I was just writing it up.
So Microsoft finally offers some real documentation what the Basic telemetry level sends in the 1703 Creator’s Update coming this month. Note that you are not permitted to set your telemetry lower than Basic in a supported manner on Windows Home or Pro. This is the minimum telemetry they allow.
It’s great to get some documentation, but much of it is so general that you really can’t tell what they’re sending back to the mothership. We get some sort of inkling, but it is not sufficiently specific to nail it all down.
This only covers the items I found interesting-- the whole list goes on for many many many pages. They collect a metric shitton of stuff on basic.
Common Data Extensions & stuff like Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
- These are so generic that they could really cover any behavior. Many of these could log every key you press, every running process, etc. No way to tell from the information provided. They refer to events, scenarios, or flights triggering telemetry but don’t tell you what the triggering things actually are.
Common Data Fields.MS.Device.DeviceInventory.Change
- Every time you add or remove a device, you tell MS about it. When you plug in a mouse, a webcam, a flash drive, whatever.
Pre/Post upgrade settings
- Tells MS what a bunch of settings looked like before and after the 1703 upgrade.
Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd & Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
- Sends “compatibility info about files”. It’s unclear how often the “appraiser” runs. This could tell microsoft literally every time you run any executable, or it might only apply to a whitelist of anti-virus exe files. We have no way to tell.
Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd & Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove &
Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd & Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove &
Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd & Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove & Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd (and many more)
- Tells microsoft every time you plug-in/remove a device. Every USB flash drive, every mouse, every wifi adapter, etc, they want to know about it. Also whenever you upgrade any driver.
Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd & Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove
- They want to know when you upgrade your BIOS too.
Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd & Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove
- Sends metadata of ANY file on the system. Filename, date, path, product name, size, etc.
- They say is must be “part of a compatibility database”, so it is a whitelist, but we have no idea how large the whitelist is or whether it contains wildcards like “*.jpg”. They don’t tell us.
Census.App
- Sends info about all apps running. Possibly only UWP apps covered-- we have no way to know.
Census.Hardware, Memory, Network, Processor, UserDisplay, etc.
- Sends all info about the device’s hardware. Name, chassis, serial, SKU, etc. Pretty much everything.
Microsoft.Windows.FaultReporting.AppCrashEvent & Microsoft.Windows.HangReporting.AppHangEvent
- Sends comprehensive info any time a program crashes or hangs, both win32/64 executables and UWP apps. Does not send a memory dump on Basic.