It can and will last, for the same reason IPv6 has not been implemented by any major consumer ISP for the last decade: No-one wants to be the first, with all the difficulty that would surely bring.
"Microsoft services could always bypass the security if they wanted"
I can confirm that they do indeed do this. The firewall can stop some of the unwanted traffic by configuring blocks for specific IP ranges, but not all of it. Even if you block everything both by default policy and by rule, traffic from some sources can still be observed. I'm currently experimenting with a combination of the windows firewall and the hosts file, to see if together they catch everything.
I did notice that almost all the coverage from the US was focused on the possibility of it traveling to the US. No-one there seemed to much care about an epidemic halfway around the world, but the news channels carried a constant stream of fear about it coming to America.
Maybe for individuals. For species, the 'tasty' adaptation ensures they will flourish in numbers impossible without human aid, and spread to almost every continent and island.
Even when it's set to deny everything by default, lots gets through. Even the Maps app!
I think there might be some sort of hidden hard-coded rule that always permits signed apps, or something like that. But all the login.live.com and onedrive-related traffic is blockable by the Windows firewall. Partially effective. I've not even started on playing with the hosts file yet.
Got another one. vortex-win.data.microsoft.com IP 65.55.44.109. Note that I've got everything in 65.52.0.0/14 blocked by the firewall, which conclusively shows that some Windows services are able to disregard the Windows firewall. IP range blocks there can reduce the spying, but not eliminate it, and because of all the mixing of servers may also block updates in the attempt.
Made an error in pasting there, sorry - got the IPs mixed up. The mysterious ip is actually 65.55.138.111. I looked in the TLS negotiation and saw the hostname specified as sls.update.microsoft.com - so yes, it appears that some processes do have the ability to ignore Windows own firewall. Also my nslookup query for sls.update.microsoft.com just changed, so I can confirm that theory. Probably load balancing.
65.52.108.33 is the spymaster, licensing.md.mp.microsoft.com.
The firewall blocks almost all spying traffic, but there is an exception. I'm still seeing connections to 65.52.108.33 even with a firewall block, and sometimes 65.52.108.33. I think I know why. The latter of these is licensing.md.mp.microsoft.com, and the former shares the same range allocation. The hostname suggests they may relate to DRM in some way, probably for the app store, so it is possible they are coming from a service which has privileges beyond the normal as an anti-tamper or anti-reverse-engineering measure. Like being able to ignore the firewall.
licensing.md.mp.microsoft.com is particularly troublesome, because it's the one that I noticed getting contacted every time you run any app using the new interface API, including even trivial ones like the calculator or image viewer. I do not know what 65.52.108.33 is, but I don't see any mention of it in the DNS query responses, which suggests it may be a hard-coded address.
Microsoft doesn't appear to segregate their network by function very much - content delivery, update and licensing servers all share the same IP ranges. I suspect they may move around if I watch long enough, to judge by the short TTL in DNS. Makes it difficult to filter the spying without disabling updates too.
Windows 10 assumes the user to be technologically ignorant because the vast majority of computer users *are*.
Computers have matured to the point where, like cars, you need only the vaguest idea how they work in order to use them. There was a time when anyone who wanted to drive a car needed to be familiar with the technology in order to carry out frequent maintenance and repair the many breakdowns in the field - that is where computers used to be. Now the car is a mature technology people can stop worrying about how their car works and treat it as a magic moving box, needing to contact an expert only on the rare occasions it goes wrong. That almost works for computers too now.
Almost all. At least MS is being sensible here and making sure only they can spy on it, not half the internet via traffic interception. The only unencrypted thing I've found are updates for the live tiles, which are plain old HTTP grabbing mostly XML files.
3) Those are the obvious options. There are many more burried all over the place, under control panel and settings, every one of which is invasive-by-default. It's quite the quest to find them all, and even when you do find them all you only run into 1) anyway - you've reduced the spying a bit, but not eliminated it.
You can't even run calculator or the image viewer without Microsoft knowing. Really. Every time you do, it establishes a connection to licensing.md.mp.microsoft.com. I think it does that for all the new-style-interface apps, perhaps checking for revocation or collecting usage statistics.
I have been examining Windows Ten with a packet sniffer, and can confirm both of these claims. Even if you disable cortana and searching bing from the start menu, typing anything in there still results in a connection to a server associated with Bing - I don't know what's in that connection, as it's TLS. I've also confirmed that it does attempt to update the live tiles even when said tiles have been removed, as I see connections to servers such as foodanddrink.tile.appex.bing.com.
If you delete the permit rules for Windows services and spying, they come back. Protected rules.
But on Windows firewall, a deny always overrules a permit - if you explicitly deny the unwanted IP ranges, this does hold. At least in my testing so far - I've found one range that acts oddly and I think may be bypassing the firewall, but I need to confirm this.
A number of subdomains. Update.microsoft.com, sls.update.microsoft.com, download.windowsupdate.com. All of which CNAME to akadns domains, so the IP you get may not be the same I get. Unfortunately update.microsoft.com is in the same IP range as one of the arch-spy servers, licensing.md.mp.microsoft.com.
If you are filtering on DNS, it's easy: Just block everything under microsoft.com except for update.microsoft.com and windowsupdate.com, and block everything under bing and msn just to be safe. But by IP range, much more difficult as addresses are subject to change and may vary by region. You could just block everything allocated to Microsoft, but then you lose updates.
IP-range-wise it's all over the place - but DNSly, if you take out everything under microsoft.com except for update.microsoft.com and subdomains, I think that might do it.
I've been trying that. So far nothing catastrophic has happened - though you do lose access to most cloudy Microsoft services. No store, no bing, no Cortana. You can always remove the block if you need to use them. I'm also having difficulty allowing Windows updates through. Shared IP ranges.
I don't know if hosts.txt can, but Windows own firewall certainly can. Though I've not figured out which addresses I need to exclude in order to avoid breaking windows update as well. I compiled a list by monitoring traffic, whoising every address that came up and blocking any allocations assigned to Microsoft. That took out the monitoring - along with Bing, updates and the store. My list might be incomplete though, as they may use different servers depending upon geographic location.
For now, mostly. Microsoft has a problem here: Selling software worked in the past because there was a constant upgrade cycle to drive sales. All those new computers getting replaced after two years kept a constant stream of OEM licenses shifting, and every couple of years they could bring out a new version of Windows or Office that promised and delivered revolutionary improvements* so people would be climbing over other in the rush to upgrade.
Now? Their software reached 'good enough.' They had a nightmare of a time trying to get people to migrate away from Windows XP because it was well suited to everyone's needs, and Windows 7 was already promising to be just as hard to get rid of. Who wants to keep buying new Office versions when all they need is text editing and a spellcheck? Even the upgrade cycle for hardware slows, computers can last five years or longer now. Back in the 00s you couldn't get one home from the shop before it was halfway to obsolescence.
So they are trying to move away from selling software now, and into selling services. See Office 365, for instance. Windows is no longer to be a product in itsself, but - in a business model pioneered to great success by Apple - a driver for may other products. Like the Windows store. It turns every Windows installation into a means for generating Windows store customers and sales.
Microsoft aren't trying to expand. They are trying to replace their old business model with one that doesn't make them dependent on a constant upgrade cycle.
The Siri remote processing is for practical reasons, not business: The Siri engine is subject to constant revisions and optimisations by Apple, including even the voice recognition. It wouldn't be practical to update a very large application on a phone every two days, so they host almost all of it on their own servers. The phone part is just a minimal client.
You're right, though: Everyone spies. Customer data is very valuable as a means to come to business decisions and as a means of optimally flogging people more products. It's pretty much inescapable online.
See those facebook like buttons on so many sites? Those aren't just to 'like' the page. They are hot-link images, loaded from Facebook's server, with a cookie. So even when you are not using Facebook they can still determine what sites you access and when.
Any time you use the internet without the type of firewall and filtering that comes with a free roll of aluminium foil it is safe to assume you are being monitored by at least a few companies, and likely everything you do is also logged by one or two government agencies for analysis.
Slashdot Mirror
It can and will last, for the same reason IPv6 has not been implemented by any major consumer ISP for the last decade: No-one wants to be the first, with all the difficulty that would surely bring.
"Microsoft services could always bypass the security if they wanted"
I can confirm that they do indeed do this. The firewall can stop some of the unwanted traffic by configuring blocks for specific IP ranges, but not all of it. Even if you block everything both by default policy and by rule, traffic from some sources can still be observed. I'm currently experimenting with a combination of the windows firewall and the hosts file, to see if together they catch everything.
I did notice that almost all the coverage from the US was focused on the possibility of it traveling to the US. No-one there seemed to much care about an epidemic halfway around the world, but the news channels carried a constant stream of fear about it coming to America.
Maybe for individuals. For species, the 'tasty' adaptation ensures they will flourish in numbers impossible without human aid, and spread to almost every continent and island.
Even when it's set to deny everything by default, lots gets through. Even the Maps app!
I think there might be some sort of hidden hard-coded rule that always permits signed apps, or something like that. But all the login.live.com and onedrive-related traffic is blockable by the Windows firewall. Partially effective. I've not even started on playing with the hosts file yet.
Got another one. vortex-win.data.microsoft.com IP 65.55.44.109. Note that I've got everything in 65.52.0.0/14 blocked by the firewall, which conclusively shows that some Windows services are able to disregard the Windows firewall. IP range blocks there can reduce the spying, but not eliminate it, and because of all the mixing of servers may also block updates in the attempt.
Made an error in pasting there, sorry - got the IPs mixed up. The mysterious ip is actually 65.55.138.111. I looked in the TLS negotiation and saw the hostname specified as sls.update.microsoft.com - so yes, it appears that some processes do have the ability to ignore Windows own firewall. Also my nslookup query for sls.update.microsoft.com just changed, so I can confirm that theory. Probably load balancing.
65.52.108.33 is the spymaster, licensing.md.mp.microsoft.com.
Because it appears to work... almost.
The firewall blocks almost all spying traffic, but there is an exception. I'm still seeing connections to 65.52.108.33 even with a firewall block, and sometimes 65.52.108.33. I think I know why. The latter of these is licensing.md.mp.microsoft.com, and the former shares the same range allocation. The hostname suggests they may relate to DRM in some way, probably for the app store, so it is possible they are coming from a service which has privileges beyond the normal as an anti-tamper or anti-reverse-engineering measure. Like being able to ignore the firewall.
licensing.md.mp.microsoft.com is particularly troublesome, because it's the one that I noticed getting contacted every time you run any app using the new interface API, including even trivial ones like the calculator or image viewer. I do not know what 65.52.108.33 is, but I don't see any mention of it in the DNS query responses, which suggests it may be a hard-coded address.
Microsoft doesn't appear to segregate their network by function very much - content delivery, update and licensing servers all share the same IP ranges. I suspect they may move around if I watch long enough, to judge by the short TTL in DNS. Makes it difficult to filter the spying without disabling updates too.
Windows 10 assumes the user to be technologically ignorant because the vast majority of computer users *are*.
Computers have matured to the point where, like cars, you need only the vaguest idea how they work in order to use them. There was a time when anyone who wanted to drive a car needed to be familiar with the technology in order to carry out frequent maintenance and repair the many breakdowns in the field - that is where computers used to be. Now the car is a mature technology people can stop worrying about how their car works and treat it as a magic moving box, needing to contact an expert only on the rare occasions it goes wrong. That almost works for computers too now.
I can't tell you what, but I can tell you where: licensing.md.mp.microsoft.com. You can see the DNS lookup too, and the IP matches.
The updates are the one contact to Microsoft I don't want to disable.
Almost all. At least MS is being sensible here and making sure only they can spy on it, not half the internet via traffic interception. The only unencrypted thing I've found are updates for the live tiles, which are plain old HTTP grabbing mostly XML files.
3) Those are the obvious options. There are many more burried all over the place, under control panel and settings, every one of which is invasive-by-default. It's quite the quest to find them all, and even when you do find them all you only run into 1) anyway - you've reduced the spying a bit, but not eliminated it.
You can't even run calculator or the image viewer without Microsoft knowing. Really. Every time you do, it establishes a connection to licensing.md.mp.microsoft.com. I think it does that for all the new-style-interface apps, perhaps checking for revocation or collecting usage statistics.
I have been examining Windows Ten with a packet sniffer, and can confirm both of these claims. Even if you disable cortana and searching bing from the start menu, typing anything in there still results in a connection to a server associated with Bing - I don't know what's in that connection, as it's TLS. I've also confirmed that it does attempt to update the live tiles even when said tiles have been removed, as I see connections to servers such as foodanddrink.tile.appex.bing.com.
I've been testing the Windows firewall.
If you delete the permit rules for Windows services and spying, they come back. Protected rules.
But on Windows firewall, a deny always overrules a permit - if you explicitly deny the unwanted IP ranges, this does hold. At least in my testing so far - I've found one range that acts oddly and I think may be bypassing the firewall, but I need to confirm this.
I do not yet know, but intend to test this on Friday.
I've been doing it by IP range, watching a fresh Windows 10 install to see what it contacts.
65.52.108.0/14 #update.microsoft.com, licensing.md.mp.microsoft.com, v10.vortex-win.data.microsoft.com. Update has an alternate in another range.
104.40.0.0/13
204.79.196.0/23 #Start menu searches.
23.93.0.0/13
157.54.0.0/15
157.60.0.0/16
191.236.0.0/14
207.46.0.0/16
131.253.62.0/23
131.253.64.0/18
131.253.61.0/24 #login.live.com
131.253.128.0/17
191.232.0.0/14 #settings-win.data.microsoft.com
#Do not block these, required for updates:
#157.56.0.0/14 #sls.update.microsoft.com
#191.232.0.0/14 #windowsupdate.microsoft.com
I also had to block all subdomains for appex.bing.com, appex-rf.msn.com and cms.msn.com. Can't IP-block those as they are CDNs.
A number of subdomains. Update.microsoft.com, sls.update.microsoft.com, download.windowsupdate.com. All of which CNAME to akadns domains, so the IP you get may not be the same I get. Unfortunately update.microsoft.com is in the same IP range as one of the arch-spy servers, licensing.md.mp.microsoft.com.
If you are filtering on DNS, it's easy: Just block everything under microsoft.com except for update.microsoft.com and windowsupdate.com, and block everything under bing and msn just to be safe. But by IP range, much more difficult as addresses are subject to change and may vary by region. You could just block everything allocated to Microsoft, but then you lose updates.
IP-range-wise it's all over the place - but DNSly, if you take out everything under microsoft.com except for update.microsoft.com and subdomains, I think that might do it.
I've been trying that. So far nothing catastrophic has happened - though you do lose access to most cloudy Microsoft services. No store, no bing, no Cortana. You can always remove the block if you need to use them. I'm also having difficulty allowing Windows updates through. Shared IP ranges.
I don't know if hosts.txt can, but Windows own firewall certainly can. Though I've not figured out which addresses I need to exclude in order to avoid breaking windows update as well. I compiled a list by monitoring traffic, whoising every address that came up and blocking any allocations assigned to Microsoft. That took out the monitoring - along with Bing, updates and the store. My list might be incomplete though, as they may use different servers depending upon geographic location.
Porn used to be made artificially scarce, before the internet made prohibition unenforceable.
"Microsoft sells software,"
For now, mostly. Microsoft has a problem here: Selling software worked in the past because there was a constant upgrade cycle to drive sales. All those new computers getting replaced after two years kept a constant stream of OEM licenses shifting, and every couple of years they could bring out a new version of Windows or Office that promised and delivered revolutionary improvements* so people would be climbing over other in the rush to upgrade.
Now? Their software reached 'good enough.' They had a nightmare of a time trying to get people to migrate away from Windows XP because it was well suited to everyone's needs, and Windows 7 was already promising to be just as hard to get rid of. Who wants to keep buying new Office versions when all they need is text editing and a spellcheck? Even the upgrade cycle for hardware slows, computers can last five years or longer now. Back in the 00s you couldn't get one home from the shop before it was halfway to obsolescence.
So they are trying to move away from selling software now, and into selling services. See Office 365, for instance. Windows is no longer to be a product in itsself, but - in a business model pioneered to great success by Apple - a driver for may other products. Like the Windows store. It turns every Windows installation into a means for generating Windows store customers and sales.
Microsoft aren't trying to expand. They are trying to replace their old business model with one that doesn't make them dependent on a constant upgrade cycle.
*Except ME. That sucked.
The Siri remote processing is for practical reasons, not business: The Siri engine is subject to constant revisions and optimisations by Apple, including even the voice recognition. It wouldn't be practical to update a very large application on a phone every two days, so they host almost all of it on their own servers. The phone part is just a minimal client.
You're right, though: Everyone spies. Customer data is very valuable as a means to come to business decisions and as a means of optimally flogging people more products. It's pretty much inescapable online.
See those facebook like buttons on so many sites? Those aren't just to 'like' the page. They are hot-link images, loaded from Facebook's server, with a cookie. So even when you are not using Facebook they can still determine what sites you access and when.
Any time you use the internet without the type of firewall and filtering that comes with a free roll of aluminium foil it is safe to assume you are being monitored by at least a few companies, and likely everything you do is also logged by one or two government agencies for analysis.