Spy. Image courtesy of Shutterstock.

Since it was released, Windows 10 has incited a privacy furor.

Hundreds of commenters on sites such as Hacker News and Reddit have criticised default settings that send personal information to Microsoft and use bandwidth to upload data to other Windows 10 computers.

Concerns have risen over the Wi-Fi password sharing feature, Microsoft’s plans to keep people from running counterfeit software, the inability to opt out of security updates, weekly dossiers sent to parents on their kids’ online activity, and the fact that Windows 10 by default shares a lot of your personal information – contacts, calendar details, text and touch input, location data, and more – with Microsoft’s servers.

Since the release, Ars Technica has revealed that even when all data collection settings were turned off, Windows 10 still sent identifiable data to Microsoft.

On Monday, Microsoft attempted to clear the air when it comes to the privacy implications of data collection in the new operating system.

Terry Myerson, leader of the Windows and Devices Group, put up a blog post that, for the most part, reiterates the company’s privacy policy.

For one thing, Windows 10 is not scanning emails for the purpose of targeting advertising, Myerson said:

No matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you.

Windows 10 collects two types of data, Myerson said.

The first is designed to help Microsoft and third-parties identify bugs or problems in software, including anonymous device ID, device type, and application crash data.

What Microsoft doesn’t collect for diagnostics and application improvement: any content or files, nor any information that could identify a user, such as name, email address or account ID.

Myerson gave an example of what Microsoft does with such collected data: In August, aggregate data showed that a particular version of a graphics driver was crashing and then causing reboot on some Windows 10 systems.

Using the safety and reliability data, Microsoft worked with the partner who builds the driver, turning around a fix for the public within 48 hours.

For the sake of personalisation, Windows 10 also collects information on user habits – the better to provide users with information such as updates on game scores or to recommend apps they might enjoy.

Microsoft’s digital assistant Cortana collects the most, but it and other settings that remember preferences can be disabled, Myerson noted.

The post describes a third class of data – advertising data that “we don’t collect”, Microsoft stressed.

In Ars Technica’s ongoing efforts to analyse just what, exactly, Windows 10 is really up to with our data, vs. the somewhat loose descriptions Microsoft’s put out in messages such as Myerson’s, the publication dissected Monday’s post and found a few interesting things to note:

  • Regarding telemetry data: Unlike previous versions of the OS, most Windows users – those running Home and Pro versions – can’t opt out from sending data such as crash logs in Windows 10. Myerson writes that enterprise users will have the option to disable the telemetry later this year, though the company strongly recommends against it. When Ars asked what that means, it said simply that Enterprise users will still have opt-out ability, though it’s not actually part of the upcoming feature update.
  • Are we really in control of personalisation data? As mentioned above, Ars’s testing has shown even with the most restricted privacy settings, Windows 10 can’t seem to stop babbling to Microsoft’s servers. With regards to Monday’s post, nothing seems to have changed about that.
  • What about targeted advertising based on other content? Microsoft says file contents or communications within email or Skype aren’t being used to target advertising, but it makes no mention of data derived from Cortana, store purchases or Bing searches. As Ars’s Peter Bright points out, this could mean that “while Cortana can’t use your email to tailor ads to your interests, it appears that she could use the appointments in your calendar to do so, for example.”

Image of spy courtesy of Shutterstock.

Article source: Naked Security – Sophos

Comments

comments