Why is Microsoft Downloading from my computer?

TrufflesG

Distinguished
Jul 7, 2011
149
1
18,695
Hello,
I have Colasoft Capsa installed so I can get a highly detailed insight as to what's going on with my network traffic.

One thing I find puzzling and concerning is that Microsoft is retrieving a lot of data from my computer. So far several hundred Megabytes. I've checked the IP's to make sure they weren't spoofed and they appear to be genuine Microsoft IP addresses.

Is there an explanation for this that makes sense. While I have nothing on my computer that I would consider "bad", I'm still not comfortable having ANY POTENTIAL that my business information, engineering CAD designs, and personal family photos are taken without my consent.

I'm quite aware that Microsoft would DOWNLOAD UPDATES TO my computer, but 100's of MB's of UPLOADS (outbound data from my computer) doesn't make sense.
 
Solution


If you upload your data somewhere (ex. gmail or OneDrive), Linux vs Win 10 will not help you.
Linux will also not help you if the NSA has you on their radar.

I've not seen anything whereby a vanilla Win 10 is intentionally scarfing your...


The screens have been changed considerably since this guide was written, but eventually I found the settings.

Interestingly, I already had those settings set to NOT allow P2P Uploading.

And Yet I see considerable uploading using various Microsoft Servers across the Internet. As mentioned, approximately 100 MB so far this month

 


100MB for the month is easily taken up with the recent April update.
Not only does it (obviously) have to download...it must also talk back to home base to verify, etc.

100MB is nothing.
 


It is when the RECEIVED data is 87K and the UPLOAD back is 100MB

 


Agreed. It makes no sense to have only 50K of downloads when over 500 MB has been uploaded.
There must be something unusual going on.

I'll do some more investigating.

Thanks

 
Welcome to Microsoft telemetry!!! They're pulling a "Google" on users with the big emphasis on analytics. Hence, the uploading.

You can turn most of this off under Settings --> Diagnostics & Feedback --> Set from Full to Basic.
Also go Settings --> Activity History --> un-check "Let Windows collect my activities from this PC.

If you really want to micromanage Windows 10 phoning home, you can run Shutup10 from O&O software. It's basically just a GUI front-end that makes system registry changes.

https://www.oo-software.com/en/shutup10

The irony is that O&O is a Microsoft Gold Certified Partner too. LOL 😀

 
Thanks for the replies.

I don't seem to have the "Active History" on my Win10 Pro computers?

I followed the steps to turn off any options I could that had to do with telemetry. Especially those that allowed my computer to serve files to others.
It has not stopped the connections tagged as microsoft and the downloading. I would like to go back to Windows XP !!!

Looks like I'm gonna need to set up a Linux machine for daily Internet use and reserve Microsoft machines for mostly non Internet connected work.
You might conclude that I'm some sort of criminal doing bad things on my computer....but that's just an assumption.

I simply value my PRIVACY and I use my computer for a lot of CAD designing of products that are developed and sold. Some under application for patents and I DO NOT want those designs "accidentally" shared or intentionally downloaded by Microsoft for their research and analysis.
 


Not necessarily.

Google, Microsoft, farcebook have ALL been known to take personal information and use it or share it with government agencies without consent or knowledge of the individual from whom it was collected.

The government is KNOWN to wiretap cellphones without warrants.
What's sad is that so many Americans have no problem with the loss of our Constitutional rights.

Am I making this up?

Experts in fact tend to agree with me....
https://www.wired.com/2012/03/ff-nsadatacenter

 


If you upload your data somewhere (ex. gmail or OneDrive), Linux vs Win 10 will not help you.
Linux will also not help you if the NSA has you on their radar.

I've not seen anything whereby a vanilla Win 10 is intentionally scarfing your personal data from your hard drive, and sending it to the mothership.
 
Solution


True.
I'm already "on their radar" since I'm a defender of Constitutional Rights.
Maybe that's why I have more download activity than average?

But let me reiterate, I take my network seriously. I use WireShark and ColaSoft Capsa to watch my network activity and I think I know what I see. I also have various hardware appliances to monitor and firewall my network given all the data breeches and mischief by foreign nationals lately . But I will admit, however, that I have not yet analyzed the specific data being downloaded from my computer so it could be the telemetry that has been mentioned where my computer has been acting as a file server for Microsoft Updates to others computers.

The question would then be....WHY does it continue even when those settings have been set to NOT allow such sharing? It's not virus or malware activity since I've confirmed the destination servers
 
You've seen "activity", but have not yet analyzed what that activity might be.

We can't fix a "problem", until we know what the problem might be.
If Win 10 were intentionally and maliciously scarfing up local personal data to send to the mothership, the thousands of other security researchers around the world would have seen this.

Stuff that you upload? gmail, facebook, etc, etc...all bets are off. That is a known function, and their entire business model.
Solution...don't do that.
 


We do....unexplained uploads that have no corresponding downloads (ruling out updates). And since the options that reportedly allow telemetry and data sharing are off, the problem is self evident.

It's like saying "we don't know if a car has a problem until we know exactly what's wrong with it."

Yes we do.

And that's my final answer Regis :)