PfBlockerNG - Windows 10 Privacy



  • Was looking at compiling a list of Ip addresses to minimize, if not eliminate the Windows 10 privacy issues. I haven't looked into the Ip addresses for the Microsoft I-Blocklist, but can only assume this list isn't tailored for Microsoft 10 OS.

    I would think someone here in the community has already compiled a list and would be great if they would share. My idea was to create multiple list for different purposes depending on what you wish to block, than share here on the forum.

    Would love to hear some options.



  • Banned

    IP addresses is definitely NOT a viable approach.

    
    a-0001.a-msedge.net
    choice.microsoft.com
    choice.microsoft.com.nstac.net
    compatexchange.cloudapp.net
    corpext.msitadfs.glbdns2.microsoft.com
    corp.sts.microsoft.com
    cs1.wpc.v0cdn.net
    df.telemetry.microsoft.com
    diagnostics.support.microsoft.com
    fe2.update.microsoft.com.akadns.net
    feedback.search.microsoft.com
    feedback.windows.com
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    pre.footprintpredict.com
    redir.metaservices.microsoft.com
    reports.wes.df.telemetry.microsoft.com
    services.wes.df.telemetry.microsoft.com
    settings-sandbox.data.microsoft.com
    sls.update.microsoft.com.akadns.net
    sqm.df.telemetry.microsoft.com
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    ssw.live.com
    statsfe1.ws.microsoft.com
    statsfe2.update.microsoft.com.akadns.net
    survey.watson.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    telemetry.appex.bing.net
    telemetry.microsoft.com
    telemetry.urs.microsoft.com
    vortex.data.microsoft.com
    vortex-sandbox.data.microsoft.com
    vortex-win.data.microsoft.com
    watson.live.com
    watson.microsoft.com
    watson.ppe.telemetry.microsoft.com
    watson.telemetry.microsoft.com
    watson.telemetry.microsoft.com.nsatc.net
    
    

    Most of these are blocked by HPHosts and similar, which in turn breaks Windows Update. So NOT use the above list verbatim, it WILL break OS updates (even on W8.x).



  • For me I would not be concerned if it breaking MS Updates …...... Running Windows 7 now and have them blocked as we speak........if I feel I need an auto update, I flick it on, than off. You could manually download the updates monthly......that would be a drag.

    What I'm more concerned about is Windows 10 and all the malware that's built in.

    Android is a good example ..... its free ...... not really ....... it comes preloaded with malware... it is stealing your private information every day.

    By the way thanks for the list and the HPHosts info ...... wdoktornotor

    Anyone interested here's a thread where they are working on different methods of leak prevention.
    http://forums.mydigitallife.info/threads/63874-REPO-Windows-10-TELEMETRY-REPOSITORY


  • Moderator

    There is a thread here:
    https://forum.pfsense.org/index.php?topic=98087.0

    Other feeds here:
    https://github.com/WindowsLies/BlockWindows
    https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist

    hpHosts and a few of the other lists have also added some of those Domains, but I would be careful how that is affecting MS Updates etc… I don't specifically use those two lists above, just passing them along for you to test and report back :)



  • @BBcan177:

    There is a thread here:
    https://forum.pfsense.org/index.php?topic=98087.0

    Other feeds here:
    https://github.com/WindowsLies/BlockWindows
    https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist

    hpHosts and a few of the other lists have also added some of those Domains, but I would be careful how that is affecting MS Updates etc… I don't specifically use those two lists above, just passing them along for you to test and report back :)

    Thanks….



  • I solved my problems by installing Linux, but I digress.  Since I still have a few Windows 10 machines, my plan is to block all traffic to microsuck except from one VM which will be running as a WSUS server.  All my Windows 10 machines will be pointed to the WSUS server for updates.

    I just thought I would drop the idea of a WSUS server into the mix.



  • @centurioapertus:

    I solved my problems by installing Linux, but I digress.  Since I still have a few Windows 10 machines, my plan is to block all traffic to microsuck except from one VM which will be running as a WSUS server.  All my Windows 10 machines will be pointed to the WSUS server for updates.

    I just thought I would drop the idea of a WSUS server into the mix.

    Noob question from me:  I've used a little SCCM 2012 but never WSUS to push out Windows Updates.  Does WSUS require a Windows Server OS?  I'm curious if a home user can spin up a WSUS VM for free (legally).