from Hacker News

Windows 10 spies on your use of System Settings (2021)

by userbinator on 6/7/25, 7:24 AM with 158 comments

  • by JdeBP on 6/7/25, 1:39 PM

    Has no-one figured this out in three years?

    It's not telemetry. You just have to look at the junk that gets put in that huge banner across the top of the system settings to figure out what this is. It's not reporting you to Microsoft. It's reporting stuff from Microsoft to you.

    2021.1019.1.0 is, as I pointed out at https://news.ycombinator.com/item?id=44209402, a date. It's publishing a date from earlier this year now, in 2025. It's the date that something downloadable from Microsoft changed to a newer version. And in fact there are several things that got updated on April the 24th that are likely candidates here. There were update candidates for what this could be on October the 19th of 2021. The most likely is updates to Windows Update itself.

    As for Bing: Well in M. Horowitz's screenshot one can see that it's showing the prompt to have the "full customer experience". On other machines, you'll find that that area contains little icons about the statuses of Microsoft Rewards, Microsoft Edge, Microsoft OneDrive, Windows Update, and others. It's fairly obvious that the System Settings program has to make HTTP(S) queries to on-line services to show all of this stuff, including asking Bing how many Microsoft Rewards the user has earned. I wouldn't be surprised if it simply always did that, even if it never displayed the icon. And those queries involve DNS lookups.

    System Settings is querying various WWW services for the little icons at the top of its window, and the very prompt to run through the "full customer experience" dance that we can see right there in the screenshot.

  • by callamdelaney on 6/7/25, 9:54 AM

    Windows 10 spies on everything you do, and presumably windows 11 does to a greater degree.

    Your windows photos app has over 122 tables [0] of analysis on every picture on your machine. It does facial recognition and more and likely reports a lot of this back to ms. That’s just one app!

    [0] https://www.reddit.com/r/Windows10/comments/8zk1yy/a_simple_...

  • by globalnode on 6/7/25, 8:24 AM

    Windows is basically ad/spyware, personally I only use it under sufferance for games and while doing so I remind myself constantly that I'm being watched/recorded and my computer is out of my control. So I play games, then log to Linux if I want to do anything real. Even then, do we know some rogue process isnt vacuuming up your keystrokes? Can still get a lot done without an internet connection I guess if you plan ahead.

  • by eurekin on 6/7/25, 8:34 AM

    > it returned 2021.1019.1.0, whatever that means

    That looks like a version number...

    Would like to see more of the captured data, because a simple "about" dialog, would also need to call some server to check, if it software is in the latest version. To display the "you have the latest version" label.

  • by cosmotic on 6/7/25, 4:41 PM

    I remember when buttons in the control panel did what the labels said they would do along with help buttons that opened local help documentation that was accurate, concise, clean, interlinked, organized, searchable, and instant. Now the buttons in Settings open bing search results page in Edge (even when not the default browser) that have 0 results.

  • by butz on 6/7/25, 8:51 AM

    They will probably use collected telemetry data to build a third "control panel" to go along with already existing "control panels".

  • by userbinator on 6/7/25, 7:47 AM

    I saw this happening in 11 too, not surprisingly. It's become increasingly difficult to get Windows to stay quiet on the network, although a lot of other software is also guilty of this background noise.

  • by Devasta on 6/7/25, 9:32 AM

    Just like with IE, Microsoft will lose domination in the OS space for no other reason than it just gave up.

    It's maddening that they is a really capable OS sitting right underneath the layers of crap we have to deal with.

  • by red_admiral on 6/7/25, 9:58 AM

    This sounds like standard telemetry to me, probably only ever studied on aggregate and so fairly anonymised data.

    I'm not saying this is good, and I hope the EU mandates an effective OFF switch. But I don't see how Microsoft cares that you personally adjusted your screen brightness out of all the billions or so of data points they collect each day.

    Maybe the NSA's permanent record programme has some use for this?

  • by Sophira on 6/8/25, 2:19 AM

    On the topic of blocking host names using the hosts file:

    > The nslookup command returned valid IP addresses for both sub-domains, rather than the dummy IP addresses I put into the hosts file. Beats me why. DNS logging showed that nslookup queried my router for the IP addresses.

    The reason for this, as I understand it, is that nslookup queries the configured nameserver directly instead of using the getaddrinfo (or similar) function. (This is why the tool is named as it is - "nslookup" stands for "name server lookup". It was never a general purpose resolver tool.)

    Yes, this means that programs can simply bypass the hosts file if they want. However, it's worth noting that, even if you do use a pihole as the article suggests, programs can also bypass that by simply querying against a public DNS server like Google's 8.8.8.8. And if you block DNS to those, programs can use DNS-over-HTTPS.

    Of course, a large company like Microsoft probably has a lot of static IP addresses at their disposal, so they could just hardcode those instead and just bypass DNS altogether, at which point, basically your only recourse is to add a firewall rule to block that IP address.

    It's very difficult to ensure no connectivity short of denying Internet access entirely.

  • by globular-toast on 6/7/25, 1:09 PM

    I ditched Windoze 15 years ago and never looked back. There's never been an easier time to do it than now. Even if you can't do something on Linux, whatever it is isn't worth it. There's so much to do in life that it's more about choosing what not to do. Wherever possible choose love and generosity over hatred and greed.

  • by nmeofthestate on 6/7/25, 10:40 AM

    There's a potentially interesting article here where the content of the network requests and responses is investigated to find out what's happening, but this article isn't that - it just knee-jerks into cranky allegations of sPyiNg.

  • by barrkel on 6/7/25, 8:06 AM

    The usual reason for this kind of telemetry is to figure out which features users are using and which they aren't. That guides decisions about what to invest in, what can more or less safely deprecated, and can even help with promotions.

  • by CommanderData on 6/7/25, 8:16 AM

    I wish there was a law which mandated update, service and telemetry servers were on different cidrs.

    There are frequently updates lists Windows telemetry IPs you can block using ipsets. But a Microsoft always seem to mix these IPs with legitimate services.

  • by davydm on 6/7/25, 7:29 AM

    Considering the domains this is likely a network test, though it may be reporting the results of the connection to bing.com to cxcs, which apparently collects telemetry.

    On one hand, I get it - a lot of us ping google.com to quickly check the network - doesn't mean we're sending spy data to Google. On the other hand, it would be nice if this was more transparent, perhaps asking if it can perform the test.

  • by alkonaut on 6/7/25, 8:01 AM

    Apart from the reason of ”if they spy on this, who knows what else” and ”I don’t want to waste resources on telemetry” what is the reason to not allow a vendor to see which settings page you visit?

    Obviously if you opt out (or rather, didn’t opt in) you shouldn’t be sending telemetry. But the line between a necessary network call and an optional one is often blurry.

  • by NitpickLawyer on 6/7/25, 8:21 AM

    I have a similar anecdote about android. I was trying to change some setting, but my android phone has like 3 different places where settings can hide (the settings app, google settings app and vendor settings app). So anyway, I open one, search, open the other and so on. I must have opened and switched about 4 times, went through lots of menus, back and forth until I eventually found what I was looking for and changed the setting.

    After finishing, like ~10-15 seconds later a "feedback gathering ..." alert popped up, and it was gone in like 5 more seconds. My complete guess is that the constant going back and forth between settings menus and apps triggered something and something got sent to goog. I don't know how I feel about it, but I think I'm mostly fine with that? It sounds like the kind of thing I'd want my products to improve on. In an ideal world I'd get a quick report about what was gathered, and have an option to accept/deny but... Dunno.

  • by charcircuit on 6/7/25, 7:53 AM

    It's normal for programs to reach out to the internet for purposes other than spying on the user. Microsoft is a trustworthy company that wouldn't deploy spyware within an app included in the OS.

  • by qwertox on 6/7/25, 9:21 AM

    I wouldn't be surprised if they periodically collect a list of all the window titles.