Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Telemetry Collection, Explained (theregister.co.uk)

Posted by timothy on from the where-you-were-last-summer dept.

New submitter Poohsticks writes: There's a nice breakdown of the updated information from Microsoft about what they are doing with the telemetry data that Windows 10 is collecting (original Technet article here) by Chris Williams at The Register. Interesting finds that better explain what's happening with that data (and how to control it).

4 of 213 comments (clear)

  1. Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA by buck-yar · · Score: 5, Informative

    Found this on reddit:

    I've seen theres a lot of speculation on whether the observed network connections from Windows 10 with privacy options on are actually spying or not, and figured some actual evidence would be in order.

    Anyone can recreate this for themselves:

                    Fresh install of Windows 10.
                    Set all privacy options to off, disable cortana, disable web search
                    Ensure all updates are done. Close all programs.
                    Install Fiddler, and enable HTTPS sniffing. (If you use wireshark, you wont be able to view the HTTPS)
                    Press stream in fiddler.
                    Click the windows search bar, type any letter, watch the HTTPS session to bing.com appear.

    Im still trying to figure out exactly what it is that it is transmitting, but its for sure sending a user-agent string that identifies itself as Cortana.

    Some observed behaviors:

                    Clicking on a link from an application (in this case, a download link from within Fiddler) submits the URL you are visiting to urs.microsoft.com.
                    Opening applications-- even with SmartScreen disabled-- opens sessions to apprep.smartscreen.microsoft.com and, among other things, submits the hash of the application. EDIT: Apparently you must also disable smartscreen in edge. Even so, it will initiate a connection to w.apprep.smartscreen.microsoft.com
                    Typing anything into the search bar will, regardless of settings, initiate an HTTPS session to www.bing.com. It will transmit a cookie, though so far I have not seen anything in there that looks like keystroke monitoring, as the only thing that appears to change between attempts is an HV section of the cookie. It appears to be downloading javascript, and submitting identifying data (screen resolution, install date, SID). The URL it uses is https://www.bing.com/manifest/... [bing.com]
                    Opening the settings app and going into account options sometimes opens a session to public-family.api.account.microsoft.com:443. I suppose this would be expected.

  2. Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA by Anonymous Coward · · Score: 2, Informative

    You can turn off Windows Update by setting the following registry entries:
    Add a REG_DWORD value called DoNotConnectToWindowsUpdateInternetLocations to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate and set the value to 1.
    -and-
    Add a REG_DWORD value called DisableWindowsUpdateAccess to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate and set the value to 1.

    Fuck microsoft very hard - to disable the We'reInstalling10WhetherYouAskedForItOrNot "recommended update", my grandmother has to open the registry and create 2 REG_DWORD variables. In that craptacular interface. Legendary stuff. Like grandma is going to do that without screwing up.

    It will be about 2 hours before someone publishes an MSI that does ALL of the ShutDownTelemetry tasks, and proves once again, that there are still undocumented telemetry messages being passed. Would it be TOO much trouble for Microsoft to provide a tool that performs the 40+ tasks to turn off all telemetry? Apparently far too hard for the world's largest software team to handle.

    What the fuck is Nadella doing? And why is he overseeing the worst abuses that ms have ever embarked upon (and that's saying something)?

  3. Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA by buck-yar · · Score: 3, Informative

    I see you missed the "regardless of setting" part

  4. Re:Stop Writing Software for Windows by Voyager529 · · Score: 5, Informative

    Do they still write software for Windows? [...] I think if you have 3 pages of anti-virus software and 1 page of education titles, that's a dead OS! There's still quite a few games for Windows, but nothing like the choice on Steam.

    Yes, plenty. It's just not sold on Newegg.

    Every law firm I do work for uses a program called Worldox to keep case documents together, and most use TimeMatters to keep track of their billable hours.

    While Electronic Medical Records are usually done via a website of some kind, the software that runs the X-Ray machines and 101 other medical diagnostic devices all run on Windows. So do Dentrix and Dexis, the software that probably runs your dentist's office.

    The applications used by auto mechanics to diagnose issues with cars, like Mitchell, is almost all Windows-only.

    While browser-based CRM applications like SugarCRM are making definite inroads, a number of companies are still locked into Act.

    Quickbooks runs on Windows, and if you think Microsoft has a lock-in with Office, you have yet to see the death stares that you'll get at the mention of the possibility of moving away from Quickbooks...and the browser based alternatives are not drop-in replacements just yet.

    Some very new, low-volume startup restaurants can use iPads as point-of-sale machines, but the vast majority of PoS systems are Windows specific, especially if they need to integrate with other software.

    While there was an article last week about doing audio engineering on Linux, Windows and OSX are the places where you'll find formal support from the hardware developers and plug-in creators, and the story repeats itself for video creation.

    Most reasonably-sized offices have had their furniture layout rendered in something like 20/20 Giza, which conveniently segues me to the whole cottage industry around AutoCAD.

    The LED marquee signs in storefront windows and the scoreboards at sporting events have their content designed and uploaded with something like Venus 1500, and the intelligent lights at those ballgames may well be controlled with Lightjockey or Compushow - even many of the dedicated hardware lighting boards run on an embedded version of Windows.

    Your local moderate-sized accounting firm probably uses something like ProsystemFX Engagement, which is kinda like Git for accounting ledgers. Circling back to Office, much of the value-add for the heavy users is not necessarily that LibreOffice isn't as good as Excel, but that there are many Excel-specific plug-ins that pull data from other places and streamline layouts.

    The list of niche industry-vertical software that's Windows only is about as large as your most recent Yellow Pages - virtually every industry has a handful of software vendors specializing in that niche. If you're a software developer, sure, Eclipse, notepad and a web browser are interchangeable on basically everything, so writing C++ code on one OS is basically the same experience as writing C++ on another. Even server-side, Samba shares on Windows Server and Samba shares on FreeNAS are functionally identical to end users. The long tail, on Windows, is a very powerful thing - and you won't see that software for sale on Newegg.