Sticking to the facts with Windows 10 privacy debate

Tools

While it is probably fair to say that Microsoft's opaque data collection in Windows 10 will not be winning any popularity contests any time soon, an almost surreal report on Forbes earlier this week suggested that the telemetry issue is actually much worse than previously believed due to how Windows 10 is "phoning home" thousands of time a day.

"The raw numbers presented come out as follows: over an eight-hour period Windows 10 tried to send data back to 51 different Microsoft IP addresses over 5,500 times," wrote contributor Gordon Kelly. "After 30 hours of use, Windows 10 expanded that data reporting to 113 non-private IP addresses."

The report was based on an online post by a user who claimed to have conducted extensive tests with a fresh install of Windows 10 Enterprise on a virtual machine. "[The IP addresses] being non-private means there is the potential for hackers to intercept this data," Kelly further noted.

The original post on a Reddit-clone was already deleted when FierceCIO attempted to look at it, though we managed to track down an archived copy here.

Unfortunately, the premise for the conclusion is completed flawed due to how the experiment was conducted – even if one were to disregard the lack of a baseline system such as Windows 8.1 or Windows 7 for comparison. You see, the original poster had configured his Internet router to drop all connection attempts from Windows after logging them, which is a sure way to cause most networked systems to keep trying.

In addition, a closer examination of the actual connection attempts reveal that at least half of them could be discounted outright. Based on our calculations, around 25 percent of them are harmless DNS and NETBIOS data packets, while a full 30 percent are to port 3544, which is known to be used for Microsoft's Customer Experience program that users have observed as far back as 2011 on Windows 7.

Writing in response to the Forbes report on Thursday, Ed Bott on ZDNet was much less patient as he ridiculed the lack of technical knowledge, offering a near point-by-point rebuttal with a breakdown outlining how thousands of the connections could be attributed to services such as Windows Updates, Windows Defender updates, Windows Store for apps, and other innocuous services.

Of course, calling out an erroneous report does not mean that Windows 10 is suddenly a paragon of virtue on the privacy front. However, it does mean that CIOs must make the effort to read beyond the headlines because even tech reporters can and do make mistakes.

For more:
- check out this article at ZDNet

Related Articles:
Microsoft releases Windows 10 enterprise-ready 'November' update
Microsoft adds a new track to Windows 10 beta program
Now we get to see how Microsoft does at continuous delivery for Windows