[qrmn]

I'm going to recommend deadlisting/disassembly instead. Network analysis doesn't give as much context for exactly what is sent, and there seems to be - as far as I can see, yet? - a total lack of hard data and verifiable evidence about what all this "telemetry" actually is, what can be turned off, what can't, and what actually gets sent to whom, when, from what, and why.

The "evidence" I have seen so far that Windows 10 communicates with its maker is, let's be honest, pretty scaremongery and includes things like LLMNR traffic - which is link-local! - and neglects to consider that Windows Update now checks much more frequently (because of the accelerated release cadence of a rolling release) and essentially torrents its updates now, P2P-style.

If there's a real privacy issue - and there may well be, especially on default settings - we need reliable, detailed, hard information to see what binaries send what to where to begin to address it, and to see what can be turned off, what should be, etc. Does anyone know if anyone's begun that analysis yet?

(Of course it really should be Microsoft openly discussing this, but in the absence of that, the mantle inevitably falls to independent researchers.)