SoylentNews is people
SoylentNews
With the release of Windows 10 there have been serious privacy concerns raised as to what data Windows is sending home to mommy and daddy. Much of this could be called benign data leakage for your average user (location information for a map, search information, etc) but it has been hinted that even disabling these features doesn't prevent data being sent from your computer. This is also true for Android, iOS devices, browsers, browser plugins, and software registration / update tools. Even a vanilla Linux or BSD install may be sending out information you aren't aware of. If you haven't checked, you don't know.
Firing up a packet monitor is fairly easy on the host OS and a decent firewall / gateway can dump all the packets from a local network. Assuming the majority of data you would be concerned about leaking out is encrypted, is there an easy way for an owner to decrypt it to see what is actually being sent out? Are there groups conducting this type of analysis and publishing their results with any level of detail?
(Score: 2) by Hyperturtle on Saturday August 29 2015, @11:04PM
Some of us are short on time, too.
There is more to it than what is suggested as how to do it.
It being "fairly easy" would mean that it's easy to do, but so few have, or at least, few in the mainstream media... sure it is easy but it also is like looking into the matrix if you have never done a packet capture before.
Packet capturing with software running on the windows 10 device itself is not a good idea, and yeah the firewall can do that, but my firewall is doing numerous things--expect everyone's is, so it is best to offload that task elsewhere if possible. Some people also may fear ruining their firewall config if they change something and poof, so I understand the reluctance to do that.
What I want to set up is a monitoring session by forwarding the windows 10 traffic (right before the birthcry--so, start the capture after the upgrade away from windows 7 or 8 is complete, or just as the windows 10 install has started).
That device receiving the traffic has to have a few network cards; one to accept traffic for the monitoring, the other to look up DNS names and for me to manage the situation.
The review will take time, and there is also the matter of how much encrypted traffic there is. It is not quite as easy to strip SSL headers and then place them back so that the traffic is still accepted by the destination. Man in the middle sorts of things would need to be put into place, and now we're talking about another host to do that -- and time to set that up. That is where your hacker guy gets involved :)
My intent (at first) would be to just see where it goes, and focus on the questionable stuff after the initial capture was done.
If possible, I'd use netflow... I need to find a good free version that doesnt expire before I am ready, and doesnt end up expiring on a device I don't want to reformat. I have some network hardware that supports netflow; I don't have software that reads it. For home use, it hasn't been an issue; I just run wireshark wherever. We're looking for specifics, though, so anyone with advice on good netflow software that is inexpensive, let me know and I'll try it out.
It's possible to do all of this inside of a virtual environment, but I am not sure how I can properly monitor the traffic inside a VM environment in quite the same way I can do it physically on network hardware, so that's what I'd try to do at first, or perhaps fill a desktop with nics and at least split out the traffic per vm per nic.
I can also help translate the results of a packet capture if anyone has some for review.
--
One thing I HAVE done is install windows 10 (enterprise and regular) into VMs. Without nics.
It is something to behold -- the OS really is not designed to be offline by design I can't capture from them since there are no nics... so I suggest everyone try it at least once.. but the OS doesn't even seem surprised as much as it is confused... It is seriously unusable, and I do not mean that from a gui perspective.
There is no help built into the OS that could tell me how to play music or change IE settings or set up stuff--if it isn't in the menu already, it isn't in a compiled HTML file hidden away somewhere.
It all goes online--or tries to. You can't even get help to troubleshoot the network connection, because even that is online. Maybe it pulls a copy locally after the first use, but good luck with that if you have no network connection and need help with it.