• The complexity of controlling Windows telemetry

    Home » Forums » Newsletter and Homepage topics » The complexity of controlling Windows telemetry


    Noel Carboni has a great post that I wanted to bring up here onto the main page. It’s in response to the question of what to recommend for Win7 and 8.
    [See the full post at: The complexity of controlling Windows telemetry]

    1 user thanked author for this post.
    Viewing 19 reply threads
    • #116170

      That’s an excellent post but please note that some of what Noel describes is technically not telemetry. From Configure Windows telemetry in your organization:

      “Telemetry can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not telemetry. For example, exchanging a user’s location for local weather or news is not an example of telemetry—it is functional data that the app or service requires to satisfy the user’s request.”

      And here is an important point: functional data, although not considered telemetry, can potentially have privacy implications. I’d advise the interested reader to browse the relevant links in topic Links: Microsoft privacy statements and Windows network connections to Microsoft to get an idea of the network connections that potentially can be made to Microsoft.

      One last point: there are also potential privacy implications of network connections to non-Microsoft endpoints. A major example is the data broker industry.

      4 users thanked author for this post.
      • #116252

        Thanks for your compliment. Yes, indeed, it’s technically not telemetry – but I think most folks really imagine a fully private system that not only doesn’t send in what Microsoft calls telemetry, but also doesn’t spill your beans to web sites that seek to track you, doesn’t send your files to sharing servers automatically, doesn’t notify sites what executables are scanned by your antivirus software, doesn’t send your keystrokes and voice recordings to servers, etc. The overall problem is greater than Microsoft telemetry alone and all needs to be considered together.

        In short, communications should ideally ONLY be those initiated by you or the things you run or you’ve scheduled to run, and only those needed to get the task you’re trying to accomplish done.

        We all know that in today’s age of monstrously fast networking WAY more than you want could actually be sent without your even knowing it. And in fact that’s actually happening all the time. My configuration setup blocks several web accesses just browsing this page alone.


        5 users thanked author for this post.
        • #116417

          Good job NoelC. It’d be nice if nlite had the ability to strip away or install a small appliance acting as a private server as a loopback for some of the “telemetry” sources. If only msfn were as active as it used to be.

          1 user thanked author for this post.
    • #116173

      Hello –

      Suppose I’m a regular “end -user” who wants to run Windows 10 Enterprise on a stand-alone desktop. Assuming I set 10 Enterprise’s privacy-related settings to maximum, to what extent would my privacy considerations differ from the overview provided here?

      My sincere thanks for the terrific insights!

      Best regards,


      2 users thanked author for this post.
    • #116188

      I’d like to do what Noel’s doing with Win 10, or its successor, by the time MS forces me to move from Win 7 Ultimate, Group B. I’m willing to go with Enterprise if that’s what it takes.

      I don’t mind working with the Registry, Group Policy, Task Scheduler, etc., but I don’t have the time or inclination to become a software engineer, in order to do this. Like many others, I’m also wedded to Windows for business software that requires it.

      2 users thanked author for this post.
      • #116358

        Enterprise really is the best bet, but you need to get access to that version, which is not necessarily easy; like, you can’t just go somewhere and buy it.

        I sincerely hope this will change in the future, one where Microsoft will sell a single Ent version license to anyone willing to fork over X-hundred-$.  Maybe large OEM’s with “business center” stores can handle this.

    • #116184

      “What does one have to consider doing without? …”

      I’m already doing without everything on that list and I don’t consider myself all that extreme. The only program that I allow online is my web browser. If a program requires “cloud integration” I’m simply not going to use it (there are “alternative” ways of using those programs completely offline, if I really had to).

      I don’t want people to rationalize Windows telemetry by claiming that “everything you use has telemetry anyway”, because (1) that’s not true and (2) as long as firewalls and other methods exist you still have some control.

      5 users thanked author for this post.
      • #116253

        I don’t want people to rationalize Windows telemetry by claiming that “everything you use has telemetry anyway”, because (1) that’s not true and (2) as long as firewalls and other methods exist you still have some control.

        That’s a good point, but it’s not hard to imagine a program that just won’t run if it’s not allowed to send information about you in.

        As a VERY simple example, imagine a “Weather App” that sends in your location in order to tell you what the weather’s like around you (yes, I admit it’s a bit of a silly idea, though certainly being able to call up forecasts is nice).

        Now imagine that you’d rather not have your “Weather App” notify Microsoft or Google or TheWeatherChannel or whomever where you are all the time, but you’d still like the weather forecast.

        In the “good ol’ days” of course we just entered our town or zip code but now that “Weather App” just won’t work without it being able to gather a little bit of intel about you.

        It may be a case in the long run where “resistance is futile”, but for now, I still choose to browse the web to e.g., Weather.com and enter my town or zip code. 🙂


        1 user thanked author for this post.
        • #117687

          Sounds like we need a “XPrivacy” for Windows 10.  XPrivacy is a intermediary between Android Apps and the info they require.  For example I can tell my weather app my zip code and a fake GPS longitude and latitude that matches the zip code if that is what it needs to work.  Other examples would be an app that needs my phone number for some reason, I can tell it it is “000-000-0000” in XPrivacy and the App is none the wiser.   Device ID, IMEI, Accounts, etc all can be faked.  Access to “contacts” without actuality giving access to my real contacts, done!  Some Apps want strange permissions like a banking app wanting my browsing history… um, why?  So, I restrict that and as far as the App knows I’ve only been to google.com.

          A bonus of a program like that would be to completely screw up Microsoft’s telemetry collection with fake data.


          1 user thanked author for this post.
    • #116187

      I’ve used Spybot Anti-beacon which blocks pathways, is customizable and hasn’t caused any problems since I installed it on 9 win 7 PC’s 10/2016. After a patch I refresh it incase one of doors it closed has been reopened by the patch. It uses no resources as it just closes the doors and shuts down. Repeated scans have shown no spyware..indeed spybot has a good reputation as a vendor of anti-spyware.

      Can I be sure Microsoft isn’t still able to monitor my not terribly interesting activities? Nope. But it’s a lot less likely and there’s no downside..it’s free.

      I have no affiliation with spybot.

      2 users thanked author for this post.
    • #116198

      Thanks for the rundown, Noel. (And thanks, Woody, for publishing this.) Oddly enough, without a fraction of your technical know-how, I’ve set up my computer in much the same way. Most of it strikes me as common sense, such as staying away from “the cloud” and “apps”, as well as not believing that all MS updates or settings are going to make your computer run safer or better.

      You’re probably correct about the auto-complete function in the search boxes, but, occasionally, the suggestions can be humorous or instructive. When a friend had surgery not long ago, he discovered that he’d been painted with something that he and I referred to as “orange stuff.” There was nothing in the hospital release notes that indicated what this substance was or what to do about it. So I started typing in “what is the orange stuff” when the auto-complete finished the top query “they put on me in the hospital.” Turns out that the “orange stuff” is an anti-bacterial preparation applied prior to surgery; but we found it amusing that, to a person, everyone searching for the answer referred to it as “orange stuff.” Also, not a single patient had been told what it was or how to remove it  (removing it isn’t easy, either).

      3 users thanked author for this post.
    • #116196

      This is from a FreeBSD I use as a desktop and firewall for a small home network.  You don’t need a ton of things open.  Start with a default deny, then I opened the following ports outbound:

      UDP: domain, ntp, https, imaps

      TCP: domain, http, https, imaps, pop3s, smtps

      Windows 7 machine had no issues doing everything it normally needed.  FTP may require a little bit of fiddling.  The problem is by default Windows is a “default allow outbound”, I think is statefull, inbound I’m not sure.   But for a desktop, start with default deny in and out, statefull and turn things on as you need them.


      Now the biggest issue is just because an outbound packet says is https, doesn’t mean the contents is actually https.


      1 user thanked author for this post.
    • #116204

      Noel: That is awesome. I have great respect for your attention to detail. If only Windows could have been built that way in the first place! I got a buzz from disabling the telemetry on 7 at first but found it disturbing when an update would turn it on again…as if sticking it’s tongue out at me. Maybe I gave up too easily. I finally just let Windows 10 do what it wanted. I became passive, numb to the abuse, willing to be kept waiting for an hour while it completed an update. When did this helpful servant become my master? I feel a bit guilty…but I have a new operating system that treats me with such kindness. I am feeling like an equal in the relationship now. There is no unpleasant drama, no sense of betrayal, no high maintenance. It just works. No, not the expensive because she thinks she’s worth it system. Debian Linux cost me nothing but a few gigs of hard drive space and gives me so much reliability, privacy, updates done in a matter of seconds, we’ve been together nearly two years, I am still goofy in love. Maybe if I had put as much work into Windows as I just did writing bad romantic comedy. Many others can find this happiness when they realize they have received an invitation.

      2 users thanked author for this post.
    • #116221

      Thank you Noel, that was really useful.

      Personally I just want an O/S that is stable and works, I do not want cloud, apps or any other service just an O/S nothing more nothing less.

      I have a couple of spare laptops I have been using Linux on for a while now to get used to it in readiness for when win7 deprecates, but if win10 can be secured (and kept secured) as you’re highlighting then perhaps it may be viable.

      1 user thanked author for this post.
    • #116223

      Awesome as always, Noel. I have taken some steps towards this end, but am nowhere near as experienced as you are. I’ve edited group policy a little, task scheduler a little, disabled numerous services, use a firewall that has served me well for years and I have MalwareBytes and I still use Avast because it has prevented the loading of suspicious sites on occasion and uses no CPU. Usually, uBlock or ABP will catch something like that, but still nice to have the extra layer. I don’t use email a whole lot and never open anything unless I know what it is.

      I would be interested in hearing more from you on this topic especially regarding registry (no UI) edits which I can do, but don’t know enough to just go fiddling with things randomly in there and maybe some group policy tips. I always love to learn more about this stuff even though my time with Windows is likely coming to an end if it is at all possible. Thanks again, Noel. Always love reading your posts.

      1 user thanked author for this post.
    • #116225

      Many years ago my Wife and I sat down for a seafood dinner.  We were supposed to have received fillets but my meal was full of bones.  After a short time I pushed the plate aside.  When my Wife asked why I stopped eating I told her that my preference is to enjoy my meal, not wrestle with it.  And I feel the same way about using my computers. Even though I do work with software and am perfectly comfortable with MSDN and Technet the Herculean efforts required to maintain a modicum of privacy with Win 10 convinced me to adopt Linux.

      2 users thanked author for this post.
      • #116430

        I’m in the process of doing this exact thing right now. I’ve spent a lot of time learning Linux and I’m in the process in porting my personal software to Linux. Linux has come along way in the last few years and it is no longer the complex thing with no applications or poor man clones of software it used to be.

        I figure if Windows is still terrible by the time 8.1 EOLs, that is where I’ll probably be going.

        It’s not about MS spying or anything, I know everything is doing that these days. I just want a workable system, which MS is unable to provide with Windows 10.

    • #116238

      Thanks for all the nice feedback folks. It was just a forum post; I didn’t imagine Woody would promote it to a blog featurette. 🙂

      Regarding wrestling with computers vs. just using them…

      Surprisingly, in the groove I’m in I don’t find I’m fooling with my systems very much in an ongoing way. To co-opt a phrase, they “just work“. Most of my tweaks aim for “set it and forget it” simplicity.

      As an example, I bought a new nVidia graphics card and put it in a couple of weeks ago, which required a power-down. The install went smoothly and since powering it back up my Win 8.1 workstation has “just worked” 24/7. Note the up time…


      For those who want to see a hint at what I have done to Windows 10 to get it into a docile, unobtrusive state, Microsoft’s frequent releases have seen to it that I have to build many of the tweaks into a “re-tweaker script” that can be found here. Note: There’s some deep geek stuff in there, and it can break your system if your goals are not identical to mine. It’s not tested except for the case where every question is answered “Y” (i.e., my way). I developed it primarily so I could re-tweak my own Windows 10 setups after in-place upgrades. I suggest looking at the commands within to get an idea of what I do. Unfortunately it’s not complete. It may never be complete.

      Lastly, I want to mention something I didn’t say before: It’s important, if you want to understand what your computer is doing on the net, to have good ways to see what sites it’s contacting. In my case I have a 3rd party firewall package (Sphinx) and an open source DNS proxy (Dual DHCP DNS Server) that give me good readouts of what programs are making what attempts to talk to what servers. One of my favorite things to watch is a window that shows me what DNS resolutions are being done in real time. It’s a “tail -f” in a command window (using an old tail.exe tool I picked somewhere a very long time ago):


      You’ll note my DNS proxy integrates a “bad site blacklisting” subsystem I’ve developed (look for the — blacklisted by DNS proxy — entries in the above screen grab). What you see is just some of the stuff that goes by when doing web browsing.

      Most of the time the system doesn’t butt heads with my firewall, which I have set up as “deny-by-default” – i.e., only sanctioned, pre-approved communications are allowed. But if it tries to do some kind of new or unanticipated communications, they’re blocked (and I’m notified). This screen grab shows an example where an application (“Bowpad”) has been granted specific permission to check for updates to itself. Note that it also does a couple of security certificate checks in addition to querying svn.code.sf.net:


      Note especially that all these tools are name-based. It becomes an impossible task to know what’s going on with communications if one tries to use IP addresses. Note that any given server name (e.g., http://www.microsoft.com) could resolve to a whole slew of IP addresses. That’s the modern internet for you. Did I mention that all this networking was complex stuff? 🙂



      7 users thanked author for this post.
      • #116326


        You may have reached a “forget it” stage, but only with a lot of technical knowledge, time and effort in the “set up” stage. Even we had the latter two — which we don’t — we don’t have the former. Learning and configuring several tools these ways to work jointly is not for even the moderately knowledgeable average user. And I am not clear as to how much protection that

        The lesson I am taking from this is that I will do anything I know and can to protect myself, but the problem is a systemic one that can be resolved only collectively and not via individual configuration of computers. I won’t hold my breath.

        1 user thanked author for this post.
    • #116330

      Thanks Noel and Woody. It’s not that one can not secure fairly well W10, it’s that it takes more skill than most have to do. That’s one of my major complaints; the lack of an easy method to turn off telemetry. I am not sure I can properly do what you did and I am reasonably astute technically.

      1 user thanked author for this post.
      • #116356

        So, are 3-rd party products like “O&O ShutUp” not living up to their specs about being able to shut down lots of comms to MS servers & MS data brokers?

        1 user thanked author for this post.
        • #116378

          O&O is a good tool to have in the arsenal, but it’s not going to do it all on its own. As I mentioned, not every unwanted communication is telemetry.


          2 users thanked author for this post.
          • #116489

            Thanks Noel, I mentioned O&O for the “non techies” that frequent Woodys’ blog as they might have been relying only this to tame their windows 10 boxes.

            1 user thanked author for this post.
    • #116364

      How nice and user-friendly it would be if Win 7/8.1 users have a button to switch off ALL unnecessary Telemetry & Data collection by MS.

      Noel’s method is only for techies who comprise of about 5% of computer users.

      P S – Additional Telemetry/Snooping updates for Win 7/8.1 were introduced by MS soon after the launch of Telemetrized/Snooped Win 10 in July 2015.

    • #116420

      Noel: What’s your opinion for using PiHole to block telemetry with Windows 10?

      • #116655

        I’ve read about that little device, and it looks like a pretty good approach. I haven’t tested it myself.

        Anything that can allow you to gather up the information from the many wonderful folks online who publish lists of bad web sites and use it to your advantage would be good.

        It’s implied here that setting up an environment that allows you to block communications with bad sites gives you control over what you consider “bad”. It’s a bit complicated to figure out what sites to allow and what to block, but if you think Microsoft telemetry is “bad”, sites such as vortex.data.microsoft.com could go on your blacklist. A blacklisting setup that allows wildcarding could be set to block things like…


        Does the pi-hole allow wildcarded specifications?


    • #116427

      I see you like having File Explorer without all the bloat (ie: no Music, Downloads etc folder).

      Noel: I have found that after getting File Explorer exactly the way I like it without any of the bloat that I randomly get this blue “Quick Access” shortcut on the desktop and I get a “Quick Access” folder type entry in the File Explorer view. If I hit refresh (F5) then they both go away.


      Do you experience this with your customised File Explorer?

      1 user thanked author for this post.
      • #116510

        I’ll have to read a little when I get the time, to see how to get rid of those annoying folders. I never understood why that junk popped up with no obvious way to get rid of it, since a lot of us use machines just for business.

        That Games Explorer thing is annoying, too.

      • #116589

        Quick Access is the one and only abstraction that I haven’t found a good way to get rid of in Explorer’s Navigation pane. But I don’t see it on the desktop or anywhere else.

        As a personal preference I set myself up with desktop shortcuts that open File Explorer to the root folder of various drives. The command to open an Explorer window to the root of drive C: is:

        C:\Windows\explorer.exe /expand,C:\

        Here’s what I see when I use that shortcut. Note that “Quick Access” and “This PC” are scrolled off the top in the navigation pane.



    • #116501

      It’s one thing to leave a computer on for 24 hours. It’s another things when using it or using it for weeks at a time.

      What kind of information is sent during startup and shutdown? What information is sent if a program crashes? If Windows crashes? If I work for a Microsoft competitor, what should I know about Windows telemetry? For example, if I have a program with a document opened called Microsoft_Hostile_Takeover_Plan.txt crash, what will Microsoft know?

      Are things different for Win7,8,10?

      • #116659

        What kind of information is sent during startup and shutdown?

        None at all in my case. I can easily monitor my network traffic externally and during bootup/shutdown. I can boot up my “golden” Win 10 setup and observe no DNS names resolved at all. In a typical configuration there is some NCSI (Network Connection Status Indication) traffic but I’ve disabled that. An even if it did ask, my network gear is set up to answer directly, without any packets getting out to Microsoft or DNS servers.

        I don’t stop when I block communications. I also figure out how to stop it from trying. I’m here to tell you it IS possible.

        What information is sent if a program crashes? If Windows crashes?

        I don’t know about most folks, but I turn off the stuff that seeks to send crash reports to Microsoft. There are registry keys (e.g., “HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsWindows Error Reporting”) that can be tweaked and services (WerSvc) that can be disabled. It’s not magic.

        There would be those who say that by not allowing telemetry I’m not providing Microsoft the information it would take to keep Windows or applications from crashing the way I in particular use them. To that I would respond: 1. They really don’t listen anyway (based on virtually all of my problem reports to them never having been addressed) and 2. In practice it’s not really a practical problem for me. My systems and the applications I choose to use are very, very stable.


        Are things different for Win7,8,10?

        Surprisingly little has changed on the “desktop side” since Windows 7, so – presuming you shun the Apps as I have – the short answer is: No, not very different at all. Most Windows 7 and 8.1 tweaks are effective on Windows 10.


    • #116504

      Does anyone know if this problem still exists in game for Windows 10?


      Every time I launch a game in Windows 7, Microsoft knows I launched that game. To stop it requires deleting files.

      • #116663

        I did a DNS log search… I’m not seeing those sites/addresses contacted.

        Windows Games Explorer… Is that the “wrapper” within which the games are presented? I can’t say I’ve used that.

        I admit I do very little gaming, though I enjoy the old circa Win 7 Solitaire and Minesweeper games from time to time. My question is this, assuming I’ve characterized what “Windows Games Explorer” is properly above: Why use the “Windows Games Explorer” wrapper at all? You can start games directly via shortcuts to the executables (e.g., in the Start Menu).

        If there is some feature it provides that you really want to retain, what I’d do is to research online (as apparently you’ve done, referencing the link to SuperUser.com) to see whether others have found a workaround.

        And lastly, in my case with a DNS proxy with blacklisting capability AND a firewall on task, it’d be pretty trivial to block DNS resolution of the sites seen contacted (e.g., games.metaservices.microsoft.com), and as a backup not allow connections to them to succeed. I’d be willing to bet the games will run anyway.

        CAVEAT: Games and other executables do expect to be able to verify their security certificates. For that reason you should expect occasional communications (not every time, but maybe every week or month) to security certification authority sites such as ocsp.comodoca.com, crl.usertrust.com. That list of legitimate CA sites is fairly long and even includes some Microsoft certification authority servers (e.g., mscrl.microsoft.com, ctldl.windowsupdate.com, etc.) that probably should be allowed. You could try to do without allowing such communications but you’ll be reducing the efficacy of the security certificates on your system by not allowing the checks to re-confirm their validity.

        Here’s the list of CA sites I allow all my systems to contact unconditionally:



        • #117652

          For this, I did run it from the Start Menu without even game explorer running. I even ran the program directly. What seems to be happening is Microsoft seemed to have loaded a game signature or something into something called the “Program Compatibility Assistant”. Whenever the exe for that game is launched, “Program Compatibility Assistant” is called which then calls Microsoft asking for information about that game.

          The only way I got it to stop calling Microsoft is by doing the last recommendation in this site https://schmatzler.de/en/2016/04/28/windows-7-verzoegerter-programmstart-durch-game-explorer/

          The blog says this: “The final resolution: Deleting C:\Windows\AppPatch\sysmain.sdb. This database contains compatibility setting for a lot of programs and it looks like all games contained in this database (like NOLF.exe, lithtech.exe) are always scanned by Games Explorer, regardless of the settings you made.”

    • #116666

      Thanks for this, Noel… it’s right in line with what I am trying to do with my system too (Win 8.1).  I’ve used Abbodi86’s guide (as cited by Woody in the Infoworld article) to start.

      The DiagTrack service and all apps have been deleted (the latter thanks to the tiny but incredibly useful install_wim_tweak.exe tool).  Unless my PC resumes from standby one morning and finds that it’s morphed into a phone overnight, I won’t be needing any “apps.”  I’ll be using “programs” instead.

      Windows 8.1 has been in de facto extended support since Windows 10 came out, even though it’s officially in mainstream support for another year.  While that means that things like support for Ryzen and Kaby and a backported DX12 that would have been coming down the pike in past years (recall that Win 7 came with DX11, which was soon backported to the architecturally similar Vista while it was under mainstream support.  Win 10 came with DX12, and now the architecturally similar 8.1 is under mainstream support.  DX12 coming?  Anyone?  Bueller?) now will not be, it also means that the mini (many?) service-pack level upgrades that keep putting the unwanted stuff back in 10 won’t be a problem for 8.1.

      I know that no matter how satisfying it may be to mercilessly rip the offensive bits out of Windows, there is always a concern about stability.  Fortunately, I haven’t seen any issues with this.  If not for the crashiness of Firefox in the last two releases, I’d have that nice, flat, solid 10 line in the reliability monitor that you have posted, Noel (now it’s 10 interspersed with the dips from FF crashes, then a week to build back up)… I am guessing that one or more of my addons (despite being marked as compatible with the newest FF) are really not.  The writing’s on the wall, though, so I’m beginning what will probably be a transition to Pale Moon.  It’s been rock stable so far, like Firefox pre-51).

      I checked out the Sphinx Windows 10 Firewall Control (Plus) on your suggestion, and I liked it so much that I bought it for my two main PCs.  It makes it pretty easy to get a handle on what process is trying to communicate with what IP address… Wireshark displays everything about the packets sent, but it doesn’t connect them with a process.  Between the two, I still have not found anything I would consider suspicious for being telemetry.  I see more CRL checking than I thought was happening… I see Windows Update checks… I see Windows time sync (I haven’t disabled it, but it is set to time.nist.gov).  All of that is happening with my permission, though, so no problem.   That is the rubbing point right there– as soon as you tell me I can’t opt out, the answer becomes a firm NO, to be enforced by any means necessary.

      So far, I have yet to see anything that looks like it is the telemetry sneaking back in.  I haven’t seen DiagTrack reinstalled with subsequent rollups, though I will check every time.


      Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
      XPG Xenia 15, i7-9750H/16GB & GTX1660ti, OpenSUSE Tumbleweed

      1 user thanked author for this post.
    • #117676

      Ran across this and wasn’t sure where to put it  It is an interesting read for sure:


      If this is true then it would seem to make Windows 10 Enterprise version at best worthless to businesses and DOA while at worst being outright illegal for use by many/most large corporations and defence contractors.


    Viewing 19 reply threads
    Reply To: The complexity of controlling Windows telemetry

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: