Many of us somehow knew, of course: Microsoft has seemingly been going down that road for a while, starting small with Windows Vista, laying new groundwork with Windows 7 and 8 with more “live services” apps, doing it in plain sight with Windows 10 but turning this up to 11 with, well, Windows 11. It’s been a recurring topic of discussion in the cybersecurity and digital privacy circles for more than 15 years and it is now a proven fact: the company is using its operating systems as a tool for gathering unknown, unidentified data and transmitting it to third parties over the Internet.
This is not what Microsoft calls “telemetry data”, i.e. Windows usage information that’s sent to the company’s own servers in order to identify problems and fix them. No. This is network activity that has nothing to do with telemetry, as demonstrated in a recent video posted on the popular PC Security Channel on YouTube by Rohit Satpathy, a.k.a. Leo, a well-known cybersecurity expert based in England. What’s more, Satpathy has already made waves with this video, titled “Has Windows become Spyware?”, because it proves that Windows is doing this without letting consumers know, so without their consent… just as certain types of malware do.
What are all those servers doing with a totally unused new PC?
There have been reports published by security researchers in the past, of course, pointing out the simple fact that the Windows operating system has been “phoning home” (i.e. communicating with unknown servers across the Internet and exchanging data with them on a regular basis) more and more since the advent of Windows Vista. But Rohit Satpathy’s video illustrates in a clear, accessible way how Windows 11 is letting a lot of remote servers, of many different types, access a consumer’s PC without said consumer having requested any information needing those servers.
By using Wireshark — a free, publicly available utility designed to analyze network traffic in real time and provide detailed information about it — Satpathy tracked down a great number of servers a Windows 11 computer is in communication with and tried to identify them. The tool put together an extremely long list, broadly belonging to the following five categories:
- Servers running certification and authentication services, which is to be expected
- Servers running geolocation services, something that consumers have not yet agreed to (more on that in a moment)
- Servers running Microsoft-owned services such as Bing, MSN, Windows Update and Smartscreen
- Servers running popular third-party services, belonging to e.g. Google or Steam
- Servers running God knows what, belonging to largely unknown entities such as TrustedSource.org or ScoreCardResearch.com
For the last two there are strong indications that the PC in question was relaying data having to do with “Internet resources reputation scoring” (TrustedSource.org belongs to McAfee) and marketing or advertising (“ScorecardResearch is part of a leading global market research effort that studies and reports on Internet trends and behavior”) respectively.
It’s worth pointing out that Satpathy used Wireshark on a laptop based on a clean Windows 11 installation that had not been used at all: no settings altered, no Web searches performed, no other extra programs installed, nothing. It was in the same state e.g. a new laptop would be when its owner fired it up for the first time. So the exchange of data between TrustedSource.org or ScoreCardResearch.com and that PC was initiated by Windows 11 themselves, not by Satpathy or anyone else.
It’s also worth noting that what Satpathy is showing in this video is the network traffic Wireshark was able to track after Windows 11 have completed their installation and the system’s desktop is usable. We never get to see, in other words, what’s happening during installation, updating and boot-up, three procedures during which Windows 11 may be contacting any number of other servers not shown in this video. To capture that network traffic too — in real time, before it is completed and possibly encrypted afterwards — would require a second PC, a network switch and some software tinkering (but should be interesting nonetheless).
Driving the point home, Satpathy run the same Wireshark tool, in the exact same way, on a PC based on Windows XP. What he found out was this: the older operating system was not contacting any other server but the ones Microsoft had set up for Windows updates. No other server. None. The cybersecurity expert naturally acknowledged that Windows XP and Windows 11 are very different beasts, but it goes to show that Windows 11 does not actually need to grant so many servers access to a consumer PC just to keep it updated and safe.
Which leads to the obvious question: why on Earth does a Windows 11-based PC need to be accessed by so many servers in the first place?
Where does this leave the notion of privacy on Windows?
The video published by Rohit Satpathy is extremely important in some respects but less important in others, depending on one’s point of view. For some people, everything shown in it confirms what they already suspected: that Windows collects way, way more data than it actually needs and it is sharing them with third parties without consumers’ prior knowledge or permission. A lot of people, on the other hand, will just shrug at that thought, not really caring about all this. It’s not OK, but it’s fine: different people value their privacy and their personal information differently and there’s nothing to be done about that.
For many others, though, this will be an eye-opener: as far as the illusion of Windows privacy is concerned, the cat is truly out of the bag. Until Microsoft decides to come clean with the kind of data it actually collects and what it does with it — which yours truly is almost certain the company will never do — it’s fair to assume that there is no such thing as privacy in Windows 11 (or even Windows 10 by the look of things). It is that simple.
This video might not change how a lot of people think about Microsoft’s operating system in terms of privacy, but it does change things for Microsoft. The company has some explaining to do about Windows “calling home” such little-known and cryptic entities as TrustedSource and ScoreCardResearch. What kind of data do these companies receive from our PCs? What are they doing with it? With whom do they share that data? Where is that data stored and how is it processed? Is it sold to anyone and everyone interested in buying it? Under whose authority? With whose permission? Certainly not with consumers’ permission, since they are never informed about this information being collected in the first place!
It’s now going to be extremely hard to believe any Microsoft spokesperson trying to convince people — or any reporter trying to do the same — that (a) Windows telemetry data is the only type of information this OS is collecting, that (b) it only does so “in order to improve the product” or that (c) all of that information is actually anonymous. It’s also obvious that the laughable “options” Microsoft is giving consumers through Windows Privacy Settings are there just for show. Even utilities specifically developed to prevent Windows from gathering user data do not seem able to block everything this OS is sending out.
What are privacy-conscious Windows users to do, then?
In any case, it’s now clear that consumers who value their privacy and their personal data cannot use Windows 10 or Windows 11 anymore without concerning themselves with what information their own computers are sending over the Internet. What required complicated research papers and technical analysis to understand in the past, is now illustrated in publicly available, easy-to-understand form. Yours truly suspects that privacy-wise things are probably much worse than what this video is letting on, but it’s still proof that Windows has not been a privacy-protecting, consumer-respecting operating system for a long time now.
The good news is that, in 2023 terms, it’s not hard to avoid using Windows for anything related to personal data. Everyday stuff like e-mail, social networks and everything else Web-based is perfectly doable for free with any modern Linux distribution these days, as is simple productivity stuff like documents, spreadsheets or photo editing. Data gathering is obviously happening there, too, but it’s not done by the operating system itself (website tracking and online privacy are different cans of worms). Windows are now only necessary for gaming on PCs or for certain creative applications not available on Linux — so one can either maintain a second system just for these use cases or configure the same system to dual-boot between Windows and Linux as needed. It’s not ideal, but privacy-conscious people are not tied to Windows by any means nowadays.
Then there’s always the Mac option, of course, which would be a great subject for The PC Security Channel’s next video. Apple fancies itself as the champion of user privacy, sure, but how much data does macOS actually gather and what does it do with it? Hey, just noticed that there’s a version of Wireshark for macOS ARM too, Leo!