Some Windows 10 versions (Enterprise, Education, and IoT Core editions) support an additional telemetry level, telemetry level 0: security. Our focus is to identify and analyze the traffic of a Windows 10 client with the most restrictive privacy settings activated. To do this we use a Raspberry Pi 3, which is a single-board computer the size of a credit card. Since all telemetry communication is encrypted, we need to perform a man-in-the-middle attack. Now our goal is to analyze the communication by monitoring the data being sent. softScheck already identified this traffic in an earlier analysis. Windows 10 has been observed to establish encrypted connections to Microsoft servers without a direct related user interaction.
The focus of this research is to analyze the amount of privacy provided in Windows 10 when using the most restrictive privacy settings available.
