Look at it this way: PowerShell sends telemetry. The Terminal in which it runs sends Telemetry. The "dotnet core" framework PowerShell uses in turn also sends telemetry. The PowerShell modules you load (from Microsoft!) send telemetry.
In effect, ONE application has at least four independent sets of telemetry.
This is the console, the kind that you would use on servers. High-security servers in DMZs. Servers hosting police records, health records, or even military secrets.
FUD my arse. It's a torrent of information that seeks every crack it can find to "get out", purposefully designed to circumvent mitigations by security teams.
Two examples: Microsoft regularly changes which environment variables disable telemetry. Just about every major release means that I have to check if it is now "DOTNET_TELEMETRY=Off" or "NET_TELEMETRY_CORE=0" or whatever. This isn't an accident. Nobody's "finger slipped". The old telemetry started to tail off and someone "fixed it" in Microsoft to get 100% coverage, against the will of their privacy concious customers.
Similarly, some Windows telemetry uses "microsft.com" instead of "microsoft.com" to bypess firewall rules blocking the latter.
You can't tell me that this is "nothing to worry about" when it feels an awful lot like the enemy is inside the gates and is actively hostile to any measures taken to stop them progressing further into the network.
Telemetry is essential thing to understand how service is used. It leads to better service for all users.
In the case you mention, it should be IMO up to you to prevent this, probably via firewall.
Having standard telemetry environment variable might be for the best. There is a risk in this case to disable telemetry systematically though, even if you want to just block it in one app, which is also not something I as vendor of many tools would want.
This is probably not easy to fix for everybody to be happy. And its probably not that important for security - there are FAR easier way to deduce something about someone then to 1) hack microsoft telemetry servers or transit 2) look into the patterns of use of specific programs. Besides, telemetry data is anonymous. So I guess even in the case you get the data, what could you do with it ? I can send you billion of telemetry data of government services I make, you can only deduce that people start working at 7AM and get lots of passwords wrong before first coffee.
Why is any of this an issue if they are collecting actual metrics on their own software?
I have plenty of environments that run whitelist only, you can always go that route and not think about any vendor, any software not getting out.
And stuff like this is just inflammatory:
>Similarly, some Windows telemetry uses "microsft.com" instead of "microsoft.com" to bypess firewall rules blocking the latter.
Do you think we'd just block *.microsoft.com over their telemetry domain, microsft.com? Half the planet is in O365.
And on the flip side you know we'd all block telemetry.microsoft.com just because, it wouldn't matter what they collect and not think twice, then turn around sell it to people as "we are adding security".
In effect, ONE application has at least four independent sets of telemetry.
This is the console, the kind that you would use on servers. High-security servers in DMZs. Servers hosting police records, health records, or even military secrets.
FUD my arse. It's a torrent of information that seeks every crack it can find to "get out", purposefully designed to circumvent mitigations by security teams.
Two examples: Microsoft regularly changes which environment variables disable telemetry. Just about every major release means that I have to check if it is now "DOTNET_TELEMETRY=Off" or "NET_TELEMETRY_CORE=0" or whatever. This isn't an accident. Nobody's "finger slipped". The old telemetry started to tail off and someone "fixed it" in Microsoft to get 100% coverage, against the will of their privacy concious customers.
Similarly, some Windows telemetry uses "microsft.com" instead of "microsoft.com" to bypess firewall rules blocking the latter.
You can't tell me that this is "nothing to worry about" when it feels an awful lot like the enemy is inside the gates and is actively hostile to any measures taken to stop them progressing further into the network.