> Edit: On second thought, how long before they just start hard coding IP addresses?
I think it’ll eventually go to DoH with hard to block IPs (ex: Cloudflare IPs are tough to block because you break too much stuff).
I’ve always believed a large part of the push for TLS, DoH, eSNI, etc. is to eliminate our ability to filter network traffic. It’s sold as a freedom thing, but I’m sceptical.
If Windows will hard-code IPs, there will be tools to patch them out. And simply not using Windows is a very real possibility too, even if there are obvious inconveniences with going down that route (either OSX or Linux).
That said TLS and other network security features are fundamental building blocks, but obviously in oppressive regimes where they stand out they have also the potential to bring the most value. And in parts of the world where network censorship is not a problem, there the features might benefit greedy corporations in a quasi-oligopoly a lot more than the users. But that's not necessarily an argument against these features.
Patching Windows code will break updates and will definitely be flagged as risk. You would have to black hole the IPs on the router, as even Windows Firewall might not have the authority.
The risk thing will be patched out too, naturally, I assume, just as with game cracks. And yes, the updates will just restore everything, scream and scold the user. So there will be users that don't update ...
Well, I see compattelrunner.exe blocked in Windows Firewall (I use Malwarebytes Firewall Control in interactive mode and block/allow stuff manually), so it's likely working :D
>I can see the argument for disallowing remapping Microsoft domains in the hosts file as a security precaution [0], but this seems a bit heavy handed.
This is a crucial point here. I would be curious to see a list of Microsoft sites that you are allowed to redirect in the HOSTS file. Having a more complete list of protected/unprotected domains would give us a better indication if this is an overly aggressive attempt to protect users from legitimate threats or a malicious attempt to protect Microsoft's access to users’ data. Because blocking redirects on microsoft.com certainly seems smart, but blocking redirect of telemetry.remoteapp.windowsazure.com seems suspicious.
I'm sure there's plenty of hackers, government agencies, etc that would just love to redirect telemetry from specific targets' Windows computers to servers they control.
Not to say that it going to Microsoft is necessarily that much better, or that they may have deliberately also sabotaged people trying to redirect it to localhost, but still, it's a thing.
But could they? Verifying the host on the other end is the real deal doesn't appear to be too hard. I would be surprised if Microsoft relied solely on plain DNS for that.
Considering how Windows 10 until very recently pitched an absolute fit when the user tried to change the default browser away from Edge, I'm gonna go with the latter.
> Edit: On second thought, how long before they just start hard coding IP addresses?
What would be the benefit of it? IP addresses are as easy to block as domain names, but the number of IP adresses available to them is much smaller than the number of possible domain names.
> IP addresses are as easy to block as domain names, but the number of IP adresses available to them is much smaller than the number of possible domain names.
Is it? If they wanted to be toxic they could mix the telemetry IPs around with the windows update IPs inside a fairly significant block of IPv6 addresses. It would be hard to block the entire range because you'd hit the update servers.
Oh well, there's always pihole.
Edit: On second thought, how long before they just start hard coding IP addresses?
[0]: https://blog.malwarebytes.com/cybercrime/2016/09/hosts-file-...