Jury is still out: http://superuser.com/questions/1038050/does-oo-shutup-10-eff...

Jury is not out, shutup10 turns off "official' telemetry services. Problem is MS build in telemetry into everything now, explorer, cortana, edge, crypto service or dnscache, _everything_ calls home regularly ~once per hour during ordinary use.

Only way to 99.9% block telemetry is to switch blocking all outgoing by default in firewall and whitelist what you use. This still leaves DNS exfiltration route :(

Did you read the comments where, if you do block the standard ports, the telemetry system in Win10 goes all subversive botnet-like and starts connecting on random ports to random hosts in order to get out of the firewall?

Frightening.

Can you please provide a link?

I think he talks about W10 ignoring hosts file and calling home using raw IPs if you block usual domains. This still gets blocked with firewall.

DNS is a problem tho, I dont know of any dns clients with per application whitelist functionality :( This means every program on the system can make dns queries.

Not if you run your own DNS server.

Do you know any windows dns cache programs able to filter per application sending a query? Is it even possible in Windows to do that?

Something that would allow chrome.exe full access, but block all dns queries from svchost.exe process?

You would need a software firewall for that.( Komodo? ) Not a cache server. Though running your own dns server on top of that would be nice too.

afaik Windows firewall is not able to block loopback communications, can komodo?. I dont want to give up dns caching, and since I dont know of any way to firewall localhost traffic in windows I figured only way would be in dns caching program itself.

So far only way to prevent dns tunneling I can come up with involves giving up dnscache :(. To make up lost performance you could maybe run dnsmasq on the router, or in a virtual machine? or somehow force dnscache to listen on virtual network adapter?