Windows 10 PC's phone home even after privacy hardening
When you install Windows 10 on a new PC or upgrade an existing version of Windows to the new operating system, you get the option to customize select preferences or use the defaults instead.
If you select to customize, you get the option to disable three pages full of features related to privacy.
While that is a good start at limiting Windows 10's hunger for data, it is nowhere near sufficient to keep the operating system from talking with Microsoft servers regularly.
A user on Voat analyzed the network traffic of Microsoft's Windows 10 operating system using a DD-WRT router and a Linux Mint laptop with remote logging and Windows 10 Enterprise installed on Virtualbox recently.
He turned off all privacy-related features during custom installation, and let the computer sit idle for eight hours straight afterwards logging network traffic.
In the eight hours Windows 10 made 5508 connection attempts.
Here is the roughly 8-hour network traffic analysis of 5508 connection attempts of an unused, base install of Windows 10 Enterprise
The top 10 sites the operating system tried to establish connections to are:
He analyzed the network traffic again after 30 hours, and posted his finding on Pastebin as a dump this time. We have uploaded the full dump to our own server, you may download it with a click on the following link: windows10-connections.txt
After 30 hours of use, Windows 10 attempted to connect to 113 non-private IP addresses.
He then decided to run a privacy tool for Windows 10, DisableWinTracking, and monitor network traffic again for a period of time to see how it affects the connections made during that time.
DisableWinTracking is not the most complete privacy tool for Windows 10, but it enables you to make several changes related to privacy to the system including disabling telemetry, services, blocking domains and IP addresses, and uninstalling applications.
After running the tool, he monitored the network traffic for another 30-hour period and noticed a drop in connection attempts (from 5508 to 2758) and a drop in unique IP addresses the operating system tried to connect to (from 95 to 30).
It is likely that tools that programs that offer more options than DisableWinTracking reduce the numbers further.
The takeaway from the test -- which requires verification -- is that Windows 10 will connect to remote sites regularly even if the operating system has been configured for privacy and the computer is idle.
It is unclear why Windows 10 makes that many connections even when idle.
Windows 10 users who don't want any of those connections to be made can use the researcher's recommended list of IP ranges to block in a firewall / router. Please note that doing so may impact functionality such as update checking and downloading as well.Advertisement