Comment by pogue
1 day ago
The article links to this page, which was shared on HN yesterday. [1]
I feel like using wireshark to look at what's being sent back and forth from Windows telemetry, when using Edge, Chrome & etc should reveal what's being sent and recieved. Using MITM SSL spoofing should be able to intercept the packets.
I would be shocked if Microsoft was not using their own layer of certificate-pinning to stop people from doing that, and/or using another layer of encryption separate from the networking layer.
Only way to see what's going on is testing to see what's going on. Hopefully, someone who knows more about it than me can take a look at the packets and see what they contain.
I found this talk [0] and some of the slides suggest that Windows is, at least in some circumstances, packaging web-browsing data into telemetry.
To lift examples from the slides, that includes page titles:
The transitions between pages:
And even which link you clicked in the page:
[0] https://troopers.de/troopers23/talks/bsabut/
1 reply →
But you'd still see some encrypted traffic and it wouldn't fly under a radar