Microsoft has published details of the data Windows 10 exfiltrates from users as part of its General Data Protection Regulation (GDPR) compliance.
The details provide insight into the various endpoints the operating system connects with, and forms part of a 438-page GDPR compliance document (PDF).
The document “lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later” and offers ways in which users can manage or block the various connections that Windows 10 routinely makes in the background.
However, Dani Halfin, one of the developers at Microsoft behind the work admitted that “the list isn’t exhaustive”, but added that “it does give a good overview for services being reached on an idle device”.
Nevertheless, the output show that, for example, Explorer connects to a Microsoft weather service for the OneNote Live Tile. The remedy, for people who don’t want this is either to uninstall OneNote or to disable the Microsoft Store.
Intriguingly, perhaps, Explorer also connects to various Facebook domains, out of the box, for different Facebook updates, although the Facebook app can be uninstalled to prevent this. Candy Crush, which is also bundled with Windows 10 as standard, is also quite chatty. Again, this can be uninstalled or users can disable the Microsoft Store.
Some connections, though, can’t be blocked, or switched off with uninstalls, such as the Automatic Root Certificates Update component that checks on the list of trusted authorities on Windows Update to see whether an update is available. Likewise, Device Authentication.
Contrary to Windows 10 settings, though, which only restricts the sending of Feedback and Diagnostic data to ‘basic’, the article suggests that it is possible to switch this feature off entirely.
Windows Update, meanwhile, is probably the most data hungry of the Windows 10 components, with multiple different endpoint connections to deliver updates.
For users wishing to test the results themselves, Microsoft also published its methodology:
– Set up the latest version of Windows 10 on a test virtual machine using the default settings;
– Leave the devices running idle for a week (user is not interacting with the system/device);
– Use globally accepted network protocol analyser/capturing tools and log all background egress traffic;
– Compile reports on traffic going to public IP addresses.
The test virtual machine, according to Microsoft, was logged-in using a local account and was not joined to a domain or Azure Active Directory.