Regardless of your privacy settings, Windows 10 Creators Update phones home

Another research done by an independent IT security analyst shows a number of privacy issues in Windows 10. Even after you have properly configured Windows 10 Creators Update using Group Policy in the Enterprise edition, the operating system may disregard these settings and continue to utilize your bandwidth and "phone home" to send data.

Many users use various tricks to turn off telemetry and data collection in Windows 10 which is sent back to Microsoft servers. Once these tweaks are applied, such users feel themselves relatively safe from being spied on. However, it has come to be known that even after you disable telemetry using the official settings, Windows 10 continues to connect to Microsoft's servers and sends plenty of data there. This new finding is something to worry about.

The research was performed by Mark Burnett.

Mark Burnett is a security consultant, author, and researcher who specializes in application security, authentication, and hardening Microsoft Windows-based servers and networks. Since 1999 he has worked in numerous areas of IT security, developing unique strategies and techniques for protecting critical assets. Mark is author and coauthor of a number of security books and publishes security articles for several web sites, newsletters, and magazines. Microsoft has three times recognized Mark’s contribution to the Windows community with the Windows Server – IIS Most Valued Professional (MVP) award and four times with the Windows Security MVP award.

Mark set up a virtual machine with the Enterprise edition of Windows 10 and tracked the operating system's traffic. According to him, there was no third-party software installed, the telemetry options were disabled, all built-in UWP apps were removed and no apps were running during the test.

His observations are as follows.

With IPv6 and Teredo tunneling disabled, Windows 10 is still connecting out to do IPv6 teredo tests.

Even with Smart Screen disabled, Windows 10 continues to connect to SmartScreen.

The same is true for Telemetry - regardless of the Group Policy state and Registry tweaks, it is still active and sends some data.

Even if you have not configured OneDrive Sync, there will be a lot of connections to its servers.

The same is true for error reporting. Even when the service is disabled, Windows 10 makes connections to the related servers.

Also, Windows 10 connects to KMS validation services regardless of the Group Policy configuration.

Finally, Windows 10 makes dozens of ad-related connections even in its Enterprise version.

Mark notes that he removed the Paint 3D app but it was silently reinstalled. The operating system even re-created a firewall rule to allow the app automatically!

So, even if you followed the official guide and configured the OS properly, you can't be sure that you control it.

It is not known which data exactly Windows 10 is sending to Microsoft's servers after everything mentioned above is disabled, but it is obviously expected that disabled areas should not produce traffic.

Mark is going to re-verify and repeat his results. Once this is done, he may share more interesting details about his findings.

Windows 10's Privacy related settings are just a ruse to throw unsuspecting users offguard so they think their privacy is being maintained. Repeatedly, it has been demonstrated by various researchers that they are meaningless and do not fully prevent your PC from doing unwanted communications with numerous Microsoft and third party computers.

Source: Mark Burnett

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

12 thoughts on “Regardless of your privacy settings, Windows 10 Creators Update phones home”

  1. Since when is this news. Ms always said, that it’s still sending information even when it’s set to off.
    http://blogs.technet.com/b/netro/archive/2015/09/09/windows-7-windows-8-and-windows-10-telemetrie-updates-diagnostic-tracking.aspx

    —–
    Security level info includes:

    Telemetry client settings. The telemetry client requests its settings file from Microsoft servers at regular intervals. This request includes operating system info, the device ID (used to identify what specific device is requesting settings), and the device class (for example, whether the device is a server or desktop).

    Malicious Software Removal Tool (MSRT) MSRT requires to function, including: device info, such as IP address.

    Note
    No MSRT information is included if MSRT is not used or if Windows Update is turned off.

    Windows Defender. Windows Defender requires some info to function, including: anti-malware signatures, diagnostic information, User Account control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address. No Windows Defender info is included if a customer is using third-party anti-malware software or if Windows Defender has been turned off.

    No user content, such as user files or communications, is gathered at the Security telemetry level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time.

    To set the telemetry level to Security use a management policy (Group Policy or MDM) or by manually changing the setting in the registry. For more info, see the Manage your telemetry settings section of this article.
    —–

  2. Since when is this news? MS always said, that you’ll never be able to turn the transmission of data completely off. according to MS, these are the information, that Windows is still transmitting to not compromise the systems security.

    —-
    Security level info includes:

    Telemetry client settings. The telemetry client requests its settings file from Microsoft servers at regular intervals. This request includes operating system info, the device ID (used to identify what specific device is requesting settings), and the device class (for example, whether the device is a server or desktop).

    Malicious Software Removal Tool (MSRT) MSRT requires to function, including: device info, such as IP address.

    Note
    No MSRT information is included if MSRT is not used or if Windows Update is turned off.

    Windows Defender. Windows Defender requires some info to function, including: anti-malware signatures, diagnostic information, User Account control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address. No Windows Defender info is included if a customer is using third-party anti-malware software or if Windows Defender has been turned off.

    No user content, such as user files or communications, is gathered at the Security telemetry level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time.

    To set the telemetry level to Security use a management policy (Group Policy or MDM) or by manually changing the setting in the registry. For more info, see the Manage your telemetry settings section of this article.

  3. Since when is this news? MS always said, that you’ll never be able to turn the transmission of data completely off. According to MS, these are the information, that Windows is still transmitting to not compromise the systems security.

    https://blogs.technet.microsoft.com/netro/2015/09/09/windows-7-windows-8-and-windows-10-telemetry-updates-diagnostic-tracking/

    1. the important part here is.. how much data is send or did the connection are just made to look if something is answering at the other end?

      and why is nobody checking apple OSX???

      they do the same for ages…. nobody cares.

  4. Linux and Parallels – and you can run office if you must. No – more Windows phoning home. Also the last office is 2016 – the office 350 is rubbish.

  5. People, if you are using a ‘smartphone’ with 2 cameras, dual noise cancelling microphones, GPS, NFC, gyroscope, and a bunch of apps on it – you are already transmitting data including your updated location.
    Your phone can record video, photos, audio, screenshots, location on the planet, direction you are travelling, and even if you are moving at all (like alive or dead).
    Good luck whinging about Windows 10.
    I really like Windows 10. And I’m happy to use it.
    I trust Windows 10 much more than my phone – which has an OS that they had the balls to call `Android’.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.