Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • The complexity of controlling Windows telemetry

    Posted on May 18th, 2017 at 10:13 woody Comment on the AskWoody Lounge

    Noel Carboni has a great post that I wanted to bring up here onto the main page. It’s in response to the question of what to recommend for Win7 and 8.1 users, in this age of Malware as a Service, but it’s generally applicable to all Windows customers:

    ***********

    I’ll wager I know what communications a desktop system does online as well as anyone, as understanding and controlling such communications is a passion of mine. A career in data communications and software engineering tends to do that to you.

    Thing is, there’s not just one “telemetry” communications stream. What Windows does online is much, much more complex than that! Insanely more complicated.

    Presuming you want to do at least SOME things online with your system you actually DON’T want to block all the comms – there are some very necessary sites that MUST be contacted by a typical system regularly, e.g., for the purposes of certificate verification, time sync, license management…

    That’s not to say Windows can’t be made very private. I myself maintain Windows 7, 8.1, and 10 systems that don’t spill the beans online. But it’s no small, simple, turnkey task. Windows is a complex beast, and it takes some geek chops to do it along with ongoing effort.

    As an example, here’s a list of all the sites my Windows 10 test system at LAN address 192.168.2.26, allowed to sit idle all day, contacted. I ran the command (on my Win 8.1 workstation) to search my DNS log at near midnight last night. You can see that the only communication initiated in the 24 hour period was to get the time from the National Institute of Standards and Technology via a task I have scheduled (I have disabled the out-of-box Windows time service).

    ScreenGrab_NoelC4_2017_05_18_000041

    Most folks, however, wouldn’t find my Windows 10 system, above, acceptable. Why? Because I have shunned all the Apps and cloud-integration entirely. But it DOES illustrate that the beast can be controlled, and my techniques are applicable to purely desktop-oriented Windows 7 and 8.1 systems also.

    What have I found that it takes to accomplish this reduction/elimination of Microsoft-initiated online communications?

    • Reconfiguration of all provided settings to their most private choices.
    • Being willing to do without (or reduced function from) some services Windows seeks to provide.
    • Configuration through the local Group Policy editor a number of settings.
    • Configuration through the registry of a number of settings that have no UI.
    • Disabling of scheduled tasks involved with telemetry and online comms.
    • Disabling of services involved with telemetry and online comms.
    • Adding entries to the hosts file to blacklist some sites.
    • Watching vigilantly for any of these things to be reverted by updates.
    • Outfitting with extra software to monitor and police communication attempts.

    The list above may seem daunting, but we haven’t even gotten to the part where the devil is in the details. The lists of how to accomplish the above things are long and complex.

    Ideally I imagine people want a fully private system that still allows them to do everything they want. That’s not gonna happen. You have to be willing to compromise.

    What does one have to consider doing without?

    • Apps. The very nature of Apps is that they’re web-integrated and they require an infrastructure to keep them functional. If you want to run Apps, stop reading now.
    • Cortana. A personal digital assistant COULD work entirely from local data, but Cortana doesn’t. If you want a personal digital assistant that talks to you, stop here.
    • Cloud-integration, such as OneDrive, except for user-initiated operations e.g., in a browser. The good news is that you can use a OneDrive server to store/retrieve files through a browser without ANY of the system-level integration
    • Automatic updates. You have to be willing to install them yourself from the catalog if you want a truly subservient system.
    • Some security features such as the “Smartscreen Filter”. But you can’t rely on luck; you need a GOOD alternate plan to stay safe online.
    • Suggestions that pop up while you type. Your keystrokes are sent to Bing or Google or whatever search engine to make that happen.
    • Generally speaking, subscription and high-end commercial software communicates regularly online to do things like verify its licensing. Either you need to allow this or choose software that doesn’t do that.
    • Some software seeks to be cloud-integrated (late versions of Office, for example). You have to avoid this software or specific features within it, and be able to differentiate wanted comms from unwanted comms. That’s no small feat!
    • Online backups. Uh, no, get one or more external USB drives and make your own local backups, where you maintain full control of your data.

    This has gotten long already, yet I’m sure there are things I’ve missed and I haven’t even begun to get into the list of actual technical things to do to get to a secure, private system that doesn’t try overmuch to send your data abroad. It’s a challenging task even for a career software engineer. It’s not going to be feasible at all to provide a “have your cake and eat it too, set it and forget it” solution for an average user.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums The complexity of controlling Windows telemetry

    This topic contains 40 replies, has 16 voices, and was last updated by  Kirsty 4 months ago.

    • Author
      Posts
    • #116157 Reply

      woody
      Da Boss

      Noel Carboni has a great post that I wanted to bring up here onto the main page. It’s in response to the question of what to recommend for Win7 and 8.
      [See the full post at: The complexity of controlling Windows telemetry]

      1 user thanked author for this post.
    • #116170 Reply

      MrBrian
      AskWoody MVP

      That’s an excellent post but please note that some of what Noel describes is technically not telemetry. From Configure Windows telemetry in your organization:

      “Telemetry can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not telemetry. For example, exchanging a user’s location for local weather or news is not an example of telemetry—it is functional data that the app or service requires to satisfy the user’s request.”

      And here is an important point: functional data, although not considered telemetry, can potentially have privacy implications. I’d advise the interested reader to browse the relevant links in topic Links: Microsoft privacy statements and Windows network connections to Microsoft to get an idea of the network connections that potentially can be made to Microsoft.

      One last point: there are also potential privacy implications of network connections to non-Microsoft endpoints. A major example is the data broker industry.

      4 users thanked author for this post.
      • #116252 Reply

        Noel Carboni
        AskWoody MVP

        Thanks for your compliment. Yes, indeed, it’s technically not telemetry – but I think most folks really imagine a fully private system that not only doesn’t send in what Microsoft calls telemetry, but also doesn’t spill your beans to web sites that seek to track you, doesn’t send your files to sharing servers automatically, doesn’t notify sites what executables are scanned by your antivirus software, doesn’t send your keystrokes and voice recordings to servers, etc. The overall problem is greater than Microsoft telemetry alone and all needs to be considered together.

        In short, communications should ideally ONLY be those initiated by you or the things you run or you’ve scheduled to run, and only those needed to get the task you’re trying to accomplish done.

        We all know that in today’s age of monstrously fast networking WAY more than you want could actually be sent without your even knowing it. And in fact that’s actually happening all the time. My configuration setup blocks several web accesses just browsing this page alone.

        -Noel

        5 users thanked author for this post.
        • #116417 Reply

          anonymous

          Good job NoelC. It’d be nice if nlite had the ability to strip away or install a small appliance acting as a private server as a loopback for some of the “telemetry” sources. If only msfn were as active as it used to be.

          1 user thanked author for this post.
    • #116173 Reply

      anonymous

      Hello –

      Suppose I’m a regular “end -user” who wants to run Windows 10 Enterprise on a stand-alone desktop. Assuming I set 10 Enterprise’s privacy-related settings to maximum, to what extent would my privacy considerations differ from the overview provided here?

      My sincere thanks for the terrific insights!

      Best regards,

      Brian

      2 users thanked author for this post.
      • #116177 Reply

        MrBrian
        AskWoody MVP

        To get an idea of what is involved, even though you are not a business user, see HIPAA compliance using Win10 Enterprise.

        1 user thanked author for this post.
      • #116261 Reply

        Noel Carboni
        AskWoody MVP

        My system is Win 10 Pro, by the way.

        You’d be a good bit of the way there by throwing the telemetry settings to their most private positions, but there would still be some things you could relatively easily do to take the quieting down a bit further…

        To give a hint, here are lists of the processes, services, scheduled tasks, etc. gathered from my tweaked Win 10 system. I do NOT suggest just blindly disabling the same ones I have or you’ll most likely break your system, but consider this an example, and keep in mind that things like sending telemetry don’t happen in an operating system by themselves. They happen because of scheduled tasks or services running…

        http://Noel.ProDigitalSoftware.com/ForumPosts/Win10/15063/SystemInfo_2017_05_17_16_00_00.log

        -Noel

        2 users thanked author for this post.
    • #116188 Reply

      wrangler
      AskWoody Lounger

      I’d like to do what Noel’s doing with Win 10, or its successor, by the time MS forces me to move from Win 7 Ultimate, Group B. I’m willing to go with Enterprise if that’s what it takes.

      I don’t mind working with the Registry, Group Policy, Task Scheduler, etc., but I don’t have the time or inclination to become a software engineer, in order to do this. Like many others, I’m also wedded to Windows for business software that requires it.

      2 users thanked author for this post.
      • #116358 Reply

        John in Mtl
        AskWoody Lounger

        Enterprise really is the best bet, but you need to get access to that version, which is not necessarily easy; like, you can’t just go somewhere and buy it.

        I sincerely hope this will change in the future, one where Microsoft will sell a single Ent version license to anyone willing to fork over X-hundred-$.  Maybe large OEM’s with “business center” stores can handle this.

    • #116184 Reply

      anonymous

      “What does one have to consider doing without? …”

      I’m already doing without everything on that list and I don’t consider myself all that extreme. The only program that I allow online is my web browser. If a program requires “cloud integration” I’m simply not going to use it (there are “alternative” ways of using those programs completely offline, if I really had to).

      I don’t want people to rationalize Windows telemetry by claiming that “everything you use has telemetry anyway”, because (1) that’s not true and (2) as long as firewalls and other methods exist you still have some control.

      5 users thanked author for this post.
      • #116253 Reply

        Noel Carboni
        AskWoody MVP

        I don’t want people to rationalize Windows telemetry by claiming that “everything you use has telemetry anyway”, because (1) that’s not true and (2) as long as firewalls and other methods exist you still have some control.

        That’s a good point, but it’s not hard to imagine a program that just won’t run if it’s not allowed to send information about you in.

        As a VERY simple example, imagine a “Weather App” that sends in your location in order to tell you what the weather’s like around you (yes, I admit it’s a bit of a silly idea, though certainly being able to call up forecasts is nice).

        Now imagine that you’d rather not have your “Weather App” notify Microsoft or Google or TheWeatherChannel or whomever where you are all the time, but you’d still like the weather forecast.

        In the “good ol’ days” of course we just entered our town or zip code but now that “Weather App” just won’t work without it being able to gather a little bit of intel about you.

        It may be a case in the long run where “resistance is futile”, but for now, I still choose to browse the web to e.g., Weather.com and enter my town or zip code. 🙂

        -Noel

        1 user thanked author for this post.
        • #117687 Reply

          anonymous

          Sounds like we need a “XPrivacy” for Windows 10.  XPrivacy is a intermediary between Android Apps and the info they require.  For example I can tell my weather app my zip code and a fake GPS longitude and latitude that matches the zip code if that is what it needs to work.  Other examples would be an app that needs my phone number for some reason, I can tell it it is “000-000-0000” in XPrivacy and the App is none the wiser.   Device ID, IMEI, Accounts, etc all can be faked.  Access to “contacts” without actuality giving access to my real contacts, done!  Some Apps want strange permissions like a banking app wanting my browsing history… um, why?  So, I restrict that and as far as the App knows I’ve only been to google.com.

          A bonus of a program like that would be to completely screw up Microsoft’s telemetry collection with fake data.

           

          1 user thanked author for this post.
    • #116187 Reply

      MrToad28
      AskWoody Lounger

      I’ve used Spybot Anti-beacon which blocks pathways, is customizable and hasn’t caused any problems since I installed it on 9 win 7 PC’s 10/2016. After a patch I refresh it incase one of doors it closed has been reopened by the patch. It uses no resources as it just closes the doors and shuts down. Repeated scans have shown no spyware..indeed spybot has a good reputation as a vendor of anti-spyware.

      Can I be sure Microsoft isn’t still able to monitor my not terribly interesting activities? Nope. But it’s a lot less likely and there’s no downside..it’s free.

      I have no affiliation with spybot.

      2 users thanked author for this post.
    • #116198 Reply

      grayslady
      AskWoody Lounger

      Thanks for the rundown, Noel. (And thanks, Woody, for publishing this.) Oddly enough, without a fraction of your technical know-how, I’ve set up my computer in much the same way. Most of it strikes me as common sense, such as staying away from “the cloud” and “apps”, as well as not believing that all MS updates or settings are going to make your computer run safer or better.

      You’re probably correct about the auto-complete function in the search boxes, but, occasionally, the suggestions can be humorous or instructive. When a friend had surgery not long ago, he discovered that he’d been painted with something that he and I referred to as “orange stuff.” There was nothing in the hospital release notes that indicated what this substance was or what to do about it. So I started typing in “what is the orange stuff” when the auto-complete finished the top query “they put on me in the hospital.” Turns out that the “orange stuff” is an anti-bacterial preparation applied prior to surgery; but we found it amusing that, to a person, everyone searching for the answer referred to it as “orange stuff.” Also, not a single patient had been told what it was or how to remove it  (removing it isn’t easy, either).

      3 users thanked author for this post.
    • #116196 Reply

      anonymous

      This is from a FreeBSD I use as a desktop and firewall for a small home network.  You don’t need a ton of things open.  Start with a default deny, then I opened the following ports outbound:

      UDP: domain, ntp, https, imaps

      TCP: domain, http, https, imaps, pop3s, smtps

      Windows 7 machine had no issues doing everything it normally needed.  FTP may require a little bit of fiddling.  The problem is by default Windows is a “default allow outbound”, I think is statefull, inbound I’m not sure.   But for a desktop, start with default deny in and out, statefull and turn things on as you need them.

       

      Now the biggest issue is just because an outbound packet says is https, doesn’t mean the contents is actually https.

       

      1 user thanked author for this post.
    • #116204 Reply

      Dave
      AskWoody Lounger

      Noel: That is awesome. I have great respect for your attention to detail. If only Windows could have been built that way in the first place! I got a buzz from disabling the telemetry on 7 at first but found it disturbing when an update would turn it on again…as if sticking it’s tongue out at me. Maybe I gave up too easily. I finally just let Windows 10 do what it wanted. I became passive, numb to the abuse, willing to be kept waiting for an hour while it completed an update. When did this helpful servant become my master? I feel a bit guilty…but I have a new operating system that treats me with such kindness. I am feeling like an equal in the relationship now. There is no unpleasant drama, no sense of betrayal, no high maintenance. It just works. No, not the expensive because she thinks she’s worth it system. Debian Linux cost me nothing but a few gigs of hard drive space and gives me so much reliability, privacy, updates done in a matter of seconds, we’ve been together nearly two years, I am still goofy in love. Maybe if I had put as much work into Windows as I just did writing bad romantic comedy. Many others can find this happiness when they realize they have received an invitation.

      2 users thanked author for this post.
    • #116221 Reply

      David F
      AskWoody Lounger

      Thank you Noel, that was really useful.

      Personally I just want an O/S that is stable and works, I do not want cloud, apps or any other service just an O/S nothing more nothing less.

      I have a couple of spare laptops I have been using Linux on for a while now to get used to it in readiness for when win7 deprecates, but if win10 can be secured (and kept secured) as you’re highlighting then perhaps it may be viable.

      1 user thanked author for this post.
    • #116223 Reply

      Sessh
      AskWoody Lounger

      Awesome as always, Noel. I have taken some steps towards this end, but am nowhere near as experienced as you are. I’ve edited group policy a little, task scheduler a little, disabled numerous services, use a firewall that has served me well for years and I have MalwareBytes and I still use Avast because it has prevented the loading of suspicious sites on occasion and uses no CPU. Usually, uBlock or ABP will catch something like that, but still nice to have the extra layer. I don’t use email a whole lot and never open anything unless I know what it is.

      I would be interested in hearing more from you on this topic especially regarding registry (no UI) edits which I can do, but don’t know enough to just go fiddling with things randomly in there and maybe some group policy tips. I always love to learn more about this stuff even though my time with Windows is likely coming to an end if it is at all possible. Thanks again, Noel. Always love reading your posts.

      1 user thanked author for this post.
    • #116225 Reply

      anonymous

      Many years ago my Wife and I sat down for a seafood dinner.  We were supposed to have received fillets but my meal was full of bones.  After a short time I pushed the plate aside.  When my Wife asked why I stopped eating I told her that my preference is to enjoy my meal, not wrestle with it.  And I feel the same way about using my computers. Even though I do work with software and am perfectly comfortable with MSDN and Technet the Herculean efforts required to maintain a modicum of privacy with Win 10 convinced me to adopt Linux.

      2 users thanked author for this post.
      • #116430 Reply

        anonymous

        I’m in the process of doing this exact thing right now. I’ve spent a lot of time learning Linux and I’m in the process in porting my personal software to Linux. Linux has come along way in the last few years and it is no longer the complex thing with no applications or poor man clones of software it used to be.

        I figure if Windows is still terrible by the time 8.1 EOLs, that is where I’ll probably be going.

        It’s not about MS spying or anything, I know everything is doing that these days. I just want a workable system, which MS is unable to provide with Windows 10.

    • #116238 Reply

      Noel Carboni
      AskWoody MVP

      Thanks for all the nice feedback folks. It was just a forum post; I didn’t imagine Woody would promote it to a blog featurette. 🙂

      Regarding wrestling with computers vs. just using them…

      Surprisingly, in the groove I’m in I don’t find I’m fooling with my systems very much in an ongoing way. To co-opt a phrase, they “just work“. Most of my tweaks aim for “set it and forget it” simplicity.

      As an example, I bought a new nVidia graphics card and put it in a couple of weeks ago, which required a power-down. The install went smoothly and since powering it back up my Win 8.1 workstation has “just worked” 24/7. Note the up time…

      ScreenGrab_NoelC4_2017_05_18_154538

      For those who want to see a hint at what I have done to Windows 10 to get it into a docile, unobtrusive state, Microsoft’s frequent releases have seen to it that I have to build many of the tweaks into a “re-tweaker script” that can be found here. Note: There’s some deep geek stuff in there, and it can break your system if your goals are not identical to mine. It’s not tested except for the case where every question is answered “Y” (i.e., my way). I developed it primarily so I could re-tweak my own Windows 10 setups after in-place upgrades. I suggest looking at the commands within to get an idea of what I do. Unfortunately it’s not complete. It may never be complete.

      Lastly, I want to mention something I didn’t say before: It’s important, if you want to understand what your computer is doing on the net, to have good ways to see what sites it’s contacting. In my case I have a 3rd party firewall package (Sphinx) and an open source DNS proxy (Dual DHCP DNS Server) that give me good readouts of what programs are making what attempts to talk to what servers. One of my favorite things to watch is a window that shows me what DNS resolutions are being done in real time. It’s a “tail -f” in a command window (using an old tail.exe tool I picked somewhere a very long time ago):

      ScreenGrab_NoelC4_2017_05_18_155307

      You’ll note my DNS proxy integrates a “bad site blacklisting” subsystem I’ve developed (look for the — blacklisted by DNS proxy — entries in the above screen grab). What you see is just some of the stuff that goes by when doing web browsing.

      Most of the time the system doesn’t butt heads with my firewall, which I have set up as “deny-by-default” – i.e., only sanctioned, pre-approved communications are allowed. But if it tries to do some kind of new or unanticipated communications, they’re blocked (and I’m notified). This screen grab shows an example where an application (“Bowpad”) has been granted specific permission to check for updates to itself. Note that it also does a couple of security certificate checks in addition to querying svn.code.sf.net:

      ScreenGrab_NoelC4_2017_05_18_160253

      Note especially that all these tools are name-based. It becomes an impossible task to know what’s going on with communications if one tries to use IP addresses. Note that any given server name (e.g., http://www.microsoft.com) could resolve to a whole slew of IP addresses. That’s the modern internet for you. Did I mention that all this networking was complex stuff? 🙂

      ScreenGrab_NoelC4_2017_05_18_160734

      -Noel

      Attachments:
      You must be logged in to view attached files.
      7 users thanked author for this post.
      • #116326 Reply

        fp
        AskWoody Lounger

        Noel,

        You may have reached a “forget it” stage, but only with a lot of technical knowledge, time and effort in the “set up” stage. Even we had the latter two — which we don’t — we don’t have the former. Learning and configuring several tools these ways to work jointly is not for even the moderately knowledgeable average user. And I am not clear as to how much protection that

        The lesson I am taking from this is that I will do anything I know and can to protect myself, but the problem is a systemic one that can be resolved only collectively and not via individual configuration of computers. I won’t hold my breath.

        1 user thanked author for this post.
    • #116330 Reply

      lurks about
      AskWoody Lounger

      Thanks Noel and Woody. It’s not that one can not secure fairly well W10, it’s that it takes more skill than most have to do. That’s one of my major complaints; the lack of an easy method to turn off telemetry. I am not sure I can properly do what you did and I am reasonably astute technically.

      1 user thanked author for this post.
      • #116356 Reply

        John in Mtl
        AskWoody Lounger

        So, are 3-rd party products like “O&O ShutUp” not living up to their specs about being able to shut down lots of comms to MS servers & MS data brokers?

        1 user thanked author for this post.
        • #116378 Reply

          Noel Carboni
          AskWoody MVP

          O&O is a good tool to have in the arsenal, but it’s not going to do it all on its own. As I mentioned, not every unwanted communication is telemetry.

          -Noel

          2 users thanked author for this post.
          • #116489 Reply

            John in Mtl
            AskWoody Lounger

            Thanks Noel, I mentioned O&O for the “non techies” that frequent Woodys’ blog as they might have been relying only this to tame their windows 10 boxes.

            1 user thanked author for this post.
    • #116364 Reply

      anonymous

      How nice and user-friendly it would be if Win 7/8.1 users have a button to switch off ALL unnecessary Telemetry & Data collection by MS.

      Noel’s method is only for techies who comprise of about 5% of computer users.

      P S – Additional Telemetry/Snooping updates for Win 7/8.1 were introduced by MS soon after the launch of Telemetrized/Snooped Win 10 in July 2015.

    • #116420 Reply

      anonymous

      Noel: What’s your opinion for using PiHole to block telemetry with Windows 10?

      • #116655 Reply

        Noel Carboni
        AskWoody MVP

        I’ve read about that little device, and it looks like a pretty good approach. I haven’t tested it myself.

        Anything that can allow you to gather up the information from the many wonderful folks online who publish lists of bad web sites and use it to your advantage would be good.

        It’s implied here that setting up an environment that allows you to block communications with bad sites gives you control over what you consider “bad”. It’s a bit complicated to figure out what sites to allow and what to block, but if you think Microsoft telemetry is “bad”, sites such as vortex.data.microsoft.com could go on your blacklist. A blacklisting setup that allows wildcarding could be set to block things like…

        vortex*=0.0.0.0
        *vortex.data.microsoft.com=0.0.0.0
        *vortex-win.data.microsoft.com=0.0.0.0
        *settings-win.data.microsoft.com=0.0.0.0
        *vo.msecnd.net=0.0.0.0
        *telemetry*microsoft*=0.0.0.0
        a-*.a-msedge.net=0.0.0.0
        *smartscreen*microsoft*=0.0.0.0
        statsfe*microsoft*=0.0.0.0
        

        Does the pi-hole allow wildcarded specifications?

        -Noel

    • #116427 Reply

      anonymous

      I see you like having File Explorer without all the bloat (ie: no Music, Downloads etc folder).

      Noel: I have found that after getting File Explorer exactly the way I like it without any of the bloat that I randomly get this blue “Quick Access” shortcut on the desktop and I get a “Quick Access” folder type entry in the File Explorer view. If I hit refresh (F5) then they both go away.

       

      Do you experience this with your customised File Explorer?

      1 user thanked author for this post.
      • #116510 Reply

        wrangler
        AskWoody Lounger

        I’ll have to read a little when I get the time, to see how to get rid of those annoying folders. I never understood why that junk popped up with no obvious way to get rid of it, since a lot of us use machines just for business.

        That Games Explorer thing is annoying, too.

      • #116589 Reply

        Noel Carboni
        AskWoody MVP

        Quick Access is the one and only abstraction that I haven’t found a good way to get rid of in Explorer’s Navigation pane. But I don’t see it on the desktop or anywhere else.

        As a personal preference I set myself up with desktop shortcuts that open File Explorer to the root folder of various drives. The command to open an Explorer window to the root of drive C: is:

        C:\Windows\explorer.exe /expand,C:\
        

        Here’s what I see when I use that shortcut. Note that “Quick Access” and “This PC” are scrolled off the top in the navigation pane.

        ScreenGrab_W10VM_2017_05_20_115109

        -Noel

        Attachments:
        You must be logged in to view attached files.
    • #116501 Reply

      anonymous

      It’s one thing to leave a computer on for 24 hours. It’s another things when using it or using it for weeks at a time.

      What kind of information is sent during startup and shutdown? What information is sent if a program crashes? If Windows crashes? If I work for a Microsoft competitor, what should I know about Windows telemetry? For example, if I have a program with a document opened called Microsoft_Hostile_Takeover_Plan.txt crash, what will Microsoft know?

      Are things different for Win7,8,10?

      • #116659 Reply

        Noel Carboni
        AskWoody MVP

        What kind of information is sent during startup and shutdown?

        None at all in my case. I can easily monitor my network traffic externally and during bootup/shutdown. I can boot up my “golden” Win 10 setup and observe no DNS names resolved at all. In a typical configuration there is some NCSI (Network Connection Status Indication) traffic but I’ve disabled that. An even if it did ask, my network gear is set up to answer directly, without any packets getting out to Microsoft or DNS servers.

        I don’t stop when I block communications. I also figure out how to stop it from trying. I’m here to tell you it IS possible.

        What information is sent if a program crashes? If Windows crashes?

        I don’t know about most folks, but I turn off the stuff that seeks to send crash reports to Microsoft. There are registry keys (e.g., “HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsWindows Error Reporting”) that can be tweaked and services (WerSvc) that can be disabled. It’s not magic.

        There would be those who say that by not allowing telemetry I’m not providing Microsoft the information it would take to keep Windows or applications from crashing the way I in particular use them. To that I would respond: 1. They really don’t listen anyway (based on virtually all of my problem reports to them never having been addressed) and 2. In practice it’s not really a practical problem for me. My systems and the applications I choose to use are very, very stable.

        ScreenGrab_W10VM_2017_05_20_115940

        Are things different for Win7,8,10?

        Surprisingly little has changed on the “desktop side” since Windows 7, so – presuming you shun the Apps as I have – the short answer is: No, not very different at all. Most Windows 7 and 8.1 tweaks are effective on Windows 10.

        -Noel

        Attachments:
        You must be logged in to view attached files.
    • #116504 Reply

      anonymous

      Does anyone know if this problem still exists in game for Windows 10?

      https://superuser.com/questions/1075848/why-does-windows-games-explorer-attempt-to-access-the-internet-whenever-i-laun

      Every time I launch a game in Windows 7, Microsoft knows I launched that game. To stop it requires deleting files.

      • #116663 Reply

        Noel Carboni
        AskWoody MVP

        I did a DNS log search… I’m not seeing those sites/addresses contacted.

        Windows Games Explorer… Is that the “wrapper” within which the games are presented? I can’t say I’ve used that.

        I admit I do very little gaming, though I enjoy the old circa Win 7 Solitaire and Minesweeper games from time to time. My question is this, assuming I’ve characterized what “Windows Games Explorer” is properly above: Why use the “Windows Games Explorer” wrapper at all? You can start games directly via shortcuts to the executables (e.g., in the Start Menu).

        If there is some feature it provides that you really want to retain, what I’d do is to research online (as apparently you’ve done, referencing the link to SuperUser.com) to see whether others have found a workaround.

        And lastly, in my case with a DNS proxy with blacklisting capability AND a firewall on task, it’d be pretty trivial to block DNS resolution of the sites seen contacted (e.g., games.metaservices.microsoft.com), and as a backup not allow connections to them to succeed. I’d be willing to bet the games will run anyway.

        CAVEAT: Games and other executables do expect to be able to verify their security certificates. For that reason you should expect occasional communications (not every time, but maybe every week or month) to security certification authority sites such as ocsp.comodoca.com, crl.usertrust.com. That list of legitimate CA sites is fairly long and even includes some Microsoft certification authority servers (e.g., mscrl.microsoft.com, ctldl.windowsupdate.com, etc.) that probably should be allowed. You could try to do without allowing such communications but you’ll be reducing the efficacy of the security certificates on your system by not allowing the checks to re-confirm their validity.

        Here’s the list of CA sites I allow all my systems to contact unconditionally:

        ScreenGrab_NoelC4_2017_05_20_123200

        -Noel

        Attachments:
        You must be logged in to view attached files.
        • #117652 Reply

          anonymous

          For this, I did run it from the Start Menu without even game explorer running. I even ran the program directly. What seems to be happening is Microsoft seemed to have loaded a game signature or something into something called the “Program Compatibility Assistant”. Whenever the exe for that game is launched, “Program Compatibility Assistant” is called which then calls Microsoft asking for information about that game.

          The only way I got it to stop calling Microsoft is by doing the last recommendation in this site https://schmatzler.de/en/2016/04/28/windows-7-verzoegerter-programmstart-durch-game-explorer/

          The blog says this: “The final resolution: Deleting C:\Windows\AppPatch\sysmain.sdb. This database contains compatibility setting for a lot of programs and it looks like all games contained in this database (like NOLF.exe, lithtech.exe) are always scanned by Games Explorer, regardless of the settings you made.”

    • #116666 Reply

      Ascaris
      AskWoody Lounger

      Thanks for this, Noel… it’s right in line with what I am trying to do with my system too (Win 8.1).  I’ve used Abbodi86’s guide (as cited by Woody in the Infoworld article) to start.

      The DiagTrack service and all apps have been deleted (the latter thanks to the tiny but incredibly useful install_wim_tweak.exe tool).  Unless my PC resumes from standby one morning and finds that it’s morphed into a phone overnight, I won’t be needing any “apps.”  I’ll be using “programs” instead.

      Windows 8.1 has been in de facto extended support since Windows 10 came out, even though it’s officially in mainstream support for another year.  While that means that things like support for Ryzen and Kaby and a backported DX12 that would have been coming down the pike in past years (recall that Win 7 came with DX11, which was soon backported to the architecturally similar Vista while it was under mainstream support.  Win 10 came with DX12, and now the architecturally similar 8.1 is under mainstream support.  DX12 coming?  Anyone?  Bueller?) now will not be, it also means that the mini (many?) service-pack level upgrades that keep putting the unwanted stuff back in 10 won’t be a problem for 8.1.

      I know that no matter how satisfying it may be to mercilessly rip the offensive bits out of Windows, there is always a concern about stability.  Fortunately, I haven’t seen any issues with this.  If not for the crashiness of Firefox in the last two releases, I’d have that nice, flat, solid 10 line in the reliability monitor that you have posted, Noel (now it’s 10 interspersed with the dips from FF crashes, then a week to build back up)… I am guessing that one or more of my addons (despite being marked as compatible with the newest FF) are really not.  The writing’s on the wall, though, so I’m beginning what will probably be a transition to Pale Moon.  It’s been rock stable so far, like Firefox pre-51).

      I checked out the Sphinx Windows 10 Firewall Control (Plus) on your suggestion, and I liked it so much that I bought it for my two main PCs.  It makes it pretty easy to get a handle on what process is trying to communicate with what IP address… Wireshark displays everything about the packets sent, but it doesn’t connect them with a process.  Between the two, I still have not found anything I would consider suspicious for being telemetry.  I see more CRL checking than I thought was happening… I see Windows Update checks… I see Windows time sync (I haven’t disabled it, but it is set to time.nist.gov).  All of that is happening with my permission, though, so no problem.   That is the rubbing point right there– as soon as you tell me I can’t opt out, the answer becomes a firm NO, to be enforced by any means necessary.

      So far, I have yet to see anything that looks like it is the telemetry sneaking back in.  I haven’t seen DiagTrack reinstalled with subsequent rollups, though I will check every time.

       

      1 user thanked author for this post.
    • #117676 Reply

      ViperJohn
      AskWoody Lounger

      Ran across this and wasn’t sure where to put it  It is an interesting read for sure:

      https://www.theinquirer.net/inquirer/news/3010547/microsoft-appears-to-be-blatently-ignoring-privacy-group-settings-in-windows-10

      If this is true then it would seem to make Windows 10 Enterprise version at best worthless to businesses and DOA while at worst being outright illegal for use by many/most large corporations and defence contractors.

       

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: The complexity of controlling Windows telemetry

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: