Have you used a modern smartphone platform like iOS, Android or Windows Phone today? Did you use a free e-mail service like Gmail? Have you checked in and posted your latest life whatevers on Facebook, Twitter or some other social network or liked someone else’s post? Maybe you moved some files around with Dropbox? Did you purchase something from a reasonably sized retail chain of some kind? How about with a loyalty card? A credit card? Congratulations, you’ve given away far more personal information than you will by using Windows 10. You also didn’t have a choice in most of those cases and those companies are likely going to use it to profit off your back.
The latest tech press outrage–because there always has to be one these days–is how the newly released–and rather excellent I might add–Windows 10 is a privacy black hole that’s leaking personal information about you left and right and that Microsoft is spying on you and you shouldn’t upgrade if you care about security and blah blah blah. Much of this is coming from the same sites and authors that waved away any responsibility on Apple’s part for the nude photos leak last year (hint: the hack happened as a direct result of their lacking security). The double standards and hypocrisy at play here is plain as day but of course, it’s Microsoft and the tech press is full of Apple fanboys so that makes it OK I guess. I’m happy to call out Microsoft when they do wrong–believe me, they have many times–but this situation is just another example of clickbait outrage culture run amok.
Does Windows 10 phone home some data? Yes. Should Microsoft have been much clearer about that up front and made it opt-in? Yes. Can you easily opt-out of it if you want to? Yes and it’s even easier now. Is that data personally identifying? One part potentially is but that’s it. Most of the rest of it is designed to see how most people are using Windows to (GASP!), help make it better! Given how much people irrationally hated Windows 8, you’d think that would be welcome.
So let’s break down what information is collected and how it’s used with the help of this ghacks.net article:
- Microsoft creates a unique advertising ID for each user on a device running Windows 10. This can be turned off in the Privacy Settings. – This is the part that can be identifying. Essentially, this is a unique ID that is used to track what ads you’re looking at/clicking on and if the setting is enabled, different apps can use the ID so that you get the same ad preferences everywhere. Turning it off doesn’t stop ads from appearing in apps, it just prevents different apps from knowing what ads you’ve seen. It also only applies to Windows Store apps. I turned this off but literally every web site with ads uses the same technology and unless you constantly clear browser cookies, it’s always there and you can’t opt-out of it. You may not like it but as I’ve ranted about before, if you don’t want to pay for stuff and still want it to get made, this is the way it is.
- What you say or type may be processed by Microsoft, for instance by the operating system’s Cortana service or by providing spelling correction. – Just like Siri, just like Google Now. When you make a vocal request to these services, the request has to be sent back to a server for processing as your device doesn’t have the terabytes of storage and massive CPU power necessary to process the requests locally. They also maintain a database of common spelling errors and corrections so that people don’t have to constantly manually correct their mistakes. Even if Microsoft is tying this information to you specifically, it’s in the interests of improving your experience. It’s the exact same thing Apple and Google do by default that no one seems to mind.
- Windows supports a location service that allows apps and services, such as Find My Device, to request your location in the world. This can be turned off in the Privacy settings. – Again, just like any smartphone platform. When an app requests your location if your device has GPS, it will briefly turn it on, fetch the location and give it to the app. Any app you use that does things like find the location of a place or gives recommendations based on where you are, does this. If you don’t want it, you don’t have to use it but most people do because hey, it’s convenient.
- Microsoft syncs some Windows settings automatically when you sign in to a Microsoft account. This is done to provide users with a personalized experience across devices. Data that gets synced includes installed apps and their settings, web browser history and favorites, passwords and wireless network names, and addresses of shared printers. – Another thing every other platform does for convenience and that was also done since Windows 8. What’s got people upset here is Wi-Fi Sense. Essentially, this is a convenience feature that allows you to share your wi-fi network and password information with selected contacts so that for example, when a friend comes over to your place, they don’t have to ask for your password, their device just knows it and connects. You have to explicitly share your wi-fi network to do this and it only goes to contacts that you pick. This has the outrage brigade screaming that Microsoft is storing your wi-fi passwords and this could easily let people steal your wi-fi and oh yeah, they’re probably handing them over to the NSA too! As usual, it’s all BS. The passwords are being stored on their server but like any sane setup of this nature, it’s encrypted and hashed so they can’t be read or redistributed in any usable form, even if the store got hacked. As for the NSA, well, they’re already able to track pretty much whatever you do online, they don’t need your wi-fi password. Also, both Wi-Fi Sense and even having an online Windows account are not required and you can actually easily skip tying into your Microsoft account during the Windows 10 setup process.
- Telemetry data is collected by Microsoft. This includes installed software, configuration data and network and connection data. While some of it can be turned off in the Settings, not all can. This data is not personalised and it’s used in aggregate. The vast majority of modern software, operating systems and even video games collect telemetry information. It gives them a broad view of what customers are doing with their product, what features are being used, not used and the paths people are taking to get to them. It also usually tracks crashes and instability. These things are done largely to aid in fixing bugs and improving the user experience. One of the buzz terms used in technology these days is “rapid iteration”, the idea of making quick, small improvements to a product over time rather than huge, often bewildering changes once in a while. How do you think that gets accomplished? It’s not through divine intervention and it’s not because people are e-mailing feedback to the developers. It’s because of metrics and usage data, the exact same kind being collected here and which is done almost universally in the software industry now. I value my privacy but I actually turn these features on when I can because it doesn’t give away anything personal or confidential and it makes the software better for those that user it the most.
As you can see, much of the stuff people are up in arms about has already been widely used elsewhere for years and it’s all pretty harmless. Truth be told, Microsoft’s pretty late to the party with a lot of this stuff compared to companies like Apple and Google.
That said, they were definitely underhanded with how they implemented it and clearly did so hoping no one would notice. Oh Microsoft, how you underestimate people. As harmless and in many cases, helpful as I think this stuff is, it should all have been turned off by default and made opt-in, not opt-out and buried behind multiple screens in the setup process with confusing explanations. If they wanted to present all the options to people with clear explanations and let them choose to turn them on, I don’t think anyone would have cared. Enabling them all by default and forcing you to dig for them is what gave ammo to the outrage. Now, do other companies do any better? Not especially and in many cases, you can’t turn this stuff off at all. However, Microsoft should have known they’d become a target for this move–let’s face it, they’ve had some major issues with client-side security in the past–and should have taken the high ground their competitors often don’t. They didn’t and it’s not unreasonable to call them out for that.
Also, turning every installed Windows 10 device into a peer-to-peer seed for Windows Updates is scumminess of the highest caliber. They have practically unlimited bandwidth and have been serving terabytes of updates a day at least for almost two decades. That feature shouldn’t even be there, let alone enabled by default.
All of the data Windows 10 (optionally) collects is largely harmless and anonymous. Do you know what services like Gmail, Facebook, Wal-Mart or credit card companies do with your data? Whether public or private, that data is collected, stored and often sold or monetised in a very identifying manor without your knowledge and you’re not allowed to say they can’t do it. The entire business model of companies like Google, Facebook and Twitter is taking your personal data, packaging it up and selling it to companies you don’t know for purposes you don’t know and keeping the money for themselves because they’re providing you a “free” service–one that’s still full of ads of course. To see people slamming Windows 10 for “stealing your data” who also narrate their entire lives on social media and do all their private correspondence through free e-mail services is astounding to me, not so much for its hypocrisy as its cluelessness.
Let’s also not forget that for the vast majority of people who will use Windows 10 also won’t have to pay for it. They got an entire operating system upgrade that usually costs $100-$150 for free and can still opt-out of what little data collection is present. Now, we can argue how much Microsoft needed to do that in light of the Windows 8 debacle and continuing erosion of their market share but nonetheless, the benefit to customers is still there. You give them a little bit of anonymous data, you get an entire super polished operating system with nothing else nefarious about it for nada if you basically own a PC that was purchased in the last 6 years. That’s a way better deal than a lot of “free” web services offer.
The fact is that despite what the clickbait iPress is telling you, Windows 10 is not a privacy nightmare. A few minutes of research can figure this out but we all know that’s too much to ask of “journalists” these days. I think Microsoft did themselves no favours by turning all this stuff on by default and hiding it away. Personally, I think they’d be very smart to patch the Windows 10 installation to reverse that, at least for people who actually buy it off the self instead of getting it as a free upgrade. Nonetheless, this is a very tame privacy concern, in a world where collecting and selling your personal information behind your back has become the new normal. Valuing your privacy against large, profit-hungry public companies makes perfect sense. Indeed, more people should be doing that. But if you’re upset about what Windows 10 is doing and then take to Twitter, Facebook or ad-supported comment sections to voice your anger, you’ve already done your privacy greater harm and should probably be examining how you use the Internet in general.
Seriously, if you qualify to upgrade to Windows 10, go get it because it’s awesome. Just be a little bit informed beforehand and you’ll be fine.
A bit necro, but with MS pushing WinX more rabidly than ever (haha, “X” means “yes”… truly hilarious… desperate much, MS?) I figured it still merits a comment, especially because it’s actually kinda funny:
Modern smartphone? Yes, Android, with absolutely every sync option turned off (and I mean multiple dozens of them, scattered in various nooks a crannies, including any sort of location access) except Gmail. I do use that one, but mostly for purchases, neither work nor personal contact. On the other hand, I don’t do my (rare) online shopping through Google, so big whoop… much good it does them. Also, the phone is rooted and it has a firewall, an ad blocker and a permission enforcer that lies to everything I didn’t authorize. Skype thinks it copied my address book. It only ever saw a fake, empty one. I do have contacts and calendar on the phone though – they are both hosted on my own WebDAV server, showing up through specialized account provider apps on the phone. Google never saw them unless it’s lying and siphoning stuff out unauthorized – but such has never been seen yet, unlike WinX.
Facebook? Never had any. Twitter? Never had any, never will. So no likes.
Dropbox? Yes, I did. All Dropbox ever saw was random noise, encrypted by EncFS on both ends before Dropbox ever touched it. Plaintext? Never gonna happen, any cloud. Not. Ever.
Retail chains? Well, I’m pretty sure I still have an Amazon account – unless they closed it for lack of activity half a decade ago…
Credit card? Yes, i do have one. It’s the thing I use to withdraw my entire salary the next day after I get it each month. I only ever pay with cash. Internet purchases, if and when they happen are handled with another one, that only ever gets recharged with the amount I want to spend, a day or two in advance. It’s a debit card, no credit. I’m practically theft-proof in that sense. Loyalty card? I get asked whether I want one every damn single time I buy something in the pharmacy next to me. I always decline, on principle. Never had any.
So yes, some people actually _do_ care. Let’s agree that you get to call me a crazy lunatic if you wish, and I get to call MS lying, thieving, double-crossing bastards who are (lately) only interested in spying on you as much as they can while making it as hard as possible for you to resist that, even if you choose to do so deliberately. I pay nothing for Gmail. MS wants to _sell_ me a piece of software that turns my own PC against me, going as far as pushing their upgrade nagware trap as a “new” security update every time it gets disabled again and again and again. Utterly unacceptable. MS, you’re done.
Well, in your use case and with the extremes you go to to safeguard your information (well within your rights to do so, I’d never do it but no judgement), then yes, Windows 10 is not for you, not even a little bit. However, I think you would agree that in the context of modern society, you are very much an edge case.
All I’ll say is I’ve seen the information 10 “phones home” and compared to other services people gleefully use every day, it’s a drop in the bucket. Should it do it by default? No. Is it easy to turn off the worst of it if you don’t blindly click Next like an idiot? Yes. Are most people idiots? Yep. Again, people can be outraged at it if they want but when they use an iPhone to post their outrage to Facebook, the double standards I talk about in the post shine through.
All that said, the way they’re pushing upgrades is fucking insane and they should be ashamed of themselves for it. I work in managed IT and also support my own clients on the side and the number of calls I’ve had to deal with because of that is ridiculous. If someone says they don’t want the upgrade (free or not), that’s where it should end, full stop. Making it a recommended update, nagging people constantly and turning the X into a yes is all hot bullshit and they should get called out for that. I am a happy user and recommender of Windows and Windows 10 but Microsoft is far from perfect and what they’re doing with that is just ridiculous. When I first wrote this post, most of the most egregious of the updater’s behaviour had not yet manifested.
A remarkably balanced reply to a rather indignant and inflammatory comment, and I salute you for that. I’ll gladly admit that even though some people share some of my concerns (and some of my practices), I’m definitely a bit of an edge case. I guess I just got a bit “triggered” by the original post; my bad, won’t happen again, anyway – a lot of people do indeed obliviously leave a trail of data a mile wide behind them; I guess the disconnect is due to the fact that those complaining most vocally tend to be IT professionals, potentially a lot more conscious about their privacy than the general populace… 🙂
No worries man. Honestly, I’ve seen what I could call inflammatory replies before (that’s why I have comment approval) but yours was at worst, passionate. And hey, if there’s a good issue to get worked up over, it’s privacy.
I find it varies a lot in terms of who is complaining. Most of my colleagues at work happily use Windows 10. We aren’t recommending it to clients yet but not because of the supposed privacy invasions, just because it still has a lot of glitches and weirdness that won’t necessarily blend well with some of the corporate environments we work with. That’s less a Windows 10 specific problem and more a “new version of any OS” problem. Like I said, if people think Windows 10 invades their privacy, they’re well within their rights to have that opinion and not use it. What people consider private or not varies person to person, as it should. Personally, as someone who refuses to use most social networks for privacy reasons, I find most of what Windows 10 is gathering to be benign compared to most places.
I’ve been linked to utilities that supposedly show just how much personal data it phones home and the only things they show is that it phones home anonymous telemetry data like most software and web sites do, which is used in aggregate to improve product quality and stability. Of course, some people do consider that a step to far and hey, that’s fine. I personally like it because it’s not telling it anything personal about me and stuff like this helps products iterate faster. But again, all of that should have been opt-in, not opt-out.