Windows 10 generates a ton of network traffic even with maximum privacy settings

It phones home a lot more than E.T. and in many, many ways.

By now you know all the complaints about Windows 10 spying. I was a contributor to the rancor myself for a while. With the advent of tools like GWX Control Panel, it's fairly easy to address those concerns.

However, even with all of the telemetry and nosy features turned off, a seemingly idle Windows 10 box generates a great deal of network traffic as it tries to call the mothership at Redmond.

As an experiment, a member of the Reddit clone named CheesusCrust installed Windows 10 Enterprise edition inside a VirtualBox instance and set it to log all network traffic. Windows 10 Enterprise is supposed to be the most secure version of the OS with protections from outside intrusion.

In addition to the VirtualBox, CheesusCrust also had a modified router to monitor traffic. He disabled every single one of the tracking and telemetry features in the operating system and went to bed. Eight hours later, an idle Windows 10 box had attempted 3,967 connections to 51 different IP addresses, with most of these IP addresses belonging to Microsoft.

The queries were all over the map, and some of them you have to expect, like checks to Windows Update, Cortana, 443 for HTTPS port 80 for HTTP. Many of the IP addresses are unknown. And there is the question of whether or not this kind of activity would take place without the sandbox.

It could be that Windows 10 was trying over and over again because it could not reach the mothership, and an unsandboxed system would report much less activity. At least one person pointed this out in the Slashdot comments section on the story.

I asked Microsoft for comment and they referenced a September 2015 blog from Terry Myerson, who leads the Windows team, where he addressed the growing concerns over spying:

"We collect a limited amount of information to help us provide a secure and reliable experience. This includes data like an anonymous device ID, device type, and application crash data which Microsoft and our developer partners use to continuously improve application reliability. This doesn't include any of your content or files, and we take several steps to avoid collecting any information that directly identifies you, such as your name, email address or account ID."

It doesn't address the new issue, but I kind of expected that. Microsoft will want a few days to look over the test results before saying anything, if it bothers. It hasn't been terribly pressed to combat the fear around Windows 10. Then again, maybe it doesn't have to be. In spite of all the noise around Windows 10's snooping, most users don't care and like the OS.

So it has that going for it. Which is nice.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT