(no title)
freeflight | 2 years ago
Such an analysis does not exist because that traffic is encrypted. Which is also the reason why using Windows 10/11 is not fully compliant with EU privacy laws in places like Germany, as there is no telling what Windows is actually phoning home.
Officially Windows 10/11 can be used but only after jumping through a lot of hoops that involve turning off the telemtry and phoning home, but even then only with an "acceptable residual risk" [0]
The only reason this isn't a bigger topic is because there is no realistic alternative; Everything is tailored to MS, and MS spends absurd amounts of money and effort to prevent anything from changing that.
So the majority just goes with the "easiest" and most convenient solution, even when it might actullay be an "illegal" solution that enables a ton of industrial espionage.
[0] https://www.heise.de/news/Datenschutzkonferenz-Hohe-Huerden-...
p-e-w|2 years ago
... by software that resides on the same system, with keys that are in memory on the same system.
I'm not saying it's trivial to decrypt the traffic, but it's certainly possible, and much, much harder reverse engineering is routinely being performed.
freeflight|2 years ago
Or MS could simply share the keys with those government institutions there have been literally asking for it, to see wether Windows is actually sending home privacy relevant data.
But the matter of fact is it's a very real issue and still on-going problem.
Just because investing a lot of effort could shed some further light on it does not really change anything about that or the non-compliant behavior MS engages in.
Security only being as good as the effort lobbed at it to break it, is not really a novel or useful insight in this scenario.
gnomewascool|2 years ago
I'm not sure that actually holds — the encryption keys are in memory, but the decryption keys don't necessarily have to be.
The pre-encrypted payloads definitely are in memory at some point; however snatching them probably involves larger-scale reverse-engineering.