There is no reason an operating system needs to phone home telemetry data in order to function. The sole purpose for this capability is so the operating system can report back statistics about computer use, operator habits, and other things which they can then analyze and/or provide to other parties to help them develop or improve their products. Unix, Linux, Solaris, OpenVMS, and a multitude of others don’t phone home, so there is no reason Windows 10 needs to either.
Good news is, you can block the telemetry data from phoning home to the Microsoft mother-ship, but you must use an external device. You cannot achieve this by enabling the privacy settings within Windows 10, modifying the registry, deleting tasks in the task scheduler (although this does work until the next patch), using the internal Windows Defender Firewall or modifying the hosts file. You do block it by using an external DNS blocker.
Why? Because each time Windows updates, it will re-create the scheduled tasks and revert the registry settings. Moreover, people have proven some of the telemetry data still reports back to Microsoft even when they blocked the phone-home IP addresses in Windows Defender and modified the hosts file, probably because the host can simply bypass both prior to sending the data. Microsoft can do whatever they want at the application layer, or the IP addresses are whitelisted behind the scenes.
I think it would be wise to assume you cannot modify Windows 10 so Windows 10 can’t report back home.
Again, you must use an external device and block the data after it has left the Windows 10 host, and your typical Netgear, Linksys, ASUS or Best Buy NAT router won’t work. I won’t lie. It’ll take a bit of work and not everyone will be able to do it. But if you’re up for the challenge, it’s completely worth it. About 99% of all home users will have a setup that’ll look like this, which will protect all devices on your local area network (LAN). This includes all WiFi devices, Windows 10 computers, etc.
Internet --> Modem --> WAN/firewall/LAN --> Switch/Wireless AP --> All Devices
I highly recommend using a firewall product called pfSense with the pfBlockerNG package. It’s a totally free opensource firewall and DNS resolver solution. Go onto craigslist and buy an old computer, and I mean it can be really old. I installed pfSense on a computer I bought for $50 that has 10GB of DDR3 and a 2.4Ghz Core2 Duo CPU. It does need to have two NICs though, so make sure you can add another. I’m not going to write up how to install pfSense, because many others have already done that (see below). It literally takes 10 minutes to install and get it up and running.
Once complete, log into the GUI and install the pfBlockerNG package. It’s under the Package Manager menu item and takes about 15 seconds. Watch the below video on configuring pfBlockerNG. As of right now, this is the best solution I know about to block not only Windows 10 telemetry reporting, but a lot of other stuff too.
Enter the following DNS entries into the DNSBL tab. Some people have been using the IP addresses. This is a bad idea. IP address will and do change. In fact, Microsoft regularly changes their Windows Update IP addresses for security purposes, and I suspect they do the same for the telemetry gathering. It’s much harder for them to change DNS names, and so they rarely do.
This does not break windows update. I have confirmed on all my Windows 10 workstations that it still works. I just received the latest monthly patches without issue. What’s interesting is, I performed a packet capture while initiating a Windows Update and noticed a couple things. First, it looks like a Windows Update also initiates a telemetry sync, and even though I block the telemetry, the update still works. Second, the Windows Update IP addresses change with each sync. It appears they do a sort of round-robin usage. Not really relevant to the problem, but interesting. One sync I was grabbing from IPs in the Redmond, WA and the next I was grabbing IP’s in Singapore.
Anyhow, while you’re at it, you might want to also block Trend Micro. All those ASUS NAT routers have teamed up with Trend Micro and phone home every website you visit (and other stuff too). In fact, they have a EULA that you must acknowledge before you can enable QoS, Filtering, or Parental Controls within their products. I still have my wireless access-point in bridge mode with all those features turned off, and it’s still phoning home “something”.
… and if you have a Samsung TV connected to the internet and use those features, you’ll want to block these DNS entries as well. Mine is connected to WiFi, but I don’t use any of the SmartTV apps, and I totally block all outbound traffic for all protocols/ports from its static IP at the firewall (nothing gets out).
Below is a screenshot from half a day’s worth of traffic collection on my LAN. I blocked 1,225 packets destined for the mother-ship, which could have equaled 1.8 MB of data (1,225 x 1,500 MTU roughly equals 1.8 MB). I also block advertiser tracking (Piehole), ads, and several countries outright … not on the WAN side, but on the LAN side. There is no silver bullet solution to privacy (except totally disconnect, but that’s not logical in today’s world), but better privacy comes in layers and the more layers you have, the better.
It’s a crazy world we live in. Every device is phoning home because telemetry and user habits can be sold for big money to advertisers. Apps on your smartphones sell your personal data as well, but this solution blocks all devices as long as they are connected to the LAN (once you leave the LAN, you’re totally unprotected).
I cannot stress or even begin to tell you how much of your information is being collected, sold, and shared with other companies. Many of whom are not using it for good purposes. They know what time you use your computer, what websites you visit, your location, what you type on the computer or phone, what you click on, what you buy, what you search … and they are listening in on you as well. I know my wife’s iPhone is, because on numerous occasions we were talking about buying something and a relevant ad showed up in her Facebook feed. No more Facebook for me (deleted my account). I’m done with that crap.
Ok, I’m done rambling.