Ubuntu shows absolutely no connection attemps from my machine what so ever, all that I see is some other machine on the network sending broadcast ARP requests for the MAC of the defautl gateway.

    f.ultra@ubuntu:~$ sudo tcpdump -nvpi eth0
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
    19:49:51.946496 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:49:53.996275 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:49:56.054219 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:49:58.136104 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:50:00.221756 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:50:02.276667 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:50:04.353056 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:50:06.431986 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:50:08.520302 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:50:10.584220 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:50:12.625328 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:50:14.712258 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:50:16.782389 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
    19:50:18.856272 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46

    And it goes on and on like that for hours, so no most Linux distros does not do some of this too.

  7. Re:"No big deal" by bruce_the_loon · · Score: 3, Informative

    NetBIOS over TCP is still a core part of Microsoft networking and the broadcasts allow the various machines running Windows or SAMBA to discover each other without needing a central directory server. It is still implemented because it is a useful API with decent backward compatibility with everything back to 95/98.

    This isn't the old NetBIOS Frames line protocol from the extremely old days, rather the service layer protocol that handles the discovery, negotiation and authentication parts of peer-to-peer file and printer sharing in Windows.

    --
    Trying to become famous by taking photos. Visit my homepage please.