Hacker News new | past | comments | ask | show | jobs | submit login

One possible solution is to block access to Microsoft IP ranges on your firewall:

    $ whois -h whois.radb.net '!AS8075'

    $ pfctl -t drophosts -T add <results>
Or on Linux:

    $ for range in <results> ; do sudo iptables -A INPUT -s $range -j DROP ; done
Of course this will break a lot of Windows native system functionality, perhaps even Azure hosting, but this may not be an issue for someone just wishing to game in peace and privacy, unmolested by Microsoft telemetry.

Using an unpatched OS isn’t the best advice I can think of in this day and age.

That's very true.

As in my nearby comment, I only allow network access on VMs that don't contain any sensitive data. Once I've fully updated, I create clones to actually work on, and disable the Internet uplink entirely. When it's time to update again, I start with a virgin clone. And then transfer data to it, after disabling the Internet uplink.

I wonder if the Windows Firewall is trustworthy enough? So if it just has allow rules for non MS third party programs for both inbound AND outbound connections, would that block all the telemetry?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact