(Outdated) How to deactivate Windows 10 spy functions

bl4uni

Active Member
Sep 10, 2015
106
69
73
Hello guys,
I'm gonna tell you how to deactivate all the "basic" spy functions if youre using windows 10. Sorry that all the pictures are in german, anyway this should not disrupt you as everything is fairly easy to understand.

1. Settings (working)
First, you open the start Menu and click settings:
kqofqyj2.png

Then you navigato to Privacy and make sure it looks the same as it does in the following pictures.
1: OFF
2: doesn't really matter
3: OFF
4: OFF
3a2vkrwz.png

Scroll down and select Feedback and Diagnosis.
Feedback: NEVER
qmovrfsi.png

Also it is very important that you disable Cortana. To do this, you click on the Search Bar and select the gearwheel. Make sure everything is turned OFF.
yhgv3rch.png

2. Disabling Telemetry (maybe not working)

You open the search bar and type regedit:
p77ipfjd.png

Open the programm and search for the following key:
HKEY_LOCAL_MACHINESOFTWARE\Policies\Microsoft\Windows\DataCollection
If there is no key, but the default one we will create a DWORD 32 bit Key named AllowTelemetry . You can do this by right clicking and selecting New:
rrb9uuls.png

nschp8yt.png

Keep the Data as it is, to zero. If you happen to already have the key, because you are using the Enterprise Version of Windows 10, make sure it is set to zero.
Just for the understanding: There are people saying that this won't affect anything. Actually by now, we don't know if it does something or not. But one thing is sure: It doesn't hurt you.

3. Disallowing the connection to Windows Servers (maybe not working)
This will definitely work. First of, you need to open the Windows Prompt with Administrative Rights. Once again, open the search bar and type cmd. Next you need to right click and select Open as Administrator:
fbf4jlqt.png

You will now navigate to drivers\etc\ by using the following command: cd drivers\etc
kfoy6sn8.png

Open the hosts file by typing notepad hosts and add all of the following text to it:
Code:
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 statsfe2.ws.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 telemetry.appex.bing.net
127.0.0.1 telemetry.microsoft.com
127.0.0.1 telemetry.urs.microsoft.com
127.0.0.1 vortex-sandbox.data.microsoft.com
127.0.0.1 vortex-win.data.microsoft.com
127.0.0.1 vortex.data.microsoft.com
127.0.0.1 watson.ppe.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
lyr4apwy.png

At the end, just save by clicking File and Save.
This will disallow every attempt your Computer makes to contact the Windows Telemetry Servers by redirecting it to localhost.

4. Deactivating Spy Services (working)

Open the Search bar and type services. Open the first result:
vylbi5z3.png

Scroll down and search for a Service named DiagTrack. Select Starting Type: Deactivated and if you want to close it right away click on Terminate. (If it doesnt say terminate but something else which means the same, thats the button you need to click. It should be located to the right from the Button which says Start.)
jlcrbcar.png

Do this again but with another Service named dmwappushsvc.

If you have any questions or suggestions for this tutorial just tell me in this thread.

With friendly Regards
bl4uni
 
Last edited:

Derp

Retired Staff
Contributor
Apr 30, 2015
933
1,014
217
Hello guys,
I'm gonna tell you how to deactivate all the "basic" spy functions if youre using windows 10. Sorry that all the pics are in german, anyway this should not disrupt you as everything is fairly easy to understand.

1. Disabling Telemetry
First you open the search bar and type "regedit":
p77ipfjd.png


Open the programm and search for the following key:
HKEY_LOCAL_MACHINESOFTWARE\Policies\Microsoft\Windows\DataCollection
If there is no key, but the default one we will create a DWORD 32 bit Key named AllowTelemetry . You can do this by right clicking and selecting New:
rrb9uuls.png

nschp8yt.png

Keep the Data as it is, to zero. If you happen to already have the key, because you are using the Enterprise Version of Windows 10, make sure it is set to zero.
Just for the understanding: There are people saying that this won't affect anything. Actually by now, we don't know if it does something or not. But one thing is sure: It doesn't hurt you.

2. Disabling the connection to Windows Servers
This will definitely work. First of, you need to open the Windows Prompt with Administrative Rights. Once again, open the search bar and type cmd. Next you need to right click and select Open as Administrator:
fbf4jlqt.png


You will now navigate to drivers\etc\ by using the following command: cd drivers\etc
kfoy6sn8.png

Open the hosts file by typing notepad hosts and add all of the following text to it:
Code:
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 statsfe2.ws.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 telemetry.appex.bing.net
127.0.0.1 telemetry.microsoft.com
127.0.0.1 telemetry.urs.microsoft.com
127.0.0.1 vortex-sandbox.data.microsoft.com
127.0.0.1 vortex-win.data.microsoft.com
127.0.0.1 vortex.data.microsoft.com
127.0.0.1 watson.ppe.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
lyr4apwy.png

At the end, just save by clicking File and Save.
This will disallow every attempt your Computer makes to contact the Windows Telemetry Servers by redirecting it to localhost.
If you have any questions or suggestions for this tutorial just tell me in this thread.

With friendly Regards
bl4uni

I didn't know about the first Registry part,
Anyway, about the second part

That will not work, Windows 10 Can skip the whole hosts file and ignore everything , even if you found a way to block the domains, their server's IP's are hard coded,

Packet Sniffing won't help neither, The only way to log the traffic is by creating a bridge between 2 computers and then log the traffic in the second computer,

In a few words:

You have to blacklist the IP's from your router
 

bl4uni

Active Member
Sep 10, 2015
106
69
73
Alright, I didn't know that. I already did that with my router, just thought you cant really make a good tutorial about that, because every routers configuration is different. The registry part is said to only work on Enterprise Versions, still there is no evidence that it doesn't work on other versions. I will soon update this thread with methods that are working.

EDIT: Added a method which will definitely work.
 
Last edited:

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
Here is my single tip of advice --- when you are installing Windows 10 and are given the slider options, select "No" for everything. It pretty much turns off most of the spying behavior. ;)
 

bl4uni

Active Member
Sep 10, 2015
106
69
73
May I ask Why?
Sure. I used Windows 7 before and I think the Design of Win10 is way more attractive. Also it boots about 5 Seconds faster. This doesnt really matter for me, because I have a SSD but it may matter for a lot of people. I also like the multitasking functions it comes with.

Here is my single tip of advice --- when you are installing Windows 10 and are given the slider options, select "No" for everything. It pretty much turns off most of the spying behavior. ;)
You're right, it turns off most. But for example the Feedback will still be on Automatic which basically means that Windows can request your data whenever it wants. And this is just one of many examples. The advices I gave above, especially the one where you deactivate the Services, will turn stuff off that you cant turn off by just selecting "No" while installing.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
We should have the IP addresses monitored --- then create a blacklist on all Microsoft collection servers or their IP ranges. :cool:
 

bl4uni

Active Member
Sep 10, 2015
106
69
73
Very good tutorial, glad to have you here. :)
Thanks for this tutorial :)
Thanks guys. :)

We should have the IP addresses monitored --- then create a blacklist on all Microsoft collection servers or their IP ranges. :cool:
Thats a good idea. When I resolve the URL's, I get the following IP's:
Code:
23.99.10.11
64.4.54.32
65.52.100.7
65.52.100.9
65.52.100.11
65.52.100.91
65.52.100.92
65.52.100.94
65.52.108.29
65.52.108.153
65.55.29.238
65.55.130.50
65.55.252.43
65.55.252.63
65.55.252.92
65.55.252.93
111.221.29.177
131.253.40.37
157.55.133.204
168.63.108.233
191.232.139.254
195.138.255.34
204.79.197.200
 

kingston

Contributor
Feb 10, 2016
243
151
128
You are walking in the dark. The best way to disable spying crap in win10 is to wipe your drive clean and stop using that system. You basically can disable just stuff that you see but there is way more that you don't see and you can't disable that. BTW telemetry is nothing new - it exists even in win7 and blocking it is a basic task to do. Not with the funny registry edit though... and yes, 5 secs faster boot is definitely a good reason to install this spying shit and share all you got there with authorities.

Try to disable WebRTC and DNS leaks in win10 ;) And that's just where the real fun begins...
 
Last edited:
Top