Are you sure it has no telemetry? The only way I can think to be sure would be to block it in your router. Lots of software still does telemetry even if you try to disable it. There was a researcher a while back who found out that iOS sends in telemetry even if you explicitly disable it. He had to basically MITM his own phone and watch all the packets in Wireshark, but he figured out it was sending telemetry even with all the telemetry options disabled.
Interesting! What if it connects to a server by IP without using DNS? Do you have a way to track that?
My concern would be that without diasssembling all of the components, isn’t it impossible to know which pieces have telemetry? For example, on iPhone, some of the core OS UI elements have telemetry built-in to keep track of which elements are displayed, selected, etc. And, based on research, some of that telemetry stays active even when you “disable it.” Based on that, I wouldn’t be surprised if the Control Panel or Device Manager has telemetry built-in. I know PowerShell has telemetry, at least, since that’s documented.
I guess it would be possible to disassemble and identify which OS pieces access the networking APIs. Is that what you’ve done? I had a friend who was working on something like that one time to hone his disassembly skills. I’m not sure what you’d do if the kernel itself has telemetry. I guess you could patch it out, but that feels like an uphill battle.
Are you sure it has no telemetry? The only way I can think to be sure would be to block it in your router. Lots of software still does telemetry even if you try to disable it. There was a researcher a while back who found out that iOS sends in telemetry even if you explicitly disable it. He had to basically MITM his own phone and watch all the packets in Wireshark, but he figured out it was sending telemetry even with all the telemetry options disabled.
deleted by creator
Interesting! What if it connects to a server by IP without using DNS? Do you have a way to track that?
My concern would be that without diasssembling all of the components, isn’t it impossible to know which pieces have telemetry? For example, on iPhone, some of the core OS UI elements have telemetry built-in to keep track of which elements are displayed, selected, etc. And, based on research, some of that telemetry stays active even when you “disable it.” Based on that, I wouldn’t be surprised if the Control Panel or Device Manager has telemetry built-in. I know PowerShell has telemetry, at least, since that’s documented.
I guess it would be possible to disassemble and identify which OS pieces access the networking APIs. Is that what you’ve done? I had a friend who was working on something like that one time to hone his disassembly skills. I’m not sure what you’d do if the kernel itself has telemetry. I guess you could patch it out, but that feels like an uphill battle.