WindowsSpyBlocker is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems .
The approach of this project is to capture and interpret network traffic based on a set of tools. Depending on the interactions between services and source or destination of traffic, rules are created and sorted by assignment.
Main window of WindowsSpyBlocker
app.conf is generated at first launch :
For more info, take a look at Wiki.
Download WindowsSpyBlocker and run exe file
0 – Block Telemetry and data collection
1 – Several Tools used by
Asnlookup: Look up IP addresses registered and owned by a specific organization
Telemetry and data collection
To capture and interpret network traffic, QEMU virtual machines are used on the server virtualization management platform Proxmox VE based on :
- Windows 10 Pro 64bits (+ Microsoft Office 2019) with automatic updates enabled.
- Windows 8.1 Pro 64bits with automatic updates enabled.
- Windows 7 SP1 Pro 64bits with automatic updates enabled.
Traffic dumps are cleaned monthly and compared with the current rules to add or remove some hosts or firewall rules.
Tools used to capture traffic :
data folder contains the blocking rules based on domains or IPs detected during the capture process :
data/<type>/extra.txt: Block third party applications (Skype, Bing, Live, Outlook, NCSI, etc.)
data/<type>/spy.txt: Block Windows Spy / Telemetry recommended
data/<type>/update.txt: Block Windows Update
Firewall and Hosts data are the main types. The others are generated from these as :
- DNSCrypt : a protocol for securing communications between a client and a DNS resolver.
- OpenWrt : an open source project used on embedded devices to route network traffic.
- P2P : a plaintext IP data format from PeerGuardian.
- Proxifier : an advanced proxy client on Windows with a flexible rule system.
- simplewall : a simple tool to configure Windows Filtering Platform (WFP).
And about data collection, you can read the Telemetry collection page for more info.
Projects using WindowsSpyBlocker
- BlackArch Linux : an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
- Blackweb : URLs Blacklist for Squid
- BlahDNS : A small hobby ads block dns project with doh, dot, dnscrypt support.
- DNSCrypt Proxy : A flexible DNS proxy, with support for encrypted DNS protocols.
- Energized Protection : Let’s make an annoyance free, better open internet, altogether!
- FilterLists : An independent, comprehensive directory of filter and host lists for advertisements, trackers, malware, and annoyances.
- LEDE Project : A Linux operating system based on OpenWrt.
- Mikrotik hosts parser : An application that blocks “advertising” for routers based on RouterOS.
- OpenWrt adblock package : DNS based ad/abuse domain blocking
- OPNsense : An open source, easy-to-use and easy-to-build HardenedBSD based firewall and routing platform.
- pi-hole : A black hole for Internet advertisements (designed for Raspberry Pi).
- simplewall : Simple tool to configure Windows Filtering Platform (WFP).
- void-zones-tools : A list of void zones that can be readily feed into Unbound on FreeBSD.
- WPD : Customize Group Policy, Services and Tasks, responsible for data collection and sending, as you like.