Disabling Windows 10 Telemetry

7

Holder – the full text was blocked, I’m trying to post this a bit at a time to find the culprit…

Disable Windows 10 Telemetary

Background

The German BSI (Federal Department for Information and IT Security) made a study of the telemetry data system for Windows 10.

https://www.bsi.bund.de/DE/Themen/Cyber-Sicherheit/Empfehlungen/SiSyPHuS_Win10/SiSyPHuS_node.html (German language)

The project (SiSyPHuS Win10), named after the King of Ephyra (or Corinth)*, set about to investigate what telemetry data was being sent back to Microsoft by Windows 10 and how you can disable it, as required by law (in fact, in Germany it must be opt-in). The information must also be transparent (i.e. the user must be able to see what is being sent and, if it isn’t in plain language, it must be fully documented.

The aim of the study was to see if Windows 10 habit of blabbering back to HQ could be silenced, and to find out exactly what information was being sent.

Comments (7)

7 responses to “Disabling Windows 10 Telemetry”

  1. wright_is

    TL;DR

    TL;DR – disable the service “DiagTrack”. It will be restarted after updates, so needs to be regularly checked. You can do this from the command line with sc stop “diagtrack” and sc config “diatrack” start=disabled. This needs to be run as Administrator. It would also be possible to set up a script to be run daily, for example, to make sure it is disabled. It is also possible to do this over the “Services” Control Panel applet, the translation from German for the service name is “User experience and telemetry in connected mode”, the exact name in English may vary.

    The German magazine c’t also tested this in December and claim that it does work.

    Detail

    Using the onboard settings in the control panel, you can choose between Simple and Complete modes and corporate users also have the option of “secure” mode (again translated from German). Interestingly the difference between Simple and Complete isn’t very big:

    •   Secure uses 4 data providers (services that provide telemetry information)

    •   Simple uses 410 data providers

    •   Complete uses 422 data providers

    As can be seen, even “simple” uses a lot of data providers to get telemetry information from within Windows 10.

    Even “secure” mode is still blabbing back to base, so not that secure. This mode can be set using Group Policy on Windows 10 Enterprise and Education installations. This option, however, stops Windows looking at Windows Update to get updates as well, so Windows 10 will only follow this rule if it is set in conjunction with using either WSUS or SCCM to provide updates.

    For those on 1803 or later, you can download the Diagnostic Data Viewer from the Windows Store and use it to view the information that is being sent. You also need to turn on the Show Diagnostic Data setting in the control panel, under Diagnostics and Feedback. This will use up to 1GB of disk space to hold a copy of diagnostic data.

    The BSI tried turning off DiagTrack and all communication stopped. Microsoft claims, that turning off this information will affect updates. But both the BSI and c’t tests show that this is not true. Test PCs with DiagTrack disabled were offered the same monthly patches and feature updates as PCs that had it enabled.

    What it does do, obviously, is restrict the information Microsoft has available to track problems with individual (allegedly anonymized) installation. So any problems a PC has, where DiagTrack is disabled will not be able to report any crashes or other instabilities that it has. But that is the users decision.

    The information flow was monitored before, during and after running test PCs with DiagTrack disabled, using Wireshark and they noted that the information flow stopped when DiagTrack was disabled and started up again afterwards, but it did not cache the information during the time it was disabled – so only fresh information was sent to Microsoft after it was re-enabled.

    The BSI also recommends deactivating Autologger Listener, but this is not necessary, according to c’t, because the information is not getting sent anyway. The registry key to disable is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener, setting the value to 0 disables it.

    Alternatives

    Alternatively you can edit the hosts file and set the names of Microsoft’s telemetry servers to 0.0.0.0 (unroutable) or add them to your firewall. But this isn’t guaranteed, as Microsoft can easily keep adding more and more of these domains, so the list will need to be controlled regularly.

    I use https://someonewhocares.org/hosts/ which is a list of common tracking and advertising websites, it blocks them all in the hosts file (hosts has priority over DNS, so they never get resolved).

    For the paranoid, I also add https://github.com/jmdugan/blocklists/blob/master/corporations/facebook/all into the hosts file, which blocks around 1500 known Facebook domains.

    Warning: Using these lists can lead to some websites accusing you of using an adblocker, even if you don’t, because the tracking sites behind many ad companies are blocked from collecting information.


    Anyway, I hope this helps some of you. I certainly found the BSI report interesting, if a little hard going at times.

    Note to Paul: If you find this interesting enough, feel free to use it as the basis of an article for the site.


    * King Sysyphis or Sisyphos was punished by being forced to roll an immense boulder up a hill only for it to roll down when it nears the top, repeating this action for all eternity. This leads to the German term “Sisyphusarbeit”, meaning a never-ending task.

  2. wright_is


    Grrr. turns out it didn't like a Windows directory name in the Alternatives section of the text.

    Anyway, please leave comments on the full post below.

  3. lvthunder

    Or just unplug the computer from the internet. It will stop that and the thousands of other ways your data escapes. Just worrying about Windows 10 without worrying about every other piece of software you install or people trying to attack your system is just foolish.

  4. Tony Barrett

    Very interesting. Still, after nearly 4 years, MS have never been fully transparent about what they collect, and still make all settings opt-out rather than opt-in. That alone tells me MS want your data, and not just for troubleshooting! Let's be clear, Win10 is a data collection tool for MS, and a conduit to their cloud services. They inject recommended apps and ads direct into your OS and are obviously monetizing you, the user, based on the data they collect. MS don't want to give you the option to turn all that off. Making available an app or website to see what's collected is one thing to appease those who don't like it, but to give you the option to turn off all data collection entirely is absolutely not an option MS want to provide.

Leave a Reply