Jump to content

[Guide] Disable Data Collection in Windows 10


ptd163

Recommended Posts

Tomasz86,

SearchUI can be blocked with SIB++ but it may be running again if W10 has some new updates. Applying the option to block it again will work but only after a restart, which I don't really like. 

I'll leave it alone. Don't want to do anything risky that can lead into a failure to boot Windows! Thanks so much for your explanation, but doubt that I can understand it thoroughly!

Link to comment
Share on other sites


I continued to see a VERY low rate small packet UDP traffic flow to / from 157.56.106.184 by iphlpsvc as I mentioned up above.  I/O rate is literally about 1 or 2 bytes per second overall, according to Resource Monitor.  Almost off the radar.

 

When I blocked it with the Windows firewall, it began communicating instead with 94.245.121.253.  Once I blocked that I didn't see it go further, but it did continue to try multiple times to re-establish communications with 94.245.121.253.

 

Interestingly, 157.56.106.184 is Microsoft Corp. in Redmond while 94.245.121.253 is Microsoft Limited in London.

 

Edit:  After a long while it switched to using 94.245.121.251.  I'll keep blocking and listing addresses here to see how far this goes.

 

The iphlpsvc list so far:

 

157.56.106.184

94.245.121.253

94.245.121.251

 

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

Some useful links:

 

http://www.ghacks.net/2015/08/14/comparison-of-windows-10-privacy-tools/

http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/

http://forums.mydigitallife.info/threads/63874-REPO-Windows-10-TELEMETRY-REPOSITORY

http://www.dasm.cz/clanek/jak-z-windows-10-udelat-desktopovy-system (in Czech but the commands are in English)

 

Instead of wasting time on looking for all those specific MS addresses it may be better / easier to just use firewall to block everything except for Windows Update, and then unblock specific things if necessary.

Link to comment
Share on other sites

I think both will be needed, based on my experience (allowing exceptions and blocking rules).

 

There are some components - like System and a number of svchost-based services - that need general access to the network for the system to function properly.  It's necessary to block individual addresses so that those components can still generally function while keeping the system as private as possible.

 

Finding just the right balance / combo is the key.  I'm not there yet.

 

-Noel

Link to comment
Share on other sites

Some useful links:

 

http://www.ghacks.net/2015/08/14/comparison-of-windows-10-privacy-tools/

http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/

http://forums.mydigitallife.info/threads/63874-REPO-Windows-10-TELEMETRY-REPOSITORY

http://www.dasm.cz/clanek/jak-z-windows-10-udelat-desktopovy-system (in Czech but the commands are in English)

 

Instead of wasting time on looking for all those specific MS addresses it may be better / easier to just use firewall to block everything except for Windows Update, and then unblock specific things if necessary.

 

Thanks for the links.

 

For the MDL one, though, you'll have to register to see the information in the original post:

 

Link to comment
Share on other sites

I'm becoming a bit more knowledgeable on this subject by trying to develop a firewall strategy for allowing Windows Update while blocking everything by default, and observing how the system reacts.

 

1.  There are a LOT of addresses the system needs to access to successfully complete a Windows Update (and I'm sure I haven't seen nearly all of the potential ones used).

 

2.  It's not hard to imagine that Microsoft would have coded the data gathering logic to piggy back on one of the processes / services that already access the network and are needed for Windows Update, making it particularly difficult to filter out spying activity while allowing Windows Update.

 

3.  Based on firewall logs, communications with servers that appear in a hosts file entry (e.g., a-0001.a-msedge.net) still get attempted, implying the addresses are coded into the software or that they're using a means to resolve names that doesn't involve hosts.  The firewall IS blocking stuff still with all the hosts entries in place.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

that they're using a means to resolve names that doesn't involve hosts.

If this is the case, then I would expect it to be the same as how Edge browser works, as it doesn't use Hosts. I suspect it goes directly to DNS, which gives a different type of opportunity when it comes to blocking those connections.

Link to comment
Share on other sites

 

We at O&O are proud of our German heritage, and proud to represent the quality, security and satisfaction long associated with products “Made in Germany”.

 

;)

 

 

Winky smiley is right - there are plenty o' typos in their screen grabs.  The product might be a wee bit rushed.

 

Still, it looks as though it's a central place from which one can access many/most/all of the privacy settings.  Nice idea.

 

-Noel

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...