
German federal office publishes Windows 10 telemetry analysis - jakobdabo
https://www.ghacks.net/2018/11/23/german-federal-office-bsi-publishes-telemetry-analysis/
======
maxxxxx
I am surprised that they using server names like
"alpha.telemetry.microsft.com". when I see something like "microsft" in an
E-mail or link I immediately suspect that somebody is trying to fake being
from Microsoft. Or are these spelling errors in the article?

Edit: these domain names are in the report too. Very strange. I would get very
nervous if I saw "microsft" in a firewall log.

~~~
stult
It could be an attempt to bypass DNS blacklists. I have Microsoft domains
blacklisted on my pi-hole because I find their telemetry practices so
difficult to constrain otherwise. Not sure if I caught any micrsoft domains,
but there were definitely some that seemed intentionally semi-obfuscated, with
msft or something like that instead of the full company name.

~~~
AndrewGaspar
I'd actually lean towards it being the opposite - put the thing that people
and organizations would be inclined to block on a separate domain so that the
core business domain isn't blocked.

EDIT: Seems like there are a lot *.microsoft.com URLs, too, so disregard this
theory.

~~~
mordechai9000
I have seen internal groups use domains like this simply because the process
for using the primary domain is too onerous, or corporate divisions make it
otherwise problematic.

------
jammygit
I wish all governments did audits like this. Either the software would get
less invasive, or we'd see Linux everywhere, wins all around.

How bad is it that not even governments can use windows without the data
vacuum being turned on? And they need to commission these investigations to
even figure out what that means?

~~~
iwiririwo
Well there's other issues with Linux on the desktop that doesn't let anybody
except developers use it productively.

You always have to weight your priorities, and getting stuff done is often
number one priority.

~~~
mario0b1
The Problem (atleast in my opinion) is that there will "never" be any change
in this if people are not willing to sacrifice just a little bit of usability.
Why should companys write software for an OS that does not get used?

Sure, getting stuff done is a high priority, but has it to be number one?
Can't we put ethics (or call it whatever you want) above it? We definitely
need a lot more competition

~~~
thepp1983
None of the parties that are involved in Linux actually care one iota about
the desktop. At best it is a side project. It is phones, servers and embedded,

Only a very small percentage of what is a shrinking market uses it uses it on
the desktop.

It will never happen. The only company that has really invested into anything
close to Desktop Linux is Google and it is Chrome books which are pretty much
a walled garden.

While it was better than it was 15 years ago, there are still dumb problems
like "Why doesn't by usb headset work?" or "Oh X shat itself again with my
GPU". Whereas with Windows I can reinstall the GPU drivers while playing a
youtube video. The only thing I haven't had work is some cheapo chinese Serial
PCI card from fleabay.

~~~
ernst_klim
>Why doesn't by usb headset work?

>The only thing I haven't had work is some cheapo chinese Serial PCI card from
fleabay.

You are contradicting yourself here. Besides, linux hardware support is
incredible nowadays, and most of the time if you have problems with linux, you
would have them with windows as well (aka, oem drivers for crappy nonstandard
custom hardware).

Nowadays most of the soundcards, gamepads, headsets would just work, at least
their standard functionality.

Also, RedHat cares about desktop, and canonical cared a lot. Nowadays RedHat
is involved in a proper hybrid graphics support, gnome desktop etc. In some
areas linux is lagging behind, for example accessability is still not the
best, though gnome people are very concerned about it (that was one of the
major reason for using a full gnome shell for login).

~~~
thepp1983
> You are contradicting yourself here.

No I am not. I was just saying that the only thing I've hadn't have work out
of the box was some dodgy PCI card from China. It is literally the only thing
in the last ten years that wasn't a video card that didn't work out of the box
for me.

> Besides, linux hardware support is incredible nowadays, and most of the time
> if you have problems with linux, you would have them with windows as well
> (aka, oem drivers for crappy nonstandard custom hardware).

I've been using *nix now for about 20 years. I still have the same problems
with plugging in things like headsets that I had 10 years ago. The headset I
am using is a £30 headset that you can buy in almost any supermarket and that
is just an example of the problems that you will face on a daily basis.

I have a bog standard Dell Latitude laptop (refurb business model). Everything
is intel. Yet I still have problems with Power management on popular distros
like Ubuntu and Fedora. Everything works fine in Windows Vista and Above. I
get screen tearing on my desktop machine because X is utter crap. Also any
application can completely kill X, I had it happen the other day.

I am sure I could fix some of these issues. But I just don't care enough
anymore.

> Also, RedHat cares about desktop, and canonical cared a lot. Nowadays RedHat
> is involved in a proper hybrid graphics support, gnome desktop etc. In some
> areas linux is lagging behind, for example accessability is still not the
> best, though gnome people are very concerned about it (that was one of the
> major reason for using a full gnome shell for login).

Redhat used to sell the distro as a desktop Linux that you could buy in a
store like PC world, so did Suse and quite a lot of other distros (Mandrake,
Lindows, Corel). Very few people bought them, they didn't make any money and
they vanished in about 2004/2005ish IIRC. The vast majority of income that
Redhat makes is support contacts.

As for the gnome team, they threw away years of work when they moved to Gnome
3. That must be 10,000s of man hours. That is nuts. I don't trust a team that
throws away years worth of code, user testing and bug reports. I know it been
forked into Mate, but that is besides the point.

~~~
ernst_klim
You confuse your subjective experience with the overall picture. The list of
devices which kernel does support is not only incredible, but higher than that
of any other OS safe Windows maybe. And even in windows you will have pretty
the same hardware problems, just with the different set of hardware, which you
were lucky to avoid. Shit like this [1] [2] is pretty common in windows world
as well.

>The touchpad and touchscreen don't work during install, so you'll need to
plug in a mouse or fuss with keyboard-only navigation. After installation
you'll only have 2.4GHz wifi, so you'll need to install the Lenovo driver.
There are probably other Lenovo drivers that will be required - but I haven't
taken the experiment any farther yet.

>Intel GMA 910 and 915 series released in 2004 and 2005 respectively didn't
get WDDM driver which means they only work with Windows XP, Vista and 7

Most of the time you just have an OEM preinstalled for you or even an OS
preinstalled on a very particular hardware (macos).

[1] [https://forums.lenovo.com/t5/Lenovo-Yoga-Series-
Notebooks/Yo...](https://forums.lenovo.com/t5/Lenovo-Yoga-Series-
Notebooks/Yoga-3-Pro-Slow-How-to-reinstall-Windows-8-1-without-
all/td-p/2067079)

[2]
[https://communities.intel.com/thread/123273](https://communities.intel.com/thread/123273)

~~~
thepp1983
> You confuse your subjective experience with the overall picture.

No it is a common complaint that has been happening for years (over a decade)
with all manner of consumer laptops.

> The list of devices which kernel does support is not only incredible, but
> higher than that of any other OS safe Windows maybe.

Yes and I would wager quite a lot of these devices are for ancient hardware,
embedded devices, servers, micro-controller etc and other stuff THAT IS NOT
ANYTHING TO DO WITH BUSINESS LAPTOPS and a reasonably priced consumer usb
headsets from well known manufacturers.

It is a fallacy that just because there is a large number of devices it also
means:

1) They are supported well.

2) They are my devices.

3) That there are other parts of the distro (Pulse Audio, ALSA or whatever the
nonsense they are using for an audio stack these days) will interfere with how
the device works.

The situation will never change. It will never change because

1) Device manufacturers don't care about Linux. They will care about MacOS,
Windows, Android and iOS.

2) None of the large corps that basically contribute to the kernel really care
about Linux on the desktop. They don't make a lot of money if any from it.
Redhat kinda bother, but they've been bought by IBM now so that won't last
much longer.

3) As demonstrated in this very discussion on this topic. Most Linux users
will trot out the same tired old excuses why shite doesn't work. They will
blame it on Microsoft, the User, the hardware anything other than the
accepting the fact that because everyone has their own idea what a distro
looks like, the whole community is fragmented. Fragmentation causes problems,
instability and compatibility issues.

I've heard it for 15 years now. If I have to use Linux (I do unfortunately),
it is whatever the latest LTS of Ubuntu is because it mostly works (it is
still shite though).

> And even in windows you will have pretty the same hardware problems, just
> with the different set of hardware, which you were lucky to avoid. Shit like
> this [1] [2] is pretty common in windows world as well.

Cherry picking nonsense. The only driver I've needed to install in the last 5
years is my video card driver (I am rocking a 1080Ti, which is rather nice)
and a wireless driver in my laptop which took all of 5 minutes to install.

Windows will download the drivers from the internet if it can find them.

> Most of the time you just have an OEM preinstalled for you or even an OS
> preinstalled on a very particular hardware (macos).

No I installed Windows myself. I always wipe and do a clean install. I've done
my own install of MacOS in the past as well (not much point though as they
don't fill the OS full of shit).

I've heard all of these arguments before. They are all deflecting blame away
from what is the Desktop Linux community. I'd heard these arguments back in
2003. Nothing has changed much in 15 years.

Maybe in 15 years time when Desktop Linux still doesn't work correctly you
might get wise to the myriad of reasons why it will never work.

Hopefully I will have retired to somewhere like Cambodia by then.

~~~
explainplease
> Maybe in 15 years time when Desktop Linux still doesn't work correctly you
> might get wise to the myriad of reasons why it will never work.

Yet, here I am, having used Linux on the desktop for over 15 years. Unlike all
the years I used Windows, I've never had to reinstall Linux. No BSODs, booting
into safe mode, restoring registry backups, manually installing cryptic INF
files, anti-virus software, etc. Works For Me. Sorry that you didn't enjoy it.
Hope you have fun back in Windows land.

~~~
thepp1983
Well I have a stalker.

Lies. BSODs are Kernel panics. These happen in every OS. They can be caused by
failing hardware, iffy drivers etc. Are you going to claim that you never had
hardware fail? never had a dodgy capacitor on a video card? I don't believe
that. Also the last time I had a BSOD on Windows is because one of the SSDs in
RAID 0 failed.

Dependant on Linux distro there maybe no safe upgrade path between version of
the distro (Fedora recommends a full reinstall last time I checked).

I haven't backed up a registry ever. I haven't installed 3rd party anti-virus
software since the Windows XP days which was 15 years ago. Windows has
improved quite a lot in some ways (and in other ways it has got worse).

> Works For Me.

Which is exactly the attitude problem with most Linux users when discussing
the topic. It is whataboutery at its finest.

> Sorry that you didn't enjoy it. Hope you have fun back in Windows land.

Linux works absolutely fine on my Phone, VPS (Digital Ocean) and as a XBMC
machine. It just doesn't work properly as a Desktop Operating system.

I am just not a zealot when it comes my Operating System Choice and I don't
pretend things that are real problems aren't.

------
heybrendan
(More) direct link to the publication:
[https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-
Si...](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-
Sicherheit/SiSyPHus/Workpackage4_Telemetry.pdf)

Page 31 of the report was of primary interest--hosts hard-coded in
diagtrack.dll:

geo.settings-win.data.microsoft.com.akadns.net db5-eap.settings-
win.data.microsoft.com.akadns.net settings-win.data.microsoft.com
db5.settings-win.data.microsoft.com.akadns.net asimov-
win.settings.data.microsoft.com.akadns.net
db5.vortex.data.microsoft.com.akadns.net
v10-win.vortex.data.microsft.com.akadns.net
geo.vortex.data.microsoft.com.akadns.net v10.vortex-win.data.microsft.com
us.vortex-win.data.microsft.com eu.vortex-win.data.microsft.com vortex-win-
sandbox.data.microsoft.com alpha.telemetry.microsft.com
oca.telemetry.microsft.com

At this point, I would recommend choosing to treat the {akadns.net,
microsoft.com, microsft.com} TLDs with general distrust. Also in the report:

40.77.226.249 40.77.226.250 13.92.194.212 52.178.38.151 52.229.39.152
52.183.114.173 13.78.232.226

For convenience, I've enumerated the corresponding CIDRs:

13.104.0.0/14 13.64.0.0/11 13.96.0.0/13 40.112.0.0/13 40.120.0.0/14
40.124.0.0/16 40.125.0.0/17 40.74.0.0/15 40.76.0.0/14 40.80.0.0/12
40.96.0.0/12 52.145.0.0/16 52.146.0.0/15 52.148.0.0/14 52.152.0.0/13
52.160.0.0/11 52.224.0.0/11

I'm not sure how to react to the observation of the usage of "microsft.com".
I'll admit my instinct is to perceive this as, at worst, a rather clandestine
attempt at circumventing basic DNS black-holing techniques--in which case,
well played MSFT.

Now if you'll excuse me, I have some firewall policies to update.

~~~
jlgaddis
If you put in a block for *.akadns.net you will very likely experience quite a
bit of collateral damage. A lot of large, popular companies use Akamai.

Likewise, Ii you drop all traffic from and to those CIDR ranges, well, I hope
you don't use any services or sites that are hosted on Azure.

~~~
heybrendan
Excellent point, and I'm well aware. Vigilance (and a proactive security
posture) are the price of privacy--and I suspect nothing of actual value will
be lost.

It's preferable (to me) to blacklist /everything/ and deal with any future
connectivity issues on a case-by-case basis.

------
pingec
Has anything similar been done for Android phones with google services
installed and Chrome browser?

~~~
paride5745
I guess the document about Google is so big they have issues uploading it to
the web server!

------
detaro
German press release:
[https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2...](https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/Studie_Win_10_20112018.html)

Fitting name for the project: _SiSyPHuS Win10_

------
MikusR
Note that they analyzed only version 1607. Before Microsoft started publishing
Telemetry documentation and before GDPR. Also akadns.net or microsft.com does
not appear in a current (1809) diagtrack.dll.

~~~
BurnGpuBurn
I noted that yeah. It's a shame that it takes so much time and effort to get
to the information that Microsoft should just be open about. I think, with the
current short release cycle, audits on Windows will always lag behind the real
world a year or two. So at best you know how Microsoft was spying on you two
years ago.

------
MikusR
Did they find something that contradicts stuff listed at
[https://docs.microsoft.com/en-
us/windows/privacy/](https://docs.microsoft.com/en-us/windows/privacy/) ?

------
gmueckl
There is an API monitor included in the appendix of the report. From the looks
of it, it seems to be designed to hook into the API for the ETW sources and
log the data that they record. But I can't tell what script language it is
written in, so I cannot be entirely sure. Can someone have a closer look and
tell me what this does exactly and how to run it? Seems interesting for those
who want to get the complete picture of what Windows is recording.

~~~
voltagex_
WinDBG possibly

[https://docs.microsoft.com/en-us/windows-
hardware/drivers/de...](https://docs.microsoft.com/en-us/windows-
hardware/drivers/debugger/-----------------------a---run-script-file-)

------
Zarath
Does anyone know if there is a tool to safely remove telemetry executables
from Win10? Is it possible to remove these?

~~~
ssvss
I saw this tool being recommended in r/windows10. I have tried it, no issues
so far, though haven't tested to see if it does disable telemetry.

[https://www.oo-software.com/en/shutup10](https://www.oo-
software.com/en/shutup10)

~~~
forrestthewoods
This tool is great. Only problem is you have to regularly re-run it because
Windows Update will revert changes.

~~~
AnIdiotOnTheNet
Yep, which is why you disable Windows Update too. The people who work on
Windows these days should probably all be fired. Out of a cannon. Into the
sun.

~~~
ricardonunez
Telling users to disable updates it's not a good recommendation.

~~~
Spooky23
Sure it is. Microsoft software deployment on client is a dumpster fire.

Blindly installing Windows updates these days is very dangerous and should be
avoided. Your best approach for avoiding malware is to use browsers like
Firefox and Chrome. Critical task workflows should be in LTSB, iOS or
ChromeOS.

Microsoft’s guidance is to have around four deployment rings each for Windows
_and_ Office, and only immediately patch 10-20% of your enterprise environment
and defer to avoid impacts from the quality issues that are very common as
Microsoft is supporting like a half dozen Windows 10s.

See: [https://docs.microsoft.com/en-
us/windows/deployment/update/w...](https://docs.microsoft.com/en-
us/windows/deployment/update/waas-deployment-rings-windows-10-updates)

~~~
ragequitta
Very much disagree. If you pay attention at all to security you'll always hear
stories of that one client who hasn't done security updates in 3 months (or 3
days) and gets taken out by the inevitable "exploit Wednesday" shenanigans. On
top of that if you're in an enterprise environment when you update you've
already had months of home users beta testing the stuff (if you've chosen the
semi-annual channel), haven't you?

From my experience as someone who has had 0 problems since beta (that weren't
caused by me doing something stupid like uninstalling Windows Store) people
mess with windows, usually by running a script or 2 because "omg Microsoft is
spying on me!111!" then the update comes and throws them an error or 2.

Choose any other OS. Any OS at all that is sufficiently complicated as to
compete with Windows (maybe as a starting point anything a tiny bit more
complicated than ChromeOS). Then name a problem that's happened with Windows
10. I'll show something similar if not worse happening on the other OS you've
chosen.

The problem, IMO, isn't the OS. It's the freedom the OS allows and the
billions of different configurations you'll find out there. Of course any 1
update isn't going to account for all of that. Hell Apple can't even do it on
iphones/imacs and they have a very tiny number of SKUs to deal with.

~~~
AnIdiotOnTheNet
> Very much disagree. If you pay attention at all to security you'll always
> hear stories of that one client who hasn't done security updates in 3 months
> (or 3 days) and gets taken out by the inevitable "exploit Wednesday"
> shenanigans.

And if you read past the headline you find out that they had numerous other
problems with their security practices that were actually responsible for them
being compromised, because if "keep it up to date" is the extent of your
security policy then you don't have a security policy. There are always
exploitable issues in an OS, sometimes updates even introduce them (remember
heartbleed? or that time Debian broke key gen?).

> From my experience as someone who has had 0 problems since beta

From your experience as someone with no experience dealing with issues caused
by Windows Update, got it.

> Choose any other OS. Any OS at all that is sufficiently complicated as to
> compete with Windows (maybe as a starting point anything a tiny bit more
> complicated than ChromeOS). Then name a problem that's happened with Windows
> 10. I'll show something similar if not worse happening on the other OS
> you've chosen.

This doesn't mean that Windows 10 isn't bad, it just means that everything is
bad.

> The problem, IMO, isn't the OS. It's the freedom the OS allows and the
> billions of different configurations you'll find out there.

The problem is the OS. If you have designed your OS in such a way as to make
updating it a pain in the ass that's prone to breaking things, and turning
updates off also a pain in the ass, then the problem is the OS.

~~~
ragequitta
I agree with the sentiment that "everything is bad". Computers are still in
their birthing stage and full of problems. But Windows 10 feels like an
improvement over any previous version of Windows at least. Which is really all
we can ask for. A little too transitional/work in progress for some, I can see
that (2 control panels? madness!), but otherwise pretty smooth.

But maybe it's also because I left computer support type roles and I haven't
seen the nightmares like I did with XP/2000/Vista/7\. But as an end
user/casual security and IT watcher I can't complain too much (yet).

And as an anecdote the only problem I've had updating was the one large change
to the audio stack they did (and needed to do-it's so much better). The huge
issue that arose was I needed to unmute my headphones. Other than that I
seriously have not noticed any update other than maybe seeing the % when I
boot up in the morning. I keep track of when the big ones come so I can run
O&O after those, but I really haven't even skipped a beat due to an update.

~~~
AnIdiotOnTheNet
Lucky you. Meanwhile Microsoft has delayed the October update for the third
time because of all the crap they keep breaking whenever they release it.
Yesterday my boss and I had a conversation about just turning Windows Update
off forever for our org because it's caused more trouble than pretty much
anything we could think of as a consequence of not updating. This was brought
up (again) because of several of our developers having their network cards
randomly and inexplicably stop working and requiring a reboot to fix after
1809.

I will say that since Vista there has been a ton of improvement on the driver
model, display system, network stack, audio stack (as you mentioned), and a
few other relatively low-level pieces, but pretty much everything above that
has been a continual shitshow of user-hostile bullshit and overly complex
interlocking crapware.

Start Menu used to just be a menuized view of a folder structure, now it's
some horrid amalgamation of junk that breaks whenever the Windows Apptore
database gets corrupt, which is surprisingly often considering no one here
even uses Windows Appstore apps.

Older Windows versions had their bugs, sure, but on the whole they cared a lot
more about the user, about not breaking their shit and making sure their
updates were actually worth applying. Microsoft has made it very clear since
Windows 10 that they hate the user.

------
minxomat
For Windows. That should be part of the title.

~~~
craftyguy
> Windows 10 telemetry

...

~~~
smolder
Perhaps someone changed the title...

~~~
graeme
They did, it was something else before

------
dvfjsdhgfv
Slightly off-topic, from one of the comments to the original article:

> as a foreigner living in Germany you definitely see a big difference when it
> comes to web privacy. One thing I found surprising is that many German
> people will use nicknames on social sites like Facebook as to not reveal
> their identity online.

It has more to do with common sense, doesn't it? Unless you want to promote
yourself, you will probably want to use a nickname, and change these nicknames
from site to site so that an individual or organization targeting you for
whatever reason can't reveal your identity and do any real harm. A reasonable
person doesn't shout it on the rooftops where they live, how wealthy they are,
what they kids look like and so on. And yet, this is what people do when
posting things online while using real names (as required by Facebook and a
couple of other companies).

------
ttty
Is there any way for getting an alert every time any program wants to access
any IP/domain and let me decide if I let it pass or block it.

~~~
TheRealDunkirk
You made me look. Apparently, there is a tool on Windows called NetLimiter
([https://www.netlimiter.com](https://www.netlimiter.com)) that can do this.
Discussion: [https://superuser.com/questions/261440/whats-the-closest-
equ...](https://superuser.com/questions/261440/whats-the-closest-equivalent-
of-little-snitch-mac-program-on-windows)

------
jeisc
I am going to wait for Windows 11 before giving up Windows 8.1

------
a_imho
Will MSFT act surprised when the inevitable GDPR fine comes?

------
anime_forever
Holy shit, there's not a single useful comment in this entire thread

------
msla
How sure are we they found everything?

Did they have official source code to work from, or documentation only, or did
they disassemble binaries?

~~~
msla
I've never seen downvotes used as a tacit admission before.

------
AtomicOrbital
to be fair every OS can and does do telemetry, say nothing about each software
application calling back home in a similar way - such feedback helps speed up
improvements however linux OS makes explicit notice of this and its simple to
disable

~~~
TangoTrotFox
There is 0 opt-out telemetry in most (all?) major flavors of Linux.

But there's an even more important issue here. Even _if_ there were some form
of telemetry in Linux you'd be able to see exactly what it's collecting and
where it's sending it since the OS itself is open source. I do not think many
people are mostly okayish with purely diagnostic telemetry, but it's not clear
exactly what Microsoft is collecting and their transition to a sort of 'free
to play' style of OS does not lead one to the most optimistic views for either
the type data they're harvesting, or their intended use for such data.

~~~
mschuster91
> Even if there were some form of telemetry in Linux

At least for Debian, at install time it does ask you if you want to
participate in the "popularity contest" apt telemetry. But, on the other hand,
it's opt-in with the "no" option preselected.

