logoalt Hacker News

poguetoday at 9:47 AM1 replyview on HN

Only way to see what's going on is testing to see what's going on. Hopefully, someone who knows more about it than me can take a look at the packets and see what they contain.


Replies

Terr_today at 5:44 PM

I found this talk [0] and some of the slides suggest that Windows is, at least in some circumstances, packaging web-browsing data into telemetry.

To lift examples from the slides, that includes page titles:

    "CorrelationGuid": "7da62b73-082f-4eb2-a370-135d0113e1dd",
    "EventInfo.Level": 2,
    "PageTitle": "SiSyPHuS AFUNKT - Search",
    "TabId": 830425073,
    "client_id": -7497793556371901000,
    "pop_sample": 100,
    "utc_flags": 140737488355328
    
The transitions between pages:

    "IsSameDocumentNavigation": 0,
    "client_id": -7497793556371901000,
    "navigationUrl": "https://www.bsi.bund.de/DE/Service-
    Navi/Publikationen/Studien/SiSyPHuS_Win10/AFUNKT/SiSyPHuS_AFUNKT_node.html",
    "referUrl": "https://www.bing.com/",
    "HttpStatusCode": 200,
And even which link you clicked in the page:

    "DOMElementPath": "A|1||c-link%20c-link--download%20FTpdf;P|5[…]gsb%20lang-de%20fixed%20js-on;HTML|1||",
    "DOMAnchorHrefUrl": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/AFUNKT.pdf?__blob=publicationFile&v=6",
[0] https://troopers.de/troopers23/talks/bsabut/