Windows 10 data mining has been caught

S

sliverjazz

Gawd
Joined
Jun 9, 2004
Messages
747
All text typed on the keyboard is stored in temporary files, and sent (once per 30 mins) to:

oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
reports.wes.df.telemetry.microsoft.com


Telemetry is sent once per 5 minutes, to:

vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net

typing the name of any popular movie into your local file search starts a telemetry process that indexes all media files on your computer and transmits them to:

df.telemetry.microsoft.com
reports.wes.df.telemetry.microsoft.com
cs1.wpc.v0cdn.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com


When a webcam is first enabled, ~35mb of data gets immediately transmitted to:

oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net


Everything that is said into an enabled microphone is immediately transmitted to:

oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.urs.microsoft.com
cs1.wpc.v0cdn.net
statsfe1.ws.microsoft.com


If this weren't bad enough, this behaviour still occurs after Cortana is fully disabled/uninstalled. It's speculated that the purpose of this function to build up a massive voice database, then tie those voices to identities, and eventually be able to identify anyone simply by picking up their voice, whether it be a microphone in a public place or a wiretap on a payphone.

Interestingly, if Cortana is enabled, the voice is first transcribed to text, then the transcription is sent to:

pre.footprintpredict.com
reports.wes.df.telemetry.microsoft.com
df.telemetry.microsoft.com


While the inital reflex may be to block all of the above servers via HOSTS, it turns out this won't work: Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being
 
[Citation needed] please.


sliverjazz said:
... Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. ...
Click to expand...
Can we not just find out these IPs and block them with a firewall?
 
Source please.

I am going to block this all with my router/firewall box once I get confirmation of what I actually need to block.
 
Blocking the following IP list eliminated a good chunk of the bad traffic on my wireshark logs for my last capture. things seem to have slowed down quite a bit now. There is more to this. many of those DNS entries use a schema that could result in there being any number of associated IP's for that particular entry. any blocking we do at the DNS level is only temporary at best.
 
sliverjazz said:
Blocking the following IP list eliminated a good chunk of the bad traffic on my wireshark logs for my last capture. things seem to have slowed down quite a bit now. There is more to this. many of those DNS entries use a schema that could result in there being any number of associated IP's for that particular entry. any blocking we do at the DNS level is only temporary at best.
Click to expand...

Gee, change "Microsoft" to "Russian hackers" and you could be describing the same behavior.
 
Creepy...

"Anon
6 days ago
@Gandalf: Multiple sources have confirmed that all text typed on a keyboard is sent, for "helping MS improve autocorrect" or something."

Sure it is...
 
Last edited:
Most of this bullshit has one thing in common... A complete lack of proof that that they think is getting transmitted is what is getting transmitted.
 
I can't believe people are running this operating system and just have no care in the world!?? This is bullshit, who cares if you have nothing to hide but still windows 10 shouldnt be collecting and transmitting this information anyway! It shouldn't be happening.
 
When I get home I am going to look more into this. But in all honesty except for banking passwords and usernames of the lot all they would get from me is.

aswwdasd wdasd21 dasdwad wd2 adasd qqqqqqqqqqq wdwassdwasdwawdasdwaswdasdwas

b14b42b64b63b61

wadssdw ad dwdwwdwwwwwwwwwwwwwwwwwwwwwwwwwwwwddwdwdddddwdw

Basically me just playing Counter Strike. They can have my buy progressions.
 
i believe disabling telemetry services in windows service manager stops all of this crap?
 
felt said:
It's fine by me, I definitely don't have anything to hide.
Click to expand...

social security number, credit card details, banking details... if this information is being transmitted it can likely be hijacked.
 
EspoNation said:
When I get home I am going to look more into this. But in all honesty except for banking passwords and usernames of the lot all they would get from me is.

aswwdasd wdasd21 dasdwad wd2 adasd qqqqqqqqqqq wdwassdwasdwawdasdwaswdasdwas

b14b42b64b63b61

wadssdw ad dwdwwdwwwwwwwwwwwwwwwwwwwwwwwwwwwwddwdwdddddwdw

Basically me just playing Counter Strike. They can have my buy progressions.
Click to expand...

They should record mouse movement, otherwise they won't know when you 360 noscope some fools.
 
Concentric said:
[Citation needed] please.



Can we not just find out these IPs and block them with a firewall?
Click to expand...

If if so.. why would you [go to the trouble/effort]? It'd be more sensible to not use the product or allow it on your network at all.

I get that there's some hacker joy gained from working around whatever they may be doing, but these accusations are at a different level than say installing Start8 to stick it to them about the start screen. If this stuff is true and it bothers you, it's certainly time to vote with your Install disk and promote an alternative.
 
Last edited:
why not? I like windows 10, I always modify my install and we really don't have enough information yet. Give it some time and see what comes up.
 
While I don't know if it's true or not and to what extent, all the voices saying "I have nothing to hide" don't have intellectual property of any kind. Which is okay.
But would I - for example - code interesting stuff on a workstation with a (potential!) keylogger installed by my competitor?

hint: no
 
michalrz said:
While I don't know if it's true or not and to what extent, all the voices saying "I have nothing to hide" don't have intellectual property of any kind. Which is okay.
But would I - for example - code interesting stuff on a workstation with a (potential!) keylogger installed by my competitor?

hint: no
Click to expand...

Would you be coding on a machine where you chose to opt in to sending tons of data back to Microsoft?
 
Frobozz said:
If if so.. why would you [go to the trouble/effort]? It'd be more sensible to not use the product or allow it on your network at all.

I get that there's some hacker joy gained from working around whatever they may be doing, but these accusations are at a different level than say installing Start8 to stick it to them about the start screen. If this stuff is true and it bothers you, it's certainly time to vote with your Install disk and promote an alternative.
Click to expand...

Certainly you have the choice with your personal devices, yes.
What about at work, where Windows is mandatory? Application compatibility, user familiarity, support, etc all matter. I can't just decide that all users will now switch to Ubuntu - there would be uproar. In a large organisation it would be very difficult to move away from Microsoft products.
 
If the data I'd opt in to send were actual keystrokes - I would not.
If it was my location or enough data to form a unique tuple that re-creates my personal info to the point someone can re-trace my steps - I would also avoid such an environment.

It happens so that when I did code, it was on the target platform which was a LAMP server.

When I make a quick and dirty backup or send a valuable tidbit of info to someone, I do encrypt it (while realising that the quality of encryption can't be determined) with SHA or AES.

Now, if I had something I knew was 'big', work would be done on an intranet with the only outlet being an encrypted portable drive.

Considering things like laser microphones exist, I do doubt and will always doubt my data is secure.
 
Can we actually confirm this stuff is getting sent and the extent of what is being collected? I am "piloting" Windows 10 Pro at home, and this type of stuff really irks me. Some collection is ok, but if it's to this extent, that's unacceptable.
 
Concentric said:
Certainly you have the choice with your personal devices, yes.
What about at work, where Windows is mandatory? Application compatibility, user familiarity, support, etc all matter. I can't just decide that all users will now switch to Ubuntu - there would be uproar. In a large organisation it would be very difficult to move away from Microsoft products.
Click to expand...

This is true. You're only in control of what you're in control of. However, in an organization where these are concerns, there's usually a layer of management over IT to make these decisions. Present all the business facts and let management make the decision.

To some organizations, maybe the alleged privacy infractions are worth accepting when compared to teaching the secretary something considerably different. If not, your org will have until January 14, 2020 (assuming Win7 deployed) to come up with and execute a migration strategy. As always with migration talks, it always comes down to money. Only now you have to consider the value of your data staying private.
 
Just add all those sites to router to block them.
 
Last edited by a moderator:
I'm curious if this is happening due to using express setup when installing? When I have installed, (like 8 times now), I use custom setup for Windows 10, and turn off most, if not all, of those things during setup. It asks things like, "do you want to send MS your keystrokes for better recognition" and shit like that. I don't see any information going to MS like the OP showed.
 
Why adding domain or single IP to hosts file is useless in the most case.
This example is obvious.

You putting these two domain names to host file, when you convert domain to IP have this.


spynet2.microsoft.com > 23.96.212.225
spynetalt.microsoft.com > 191.238.241.80

When you search Whois Lookup you see that users of these addresses
covers a range of:

23.96.0.0/13
191.236.0.0/14

or converted to IP, the range

23.96.0.0 - 23.103.255.255

191.236.0.0 - 191.239.255.255

Host file blocking a single address but thousands of addresses is left open.
This happens with all Microsoft IP addresses.
 
Monkey God said:
Install wireshark and look for yourself.
Click to expand...

I was just going to suggest this. In reality if you said no to all of their "LETS MAKE THINGS EASIER" features in the custom install I can imagine some stuff is still being taken. I will just have to poke around tonight, set a timer and see what happens.

MonarchX said:
Why adding domain or single IP to hosts file is useless in the most case.
This example is obvious.

You putting these two domain names to host file, when you convert domain to IP have this.


spynet2.microsoft.com > 23.96.212.225
spynetalt.microsoft.com > 191.238.241.80

When you search Whois Lookup you see that users of these addresses
covers a range of:

23.96.0.0/13
191.236.0.0/14

or converted to IP, the range

23.96.0.0 - 23.103.255.255

191.236.0.0 - 191.239.255.255

Host file blocking a single address but thousands of addresses is left open.
This happens with all Microsoft IP addresses.
Click to expand...

Those ranges would be huge. The only thing you could do to pcap during a time frame and start blocking those IPs. I would guess that blocking something as large as a /13 and /14 might cut some need services off from MS.
 
I don't want to stir shit, I use various systems and I did put in some dozen hours on Windows 8.1 but laughed it off when I couldn't even move my cursor to the right without some crap poking out from the side (charms bar?) and wiped the drive. Yeah I know it can be disabled.
With that said - if this is true and keylogging is being done, imaging and sound is being sent without explicit permission (normal software usually asks if it can use your camera) then this is just a test run and you're being benchmarked.
It's quite obvious we have people working for the vendor right here in this thread most likely, and it's obvious they know you know. They're just poking at the defences.
All this blocking stuff is honestly - in my opinion - buying land on regularly flooded areas.
I mean - what do we techs do when there's a rootkit? install avast and keep trying to remove it? no, you nuke the kernel and all the bare minimum or scan the drive from a known good system.
Again: IF. If. I haven't used the thing and I don't intend to.
Furthermore: no, you won't be able to simply hold on to Windows 7 and boast how you beat the man. One update and you have the same crap going on in your precious 7.
 
Armenius said:
Looks like it's more FUD based on the Insider Preview, not the RTM version. A person from the Local Ghost source linked his findings in the comments.

http://blog.robseder.com/2015/08/16/whats-the-real-deal-with-windows-10-and-privacy/
Click to expand...

This guy admits he doesn't know wireshark and isn't sure about a lot of his results.

I am starting think though that much of this is a combination of earlier beta builds which had more telemetry for obvious reasons and a little bit of FUD.
 
felt said:
It's fine by me, I definitely don't have anything to hide.
Click to expand...

Neither do I. That's not really the point, though.

I have nothing to hide, but I still close and lock the door when I take a shit.
I have nothing to hide, but I still close the curtains in my room.

People value their privacy and when it's challenged, they will fight back. Even if they have absolutely nothing to hide. Privacy is a personal thing. It gives you a sense of security. When that's breached, you feel vulnerable.
 
Ur_Mom said:
..People value their privacy and when it's challenged, they will fight back. ...
Click to expand...

They don't though, do they? It is common knowledge nowadays that online businesses and the government use your personal data and track you. Some concerned individuals and activists are objecting, but most people aren't really bothered.
 
Ur_Mom said:
People value their privacy and when it's challenged, they will fight back. Even if they have absolutely nothing to hide. Privacy is a personal thing. It gives you a sense of security. When that's breached, you feel vulnerable.
Click to expand...

Used to value privacy... Sad state we are going towards... Newer generations may not even get know what privacy really is at this rate.

Not so long ago there were many fiction books written about the loss of privacy, which people at the time would never, ever, thought could come to pass.

Yet, here we are. Heading right towards a worst case scenario at full speed.
 
Concentric said:
They don't though, do they? It is common knowledge nowadays that online businesses and the government use your personal data and track you. Some concerned individuals and activists are objecting, but most people aren't really bothered.
Click to expand...

Because they tout the benefits of the lost privacy. It's how they can help you. They give you the positives and minimize the negatives.

Myself? I run Windows 10 and share everything (Feedback, telemetry, opt into the Customer Feedback programs, etc.). Phone is wide open. Facebook is open. I have stuff to hide, but I'm not going to post anything online about it, unless I do it in something a bit more private (Linux, VPN, etc..).
 
You must log in or register to reply here.
Back
Top