Wednesday, 8 February 2023

Windows 11 Collects an Awful Lot of Telemetry About Your PC

Over the past few years, privacy has become a hot-button topic–and it’s only accelerating, with all the recent news about Google, Meta, and even Apple allegedly gathering information on users surreptitiously. On the operating system front, Windows 10 was already seen as a somewhat invasive OS compared with its predecessors. Now that Windows 11 is gaining traction, people are examining it more closely. One security researcher has gone to the trouble of studying what kind of requests it sends on a clean installation and compared it with Windows XP from 2001. The difference in telemetry requests over this 22-year period is striking.

A YouTube channel called The PC Security Channel set up Wireshark on clean installs of both OSes. Wireshark is a free network protocol analyzer that shows communication across a network. This allowed it to see what external servers were being contacted by the OS immediately after the first boot. On a clean installation of Windows 11, the list is quite long, and that’s putting it mildly. The test was performed on a new Windows 11 laptop booted for the first time with nothing installed. The traffic in Wireshark was filtered by DNS to examine requests to external servers.

The first requests are innocuous: images from Microsoft and an Akamai server. The host continues scrolling, though, and the requests become more troubling. There was what looks like a geolocation server for Microsoft, something about Google, and then the appearance of third-party servers. For example, it pings a site listed as trustedsource.org. We can’t get that one to resolve, but it’s apparently owned by McAfee. This is on a clean install of Windows 11, in case it needs repeating.

The next one is labeled Scorecardresearch.com, which is listed as an internet trends research company. In the video, it’s blocked by default by uBlock Origin as an ad-tracking site. The company’s website is laughably bereft of content. However, it notes it helps companies understand what their customers like via “visitation patterns” that include web tags and cookies. These are odd sites to visit when no web search or internet activity has occurred, as TechSpot notes.

From there, we see listings for MSN.com and Bing.com, even though nobody has gone to either of those sites. Another suspicious entry is privacyportal.onetrust.com, which is a broken page. Onetrust.com appears to be privacy management software. Overall, it certainly seems like there’s a decent amount of queries being sent to third parties. That’s opposed to, say, Windows Update or Microsoft services and sites for updates and security.

In contrast, Wireshark was also run on a brand-new installation of Windows XP. The web was much different in late 2001 when the OS launched. However, the difference in external requests is drastic. When filtered by DNS requests, the XP machine contacted just one site: Windows Update. It contacts the site to check for updates and to download them, and that’s it. What a glorious time we were living in.

Obviously, the OSes being compared here are vastly different in capabilities. In modern times Windows wants to provide you with a “customized” experience by giving you local weather reports and news. Also, Microsoft has expanded the list of “required” services in Windows 11. It lists them on this page and notes that knowing your location is crucial because it helps you locate a lost device.

Windows 11’s privacy controls give you a modicum of options to reduce telemetry capture.

To be fair to Microsoft, it does give you the option of disabling some of this telemetry data. However, as the link above shows, much of it is now required to function in order to keep the OS secure. Microsoft also differentiates between required diagnostics and required data. Under the latter, there’s a breakdown of “essential services” and “connected experiences.” Both send data to Microsoft, depending on the scenario.

It would be interesting to see this test redone with these settings changed or compared with Windows 10 or macOS Ventura. It would be handy to get some clarification on the exact sites Windows contacts, but we’re not sure Microsoft would ever make that public. However, there is reason to believe that may be revealed someday. After all, Microsoft eventually clarified what Windows 10 was collecting two years after it launched.

Now read:



No comments:

Post a Comment