How Microsoft Can Spy On You And How To Stop It!
This Article will explain how they spy on you and how you can stop Microsoft from getting your IP Address without your permission.
How Microsoft Can Spy On You?
The answer is simple, via their NCSI ( Network Connectivity Status Indicator ).
Why should we care of it?
Well... each time we start our Windows Computer an Internet connection test is run automatically to test the Internet availability.
So each time we start it, our PC makes a connectivity request to a text file into the NCSI Server of Microsoft ( 18.104.22.168 & dns.msftncsi.com ).
The Text file should be located here:
Where's the fun part?
Microsoft admitted that they DO NOT NOTIFY the user Before attempting to collect informations, infact it is automatically done if you have the Internet!.
They store, in a NO-ENCRYPTED way, your logs into their WebServer, each time you connect. The logs contain the time of each access and the IP address recorded for that access.
Wanna See in Deep?? Look Below Here!
"User notification: [ NCSI does not notify the user before attempting to collect information. ] ... "
"Encryption and storage: [ NCSI does not use encryption ] ...
[ IIS logs are stored on the server at www.msftncsi.com. These logs contain the time of each access and the IP address recorded for that access. ] ... "
What did they say about it?
They said that "These IP addresses are not used to identify users, and in many cases, they are the address of a network address translation (NAT) computer or proxy server, not a specific client behind that NAT computer or proxy server."
Alright... So Someone may say that it is a service to help native users see a yellow icon if there is a limited connectivity.
But... ask to yourself, why should Microsoft needs to get all these Personal Informations from Us (stored in that way)?.
Read More Here --> https://technet.microsoft.com/en-us/library/cc766017%28v=WS.10%29.aspx
Isn't a "Legal" Spy System? ... well , if you feel ashamed from all of this, we will teach you How to Block all that stuff!.
So, if you Wanna Block the Microsoft "Auto IP-Listening" Service? Act as below:
1) Open REGEDIT and press Enter
2) Go on HKEY_LOCAL_MACJONE
4) Click on SYSTEM
5) Click on CurrentControlSet
6) Click on Services
7) Click on NLaSvc
8) Click on Parameters
9) Click on Internet
10) On the right side look for "EnableActiveProibing" and set his Value to "0"
Done?! No, There's another way on how they can Track us, by using our Local Computer Policy Editor.
Wanna be more secure?
You'll have to deactivate the "Windows Network Connectivity Status Indicator active tests".
How can you do it? Follow these steps:
1) Search for gpedit.msc and click on it, the Local Computer Policy Editor will appear
2) Go here:
Local Computer Policy > Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings
3) Look for "Windows Network Connectivity Status Indicator active tests" and turn it OFF.
You can Manually Block the domains and the referred IPs directly from the HOSTS File!...
1) Navigate here:
2) Open the file with NOTEPAD or another Text Editor:
3) Paste these following lines at the end of the File:
4) What's next? Of Course you must Save it!.
Congratulations! You have now stopped to send all your Connection Details to Microsoft!.
About the Author:
Christian Galeone is a Jr. Information Security Researcher from Italy, he's currently studying to I.I.S.S. Marco Polo ( Vocational Technical Institute | Vo-Tech ) attending the IT Class.
He has been Acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc. He is currently working with HOC as author of Cyber Security & Critical Tools Research Articles.