Windows Spy Blocker review
Windows Spy Blocker is a regularly updated collection of firewall, hosts file and Proxifier rules that block Windows 10 phone home functionality.
While Microsoft collected telemetry data in previous versions of the Windows operating system as well, data collection was intensified with the release of Windows 10.
The default installation has most telemetry data settings set to enabled and while options are provided to turn off some settings, some cannot even be turned off in the operating system's settings.
According to Microsoft, the data collecting is all for the greater good as it helps Microsoft make the product better for the user.
While there is certainly some truth to that, it is not the whole story and since no one knows what Windows 10 PCs are submitting to Microsoft in regular intervals, some prefer to block connections to Microsoft servers altogether.
Lots of tools have been created in the past year that aim to help users improve privacy when using Windows 10 machines. You can check out our comparison of privacy programs for Windows 10 for that as a starting point.
Windows Spy Blocker
Windows Spy Blocker is a collection of rules that its author has discovered while running Wireshark on a Windows 10 Professional system.
The provided download includes a batch file that updates rules files, and files with the latest set of rules as well.
Hosts file
The hosts directory lists three files that block Windows Telemetry, Windows Update, and third party applications (using servers operated by Microsoft).
You can copy and paste the information into the Windows hosts file directly, which you find under C:\Windows\System32\drivers\etc, or by using hosts managers which may be easier to use and support extra features such as backing up the hosts file or resting a previously backed up copy.
Firewall
The firewall directroy includes the batch file. You get a number of options when you run it, including one to download and add rules from the GitHub repository, or to add or remove rules so that Windows Firewall uses them on the computer.
Proxifier
Some hosts are not blocked even when they are added to the hosts file. The author of Windows Spy Blocker suggests to use a top level application such as Proxifier for these instead, and that's what this set of rules are designed for.
You can use other means, like blocking hosts on the router level or hardware firewall if one sits between the device and the network/Internet.
Closing Words
Windows Spy Blocker offers a handy set of rules to block Windows 10 devices from phoning home. While you may be tempted to use them all without verification, it is highly suggested to make sure you are not blocking services or features that you require or use.
This includes Windows Update, and especially so if you are not using other means to retrieve updates for the operating system running on the device.
If ‘Windows Spy Blocker’ is intended first for Windows 10 users I’ve read nowhere on the developer’s page that it concerned only Windows 10… maybe some rules are only relevant for Windows 10 but my guess is some others can concern all Windows platforms.
Anyway I had already included ‘Windows Spy Blocker’ hosts within my HostsManager sources, I added ‘Windows Spy Blocker’ Firewall rules (outbound) but concerning the rules managed by an application such as Proxifier it’ll be a lack, even if I use PeerBlock with a Microsoft dedicated list. What Proxifier does can be achieved with DNSCrypt’s plug-ins provided you know how to handle them on a command-line or use a DNSCrypt tool such as ‘Simple DNSCrypt’ which aims to handle all DNSCrypt plug-ins but doesn’t do so yet.
Thanks for the article, Martin.
If I had been told that a day would come where I’d have to be aware of Microsoft’s inquisitive policy I would have laughed as I did several years ago when reading techies mentioning the company’s curiosity brought to a policy level.
Hi!
I’m the developer of WindowsSpyBlocker and i wanted to thanks Martin for this review :)
To answer to Tom yes indeed DNSCrypt can do the job with a plugin! I will take a look to DNSCrypt implementation and try to make an efficient plugin.
Hi [email protected],
Concerning the use of ‘Windows Spy Blocker’ rules on another Windows version than 10 the question was asked by my excellent alter-ego on the issue section of your Github page and your answer was, quoted :
“For the moment these rules concern only Windows 10 because my Wireshark instance is on a virtual machine on Windows 10 Pro 64bits.
But it’s possible to create another instance on Windows 7 / 8 virtual machine but not for now.”
Nevertheless, I’m presuming some rules may apply to all Windows versions, perhaps not all, perhaps some are inadequate or useless, perhaps some specific to a given Windows version are missing. This is why I maintain your hosts file only (included in my HostsMan sources which downloads latest sources). On this hosts level I think the rules can be considered applicable to all Windows versions, I hope not to mistake.
Concerning the Firewall outbound rules maybe are they really Windows version specific, yours are applicable to Windows 10 and contrarily to your hosts file I won’t bet they suit another version than Windows 10, but again I may be mistaking.
Concerning DNSCrypt and one of its plug-ins able to perform what Proxifier does, I read your answer here.
I just wish to add this : I use a front-end application for DNSCrypt called SimpleDNSCrypt and I had asked its developer, bitbeans (on his Github page) if SimpleDNSCrypt could aim at using one of DNSCrypt’s available plug-ins to include blocking IPs and domains recorded on a simple text file (Ã la Proxifier). Followed then SimpleDNSCrypt ver. 0.3.1 intended to do so but which unfortunately appeared eventually to fail to perform correctly this call to the concerned DNSCrypt plug-in, to which bitbeans included a correction for a version 0.4 to come … that was in February.
So :
WindowsSpyBlocker crafted for Windows 10 but maybe partially pertinent to other Windows versions;
WindowsSpyBlocker rules for Proxifier can be handled by DNSCrypt and could be handled by ‘SimpleDNSCrypt’ in an announced version 0.4 yet to appear.
A bit lengthy but I thought making this clear could be profitable for all of us concerned by privacy amid the Windows jungle, all versions included even if Windows 10 appears to be the king of the savana.
Was this plugin implemented? I’m looking to use this and wondering if I need BOTH proxifier and dnscrypt or if I can just use dnscrypt?
Hi Tom,
Some rules are specific to Windows 10 like firewall rules but some telemetry hosts apply to 7 / 8 / 10 and it depends if specific KBs are installed on the host machine. So it’s very diffcult to say if a host / firewall rule apply to all Windows or not.
I have added instructions to use DNSCrypt with WindowsSpyBlocker in the README on GitHub.
If you have any suggestion or want to talk more about that you can create an issue on GitHub :)
Hi Crazy, thanks for the information.
OK for Windows versions’ specifics. I understand. You’re doing a great job for helping Windows 10 users whom are stuck in that Windows frame so to say. I’m just trying to grab anything there that would apply to Windows 7 :)
OK for the data+instructions to use DNSCrypt with WindowsSpyBlocker. Though in my case, running DNSCrypt with the SimpleDNSCrypt front-end I’d have to be cautious when changing the encrypted DNS server since this is performed from SimpleDNSCrypt (avoiding the command-line) and forgetting to modify the DNS name in the instruction you provide for using WindowSpyBlocker data via DNSCrypt would lead to inconsistency… maybe I’ll just try to handle DNSCrypt with its raw instructions and forget SimpleDNSCrypt (I admit a trend to the comfort of easiness).
OK for suggestions/help on your Github’s issue page.
That’s a great job you’re into, Crazy, I’m almost regretting not to be a Windows 10 user for the sole purpose of using your application to its extent :)
P.S. I wrote Crazy with an “a” because it seems that otherwise WP’s forum algorithm detects a possible url and consequently puts the comment on an awaiting moderation parking …
“According to Microsoft, the data collecting is all for the greater good as it helps Microsoft make the product better for the user.”
This is marketing rubbish. This is the line used by every privacy violating corporation that has ever existed.
+ 1
There are more then 100+ services in Vista, Win 7, Win 8… that call home to Microsoft and transmit data 24/7.
http://news.softpedia.com/news/Forget-about-the-WGA-20-Windows-Vista-Features-and-Services-Harvest-User-Data-for-Microsoft-58752.shtml
How can anyone be using an Operating System so completely weaponized against them? The amount of code the OS uses to spy on it’s users and the resources required to combat this… mind-numbing. It’s only going to get worse.
I stopped using Windows at version 7, switching over to a Linux distro 2 years ago. I still follow the OS and the tools used to defend its’ users.
Maybe it’s time we start seeing tools that duplicate the data being collected and making it available to the user. Time to begin estimating the percentage of code and the resources required to run this spyCode. This has got to be an eye-opener for end-users everywhere.
How do you spot the lInux user?
You stand still and wait for him to come identify himself. ;-)
Some of us are *required* to use Windows. Some are gamers. Some have livelihoods dependent on Windows. Some need windows only applications like Photoshop. etc etc.
I can understand that. The worst thing to do would be to fall into sectarianism (which already paves the Web far too much). Debates are fine, even necessary, like in life, but let this lead us not to believe our approach is the best (when pluralism gets mixed up with dogmatism it brings elitism and sometimes even racism). We all have our preferences together with our obligations, sharing our experiences is the source of progress for all. As for myself I’d find it as tough to be convinced of what is the best as it is to be objective, in all domains… make an exception for being French, LOL! (yes, I’m joking of course and I practically never lie !).
If I’m ever obligated to use windows 10, when I have some spare time I’ll be looking into customization tools such as “NTLite” (by the developer who made nLite, a similar tool used to customize XP).
At any rate, as time goes on I’m sure that some code-savvy and highly knowledgeable pros and enthusiastic “weekend programmers” will pick windows 10 apart and come up with innovative “apps” and programs to slim down and eliminate the most common “phone home” and other “useless” things in this OS, as well as give us back some of the UI customizations that MS opted not to implement.
Hats off to you, [email protected], for your spyBlocker effort, its a step in the right direction.
And, thank you, Martin, for your research and website, and keeping us informed.
In the meantime, windows 7 Pro and Linux Mint it is!
>Proxifier
>Some hosts are not blocked even when they are added to the hosts file. The author of Windows Spy Blocker suggests to use a top level application such as Proxifier for these instead, and that’s what this set of rules are designed for.
No. Just block them via windows firewall, it blocks everything iirc.
You cannot block domains in Windows Firewall, only IP addresses
It’s appalling how much an end user needs to do to protect themselves from the OS they paid money to buy !
Not only did you pay for it, but now you need to guard yourself from it…
Join us. Linux is free.
After I apply all the rules to the windows 7 firewall I test connection and every IP resolves to microsoft successfully. Did I do something wrong?
I am using 4.2.0 version.
Steve how do you test the connection?
there is an option #3 under windows 7 firewall to test the connection.
Under the newest version 4.2.0 hit 0>0>0>3 if you have Windows 7. If you don’t have win 7 you can navigate to your OS and you will find an option to test there as well.
I’m not sure the tests are used to find out if connections are blocked. I suggest you open the Firewall and check the outbound rules there.
I did check if they were there, the IPs are in outbound as blocked so how does the test connect to those IPs? I was thinking I would see those connection attempts fail.
Probably not connecting but looking up reverse IP information. I may be wrong though, but could not find any information on the developer’s site about the functionality.
Hi Steve,
I’m the developer of WindowsSpyBlocker.
In the latest 4.x.x there is only one executable instead of multiple batch scripts as before.
The connection test for the firewall menu is here to find resolutions and whois of each IP addresses.
WindowsSpyBlocker uses external services (ipinfo, dnsquery, etc…) to check if these IPs belongs to Microsoft or not. This does not check whether the connection is open or not.
Like Martin says, open the Firewall and check the outbound rules.
If you have more question, you can ask them on Github by opening an issue!
Thanks for looking. I also wonder if we are supposed to remove all firewall and nsci changes from prior versions before applying each new version.
Look the CHANGELOG.md on Github, everything is written here about changes.
If there are new rules for your operating system, remove and apply the new ones.
If you have more question, you can ask them on Github by opening an issue!
Thank you for responding to my questions and thanks for the great tool.
Thanks ghacks and Max.