September 24, 2017 | 10:17 pm
You are here:  / HOWTO / News / Windows 10 / Work In Progress / [HOWTO] Stop Windows 10 From Spying On You – Part 1

[HOWTO] Stop Windows 10 From Spying On You – Part 1

So since Microsoft has released Windows 10 into the wild, there have been a bunch of articles flying around about how Microsoft wants your personal data.  To get this, there are a whole bunch of privacy settings which are turned “on” by default which allow Microsoft to, among many things, collect and store your personal data and use your computer to distribute updates to the faceless masses on the internet.

I have had a copy of Windows 10 running in a virtual machine for a while as part of the Insider program.  Now that I have an RTM version, I decided to run a little test.

First up was to take the Windows 10 install and perform all the privacy precautions I had read about.  Turning off location services, using a local account, turning off using my system as a P2P distribution server, etc.  Then I shut it down.

Thusly using the Windows 10 control panel and settings pages to turn off everything privacy related that I could,  I performed the following actions:

1.  Power it up.
2.  Log on.
3.  Wait for it to stop loading.
4.  Power it off.

While doing so, I was capturing all the traffic going into and out of the virtual network interface.  Some interesting things showed.

During the first run, I simply picked out the DNS queries which were being requested during this process.

Here’s what showed up:

dns.msftncsi.com
ipv6.msftncsi.com
win10.ipv6.microsoft.com
ipv6.msftncsi.com.edgesuite.net
a978.i6g1.akamai.net
win10.ipv6.microsoft.com.nsatc.net
en-us.appex-rf.msn.com
v10.vortex-win.data.microsoft.com
client.wns.windows.com
wildcard.appex-rf.msn.com.edgesuite.net
v10.vortex-win.data.metron.life.com.nsatc.net
wns.notify.windows.com.akadns.net
americas2.notify.windows.com.akadns.net
travel.tile.appex.bing.com
www.bing.com
any.edge.bing.com
fe3.delivery.mp.microsoft.com
fe3.delivery.dsp.mp.microsoft.com.nsatc.net
ssw.live.com
ssw.live.com.nsatc.net
login.live.com
login.live.com.nsatc.net
directory.services.live.com
directory.services.live.com.akadns.net
bl3302.storage.live.com
skyapi.live.net
bl3302geo.storage.dkyprod.akadns.net
skyapi.skyprod.akadns.net
skydrive.wns.windows.com
register.mesh.com
BN1WNS2011508.wns.windows.com

I dutifully added all these entries to the hosts file in the vm which is found under c:\windows\system32\drivers\etc\hosts.  I redirected them all to 0.0.0.0.

Then, I ran (as administrator)

ipconfig /flushdns

Then turned off the vm and started again.  On the second reboot, these additional entries showed up:

settings-win.data.microsoft.com
settings.data.glbdns2.microsoft.com
OneSettings-bn2.metron.live.com.nsatc.net
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net

I added those to the hosts file as well, ran flushdns again, and rebooted.

hosts1

The system seems to boot a bit quicker (no, I did not time this), but zero DNS queries are made while booting until you actually start doing something which requires it, such as, oh I don’t know, opening your browser.

initrd

In Part 2 we focus on distributed security updates and how to stop Microsoft from using your bandwidth to save them money.