The connection only allowed access to MS activation servers, but also DNS.
The DNS would resolve any domain, even the ones that don't belonged to MS, so they could use it to get data out.
I told this story to a few people in my time, all working in IT, and all thought I was bullshitting them, like I was some crazy conspiracy theorist.
And now I'm reading that this is a well known technique and there are even libraries doing this.