iam xSungazer Premium Member join:2005-02-23
3 recommendations |
iam x
Premium Member
2015-Aug-9 12:22 am
Stop Windows 10 From Spying On You? 36 DNS Addresses to host file.Original article link: » init.sh/?p=236"While doing so, I was capturing all the traffic going into and out of the virtual network interface. Some interesting things showed. During the first run, I simply picked out the DNS queries which were being requested during this process. Heres what showed up: dns.msftncsi.com ipv6.msftncsi.com win10.ipv6.microsoft.com ipv6.msftncsi.com.edgesuite.net a978.i6g1.akamai.net win10.ipv6.microsoft.com.nsatc.net en-us.appex-rf.msn.com v10.vortex-win.data.microsoft.com client.wns.windows.com wildcard.appex-rf.msn.com.edgesuite.net v10.vortex-win.data.metron.life.com.nsatc.net wns.notify.windows.com.akadns.net americas2.notify.windows.com.akadns.net travel.tile.appex.bing.com www.bing.com any.edge.bing.com fe3.delivery.mp.microsoft.com fe3.delivery.dsp.mp.microsoft.com.nsatc.net ssw.live.com ssw.live.com.nsatc.net login.live.com login.live.com.nsatc.net directory.services.live.com directory.services.live.com.akadns.net bl3302.storage.live.com skyapi.live.net bl3302geo.storage.dkyprod.akadns.net skyapi.skyprod.akadns.net skydrive.wns.windows.com register.mesh.com BN1WNS2011508.wns.windows.com settings-win.data.microsoft.com settings.data.glbdns2.microsoft.com OneSettings-bn2.metron.live.com.nsatc.net watson.telemetry.microsoft.com watson.telemetry.microsoft.com.nsatc.net" So, if someone does block all these DNS queries, will it break their PC? |
|
1 edit
2 recommendations |
MeDuZa
Member
2015-Aug-9 5:27 am
said by iam x:So, if someone does block all these DNS queries, will it break their PC? Edit: deleted Redirecting to 0.0.0.0 is better (faster) than redirecting to 127.0.0.1. Edit: deleted Best thing IMHO would be to put Windows 10 altogether to your HOSTS file. Edit: By rereading my post I realise that it is total unrelated to the topic and incorrect on top. I don't know were my mind was at the time of posting. |
|
CartelIntel inside Your sensitive data outside Premium Member join:2006-09-13 Chilliwack, BC
3 recommendations |
to iam x
# [Block M$] 127.0.0.1 dns.msftncsi.com 127.0.0.1 ipv6.msftncsi.com 127.0.0.1 win10.ipv6.microsoft.com 127.0.0.1 ipv6.msftncsi.com.edgesuite.net 127.0.0.1 a978.i6g1.akamai.net 127.0.0.1 win10.ipv6.microsoft.com.nsatc.net 127.0.0.1 en-us.appex-rf.msn.com 127.0.0.1 v10.vortex-win.data.microsoft.com 127.0.0.1 client.wns.windows.com 127.0.0.1 wildcard.appex-rf.msn.com.edgesuite.net 127.0.0.1 v10.vortex-win.data.metron.life.com.nsatc.net 127.0.0.1 wns.notify.windows.com.akadns.net 127.0.0.1 americas2.notify.windows.com.akadns.net 127.0.0.1 travel.tile.appex.bing.com 127.0.0.1 any.edge.bing.com 127.0.0.1 fe3.delivery.mp.microsoft.com 127.0.0.1 fe3.delivery.dsp.mp.microsoft.com.nsatc.net 127.0.0.1 ssw.live.com 127.0.0.1 ssw.live.com.nsatc.net 127.0.0.1 login.live.com.nsatc.net 127.0.0.1 directory.services.live.com 127.0.0.1 directory.services.live.com.akadns.net 127.0.0.1 bl3302.storage.live.com 127.0.0.1 skyapi.live.net 127.0.0.1 bl3302geo.storage.dkyprod.akadns.net 127.0.0.1 skyapi.skyprod.akadns.net 127.0.0.1 skydrive.wns.windows.com 127.0.0.1 register.mesh.com 127.0.0.1 BN1WNS2011508.wns.windows.com 127.0.0.1 settings-win.data.microsoft.com 127.0.0.1 settings.data.glbdns2.microsoft.com 127.0.0.1 OneSettings-bn2.metron.live.com.nsatc.net 127.0.0.1 watson.telemetry.microsoft.com 127.0.0.1 watson.telemetry.microsoft.com.nsatc.net # [End Block M$]
Bing and Live mail compatibility keep these 2 out.
www.bing.com login.live.com |
|
2 recommendations |
to iam x
Some of them, like the akamai addresses, could constantly change. |
|
3 recommendations |
I agree, don't block anything Akamai because I find it breaks stuff that you actually want. |
|
OZO Premium Member join:2003-01-17
4 recommendations |
OZO to Cartel
Premium Member
2015-Aug-9 2:59 pm
to Cartel
I remember time when m$ has started bypassing hosts file for name resolutions of some its own domain names. Here is the list of hardcoded hosts in WXP: www.msdn.com msdn.com www.msn.com msn.com go.microsoft.com msdn.microsoft.com office.microsoft.com microsoftupdate.microsoft.com wustats.microsoft.com support.microsoft.com www.microsoft.com microsoft.com update.microsoft.com download.microsoft.com microsoftupdate.com windowsupdate.com windowsupdate.microsoft.com
You can't block above names with hosts file. They all were hardcoded in this DLL: %WINDIR%\system32\dnsapi.dllIs it still the case with those new spaying services now too? |
|
CartelIntel inside Your sensitive data outside Premium Member join:2006-09-13 Chilliwack, BC 1 edit
1 recommendation |
to iam x
said by iam x:Original article link: »init.sh/?p=236 "While doing so, I was capturing all the traffic going into and out of the virtual network interface. Some interesting things showed.
During the first run, I simply picked out the DNS queries which were being requested during this process.
Heres what showed up:
dns.msftncsi.com ipv6.msftncsi.com win10.ipv6.microsoft.com ipv6.msftncsi.com.edgesuite.net a978.i6g1.akamai.net win10.ipv6.microsoft.com.nsatc.net en-us.appex-rf.msn.com v10.vortex-win.data.microsoft.com client.wns.windows.com wildcard.appex-rf.msn.com.edgesuite.net v10.vortex-win.data.metron.life.com.nsatc.net wns.notify.windows.com.akadns.net americas2.notify.windows.com.akadns.net travel.tile.appex.bing.com www.bing.com any.edge.bing.com fe3.delivery.mp.microsoft.com fe3.delivery.dsp.mp.microsoft.com.nsatc.net ssw.live.com ssw.live.com.nsatc.net login.live.com login.live.com.nsatc.net directory.services.live.com directory.services.live.com.akadns.net bl3302.storage.live.com skyapi.live.net bl3302geo.storage.dkyprod.akadns.net skyapi.skyprod.akadns.net skydrive.wns.windows.com register.mesh.com BN1WNS2011508.wns.windows.com settings-win.data.microsoft.com settings.data.glbdns2.microsoft.com OneSettings-bn2.metron.live.com.nsatc.net watson.telemetry.microsoft.com watson.telemetry.microsoft.com.nsatc.net"
So, if someone does block all these DNS queries, will it break their PC? Good point. Block them in your router "Website Filtering Rules" Or reroute the IP's to invalid hosts. route ADD destination MASK mask INVALID INVALID INVALID said by OZO:I remember time when m$ has started bypassing hosts file for name resolutions of some its own domain names. Here is the list of hardcoded hosts in WXP:
www.msdn.com msdn.com www.msn.com msn.com go.microsoft.com msdn.microsoft.com office.microsoft.com microsoftupdate.microsoft.com wustats.microsoft.com support.microsoft.com www.microsoft.com microsoft.com update.microsoft.com download.microsoft.com microsoftupdate.com windowsupdate.com windowsupdate.microsoft.com
You can't block above names with hosts file. They all were hardcoded in this DLL: %WINDIR%\system32\dnsapi.dllIs it still the case with those new spaying services now too? » Microsoft DNS resolver sabotaged hosts-file lookup? |
|
iam xSungazer Premium Member join:2005-02-23 |
iam x to OZO
Premium Member
2015-Aug-10 1:47 am
to OZO
I didnt know that OZO , thats fascinating. So there is no way to block those addresses being contacted by the OS when connected to the internet? (other than modify the hosts file which as you say wouldnt work anyway) |
|
CartelIntel inside Your sensitive data outside Premium Member join:2006-09-13 Chilliwack, BC 4 edits
1 recommendation |
to iam x
moar hosts :hmm: # [Block M$]
# [Block M$]
127.0.0.1 dns.msftncsi.com
127.0.0.1 ipv6.msftncsi.com
127.0.0.1 win10.ipv6.microsoft.com
127.0.0.1 ipv6.msftncsi.com.edgesuite.net
127.0.0.1 a978.i6g1.akamai.net
127.0.0.1 win10.ipv6.microsoft.com.nsatc.net
127.0.0.1 en-us.appex-rf.msn.com
127.0.0.1 v10.vortex-win.data.microsoft.com
127.0.0.1 client.wns.windows.com
127.0.0.1 wildcard.appex-rf.msn.com.edgesuite.net
127.0.0.1 v10.vortex-win.data.metron.life.com.nsatc.net
127.0.0.1 wns.notify.windows.com.akadns.net
127.0.0.1 americas2.notify.windows.com.akadns.net
127.0.0.1 travel.tile.appex.bing.com
127.0.0.1 any.edge.bing.com
127.0.0.1 fe3.delivery.mp.microsoft.com
127.0.0.1 fe3.delivery.dsp.mp.microsoft.com.nsatc.net
127.0.0.1 ssw.live.com
127.0.0.1 ssw.live.com.nsatc.net
127.0.0.1 login.live.com.nsatc.net
127.0.0.1 directory.services.live.com
127.0.0.1 directory.services.live.com.akadns.net
127.0.0.1 bl3302.storage.live.com
127.0.0.1 skyapi.live.net
127.0.0.1 bl3302geo.storage.dkyprod.akadns.net
127.0.0.1 skyapi.skyprod.akadns.net
127.0.0.1 skydrive.wns.windows.com
127.0.0.1 register.mesh.com
127.0.0.1 BN1WNS2011508.wns.windows.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 settings.data.glbdns2.microsoft.com
127.0.0.1 OneSettings-bn2.metron.live.com.nsatc.net
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 vortex.data.microsoft.com
127.0.0.1 vortex-win.data.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 telemetry.microsoft.com
127.0.0.1 watson.ppe.telemetry.microsoft.com
127.0.0.1 telemetry.appex.bing.net
127.0.0.1 telemetry.urs.microsoft.com
127.0.0.1 telemetry.appex.bing.net:443
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 vortex-sandbox.data.microsoft.com
127.0.0.1 survey.watson.microsoft.com
127.0.0.1 watson.live.com
127.0.0.1 watson.microsoft.com
127.0.0.1 statsfe2.ws.microsoft.com
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 cs1.wpc.v0cdn.net
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 statsfe2.update.microsoft.com.akadns.net
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 fe2.update.microsoft.com.akadns.net
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 corp.sts.microsoft.com
127.0.0.1 statsfe1.ws.microsoft.com
127.0.0.1 pre.footprintpredict.com
127.0.0.1 i1.services.social.microsoft.com
127.0.0.1 i1.services.social.microsoft.com.nsatc.net
127.0.0.1 feedback.windows.com
127.0.0.1 feedback.microsoft-hohm.com
127.0.0.1 feedback.search.microsoft.com
127.0.0.1 preview.msn.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ads.msn.com
127.0.0.1 ads1.msads.net
127.0.0.1 a.ads1.msn.com
127.0.0.1 a.ads2.msn.com
127.0.0.1 adnexus.net
127.0.0.1 adnxs.com
127.0.0.1 az361816.vo.msecnd.net
127.0.0.1 az512334.vo.msecnd.net
# [End Block M$]
Not sure if adding these will help or not.... 127.0.0.1 NS1.MSFT.NET 127.0.0.1 NS2.MSFT.NET 127.0.0.1 NS3.MSFT.NET 127.0.0.1 NS4.MSFT.NET 127.0.0.1 NS5.MSFT.NET |
|
OZO Premium Member join:2003-01-17
1 recommendation |
OZO to iam x
Premium Member
2015-Aug-10 3:13 pm
to iam x
said by iam x:I didnt know that OZO , thats fascinating. So there is no way to block those addresses being contacted by the OS when connected to the internet? (other than modify the hosts file which as you say wouldnt work anyway) In case if OS prevents you from blocking some specific hosts, there is the only way to deal with it - use another (a third party) device. E.g. if your router has firewall (many do), you may block those connections with your router. BTW, it's just yet another example why one should be a bit more skeptical at suggestions to simply set "not-spy-me" options in Windows 10. That may not help. If m$ wants to track you now, they have all cards in their hands to do so. In this case you'll need a third party device (router), or return back and use an older version of Windows OS, or replace the Windows 10 entirely with something more trustworthy (Linux, Mac, etc)... |
|
|
to iam x
Does anyone know what "Vortex" does? I'm seeing this thing connecting in Windows 8.1. According to Online Armor firewall it connects to Singapore. This is one of the IP it uses 111.221.29.254 port 443. |
|
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
1 recommendation |
Ironic name, perhaps? A whirlpool is an example of a vortex. They tend to suck everything up; like your personally identifying bits. |
|
|
maffle
Member
2015-Aug-11 12:13 pm
Could someone please post a list (easy to copy out too), which wont block normal services like mail, weather, skype, and onedrive. I used the list posted by Cartel, and now Onedrive isnt working anymore. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
I guess I am confused. Do you want to minimize your loss of privacy? Or do you like the convenience of OneDrive? Maybe there is another, less invasive cloud storage service than OneDrive; but MSFT is going to track and sell if you use their service. Period.
FWIW, I am trying to ensure that OneDrive, OneNote, and Cortana are reigned in on my system. I am not confident that I can break those things, but I am trying.
But, if you chose Windows 10 for the convenience of the cloud services, you should not be trying to block MSFT in your hosts file. |
|
|
to NormanS
said by NormanS:Ironic name, perhaps? A whirlpool is an example of a vortex. They tend to suck everything up; like your personally identifying bits. When I saw the name Vortex I was thinking the same thing. It sounds like a project code name used by a 3 lettered agency. |
|
EGeezer Premium Member join:2002-08-04 Midwest
2 recommendations |
to balloonshark
It's part of Microsoft's diagnostic tracking; This update introduces the Diagnostics and Telemetry tracking service to existing devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights. The 'benefits' aren't clearly specified ... See » support.microsoft.com/en ··· /3068708Here's the lookup for the IP address; inetnum: 111.221.29.0 - 111.221.29.255 netname: Microsoft descr: Microsoft descr: Microsoft Corp, Singapore country: SG admin-c: MP234-AP tech-c: SC1001-AP status: ALLOCATED PORTABLE I've gotten to the point where I have to read the KB articles on every optional update, since they're putting more data gathering patches on WIN 8.1. Until Windows 10 gets better feedback, especially on the default sharing configurations, I think I'll pass on it and 'optional' updates that have to do with 'future versions/features of Windows'. I long for the days when Windows was an operating system as opposed to a data gathering, information sharing, network sharing P2P marketing tool. IOS may be no better, but at least user feedback tells me it's more stable. |
|
Ian1 Premium Member join:2002-06-18 ON
3 recommendations |
Ian1 to iam x
Premium Member
2015-Aug-11 3:56 pm
to iam x
I am not sure quite what to make of these lists and utilities to stop Windows 10 from working as intended (as spyware). I think if the spying bothers you, there needs to be a very large motivating reason to install it in the first place. Playing whack-a-mole with DNS and hosts files and services for the next few years sounds annoying at best. Every new update runs the risk of "fixing" your settings. My 2 cents anyway. |
|
|
to balloonshark
It's not even what you see it's what you don't - games saving data to cloud hosts (crashlogs with full memory dumps), applications completely ignoring system resolvers (your host file overrides) for certain assets.
Abusing CDN's like Akamai since you can't really block them without affecting other things. Lack of network transparency.
Forcing SSL validation, thus preventing inspection. One one hand it should be more secure, on the other it also means they can hide behind SSL.
The list is long, the tactics are not new is just no one was dumb enough to do it publicly let alone make a profit off it.
The average person pretty much cannot get away from cloud services be it Google or Microsoft without what in any other context would be considered state sponsored level of censorship. Kind of ironic.
Something I've long since done is given up blocking specific hosts or addresses - it's an arms race we joke about other three letter agencies doing. They know it doesn't work but can say they are doing something.
The answer for now is to block companies outright that refuse even the most basic privacy. For me this is done on several levels from firewall to dns. At the moment that list is 71 domains (4 of which are Mozilla properties) and ~30 networks that are null routed entirely. Even that kids, is only a start.
So you can block those networks from Windows 10 all you want, it won't really gain you much if at the end of the day you install it anyway. |
|
1 recommendation |
to EGeezer
Thanks for your reply EGeezer. Your information answered a question bugging me for a couple of months. I saw both the vortex and settings svchost.exes connecting to Singapore and they both were mentioned in the link you kindly provided.
I wonder if the info goes to Singapore to skirt US laws? At any rate I'm going to either uninstall the update or pay more attention to what program I have running when it connects out. I have auto updates disabled, I don't use apps and I normally go through settings or options on anything I install to disable updates and any data collecting.
I also long for a simple OS that does what I tell it to and nothing else. I guess I'm going to switch teams in the future. |
|
EGeezer Premium Member join:2002-08-04 Midwest
2 recommendations |
EGeezer
Premium Member
2015-Aug-11 4:57 pm
I can't speak to the reason for the Singapore data issue, but I do agree that you could uninstall the patch as long as you still have the uninstall files on your system.
I have a significant concern when defaults set to share in home and professional versions of Windows. I have customers with sensitive data and now we have to worry about spending hours or days plugging unneeded holes and shutting off unneeded services to protect business data, only to have a patch or update install automatically and/or switch them back on again.
I'm hoping that after all is said and done, there will be some user-friendly consideration, default settings and tools for people who prefer - or are legally obligated to - secure against sharing their networks, system storage and information. |
|
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
to iam x
break no stop updates yes if you block the wrong one. Same for live and bing. |
|
|
maffle
Member
2015-Aug-11 6:38 pm
Because Windows 10 is the best, fastest most supported (non real-time) OS out today, that's reason enough to use it. It's one total different thing to be spied on though which you cannot deactivate. And it's again a totally different thing to use OneDrive. So could now please tell someone which of those dns entries are for OneDrive? Thank you |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned)
Member
2015-Aug-11 7:44 pm
I would say leage anything live.com such as login skyapi etc. Onedrive aka skydrive or livedrive is part of wihdows live (live.com).if in doubt try entering the url in to your browser. |
|
|
maffle
Member
2015-Aug-12 10:39 am
So every dns with live in its name? Also skyapi.live.net?
ssw.live.com ssw.live.com.nsatc.net login.live.com.nsatc.net directory.services.live.com directory.services.live.com.akadns.net bl3302.storage.live.com skyapi.live.net OneSettings-bn2.metron.live.com.nsatc.net watson.live.com
? I dont want to activate more than I have to. |
|
1 recommendation |
Fire up TCPView from MS/Sysinternals and watch what connections spawn when launching & using OneDrive. That should give you the exact servers you need. |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
to maffle
disable 1 or 2 at a time till it wont work then simply re enable. Any with lonin or log on will be related to one of the live services. |
|
bennor Premium Member join:2006-07-22 New Haven, CT |
to maffle
said by maffle:Could someone please post a list (easy to copy out too), which wont block normal services like mail, weather, skype, and onedrive. I used the list posted by Cartel, and now Onedrive isnt working anymore. Hopefully someone (has anyone?) somewhere will compile one full list (and keep it updated) and break that list down a into groups so one can selectively block them in their host file if they want to keep certain features like OneDrive available. I've seen several different sets of IP lists posted to various websites. Often there is overlap between each of the lists. |
|
Tursiops_GTechnoid MVM join:2002-02-06 Brooksville, FL |
A "Top 10" or "Top 15" list would be nice, as many Routers have a limited number of slots for web-blocking via URL... |
|
gnome84 join:2014-04-12 Saint Paul, MN 1 edit |
to iam x
If I'm not mistaken windows 7 did not do this on boot up it makes a a number of udp connections to the primary DNS to allow for windows updates to occur. There certainly wasn't this many DNS lookups.
Perhaps something like Sphinx firewall control can show the initiating process however if something like msdll is requesting the DNS queries it might as well be a virus
Many of those connections look Skype related however I was under the impression that Skype did not rely on DNS perhaps 10 changed this |
|
19579823 (banned)An Awesome Dude join:2003-08-04
2 recommendations |
to MeDuZa
said by MeDuZa : Redirecting to 0.0.0.0 is better (faster) than redirecting to 127.0.0.1.
Indeed it is!!!!! I have been directing to 0 for years... |
|