Windows 10: Windows 10 and telemetry: Time for a simple network analysis

Read more: Windows 10 and telemetry: Time for a simple network analysis | ZDNet

:)

 

Accessing Windows 10 Telemetry Data for your Organisation

Hi,

The Organisation/Business that we work for are interested in obtaining a glimpse of what applications are in use around the school and as such the Windows 10 Telemetry data/statistics would be a great help with that regard.

However a simple search of the internet is about disabling Telemetry Data Collection and not accessing it for your particular site/business

If I could be directed at an article detailing how, or at the very least the way in which to gain access then that would be greatly appreciated.

New Era IT.

 

Can't see my home WiFi

Nice. I find it all comes down to what one is comfortable sharing over telemetry. Although, the telemetry can be encrypted and anonymous, I still feel it needs to be the user's choice whether to share this data or not. It should be built into Windows
10 Professional as well as just Enterprise having the ability to turn off telemetry. It could be that Microsoft suggests one to have at least basic telemetry sent but with Windows 10 Professional you should have the ability to turn it off as well. This should
not only be offered in Windows 10 Enterprise. I like Microsoft Security Essentials as well as other programs that I will not mention here to help to safeguard my networks. I even use the "Basic" Telemetry Setting on Microsoft Windows Security Essentials
because I feel comfortable with that level of sharing and even more so because the program allows me to turn off any sending of data on mal-ware to Microsoft. I think this ability should be allowed in Microsoft Windows 10 Professional as well as just Enterprise.
The Home User Edition can send the telemetry since it is the cheapest version of Windows and so you cannot expect as many features from that version.

 

Some people in the comment section of the article still don't believe it, this is a freelance journalist.

 

It's amazing what you can glean from "yes" or "no" answers if you ask the right questions *Wink

 

Out of my league.
Don't have the foggiest what I was reading.
Should I take the article's words for it ?
Namely ...............Microsoft is doing just what it says: taking the data it needs to improve PC applications and services.

 

This one paragraph shows exactly why all articles I've seen so far regarding what data is being sent to Microsoft (both for and against) are entirely baseless.

Using the fact Windows is making outbound connections as a reason to suggest something nefarious is going on is total bunk, as making outbound connections is not proof of any wrong doing. On the other hand, using file size as a reason to suggest that there's nothing to worry about is equally total bunk, as text data is small in size. In addition the author also doesn't know the criteria for when data is actually sent.

The only way to do it properly is to set up network traffic capture to capture everything over an extended period of time and then filter the traffic to show particular parts of the traffic that are of interest. However, the part everyone keeps ignoring is that the network traffic needs to be decrypted so that the person doing the analysis is able see exactly what's being sent and received in the clear. Only then will they know for sure what they are looking at.

If they are just capturing encrypted traffic, it is a pure guess what that data could be and so a completely useless exercise. So, instead of rushing to publish articles, they first need to man-in-the-middle the encrypted network traffic so that the parts of the capture that are encrypted (which will be everything of any importance going to Microsoft's servers) can all be seen in plain text. There would obviously be nothing preventing Microsoft from encrypting the data separately and then transmitting it also over an encrypted connection, however that bridge can't be crossed until the first bridge is crossed of decrypting and reading all that data being transmitted over the secure connections.

 

Agreed and adding one more thing...

The limited time frame did not take into account the data transfers that may take place during booting up or shutting down the OS. One could easily say that during the boot up/shut down process there might be a larger data transfer that's not visible for Wireshark. If that's true, then the subsequent data transfers are just updates to the initial, large data transfer. That could be one of the possible explanation for the relatively small data transfers to MS, captured by Wireshark, during the limited time frame.

Capturing start up/shut down data transfers can easily be done. Run Windows 10 in VMware and capture its network connections with Wireshark, active on the host OS.

The results in the article would have more credibility, if it accounted for all network communication by the OS.

 

By this paragraph "You're also able to see the contents of any data delivered to a server, though in the case of Microsoft's Windows 10 telemetry this is encrypted using TLS v1.2, and so there's no way of actually seeing the content of a telemetry packet. However, as the average packet size is just over 3KB, it's clear that when you take into account the encryption overhead very little data is being sent to Microsoft" I feel people are over-reacting and surely there isn't actually a great deal of information being sent.

 

Average is just that, average. Depending on the number of actual packets, the average packet size can be misleading. You could have one large and lots of small packets, could be subsequent updates to the large packet, that still give you average pocket size of 3KBs. The article did not provide the capture file and as such, it's hard to say...