Use Fiddler to determine which connections Windows 10 establishes automatically
A lot has been found out about the data collection that is going on in Microsoft's new operating system Windows 10.
We have covered these issues in our Windows 10 privacy guide, but it became clear quickly that Windows was still phoning home at times even when you disable or block all options provided under settings and elsewhere.
Most users are probably unaware of this since it all happens in the background. You can check out Ars Technica's findings on the matter which provide you with details about network activity after turning off or disabling phone-home features such as Cortana or Web Search.
But what if you want to find out about that on your own? The following guide provides you with information on how to set up your own network monitor to get a detailed account on what is happening in the background when you are using your computer and when your computer is idle.
It works well for all kind of tasks, not only to monitor the operating system level but also applications or apps.
Note: Fiddler may not catch all network traffic even if you configure it to capture http and https traffic. As Ars Technica notes, Windows appears to use a content deliver network that bypasses network monitors.
It is recommended to run the program in a virtual machine as it needs to install a root certificate on the system in order to capture https traffic. While you can install the certificate on the underlying system as well, it is not recommended. If you still want to go ahead, make sure you remove it once you are done.
You need to download Fiddler4 from the developer website and install it afterwards. Start the program, and select Tools > Fiddler Options.
Switch to HTTPS and check the "Decrypt HTTPS traffic" box. Make sure all processes are listed and click ok. Fiddler displays its root certificate warning prompt which you need to accept to continue.
A security warning is displayed afterwards which you need to accept as well. You need to accept the User Account Control prompt as well to complete the process, and then that you "really" want to add the certificate.
Once you are back in the main interface select Stream in the main toolbar so that it is highlighted with a rectangular box around it.
Make sure capturing is listed in the lower left corner.
That's all you need to do and network traffic should start to show up in the interface as soon as it occurs. A simple example of this is the ping to bing.com when you use the search, even if you have disabled web search previously.
As soon as you start typing the first character in the search form, a ping to bing.com is sent by the operating system.
Remove the root certificate
To remove the root certificate again, do the following:
- Tap on the Windows-key and type Certificate.
- Select "Manage user certificates" from the list of results.
- Open Trusted Root Certification Authorities > Certificates.
- Locate all (should be two) DO_NOT_TRUST_FiddlerRoot certificates.
- Select them and hit the delete key on the keyboard.
- Select yes when the prompt is displayed to remove it from the system.