Comment by Terr_
1 day ago
I would be shocked if Microsoft was not using their own layer of certificate-pinning to stop people from doing that, and/or using another layer of encryption separate from the networking layer.
1 day ago
I would be shocked if Microsoft was not using their own layer of certificate-pinning to stop people from doing that, and/or using another layer of encryption separate from the networking layer.
Only way to see what's going on is testing to see what's going on. Hopefully, someone who knows more about it than me can take a look at the packets and see what they contain.
I found this talk [0] and some of the slides suggest that Windows is, at least in some circumstances, packaging web-browsing data into telemetry.
To lift examples from the slides, that includes page titles:
The transitions between pages:
And even which link you clicked in the page:
[0] https://troopers.de/troopers23/talks/bsabut/
What application is doing the sending and where is it being sent?
But you'd still see some encrypted traffic and it wouldn't fly under a radar