Windows 10 Telemetry - Some questions, and how does it work?

First up I have to say that I don't mind Microsoft collecting telemetry data from my computer. They can take anything they want, within reason of course, and as often as they like, but I would like to know the following:

  • How often is telemetry data taken, depending on the different telemetry level setting?
  • Can we see examples of the datasets taken? It's nice to see everything listed in TechNet, but I'd like to see an example also.
  • What is the size datasize of the dataset taken?
  • If the FULL setting for telemetry is set (which all insiders have by default and can't change), it says Microsoft could run diagnostics on our computers, get registry data and even documents, if they are related to a crash/bug. How would we know this was happening? We should be able to at least know when this happened. Is this done via the telemetry client by a Microsoft Engineer?
  • Can we have a telemetry frontend GUI where we can at least see what data was sent, and when.

So, I've read through the TechNet article here which explains a lot but doesn't answer the questions above. Here's the bit on Full Level:

I've been doing some digging to try to work out what controls the telemetry client in Windows 10, and where any information might be stored on the computer. So far, I've not found too much, so was wondering if anyone else has done any analysis?

I've worked out that when you change the telemetry setting in the settings app, it invokes the telemetry.desktop.dll but I imagine that merely calls the telemetry client and I don't know anything about decompiling dlls to even find out what might be in there.

Where is the telemetry client in Windows 10? Does it run as a Service? There are a few services that could be the telemetry client, like those beginning with "Diagnostics" in their titles but I'm not convinced. Or is it simply an upgraded Windows Error Reporting Service being used?

Has anyone found out any more information regarding the telemetry client?

This thread isn't about stopping Microsoft taking telemetry, but to understand what's going on, and get answers to some questions about how it works.

 

Discussion Info


Last updated July 24, 2019 Views 4,127 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hello Namesake,

First let me commend you on your detailed and to-the-point question. Very good.

As to your question: Yeah, you and me and about every other Insider and W10 user.

I have subscribed to this thread, just so to say what and if any MS Engineer is kind enough to reply. Should be fun |-)

PS Don't hold your breath while waiting
Founder of the STI Project

Hello Namesake,

First let me commend you on your detailed and to-the-point question. Very good.

As to your question: Yeah, you and me and about every other Insider and W10 user.

I have subscribed to this thread, just so to say what and if any MS Engineer is kind enough to reply. Should be fun |-)

PS Don't hold your breath while waiting

Hi Stephen. It's Stephen here :)

Hopefully this is just the start. I intend to keep digging myself. Shall post here whatever else i find :) 

Reply In reply to deleted message

Most is in the registry  I saw 1  cant remember exactly what it was  but it was set to connect every 30mins  as to where I couldn't figure it out

I haven't had a good look in registry yet so thanks for the suggestion :)

PS - How you get insider "badge" under your name. I've been insider for ages but never got one :/ :p

I haven't had a good look in registry yet so thanks for the suggestion :)

PS - How you get insider "badge" under your name. I've been insider for ages but never got one :/ :p

Anyway, I was wondering what exactly what the goal is here. Are we trying to identify the processes and/or registry keys that control the telemetry? (In order to maybe disable it?)

Or are we just in general trying to find out what exactly is contained in said telemetry?

RE: No Badge, LOL, It appears we have here a clear case of anti-stephenism! Have you read my sub-line?

Founder of the STI Project

I haven't had a good look in registry yet so thanks for the suggestion :)

PS - How you get insider "badge" under your name. I've been insider for ages but never got one :/ :p

Anyway, I was wondering what exactly what the goal is here. Are we trying to identify the processes and/or registry keys that control the telemetry? (In order to maybe disable it?)

Or are we just in general trying to find out what exactly is contained in said telemetry?

RE: No Badge, LOL, It appears we have here a clear case of anti-stephenism! Have you read my sub-line?

They've added the ability to turn it off with Group Policies for Windows 10 Enterprise. No idea if it works in consumer editions. The problem here is, how would I know I've turned it off? :) I don't know what runs, when, or where to look to see if it's running or not.

The objective here is to try to push for more transparency from Microsoft and hopefully a GUI front-end, Event Log or just a plain log file that details when telemetry data is sent, and the contents. So, if one wants to find out, they can.

I did have a quick look through the registry for the keyword "telemetry" but got side lined by telemetry that goes on in Office and other apps.

PS - Insider Badge. Oh yeah! Hmmm. I think we could sue Microsoft for such discrimination :)

They've added the ability to turn it off with Group Policies for Windows 10 Enterprise. No idea if it works in consumer editions. The problem here is, how would I know I've turned it off? :) I don't know what runs, when, or where to look to see if it's running or not.

The objective here is to try to push for more transparency from Microsoft and hopefully a GUI front-end, Event Log or just a plain log file that details when telemetry data is sent, and the contents. So, if one wants to find out, they can.

PS - Insider Badge. Oh yeah! Hmmm. I think we could sue Microsoft for such discrimination :)

There are certainly some Group-policy options in the Pro version. How and where this differs from the Enterprise version, I have no idea.

Your objective is certainly worthy and you have my full support on that one! Do you mind if we extent this with the Location Service? I have Location disabled on my PC (it's not that mobile |-) but still the glyph lights up regularly. That does not sit well with me, so I would like to see the processes that activate it (and when they do). Telemetry is one thing, but having my location tracked 24/7 is simply unacceptable.

I am running the Insider configuration and as part of that, you agree to sending telemetry to MS, which might well be the cause. Unfortunately I have no machine in 'Release'-mode, so I can't check whether it would show there as well.

So if anyone could check that for me, I'd be grateful.

PS Whoopy! Yeah, let's sue MS, go on, you start the process and I'll be right behind you (only a couple of miles or so |-)

Founder of the STI Project

Had another 30 minute look through processes ... and all I discovered is that this command controls the Diagnostic and Telemetry drop-down list in Settings ...

C:\WINDOWS\system32\SystemSettingsAdminFlows.exe" FeedbackOptinLevel 1

If you run that with either 1, 2 or 3 at the end, it'll change the drop down box value. Exciting huh? :p 1 being basic. 3 being enhanced.

Had another 30 minute look through processes ... and all I discovered is that this command controls the Diagnostic and Telemetry drop-down list in Settings ...

C:\WINDOWS\system32\SystemSettingsAdminFlows.exe" FeedbackOptinLevel 1

If you run that with either 1, 2 or 3 at the end, it'll change the drop down box value. Exciting huh? :p 1 being basic. 3 being enhanced.

That is exciting, LOL. But what is it? A search on MSDN turns up a complete blank (3 hits about KB's containing it). But it is on my machine so what the...

I tried running a command prompt with /? and /help but that just shows nothing. Maybe I should run it with Admin-rights but I does not tell me it needs admin-right and will certainly not try that before I have any idea what it is all about

Founder of the STI Project

RE: SystemSettingsAdminFlows

My little gray cells seem to remember that from one of the first W10 beta's. Did some digging and am now pretty sure it is equivalent to this:

Founder of the STI Project

RE: SystemSettingsAdminFlows

My little gray cells seem to remember that from one of the first W10 beta's. Did some digging and am now pretty sure it is equivalent to this:

Yup. Sorry. I should have said. That command indeed controls value of that box, of which you can't change it on insider builds. I was playing on my RTM TH2 box.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.