Stories
Slash Boxes
Comments

SoylentNews is people

Windows 10 Still Phones Home to Microsoft Even When Forbidden

posted by CoolHand on Thursday August 13 2015, @06:22PM   Printer-friendly
from the oh-that-microsoft dept.

MrNemesis, Hairyfeet and Phoenix666 write:

Peter Bright at ArsTechnica reports:

Windows 10 uses the Internet a lot to support many of its features. The operating system also sports numerous knobs to twiddle that are supposed to disable most of these features, and the potentially privacy-compromising connections that go with them.

Unfortunately for privacy advocates, these controls don't appear to be sufficient to completely prevent the operating system from going online and communicating with Microsoft's servers.

For example, even with Cortana and searching the Web from the Start menu disabled, opening Start and typing will send a request to www.bing.com to request a file called threshold.appcache which appears to contain some Cortana information, even though Cortana is disabled. The request for this file appears to contain a random machine ID that persists across reboots.

Hairyfeet's contribution adds the following:

A Czech site went one further and did a traffic analysis on a default Windows 10 install, what did he find? Well it looks like the Win 10 Keylogger in the beta is still running with pretty much every keystroke, voice, and webcam data being sent to Microsoft even with Cortana disabled.

[Ed's Comment: The report about the Czech traffic analysis originally came from a newspaper and some comments doubt the veracity of this source.]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Windows 10 Still Phones Home to Microsoft Even When Forbidden | Log In/Create an Account | Top | 82 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by SDRefugee on Thursday August 13 2015, @08:07PM

    by SDRefugee (4477) on Thursday August 13 2015, @08:07PM (#222487)

    I'm a retired Windows AND Linux admin, and since retiring, I've pretty much moved my home systems completely to Linux (KUbuntu, for those who care), but since I've sort of become the neighborhood "tech support" I figured I ought to at least try out 8.1 and now 10. I installed 8.1 on a spare drive for my laptop and when 10 was released, I downloaded the ISO and proceeded to upgrade to 10. Since the last version of Windows I spent any "quality" time with was XP, and a bit of 7 just before I decided to go to Linux exclusively, I was pretty clueless about these new versions of Windows. Since I've installed 10 on my laptop, I've been using it for the last week or so, and I gotta say it looks pretty nice.. But since I don't care for *my* business to become MS's business, I use a local account, with all of the privacy-destroying crap turned off... so I was led to believe... If these allegations of 10 continuing to "phone home" despite the disabling I did, I sure the FUCK am gonna tell everybody who asks me about 10 to STAY THE HELL AWAY... In any event, I think, just for shits/grins, I may fire up Wireshark and see who *my* machine is talking to *behind my back* ....

    --
    America should be proud of Edward Snowden, the hero, whether they know it or not..
    Starting Score:    1  point
    Moderation   +3  
       Interesting=3, Total=3
    Extra 'Interesting' Modifier   0  
    Total Score:   4  

  • (Score: 1, Interesting) by Anonymous Coward on Friday August 14 2015, @02:16AM

    by Anonymous Coward on Friday August 14 2015, @02:16AM (#222635)

    I hope you know that there are some "special" protocols wireshark will not pick up.

    • (Score: 0) by Anonymous Coward on Friday August 14 2015, @08:43AM

      by Anonymous Coward on Friday August 14 2015, @08:43AM (#222736)

      Such as IP over Avian Carriers?

      Oh, sure if you run Wireshark on the Windows machine, you'll only get to see the traffic that Windows actually presents, but anyone who calls himself an admin knows that if you are looking for malicious traffic (same rules as for root kits), you run Wireshark on the router, not on the machine you suspect of being infected.

      • (Score: 1) by SDRefugee on Friday August 14 2015, @12:12PM

        by SDRefugee (4477) on Friday August 14 2015, @12:12PM (#222788)

        Some of us don't just call ourselves admins, we *are* admins, which is why we have rpcapd running on our routers... :)

        --
        America should be proud of Edward Snowden, the hero, whether they know it or not..

  • (Score: 2, Insightful) by FlyingSock on Friday August 14 2015, @07:45AM

    by FlyingSock (4339) on Friday August 14 2015, @07:45AM (#222723)

    Please do, and please report back.

  • (Score: 2) by MrNemesis on Friday August 14 2015, @08:46AM

    by MrNemesis (1582) on Friday August 14 2015, @08:46AM (#222737)

    I've only got a W10 image in VMware workstation at present, installed it purely to check out the UI (in a nutshell - classic shell or equivalent mandatory IMHO), didn't like it, it remains powered off. Never plugged in the NIC but I'd be wary of using a windows machine to capture a windows machine.

    As per the AC comment above, does anyone have a source for wireshark/pcap not capturing some things?

    As to getting a reliable capture I imagine one would need to set up some tin on a segregated VLAN and use port mirroring or similar to forward to an IDS (is Snort still the go-to for linux?) or tcdump'ed at the router although I'm not sure how to MITM the SSL gubbins at that point.

    --
    "To paraphrase Nietzsche, I have looked into the abyss and been sick in it."