Windows 10 spies on your use of System Settings (2021)

Summary

October 23, 2021 I am a big fan of Nir Sofer. He creates great utilities for Windows and his software is both free and portable. Recently, he released a new DNS logging program DNSLookupView. He already had a DNS logging program called DNSQuerySniffer but the new program gets its raw data from a different source. So, I have been running both of them side by side to see the pros/cons of each. And, while logging DNS requests on a Windows 10 machine, I came across some interesting stuff. The computer in question was running Windows 10 Home Edition, service pack 20H2, build 19042.1083, which means it has bug fixes as of July 6, 2021. It was logged on with a local account, not a Microsoft account. It was also locked down as much as possible. Every customization I could find in the Systems Settings was disabled. Many of the scheduled telemetry tasks were disabled. With the DNS logging programs running, I happened to look at the System Settings. I didn't change anything, just looked at a couple settings. DNSLookupView showed that this generated two DNS queries, one for www.bing.com and another for cxcs.microsoft.net. If you are thinking WTF? So was I. You can see the DNS log below. DNSLookupView output The queries were made by program C:\Windows\ImmersiveControlPanel\SystemSettings.exe and the query type was AAAA. The sub-domain www.bing.com resolved to ::ffff:13.107.21.200 and ::ffff:204.79.197.200. The sub-domain cxcs.microsoft.net resolved to ::ffff:96.17.141.116. Of course a DNS query is not data transmission. Typically, however, it immediately precedes a data transmission. After seeing this the first time, I ran a second test that looked for data transmission. For this, I used another Nir Sofer program called TcpLogView that logs every outbound TCP request. If Windows is phoning home via UDP, I would not see it. Below is the output from TCPLogView for the exact same second (2:30 and 51 seconds) as the DNS queries for www.bing.com and cxcs.microsoft.net. TCPLogView sho...