http://www.reddit.com/r/Windows10/comments/3gm1e3/what_windows_10_is_actually_monitoring_regardless/
What Windows 10 is actually monitoring (regardless of privacy settings) :
Windows10

I've seen theres a lot of speculation on whether the observed network
connections from Windows 10 with privacy options on are actually spying or
not, and figured some actual evidence would be in order.

Anyone can recreate this for themselves:

1.      Fresh install of Windows 10.

2.      Set all privacy options to off, disable cortana, disable web search

3.      Ensure all updates are done. Close all programs.

4.      Install Fiddler, and enable HTTPS sniffing. (If you use wireshark,
you wont be able to view the HTTPS)

5.      Press stream in fiddler.

6.      Click the windows search bar, type any letter, watch the HTTPS
session to bing.com appear.

I’m still trying to figure out exactly what it is that it is transmitting,
but its for sure sending a user-agent string that identifies itself as
Cortana.

Some observed behaviors:

   - Clicking on a link from an application (in this case, a download link
   from within Fiddler) submits the URL you are visiting to
   urs.microsoft.com.
   - Opening applications-- even with SmartScreen disabled-- opens sessions
   to apprep.smartscreen.microsoft.com and, among other things, submits the
   hash of the application. EDIT: Apparently you must also disable
   smartscreen in edge. Even so, it will initiate a connection to
   w.apprep.smartscreen.microsoft.com
   - Typing anything into the search bar will, regardless of settings,
   initiate an HTTPS session to www.bing.com. It will transmit a cookie,
   though so far I have not seen anything in there that looks like keystroke
   monitoring, as the only thing that appears to change between attempts is an
   HV section of the cookie. It appears to be downloading javascript, and
   submitting identifying data (screen resolution, install date, SID). The URL
   it uses is https://www.bing.com/manifest/threshold.appcache
   - Opening the settings app and going into account options sometimes
   opens a session to public-family.api.account.microsoft.com:443. I
   suppose this would be expected.

Id be interested if anyone else can find other "unexpected" network
behavior, but figured this would be a good start. It confirms some things
that were perhaps expected and some that were not. It should be noted that
these behaviors were seen even after running a few of the other "disable
telemetry service" tools out there.

EDIT: Link to Fiddler <http://www.telerik.com/download/fiddler>. Make sure
you enable HTTPS sniffing and go into WinConfig and exempt all apps.

EDIT 2: Yes, I am using an MS account at the moment-- but Cortana is marked
as disabled (via local policy) and web search is off. Im also hearing from
others who have tested that the behavior exists regardless of account type.

EDIT 3: As someone has pointed out: If you replicate this on a production
machine, *MAKE SURE YOU REMOVE THE FIDDLER ROOT CERT*. After setting
fiddler up you are quite vulnerable to a MITM until you remove that
certificate under fiddler options.





__._,_.___
------------------------------
Posted by: "Beowulf" <[email protected]>
------------------------------


Visit Your Group
<https://groups.yahoo.com/neo/groups/grendelreport/info;_ylc=X3oDMTJmamR0MGt0BF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0MzkzOTM2MDQ->

   - New Members
   
<https://groups.yahoo.com/neo/groups/grendelreport/members/all;_ylc=X3oDMTJnN283dW5qBF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2bWJycwRzdGltZQMxNDM5MzkzNjA0>
   1

[image: Yahoo! Groups]
<https://groups.yahoo.com/neo;_ylc=X3oDMTJlc28wZ2xlBF9TAzk3NDc2NTkwBGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQzOTM5MzYwNA-->
• Privacy <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> •
Unsubscribe <[email protected]?subject=Unsubscribe>
• Terms of Use <https://info.yahoo.com/legal/us/yahoo/utos/terms/>

__,_._,___

-- 
-- 
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum

* Visit our other community at http://www.PoliticalForum.com/  
* It's active and moderated. Register and vote in our polls. 
* Read the latest breaking news, and more.

--- 
You received this message because you are subscribed to the Google Groups 
"PoliticalForum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to