Using a static block list in DNSBL / Blocking MS Telemetry and other BS
I found a script which i manually edited… Small excerpt below...
# Manually extracted from the script: Debloat-Windows-10/scripts/block-telemetry.ps1
# This script blocks telemetry related domains via the hosts file and related IPs via Windows Firewall.
# Source: https://github.com/W4RH4WK/Debloat-Windows-10/blob/master/scripts/block-telemetry.ps1
# Main Download Page: https://github.com/W4RH4WK/Debloat-Windows-10/tree/master/scripts
# 2236687 Sep 24, 2016 - @W4RH4WK W4RH4WK Fix most of anniversary stuff - 175 lines (169 sloc) 5.17 KB
How can I use this in pfBlockerNG so that the DNS resolver black holes these addresses?
Those domains are hardcoded in those scripts… You could copy those and place them in a DNSBL Custom list. Just be sure to remove the quotation marks... I have not tested adding those Domains to a blocklist. User beware...
Been running that for a while, works great. Looking at it, hasn't been updated in a bit but at least should be enough
That list includes many domains that have no relation to telemetry.
e.g. at least one of those domains is owned by google.
The original source of that list is now offline, basically what happened is I think someone started monitoring traffic whilst the system was idle and decided that all of it was due to windows telemetry.
I remember when I tested the list I couldnt get any updates on windows 10 either until the list got disabled.
Any suggestions as to how to sort the list out?
In an ideal world, I would like to block all the tracking and telemetry (Windows 8.1 - I want no part of 10!), and have a quick an convenient way to periodically open as little as needed to get patches, get my patches and close the hole.
I have absolutely no tolerance for letting Windows use my bandwidth to distribute updates, or arbitrary forcing me to reboot or taking over my system for extended periods of time to apply updates when it's not convenient.
I will post a much shortened list I ended up with which I got to by removing domains I know for sure are not for telemetry and also that broke other services. The list is way shorter as expected. But bear in mind its a game of whack a mole. Microsoft at any point can change the domain names used or even connect directly to ip's. This list I got here was last updated probably a year or so ago when I gave up on windows 10.
choice.microsoft.com choice.microsoft.com.nsatc.net df.telemetry.microsoft.com diagnostics.support.microsoft.com oca.telemetry.microsoft.com oca.telemetry.microsoft.com.nsatc.net reports.wes.df.telemetry.microsoft.com services.wes.df.telemetry.microsoft.com settings-sandbox.data.microsoft.com settings-win.data.microsoft.com sqm.df.telemetry.microsoft.com sqm.telemetry.microsoft.com sqm.telemetry.microsoft.com.nsatc.net survey.watson.microsoft.com telecommand.telemetry.microsoft.com telecommand.telemetry.microsoft.com.nsatc.net telemetry.appex.bing.net telemetry.microsoft.com telemetry.urs.microsoft.com vortex.data.microsoft.com vortex-sandbox.data.microsoft.com vortex-win.data.microsoft.com watson.ppe.telemetry.microsoft.com wes.df.telemetry.microsoft.com