This has been discussed since Windows 10 was released. Microsoft invested for their new operating system a lot of effort in functions collecting usage and telemetry data of the user. In this way, very huge quantities of data are transferred at the start already, but particularly at the shut-down, to different servers at Microsoft and third-party. Microsoft explains that they want to get to know the user behavior in order to be able to improve the usability of the entire system.
Since the millennium change, we are supporting companies in the installation and operation of big operation system environments. From Windows 2000 over Windows Vista (see Video Heidelberger Druckmaschinen on YouTube), and Windows 7 to Windows 8 and Windows 10, we are intensely concerned with the respective frame conditions to be able to advise and assist our clients at the best.
Therefore we have made a few examinations to take a closer look at the telemetry aspect of Windows 10: Which data are transferred, when and where to?
In order to be able to read the Windows 10 data traffic, we have chosen an analysis approach similar to a so-called "Man-in-the-Middle" attack: The attacker or rather the reader is in this case between two network participants and can see and read all information as he likes it. Both parties are made to believe that the reader is the respective communication partner.
A short glance at the data stream already unveils interesting results. We first took a look at the traffic Windows 10 generates at the start, the opening of the start menu, the plug-in of USB devices and the click on the Windows Explorer.
Video URL: http://ino.ag/oh2