Windows 10 spies on your use of System Settings (2021)

162 comments

·June 7, 2025

JdeBP

Has no-one figured this out in three years?

It's not telemetry. You just have to look at the junk that gets put in that huge banner across the top of the system settings to figure out what this is. It's not reporting you to Microsoft. It's reporting stuff from Microsoft to you.

2021.1019.1.0 is, as I pointed out at https://news.ycombinator.com/item?id=44209402, a date. It's publishing a date from earlier this year now, in 2025. It's the date that something downloadable from Microsoft changed to a newer version. And in fact there are several things that got updated on April the 24th that are likely candidates here. There were update candidates for what this could be on October the 19th of 2021. The most likely is updates to Windows Update itself.

As for Bing: Well in M. Horowitz's screenshot one can see that it's showing the prompt to have the "full customer experience". On other machines, you'll find that that area contains little icons about the statuses of Microsoft Rewards, Microsoft Edge, Microsoft OneDrive, Windows Update, and others. It's fairly obvious that the System Settings program has to make HTTP(S) queries to on-line services to show all of this stuff, including asking Bing how many Microsoft Rewards the user has earned. I wouldn't be surprised if it simply always did that, even if it never displayed the icon. And those queries involve DNS lookups.

System Settings is querying various WWW services for the little icons at the top of its window, and the very prompt to run through the "full customer experience" dance that we can see right there in the screenshot.

userbinator

Doesn't matter what you call it. It's unexpected and unsolicited network traffic, which can be used to determine what you were doing at that time.

JdeBP

Microsoft doesn't learn any more from the DNS lookup and HTTPS request than from you going to Bing.COM in a WWW browser on the very same machine and the Bing.COM site showing your Microsoft Account status, as it in fact does. Microsoft does not have the information to unambiguously know that you have opened System Settings. It just knows that something from your IP address has asked it about your account's Microsoft Rewards.

callamdelaney

Windows 10 spies on everything you do, and presumably windows 11 does to a greater degree.

Your windows photos app has over 122 tables [0] of analysis on every picture on your machine. It does facial recognition and more and likely reports a lot of this back to ms. That’s just one app!

[0] https://www.reddit.com/r/Windows10/comments/8zk1yy/a_simple_...

afavour

Hm, the word “likely” is doing a lot of work there. If anything local storage of this stuff is encouraging, it suggests at least the possibility that this isn’t all living in the cloud. But it’s being interpreted as a negative with an unsubstantiated assumption about how the data is being used.

I’d also like to think we could have a better discussion on HN than “big number scary”. 122 tables sounds like a lot, sure. They could denormalise the whole dataset and keep it in one table, key/value store style. Would that be better? It’s a photo app with facial recognition. Stands to reason that it needs to store facial recognition data.

ffsm8

The qualifier that confused me was for every image. For what conceivable reason would they make 122 tables of analytics per image? ( ╹ ▽ ╹ )

Springtime

> Your windows photos app... does facial recognition and more and likely reports a lot of this back to ms. That’s just one app!

The link you cite though was careful to avoid making claims that couldn't be substantiated. It lists only what is in the database locally and the telemetry section doesn't include image content/metadata but user interactions with the app itself.

callamdelaney

Yep the post is also 7 years old. I suspect there is a lot more going on now, but I haven’t investigated in a while.

madeofpalk

> more and likely reports a lot of this back to ms

Isn’t this the literal definition of FUD? Fear, Uncertainty, and Doubt.

I would like to hope the orange site approaches this topic with more substance. Do the analysis of network traffic to see what gets sent home. Decompile the binary to check it out for these sorts of things. Don’t just write your anti-MS fanfic and pretend that it’s something meaningful.

People and object detection are pretty baseline features for a photo management app these days IMHO. I like that my photos app automatically finds all the photos of my dog.

callamdelaney

Why would it need to be performing facial analysis and have over 120 tables of information in the first place?

madeofpalk

Automatic albums of people is table stakes for a photo management app. Everyone has it - Apple Photos, Google Photos, Immich, etc.

That requires facial detection.

thewebguyd

> I would like to hope the orange site approaches this topic with more substance.

You won't find that here if Microsoft/Windows is in the title. HN will default to FUD on anything from Redmond.

How many here complaining about analysis in the photos app on Windows also sync all their photos to iCloud or Google Photos, which does the exact same thing? I bet it's a lot.

lofaszvanitt

Windows has info about everything. Even have a history of USB drives ever plugged into the system. Maybe all this for when someone gets in the crosshairs and an infiltrator squad can swoop up all the info to use against the individual.

callamdelaney

Yep pretty sure the images will remain in the windows photos database, at least hashes and descriptions etc after you’ve deleted them

globalnode

Windows is basically ad/spyware, personally I only use it under sufferance for games and while doing so I remind myself constantly that I'm being watched/recorded and my computer is out of my control. So I play games, then log to Linux if I want to do anything real. Even then, do we know some rogue process isnt vacuuming up your keystrokes? Can still get a lot done without an internet connection I guess if you plan ahead.

Eavolution

Even with games nowadays you'd be surprised with the quality of gaming on Linux. I've got a laptop with a nvidia graphics card running linux, historically a problematic to say the least setup. I've only had one game I needed to tweak the startup settings for (other than forcing the use of proton), everything just kind of works now.

I will put a big disclaimer here that I don't play online games really and some are just fecked due to certain anti cheats.

blooalien

Used to be that any two of those three things (Laptop, NVIDIA, Linux) together was enough to ensure endless hassle dinkin' with various things to get it all running somewhat halfway right. Nowadays it seems like most everything on Linux is pretty much real deal "plug-n-play" except the odd occasional AAA game publisher goin' all purposely anti-Linux with their DRM or anticheat.

Praise be to Valve / Steam for their massive (and ongoing) push to make gaming viable on Linux for a wider audience outside the "nerd" crowd runnin' WINE from commandline, and various "retro" / classic console emulators (and of course "indie" games). Love bein' able to click "Play" and most games these days just run (despite my bein' one of those "nerds" who ran games in WINE long before Valve ever did). :)

globular-toast

Even installing Gentoo today feels like cheating compared to what it was like in the early 2000s. It really does mostly just work these days.

anthk

You don't need Steam; you can just use Lutris, where you even have a Flatpak.

phatskat

I remember the days of running WINE, tweaking settings, searching forums, hacking around in kernel modules, yelling at nvidia drivers…kind of miss it lol

danparsonson

Yeah Rust is non-functional for that reason sadly, but otherwise I'm loving my Linux life; most eveything else works great. Valve have done us a great service with Proton.

specproc

Wanted to play Helldivers with my boys from back home. They're on Xbox, I'm on Linux, guess who could play it?

I love that Arch is a better gaming platform than Xbox these days.

ksynwa

Online games with ring 0 anticheats not working on Linux is a feature actually

jstanley

> do we know some rogue process isnt vacuuming up your keystrokes?

The standard for holding a belief isn't "can you prove it is not so?", but "on the balance of evidence, is it likely to be so?".

If you believe everything you can't disprove, you'll hold an awful lot of bizarre and contradictory beliefs.

In the past I have spent some time believing some things simply because I couldn't disprove them, it is not good for the soul.

lyu07282

I think that was also the common approach to paranoia about your privacy pre-Snowden. But he kind of ended that discussion for many, although denial or ignorance is probably better for your soul indeed.

jstanley

He didn't end the discussion, he presented evidence. When you receive updated evidence you should update your beliefs.

He presented good evidence that big corporations are co-operating with the NSA, or something, but he didn't present any evidence at all that regular Linux distros are monitoring all your keystrokes. As far as I know.

CoastalCoder

> The standard for holding a belief isn't "can you prove it is not so?", but "on the balance of evidence, is it likely to be so?".

IANAP, but I don't think everyone agrees with that framing. Epistemology is a big topic.

const_cast

On a related note, not believing some things because you cannot prove them is a road to naivety.

For me personally, based on the plethora of evidence given by other online platforms and applications, I think it's perfectly sane to assume that yes, your data is being slurped and logged. Maybe that's not a bad thing, maybe it is, but at this point I think that ship has sailed.

Can I prove it? No, mostly because the manufacturers have specifically designed it in such a way to be unprovable.

jstanley

> based on the plethora of evidence

Yep, this is fine.

I'm not saying "don't believe anything you can't prove". I'm saying "don't believe everything you can't disprove".

Believe based on evidence, as you appear to be doing.

Windows is spying on your use of System Settings? Good evidence.

Linux process is spying on your keystrokes? No evidence.

7373737373

The fact that our currently popular operating systems don't enable users to trivially 'disprove' such possibilities really shows how shitty they all are

madeofpalk

What is a way in which you could disprove this?

How could you disprove that the Ubuntu ISO doesn’t do the same thing?

franczesko

Playing games on Linux nowadays works like a charm. I had no issues with any Steam or Epic sore games whatsoever.

johnisgood

Many games I would like to play are Windows-only, so that kind of sucks, but then again, I installed Windows 11 just for this purpose. So not complaining, until my programs and games will stop working when Windows 13 (or whatever) comes out. I had to upgrade from Windows 9 to 11 because it became obsolete and unsupported.

theandrewbailey

> Many games I would like to play are Windows-only

Mine too, but I'll let you in on a secret:

https://www.protondb.com/

> Proton is a new tool released by Valve Software that has been integrated with Steam to make playing Windows games on Linux as simple as hitting the Play button within Steam.

eurekin

> it returned 2021.1019.1.0, whatever that means

That looks like a version number...

Would like to see more of the captured data, because a simple "about" dialog, would also need to call some server to check, if it software is in the latest version. To display the "you have the latest version" label.

JdeBP

This is United Statians being the victims of their own crazy date writing style again. (-:

Michael Horowitz did this on 2021-10-22, and it returned the value 2021.1019.1.0.

Today, on 2025-06-07, it is publishing the value 2025.424.19.0. Which would be last April the 24th.

It's blazingly obvious that it's the last date that something downloadable got updated, with a version or sequence number of some kind. The zero in the final field is probably there because someone is using a 4-field version datatype. To publish a date.

saghm

I wouldn't be surprised if the final zero is actually intentional; it would allow incrementing it if you need to publish more than one version on the same date. It's not likely to be needed, but if something is on fire and you absolutely need to push out a quick fix, having to figure out what version to call it is probably the last thing you want to have to worry about.

JdeBP

Never attribute to some deeply sophisticated planned ahead engineering, that which can be satisfactorily explained by the fact that it's a lot easier to serialize and deserialize a System.Version in an HTTP body, in a universal fashion that will work for every computer in whatever locale, than it is a System.DateTime plus a separate sequence number. (-:

* https://learn.microsoft.com/en-gb/dotnet/api/system.version....

* https://learn.microsoft.com/en-gb/dotnet/api/system.datetime...

Springtime

This is a reasonable reaction to this. I pause when accusations jump immediately to spying as other explanations can exist without adding to FUD and noise online. It's not always difficult to find the purpose of something either with a bit more digging.

I've seen something similar occur for some popular Youtube videos, too. A video author will fire up some arbitrary Windows setup, which can come bundled with third-party software and use Bing for various things including weather in the taskbar and queries in the search bar, then open Wireshark to scaremonger with DNS queries, accusing Microsoft of spying just for requests made by the services/programs/features they have enabled in their install.

When often cursory lookups of the domains in search engines show what their purpose is and are contrary to such videos' alleged (and worse, guessed) purpose.

It's a problem as there are legitimate concerns with certain aspects of Windows software with non-privacy respecting defaults but for an average user it gets muddled with irrelevant/incomplete info that doesn't lead to high quality actionable results.

cosmotic

I remember when buttons in the control panel did what the labels said they would do along with help buttons that opened local help documentation that was accurate, concise, clean, interlinked, organized, searchable, and instant. Now the buttons in Settings open bing search results page in Edge (even when not the default browser) that have 0 results.

butz

They will probably use collected telemetry data to build a third "control panel" to go along with already existing "control panels".

userbinator

I saw this happening in 11 too, not surprisingly. It's become increasingly difficult to get Windows to stay quiet on the network, although a lot of other software is also guilty of this background noise.

Devasta

Just like with IE, Microsoft will lose domination in the OS space for no other reason than it just gave up.

It's maddening that they is a really capable OS sitting right underneath the layers of crap we have to deal with.

keyringlight

I'd love to have the inside insight on how MS see WINE and related products and how that compares to how they saw chromium versus Trident/EdgeHTML. I really wonder if windows by itself is a loss leader to other areas where they do make money and would love to stabilize the desktop side and outsource/"contribute" that to others to maintain, just so long as they could keep money coming in from office, user administration, support contracts, alongside the services side.

On a tangent I wonder a similar thing about nvidia/AMD carrying around decades worth of tweaks and fixes for old games within their GPU drivers (and matching that is a cost for entry for intel), could they shed a burden by opening that to projects like DXVK.

red_admiral

This sounds like standard telemetry to me, probably only ever studied on aggregate and so fairly anonymised data.

I'm not saying this is good, and I hope the EU mandates an effective OFF switch. But I don't see how Microsoft cares that you personally adjusted your screen brightness out of all the billions or so of data points they collect each day.

Maybe the NSA's permanent record programme has some use for this?

Sophira

On the topic of blocking host names using the hosts file:

> The nslookup command returned valid IP addresses for both sub-domains, rather than the dummy IP addresses I put into the hosts file. Beats me why. DNS logging showed that nslookup queried my router for the IP addresses.

The reason for this, as I understand it, is that nslookup queries the configured nameserver directly instead of using the getaddrinfo (or similar) function. (This is why the tool is named as it is - "nslookup" stands for "name server lookup". It was never a general purpose resolver tool.)

Yes, this means that programs can simply bypass the hosts file if they want. However, it's worth noting that, even if you do use a pihole as the article suggests, programs can also bypass that by simply querying against a public DNS server like Google's 8.8.8.8. And if you block DNS to those, programs can use DNS-over-HTTPS.

Of course, a large company like Microsoft probably has a lot of static IP addresses at their disposal, so they could just hardcode those instead and just bypass DNS altogether, at which point, basically your only recourse is to add a firewall rule to block that IP address.

It's very difficult to ensure no connectivity short of denying Internet access entirely.

TiredOfLife

It's not like windows has built in firewall or anything.

globular-toast

I ditched Windoze 15 years ago and never looked back. There's never been an easier time to do it than now. Even if you can't do something on Linux, whatever it is isn't worth it. There's so much to do in life that it's more about choosing what not to do. Wherever possible choose love and generosity over hatred and greed.

leakycap

I use my secured guest network for Windows and entertainment devices.

Unfortunately there is still a lot that isn't convenient to do on Linux or even macOS if you work in a niche with custom drivers or development hardware involved.

nmeofthestate

There's a potentially interesting article here where the content of the network requests and responses is investigated to find out what's happening, but this article isn't that - it just knee-jerks into cranky allegations of sPyiNg.