WindowsSpyBlocker is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems. The initial approach of this application is to capture and analyze network traffic based on a set of tools. It is open for everyone and if you want to contribute or need help, take a look at the Wiki.

Telemetry and data collection

To capture and analyze network traffic for the telemetry option, QEMU virtual machines are used on the server virtualization management platform Proxmox VE based on :

  • Windows 10 Pro 64bits with automatic updates enabled.
  • Windows 8.1 Pro 64bits with automatic updates enabled.
  • Windows 7 SP1 Pro 64bits with automatic updates enabled.

Traffic dumps are clean every day and compared with the current rules to add/remove some hosts or firewall rules.

Tools used to capture traffic :

All traffic events are available in the logs folder :

  • *-hosts-count.csv : number of events per host
  • *-unique.csv : the first trigger of an event per host/process/destination port

The data folder contains the blocking rules based on domains or IPs detected during the capture process :

  • data/<type>/winX/spy.txt : Block Windows Spy / Telemetry
  • data/<type>/winX/update.txt : Block Windows Update
  • data/<type>/winX/extra.txt : Block third-party applications

Firewall and Hosts data are the main types. The others are generated from these as :

  • DNSCrypt : a protocol for securing communications between a client and a DNS resolver.
  • OpenWrt : an open source project used on embedded devices to route network traffic.
  • P2P : a plaintext IP data format from PeerGuardian.
  • Proxifier : an advanced proxy client on Windows with a flexible rule system.
  • simplewall : a simple tool to configure Windows Filtering Platform (WFP).

And about data collection, you can read the Telemetry collection page for more info.

Download

git clone https://github.com/crazy-max/WindowsSpyBlocker.git

Usage

Source: https://github.com/crazy-max/WindowsSpyBlocker