Nvidia Adds Telemetry To Latest Drivers

[obsigna]

I understand that firewalls can block arbitrary addresses, but I also know that this would not stop anyone.

We are not talking about criminals, secret services, and intelligence agencies. We are talking about companies with tens to hundreds of millions of customers, to whom they want to keep in touch everyday. Just for the sake of load balancing, nowadays CDN services are used for this, that in turn assign domain aliases as entry points. Therefore, DNS walls are so effective these days.

There is no reason a semi-random list of IP addresses cannot be used, and those would not necessarily be in a company's IP block. Think "partners".

Maybe that some of these companies evaluate falling back to stone age methods once the share of their "customers" who uses telemetry blocking increases significantly, let's say from 0.01 ‰ to 25 % - Good luck!

Some of us may then think again about the suggestion of TeamBlackFox in message #21.

And of course, any update to the driver or firmware or even something that seems entirely unrelated can change it all entirely.

Nice idea, changing the IP addresses for some customers who updated, and loosing contact to all the others. BTW, this is the reason why DNS exists.

The point is that counting on DNS to stop this is very fragile.

I agree, in edge cases this method may be fragil, in 99.9 % of the usual cases it is effective, though.

 

[obsigna]

The domain names, which NVIDIA seems to use for Telemetry (i.e. found in the calling home payload by others) might be:

gfe.nvidia.com
gfwsl.geforce.com

I do not own a GEFORCE, and cannot check this. Before adding this to the void-zones, it might be good to wait for an independent confirmation.

 

[wblock@]

We are not talking about criminals, secret services, and intelligence agencies. We are talking about companies with tens to hundreds of millions of customers

It is hard to see a big difference between those. None are greatly concerned with laws, all want to conceal their activities. Let me just put it this way: blocking with DNS assumes that the people who want their stuff to report home do not have a big incentive to try alternate methods.

 

[rhsbsd]

It doesn't stop there. I'm sure most of you know about this https://newrepublic.com/article/117037/us-gives-iana-and-dns-control-icann. That's just one article, one view point. Recently on my own personal machine I decided to enable unbound and make it permanent. Its probably the best thing I've ever done because it allows you to control with whom you will get your telephone information from and spread it out over those (I use 18) dns servers. Then you can run dnstop -l 4 wlan0 all the time and this allows you to find out exactly who is calling whom. This then in turn enables you to fix the offending application by whatever means you prefer. I keep, successfully, d-tuning so to speak, my choice of web browser but still maintain full functionality. It stays that way until I choose to update it and then once again plug the leaks.
Going after the application is much better than constantly trying to shore up, or build a defense. Also, if you contact the sofware vendors involved, and more people start doing that, you may be in for a pleasant surprise. FreeBSD is the best choice for doing all of the above and then some.