|Disabling Windows 10 Telemetry
|Page 1 of 1|
|Author:||big_D [ Thu Jan 10, 2019 5:09 pm ]|
|Post subject:||Disabling Windows 10 Telemetry|
The German BSI (Federal Department for Information and IT Security) made a study of the telemetry data system for Windows 10.
https://www.bsi.bund.de/DE/Themen/Cyber ... _node.html (German language)
The project (SiSyPHuS Win10), named after the King of Ephyra (or Corinth)*, set about to investigate what telemetry data was being sent back to Microsoft by Windows 10 and how you can disable it, as required by law (in fact, in Germany it must be opt-in). The information must also be transparent (i.e. the user must be able to see what is being sent and, if it isn’t in plain language, it must be fully documented.
The aim of the study was to see if Windows 10 habit of blabbering back to HQ could be silenced, and to find out exactly what information was being sent.
TL;DR – disable the service “DiagTrack”. It will be restarted after updates, so needs to be regularly checked. You can do this from the command line with sc stop “diagtrack” and sc config “diatrack” start=disabled. This needs to be run as Administrator. It would also be possible to set up a script to be run daily, for example, to make sure it is disabled. It is also possible to do this over the “Services” Control Panel applet, the translation from German for the service name is “User experience and telemetry in connected mode”, the exact name in English may vary.
The German magazine c’t also tested this in December and claim that it does work.
Using the onboard settings in the control panel, you can choose between Simple and Complete modes and corporate users also have the option of “secure” mode (again translated from German). Interestingly the difference between Simple and Complete isn’t very big:
* Secure uses 4 data providers (services that provide telemetry information)
* Simple uses 410 data providers
* Complete uses 422 data providers
As can be seen, even “simple” uses a lot of data providers to get telemetry information from within Windows 10.
Even “secure” mode is still blabbing back to base, so not that secure. This mode can be set using Group Policy on Windows 10 Enterprise and Education installations. This option, however, stops Windows looking at Windows Update to get updates as well, so Windows 10 will only follow this rule if it is set in conjunction with using either WSUS or SCCM to provide updates.
For those on 1803 or later, you can download the Diagnostic Data Viewer from the Windows Store and use it to view the information that is being sent. You also need to turn on the Show Diagnostic Data setting in the control panel, under Diagnostics and Feedback. This will use up to 1GB of disk space to hold a copy of diagnostic data.
The BSI tried turning off DiagTrack and all communication stopped. Microsoft claims, that turning off this information will affect updates. But both the BSI and c’t tests show that this is not true. Test PCs with DiagTrack disabled were offered the same monthly patches and feature updates as PCs that had it enabled.
What it does do, obviously, is restrict the information Microsoft has available to track problems with individual (allegedly anonymized) installation. So any problems a PC has, where DiagTrack is disabled will not be able to report any crashes or other instabilities that it has. But that is the users decision.
The information flow was monitored before, during and after running test PCs with DiagTrack disabled, using Wireshark and they noted that the information flow stopped when DiagTrack was disabled and started up again afterwards, but it did not cache the information during the time it was disabled – so only fresh information was sent to Microsoft after it was re-enabled.
The BSI also recommends deactivating Autologger Listener, but this is not necessary, according to c’t, because the information is not getting sent anyway. The registry key to disable is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener, setting the value to 0 disables it.
Alternatively you can edit the hosts file and set the names of Microsoft’s telemetry servers to 0.0.0.0 (unroutable) or add them to your firewall. But this isn’t guaranteed, as Microsoft can easily keep adding more and more of these domains, so the list will need to be controlled regularly.
I use https://someonewhocares.org/hosts/ which is a list of common tracking and advertising websites, it blocks them all in the hosts file (hosts has priority over DNS, so they never get resolved).
For the paranoid, I also add https://github.com/jmdugan/blocklists/b ... cebook/all into the hosts file, which blocks around 1500 known Facebook domains.
Warning: Using these lists can lead to some websites accusing you of using an adblocker, even if you don’t, because the tracking sites behind many ad companies are blocked from collecting information.
Anyway, I hope this helps some of you. I certainly found the BSI report interesting, if a little hard going at times.
* King Sysyphis or Sisyphos was punished by being forced to roll an immense boulder up a hill only for it to roll down when it nears the top, repeating this action for all eternity. This leads to the German term “Sisyphusarbeit”, meaning a never-ending task.
|Page 1 of 1||All times are UTC|
|Powered by phpBB® Forum Software © phpBB Group