Skip to main content

Windows 10 PC’s phone home even after privacy hardening

When you install Windows 10 on a new PC or upgrade an existing version of Windows to the new operating system, you get the option to customize select preferences or use the defaults instead.

If you select to customize, you get the option to disable three pages full of features related to privacy.

While that is a good start at limiting Windows 10's hunger for data, it is nowhere near sufficient to keep the operating system from talking with Microsoft servers regularly.

A user on Voat analyzed the network traffic of Microsoft's Windows 10 operating system using a DD-WRT router and a Linux Mint laptop with remote logging and Windows 10 Enterprise installed on Virtualbox recently.

He turned off all privacy-related features during custom installation, and let the computer sit idle for eight hours straight afterwards logging network traffic.

In the eight hours Windows 10 made 5508 connection attempts.

Here is the roughly 8-hour network traffic analysis of 5508 connection attempts of an unused, base install of Windows 10 Enterprise

The top 10 sites the operating system tried to establish connections to are:

ip_address nslookup port protocol attempts route origin description
94.245.121.253   3544 UDP 1619 94.245.64.0/18 AS8075 MICROSOFT
65.55.44.108   443 TCP 764 65.52.0.0/14 AS8075 MICROSOFT
65.52.108.92 msnbot-65-52-108-92.search.msn.com 443 TCP 271 65.52.0.0/14 AS8075 MICROSOFT
64.4.54.254   443 TCP 242 64.4.0.0/18 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK
65.55.252.43 msnbot-65-55-252-43.search.msn.com 443 TCP 189 65.52.0.0/14 AS8075 MICROSOFT
65.52.108.29 msnbot-65-52-108-29.search.msn.com 443 TCP 158 65.52.0.0/14 AS8075 MICROSOFT
207.46.101.29   80 TCP 107 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK
207.46.7.252   80 TCP 96 207.46.0.0/16 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK
64.4.54.253   443 TCP 83 64.4.0.0/18 AS8075 MICROSOFT-CORP-MSN-AS-BLOCK
204.79.197.200 a-0001.a-msedge.net 443 TCP 63

He analyzed the network traffic again after 30 hours, and posted his finding on Pastebin as a dump this time. We have uploaded the full dump to our own server, you may download it with a click on the following link: windows10-connections.txt

After 30 hours of use, Windows 10 attempted to connect to 113 non-private IP addresses.

He then decided to run a privacy tool for Windows 10, DisableWinTracking, and monitor network traffic again for a period of time to see how it affects the connections made during that time.

DisableWinTracking is not the most complete privacy tool for Windows 10, but it enables you to make several changes related to privacy to the system including disabling telemetry, services, blocking domains and IP addresses, and uninstalling applications.

disable windows tracking

After running the tool, he monitored the network traffic for another 30-hour period and noticed a drop in connection attempts (from 5508 to 2758) and a drop in unique IP addresses the operating system tried to connect to (from 95 to 30).

It is likely that tools that programs that offer more options than DisableWinTracking reduce the numbers further.

The takeaway from the test -- which requires verification -- is that Windows 10 will connect to remote sites regularly even if the operating system has been configured for privacy and the computer is idle.

It is unclear why Windows 10 makes that many connections even when idle.

Windows 10 users who don't want any of those connections to be made can use the researcher's recommended list of IP ranges to block in a firewall / router. Please note that doing so may impact functionality such as update checking and downloading as well.

 

This article was first seen on ComTek's "TekBits" Technology News

HOME