ZDNet Writer Downplays Windows 10's Phoning-Home Habits

jones_supa writes: Gordon F. Kelly of Forbes whipped up a frenzy over Windows 10 when a Voat user found out in a little experiment that the operating system phones home thousands of times a day. ZDNet's Ed Bott has written a follow-up where he points out how the experiment should not be taken too dramatically. 602 connection attempts were to 192.168.1.255 using UDP port 137, which means local NetBIOS broadcasts. Another 630 were DNS requests. Next up was 1,619 dropped connection attempts to address 94.245.121.253, which is a Microsoft Teredo server. The list goes on with NTP, random HTTP requests, and various cloud hosts which probably are reached by UWP apps. He summarizes by saying that a lot of connections are not at all about telemetry. However, what kind of telemetry and data-mined information Windows specifically sends still remains largely a mystery; hopefully curious people will do analysis on the operating system and network traffic sent by it.

What about

[NotInHere]

Adding [forbes.com] to forbes links on the front page?

Re: What about

[jxander]

Have you been to that sure recently? Conveniently forgetting to link it is an act if kindness.

Re: What about

[jxander]

Site*

Hey new ownership ... How about a preview function for mobile.

Re:

[BitZtream]

Thats probably a violation of the slashdot contract with Forbes.

Also amusing is that this article doesn't show the link next to the headline ...

I'd blame the new owners, but this is another timothy story, so you just have to assume its because he's a fucking idiot.

Not only am I bothred by the phone-home,

[Anonymous Coward]

I am bothered by the explicit policy of tracking everything I do within my OS. That is the real issue. That is why I am leaving Windows forever.

Re:

[Anonymous Coward]

Bye.

Re:

[rtb61]

Yeah bye, snigger, snigger because an internet where you only communicate with yourself is not internet at all. So if you communicate with a windows 10 computer, well guess what both sides of the not so private chat are still up for grabs. All that data on your computer had to come from somewhere, so their idea, no matter what the fuck you do they are planning to track and record as much as they possibly can do why, because they are pervs http://www.urbandictionary.com... [urbandictionary.com] , that's why (plus of course insid

poison the data

[frovingslosh]

Some of use don't have the luxury of not using Windows, either because we need to run applications that are only on Windows or we work with or support others who cannot be forced off Windows. What we really need is a hardware firewall that blocks all access to Microsoft domain names and IP addresses. Or even better one that sends bad data to Microsoft. Maybe a nice little distributed computing project would be to know what data Microsoft is collecting and the write and distribute software that keeps feeding Microsoft bogus data to make their data collection less useful. If enough people ran such software, and I believe a lot of people would gladly do it no matter if the were Windows or Linux users, Microsoft might get the message and cut this out.

Re:poison the data

[jenningsthecat]

...What we really need is a hardware firewall that blocks all access to Microsoft domain names and IP addresses.

I recall reading within the past week, (probably in connection with Office 365), that some functionality was simply broken when telemetry was disabled beyond what the OS itself allows users to disable. Perhaps that breakage only applies to Microsoft applications; but if it doesn't already apply to third party programs, and indeed to the OS proper, I'm sure Microsoft will fix that 'oversight' sooner-rather-than-later in a mandatory update.

Or even better one that sends bad data to Microsoft. Maybe a nice little distributed computing project would be to know what data Microsoft is collecting and the write and distribute software that keeps feeding Microsoft bogus data to make their data collection less useful.

I think with Windows 10 we're seeing the advent of a brand of distributed computing in which 'error checking' takes place between MS servers and your computer. MS gets to define what an 'error' is; if the data your computer sends back to the mothership isn't what MS is expecting, they will simply discard it. And they may disable part or all of your OS functionality as well. Coming up with an algorithm which can successfully fool Redmond while sending false information might be quite a programming exercise.

...Microsoft might get the message and cut this out.

Not a chance. The only thing that will get Microsoft's attention is customers jumping ship in droves. And we all know that ain't gonna happen. Too many people don't understand where this is all going, and most of the rest simply don't care.

Re:

[JazzLad]

...What we really need is a hardware firewall that blocks all access to Microsoft domain names and IP addresses.

I recall reading within the past week, (probably in connection with Office 365), that some functionality was simply broken when telemetry was disabled beyond what the OS itself allows users to disable.

A hardware firewall would not be manipulated by the OS (or maybe I misunderstood your reply). I know I won't use 10 until I take the time to configure my router (something I am not looking forward to doing, but know I need to do eventually).

Re:

[DogDude]

What we really need is a hardware firewall that blocks all access to Microsoft domain names and IP addresses

Almost any router, personal or commercial, includes a firewall. You should look into using the one(s) you already own, if you're so afraid of Microsoft.

Re:

[ledow]

Just VM it and stop pissing about.

Then you can run your Windows-only app, have a built-in firewall in the hypervisor that can do whatever you need, you can use your original hardware, you can run other systems that are more privacy-respecting for your day-to-day activities, your licences almost certainly already cover such use, and everything from 8 Pro upwards allows you to use Hyper-V to do just this.

Re:poison the data

[jabberw0k]

we work with or support others who cannot be forced off Windows

If you help perpetuate such environments, you are being an Enabler in an abusive relationship. Stop doing that.

Re:

[Austerity Empowers]

Let's even assume these are benign and not conveying any big brother information at all (which I doubt). What are these things doing and why? Don't spin it, explain it.

DNS - Well understood network fundamental (for most of us, anyway)
NetBIOS - Well understood network fundamental (mostly)
NTP - Well understood, totally optional

Spurious HTTP accesses by "probably UWP apps"? That's probably not ok, more info required.
Attempts to access a Microsoft Teredo server (and sometimes failing)? That sounds broken, turn

Re:

[Lunix Nutcase]

Attempts to access a Microsoft Teredo server (and sometimes failing)? That sounds broken, turn it off.

They were failing because the person doing this test made it impossible for Windows 10 to reach it.

Re:Not only am I bothred by the phone-home,

[The-Ixian]

Yeah, and when I read about this test for the first time this was my criticism exactly.

If you have a machine that is phoning home, you are only going to generate more connections as the software re-queues and retries the failed connections.

If you want to do a real analysis, you would allow all the connections and count/trace those.

To block everything and then count/trace, you are being inaccurate at best and disingenuous at worst.

Re:

[nairnr]

No only that, some requests are "Am I connected to the Internet" types which are all about determining the status of your machine rather than calling big brother to report something.

The true measure would be to allow it and packet dump/trace it.

Re:

[Ol Olsoc]

The true measure would be to allow it and packet dump/trace it.

That might not give the results the ZDnet writer was told to get.

Re:

[Ol Olsoc]

So inaccurate alarmist hysteria is truthful reporting, but the healthily sceptical follow-up is part of a conspiracy to hide the truth?

Right.

So everyone is wrong but this guy?

In the end, I am comfortable to take Microsoft at their word regarding the telemetry. That is enough. In addition, Microsoft has already ignored my requests to delay updates, and reset my privacy settings in several updates, downloaded Windows 10 without permission on a imac I have control of that is running Windows 7, but won't even run the Bootcamp version needed for W10.

Yes, no FUD at all. Merely a users opinion that I believe them when they say they are watching th

Re:Not only am I bothred by the phone-home,

[F.Ultra]

True that Ubuntu did it by default before (they have since disabled it) but you could easily disable it via the GUI settings. I disabled it and unless I actively do something with the network like surf the web with Firefox or stream music then a "sudo tcpdump -nvpi eth0" on my Ubuntu shows absolutely no connection attemps from my machine what so ever, all that I see is some other machine on the network sending broadcast ARP requests for the MAC of the defautl gateway.

f.ultra@ubuntu:~$ sudo tcpdump -nvpi eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:49:51.946496 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:49:53.996275 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:49:56.054219 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:49:58.136104 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:00.221756 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:02.276667 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:04.353056 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:06.431986 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:08.520302 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:10.584220 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:12.625328 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:14.712258 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:16.782389 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46
19:50:18.856272 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell 192.168.0.249, length 46

And it goes on and on like that for hours, so no most Linux distros does not do some of this too.

Re:

[F.Ultra]

Of course you will have time syncs and os updates, but those things can hardly bee seen as unsolicited traffic like the telemetry that people are discussing. If the Windows 10 users are complaining about time syncs and os updates then they are completely crazy.

Re:

[thegarbz]

No what this specific user was complaining about was his own lack of knowledge. He dropped all requests to Microsoft IPs. ALL of them and logged them.

I'm pretty sure if I boot up a Windows XP machine and did the same thing I'd get the same log results he did. That's expected behaviour for a system which has an unknown fault to retry. I just booted up. Let me check if updates are available. Hmmm can't get to the server. But my eth0 link is up and I can see the internet. Retry server. Nope? Try next pool IP.

Re:

[Ol Olsoc]

Fair enough, but most Linux distros out of the box don't do much of anything (which is fine) and most aren't very user friendly either (relatively speaking). Linux is a fine OS for computer enthusiast that are willing to go through every configuration detail manually, but it's generally not well received by the typical user.

Christ AC, 1999 was over a long time ago. Especially for typical users it is install and go. Immensely easier than installing Windows, and the only tweaking is the same thing you have to do with any install.

Software repositories are in the web, you Choose what you want, and it asks you if you want to install the dependencies, you click yes, and it installs it. About as seamless as you can get.

Heck, even if you compile your programs yourself, it has come a long way from the cursesware Linux used to be.

Re:Not only am I bothred by the phone-home,

[BarbaraHudson]

And what business is of theirs what software I'm running and how often I'm using it? It's not their computer. Also, the article writer attempted to minimize the consequences by saying that you can greatly limit the amount of requests in Windows Enterprise. The majority of users are not using the Enterprise edition.

What an obvious apologist/shill.

Re:

[bfpierce]

It's their business for as long as you use the software I suppose. It's free so you're not out of any money by rolling it back.

Re:

[HideyoshiJP]

It's free*, not free. Every new Windows PC (with some exceptions) still pays for a license. On point, it's only their business if an end-user lets it be their business. Many will; I won't.

Re:Not only am I bothred by the phone-home,

[Ravaldy]

And what business is of theirs what software I'm running and how often I'm using it?

It is their business when their business depends on it. The common complaints users have with Windows have led them there. The large amount of hardware, software variations coupled with the different user types makes it difficult to have something universal that just works 100% of the time.

My only beef with them is that they won't tell us what they collect and what are the triggers. I'm all for letting them grab data on my usage and the condition of my system. After all, it's in my best interest to help them improve the OS.

MS in has recently shown interest in listening to the community and it's important we keep prying them for that information so that we can eventually feel at ease about what's happening.

Re:

[Raenex]

MS in has recently shown interest in listening to the community

They've been paying lip service to the community for years, have taken half-hearted steps to open source, etc, but at the end of the day they always act like corporate assholes.

it's important we keep prying them for that information so that we can eventually feel at ease about what's happening

Or you can just not run their shit since they are such aggressive assholes.

Re:Not only am I bothred by the phone-home,

[Ol Olsoc]

It is their business when their business depends on it. The common complaints users have with Windows have led them there.

Bullshit. Microsoft's wholesale spying, backdoors and keylogging sure as Jerry Sandusky boinks little boys is just wrong. It's no solution, as witnessed by the wonderful breakage that W10 has inflicted upon users. All the phoning home hasn't changed that a bit.

Since I have exactly one program that I need Windows for, I have a Windows 10 machine. The machine sits by itself, with only that program running, and nothing else. No email, no browser, only that program. It wouldn't even be connected to a network if it didn't have to use IP to a piece of hardware. So it can phone home that boring shit all it wants.

If the price of using Microsoft is them having every bit of data they want on all user's computers, screw 'em, along with the websites that insist I have to allow them to install maladware on my computer.

But tell me. Since I have isolated my W10 computer form the others, does Microsoft need to know what is on my other computers as well? Do I need to install a phonehome program for OSX and Linux to report to Redmond and anyone else they and you demand?

Re:

[Anon-Admin]

Ok, so Windows == Microsoft owns the OS and can collect anything they want about you and your computer.

Linux == Free and no one gives a shit what you run on it. It is your computer and your OS to do with as YOU see fit.

Got it!

Re:

[Calydor]

So if I buy a TV made by, say, Samsung or Philips, that gives them carte blanche to record and store everything I say or do in my living room?

Re:

[BarbaraHudson]

Microsoft Windows is not sold at a heavily subsidized price point. The cost of each additional copy after the first is almost nothing. They only had to resort to the free-to-tablets oem pricing for 10, and free-for-7-8.x to get it accepted because they know the lock-in will continue to generate revenue. Otherwise people would have just stuck it out with 7, same as many did with xp.

Re:

[Alumoi]

Gotcha!
The telemetry means only basic things like how many times you have started specific UWP apps, visited a specific site, emailed a specific person, listened to a specific melody, watched a specific movie and so on.
Hey, if you've got nothing to fear you've got nothing to hide, rigt?

Re:

[Alumoi]

You're just adding more FUD. There's no proof that Windows sends info about visiting websites, persons e-mailed, listened songs or watched movies.

Have you ever bother to read Microsoft privacy statement? Especially regarding Cortana or input personalization?
Let me give you some quotes:

"For example, to provide personalized speech recognition, we collect your voice input, as well your name and nickname, your recent calendar events and the names of the people in your appointments, and information about your contacts including names and nicknames. This additional data enables us to better recognize people and events when you dictate messages or documents

Re:

[Ol Olsoc]

You're just adding more FUD. There's no proof that Windows sends info about visiting websites, persons e-mailed, listened songs or watched movies.

Have you ever bother to read Microsoft privacy statement? Especially regarding Cortana or input personalization?

No they don't. They are living in a bubble, and cannot accept the truth.

A couple key points:

As you note, Microsoft upfront tells you that they are performing surveillance on you.

furthermore, does it make any sens at all to reject what Microsoft is telling you they do, or if accepting that they do, insisting its just unimportant stuff? They installed the surveillance to collect useless information?

I always wondered who does the "scrubbing" they do to the personally identifiable information your comp

Re:

[kuzb]

How exactly to you envision a personal digital assistant working without looking at the information you'd want it to act on? Are you really that stupid?

If you don't want to use Cortana, just turn it off. Problem solved.

Re:

[kuzb]

Last I checked, the burden of proof was on the accuser not the accusee. If you're going to run around making grand claims, you should be prepared to back it up with grand evidence.

Re:Not only am I bothred by the phone-home,

[WaffleMonster]

Eeh. Let's not overblow this once again. It does not track everything that you do. The telemetry means only basic things like how many times you have started specific UWP apps and so on.

The following statement cannot be overblown: None of Microsoft's business what I do with my computer. If they refuse to respect their customers it won't be long before they have none.

Why not capture with wireshark and analyze?

[ArmoredDragon]

Sure, traffic is probably encrypted, but since your system is encrypting it, surely there's a way to discover the keys and find out exactly what data is being sent.

I personally don't have either the time nor the kernel hacking skills to pull it off, but I'm sure somebody could.

Re:

[LichtSpektren]

Sure, traffic is probably encrypted, but since your system is encrypting it, surely there's a way to discover the keys and find out exactly what data is being sent.

I personally don't have either the time nor the kernel hacking skills to pull it off, but I'm sure somebody could.

Your system encrypts it with Microsoft's public key before it is send out. Microsoft accepts the information and decrypts it with their private key.

If you could know what the OS was doing with the info before it is encrypted, you could find out what's being sent out; but (to my knowledge) that's impossible to know.

Re:

[ArmoredDragon]

Some code needs to be patched to write the data to a file before the encryption happens. I doubt that is impossible.

Precisely. If you patched it, you'd break patches and other whatnots, but that doesn't matter because this doesn't have to be a production system. Or if there are so many checks that it would take forever and a day to patch them all, then perhaps run it in a VM and poke the kernel memory from behind the hypervisor until it cooperates.

For the latter approach, I'm not sure if any tools exist that could properly map the kernel memory in a VM due to address randomization, but that doesn't mean it can't be done.

Re:

[ArmoredDragon]

Well, son, there are three possible scenarios:

- They are using a symmetric key (doubtful)
- They are using assymmetric keys to negotiate a symmetric key on the fly
- They are using asymmetric keys for the whole transmission

The first two can be figured out with some kernel patching, or even just firing up a VM and watching for the symmetric key.

The third would involve patching the kernel to replace Microsoft's public key used for encryption with your own public key that you can then decrypt with a private key.

wtf is this article

[LichtSpektren]

Apparently it's some apologism for Windows 10, but an unbelievably poor one. "Oh no, no no! Please don't panic because Windows phones home to over 100 different servers even when you turn the telemetry off. It's probably, eh... nobody's quite sure, but I'm sure everything will be okay!"

Re:

[DogDude]

"Panic"? Really? Why would one "panic", even if it were somehow true that MS decided to collect all of the information about everybody on the planet? That doesn't seem like a response of a mentally stable person.

Re:

[LichtSpektren]

Well, if I were some corporation with extremely valuable trade secrets, or some government with information that would endanger lives if leaked, and I just deployed Windows 10 and found out that it's a gigantic spying beacon for Microsoft, I would indeed panic.

Remember, Microsoft and their shills have been crying that all of the telemetry can be turned off in Windows 10 Enterprise edition (the edition that said corporations & governments would be deploying), but that was proved completely false.

Re:

[Rob MacDonald]

I'm pretty sure if you recorded to connections from your MAC or Linux desktop, and didn't filter out normal expected traffic, you'd be APPALLED at the tracking taking place. connections do not equal tracking.

Re:

[LichtSpektren]

I'm pretty sure if you recorded to connections from your MAC or Linux desktop, and didn't filter out normal expected traffic, you'd be APPALLED at the tracking taking place. connections do not equal tracking.

Since my OS is open source, I can see exactly what information is being sent out. However, Microsoft does not disclose what information is being sent to 107 of the domains that Win10 contacts, [github.com] nor do they explain why all of those domains are contacted even when you manually configure Win10 not to.

Re:

[mattventura]

The difference is that that's all stuff that I implicitly or explictly told it to do. And if I want it to stop doing those things, I can easily make it do so. Compare that to Windows, where you have to put a lot of work into eliminating its tracking, only for all your hard work to be undone come the next set of updates.

Re:

[Ol Olsoc]

I'm pretty sure if you recorded to connections from your MAC or Linux desktop, and didn't filter out normal expected traffic, you'd be APPALLED at the tracking taking place. connections do not equal tracking.

Install Wireshark. and see. I have it on all my machines OSX, Linux and PC. There are connections you would expect, like update checks, connection requests, and of course data submitted that you want submitted, but no keylogging has been seen as of yet.

And do you deny what Microsoft says they do this? Why are they telling us they are collecting all the data that they say they are connecting, but really aren't collecting that data? Given what they have done with Skype, it is not unreasonable to assume that

Re:

[Ol Olsoc]

"Panic"? Really? Why would one "panic", even if it were somehow true that MS decided to collect all of the information about everybody on the planet? That doesn't seem like a response of a mentally stable person.

Never worked on COMSEC eh? If you knew windows 10 was doing this, and had your attitude, you'd probably end up working at the drivethru windows at Burger King.

Re:wtf is this article

[OzPeter]

Apparently it's some apologism for Windows 10, but an unbelievably poor one. "Oh no, no no! Please don't panic because Windows phones home to over 100 different servers even when you turn the telemetry off. It's probably, eh... nobody's quite sure, but I'm sure everything will be okay!"

Is this another one of those quizzes where the answer is "People who did't read TFA"?

Either you read the TFA and are totally mis-representing what was in it, or you didn't read TFA. Because in TFA it clearly identifies and describes the network traffic that was identified by the Voat user and points out 1) how innocuous it is, 2) how bad the methodology was, and 3) How Forbes sensationalized it.

If you have counter points then make them.

Re:

[Blue Stone]

Thank you. It's very tempting to circlejerk about this. People on Slashdot are supposed to have a few more critical thinking abilities. Doesn't always work out that way.

There are still questions about Windows 10 data transfers, but misinformation and sloppy research as found in the original Forbes article, does not help in any way.

Re:

[AmiMoJo]

I did this test properly last year. Didn't save results, so maybe I'll repeat it and post the results.

Long story short, if you properly disable all the live stuff after install (live tiles, Windows Store apps, search bar, nothing tricky or requiring registry edits) the only traffic is Windows Update. Telemetry on application crash, but in Enterprise you can disable it.

The crash telemetry is the only nasty bit, because of the potential for information leakage. I'll test Pro next time, see if it can be disabl

Re:wtf is this article

[Ogive17]

So disagreeing with a conclusion is being an apologist?

Does Win10 phone home? Yes.
Does Win10 phone home at the rate that was originally reported? No.

Is Win10's rate different from other OS rates?

Re:

[bluefoxlucid]

Debian phones home and tells them what software I have installed.

Re: wtf is this article

[Anonymous Coward]

Only if you opt in during the installation

Re:

[Sax Russell 5449D29A]

That feature [debian.org] is not enabled by default. When you install Debian, you have to specifically select that you *want* to enable that particular functionality.

Re:

[bluefoxlucid]

That feature is called apt-get upgrade.

Re:

[thegarbz]

Is Win10's rate different from other OS rates?

Who knows. Their flawed methodology dropped packets to Microsoft IPs forcing endless attempts to reconnect to a server which should be live since Windows can see an active working network connection.

Re:

[icebike]

Apparently it's some apologism for Windows 10, but an unbelievably poor one.

Look, anything from Ed Bott will always be along those lines. Ed Bott doesn't actually exist. His computer is has a direct link from Microsoft's PR department which submits all his stories. Oh, sure there is this guy who shows up at the office once in a while. But his salary is mysteriously paid via an obscure credit to ZDNet bank account, he's long ago forgotten his real name, he plays Microsoft Solitaire all day, then drives home to an empty house, watches MSNBC all evening and gets up and does it all

This is exactly what's wrong with Slashdot

[Anonymous Coward]

The article claiming Windows 10 telemetry phoned home a ridiculous amount of times even when disabled was false. The user who conducted the experiment set telemetry to basic rather than turning it off. Furthermore, some of the apps that might make connections, what's known as the Windows out of the box experience, were not disabled. Furthermore, the router was configured to drop all outbound connections. As a result, the failed attempts to connect resulted in retrying or connecting to different mirrors over and over again. For some services like Windows Update this is completely reasonable behavior, otherwise they'd be vulnerable to a denial of service attack against the update server. The methodology exaggerated the amount of connections made by Windows while not even properly disabling telemetry. These are the facts. One reputable Slashdot user noted that when telemetry was disabled fully in the Enterprise version of Windows and all of the other apps were disabled, the only outbound connections were, in fact, Windows Update.

Despite the facts, Slashdot users complain about any story that suggests that Windows 10 telemetry isn't as severe as it's made out to be and accuse the authors of being Microsoft shills. Furthermore, these Slashdot users get modded up, and the parent is at +4 insightful. It seems that facts are optional in these discussions, and that's a shame. Those who make such false claims about Linux distros such as Ubuntu are rightly accused of being trolls and modded accordingly. But doing that to Microsoft is insightful.

Those of you who post such things and mod up such posts should be ashamed of yourselves. If privacy advocates want to be taken seriously, the discussions need to be based on facts instead of FUD. There are real issues with Windows telemetry namely that users are automatically opted in without being prompted, that Microsoft hasn't disclosed what data are sent to them, and that only the Enterprise versions of Windows 10 can fully disable the telemetry. These are real issues. But when there's so much FUD and misinformation, it damages the credibility of those who raise very legitimate objections. You should be ashamed of yourself for posting false information because it does a disservice to those with very real concerns about privacy.

Re:

[LichtSpektren]

I'm not quite sure why you broke out into an inane babbling rant, but the rebuttal article on ZDNet is failed apologism because even the author admits he has no idea what information Microsoft is collecting. He's assuming (because he trusts MS, you see) that the data is anonymized and only used for this or that, but notice how many times he says "possibly", "could", etc.? It's all speculation.

Re:

[DRJlaw]

I'm not quite sure why you broke out into an inane babbling rant, but the rebuttal article on ZDNet is failed apologism because even the author admits he has no idea what information Microsoft is collecting. He's assuming (because he trusts MS, you see) that the data is anonymized and only used for this or that, but notice how many times he says "possibly", "could", etc.? It's all speculation.

No, it is not. It is a successful critique of the claim that there were "thousands" of attempts to contact Microsof

Re:

[BigBuckHunter]

but notice how many times he says "possibly", "could", etc.? It's all speculation.

Indeed! I read both of TFA's, and both were poorly researched sensationalist fluff pieces written by paid shills with agendas. We need to wait for CNET, CNN, and Fox News to chime in to see which side is going to pay the media more to represent them in a positive light.

Re:

[canajin56]

Not only that, but asshatA called 192.168.1.1 a non-private internet address.

Re:

[WaffleMonster]

Except that a massive amount of these "connections" were fucking NTP and DNS. Alarmist at best.

I have got to try this the next time I get pulled over for speeding. Hey officer most of the time I wasn't speeding... Your ticket is Alarmist at best.

You have full and total control over what goes out over your network, if you fail to pay attention, it's your fault.

I love these arguments requiring everyone to have expert domain knowledge in order to keep from being fucked over. I wonder how the purveyors of this concept feel about it being applied to all professions on which they rely and for which they are not domain experts? Hey you have total control over every cheerio you shove into your mouth even the deformed

Relax folks, not every Win10 packet is spying data

[JoeyRox]

This is supposed to be comforting?

Re:

[Overzeetop]

Well, since the article is a reaction to "Windows is sending your more personal information back to MS *thousands* of times per day," I'd say yes. It's not so much about comfort as a realistic approach to evaluating what is sent.

My computer phones home to Google thousands of times a day, too. Of course, it's getting my mail, my calendar, and other data, along with the telemetry it's collecting. But, you know, I should be absolutely petrified that Google is spying on me with all that data going back and fort

Re:

[thegarbz]

My computer phones home to Google thousands of times a day, too.

Funny thing is if you take an Android phone to China it'll self drain it's battery in attempts to phone home to Google. That's kind of the default action when you can see a network but didn't manage to get through to a server. Retry.

Thousands of connection attempts may drop down to a handful if the connections actually went through.
But then there's another question of does windows bulk store telemetry information, does it attempt to send it out blind, or did the user by dropping connections to Microsoft IPs

What kind of telemetry

[Dunbal]

They gave away at least a few billion dollars' worth of revenue when they gave away Windows 10 for free. So the kind of telemetry they are collecting is at least worth a few billion dollars. Anyone who says different is lying. There is no free lunch.

Re:What kind of telemetry

[LichtSpektren]

They gave away at least a few billion dollars' worth of revenue when they gave away Windows 10 for free. So the kind of telemetry they are collecting is at least worth a few billion dollars. Anyone who says different is lying. There is no free lunch.

I would like to augment your point by commenting that Microsoft isn't just *giving* Win10 away, they're *foisting* it as hard as it can, likely breaking quite a few laws in the process.

So that means the profit they're expected to make off of people running Win10 must vastly exceed the cost of making Win10, AND the cost of fighting off all the lawsuits in the process of ramming Win10 onto peoples' computers. One could argue that perhaps they're expecting all that profit to come from people being exposed to the built-in advertisements and the Windows Store, or people so pleased with the OS that they run out and buy a Surface/Xbox/WinPhone, but does anybody really believe that?

Re:

[Megol]

They gave away at least a few billion dollars' worth of revenue when they gave away Windows 10 for free. So the kind of telemetry they are collecting is at least worth a few billion dollars. Anyone who says different is lying. There is no free lunch.

I would like to augment your point by commenting that Microsoft isn't just *giving* Win10 away, they're *foisting* it as hard as it can, likely breaking quite a few laws in the process.

In your dreams...

So that means the profit they're expected to make off of people running Win10 must vastly exceed the cost of making Win10, AND the cost of fighting off all the lawsuits in the process of ramming Win10 onto peoples' computers. One could argue that perhaps they're expecting all that profit to come from people being exposed to the built-in advertisements and the Windows Store, or people so pleased with the OS that they run out and buy a Surface/Xbox/WinPhone, but does anybody really believe that?

So you can't see any other advantage for Microsoft? By reducing their systems to one they cut down on overheads in development, bugfixing and support. It also improves the public image which took a beating when Windows 8 was released. And that is an important part of their whole business: if consumers begin to consider alternatives, not demanding Windows when they buy a new computer then MS would lose a lot of cash! The alternative for MS would probably be another free 8.x upgrade that took

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[bluefoxlucid]

It'd be nice to cut off support for Windows 7, 8, and 8.1 just like XP.

Your computer is broken? Uh. You're using Windows 8.1. Get Windows 10 bye.

There will be no more updates to Windows 8.1. Go away. Get Windows 10. We're only writing these patches once.

Re:

[Anonymous Coward]

Windows isn't the Microsoft cash cow. It's the framework that Microsoft needs to keep popular to let their cash cow graze. The competition to Windows come in three different pricing options: free (Linux and others), hidden initial cost and $30 each upgrade (OSX), or roughly five billion dollars (Oracle, Sun, whoever). Since none of them are fully compliant with Microsoft's actual money making process, Microsoft needs Windows to be common. This pushes the price they can demand for Windows toward $0.

Other

Re:

[bfpierce]

Usage statistics for windows users is easily worth that much to the UI/UX and Application development people at Microsoft on it's own.

Then you can add in all that information being rolled into Bing and the targeted advertising they can potentially do.

Re:

[The-Ixian]

You are making an assumption that this is a tit-for-tat arrangement.

Smart business moves are rarely this.

To say that if they give up money here, they HAVE to make it up there is not necessarily true.

We don't know exactly what MS's end game is, but this could just be a strategic move in a much larger game.

The fact is, MS's major money makers right now are Azure (which is giving AWS a huge run for its money) and Office 365. They may be willing to take a loss in what was once a major money maker so that they c

Re:

[AmiMoJo]

They are hoping to get income from the Windows Store, like every other modern OS. The income Google and Apple get from their stores is billions a year and growing.

TLDR

[Nidi62]

"These aren't the droids you're looking for"

Yes, they probably are

Acceptable Phone Home

[Alain Williams]

Once every day or so: "here are the Microsoft packages installed, are there any updates ?" That does not include: non Microsoft packages, hardware info (other than needed to choose packages), disk/net/cpu/... usage, local account/user info, package usage/popularity, lists of: file names, web sites visited, ...

Re:

[Stan92057]

I agree but the people who downloaded and installed windows 10 agreed to something very different. Linux Free and Microsoft Free are 2 very different things. Personally i don't feel bad for any person who choose to install win 10 they can/could have always uninstall it. IMO the only people who have a complaint are the business/persons who bought licances/ deals they paid for win 10. They should have the say on everything the OS collects and data mines. BTW do you know what Linux any distro collects?

Well, it's ZDNet

[Khyber]

They're one of the harder corporate shills. Microsoft or Apple, they know no bounds in selling out.

The Reality of the Situation

[Sir_Eptishous]

Where I work, and at most of the companies I have worked for, the vast majority of the software used, ran on Windows.

Whether it was servers or workstations, Windows was the choice. This was because the software used could only be ran on Windows. I suspect there are many companies/government agencies/schools, etc that are in that same situation. Sure, there may be a *nix server here, an Apple product there, etc, but Microsoft definitely has the stranglehold.

Since Microsoft is in this position, and t

Re:

[The-Ixian]

FYI, in a corporate environment, if you are running Windows 10 Enterprise, you have more control (via GP) to disable telemetry.

In anything other than Enterprise, setting the telemetry to "0 - don't send telemetry" is equivalent to setting it to "1 - Send limited telemetry".

But even still, in a corporate environment, there are other ways to block this kind of thing. I am thinking ACL's on the firewall or layer 7 (application) rules in the firewall. But you could also maintain internal DNS that loops back cer

What the actual fuck

[kuzb]

Even after the moronic voat user was shown to have completely screwed up the entire test slashdot is here referencing it yet again as fact? The new editors - just as shitty as the old ones.

Re:What the actual fuck

[thegarbz]

Even after the moronic voat user was shown to have completely screwed up the entire test slashdot is here referencing it yet again as fact? The new editors - just as shitty as the old ones.

a) timothy is not a new editor.
b) this article is talking about how garbage the results are.
c) old users still the same bitchy unappeasable old users.

DNS queries aren't "spying."?

[vvaduva]

DNS queries aren't "spying."

Yes, actually they can be. I don't want Microsoft to know that I read deepdotweb anymore than I want the government to know that. Why is microsoft resolving names for Windows 10 users? And who are they sharing the logs with?

This Windows 10 apologist has nothing to offer as an acceptable excuse for this behavior.

Re:

[Penguinisto]

You can't even listen to music on OS X or iPhone without the software contacting Apple.

Actually, yes I can. [videolan.org]

Re:

[ilsaloving]

With the exception that if you disable it, it actually IS disabled. If you don't use features that specifically require online contact (eg: Siri, Genius, Apple Music, etc) then it doesn't. (AFAIK)

Re:No worse than iPhone

[LichtSpektren]

You can't even listen to music on OS X or iPhone without the software contacting Apple.

I'm quite tired of this nonsense rebuttal. When you use an Apple application, it contacts Apple's servers to see if there are updates available--you can turn that off as well. In contrast, when do you even the most mundane things in Win10 (with the telemetry turned off, mind you), the OS contacts over 100 different domains: https://github.com/WindowsLies... [github.com]

Why the fuck does Win10 contact telemetry.appex.bing.net, ad.doubleclick.net, and watson.live.com whenever you open the fucking Notepad?

Re:

[Alumoi]

Why the fuck does Win10 contact telemetry.appex.bing.net, ad.doubleclick.net, and watson.live.com whenever you open the fucking Notepad?

Because Cortana?
Cortana: It looks like you are trying to type some letters. Would you like help?

Re:

[Anonymous Coward]

It looks more like thousands of examples of DNS, NTP, NetBIOS and other perfectly normal and required traffic for any system that is connected to a network or the internet. I mean nearly all of these examples are basic network functionality. Most of the rest are things like OS updates, application updates, applications downloading scheduled data (weather, news, etc.). I know this is /. and we are all supposed to hate MS and Winblow$ like it's still 1999, but can we at least TRY to apply some logic and re

Re:

[F.Ultra]

Why are a Windows 10 box in 2016 actually sending out freaking NetBIOS broadcasts for? That shit should be dead and buried decades ago.

Re:"No big deal"

[bruce_the_loon]

NetBIOS over TCP is still a core part of Microsoft networking and the broadcasts allow the various machines running Windows or SAMBA to discover each other without needing a central directory server. It is still implemented because it is a useful API with decent backward compatibility with everything back to 95/98.

This isn't the old NetBIOS Frames line protocol from the extremely old days, rather the service layer protocol that handles the discovery, negotiation and authentication parts of peer-to-peer file and printer sharing in Windows.

Re:

[Megol]

Just the fact that it it phoning home is enough to reveal some information, such as that the device on the other end is running Windows 10. Looks like it's also trying to discover any other machines on the local network.

Oh, the humanity!

If it's suspicious activity that wasn't disclosed ahead of time, it should be considered nefarious until proven otherwise. Your machine is not under your control ... that's a serious problem.

I'll assume you never use a smartphone, a user friendly Linux distribution (or *BSD ditto) etc.? Even browsing the web would make the machine "not under your control" so I guess you use telnet to communicate with /. servers.

Either that or your post is essentially useless.

Re:

[BarbaraHudson]

I'm free to run a *nix box without ever connecting it to the internet. How long before Windows 10 times out and refuses to work unless it's re-validated (may be in a future update, may already exist ... but we know it's coming).

Re:

[ledow]

But his point about "if the guy had let the connections go out - especially HTTP which you can just sniff - we might know for certain what it was actually trying to send out" is more than spot-on enough to compensate.

And if you're worried, block port 80 to those ranges of IPs.

Re:

[Killall -9 Bash]

See? ZDnet knows that only HTTP uses port 80, and HTTP traffic only flows one way.

Re:

[Holi]

I have DNS servers already, how is sending dns queries to microsoft not spying?

Re:

[KGIII]

I don't use Windows on my computers (I do have a Windows phone) so I don't have a dog in this fight but... Err... You know what telemetry is, right? I mean, you can (and should) be able to turn it off if you want and off should mean off - no questions asked. But, umm... If they don't know how you use the OS then they won't be *likely* to consider your use-case when they make changes. They won't know that you're one of the people with that video card and having that problem so they won't fix it if you don't