I have just switched to windows 10 from windows 8.1 and have been changing my privacy settings to minimize the amount of data sent to windows. As part of protecting my privacy I disabled Cortana and online search results from the search bar, So I was surprised when I saw network usage listed under search in the task manager app history. I confirmed that it was still using the network with the online search disabled, and then I used “Microsoft Network Monitor” to try and get an idea of what data was being transferred. From my tests I can confirm that once at least one character is entered into the search bar the Microsoft application "SearchUI.exe" establishes a SSL/TLS connection with bing.com (ip 204.79.197.200). With the connection established packets containing encrypted data is transferred between the local computer and bing.com usually one or two packets back and forth containing about 1kB of "SSLApplicationData".
Has anyone else seen or herd of this? Does anyone know what is contained in the encrypted
TLS packets?