Skip to main content

No, Windows 10 is not 'spying' on your PC thousands of times a day

Windows 10 users who might be in a state of panic after reading an alarmist report claiming the OS is "spying" on PCs with thousands of data transfers a day can rest easy. The report was based on comments from a so-called security expert's comments that have since been deleted.

The report from Forbes, which we aren't linking to here because it's just so wrong, was based on comments made by a user on the Voat website, who used the handle "CheesusCrust". As pointed out by Ed Bott at ZDNet, there's no indication that the author of the Forbes article contacted "CheesusCrust" to try to verify his security credentials.

Before his post was deleted, "CheesusCrust" stated he installed Windows 10 Enterprise edition in a virtual machine. Then he "configured the DD-WRT router to drop and log all connection attempts via iptables through the DD-WRT router by Windows 10 Enterprise." As Bott states:

"Mr. Crust says his intent was to "analyse the network traffic of Windows 10 on a clean install." If there are any readers with networking experience in the audience, they might see the flaw in his methodology. If your software needs to connect to an outside resource to perform a specific task, and the connection drops unexpectedly, you will not get any traffic to analyze. Even worse, when the software detects an unsuccessful connection it will try to connect again. And again and again and again.""So what might have been a single, short data exchange could instead turn into multiple connection attempts."

You can read Bott's full report for all the details. He dissects and ultimately dismisses "Mr. Crust's" analysis of the Windows 10 data. It also shows how poor reporting like this can blow something benign and boring way out of proportion.

Source: ZDNet

96 Comments
  • What i think the people that believe in that click bait articles believe when read that "experts" talking: "hey people, don't use windows 10, it's spying all the pirate programs you have installed, and the porn you watch"
  • Ditto. People are generally sensationally excitable, at least somewhat narcissistic and have a huge sense of self-importance... to a high enough degree that they actually believe people care about "spying" on them. I see this every day that a client comes in with tape over their laptop/tablet/phone camera and want so badly to tell them no one cares about watching their boring life. ...so then it comes as no surprise when it becomes colloquially common for people to believe there's some monster conglomerate that's cares that they're watching porn or whatever. Tin. Foil. Cap. (As a side note: I just recently lost a crap-ton of respect for Barnacules Nerdgasm over this exact debacle)
  • Ahaha, well said!
  • The government doesn't exactly care about the average joe. MS has more important things to do than log info from your computer all day long. Many people don't seem to get it. Their loss.
  • well the truth is, it's worth for microsoft to log this ****. then it can show you "personalized" ads, "streamlined" windows store, or other **** i don't give a **** about.
  • "spying" as in massively collecting data for some fucktard "services" like "personalized" ads? no thanks. I prefer MY data to stay on MY computer.
  • RTFA
  • Yep! Seriously, you have to be that important person worthy for extensive spying for whatever more important purpose. Spying do cost alot too.
    Also Windows have option to turn off several service if you wish to reduce your internet footprint, so does other OS. Even Google give you options to turn off some things and even erase your history that are recently collected. (of course it will be collected again)
    On Windows, generally the data collected are telemetry data which can be a dumb numbers how many times you click the Start button. Which are anonymous because why do we even need your personal info just to know how well you use an OS feature. Some other things like diagnostic reports, crash reports, error reports (which pretty sure are alot these days because of how buggy Windows 10 sometimes, especially W10M), and other collections used for future OS improvements. This is even not new anymore, we've got this collection for a very long time.
    Ads are minimal for Microsoft since they ads are not their big source of revenue. They mainly serve as personalization like on Windows Store to give you recommendation based on your Windows Store searches, views and maybe even installed Universal Apps. Microsoft already get money from when you buy and from developer cuts. Cortana can be turn off but if you use it, of course it has to track something just to give you personalized service and to make certain feature work. Like how can Cortana know what's the weather in your location if you don't share location or how can Cortana track deliveries if it doesn't even read emails containing it. Of course every Cortana feature are optional or don't use Cortana at all. Cortana and all other digital assistant is still dependent on cloud to work, we still don't have a technology to make it work with our puny little computers to crunch data locally, let alone AI.
  • Everyone is narcisssistic, you, me, everyone that's on this planet. Whether or not it's malignant (out of control) vs. beneign / benevolent remains to be seen. On another note: The only thing I have a problem with is that damn Cortana, irritating feature it is. It will take me quite awhile to get used to the new changes that Microsoft is pushing to the stack. I'm a function over fashion type of person, I prefer the old Windows 2000 (a rehash of the Windows 95) interface. I've installed the "Free Classic Shell" and that works great for my purposes.  In the past I've done a fair amount of driver and application programming on the NT, Linux and BSD based systems but have stopped working on Microsoft because my clients no longer use it. I hear so much paranoia from people on the free and open source software about how Microsoft is doing this or that, when they don't provide any proof of it, just click-bait articles. Open or closed source kernels (distros if on Linux that wrap around the kernel) and operating system have the exact same level of security as each other. The real test of security is who is using what, how their using it and how well they understand security, let alone the applications and libraries on their own computer. I've seen some people on Linux distros do some really stupid things.  In short, your computer is only as safe as you want it to be. People will load and execute items without looking at the implications, of the stability of the computer nor the safety of their data is. People seem to think that if they use the Linux distros that they're safe. They're not! So many people believe in this fallacy and I think I know why. They believe they're more intelligent and know more than they really do. I've been working in and on the Linux kernel (and distros), BSD and Micrsoft Windows professionally since 1993. I've seen so many pro / con arguments for all these different system. The vast majority of Linux distro users aren't programmers; don't look at the source code, wouldn't understand it to begin with and never compile, link and install it binaries directly to the system (outside a package manager). It's those tin foil hat wearing idiots are what drives the system into the ground or up into the cloud (no pun intended). These idiots are the biggest market share. Problem is; there will never be an idiot-proof operating system that allows them what they call or think is freedom but all the while protecting itself from the user trying to erase a system file is that absolutely necessary for the operation of the system itself.
  • Or they're worried MS is viewing banking information and generally collecting the words you type, in a Big Brother scenario.
  • yeah yeah before Snowden everybody was like: My computer, my files, my nude pictures, my videos etc. but that wasnt true in 2013 and it isnt true in 2016 deal with it    
  • Honestly if your machine is connected to the internet it was never true lol =p
  • They can spy on you though, they have the capabilities. If you can access it, so can anyone else. I used a program the other day that logged every gps signal running in a specific area. Data can be recorded whether you like it or not.
  • GPS is a passive receive only technology. Your GPS enabled device does not (and can not) send a signal back to the satellites in orbit. Maybe you ment GSM, but most important data would be encrypted in transport so detecting transmissions and reading the data within them are not same thing.  Anyway, you clearly don't know what you are talking about.
  • Haha clearly you have no idea what you're talking about! Or I guess you're just unaware and ignorant. It's ok, you can't be right all of the time!
  • Well edges private browsing mode is insecure(nothing new for a beta browser)
  • Which was fixed on Tuesday
  • remember, there those who work for Google and CrApple(or gets paid on the side) and do whatever it takes to make MS/Windows look bad. 99% of the BS out there, is fabricated garbage and its NOT TRUE whatsoever about MS/Windows. Its the enemy backstabbing MS, that's all. however, there are so many LOW IQ, and not technology oriented people out there that read these BS article and beleive EVERYTHING BS said about Ms/Windows. its up to use to open these people's eyes and pass on the TRUTH and FACTS.
  • Mr. Crust is obviously a flake.
  • Wait... I thought Mr. Pillsbury said that a flakey crust was the best kind? /s
  • Now every nutjob on Earth is going to believe that idiot.
  • I have personally had to explain to 5 different people why the whole spying part was untrue and that it was no worse than any other OS out there. None of them bought into windows 10 anyway.
  • I've given up on trying. I've had the same issue with a few people, one of whom had printed the article by the expert Mr. Crust to convince people that they're being spied on. "how can you argue, it's on Forbes?" I was asked. Pointing out Ed Bott's article and what it said was fruitless on my part. I've realized that the only way I can have peace is to not engage; like a lot of technical folks, my non technical friends and family ignore my advice, disregard my recommendations as biased and then come to me whenever they face problems. This time I'm letting them be. Mr. Crust found a new level of nonsense to publish
  • This. Seriously, it is so ******* annoying when I repair my family's computers, tell them NOT to install X, then go away for two weeks. Two weeks later I get back, and I see that they installed X, alongside Y and W, and the computer is crashing, and while I tell them what caused it, am the reason behind it, because they read on a shady blog.com or blogspot.com site that X and Y and W work so well together they even wipe your ass after taking a ****. And of course a noname shady website is more reliable than your own ******* son who is an IT expert...
  • How stupid. Some random a-hole claims to shine a spot light on a issue they didn't even diagnose properly and lots of other people panic. What is this world coming too?
  • No one knows about spying!!!
  • Well, James Bond 007 may :)
  • Ed Bott's article was a breath of fresh air amongs all the other idiocy out there from people who don't know a damn thing about technology. I cannot stand that Gordon Kelly jerk. He's spread so many outright lies about Windows 10 that MS probably has a case for libel against him and Forbes.  
  • Regardless of what was in the article Mr Crust should at least receive some credit for his name alone! Nice one!
  • A number of people have called out Gordon Kelly for using ****** data, but he's not too keen on anything that will prove him wrong and as a result he's taken to removing any comments he deems not worthy of his biased POV. Even today, his update on this is still about how W10 makes thousands of connections per hour - probably based on the data that's no longer available. He's really trying hard to own that he forced MS's hand in making changes to its poliies when in fact he's a worthless lump of **** that knows nothing about journalism.
  • I go there to comment, but I refuse to give that site any more clicks.
  • Same with the verge, they banned me because they are complete ******** seeking to destroy Microsoft.
  • Someone is mistaking Microsoft for Google
  • not after virus 10...
  • The truth is out there.
  • I want to believe.
  • Who cares . I've bugger all to hide. Except some porn. If they want to watch well then , just ask.
  • I know, right? In the end people complain so much about "privacy" you'd think they're frikking Julian Assange, the lot of them. Come on, you're using a system that customises itself basing on your information, to YOUR benefit. It's obvious it's going to make some use of your data, but this is an explicit concept. On the other hand, I'm not sure that what Google does is so transparent to eveyrone, and certainly it is more invasive form the get go, and down to every bit of any service they "give you for free".   People are morons.
  • @fdruid. Even cable companies for example use analytics to tailour your adverts.
  • it's not a benefit to me. they should at least let me decide, because i don't give a **** for cortana, or some other "personalized" **** where they magically decide what i like and what i don't (usually wrong). if they want to personalize my stuff, they better let me do it myself.
     
  • You Know you can disable Cortana, right?
  • You actually have to enable it in the first place. Cortana is not enabled by default.
  • John Callaham here, and the guys on WMPU likes to bring up such artickles - something bad about Mirosoft and Windows, crappy writing most of the time.
  • Maybe you would prefer they give you real tickles rather than these ar-tickles? This post cracked me up!
  • People will always be against Windows and Microsoft just because. Then eventually they might learn their reasons are wrong, but this won't always be the case. That's the way ignorance works.
  • Thinking of beginning to sell tinfoil hats...
  • Thanks to internet and adverstising today journalists work for a very little money and the quality is below any standard. Sure there are some worthy people as money isn't the only measure of quality but journalism is broken. Journalists were experts that all people paid to work for them. Now no one pays and those that need a real expertise must invest a lot of time or money.
  • Gordon Kelly isn't a journalist, he's a "contributor".
  • Ugh.  The Snowden syndrome.  Everybody is paranoid simply because mainstream media told them to be.  Guess what folks, you have NO privacy, and this has been the case long before Snowden came around.  If your information is on the internet in any way, you have NO privacy. Furthermore, the government has been spying on its own people for decades!  Get over it.  The only people who need to worry are criminals, and even they don't have to worry as long as current administration is in office.  Microsoft collecting data and information is in no way different than Google doing the same thing...and look at how many people use their products and services.  Furthermore, you can opt out of having your information being transferred to Microsoft, or at least to some degree - nothing is truly absolute *cue X-Files theme song*.
  • So it being done before means is right and a good thing. Well we can only hope that if more people know about this something might happen one day that outlaws this.
  • It's not a matter of right or wrong.  In terms of the government, you'll never get them to stop and there isn't a single government that doesn't collect information on its people.  It's a fact of life.  Do you honestly think the government stopped doing what they were doing when the Snowden story broke...even if they publicy said so? As far as companies go, they give you the option to not have your information sent.  That's all they legally need, especially since Terms of Service agreements are dileberatley worded in a way to have loopholes and loopholes with loopholes. If it is something that turly worries you, don't put information on the internet or in the hands of a 3rd party.  The only person that can protect you is you.
  • that's the point! I don't want my info to be put on the internet! by the way, about google... the thing is, there is no other choice. most people use android. there are two alternatives: ios and windows phone. ios is too restrictive and requires specific hardware (not much choice), and windows phone is a joke when we talk about app availability. so the only usable choice is android, unless someone creates another operating system with a good choice of apps. if people had the choice to have android and something similar without all that google bullshit (but play store or equivalent must work), i'm pretty sure most of the people would choose the other option that doesn't snoop on their private data. the pc situation is different: we have linux, which supports many windows apps using wine virtualization and also has a fair amount of native apps. it's not that easy to use, but if this continues further, i'm going to switch to linux. (and i used to absolutely love microsoft)
  • It's not that bad as long as you go through all the privacy options a few times and watch the auto 10 updates of you are on windows 7 or 8.
  • Depends how you put it, w10 is by far the most "automatic" OS I've seen, it's always recording how you type and indexing files for Cortana and photos to make albums and defender on top trying to see it all, it's a HDD killer in my opinion
  • Then turn Cortana off if don't want that. But the Information for Cortana is stored locally, not on MS servers
  • @EspHack. All that can be turned off and in regards to defender, sounds like your referring to ia real time on access scan. Which pretty much any anti virus software will have; otherwise how would they detect malware? :P.
  • Although it is slightly better than years past, this is an ongoing privacy concern of many.  It is perception.  It would be nice to have a better method of setting peoples minds at ease.  As a developer using Fiddler, I often see traffic from my PC and am curious as to what is being communicated.  In my case, it is Visual Studio checking in with the mother ship I am guessing. Reguardless, it makes Customers feel uneasy.  That said, good vendors should provide a method to make people feel better about the data sharing concept.  Education is important.  Control is important.  I am guessing that the best solution would be to have all communication disabled by default have the the Customer opt-in where necessary.  Opting in is still confusing as it often contains general statements such as "this application wishes to access your location information".  My question is "For what purpose?"  But that is unknown.  So I click cancel. I think this problem is solvable if the vendor focus less on what is their right to do and focus more on doing the right thing.  Trust is important to gain and retain Customers.
  • Bingo. I don't believe stuff like the MS telemetry and all this other data collection is malicious. However, I am still not comfortable or okay with it being collected. I don't want to be part of market research, or advertising, or making the system better, or anything like that. I just want my computer and its internet activity to be another nameless, faceless syetm online as much as possble. What I do on my PC is not me, it's just what I'm doing when I'm sitting at my PC. It should be separate.
  • It won't matter for the trolls and tinfoil hat club members as they will only dismiss the explanation and removal of the post as proof of a cover up. Microsoft gets hit either way, which was probably the plan all along..
  • Well obviously if you write this story, then you are part of the conspiracy and paid off by Microsoft to spread this disinformation and cover up their evil deeds. (Can't believe I need to write this, but yes, that is sarcasm)
  • You actually said it all, and it's true, in my opinion at least.
  • Cue Linux is better comments, but wait didn't Ubuntu install some Amazon scope into their OS :O. Use the system that works for you. I like Windows 10 and have joyfully converted Windows XP users right on over.
  • I want to know where the studies are that show how often Android and iOS devices try to connect to webservers and other Internet locations without the user knowing... I'm guessing its quite often.
  • Or even the beloved Windows 7
  • Whenever I see his articles, I try to beat him up..
  • The person who wrote the article and the people who let it run are to be blamed here ultimately. They should have done their due diligence lol.
  • Spy on me? Why? For what? Isis? Them? Yes! I want them to!
  • Doesn t Microsoft have any lawyer... ? This kind of things cannot happen any more...
  • MAXIMUM DAMAGE CONTROL
  • My comment on this is that I don't see anything on here about disabling sharing windows update to PCs over LAN and internet. I think by default its on.. Well it was when I first installed W10 on official release day.
  • Sponsored by Apple.
  • anyone who doesn't think m$ gathers tons of your information with win 10, deserves exactly what they get. i think win 10 is heads and shoulders above any other of the previous os's, but the fact is that there is tons of spying outlets in this os, and unless you turn all of it off, it is spying on all you do. it's not a conspiracy theory, it is a fact. all you have to do is actually read all of the prompts when you load windows. or even go into settings and read all of those. it states it very clearly. so, either be warned, or ignore it. either way, you live with your choices.
  • Stopped reading at word #5. If you are such a child that you write m$, then you show that anything else that you wrote is a complete and totally useless waste of electrons and my time. Go back to iMore or AndroidCentral where you belong, and leave the adults to discuss.
  • He can't. He left Apple and Google OS's because of how much they were spying on him.
  • Nice! I stopped reading at that word to!!
  • This comment makes me laugh... Spying on me???  "A proven fact!"???? DO you really think anyone cares what's on your computer??? Most people just click on auto settings when setting up Windows 10 (Or any other OS for that matter) becuase they would rather have the system work for them the way it was designed. I really do worry about people that are so concerned about their privacy as it seems like they have something to hide (Something illegal maybe???) Prove to me beyond a shadow of a doubt that any information being collected by MSFT has anything to do with your own PERSONAL data and then you may change my mind... I know you won't be able to because there is no way that MSFT would want the PR nightmare nor would they like to deal with the class action to be brought against them. I'm sure you can show me that they are collecting TELEMTRY eg "Wow, MSFT knows I opened my Photos app 3 times and viewed 67 photos"... SO WHAT!!! I mean really, what the hell does that have to do you with spying on you on a personal level??? I really am waiting for another remarkablely ignorent and misleading comment from you.    
  • It's just a wall of text without any proofs. Normal people won't take you seriously.
  • Are you sure this wasn't first posted as an exclusive on BGR? It's at about the right level of their technical competence.
  • Forbes, BGR, and Motley Fool are all peas in a pod for this kind of crap.  
  • Forbes should be made to publish an apology to MS and explanation of how they got it so wrong with their false article. Its outrageous if they don't and just get away with it. There would be outrage if a big tech site wrote a false derogatory article about apple!!
  • They don't need to. Apple does it all the time. They're called "Press Releases".
  • Obviously they spy. Everyone does it. Who cares anymore Posted via the Windows Central App for Android on my Lumia 950 XL
  • It really depends on what kind of spying you're talking about. And I do agree. Who really cares? Posted via the Windows Central App for Android
  • I feel for Ed Bott, he's constantly having to be the voice of reason dispelling all the FUD so many sites are trying to spread about Windows 10. 
  • What any sane person would do is install BOTH Windows 7 Enterprise AND Windows 10 Enterprise and monitor both. I can guarantee anything that both will have lots of connections.
  • Every time I do a Google news search on Win 10 and I see Gordon Kelly's name, I roll my eyes so hard that I fear spraining my eyeballs.
  • Cheesuscrust? What an awful, illegitimate, cheesy name
  • I may be late to the party but at least for the couple of people who manage to read this comment - there's also another catch in trying to analyze traffic by dropping it - if the software uses some kind of resiliency or redundancy it could try to connect to several IP addresses in a round-robin fashion, say: let's try to connect to server A ... nope, it doesn't reply, let's try server B ... nope, server C ... etc and this way you can get "fantastic" results - software trying to connect to a huge amount of servers! When in fact it's just trying it's best to establish ONE connection (and failing again and again because of a badly devised test).
  • I read that on Forbes, and as soon as they mentioned Voat, I knew it was likely to be wrong.
  • Just once per week, if it feels like it
  • 'spying' may not be the right term; saving all your browser data and selling it to advertizers is what ever you may want to call it....how bout invasive eaves dropping....and as far as W10 being able to 'look see' inside your pc it is a known fact as they have stated that many times over...does anybody remember AOL and how they wanted to dictate as to how and what you say in emails, wanting to be 'big brother'??? if you think for a second that M$ does not want to control everything then well you are naive. M$ has already made statements pertaining to being a watchdog looking for illegal downloads and whatnot; W10 is all about seeing what you have on your pc,. so lets re-think the 'spying' thing lets say they aren't spying but they certainly are looking over your shoulder.
  • CheesusCrust? I laughed so hard. I mean this kind of Handle name just kind of giveaway "i'm just joking'.
  • If you think that every email you send, every keyboard stroke you make, every question you ask the dummy being sent to MS is not spying on you, what would you call it? There are about a hundred IP addresses that MS uses to receive this data. Want to see it for yourself? Install PeerBlock with the Microsoft list activated and watch win 10 try to send hundreds of messages to MS. Want to watch without blocking? Install PortExpert and watch the hundreds of communications get logged. What you really need to consider is why MS, in their 12,000 word EULA that you accepted, states that they can collect anything from your computer at any time and do anything they want with it. Also, they can "update" your machine any time they want, even if it breaks some programs your running. And you can't stop it. No kidding, read it for yourself. Isn't that the definition of a virus?
  • Here's the problem. Yes, I don't care what you do on your computer and MS might not care about some of it either, but when you lose some your privacy, how much of your freedom do you also lose? Not much right now perhaps, but the systems are being put in place and when they want, the screws can be easily tightened. How much freedom will you loose then? I'm thinking of places like North Korea. No privacy, no freedom. I don't think I want to go down that road. So why can't I turn off, REALLY turn off this data sharing if I want to? What's the problem with that? This is the question to be asked. And MS should answer it.
  • Hmmmmm...... Seen a lot more stuff on the web than just that report...Lots of questions. Still and OK OS, a little buggy around the edges but, like any other microsoft product, it will be finally fixed after 50 or so updates....or a true Service pack 1... This "Let's release buggy software and fix it with updates later" method of releasing software is going to be their downfall at some time in the future...
  • How can you state it is not spying when any above average network tool can prove there is unauthorized traffic happening ?