Microsoft Telemetry Collection, Explained

New submitter Poohsticks writes: There's a nice breakdown of the updated information from Microsoft about what they are doing with the telemetry data that Windows 10 is collecting (original Technet article here) by Chris Williams at The Register. Interesting finds that better explain what's happening with that data (and how to control it).

SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[lesincompetent]

Very little is explained. And there's no OFF setting.
Fuck Microsoft, hard.

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[buck-yar]

Found this on reddit:

I've seen theres a lot of speculation on whether the observed network connections from Windows 10 with privacy options on are actually spying or not, and figured some actual evidence would be in order.

Anyone can recreate this for themselves:

                Fresh install of Windows 10.
                Set all privacy options to off, disable cortana, disable web search
                Ensure all updates are done. Close all programs.
                Install Fiddler, and enable HTTPS sniffing. (If you use wireshark, you wont be able to view the HTTPS)
                Press stream in fiddler.
                Click the windows search bar, type any letter, watch the HTTPS session to bing.com appear.

Im still trying to figure out exactly what it is that it is transmitting, but its for sure sending a user-agent string that identifies itself as Cortana.

Some observed behaviors:

                Clicking on a link from an application (in this case, a download link from within Fiddler) submits the URL you are visiting to urs.microsoft.com.
                Opening applications-- even with SmartScreen disabled-- opens sessions to apprep.smartscreen.microsoft.com and, among other things, submits the hash of the application. EDIT: Apparently you must also disable smartscreen in edge. Even so, it will initiate a connection to w.apprep.smartscreen.microsoft.com
                Typing anything into the search bar will, regardless of settings, initiate an HTTPS session to www.bing.com. It will transmit a cookie, though so far I have not seen anything in there that looks like keystroke monitoring, as the only thing that appears to change between attempts is an HV section of the cookie. It appears to be downloading javascript, and submitting identifying data (screen resolution, install date, SID). The URL it uses is https://www.bing.com/manifest/... [bing.com]
                Opening the settings app and going into account options sometimes opens a session to public-family.api.account.microsoft.com:443. I suppose this would be expected.

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

You can turn off Windows Update by setting the following registry entries:
Add a REG_DWORD value called DoNotConnectToWindowsUpdateInternetLocations to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate and set the value to 1.
-and-
Add a REG_DWORD value called DisableWindowsUpdateAccess to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate and set the value to 1.

Fuck microsoft very hard - to disable the We'reInstalling10WhetherYouAskedForItOrNot "recommended update", my grandmother has to open the registry and create 2 REG_DWORD variables. In that craptacular interface. Legendary stuff. Like grandma is going to do that without screwing up.

It will be about 2 hours before someone publishes an MSI that does ALL of the ShutDownTelemetry tasks, and proves once again, that there are still undocumented telemetry messages being passed. Would it be TOO much trouble for Microsoft to provide a tool that performs the 40+ tasks to turn off all telemetry? Apparently far too hard for the world's largest software team to handle.

What the fuck is Nadella doing? And why is he overseeing the worst abuses that ms have ever embarked upon (and that's saying something)?

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[buck-yar]

I see you missed the "regardless of setting" part

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

"...submits the URL you are visiting to urs.microsoft.com"

URS = URL Reputation Service - have you also disabled the phishing protection options in IE/Edge..?

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[AmiMoJo]

I've done this myself and the behaviour was different. No access to bing.com. He seems confused by Smartscreen as well, not realizing that it works by submitting URLs to Microsoft for auditing when they are opened in Edge.

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[TheRaven64]

No, most search bars do that by default, but allow you to disable the search suggestion logic.

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[buck-yar]

So if he disabled search suggestions, you still expect it to communicate the search to MS? Your logic is puzzling.

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[Toad-san]

I found my Win10 Pro's Feedback settings were set to "Always" and "Full". They're now "Never" and "Basic". No dire warnings or threats from Microsoft .. yet.

Thanks for those URLs above .. something else to put in my "blocked IP's" Host file maybe.

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[buck-yar]

"Typing anything into the search bar will, regardless of settings, initiate an HTTPS session to www.bing.com. "

How is that vague?

Stop Writing Software for Windows

Most people here have been commenting with something like "Stop Using Windows", but I think this is the wrong message.

Considering the audience here on Slashdot, the true message to share and discuss is: "Stop Writing Software for Windows".

My software company has just ruled out all future Windows development. Yes, that means we'll lose some clients, and yes, that means we will have some customer training issues to resolve. But compared to the clusterfuck that is Windows10, it was actually a pretty easy decision for us to make. If Microsoft wants to be a part of the future of software development then they will need to continue to push .NET onto cross platform, and clean up that Mono license so that we can all use it with confidence. Otherwise, Microsoft software development is dead. Sure, not now, not in five years, but this is it: the beginning of the end.

So stop writing software for Windows and watch the world change...for the better.

Re:Stop Writing Software for Windows

[ThunderBird89]

The entire Adobe family, Eclipse, Webstorm, Skype, Paterva's analysis suites (Maltego and CaseFile), and the list could go on until Slashdot's storage is filled up.

Basically 90+% of software is present on Windows. Sure, you can skew the numbers if you include all the little utilities rolled into Linux distros as separate programs, but the majority of those are either "one-liners" or they are not viable without a plethora of other utilities.

Re:Stop Writing Software for Windows

[AmiMoJo]

What kind of software does your company write? Mine does applications for the water industry for managing networks, and there is no way we could switch to Linux because our customers would never accept it. They run a variety of apps on their computers, almost all of it Windows only.

WINE isn't an option either, because it is unsupported. If an app doesn't work in WINE the vendor probably won't be interested in fixing it.

Re:Stop Writing Software for Windows

[DogDude]

My software company has just ruled out all future Windows development.

I call bullshit, AC.

Re:Stop Writing Software for Windows

[Voyager529]

Do they still write software for Windows? [...] I think if you have 3 pages of anti-virus software and 1 page of education titles, that's a dead OS! There's still quite a few games for Windows, but nothing like the choice on Steam.

Yes, plenty. It's just not sold on Newegg.

Every law firm I do work for uses a program called Worldox to keep case documents together, and most use TimeMatters to keep track of their billable hours.

While Electronic Medical Records are usually done via a website of some kind, the software that runs the X-Ray machines and 101 other medical diagnostic devices all run on Windows. So do Dentrix and Dexis, the software that probably runs your dentist's office.

The applications used by auto mechanics to diagnose issues with cars, like Mitchell, is almost all Windows-only.

While browser-based CRM applications like SugarCRM are making definite inroads, a number of companies are still locked into Act.

Quickbooks runs on Windows, and if you think Microsoft has a lock-in with Office, you have yet to see the death stares that you'll get at the mention of the possibility of moving away from Quickbooks...and the browser based alternatives are not drop-in replacements just yet.

Some very new, low-volume startup restaurants can use iPads as point-of-sale machines, but the vast majority of PoS systems are Windows specific, especially if they need to integrate with other software.

While there was an article last week about doing audio engineering on Linux, Windows and OSX are the places where you'll find formal support from the hardware developers and plug-in creators, and the story repeats itself for video creation.

Most reasonably-sized offices have had their furniture layout rendered in something like 20/20 Giza, which conveniently segues me to the whole cottage industry around AutoCAD.

The LED marquee signs in storefront windows and the scoreboards at sporting events have their content designed and uploaded with something like Venus 1500, and the intelligent lights at those ballgames may well be controlled with Lightjockey or Compushow - even many of the dedicated hardware lighting boards run on an embedded version of Windows.

Your local moderate-sized accounting firm probably uses something like ProsystemFX Engagement, which is kinda like Git for accounting ledgers. Circling back to Office, much of the value-add for the heavy users is not necessarily that LibreOffice isn't as good as Excel, but that there are many Excel-specific plug-ins that pull data from other places and streamline layouts.

The list of niche industry-vertical software that's Windows only is about as large as your most recent Yellow Pages - virtually every industry has a handful of software vendors specializing in that niche. If you're a software developer, sure, Eclipse, notepad and a web browser are interchangeable on basically everything, so writing C++ code on one OS is basically the same experience as writing C++ on another. Even server-side, Samba shares on Windows Server and Samba shares on FreeNAS are functionally identical to end users. The long tail, on Windows, is a very powerful thing - and you won't see that software for sale on Newegg.

Ok, let's suppose its all true.

[Z80a]

We're still talking about a lot of basically untested internet aware services running on your background that have a microsoft tier of security, which means it is probably exploitable the hell and back, and basically identical on every single windows 10 box.

That sounds like a gros michel banana scenario here pretty much, where someone with evil intentions would be able to abuse one of those flaws and pretty much wipe out a large quantity of windows 10 machines if not all of em in a whim.

Re: Ok, let's suppose its all true.

[ljw1004]

That's a FUD stretch. There's been no suggestion that any telemetry stuff accepts inbound connections.

Re: Ok, let's suppose its all true.

[gstoddart]

That's a FUD stretch. There's been no suggestion that any telemetry stuff accepts inbound connections.

Sorry, but that is complete and utter bullshit .. or at least, there is an indirect mechanism:

Full is where things get a little dicey, depending on how much you prize your privacy. If your system reports back strange crashes that Microsoft techies can't get their heads around, they can request extra data from your machine, which Windows 10 will hand over under remote control if management approves. This extra information can include some of your files so the engineers can recreate the exact crash in their labs using your data and apps. Microsofties can also run diagnostic tools on your system to gather more evidence. Here's Microsoft's explanation of the process:
Before more info is gathered, Microsoft's privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
Ability to get registry keys.
Ability to gather user content, such as documents, if they might have been the trigger for the issue.

If Microsoft engineers can request information about your machine -- like we're meant to believe they're sitting around looking for problems on everybody's machine -- then that either has to be a push to you, or on your next upload you get sent a payload which says "gather the following".

But you'll notice it says "remote control" and provides a mechanism to run programs - which tells me there is now a mechanism to remotely control machines and run software. Like that won't get exploited real quick.

They're using this because Windows 10 is essentially an extended fucking beta where they're building it as they go, and want to measure how much of a shit job they're doing.

And if most versions can't select the Security only policy, what's to say that it won't be long before you can't deselect full?

Sorry, but Microsoft has given themselves the right to do remote administration and data gathering ... and for all but the ones which can select Security, they'll do it in such a way that they can personally identify you. Oh, and apparently they'll gather some of your documents as well.

No fucking way we can trust them with this, because as soon as they have the ability to tell your computer to package up some data and send it to them, some asshole in law enforcement is going to demand they misuse it. And don't say they won't, because that's exactly the kind of shit law enforcement and the security agencies are doing. No way they won't show up with an NSL demanding information and forbidding Microsoft from admitting to it.

There needs to be a setting which says "you mayyro.slashdot.orgumstances collect any information as I do not consent to it". If there isn't, Windows 10 is going to cause Microsoft headaches they can't even begin to imagine ... starting with any country which has privacy laws that a fucking EULA can't overrule.

Some of what is described should be illegal for them to do. In fact, in some places, I'm pretty sure it is.

Re: Ok, let's suppose its all true.

[WaffleMonster]

So you admit it's FUD. There is no suggestion that they have network listeners (which wouldn't work anyway because most people have some kind of router level firewall, and many don't support UPNP).

What difference do modalities make? The fact capability exists and is used without explicit end user knowledge or approval is what matters.

Then you go on to wildly speculate about the mechanism being insecure. Tell

Security is nothing more than expression of value judgments made by individuals. It is not an objective measure. What is deemed secure or not differs with context, value of what is secured, consequence of failure and level trust the individual has developed in individuals and technology charged with implementing security.

The existence of an explicit targeted remote access capability that operates without user knowledge or approval is the definition of insecure in my opinion. I don't know how to trust a corporation that demonstrates such disrespect for the security and privacy of its customers. Without trust there is no security. Without security computers are worthless for many purposes.

There is a lot to be upset about with Windows 10, but I'm fed up of people making stuff up just to jump on the bandwagon. Some of us are looking for hard, objective data. I'm going to see if I can find time to create and post some Wireshark and Fiddler dumps to settle this once and for all.

I don't understand. People are complaining about shit coming from Microsoft's own site and expressed in their own privacy "agreements". Microsoft openly admits to having a backdoor to exfil whatever they want and your fed up with people making stuff up?

https://technet.microsoft.com/...

Personally, I don't care

[jenningsthecat]

The founder of the company has sided with the DOJ against Apple. And Microsoft seems only to have gotten worse since Gates handed over the reins. That tells me all I need to know about Microsoft's trustworthiness as far as user privacy is concerned. Even if telemetry truly can be fully disabled, who's to say it won't be re-introduced without notice? Microsoft is sneaky that way.

I almost wish I was still a Windows user so I could quit in protest, but I moved to Linux almost 10 years ago and haven't looked back. I feel for those who are stuck with it, for whatever reason. I never thought I would say this, but if my only two choices were Apple and MS, I'd choose Apple.

Re:A Nice Breakdown from Microsoft!!

[Maritz]

They're only equivalent if you're completely incapable of nuanced thought.

I've seen this before

[Sax+Russell+5449D29A]

Microsoft sure knows how to dig a big hole and fall in it. With Windows 8 it was the infamous Metro UI. Now with Windows 10 it's an all-out user spying program, one you can't really even turn off. Who the hell makes these decisions?! Anyone here could've told them it's a really bad idea and skilled security analysts would easily find out about all the semi-hidden "features".

It's as if they want to fail time after time, like a sadomasochistic hamster that enjoys electric shocks.

Valve will save me

[some+old+guy]

I run a windows boot for gaming only. Tried the *free win 10 upgrade* and after 20 minutes of unidentified net traffic and hideous I lag was reinstalling win 7.

Solution? Since Steam now has Mac ports for pretty much everything I play, the next gaming rig will be an incredibly over-priced Mac Pro.

I feel for the poor sods who are stuck with win 10 as a work platform or are too uninterested/uninformed to make a better choice for home use.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Change registry settings?

[Alwin+Henseler]

You can turn off Windows Update by setting the following registry entries:
Add a REG_DWORD value called DoNotConnectToWindowsUpdateInternetLocations to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate and set the value to 1.
-and-
Add a REG_DWORD value called DisableWindowsUpdateAccess to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate and set the value to 1.

Even something as straightforward as changing a registry setting, is beyond the skillset (or willingness, or caring enough) of the majority of average PC users. That is: if PC is actually under users' direct control - in a corporate setting, it often won't be. Imho any OS should by default send out / retrieve as little as practical from network sources. Beyond that, network access should be user-triggered, enabled on an individual services / application level.

But what struck me while going through the TechNet article, is its length. Are you supposed to check that many settings all over the place, and then repeat to check or re-set those settings each time some update(s) are applied?

That could be a full-time job. Unless you bring in the help of 3rd party software, which -under the hood- may behave as nasty as Win10 itself. Given these facts, I'd say that if you control PC('s) you work on, you have basically 3 choices at this point:

• a) Even if you're just a regular user, act like a sysadmin and spend a disproportionate amount of time to re-set settings & regularly re-check those after updates are applied.
• b) All your data are belong to MS (and perhaps 3-letter US agencies, too). Or run some random 3rd party software to fix (?) things, and possibly have all your data are belong to them. :-)
• c) Side-step the problem entirely and run some other OS.

Choose wisely, and know this: your time isn't "free".

Re:Be informed

I work in an enterprise and can tell you that Microsoft does provide the ability to disable all remote connectivity, including those connections used for its telemetry services. You just need to actually do the research on how to achieve the desired results. I have seen the Win 10 hate thread abound, and would just like to say that rather than childishly gripping about the company that produced the software, how about an intelligent conversation about what MS improved from a UI, usability, and security perspective? I am a firm believer in the right tool for the right job, and personally employ several flavors of Linux to achieve the technology goals I set. Blind hate only makes you uniformed, come to the light side.

The only job that Windows is the 'right tool' for is running programs that were written for Windows, where no Free alternative exists, and that can't be made to run via WINE or something similar.

Besides, this is not only a matter of being pragmatic. Using the right tool for the right job makes sense, but an operating system that contains telemetry with no easy way to turn it off (not all home users have access to Enterprise editions, and even fewer would know how to edit the registry, etc, without fouling something up) means that the Operating System now not only doesn't do what I tell it to do (disable all telemetry), but it now gives ads on the lock screen, reinstalls apps to "try Office" or "try Skype" after updates, and so on. That's the definition of malware, and, as such, has no place on any computer that I have control over.

Telemetry = spying END OF DISCUSSION.

[TractorBarry]

> what they are doing with the telemetry data that Windows 10 is collecting ?

They're spying on you with no way to turn it off. That *IS* what they're doing. Windows 10 *IS* spyware. let's go through the questions... again...

1 Downloads itself to your machine without you specifically asking for it ? YES

2 Aggressively attempts to install itself taking over your computer in the process ? YES

3 Sends unknown and/or encrypted data to unknown third parties ? YES

4 Sends personally identifying information to unknown third parties ? YES

5 Easy to remove ? NO

Hmmm... Looks like spyware, smells like spyware, walks like spyware and talks like spyware. Windows 10 *IS* spyware.

Anyone willingly using it is a moron. Microsoft shills go f**** yourself.

Re:A Nice Breakdown from Microsoft!!

[PetiePooo]

A new record! The top post immediately invokes Godwin's Law. WTG!!!

All references to that aside, though, holy cow! Let's not make it easy for anyone, and make sure those running the cheapest versions have no choice...

No thanks.

Re: SubjectsInCommentsAreStupidCauseTheSubjectIsTF

Watch out! We got a badass over here!

Beta Test

[ISoldat53]

Didn't MS test this OS? Telemetry collection seems like a universal beta test. "Let put this stuff out there then see what happens. Then fix that."