We started our research by looking at what were the legal rights of Microsoft about our data. Reading the term of use is often seen as a chore, people accept and pays no attention to it. However, its contents can sometimes be interesting and hide important informations. In this part we speak about what data are collected and danger for us to disclose them. What power has Microsoft on our data?
If there is a privacy issue in Windows, there will be communications. This is why we tought that analyzing network streams was a good idea. We will mainly talk about our setup and what we found while examining those streams.
A brief talk about how an SSL MITM is working for those who don't know. This will explain how we set up our environment to study Windows communications
We decrypted some SSL packets and found that data was not anonymized at all. Each user of a computer got a identifier used in differents tools from Windows 10 (Cortana, online searches etc.) We were not able to decrypt every packet. We don't really know why, it seems that it detected our MITM, bypassed it or did not accept using another certificate
After Windows 10 release some developers wanted to preserve their private life and decided to create a software to block automatically all IPs and DNS from Microsoft. The database of their software must be updated regularly. Some programs allow them more options like uninstall metro applications or updates.
Looking at different kind of existing solutions we choose to spend some time analyzing the most used one (DWSLite). Being open-sourced we went through its code and found some disturbing modifications it is applying to the system.
Rather than blocking all services why not confuse and fool Microsoft about our profile ? Users can then continue to use the service without being registered. The idea is to send a lot of confusing data, so real data are merged among the large number of requests made. We decided to realise a proof on concept on one service : Cortana (it could have been done with another service like the diagnostic one). The software we developped is named CortaSpoof This software continuously sends random expression to Bing server.