Have you used a modern smartphone platform like iOS, Android or Windows Phone today? Did you use a free e-mail service like Gmail? Have you checked in and posted your latest life whatevers on Facebook, Twitter or some other social network or liked someone else’s post? Maybe you moved some files around with Dropbox? Did you purchase something from a reasonably sized retail chain of some kind? How about with a loyalty card? A credit card? Congratulations, you’ve given away far more personal information than you will by using Windows 10. You also didn’t have a choice in most of those cases and those companies are likely going to use it to profit off your back.
The latest tech press outrage–because there always has to be one these days–is how the newly released–and rather excellent I might add–Windows 10 is a privacy black hole that’s leaking personal information about you left and right and that Microsoft is spying on you and you shouldn’t upgrade if you care about security and blah blah blah. Much of this is coming from the same sites and authors that waved away any responsibility on Apple’s part for the nude photos leak last year (hint: the hack happened as a direct result of their lacking security). The double standards and hypocrisy at play here is plain as day but of course, it’s Microsoft and the tech press is full of Apple fanboys so that makes it OK I guess. I’m happy to call out Microsoft when they do wrong–believe me, they have many times–but this situation is just another example of clickbait outrage culture run amok.
Does Windows 10 phone home some data? Yes. Should Microsoft have been much clearer about that up front and made it opt-in? Yes. Can you easily opt-out of it if you want to? Yes and it’s even easier now. Is that data personally identifying? One part potentially is but that’s it. Most of the rest of it is designed to see how most people are using Windows to (GASP!), help make it better! Given how much people irrationally hated Windows 8, you’d think that would be welcome.
So let’s break down what information is collected and how it’s used with the help of this ghacks.net article:
- Microsoft creates a unique advertising ID for each user on a device running Windows 10. This can be turned off in the Privacy Settings. – This is the part that can be identifying. Essentially, this is a unique ID that is used to track what ads you’re looking at/clicking on and if the setting is enabled, different apps can use the ID so that you get the same ad preferences everywhere. Turning it off doesn’t stop ads from appearing in apps, it just prevents different apps from knowing what ads you’ve seen. It also only applies to Windows Store apps. I turned this off but literally every web site with ads uses the same technology and unless you constantly clear browser cookies, it’s always there and you can’t opt-out of it. You may not like it but as I’ve ranted about before, if you don’t want to pay for stuff and still want it to get made, this is the way it is.
- What you say or type may be processed by Microsoft, for instance by the operating system’s Cortana service or by providing spelling correction. – Just like Siri, just like Google Now. When you make a vocal request to these services, the request has to be sent back to a server for processing as your device doesn’t have the terabytes of storage and massive CPU power necessary to process the requests locally. They also maintain a database of common spelling errors and corrections so that people don’t have to constantly manually correct their mistakes. Even if Microsoft is tying this information to you specifically, it’s in the interests of improving your experience. It’s the exact same thing Apple and Google do by default that no one seems to mind.
- Windows supports a location service that allows apps and services, such as Find My Device, to request your location in the world. This can be turned off in the Privacy settings. – Again, just like any smartphone platform. When an app requests your location if your device has GPS, it will briefly turn it on, fetch the location and give it to the app. Any app you use that does things like find the location of a place or gives recommendations based on where you are, does this. If you don’t want it, you don’t have to use it but most people do because hey, it’s convenient.
- Microsoft syncs some Windows settings automatically when you sign in to a Microsoft account. This is done to provide users with a personalized experience across devices. Data that gets synced includes installed apps and their settings, web browser history and favorites, passwords and wireless network names, and addresses of shared printers. – Another thing every other platform does for convenience and that was also done since Windows 8. What’s got people upset here is Wi-Fi Sense. Essentially, this is a convenience feature that allows you to share your wi-fi network and password information with selected contacts so that for example, when a friend comes over to your place, they don’t have to ask for your password, their device just knows it and connects. You have to explicitly share your wi-fi network to do this and it only goes to contacts that you pick. This has the outrage brigade screaming that Microsoft is storing your wi-fi passwords and this could easily let people steal your wi-fi and oh yeah, they’re probably handing them over to the NSA too! As usual, it’s all BS. The passwords are being stored on their server but like any sane setup of this nature, it’s encrypted and hashed so they can’t be read or redistributed in any usable form, even if the store got hacked. As for the NSA, well, they’re already able to track pretty much whatever you do online, they don’t need your wi-fi password. Also, both Wi-Fi Sense and even having an online Windows account are not required and you can actually easily skip tying into your Microsoft account during the Windows 10 setup process.
- Telemetry data is collected by Microsoft. This includes installed software, configuration data and network and connection data. While some of it can be turned off in the Settings, not all can. This data is not personalised and it’s used in aggregate. The vast majority of modern software, operating systems and even video games collect telemetry information. It gives them a broad view of what customers are doing with their product, what features are being used, not used and the paths people are taking to get to them. It also usually tracks crashes and instability. These things are done largely to aid in fixing bugs and improving the user experience. One of the buzz terms used in technology these days is “rapid iteration”, the idea of making quick, small improvements to a product over time rather than huge, often bewildering changes once in a while. How do you think that gets accomplished? It’s not through divine intervention and it’s not because people are e-mailing feedback to the developers. It’s because of metrics and usage data, the exact same kind being collected here and which is done almost universally in the software industry now. I value my privacy but I actually turn these features on when I can because it doesn’t give away anything personal or confidential and it makes the software better for those that user it the most.
As you can see, much of the stuff people are up in arms about has already been widely used elsewhere for years and it’s all pretty harmless. Truth be told, Microsoft’s pretty late to the party with a lot of this stuff compared to companies like Apple and Google.
That said, they were definitely underhanded with how they implemented it and clearly did so hoping no one would notice. Oh Microsoft, how you underestimate people. As harmless and in many cases, helpful as I think this stuff is, it should all have been turned off by default and made opt-in, not opt-out and buried behind multiple screens in the setup process with confusing explanations. If they wanted to present all the options to people with clear explanations and let them choose to turn them on, I don’t think anyone would have cared. Enabling them all by default and forcing you to dig for them is what gave ammo to the outrage. Now, do other companies do any better? Not especially and in many cases, you can’t turn this stuff off at all. However, Microsoft should have known they’d become a target for this move–let’s face it, they’ve had some major issues with client-side security in the past–and should have taken the high ground their competitors often don’t. They didn’t and it’s not unreasonable to call them out for that.
Also, turning every installed Windows 10 device into a peer-to-peer seed for Windows Updates is scumminess of the highest caliber. They have practically unlimited bandwidth and have been serving terabytes of updates a day at least for almost two decades. That feature shouldn’t even be there, let alone enabled by default.
All of the data Windows 10 (optionally) collects is largely harmless and anonymous. Do you know what services like Gmail, Facebook, Wal-Mart or credit card companies do with your data? Whether public or private, that data is collected, stored and often sold or monetised in a very identifying manor without your knowledge and you’re not allowed to say they can’t do it. The entire business model of companies like Google, Facebook and Twitter is taking your personal data, packaging it up and selling it to companies you don’t know for purposes you don’t know and keeping the money for themselves because they’re providing you a “free” service–one that’s still full of ads of course. To see people slamming Windows 10 for “stealing your data” who also narrate their entire lives on social media and do all their private correspondence through free e-mail services is astounding to me, not so much for its hypocrisy as its cluelessness.
Let’s also not forget that for the vast majority of people who will use Windows 10 also won’t have to pay for it. They got an entire operating system upgrade that usually costs $100-$150 for free and can still opt-out of what little data collection is present. Now, we can argue how much Microsoft needed to do that in light of the Windows 8 debacle and continuing erosion of their market share but nonetheless, the benefit to customers is still there. You give them a little bit of anonymous data, you get an entire super polished operating system with nothing else nefarious about it for nada if you basically own a PC that was purchased in the last 6 years. That’s a way better deal than a lot of “free” web services offer.
The fact is that despite what the clickbait iPress is telling you, Windows 10 is not a privacy nightmare. A few minutes of research can figure this out but we all know that’s too much to ask of “journalists” these days. I think Microsoft did themselves no favours by turning all this stuff on by default and hiding it away. Personally, I think they’d be very smart to patch the Windows 10 installation to reverse that, at least for people who actually buy it off the self instead of getting it as a free upgrade. Nonetheless, this is a very tame privacy concern, in a world where collecting and selling your personal information behind your back has become the new normal. Valuing your privacy against large, profit-hungry public companies makes perfect sense. Indeed, more people should be doing that. But if you’re upset about what Windows 10 is doing and then take to Twitter, Facebook or ad-supported comment sections to voice your anger, you’ve already done your privacy greater harm and should probably be examining how you use the Internet in general.
Seriously, if you qualify to upgrade to Windows 10, go get it because it’s awesome. Just be a little bit informed beforehand and you’ll be fine.