PC should be ministering to user, not other way round

Stats and Conclusions for Windows Server 2016

Sat, 27 Jul 2019 17:23:34 +0300

In this article we present statistics and conclusions about privacy implications of Windows Server 2016. This report is based on traffic recording of virtual machine running Windows Server 2016, which was run continuously for 505 days, from 2018-02-03 to 2019-07-20. After the installation, Windows Server 2016 was switched to zero (Security) level of telemetry via Group Policy Editor (gpedit.msc). Then OS was left alone. It had default settings and was running without any third party software installed. In total, we have recorded and analyzed 39,921,165,760 bytes of received and transmitted data.

Privacy Implications of Windows 10 Telemetry: Summary: Top AS Numbers for Windows 10 Telemetry

Sat, 27 Jul 2019 15:22:57 +0300

These AS numbers names were collected from 505 days of continuous recording of Windows Server 2016 telemetry traffic. Virtual machine and traffic recording software was configured as explained here. Raw traffic dumps were processed as explained here.

First list of AS numbers has 20 entries, sorted in descending order by total outgoing traffic transmitted by Windows Server 2016. Second list of AS numbers has 18 entries, sorted in descending order by total incoming traffic received by Windows Server 2016. Telemetry level was set to zero (Security), other settings were left at their defaults, and there was no third party software installed.

Privacy Implications of Windows Server 2016 Telemetry: Summary: Top Domains for Telemetry Over HTTP

Fri, 26 Jul 2019 18:18:45 +0300

These domain names were collected from 505 days of continuous recording of Windows Server 2016 telemetry traffic. Virtual machine and traffic recording software was configured as explained here. Raw traffic dumps were processed as explained here.

List of http-related domains has 31 entry, sorted in descending order by total number of outgoing HTTP connections initiated by Windows Server 2016 operating system (with telemetry level set to zero (Security) and without any third party software). We did not include domains which had less than 3 outgoing HTTP connections.

Privacy Implications of Windows Server 2016 Telemetry: Summary: Top Domains for Telemetry Over HTTPS

Fri, 26 Jul 2019 18:09:25 +0300

List of https-related domains has 336 entries, sorted in descending order by total number of outgoing HTTPS connections initiated by Windows Server 2016 operating system (with telemetry level set to zero (Security) and without any third party software). We did not include domains which had less than 3 outgoing HTTPS connections.

All this traffic was encrypted in such way that it can’t be decrypted by end user or ISP, only by Microsoft and third parties trusted by Microsoft.

Privacy Implications of Windows Server 2016 Telemetry: Summary: Top IP Addresses for Telemetry Over HTTP

Fri, 26 Jul 2019 17:27:00 +0300

These IP addresses were collected from 505 days of continuous recording of Windows Server 2016 telemetry traffic. Virtual machine and traffic recording software was configured as explained here. Raw traffic dumps were processed as explained here.

List of http-related IP addresses has 358 entries, sorted in descending order by total number of outgoing HTTP connections initiated by Windows Server 2016 operating system (with telemetry level set to zero (Security) and without any third party software). We did not include IP addresses which had less than 3 outgoing HTTP connections.

Privacy Implications of Windows Server 2016 Telemetry: Summary: Top IP Addresses for Telemetry Over HTTPS

Fri, 26 Jul 2019 17:16:03 +0300

List of https-related IP addresses has 369 entries, sorted in descending order by total number of outgoing HTTPS connections initiated by Windows Server 2016 operating system (with telemetry level set to zero (Security) and without any third party software). We did not include IP addresses which had less than 3 outgoing HTTPS connections.

All this traffic was encrypted in such way that it can’t be decrypted by end user or ISP, only by Microsoft and third parties trusted by Microsoft.

Privacy Implications of Windows 10 Telemetry: Summary Stats and Conclusions

Tue, 30 Jan 2018 15:41:40 +0200

In this article we present summary statistics and conclusions about privacy implications of Windows 10. This report is based on traffic recording of virtual machine with Windows 10, which was run continuously for 346 days, from 2017-02-15 to 2018-01-27. After the installation, Windows 10 was left alone. This OS had default settings and was running without any third party software installed. In total, we have recorded and analyzed 55,945,178,210 bytes of received and transmitted data.

Privacy Implications of Windows 10 Telemetry: Summary: Top AS Numbers for Windows 10 Telemetry

Mon, 29 Jan 2018 15:22:57 +0200

These AS numbers names were collected from 346 days of continuous recording of Windows 10 telemetry traffic. Virtual machine and traffic recording software was configured as explained here. Raw traffic dumps were processed as explained here.

First list of AS numbers has 38 entries, sorted in descending order by total outgoing traffic transmitted by Windows 10. Second list of AS numbers has 54 entries, sorted in descending order by total incoming traffic received by Windows 10. We did not include autonomous systems which had less than 128 Kb of transmitted/received data. Windows 10 had default settings and had no any third party software installed.

Privacy Implications of Windows 10 Telemetry: Summary: Top Domains for Windows 10 Telemetry Over HTTP

Mon, 29 Jan 2018 13:40:45 +0200

These domain names were collected from 346 days of continuous recording of Windows 10 telemetry traffic. Virtual machine and traffic recording software was configured as explained here. Raw traffic dumps were processed as explained here.

List of http-related domains has 327 entries, sorted in descending order by total number of outgoing HTTP connections initiated by Windows 10 operating system (with default settings and without any third party software). We did not include domains which had less than 3 outgoing HTTP connections.

Privacy Implications of Windows 10 Telemetry: Summary: Top IP Addresses for Windows 10 Telemetry Over HTTP

Mon, 29 Jan 2018 13:40:32 +0200

These IP addresses were collected from 346 days of continuous recording of Windows 10 telemetry traffic. Virtual machine and traffic recording software was configured as explained here. Raw traffic dumps were processed as explained here.

List of http-related IP addresses has 1241 entries, sorted in descending order by total number of outgoing HTTP connections initiated by Windows 10 operating system (with default settings and without any third party software). We did not include IP addresses which had less than 3 outgoing HTTP connections.

Privacy Implications of Windows 10 Telemetry: Summary: Top Domains for Windows 10 Telemetry Over HTTPS

Mon, 29 Jan 2018 13:40:25 +0200

List of https-related domains has 1017 entries, sorted in descending order by total number of outgoing HTTPS connections initiated by Windows 10 operating system (with default settings without any third party software). We did not include domains which had less than 3 outgoing HTTPS connections.

All this traffic was encrypted in such way that it can’t be decrypted by end user or ISP, only by Microsoft and third parties trusted by Microsoft.

Privacy Implications of Windows 10 Telemetry: Summary: Top IP Addresses for Windows 10 Telemetry Over HTTPS

Mon, 29 Jan 2018 13:40:13 +0200

List of https-related IP addresses has 1837 entries, sorted in descending order by total number of outgoing HTTPS connections initiated by Windows 10 operating system (with default settings and without any third party software). We did not include IP addresses which had less than 3 outgoing HTTPS connections.

All this traffic was encrypted in such way that it can’t be decrypted by end user or ISP, only by Microsoft and third parties trusted by Microsoft.

Privacy Implications of Windows 10 Telemetry, Part 4: Processing of Raw Traffic Dumps

Sun, 28 Jan 2018 00:47:20 +0200

Windows 10 telemetry traffic collection experiment is over. We have collected 55,945,178,210 bytes of data, which was recorded continuously during 346 days, from 2017-02-15 to 2018-01-27.

Let’s discuss tools and scripts we need to extract useful statistics from these raw dumps of traffic. We will rely on tcpdump builtin filtering packets, and also on standard grep, sed and awk UNIX tools for processing text information extracted from these packets.

Privacy Implications of Windows 10 Telemetry, Part 3: Telemetry Overviews From Microsoft

Fri, 14 Jul 2017 19:25:03 +0200

Our experiment is running smoothly. So far we have accumulated 17.9 Gb of data to be analyzed.

In the meanwhile, Microsoft has published two overviews of telemetry transmitted by Windows 10. These overviews are composed in such way that Basic level of telemetry appears to transmit a lot of data (it is presented in extremely detailed style) and Full level of telemetry appears to transmit much less data (it is presented in condensed style).

On the contrary, our measurements indicate that Full level of telemetry transmits much more bytes over the wire.

Privacy Implications of Windows 10 Telemetry, Part 2: Recording Traffic of the Virtual Machine

Wed, 15 Feb 2017 14:58:42 +0200

In this part of the guide, we will tune up ZFS filesystem, prepare the hypervisor, create virtual disk for Windows 10, and create Windows 10 VM control scripts.

Then we will install Windows 10 into the virtual machine and leave Windows 10 virtual machine for prolonged execution with traffic recording enabled.

Privacy Implications of Windows 10 Telemetry, Part 1: Setting Up the Network

Tue, 14 Feb 2017 12:56:56 +0200

Windows 10 will run in the virtual machine powered by bhyve hypervisor, under FreeBSD 11.0 operating system. It will have access to the internet via virtual local network, and all its traffic will be recorded for further analysis. This virtual network will consist of two hosts: DHCP server/router and Windows 10 virtual machine.

In this part of the guide, we will configure network interfaces, firewall, routing, NAT, DHCP server, and also set up sshd and tmux for convenient remote access to our FreeBSD server.

Privacy Implications of Windows 10 Telemetry: About Experiment

Sat, 11 Feb 2017 20:11:33 +0200

In subsequent few months we will be conducting an experiment which involves installation of Windows 10 with default settings and recording all telemetry traffic which is transmitted by this OS. Received traffic will be recorded as well. Windows 10 will sit in mostly idle state for a few months in a virtual machine deployed on the always powered-on server. Besides basic OS setup, there will be not much activity in apps and browser, in order to record as much clean telemetry traffic of this OS as possible.