[tomswartz07]

Here's a 100% serious question:

If you 'absolutely must' use Windows 10, would it be possible to firewall off every outbound port from this machine to prevent this sort of tracking? Or does it just use Port 80, piggybacking on the normal http traffic?

Has anyone done a comprehensive analysis of exactly how this info is being sent?

[ionised]

I doubt you could with Windows Firewall, but my firewall (Comodo) seems to do the job.

You can find all the known domains and addresses for the Microsoft telemetry and advertising networks through some searching online. I added them all to my hosts file as well as block lists in Comodo Firewall.

I did both because I assume Microsoft has wired access for some of these services in such a way that the hosts file would be ignored, as well as Windows Firewall.

I have my firewall also set to request user action on EVERY outgoing connection (all incoming stealthed, so no open or closed response) and so far all I have allowed out in terms of Windows processes is Windows Update. I haven't even allowed the error reporting.

The OS is still ticking along just fine.

Honestly though this whole approach they ahve taken with Windows 10 has really turned me off. It reeks of anti-consumerism. I basically just use this Windows 10 machine as a gaming machine now, and all my personal and professional computing is done on a separate Debian machine.

Microsoft won't be getting another penny from me for anything ever again.

[delinka]

"Piggybacking"? Presumably, they're hitting a REST API served up on an HTTP server on port 80 or 443 (hopefully 443...)

And sure - stick it behind a NAT, learn the servers that the systems reports to, block those (or set up your own DNS); nothing that the average mainstream consumer is capable of doing.

[xgbi]

The IPs are hardcoded in windows ethernet driver, no shit.. So yeah, spoffing it through DNS won't work. You have to have a physicall firewall between your PC and the internet and target these specific IPs to block efficiently.

[gradschool]

The lazy way to firewall it without doing all that analysis would be to run it in Virtualbox with network access disabled. Do your networking on the host outside of the VM and exchange files between the host and the VM through a shared folder. If you need sharing between multiple windows machines, you can run Syncthing or similar on the hosts to synchronize the directories backing the shared folders across them. I run a setup like this at home for my other half, who needs to use windows for some things but balks at signing up for their cloud service.

[PhantomGremlin]

Do your networking on the host outside of the VM and exchange files between the host and the VM through a shared folder.

This is what I do when I run Windows XP under VMware Fusion. Works like a charm for the few apps I need. I don't care if my XP is unpatched, it can't get to the Internet.

But I thought that Windows XP SP 2 (what I use) was the final version of Windows that didn't need to check in with Microsoft periodically (every few weeks?) or it would stop working. At least that's what Microsoft's original plans were; perhaps they relaxed that requirement?

[cm2187]

I did notice that Windows 10 often messes with my firewall rules. I had a custom firewall rule to keep a port open. Windows deleted the rule when upgrading from Windows 7 to Windows 10, and deleted it again during a recent Windows update. So not sure your firewall rule would survive very long the "new Microsoft"...