http://www.reddit.com/r/Windows10/comments/3gm1e3/what_windows_10_is_actually_monitoring_regardless/ What Windows 10 is actually monitoring (regardless of privacy settings) : Windows10
I've seen theres a lot of speculation on whether the observed network connections from Windows 10 with privacy options on are actually spying or not, and figured some actual evidence would be in order. Anyone can recreate this for themselves: 1. Fresh install of Windows 10. 2. Set all privacy options to off, disable cortana, disable web search 3. Ensure all updates are done. Close all programs. 4. Install Fiddler, and enable HTTPS sniffing. (If you use wireshark, you wont be able to view the HTTPS) 5. Press stream in fiddler. 6. Click the windows search bar, type any letter, watch the HTTPS session to bing.com appear. I’m still trying to figure out exactly what it is that it is transmitting, but its for sure sending a user-agent string that identifies itself as Cortana. Some observed behaviors: - Clicking on a link from an application (in this case, a download link from within Fiddler) submits the URL you are visiting to urs.microsoft.com. - Opening applications-- even with SmartScreen disabled-- opens sessions to apprep.smartscreen.microsoft.com and, among other things, submits the hash of the application. EDIT: Apparently you must also disable smartscreen in edge. Even so, it will initiate a connection to w.apprep.smartscreen.microsoft.com - Typing anything into the search bar will, regardless of settings, initiate an HTTPS session to www.bing.com. It will transmit a cookie, though so far I have not seen anything in there that looks like keystroke monitoring, as the only thing that appears to change between attempts is an HV section of the cookie. It appears to be downloading javascript, and submitting identifying data (screen resolution, install date, SID). The URL it uses is https://www.bing.com/manifest/threshold.appcache - Opening the settings app and going into account options sometimes opens a session to public-family.api.account.microsoft.com:443. I suppose this would be expected. Id be interested if anyone else can find other "unexpected" network behavior, but figured this would be a good start. It confirms some things that were perhaps expected and some that were not. It should be noted that these behaviors were seen even after running a few of the other "disable telemetry service" tools out there. EDIT: Link to Fiddler <http://www.telerik.com/download/fiddler>. Make sure you enable HTTPS sniffing and go into WinConfig and exempt all apps. EDIT 2: Yes, I am using an MS account at the moment-- but Cortana is marked as disabled (via local policy) and web search is off. Im also hearing from others who have tested that the behavior exists regardless of account type. EDIT 3: As someone has pointed out: If you replicate this on a production machine, *MAKE SURE YOU REMOVE THE FIDDLER ROOT CERT*. After setting fiddler up you are quite vulnerable to a MITM until you remove that certificate under fiddler options. __._,_.___ ------------------------------ Posted by: "Beowulf" <[email protected]> ------------------------------ Visit Your Group <https://groups.yahoo.com/neo/groups/grendelreport/info;_ylc=X3oDMTJmamR0MGt0BF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0MzkzOTM2MDQ-> - New Members <https://groups.yahoo.com/neo/groups/grendelreport/members/all;_ylc=X3oDMTJnN283dW5qBF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2bWJycwRzdGltZQMxNDM5MzkzNjA0> 1 [image: Yahoo! Groups] <https://groups.yahoo.com/neo;_ylc=X3oDMTJlc28wZ2xlBF9TAzk3NDc2NTkwBGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQzOTM5MzYwNA--> • Privacy <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> • Unsubscribe <[email protected]?subject=Unsubscribe> • Terms of Use <https://info.yahoo.com/legal/us/yahoo/utos/terms/> __,_._,___ -- -- Thanks for being part of "PoliticalForum" at Google Groups. For options & help see http://groups.google.com/group/PoliticalForum * Visit our other community at http://www.PoliticalForum.com/ * It's active and moderated. Register and vote in our polls. * Read the latest breaking news, and more. --- You received this message because you are subscribed to the Google Groups "PoliticalForum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
