First they came for the Socialists, and I did not speak out— Because I was not a Socialist. Then they came for the Trade Unionists, and I did not speak out — Because I was not a Trade Unionist. Then they came for the Jews, and I did not speak out— Because I was not a Jew. Then they came for me—and there was no one left to speak for me.

Support PSK Research & Networks with a donation today!

- Hits to PSK Networks since Sept. 30th, 2004

~Share this page or article on Facebook~

Author Topic: What Windows 10 spying really does.  (Read 676 times)

0 Members and 2 Guests are viewing this topic.

Offline Psk

  • Administrator
  • Hero Member
  • *****
  • Posts: 505
  • Karma: +37/-0
What Windows 10 spying really does.
« on: August 24, 2015, 05:35:23 am »
Windows 10 is more like a terminal than an OS. Because of the extent of the cloud integration, a large portion of the OS is dependent on remote Microsoft servers. The amount of collected information, even with strict privacy settings, is alarming!

All text typed on the keyboard is stored in temporary files, and sent once every 30 minutes to:

oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
reports.wes.df.telemetry.microsoft.com

There is autocorrect in certain text fields, but whether a full keylog is necessary for this (as opposed to just corrections) is questionable. This also appears to still occur even if the user is not signed in to a Microsoft account, eliminating the across devices benefit. Perhaps there is a global autocorrect dictionary that benefits all users, but the privacy implications of an un-disableable "always on" keylogger outweigh these potential benefits. The implications of this are significant: because this is an OS-level keylogger, all the data you're trying to transmit securely is now sitting on some MS server. This includes passwords and encrypted chats. This also includes the on-screen keyboard, so there is no way to authenticate to a website without MS also getting your password.

Telemetry is sent once per 5 minutes, to:

vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net

You might think that "telemetry" has to do with OS usage or similar... turns out it's telemetry about the user. For example, typing a phone number anywhere into the Edge browser transmits it to the servers above.

In another example, typing the name of any popular movie into your local file search starts a telemetry process that indexes all media files on your computer and transmits them to:

df.telemetry.microsoft.com
reports.wes.df.telemetry.microsoft.com
cs1.wpc.v0cdn.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com

It's hard to imagine any purpose for this other than the obvious piracy crackdown possiblities.

When a webcam is first enabled, ~35mb of data gets immediately transmitted to:

oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net

Everything that is said into an enabled microphone is immediately transmitted to:

oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
vortex-sandbox.data.microsoft.com
pre.footprintpredict.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.urs.microsoft.com
cs1.wpc.v0cdn.net
statsfe1.ws.microsoft.com

If this weren't bad enough, this behaviour still occurs after Cortana is disabled or uninstalled. It's speculated that the purpose of this function to build up a massive voice database, then tie those voices to identities, and eventually be able to identify anyone simply by picking up their voice, whether it be a microphone in a public place or a wiretap on a payphone.

Interestingly, if Cortana is enabled, the voice is first transcribed to text, then the transcription is sent to:

pre.footprintpredict.com
reports.wes.df.telemetry.microsoft.com
df.telemetry.microsoft.com

If Windows is left unattended for ~15 mins, a large volume of traffic starts being transmitted to various servers. This may be the raw audio data, rather than just samples.

You'd think you might be able to block all of the above servers via HOSTS, it turns out this won't work. Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being transmitted.


There are no comments for this topic. Do you want to be the first?
 

~ * MIXTAPES * ~
Mixes are about 40 minutes long, but less than 5mb in size. Click to play. Open in a new window or tab, if you want it to play while not leaving your other pages. Right click to "save as" or "save link as" to download.

New!
*W10 Warning* *More on 10*
*Old School*
Chillin' set
Mix 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 25, 26, 27, 28, 29, 30, 31
Electronica
1, 2, 3
Spacey
1, 2, 3
Ambient
1, 2, 3, 4, 5
Dramatic1, Dramatic2
Mysterious
1, 2, 3, 4, 5
Eclectic
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 15, 16, 17, 18
Experimental
*Mix 1*, *Mix 2* *Mix 3* *Mix 4*
Classical
1, 2, 3
Bruce Jenner

Visitor Map ~ Dots indicate who visited PSK networks over the past few months. Blinking dots are visitors currently visiting us.

























For: science, technology, paranormal, UFOs, aliens, computers, windows, astronomy, physics, & pets.