Nir Sofer, a developer known for creating useful utilities for Windows, recently discovered that the System Settings app in Windows 10 Home Edition (build 19042.1083) appears to generate DNS queries to specific Microsoft servers when opened, suggesting potential telemetry or spying activities. Sofer’s initial setup included a heavily locked-down machine with local accounts and disabled customization and telemetry tasks. Using his DNS logging tools, DNSLookupView and DNSQuerySniffer, Sofer observed that opening the System Settings app triggered DNS queries for www.bing.com and cxcs.microsoft.net. These queries were made by the executable C:\Windows\ImmersiveControlPanel\SystemSettings.exe and appeared to be of type AAAA, which resolves domain names to IPv6 addresses. The queries resolved www.bing.com to ::ffff:13.107.21.200 and ::ffff:204.79.197.200, while cxcs.microsoft.net resolved to ::ffff:96.17.141.116. Although DNS queries themselves do not transmit data, they often precede data transmission. Intrigued, Sofer used TcpLogView to log outbound TCP requests and found that SystemSettings.exe indeed made encrypted HTTPS requests to both www.bing.com and cxcs.microsoft.net, which lasted for about 20 seconds before the connections were closed. Upon further investigation, Sofer discovered that cxcs.microsoft.net returns a version number in plain text, possibly indicating a connection to Microsoft's Customer Experience Center (CXC). Blocking cxcs.microsoft.net with a router’s DNS settings did not prevent the System Settings app from functioning, but additional DNS requests to ctldl.windowsupdate.com were observed. When both cxcs.microsoft.net and ctldl.windowsupdate.com were blocked, SystemSettings.exe still attempted to resolve multiple domains, including ecn.dev.virtualearth.net, which generated an outbound request despite being associated with a different Windows service, svchost. The hosts file can be modified to block www.bing.com by resolving it to an invalid IP address, but this method has limitations. For instance, nslookup commands still return valid IP addresses, while web browsers and SearchApp.exe pick up the dummy IP addresses. Sofer recommends a network-wide DNS blocking solution using a router, Pi-Hole, or similar tools for a more effective defense. Sofer’s findings suggest that Microsoft uses Bing for more than just a search engine, integrating it into the Windows 10 telemetry system. Blocking www.bing.com and related subdomains can help reduce data collection, although this might affect the usability of Bing as a search service. Advanced users can consider configuring a firewall to control outbound traffic, similar to Little Snitch on macOS, or using a Raspberry Pi with Pi-Hole to manage DNS requests. To further secure a Windows 10 environment, Sofer provides a list of subdomains that can be blocked to mitigate telemetry: browser.events.data.msn.com browser.events.data.microsoft.com config.edge.skype.com cxcs.microsoft.net evoke-windowsservices-tas.msedge.net self.events.data.microsoft.com settings-win.data.microsoft.com settings.data.microsoft.com umwatson.events.data.microsoft.com watson.telemetry.microsoft.com Blocking these domains did not seem to cause significant issues for Sofer. However, he advises blocking one or two at a time to avoid unexpected problems. Additional domains like login.live.com and login.microsoftonline.com can also be blocked if Microsoft services are not used. Helge Klein’s comprehensive research in March 2021 supports Sofer’s findings, revealing that Windows 10 communicates with over 291 hosts and 2,764 unique IP addresses, highlighting the extensive network activity and potential privacy concerns within the operating system. Industry insiders and security experts agree that Microsoft's telemetry practices in Windows 10 are pervasive and often overlooked. They emphasize the importance of user awareness and proactive measures to protect privacy, such as those suggested by Sofer. Blocking specific domains and using network-level solutions are considered effective strategies to limit data collection. Microsoft, known for its robust ecosystem of products and services, continues to face scrutiny over its data handling policies, particularly in light of these findings.