Microsoft finally reveals what data Windows 10 collects from your PC

[nightstrike]

One the big misconceptions on this subject is that Windows 10 introduced telemetry to Windows and Microsoft backported ALL telemetry collection to 7 and 8.1.

No, people are saying that you can disable it on 7.

And honestly I have no idea how 7 would run on modern hardware. Professional reviewers aren't testing GPUs or games under 7 or 8.1 these days.

http://www.anandtech.com/show/10968...w-review-the-new-stock-performance-champion/2

Turns out pretty well. I personally run 7 on an i7-6700k paired with a strix 1080 OC. It's perfect.

 

[auntjemima]

NOPE.

Forced updates and telemetry running in the background = more possibility of conflict.

Win10 has already bricked a few of my not so tech savvy friends' pc's and laptops during updates that they didnt even know of.

WIn7 on the other hand has been running flawlessly , no forced updates, no 3000+ telemetry collection pts and no driver issues.

And uninstalling some windows updates, you can turn telemetry on win7 OFF.

m$ SHit tier credit rating is shit tier , it fact for me and alot of other people.

Soooo.... let me get this straight. You complain that the difficulty required to remove telemetry in Windows 10 is above the average user because it requires you to edit the registry (hands on approach) or run a program (hands off) but you think that the average user will know how to remove certain updates and know the correct ones?

 

[heatlesssun]

No, people are saying that you can disable it on 7.

And you can disable it on 10.

http://www.anandtech.com/show/10968...w-review-the-new-stock-performance-champion/2

Turns out pretty well. I personally run 7 on an i7-6700k paired with a strix 1080 OC. It's perfect.

Cool. My rig is running great for games under 10 with things here and there that aren't 7 compatible.

 

[Iceshot]

And you can disable it on 10.



Cool. My rig is running great for games under 10 with things here and there that aren't 7 compatible.

heatlesssun - STOP with the blatant disinformation! NO, you cannot fully disable it. 3rd party utilities are only effective to a point and do not 100% stop Telemetry. Furthermore, as I mentioned NUMEROUS times Microsoft actively and aggressively breaks the changes these utilities make in undocumented changes embedded in normal patches that frequently have nothing to do with Telemetry. Additionally, Microsoft has embedded Super User access and a Privacy Agreement that gives them the legal right to access and download any and all of your data. You can "argue" (poorly IMO) all you want Microsoft is not helping itself to any and all data that it wants, what is NOT up for debate is the documented fact that it has deeply embedded from scratch the means to do it in Windows 10 and has written a legal contract (Privacy Policy & TOS) to harvest any and all data Carte Blanche.

Link us just ONE 3rd party utility that claims it offers a 100% data mining / Telemetry free experience. It does not exist and cannot exist for the reasons cited above.

 

[heatlesssun]

heatlesssun - STOP with the blatant disinformation! NO, you cannot fully disable it. 3rd party utilities are only effective to a point and do not 100% stop Telemetry.

Nope. Again, the processes are well documented. If you want to show specifically what I've pointed to is wrong or misleading, then point to specifics. Yes, you can stop all telemetry by shutting down the services, shutting down Windows Update and Defender and blocking ports. It's the same process that enterprises use to stop and data being sent to Microsoft.

 

[Iceshot]

Nope. Again, the processes are well documented. If you want to show specifically what I've pointed to is wrong or misleading, then point to specifics. Yes, you can stop all telemetry by shutting down the services, shutting down Windows Update and Defender and blocking ports. It's the same process that enterprises use to stop and data being sent to Microsoft.

See, this is a prime example of my formerly spoken criticism of you. I'll make a case and point with specifics aimed at you. This is what happens...

1) You ignore significant data points I make, cherry pick a line or two of what I said and either....

A) Proclaim it all to be false with short erroneous statements that focus on personal opinions and observations rather than debate me directly "line for line" of what I'm claiming

B) Reply with Strawman arguments (ie fallacy's)

It's beyond obvious at this point having a structured intelligent debate with you over our opposing claims is a waste of time. When it comes to Windows 10, you seem only interested in voicing speculative opinions, false narratives, and being a shill for Microsoft feigning objectivity when I and others call you out for the incorrect information you spew on this subject (Windows 10 & Telemetry / mass data harvesting). I don't think your bad guy or that you don't post things of meaning and or merit. But on this specfic subject, you are unwilling or unable to grasp the greater context's and apply critical thinking.

 

[heatlesssun]

See, this is a prime example of my formerly spoken criticism of you. I'll make a case and point with specifics aimed at you. This is what happens...

1) You ignore significant data points I make, cherry pick a line or two of what I said and either....

A) Proclaim it all to be false with short erroneous statements that focus on personal opinions and observations rather than debate me directly "line for line" of what I'm claiming

B) Reply with Strawman arguments (ie fallacy's)

It's beyond obvious at this point having a structured intelligent debate with you over our opposing claims is a waste of time. When it comes to Windows 10, you seem only interested in voicing speculative opinions, false narratives, and being a shill for Microsoft feigning objectivity when I and others call you out for the incorrect information you spew on this subject (Windows 10 & Telemetry / mass data harvesting). I don't think your bad guy or that you don't post things of meaning and or merit. But on this specfic subject, you are unwilling or unable to grasp the greater context's and apply critical thinking.

All I said was to point out anything specifically I said wasn't true. Telemetry in Windows 10, the data being sent to Microsoft comes from four main sources in 10, Cortana, OneDrive and the other cloud based capabilities in Windows, telemetry services, Windows Update and Windows Defender. All three can be disabled and in conjunction with port blocking, any version of Windows 10 can effectively be blocked from sending telemetry and the process isn't fundamentally from enterprise Windows 10 deployments, the big difference being Active Directory policies that can be used to control these things better than straight programmatic or manual changes.

And yes, Microsoft could changes the steps to disable all telemetry, which won't happen automatically at least if one has disabled updates, just like enterprise deployments. As I've pointed about other things, like Control Panel being removed from the Power-X Menu, the configurability of Windows extends well beyond the UI. Microsoft could but in the box any number of switches to do the things that are possible. Disabling ALL information to Microsoft is not magic not difficult with 3rd party tools. It's just not in the box and Microsoft clearly doesn't want consumers to do it.

For the billionth time since this was an issue I've said that Microsoft should but in the box a switch to do the things that are possible via other methods. It's simply become too much of distraction with people just making up facts and not even bothering to research the issue other than to score internet points.

 

[ManofGod]

See, this is a prime example of my formerly spoken criticism of you. I'll make a case and point with specifics aimed at you. This is what happens...

1) You ignore significant data points I make, cherry pick a line or two of what I said and either....

A) Proclaim it all to be false with short erroneous statements that focus on personal opinions and observations rather than debate me directly "line for line" of what I'm claiming

B) Reply with Strawman arguments (ie fallacy's)

It's beyond obvious at this point having a structured intelligent debate with you over our opposing claims is a waste of time. When it comes to Windows 10, you seem only interested in voicing speculative opinions, false narratives, and being a shill for Microsoft feigning objectivity when I and others call you out for the incorrect information you spew on this subject (Windows 10 & Telemetry / mass data harvesting). I don't think your bad guy or that you don't post things of meaning and or merit. But on this specfic subject, you are unwilling or unable to grasp the greater context's and apply critical thinking.

It is beyond obvious that having a structured, intelligent debate means agreeing with you only. That and if a person does not show hate and anger at Windows 10, they cannot have a structured or intelligent debate.

It should not surprise me though.

 

[HoffY]

you are unwilling or unable to grasp the greater context's and apply critical thinking.

You can add his brother to that classification as well.

 

[HoffY]

It is beyond obvious that having a structured

No prizes for second.

 

[ManofGod]

No prizes for second.

Yep, your standard response, good luck with that, since what you said is saying nothing at all. LOL to the Microsoft has a super user mode that allows them to steal all you data. Do you have proof of this? Not something that is claimed to be written down that allows it but actual proof of it being done? Can you or Iceshot do it on my machine, right now?

 

[HoffY]

to the Microsoft has a super user mode that allows them to steal all you data

You are on drugs. I have never said such a thing.

Please keep your faith based mentalities to yourself. Just because you dream something up and believe, doesn't make it so.

 

[martianho]

Keep our informations private is impossible today. Every website, devices or apps are taking some informations, we can't control all.

 

[Nenu]

Keep our informations private is impossible today. Every website, devices or apps are taking some informations, we can't control all.

Having no backbone is no excuse for laying down on the job.
You could crawl at minimum.

 

[ManofGod]

Having no backbone is no excuse for laying down on the job.
You could crawl at minimum.

Telling the truth does not mean he is making no effort to keep his stuff secure.

 

[ManofGod]

You are on drugs. I have never said such a thing.

Please keep your faith based mentalities to yourself. Just because you dream something up and believe, doesn't make it so.

Did I ever say that you said that? So, you have nothing left to go on so you attack my faith in God and Jesus? Ok, your choice. Me, what I said is what I said.

 

[Nenu]

Telling the truth does not mean he is making no effort to keep his stuff secure.

You have no idea if he does, making things up seems to be par for the course these days.
He is defeatist.
You should be thankful some people stand up for what is right.

 

[lilbabycat]

http://www.hipaaone.com/wp-content/...ance-with-Microsoft-Windows-10-Enterprise.pdf

When using any desktop operating system, the default configuration may violate HIPAA.

To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft,theWindows Restricted Traffic Limited Functionality Baselinemay be applied. This baseline wascreated in the same way as the Windows security baselines that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of thesettings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Be sure you've chosen the right settings configuration for your environment before applying.

Appendix A: Suggested Active Directory Administrative Settings and Registry settings for Data Security and Cloud Communications with Packet Captures

(three pages of settings)

The results of a workstation with the applied above configuration showed conversations kicked-off to the Internet during a 1 hour turn-on, login and wait period. For a copy of the data sniffer traces in PCAPNG format click here. A DNS query of packet communications shows limited communications for DNS purposes, and Microsoft Activation.

http://www.hipaaone.com/wp-content/uploads/2017/01/win10Run1.zip

This is a list of DNS Queries from the WireShark packet capture exercise (Local Area Network Domain references were removed):

DNS.MSFTNCSI.COM
WIN10.IPV6.MICROSOFT.COM
CLIENT.WNS.WINDOWS.COM
BN3SCH020020359.WNS.WINDOWS.COM
FE2.UPDATE.MICROSOFT.COM
FE2.UPDATE.MICROSOFT.COM
GEOVER-PROD.DO.DSP.MP.MICROSOFT.COM
GEO-PROD.DO.DSP.MP.MICROSOFT.COM
KV401-PROD.DO.DSP.MP.MICROSOFT.COM
CP401-PROD.DO.DSP.MP.MICROSOFT.COM
DISC401-PROD.DO.DSP.MP.MICROSOFT.COM
ARRAY406-PROD.DO.DSP.MP.MICROSOFT.COM
ARRAY408-PROD.DO.DSP.MP.MICROSOFT.COM
ARRAY403-PROD.DO.DSP.MP.MICROSOFT.COM
ARRAY407-PROD.DO.DSP.MP.MICROSOFT.COM

So even with extensive disabling of telemetry on ENTERPRISE Edition of Win10, still phoning home to MS.

(suck it heatlesssun)

 

[zero2dash]

^^^ Thanks for links, very interesting.

 

[DPI]

^ I wasn't aware our resident Baghdad-Microsoft-Bob was even peddling the line that Telemetry can be disabled in Enterprise. It can't. The lowest level it goes is "Security", which is still transmitting IPs and unique IDs.
Most small and midsized businesses can't afford Enterprise licensing anyway.

You'd have to be insane to install Windows 10 within 100 yards of any business, even Enterprise; especially if dealing with any kind of sensitive information.

The garage hacks that attempt to disable telemetry by stopping services and hacking the registry have no guarantee of working and Windows can flip these services back on when you're not paying attention or after any update; former tweaks like hosts file entries don't work anymore since MS has hard-coded their spy servers to bypass it. Add those domains and IPs to your firewall to block them? Sure, but you'll always be playing whack-a-mole as new ones come online silently.

With the Basic telemetry being more than 2000 pieces of data being collected, I shudder to think what the Default/Recommended Full level is harvesting from unsuspecting users.

 

[heatlesssun]

So even with extensive disabling of telemetry on ENTERPRISE Edition of Win10, still phoning home to MS.

(suck it heatlesssun)

LOL! Most of these are certificate servers, if you don't disable Windows Update, duh, Windows since XP has pinged Windows Update servers. But the first one is the one I find most interesting that people freak out about. It's for internet connectivity indicator which controls the yellow bang in task bar notification.

 

[tetris42]

our resident Baghdad-Microsoft-Bob

That's good.

 

[heatlesssun]

^ I wasn't aware our resident Baghdad-Microsoft-Bob was even peddling the line that Telemetry can be disabled in Enterprise. It can't.

Yes it can. We're deploying it at work where you have to do it for 200k bank PCs. Good grief.

You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft.

https://technet.microsoft.com/itpro...ts-to-microsoft-services#BKMK_TelemetryLevels

 

[KG-Prime90]

Enterprise LTSB 14393 Wireshark logs

Spoiler: suck it?

# Resolved addresses found in C:\Users\Kg\AppData\Local\Temp\wireshark_BC9730A2-...................pcapng

# Comments
#
# No entries.

# Hosts
#
# 88 entries.

kube-nimbus-1822964958.ap-northeast-1.elb.amazonaws.com
kube-nimbus-471965604.us-west-2.elb.amazonaws.com
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
hq.nimbus.bitdefender.net
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
hq.nimbus.bitdefender.net
hq.nimbus.bitdefender.net
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
hq.nimbus.bitdefender.net
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
kube-nimbus-471965604.us-west-2.elb.amazonaws.com
kube-nimbus-471965604.us-west-2.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
gs1.wpc.v2cdn.net
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-471965604.us-west-2.elb.amazonaws.com
kube-nimbus-1822964958.ap-northeast-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-1822964958.ap-northeast-1.elb.amazonaws.com
kube-nimbus-471965604.us-west-2.elb.amazonaws.com
kube-nimbus-1822964958.ap-northeast-1.elb.amazonaws.com
kube-nimbus-1822964958.ap-northeast-1.elb.amazonaws.com
kube-nimbus-1822964958.ap-northeast-1.elb.amazonaws.com
kube-nimbus-471965604.us-west-2.elb.amazonaws.com
kube-nimbus-471965604.us-west-2.elb.amazonaws.com
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
kube-nimbus-471965604.us-west-2.elb.amazonaws.com
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
antiphishing-sig.v1.bdnsrt.org
buddy.bitdefender.com
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
avc3--exc--free.v1.bdnsrt.org
kube-nimbus-1822964958.ap-northeast-1.elb.amazonaws.com
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com
ect ect....

AV off.

# Resolved addresses found in C:\Users\Kg\AppData\Local\Temp\wireshark_BC9730A2-C06A-47CD-B...pcapng



# Comments

#

# No entries.



# Hosts

#

# No entries.



# Services

#

# 6029 entries.



can-nds-ssl 3660/tcp

can-nds-ssl 3660/udp

ipass 2549/tcp

ipass 2549/udp

eicon-server 1438/tcp

eicon-server 1438/udp

qmtps 6209/tcp

qmtps 6209/udp

centerline 3987/tcp

centerline 3987/udp

sps-tunnel 2876/tcp

sps-tunnel 2876/udp

cft-4 1765/tcp

cft-4 1765/udp

aodv 654/tcp

aodv 654/udp

br-channel 5425/tcp

br-channel 5425/udp

choiceview-agt 4314/tcp

netwatcher-mon 3203/tcp

netwatcher-mon 3203/udp

hp-sca 19411/tcp

hp-sca 19411/udp

descent3 2092/tcp

descent3 2092/udp

ibm-rsyscon 9085/tcp

ibm-rsyscon 9085/udp

gf 3530/tcp

gf 3530/udp

attachmate-s2s 2419/tcp

attachmate-s2s 2419/udp

odsi 1308/tcp

odsi 1308/udp

dls 197/tcp

dls 197/udp

amberon 8301/tcp

amberon 8301/udp

trap-port 3857/tcp

trap-port 3857/udp

cpudpencap 2746/tcp

cpudpencap 2746/udp

edb-server1 1635/tcp

edb-server1 1635/udp

ncp 524/tcp

ncp 524/udp

universe_suite 4184/tcp

universe_suite 4184/udp

vcrp 3073/tcp

vcrp 3073/udp

biap-mp 1962/tcp

biap-mp 1962/udp

p-net-local 34378/tcp

p-net-local 34378/udp

csms2 3400/tcp

csms2 3400/udp

dict-lookup 2289/tcp

dict-lookup 2289/udp

sgi-storman 1178/tcp

sgi-storman 1178/udp

swtp-port2 9282/tcp

swtp-port2 9282/udp

bootps 67/tcp

bootps 67/udp

apm-link 32483/tcp

apm-link 32483/udp

varadero-1 4838/tcp

varadero-1 4838/udp

e-mdu 3727/tcp

e-mdu 3727/udp

appswitch-emp 2616/tcp

appswitch-emp 2616/udp

funkproxy 1505/tcp

funkproxy 1505/udp

embl-ndt 394/tcp

embl-ndt 394/udp

ife_icorp 5165/tcp

ife_icorp 5165/udp

ccu-comm-2 4054/tcp

ccu-comm-2 4054/udp

ttnrepository 2943/tcp

ttnrepository 2943/udp

tht-treasure 1832/tcp

tht-treasure 1832/udp

verismart 3270/tcp

verismart 3270/udp

gdbremote 2159/tcp

gdbremote 2159/udp

neod2 1048/tcp

neod2 1048/udp

vista-4gl 24249/tcp

vista-4gl 24249/udp

a14 3597/tcp

a14 3597/udp

netobjects2 2486/tcp

netobjects2 2486/udp

bytex 1375/tcp

bytex 1375/udp

bgmp 264/tcp

bgmp 264/udp

lonewolf-lm 6146/tcp

lonewolf-lm 6146/udp

cps 14250/tcp

cps 14250/udp

mpl-gprs-port 3924/tcp

mpl-gprs-port 3924/udp

llm-pass 2813/tcp

llm-pass 2813/udp

cognex-dataman 44444/tcp

deskshare 1702/tcp

deskshare 1702/udp

http-alt 591/tcp

http-alt 591/udp

fs-qos 41111/tcp

fs-qos 41111/udp

safetynetp 40000/tcp

safetynetp 40000/udp

serverwsd2 5362/tcp

serverwsd2 5362/udp

ariliamulti 3140/tcp

ariliamulti 3140/udp

hsrpv6 2029/tcp

hsrpv6 2029/udp

paragent 9022/tcp

paragent 9022/udp

speedtrace 33334/tcp

speedtrace-disc 33334/udp

qmvideo 5689/tcp

qmvideo 5689/udp

pago-services1 30001/tcp

pago-services1 30001/udp

rcst 3467/tcp

rcst 3467/udp

gxtelmd 2356/tcp

gxtelmd 2356/udp

isbconference2 1245/tcp

isbconference2 1245/udp

ingres-net 134/tcp

ingres-net 134/udp

x11 6016/tcp

x11 6016/udp

jaus 3794/tcp

jaus 3794/udp

commtact-http 20002/tcp

commtact-http 20002/udp

ncdloadbalance 2683/tcp

ncdloadbalance 2683/udp

chip-lm 1572/tcp

chip-lm 1572/udp

datasurfsrv 461/tcp

datasurfsrv 461/udp

sflow 6343/tcp

sflow 6343/udp

csedaemon 5232/tcp

e-builder 4121/tcp

e-builder 4121/udp

gw 3010/tcp

ect ect...



Log Name: Microsoft-Windows-DeviceSetupManager/Admin
Source: Microsoft-Windows-DeviceSetupManager
Date: 12/20/2016 2:56:52 PM
Event ID: 200
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: DESKTOP-KFHL6IM
Description:
A connection to the Windows Update service could not be established.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceSetupManager" Guid="{FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2}" />
<EventID>200</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2016-12-20T22:56:52.783034600Z" />
<EventRecordID>2958</EventRecordID>
<Correlation />
<Execution ProcessID="952" ThreadID="1448" />
<Channel>Microsoft-Windows-DeviceSetupManager/Admin</Channel>
<Computer>DESKTOP-KFHL6IM</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

--------------------

Dipshit extraordinaire says...

The garage hacks that attempt to disable telemetry by stopping services and hacking the registry have no guarantee of working and Windows can flip these services back on when you're not paying attention >FALSE

or after any update; >TRUE. But you don't HAVE to install Updates that break your shit .

former tweaks like hosts file entries don't work anymore since MS has hard-coded their spy servers to bypass it. >If you are talking about these they are not telemetry based. And from my testing, days, weeks, months of testing i have found these are the basic ones that cannot be blocked. However, they are harmless and useful some of them and i wouldn't block them anyway. I submit that there can or could be now or in the future and i'm aware of that, but currently i haven't found it. - Wireshark logs.

www.msdn.com
msdn.com
www.msn.com
msn.com
go.microsoft.com
msdn.microsoft.com
office.microsoft.com
microsoftupdate.microsoft.com
wustats.microsoft.com
support.microsoft.com
www.microsoft.com
microsoft.com
update.microsoft.com
download.microsoft.com
microsoftupdate.com
windowsupdate.com
windowsupdate.microsoft.com

Add those domains and IPs to your firewall to block them? Sure, but you'll always be playing whack-a-mole as new ones come online silently. Not hard really. There's lists poeple update. It's part of it, expected.

By the way did you happen to even read the paragraph DIRECTLY under the block of domains you posted from that pdf before you told heatsssun to suck it?

"Varying results are possible with additional programs installed outside of the base-installation of Windows 10 Enterprise. Therefore, any additional programs, applications or utilities installed that alter data communications are outside the scope of this whitepaper and should be considered when new applications are introduced."

Apparently not.

Suck it indeed.

 

[HoffY]

Did I ever say that you said that?

Yes. In the response you quoted me in, or was that just faithed out of existence because reasons?

It is beyond obvious that having a structured, intelligent debate

... is something you are not qualified to even speak about let a lone claim another does not possess when you yourself are a faith based individual (a.k.a the exact opposite of reason, objective fact and logic. a.k.a i can make up any rulse i want to try and justify my inability to see reality and fact).

So, you have nothing left to go on so you attack my faith in God and Jesus?

I have plenty left i could easily go on with. But i prefer not to waste my time pointing out objective facts to someone that BELIEVES whatever the fuck they like because faith. So i just prefer to make you chase your tail instead. not that you could get any more insane given your stance on invisible sky gods. Thats already pretty batshit cray cray. lol

 

[DPI]

Yes it can. We're deploying it at work where you have to do it for 200k bank PCs. Good grief.

https://technet.microsoft.com/itpro...ts-to-microsoft-services#BKMK_TelemetryLevels

It's like you never stop shoveling. No you cannot turn telemetry OFF in Enterprise. "Security" mode is the lowest telemetry setting that MS allows in Enterprise. That's not DISABLED. That's not OFF. It's still transmitting IP's, unique ID's and god knows what else.

 

[ManofGod]

Yes it can. We're deploying it at work where you have to do it for 200k bank PCs. Good grief.



https://technet.microsoft.com/itpro...ts-to-microsoft-services#BKMK_TelemetryLevels

No, no, It is, "Good grief, Charlie Brown."

 

[heatlesssun]

It's like you never stop shoveling. No you cannot turn telemetry OFF in Enterprise. "Security" mode is the lowest telemetry setting that MS allows in Enterprise. That's not DISABLED. That's not OFF. It's still transmitting IP's, unique ID's and god knows what else.

That's not the only thing you have to do and it's that guide what those steps are. Look, you can attack me personally all you want, enterprises are starting to roll out Windows 10, places like banks couldn't do that if there were no way to disable all of this. So you need to go and tell people way above our pay grades that they can't install Windows 10 in their organizations.

 

[DPI]

That's not the only thing you have to do and it's that guide what those steps are. Look, you can attack me personally all you want, enterprises are starting to roll out Windows 10, places like banks couldn't do that if there were no way to disable all of this. So you need to go and tell people way above our pay grades that they can't install Windows 10 in their organizations.

No, I don't actually "need" to go and tell anyone to do anything, because I don't take orders from nobodies on the internet. And I certainly don't care what anyone at a "bank" or anywhere else does about Windows 10.

I'm simply refuting that telemetry cannot be turned OFF in Enterprise, since Microsoft themselves have made clear that "Security" is the lowest telemetry setting that Enterprise goes. Maybe that's good enough, an acceptable compromise for some organizations, but that's not OFF. End of story.

 

[heatlesssun]

I'm simply refuting that telemetry cannot be turned OFF in Enterprise, since Microsoft themselves have made clear that "Security" is the lowest telemetry setting that Enterprise goes. Maybe that's good enough, an acceptable compromise for some organizations, but that's not OFF. End of story.

And you're huffing and puffing about something that you're simply wrong about. That document outlines how to turn off every single point of data that gets sent back to Microsoft.

 

[Tawnos]

No, I don't actually "need" to go and tell anyone to do anything, because I don't take orders from nobodies on the internet. And I certainly don't care what anyone at a "bank" or anywhere else does about Windows 10.

I'm simply refuting that telemetry cannot be turned OFF in Enterprise, since Microsoft themselves have made clear that "Security" is the lowest telemetry setting that Enterprise goes. Maybe that's good enough, an acceptable compromise for some organizations, but that's not OFF. End of story.

You keep refuting, and keep being wrong. Here's the github link to that doc, which states, in part: "To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections."

It also links to this doc: "We do not recommend that you turn off telemetry in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center."

Where are you going to move the goalposts, now?

 

[heatlesssun]

You keep refuting, and keep being wrong. Here's the github link to that doc, which states, in part: "To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections."

It also links to this doc: "We do not recommend that you turn off telemetry in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center."

Where are you going to move the goalposts, now?

There it is in black and white, what's hilarious about his response is that he started this thread: https://hardforum.com/threads/windows-10-privacy-tweak-guide-creators-update.1930202/. The stuff in that guide comes straight out of Microsoft documentation. So on one hand he posted a guide that explains how to turn all connections to Microsoft servers and here he's saying it can't be done. So which is it?

 

[Mistral]

Jesus christ can't we lock up this crap already.

 

[naib]

Disabling is a myth

 

[lilbabycat]

Disabling is a myth

And with every possible setting to block connections to MS (except updates) here are a bunch of advertising-related connections.

And on an unrelated note, I deleted Paint 3D and Microsoft silently reinstalled it and added a firewall rule to allow it to connect out.

There it is in black and white

Round 3, Fight!

 

[BulletDust]

There it is in black and white, what's hilarious about his response is that he started this thread: https://hardforum.com/threads/windows-10-privacy-tweak-guide-creators-update.1930202/. The stuff in that guide comes straight out of Microsoft documentation. So on one hand he posted a guide that explains how to turn all connections to Microsoft servers and here he's saying it can't be done. So which is it?

I love the way you think that screwing with three pages of settings in order to even attempt to ensure an OS is secure enough for use in enterprise environments is in any way acceptable or even normal.

And even then, no matter what your horrible sounding job at the bank may imply, Windows EE is still not watertight.

 

[heatlesssun]

I love the way you think that screwing with three pages of settings in order to even attempt to ensure an OS is secure enough for use in enterprise environments is in any way acceptable or even normal.

It's basically the same process for Windows 7. A large enterprise deployment of Windows is a complex thing, especially in a place like a bank. Even if we were running Linux desktops, do you honestly think that we'd just download a Linux distro from the web, slap it on machines in it's default state and would be all there is to it?

 

[Vermillion]

Disabling is a myth

Saw this early this morning. Very interesting. He's running another test now to see if he can duplicate it results. I'll wait till then to truly pass judgement. That said this certainly doesn't look good and there is an MS Principal Program Manager in contact with him via Twitter (@nerdpyle) who has asked him to open up bug reports.

 

[naib]

Saw this early this morning. Very interesting. He's running another test now to see if he can duplicate it results. I'll wait till then to truly pass judgement. That said this certainly doesn't look good and there is an MS Principal Program Manager in contact with him via Twitter (@nerdpyle) who has asked him to open up bug reports.

https://www.theinquirer.net/inquire...dle-with-windows-10-enterprise-group-policies

MICROSOFT HAS RESPONDED to claims that its Windows 10 Enterprise operating system ignores user preferences in Group Policy with the advice that, basically, it does and you shouldn't meddle with it.

On Monday, we revealed that a security researcher had used a packet sniffer to show that many settings designed to prevent access to the internet were being ignored with connections to a range of third party servers including advertising hubs.

so who was it that was saying you can easily disable telemetry?

 

[Vermillion]

https://www.theinquirer.net/inquire...dle-with-windows-10-enterprise-group-policies



so who was it that was saying you can easily disable telemetry?

Wasn't me!

I was quite surprised to see MS response though. Definitely not good.