In a video posted on January 31, The PC Security Channel assessed the telemetry of a new laptop running on Microsoft’s Windows 11 compared to a new installation of Windows XP running for the first time. The team used Wireshark, a traffic capture program, to sniff out all of the queries from the operating system. The result was glaring; Windows 11 shares a substantial amount of data with third-party servers even before it’s used for the first time. This is in stark contrast to Windows XP, which shares very little data. While Windows XP only communicated with Microsoft servers for updates, Windows 11 sent data to ad domains, MSN, Bing, and more.
Telemetry on Windows 11
Windows 11 was released in Oct. 2021, while Windows XP was released over two decades ago, in Oct. 2002. The PC Security Channel’s findings highlight just how much Microsoft’s operating system has changed in the intervening years, particularly how much data the OS now transmits to third-party servers. The PC Security Channel team filtered all their traffic via Wireshark to show DNS (Domain Name Server) data which lists the exact names of the sites the operating system talks to in the background. Some of the domains Windows 11 transmitted data to that drew the attention of the UK-based cybersecurity team include:
akamaized.net digicert.com steamcloud-london.storage.googleapis.com trustedsource.org (McAfee third-party) msn.com bing.com smartscreen.microsoft.com privacyportal.onetrust.com
Some of the more disturbing domains that Windows 11 interacted with include:
scorecardresearch.com (an ad and tracking domain that was blocked by the uBlock Origin extension) geo.prod.do.dsp.mp.microsoft.com (location tracking)
“Think about it for a second. This is a computer where the user has not opened a web browser, they haven’t typed in anything, they’re not trying to use the internet even. All of this is just what the machine is doing on its own, without asking the user,” The PC Security Channel said in the video. While Windows 11 shared data with several first and third-party servers, Windows XP only connected to Microsoft servers for updates. One of these update servers was download.windowsupdate.com, and the other was update.microsoft.com. It did not interact with any third-party sites or tracking domains.
Data Sharing Without Permission
Today, many software and websites have the tendency to collect and share analytics and other data without explicit permission, sometimes even when you refuse data collection via consent boxes. Most people are aware of this data collection but decide not to act on it. A recent survey by the Annenberg School for Communication at the University of Pennsylvania revealed that most Americans are resigned to rampant data collection. If you’re a Windows 11 user, check out our guide to optimizing your privacy settings to limit this data collection. While you can’t stop operating systems, websites, and apps from communicating with third-party servers while browsing, you can use a solid VPN to encrypt the data leaving your devices. This, combined with a good privacy browser, can reduce your digital footprint and limit your exposure to prying eyes.
