Blocking Microsoft Domain Names

I have a Windows 10 “entitlement” license. I also have Windows 7 on the same machine. I keep both systems mostly for curiosity and partly in case job requirements need either system. The systems are run using raw disk access through a virtual machine (VM) on an Ubuntu MATE system that is connected to a router VLAN. How is that for a simple statement of distrust?

The Microsoft folks looked around and realized the Google, Facebook, and advertising folks were tracking the Hell out people and getting away with those efforts. Like greedy mobsters the Microsoft folks wanted in on the action.

I do not have play this game.

I reject this idea that everybody can and should be tracked. I use a layered approach to impede Microsoft tracking.

I do not use Windows for anything productive. The Windows system sits in the house powered off most of the time. If I had to use Windows then my VLAN/VM configuration provides prophylactic protection.

I block more than 240 Microsoft URLs.

Exactly the same way I impede Facebook tracking. I use dnsmasq and a special block list.

The dnsmasq block list is not 100% complete. Some domains are permitted to allow updates. The strategy does not block IP addresses hard-coded directly into the Microsoft operating system. Yet I am confidant the list blocks more than enough to foil most tracking attempts.

I use dnsmasq on my LAN server for DNS name caching. dnsmasq supports a feature called addn-host. I use three different lists. One is a generic list to block advertiser domains as well as undesirable and malicious domains. This generic file contains more than 216,000 domain names. I name the file /etc/hosts-blocked.

Another block list is for Microsoft domains. I name this file /etc/hosts-ms. The list is available here.

The respective /etc/dnsmasq.conf directives look like this:

addn-host=/etc/hosts-blocked

addn-host=/etc/hosts-ms

To support updates, the list of domains not to block is found here.

More than a few Microsoft domain IP addresses are hard-coded into the operating system and cannot be blocked by this strategy. One of these days I will get around to blocking domains at the router through firewall rules. For now the monkey-wrenching effort remains satisfying and rewarding.

Posted: Category: Tutorial Tagged: General, Windows

Next: Some Simple Solutions

Previous: Blocking Facebook Domain Names