Thursday, 18 June 2015
15 comments

How Microsoft Can Spy On You And How To Stop It



How Microsoft Can Spy On You And How To Stop It!

This Article will explain how they spy on you and how you can stop Microsoft from getting your IP Address without your permission.

How Microsoft Can Spy On You?
The answer is simple, via their NCSI ( Network Connectivity Status Indicator ).

Why should we care of it?
Well... each time we start our Windows Computer an Internet connection test is run automatically to test the Internet availability.

So each time we start it, our PC makes a connectivity request to a text file into the NCSI Server of Microsoft ( 131.107.255.255 & dns.msftncsi.com ).

The Text file should be located here:
http://www.msftncsi.com/ncsi.txt

Where's the fun part?
Microsoft admitted that they DO NOT NOTIFY the user Before attempting to collect informations, infact it is automatically done if you have the Internet!.

 ...In short...

They store, in a NO-ENCRYPTED way, your logs into their WebServer, each time you connect. The logs contain the time of each access and the IP address recorded for that access.


Wanna See in Deep?? Look Below Here!
"User notification: [ NCSI does not notify the user before attempting to collect information. ] ... "

"Encryption and storage: [ NCSI does not use encryption ] ...

[ IIS logs are stored on the server at www.msftncsi.com. These logs contain the time of each access and the IP address recorded for that access. ] ... "


What did they say about it?
They said that "These IP addresses are not used to identify users, and in many cases, they are the address of a network address translation (NAT) computer or proxy server, not a specific client behind that NAT computer or proxy server."

Alright... So Someone may say that it is a service to help native users see a yellow icon if there is a limited connectivity.

But... ask to yourself, why should Microsoft needs to get all these Personal Informations from Us (stored in that way)?.

Read More Here --> https://technet.microsoft.com/en-us/library/cc766017%28v=WS.10%29.aspx

Isn't a "Legal" Spy System? ... well , if you feel ashamed from all of this, we will teach you How to Block all that stuff!.

So, if you Wanna Block the Microsoft "Auto IP-Listening" Service? Act as below:


1) Open REGEDIT and press Enter

2) Go on HKEY_LOCAL_MACJONE

4) Click on SYSTEM

5) Click on CurrentControlSet

6) Click on Services

7) Click on NLaSvc

8) Click on Parameters

9) Click on Internet

10) On the right side look for "EnableActiveProibing" and set his Value to "0"



Done?! No, There's another way on how they can Track us, by using our Local Computer Policy Editor.


Wanna be more secure?
You'll have to deactivate the "Windows Network Connectivity Status Indicator active tests".


How can you do it? Follow these steps:

1) Search for gpedit.msc and click on it, the Local Computer Policy Editor will appear

2) Go here:
Local Computer Policy > Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings

3) Look for "Windows Network Connectivity Status Indicator active tests" and turn it OFF.



**Still Worried?!** 

You can Manually Block the domains and the referred IPs directly from the HOSTS File!...


1) Navigate here:
c:\windows\system32\drivers\etc\hosts

2) Open the file with NOTEPAD or another Text Editor:

3) Paste these following lines at the end of the File:

127.0.0.1 msftncsi.com
127.0.0.1 131.107.255.255
127.0.0.1 dns.msftncsi.com


4) What's next? Of Course you must Save it!.

Congratulations! You have now stopped to send all your Connection Details to Microsoft!.

About the Author:
Christian Galeone is a Jr. Information Security Researcher from Italy, he's currently studying to I.I.S.S. Marco Polo ( Vocational Technical Institute | Vo-Tech ) attending the IT Class. 
He has been Acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc. He is currently working with HOC as author of Cyber Security & Critical Tools Research Articles.


15 comments:

  1. truly mind blown for me . thx u ;-(

    ReplyDelete
  2. pleaz can we see that .txt file

    ReplyDelete
  3. So, the last part, what is the extension while we save that hosts file? because when I save from notepad, the default extension is txt.

    ReplyDelete
    Replies
    1. rename the file to host.txt then add ur lines :D once u r done again rename it the same.

      Delete
  4. I cannot open this gpedit.msc i get an error that the module cannot be created, plus I cannot safe the notes file after pasting the lines. @-)

    How can I fix this??? ;(

    ReplyDelete
  5. ESO SOLO SUCEDE DE WINDOWS 7 EN ADELANTE A LOS QUE USAN WINDOWS XP NO TIENE PROBLEMA

    ReplyDelete
  6. thx for posting this .... truly mind blowing but any idea how to block the infamous XFINITY ? like we did here with microSUX ?????
    thx

    ReplyDelete
  7. Thank you for posting such a great article! I found your website perfect for my needs. It contains wonderful and helpful posts. Keep up the good work!. Thank you for this wonderful Article!
    five nights at freddy's

    ReplyDelete

 
Toggle Footer
Top