The Anatomy of Windows Telemetry

Telemetry, a mechanism for transmitting collected data to a remote location for analysis, is becoming increasingly ubiquitous in software. Its widespread presence raises concerns related to the content, the security, and the privacy of collected data. This makes telemetry an important target for analysis. This talk focusses on the telemetry mechanism implemented in Windows 10 – Windows Telemetry. We first discuss the relevance of Windows Telemetry for analysis, with an emphasis on concerns critical to users of Windows 10 and of telemetry-enabled software in general. We then give an overview of its architecture. This includes the data sources, showing the extent of integration of Windows Telemetry in the operating system itself. In addition, we present on the communication interfaces of Windows Telemetry and characterize the network traffic originating from it. Finally, we discuss how the activity of Windows Telemetry can be reduced or stopped. We present the advantages and disadvantages of the different approaches for achieving this as well as relevant operational aspects.

About the Speakers