sort by:
new
want to join the discussion? or register in seconds.

top comments

[–] [deleted] ago 

[deleted by user]

[–] BobBelcher 1 points 34 points (+35|-1) ago  (edited ago)

So, just to quickly summarize, that's 3967 connection attempts to 51 different Microsoft IPs.

Obviously port 80 is standard web traffic for http, port 443 being for https.

According to this, that first one with the most attempts on port 3544 is likely to be their Consumer Experience Program. So, telemetry data. OP, can you confirm if you opt'ed out of that program during the install? If you did, and it's still trying to connect that many times..... That IP also apparently traces back to the UK.

EDIT - Archive link since OP nuked his posts: https://archive.is/QFL8e

[–] [deleted] ago  (edited ago)

[deleted by user]

[–] alexei954 0 points 6 points (+6|-0) ago 

That IP also apparently traces back to the UK.

This is significant. By routing traffic to an overseas connection, traffic is automatically susceptible to warrant-less data collection. Additionally, once it is in Britain, it becomes susceptible to collection by the GCHQ (the British version of the NSA) and whatever rules the British may or may not follow for data collection. Once they have it, it can be shared back with the US, providing another legalistic end-run to deal with.

Load more replies (3 remaining)

[–] [deleted] ago 

[deleted by author at 2/12/2016 1:11:37 AM]
Load more replies (5 remaining)

[–] crustyjuggler 2 points 40 points (+42|-2) ago 

I think the best thing to do after a few more days of collection is to gather the same information again after running spybot anti-beacon. I'm EXTREMELY curious to see what you find. You're right, no one seems to be talking about this. Everything I have found on the net is either "oh, this is what they are spying on" and "here are a few tools like spybot anti-beacon". Zero fucking reviews on whether they work or not, and it's bothering me. I've been meaning to run a windows 10VM and inspect the traffic coming from the virtual adapter, but I haven't had the time. Thanks in advance. BTW. Lol, we have similar usernames. Stay crusty!

[–] [deleted] ago 

[deleted by user]

[–] crustyjuggler 1 points 15 points (+16|-1) ago  (edited ago)

Anti-beacon basically modifies the registry, local group policy, and disables a ton of the telemetry. I think it adds a bunch to the hosts file also. Though, I have heard that low level components of Windows 10 can get around the hosts file instead of blocking traffic.

Barnacules Nerdgasm did a semi-review on it. https://www.youtube.com/watch?v=u1kGMCfb2xw

Thanks for doing this!

[–] simagule 1 points 4 points (+5|-1) ago 

Can you also do a install where you don't uncheck all the tracking options for a comparision

Load more replies (1 remaining)

[–] ginx2666 2 points -1 points (+1|-2) ago 

Zero fucking reviews on whether they work or not, and it's bothering me.

Whether they do or not, the best way to completely cut off M$ is to block those addresses in external, hardware firewall. There. Nothing M$ can do about that.

[–] crustyjuggler 1 points 0 points (+1|-1) ago 

I have been recently tempted to build a pfsense router. Maybe now's the time to really consider it since I run wind10 on my gaming rig and laptop.

[–] Troll 1 points 30 points (+31|-1) ago 

Thank you for posting this. These tables basically spell out FUCK YOU WE'RE MICROSOFT WE CAN DO WHATEVER WE WANT YOU FAGGOTS.

[–] european 3 points 4 points (+7|-3) ago 

Well yes. They did write it. EULA probably does not promise to not totally and utterly destroy your privavy.

[–] arrggg 1 points 21 points (+22|-1) ago 

Excellent writeup and documentation. I did the same test on Windows 10 Enterprise and was unable to stop the connections out, even after disabling most of the services.

While you are at it, here are a few more things to try that will produce interesting\creepy results

Block all the dns requests from local hosts file, and see how many retry with hard coded ips. Block all the IP's collected from the first 2 tests with null routes or on the router, and see how many alternates it tries. Disable the services that enable telemetry, ceip, onedrive, windows store, windows defender, windows update, and then document the new connections out.

Can't wait to see your results. Documenting this unbelievable spyware is the first step to doing something about it.

[–] [deleted] ago 

[deleted by user]

[–] chubbysumo 0 points 0 points (+0|-0) ago 

Block all the dns requests from local hosts file, and see how many retry with hard coded ips

it has already been proven that you cannot block or disable MS IPs through the host file, the windows firewall, or the group policy editor. Its hard coded into windows 10 to allow those IPs 100% of the time. You need to add IPtable rules to block/drop them.

[–] [deleted] ago 

[deleted by user]

[–] FuttsMcButts 1 points 6 points (+7|-1) ago 

Thanks for taking the time to do this for people that don't know how or don't have the time for!


load more comments ▼ (34 remaining)