Windows 10 Phones Home to 50+ Microsoft IP Addresses

John Lister's picture

Windows 10 "phones home" thousands of times each day even with the most restrictive privacy settings, according to a newly published article. While the precise figures are in question, it highlights ongoing concerns about Microsoft monitoring.

The experiment was carried out by a message board poster using the somewhat unlikely name of CheesesCrust. He decided to find out exactly what happens if Windows 10 is run with all tracking supposedly disabled. (Source: voat.co)

To do this, he used a virtual machine tool on a laptop to simulate installing Windows on a completely new machine. He then installed the enterprise edition of Windows 10 (which should have the highest security and thus least monitoring) and intentionally switched off every option in three pages of tracking controls just before users are allowed into the desktop.

5,000 Connections In 8 Hours

The examiner then left the computer unattended, with no third-party-software running, and used a logging tool on his router to see what happened. It turned out that in the first eight hours, the computer tried to send data over the Internet 5,508 times. Of these, 3,697 could be directly connected to one of 51 different addresses known to be operated by Microsoft.

Even more surprising: the experiment was repeated for 30 more hours, this time using third-party blocking software specifically designed to stop Windows 10 tracking. The computer still made 2,758 transmissions to 30 Microsoft addresses.

Tech experts have warned that it's dangerous to rely on the numbers as indicated by the user's experiment. One point in dispute is that the tester had configured his router to cut off every connection after it had been made and logged. That could have caused the computer to keep trying to regain contact, bumping up the total number of connections considerably. (Source: networkworld.com)

Auto-Updates Could Be One Factor

Other writers have noted that the tester only tweaked privacy settings when presented with tracking control options during the set-up. This means he likely missed several tracking options which can only be changed through various settings menus once Windows 10 is up and running.

It's also possible that Windows 10 was attempting to update itself and that Microsoft has set the system to collect updates from a range of addresses to spread demand on its servers.

The results are by no means conclusive. However, the test does highlight the fact that Windows 10 communicates data to Microsoft on a large scale and that the company continues to struggle to reassure users that this communication is always both useful and necessary.

What's Your Opinion?

Have reports of Windows 10 monitoring put you off upgrading? Should the system have an even clear list of settings and controls so that users can choose exactly what data they share with Microsoft? Would you trust such a list if it was available?

Rate this article: 
Average: 4 (5 votes)

Comments

Dennis Faas's picture

If the experimenter really wanted to compare apples to apples (sort of), he should have run the same test on Windows 7 Enterprise and Windows 8 Enterprise and count how many IP addresses and connections are made, and then average that out. As far as Windows 10 is concerned, the number of IP addresses and connection attempts would have likely grown as Microsoft's infrastructure has grown (especially with Azure / Cloud technology) - so the sheer number of IPs and connections really doesn't mean much.

If I had to guess why so many connections were attempted, I'd say it had to do with updates because it's the first thing Windows checks for once it is installed. New operating systems usually have plenty of bugs; as such, fixes are released shortly afterward. If Windows can't connect to one IP address, it would try another, and so on. Since Windows 10 is new, it has access to all the latest Microsoft IP infrastructure, so more IP addresses were tried.

Syscob Support's picture

Exactly how can you believe that the search.msn.com domain could be related to Windows Update? That is a MARKETING connection! And what could you expect to learn from "run the same test on Windows 7 Enterprise and Windows 8 Enterprise" beyond the fact that Microsoft has used its virtual monopoly to rule the PC roost in an unfair, anti-competitive manner? It was a sorry day when Americans elected Bush and allowed that dollar dominated regime to suppress the breakup of Microsoft after their monopoly conviction.

Dennis Faas's picture

How do you know that search.msn.com isn't connected to some sort of update mechanism for Cortana which is enabled by default and which is part of Windows 10? Only Microsoft knows the answer to that one. And yes, the Windows 10 Start Menu does contain news and information from Bing when you click it - which is also enabled by default - and which also gets updated even if you're not using the system. There's no spy trickery here. At any rate, all of that can be disabled and blocked easily enough.

sirpaultoo's picture

I would imagine a lot would depend if one installed the enhanced telemetry updates to Win7 and Win8.1 - and had reporting turned on or off.

What I do on my computer is none of Microsoft's business unless 'I decide' to share. I'd gladly pay for Win10 if it came with an option to share, or not (like previous versions). But not knowing what/when/where/how much is being sent is just too much to pay for a 'system' to operate 'my' computer (or phone).

As far as the lame excuse of 'a better Windows experience', feedback from WinXP, Vista, and Win7 gave us Win8 - and we all know how well that 'better Windows experience' worked out.

ferretsgold's picture

You can't block the connections if you want a true test. Let it make the connections and count those. But only after all updates are completed. This should give a better count of the true number of "phone homes."

Dennis Faas's picture

The IPs were blocked and recorded, then resolved later. This is easy enough to do and wouldn't affect the test. For example, he could have recorded IP transmissions in the host operating system as the guest attempted to make the transmissions.