Classic leaks to Windows servers or ISP providers : 2015-08-18 05:47:54 DROP TCP 192.168.1.14 23.3.216.165 4009 80 0 - 0 0 0 - - - SEND 2015-08-18 05:47:54 DROP TCP 192.168.1.14 81.52.140.16 4010 80 0 - 0 0 0 - - - SEND You can block this leaks with Windows firewall : explorer.exe TCP Tout Oui Bloquer Non %SystemRoot%\explorer.exe Tout Internet TCP Tout 80, 81, 82, 83, 8000, 8080, 8888 Tout Tout Tout Tout explorer.exe UDP Tout Oui Bloquer Non %SystemRoot%\explorer.exe Tout Internet UDP Tout Tout Tout Tout Tout Tout
From 7 onwards it is explicitly present. Services.msc "Diagnostics Tracking Service" That service is not available in XP also modified POS Ready2009.
But XP also has a backdoor. See the first link I posted "Over the last few weeks, without user approval, Windows Update has updated nine small executable files in both Windows XP and Windows Vista."
Does any one have a complete host blocking list for Win 10? If I'm forced to upgrade to Win10 for work I'd like a complete solution to blocking crap.
Turn the following into a batch file and run the following as admin. Make a copy of the original first. This is my complete list so far for windows 10 host file privacy blocking. Code: echo. echo Editing Hosts File SET NEWLINE=^& echo. FIND /C /I "telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "vortex.data.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 vortex.data.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "vortex-win.data.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 vortex-win.data.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "telecommand.telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 telecommand.telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "telecommand.telemetry.microsoft.com.nsatc.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "oca.telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 oca.telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "oca.telemetry.microsoft.com.nsatc.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 oca.telemetry.microsoft.com.nsatc.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "sqm.telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 sqm.telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "sqm.telemetry.microsoft.com.nsatc.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "watson.telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 watson.telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "watson.telemetry.microsoft.com.nsatc.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 watson.telemetry.microsoft.com.nsatc.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "redir.metaservices.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 redir.metaservices.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "choice.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 choice.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "choice.microsoft.com.nsatc.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 choice.microsoft.com.nsatc.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "df.telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 df.telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "wes.df.telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 wes.df.telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "reports.wes.df.telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 reports.wes.df.telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "services.wes.df.telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 services.wes.df.telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "sqm.df.telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 sqm.df.telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "watson.ppe.telemetry.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 watson.ppe.telemetry.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "telemetry.appex.bing.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 telemetry.appex.bing.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "telemetry.urs.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 telemetry.urs.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "telemetry.appex.bing.net:443" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 telemetry.appex.bing.net:443>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "settings-sandbox.data.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 settings-sandbox.data.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "vortex-sandbox.data.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 vortex-sandbox.data.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "watson.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 watson.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "survey.watson.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 survey.watson.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "watson.live.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 watson.live.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "statsfe2.ws.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 statsfe2.ws.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "corpext.msitadfs.glbdns2.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "compatexchange.cloudapp.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 compatexchange.cloudapp.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "cs1.wpc.v0cdn.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 cs1.wpc.v0cdn.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "a-0001.a-msedge.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 a-0001.a-msedge.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "fe2.update.microsoft.com.akadns.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 fe2.update.microsoft.com.akadns.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "statsfe2.update.microsoft.com.akadns.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 statsfe2.update.microsoft.com.akadns.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "sls.update.microsoft.com.akadns.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 sls.update.microsoft.com.akadns.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "diagnostics.support.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 diagnostics.support.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "corp.sts.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 corp.sts.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "statsfe1.ws.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 statsfe1.ws.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "pre.footprintpredict.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 pre.footprintpredict.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "i1.services.social.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 i1.services.social.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "i1.services.social.microsoft.com.nsatc.net" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 i1.services.social.microsoft.com.nsatc.net>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "feedback.windows.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 feedback.windows.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "feedback.microsoft-hohm.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 feedback.microsoft-hohm.com>>%WINDIR%\System32\drivers\etc\hosts FIND /C /I "feedback.search.microsoft.com" %WINDIR%\system32\drivers\etc\hosts > NUL 2>&1 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^0.0.0.0 feedback.search.microsoft.com>>%WINDIR%\System32\drivers\etc\hosts echo. echo. pause pause
After seeing that batch file above I am glad I removed Windows 10, it took about 2 hours to go through it and realize it was a privacy NIGHTMARE. Ironically on many systems the HID driver is removed when you rollback so you end up doing a fresh rebuild. Backup your data before going to or from Windows 10. Check out Steve Gibson's podcast on this on Security Now! https://www.grc.com/securitynow.htm I realize it's to enhance our "Advertising experience" as I heard it put but this is sickening, absolutely sickening. I am absolutely considering moving to Ubuntu or a MAC down the road when Windows 7 is no longer supported.
IMO Windows 10 can be tamed against privacy leaks to a high percentage. I these forums there are multiple threads regarding Windows 10 and how privacy leaks can be mitigated. Albeit only to the extent that we know and can control. I have tweaked the hell out of my OS setup for a couple of reasons, a) my own curiosity b) like you, privacy is a concern of mine. I have run Fiddler for many hours looking for any logged entries. Fiddler can decrypting transmitted data, HTTPS traffic logs etc. After opening and using/exploring every aspect of the OS. Nothing was leaked/transmitted that is unusual. Of course this does not make it okay. I completely understand your perspective. MS should not misuse our trust and collect data of our usage masked under "for your own benefit and convenience". However given the time and a little bit of work im confident with a clause that this privacy issue can be mitigated. Comb through these forums, lots of us posted batch files or scripts that make this possible. There a batch files or scripts or even Powershell/cmd commands even 3rd party software that can Disable Telemetry or data mining, Configure hosts file Disable unneeded start-up entries Disable unneeded scheduled tasks Remove W10 native apps Remove one drive Disable Windows defender Delay automatic windows updates ..... etc Take the time, W10 IMO is actually a good OS, and quiet privacy wise once configured accordingly. regards.
Thanks for the perspective, and I've been wanting to ask the obvious question for a while: Presuming it's possible to tame the W10 privacy beast, and hope it stays tamed, and for a person who wants a desktop OS, not a cloud/social one - is there any compelling reason to change from W7? And has the gagging procedure stymied whatever benefit it would have done as far as social/connectivity is concerned.? Would there be a case for running your "public"/social persona on a separate W10 tablet or something, and keep your desktop inviolate as a real desktop without all these issues? PS - I'm not clear that Fiddler is going to capture all the traffic that the OS might transmit.
IMO there is no compelling reason to upgrade from W7 regardless of the cloud/social implementations of W10. In terms of cloud connectivity nothing is new in windows 10 that cant already be achieved in windows 7. You can link to a network storage like Onedrive, Link to your MS Storage account through MS office as well if you like. All the so called social advantages of windows 10 can all be done via a browser of your choosing (facebook), however MS has just integrated it into the OS (facebook W10 app). I guess this is where the privacy concerns come into play the most. So to strictly answer your first question, IMO there is no point upgrading from W7 to W10. It offers nothing new for people who do things either in the browser or locally that cannot already be done in W7. As to your second question, that is generally a good idea IMO. Run your social persona on a different account to your desktop, and keep your desktop account local (ie, no MS connectivity). That said, as soon as you do these "social things" you immediately give away some privacy. Privacy is such a complex thing, it wouldnt be too hard to put two and two together and state that the desktop PC originates from this MAC and IP address, the same as the tablet, so you are not much better off. Whether its Android, IOS OSX or MS, if someone actually wants too look deaper, given the right tools and knowledge they can. So to answer your second question, it helps but it solely cannot mitigate privacy. If you separate into different accounts and strictly assign what you do on certain accounts it may help. Social or nothing social. Cloud connected or local. But at least it does give you a bit more control if you do so. To be honest im no expert in Fiddler, but have used it in many years, there is a couple of things that first need to be done in order for it to log most/all events. Enable decryption of HTTPS traffic and secondly, natively windows blocks immersive apps from sending network traffic to the local computer. Fidder can remove these restrictions so that traffic may be intercepted and decoded. So this must be set in Fiddler. These immersive apps are the ones that come default with W10, such as mail, weather, contact support and feedback etc. These are the apps that are constantly connected to MS and are responsible for the most data leaks are these are the apps that notify MS of our so called "experience and advertising ID ". So removing these apps and disabling telemetry via group policy and regedit, disabled all outbound data in my case. But you are correct, im not sure if Fiddler is capable of detecting OS/kernel level traffic if there is such a thing. I just dont know enough about it. Lastly IMO if this is where MS plans to head in the future then the way I see it is either; -Give up on MS right now and forget its existence and move to Linux etc, -Stick with W7 or XP for ever -Or try to understand these privacy implications so that we are better educated to make such a decision when the time comes. If it gets worse, then its a much easier choice. But at least you are much better educated to practice at least basic privacy techniques. regards.
@TS4H - thanks very much for the reply and your thoughts, useful. Personally, I do not let browsers or cloud-connected OSs anywhere near my real host or data - they all run in VMs. It's also possible to ensure they connect to the internet via a different path, so it's harder to correlate the two (and the normal precautions obviously need to apply regarding IP and MAC address stuff as you say). I'm not sure about sticking with W7 "forever", that's such a long time.... I'm inclining towards Qubes when I next have to rebuild.
