[–] [deleted] 1 point 10 points (+11|-1) ago 

[Deleted]

[–] [deleted] 0 points 1 point (+1|-0) ago  (edited ago)

[Deleted]

0
3

[–] Drenki 0 points 3 points (+3|-0) ago 

Slashdot
for professionals

But seriously, all I've learned is that Microsoft is dead-set on monitoring activity and there's no reason to believe they won't attempt to route through different IPs in the future.

I'm never giving them money again if I can help it.

[–] [deleted] 0 points 6 points (+6|-0) ago 

[Deleted]

0
3

[–] BobBelcher 0 points 3 points (+3|-0) ago  (edited ago)

I just installed that on one of my Win 7 boxes. It does some registry stuff concerning the Consumer Expierence stuff, but also uses the hosts file to block domains. Here is what they block:

0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nstac.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net

All but one of those domains are ones I already knew about and have pinged to get their IPs. So here is the list again but I put their actual IPs in so you can block by domain or IP.

IP Domain
65.55.130.50 choice.microsoft.com
^Same^ choice.microsoft.com.nstac.net
65.52.100.7 df.telemetry.microsoft.com
65.55.252.63 oca.telemetry.microsoft.com
^same^ oca.telemetry.microsoft.com.nsatc.net
96.17.111.75 redir.metaservices.microsoft.com
65.52.100.91 reports.wes.df.telemetry.microsoft.com
65.52.100.92 services.wes.df.telemetry.microsoft.com
191.232.140.76 settings-sandbox.data.microsoft.com
64.4.54.253 settings-win.data.microsoft.com
65.52.100.94 sqm.df.telemetry.microsoft.com
65.55.252.93 sqm.telemetry.microsoft.com
^same^ sqm.telemetry.microsoft.com.nsatc.net
65.55.252.190 telecommand.telemetry.microsoft.com
^same^ telecommand.telemetry.microsoft.com.nsatc.net
168.61.24.141 telemetry.appex.bing.net
65.52.100.9 telemetry.microsoft.com
65.55.44.85 telemetry.urs.microsoft.com
64.4.54.32 vortex-sandbox.data.microsoft.com
64.4.54.254 vortex-win.data.microsoft.com
^same^ vortex.data.microsoft.com
65.55.252.43 watson.telemetry.microsoft.com
^same^ watson.telemetry.microsoft.com.nsatc.net
65.52.100.11 watson.ppe.telemetry.microsoft.com
65.52.100.93 wes.df.telemetry.microsoft.com
65.55.44.109 vortex-bn2.metron.live.com.nsatc.net
64.4.54.254 vortex-cy2.metron.live.com.nsatc.net
207.46.223.94 watson.live.com
65.52.108.154 watson.microsoft.com
157.55.129.21 feedback.search.microsoft.com
134.170.188.248 feedback.windows.com
131.107.113.238 corp.sts.microsoft.com
157.56.57.5 diagnostics.support.microsoft.com
23.210.132.198 i1.services.social.microsoft.com
^same^ i1.services.social.microsoft.com.nsatc.net
duplicate of above vortex-bn2.metron.live.com.nsatc.net
duplicate of above vortex-cy2.metron.live.com.nsatc.net

I didn't have all these blocked but now that I see Anti-Beacon is blocking them, I'll add all these IP's to my block ruleset on my router/firewall.

Edit - Added table, fixed missing IP.

0
1

[–] ifactor 0 points 1 point (+1|-0) ago 

Cool, but I'll just point out that IP addresses can change often, and can simply be different depending where you connect from, depending on how they configure the service.

[–] [deleted] ago 

[Deleted]

0
4

[–] roznak 0 points 4 points (+4|-0) ago 

What happens if Windows 10 have no Internet connection?

Because in the next coming months I will pull my Windows 10 computer physically from Internet and only allow it for short moments where I decide and not when Microsoft decides. The end goal is a complete contained and disconnected Windows 10 PC for my normal stuff and a second Linux machine for Internet things.

0
7

[–] onegin 0 points 7 points (+7|-0) ago 

Timing might not help that much as windows will be aware when the internet connection has been restored. If you want to sandbox the machine like this your best bet would be to download stuff on another machine and then grab the files locally over LAN or removable drive. If you want to play online games or stream or something from the Win machine, you could put it behind a firewall and only make explicit exceptions.

0
3

[–] TremorAcePV 0 points 3 points (+3|-0) ago  (edited ago)

A guy on Slashdot takes issue with your test and with Voat apparently.

I read TFA, the guy is an idiot and screwed up the test.

He configured the router to drop all connections. So Windows tries to access Windows Update, and it fails. So it tries the next server on the list, which fails. Strange, the interface has an IP address, try the next one...

Windows also has this thing called the Out Of Box Experience. It's been there since at least 98, probably before. The first time you log in, it runs a few things so you can choose your preferences and set important stuff up. If you ignore it, it will carry on looking for updates from the Windows Store, updates for live tiles in the start menu etc.

Every OS enables a load of crap by default. This is not surprising at all.

Unlike the guy in TFA, I bothered to do this properly. If you disable everything and don't use Windows Store apps then the only traffic is to Windows Update.

This is what happens when your source is a Reddit knock-off full of people who found Reddit too civil.

... "who found Reddit too civil"

Pfff, apparently he doesn't use Reddit.

Admittedly, he has a point. The test was basic but that's all it was expected to be. It just didn't show what was being looked for though.

Correlation =/= causation.
Lots of IP attempted connects =/= spying.

[–] [deleted] 0 points 1 point (+1|-0) ago  (edited ago)

[Deleted]

0
2

[–] binglederry 0 points 2 points (+2|-0) ago 

For what it's worth, I still got outbound connections after disabling Windows update, time sync and toredo on top of running other anti-spy tools. Slashdot dude is probably full of shit.

[–] [deleted] ago 

[Deleted]

0
0

[–] TremorAcePV ago 

I kind of agree. Obtuse criticism without advice on correction is pointless imo. He could've stated his issues with the test without being a dick about it. And if it's so easy, why doesn't he do it?

0
2

[–] BobBelcher 0 points 2 points (+2|-0) ago 

I don't think blocking entire routes is a good idea. Likely will be legitimate servers that would end up being blocked. Like Hotmail servers. Yeah, yeah "who uses hotmail anymore?". Some people might and you'd be killing access to that by blocking entire routes like this. I prefer to just block their spying stuff.

1st on your list: http://www.tcpiputils.com/browse/ip-address/94.245.64.0-94.245.127.255
3rd on your list: http://www.tcpiputils.com/browse/ip-address/207.46.0.0-207.46.255.255

I haven't looked up any more.

[–] [deleted] 0 points 5 points (+5|-0) ago 

[Deleted]

0
3

[–] BobBelcher 0 points 3 points (+3|-0) ago  (edited ago)

I suppose that would work, but it kinda looks like they are doing legit web hosting inside some of those routes so it'd be an ongoing process of "Why isn't this page loading" and eventually "Oh, it must be in one of those routes I blocked".

There must be a better way. My girlfriends laptop runs 10 so I'm setting this stuff up in my Ubiquiti router to try and block all this telemetry shit. I am seeing some blocks going on already, but I know I'm not getting it all.
https://sli.mg/a/wlGWQu
That isn't the complete list of what I've blocked so far, it just includes what has actually blocked stuff so far. I got those domains from searching elsewhere online and pinged them to get the IPs.

Edit - Also, those blocks may not all be from the Win10 laptop. I have 2 Win7 boxes that run 24/7 as well. Some could be from those.

0
1

[–] gattaca 0 points 1 point (+1|-0) ago 

and for those using Mikrotik gear ive turned your list into a firewall script

http://pastebin.com/uEkqVbh7

0
1

[–] forgetmyname 0 points 1 point (+1|-0) ago 

What about looking up all microsofts IP blocks and adding them all to blacklists, then see what keeps sending outgoing connections, and to whom.

0
0

[–] BobBelcher ago 

The problem with blocking all IPs Microsoft owns is that you'd end up blocking legit stuff, including websites that have nothing to do with Microsoft other then using their Azure hosting service.