Analyst reveals that Windows 10 is amassing huge amount of user data despite of user disabling the three tracking options

We all know that Windows 10 spies on users. We had reported spying issues associated with Windows 10 even as Microsoft had released the Windows 10 Technical Preview Version in August, 2014. After almost a year after when Windows 10 Final Build was released, Microsoft confirmed that Windows 10 spied on users in November 2015. It had added at that time that even it cant stop Windows 10’s telemetry program used for spying on users.

However, till this week the extent of Windows 10’s nefarious spying activities were not known. So a Voat user CheesusCrust decided to research the amount of data that Windows 10 reports back to the Redmond based servers.

CheesusCrust’s published his research on Voat under the title of Windows 10 telemetry network traffic analysis, part 1.

According to his research, he found that Windows 10 sends data back to Microsoft servers thousands of times per day. The surprising thing about his research is that he found that it was spying on him even after choosing a custom Windows 10 installation and disabling the all three pages of tracking options which are all enabled by default.

Here is the list of things ChessusCrust used for this analysis

  1. I have installed DD-WRT on a router connected to the internet and configured remote logging to the Linux Mint laptop in #2.
  2. I have installed Linux Mint on a laptop, and setup rsyslog to accept remote logging from the DD-WRT router.
  3. I have installed Virtualbox on the Linux Mint laptop, and installed Windows 10 EnterprisePNG on Virtualbox. I have chosen the customized installation option where I disabled three pages of tracking options.
  4. I have configured the DD-WRT router to drop and log all connection attempts via iptables through the DD-WRT router by Windows 10 Enterprise.
  5. Aside from installing Windows 10 Enterprise, and verifying the internet connection through ipconfig and ping, I have not used the Windows 10 installation at all (the basis for the first part of this analysis)
  6. Let Windows 10 Enterprise run overnight for about 8 hours (while I slept).
  7. I use perl to parse the data out of syslog files and insert said data into a Mysql database.
  8. I use perl to obtain route data from, as well as nslookup PTR data, and insert that into the Mysql database.
  9. Lastly, I query and format the data for analyzing.

Here is what he found. In an eight hour period Windows 10 tried to send data back to 51 different Microsoft IP addresses over 5500 times. After 30 hours of use, Windows 10 sent his user data to a whopping 113 IP addresses which he has listed in the thread.

CheesusCrust has more surprises for us. He then repeated his test on another Windows 10 clean installation with all data tracking options disabled. Only this time he installed a third party tool called DisableWinTracking (available on GitHub), which is supposed to stop Windows 10 spying attempts including the hidden ones.

On this DisableWinTracking installed PC, CheesusCrust found that at the end of the 30 hour period Windows 10 had still managed report back his data to Redmond based servers a whopping 2758 times to 30 different IP addresses.

This means that even after disabling the telemetry options offered by Microsoft and installing anti spying software available in the market, Windows 10 goes on it’s merry ways of tracking user data. It would also seem that the ‘disable telemetry options’ provided by Microsoft after a huge outcry against Windows 10 spying, are actually doing nothing and only a showpiece installed to pacify the users.

CheesusCrust has plenty more surprises in store for Windows 10 users when he will publish part 2 of his analysis.