On 05/03/16 07:24, Karel Lang AFD wrote:
> Hi all,
> 
> guys, i think everyone heard already about how windows 10 badly treat
> its users privacy.

My solution to this was to finally rid Windows 7 off my desktop PC - as
most of the telemetry has also been 'back ported' to Windows 7 also. You
can't stop it.

> I'm now thinking about a way howto stop a windows 10 sending these data
> mining results to a microsoft telemetry servers and filter it on our SL
> 6 linux gateway.

Nope. There are no specific servers in use - just general - so whatever
you block will end up killing other services.

> I think it could be (maybe?) done via DPI (deep packet inspection). I
> similarly filter torrent streams on our gateway - i patched standard SL
> 6 kernel with 'xtables' (iptables enhancement) and it is working
> extremely well.

I would be interested to see if you could identify telemetry packets in
the flow - but I'm not predicting much success. If you do get it, make
sure you let the world know though!

> I read (not sure if true) that some DNS resolutions to M$ servers are
> even 'hardwired' via some .dll library, so it makes it even harder.

Correct.

> I'm no windows expert, but i'm and unix administrator concerned about
> privacy of windows desktop/laptop users sitting inside my LAN.
> 
> What i'd like to come up is some more general iptables rules, than
> blocking specific IP addresses or names, because, apparently they may
> change in any incoming windows update ...
> 
> Anyone gave this thought already? Anyone else's concerned the way i am?

Yup - and as I said, I'm now running Fedora 23 on my desktop (EL lags on
a few things that I like - so Fedora is a happy medium for me - as I
still have the fedora-updates-testing repo enabled. My work laptop as
well as my personal laptop - and now my home desktop all run Fedora 23
(KDE Spin if you hate Gnome 3 - like me).

-- 
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897