Windows 10's "upgrade" prompt has officially adopted malware-like tactics

In before the flood of "but your Mac and Linux systems do exactly the same thing! I know it!" comments.

 

This is why, in addition to removing telemetry-related updates and telemetry-related services, I also tell the Windows firewall to block outgoing traffic to all of Microsoft's telemetry-related IP addresses. This is superior to null-routing in the hosts file because a number of the telemetry points use hard-coded IP addresses.

 

Can you guide me how to do that bro?

 

Winaero.com has a better guide to it than I could manage (since I cribbed theirs):
http://winaero.com/blog/stop-windows-10-spying-on-you-using-just-windows-firewall/

 

rep added to you and this has been added to the Windows 10 Fixes and Tweaks thread

 

You should do that on the router. The OS itself can override whatever it wants to without you knowing.

Obviously the IPs can change without notice as well.

 

The Windows firewalls are part of the network stack. Bypassing the firewall would require telemetry to have it's own network stack capable of running in parallel with the system stack. While this is possible it is also very, very obvious.

 

They can easily update the main network stack to either have a hard-coded override or respond to a special flag/pattern from the telemetry services. This is certainly easy to detect if you try, but to be honest the amount of 3rd party effort and information of Windows 10 telemetry analysis currently available to the public is way lower than where it should be. If MS starts to override it tomorrow, it will take a while before someone tells you about it.

The incentive to do this, beside stopping users from disabling the telemetry, could come from defense against other malware or handling bad network connection as well. After all, they have already decided it's a good idea to use hard-coded IPs instead of a proper domain name system.

 

Again, this would be very obvious, and we would have seen it exploited by now. Neither of these are the case.

What's out there and available to the general public is all there is -- and there's actually quite a lot of it. Literally everything that Windows telemetry services are capable of doing is thoroughly documented and the actual code as released to customers has been independently verified on numerous occasions to comply with all of that documentation.