This post originally reported that a firewall can’t be used to block the Windows connections that bypass the hosts file. There appears to be confusion on this point as to whether the ranges can be blocked on Windows 10 or not and conflicting reports on how the Windows Firewall treats such rules. We discussed the situation with Ars Technica’s Peter Bright, who has confirmed that these new connections can be blocked. Reports that they can’t be may have been confused or related to different OS settings.
Every time Microsoft releases a new version of an operating system, there’s always a few users bitterly unhappy at the company’s decision not to support new features on older products. Microsoft has finally listened to these die-hard devotees of older operating systems. If you felt like Windows 7 and Windows 8 offered you a little too much privacy, rejoice: Microsoft is updating those operating systems with the same telemetry gathering software it deployed on Windows 10.
What? You wanted DirectX 12?
Ghacks.net has discovered four KB updates for Windows 7 and 8, each of which is described as an “Update for customer experience and diagnostic telemetry.” Each is detailed below:
KB 3068708: This update introduces the Diagnostics and Telemetry tracking service to existing devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights.
KB 3068708 is listed as collecting diagnostics about functional issues on systems that take part in the Customer Experience Improvement Program. Determining whether or not you are a member of the CEIP, however, is less than obvious. The KB also notes that “Most programs make CEIP options available on the Help menu, although for some products, you might have to check settings, options, or preferences menus.” This is a recommended Windows update.
KB 3022345: This update has been superseded by KB 3068708, but previously provided the same telemetry-tracking services. It’s not clear how the two updates differ, but if you want to remove all traces of telemetry tracking, you’ll want to remove this update as well.
KB 3075249: This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels. What this appears to mean is that MS wants more information about the kinds of applications that trigger UAC in the first place, presumably because it wants to know what they do and why they need that access. This update is classified as Optional.
KB 3080149: This update is described in identical language to the first two. “This package updates the Diagnostics and Telemetry tracking service to existing devices. This service provides benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights.” It is provided as an Optional update, even though the first was classified a “Recommended” update.
Hard-coded phoning home
One of the assumptions made by various privacy advocates and journalists, including me, is that third-party utilities would be able to shut down the tracking Microsoft deployed in Windows 10. To some degree, that’s already happened, but there are certain new “features” of Windows 10 that can’t be blocked by any OS-level tweaks, including the hosts file. The updates listed above connect to vortex-win.data.microsoft.com and settings-win.data.microsoft.com. These addresses are hard-coded to bypass the hosts file and cannot be prevented from connecting. It’s been reported that software firewalls aren’t sufficient to block them, though this is unclear. (See update above).
The only way to block some of these connections is if your router has a firewall you can configure and if that firewall allows you to block HTTPS connections instead of simply passing them through. Some users have reported that they can block these connections, but plenty of other devices can’t, at least not completely. It’s still possible to reduce the amount of information flowing to Microsoft, but disabling it completely seems to be impossible unless you build a software router or replace your current hardware with a dedicated box.
Windows 7’s GPEdit.msc contains a setting that allows users to disable all application telemetry, and another setting that can shut off user participation in the Consumer Experience Improvement Program. Whether these options continue to function after the latest patches isn’t known. Users who do not wish to send Microsoft their own telemetry should uninstall the updates and tell Windows Update to hide them from now on.