> the machine is a fresh install of Windows, what exactly is the data you think is being exfiltrated? In most cases... there's just nothing there.
Then there shouldn't be any requests.
> At best, someone now knows that ip x.x.x.x is running windows version y.y.y.y, and possibly that the user account is z.
Is this something you have inside information about? How many requests does this take? Your sentence seems far longer than the single serialized string that would have to be sent.
edit: and to be more direct, how is it all right for you to speculate about things you don't know but not all right for the OP? Is it only legitimate to make up excuses for suspicious behavior, and illegitimate to be suspicious of it?
> So again - without talking about the actual data in the requests (and not just a dns record...) this isn't really a helpful conversation to have.
I'm not fucking speculating. I'm saying DNS records are a trash excuse for actually looking at the data. If they want to make spurious claims - the burden of proof lies firmly with them.
In the mean time:
> Then there shouldn't be any requests.
I literally just told you why they're making these requests... they're fetching data to display on widgets related to local news and weather, and they're tracking their install numbers.
You can bitch and moan about that - but they're very clear that they're doing it at install time, and most times you can opt out.
Then there shouldn't be any requests.
> At best, someone now knows that ip x.x.x.x is running windows version y.y.y.y, and possibly that the user account is z.
Is this something you have inside information about? How many requests does this take? Your sentence seems far longer than the single serialized string that would have to be sent.
edit: and to be more direct, how is it all right for you to speculate about things you don't know but not all right for the OP? Is it only legitimate to make up excuses for suspicious behavior, and illegitimate to be suspicious of it?