A Traffic Analysis of Windows 10
All text typed on the keyboard is stored in temporary files, and sent (once per 30 mins) to:
Telemetry is sent once per 5 minutes, to:
typing the name of any popular movie into your local file search starts a telemetry process that indexes all media files on your computer and transmits them to:
When a webcam is first enabled, ~35mb of data gets immediately transmitted to:
Everything that is said into an enabled microphone is immediately transmitted to:
If this weren’t bad enough, this behaviour still occurs after Cortana is fully disabled/uninstalled. It’s speculated that the purpose of this function to build up a massive voice database, then tie those voices to identities, and eventually be able to identify anyone simply by picking up their voice, whether it be a microphone in a public place or a wiretap on a payphone.
Interestingly, if Cortana is enabled, the voice is first transcribed to text, then the transcription is sent to:
While the inital reflex may be to block all of the above servers via HOSTS, it turns out this won’t work: Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being transmitted.