Microsoft 'Addresses' Windows 10 Privacy Concerns By Simply Not Mentioning Most Of Them
from the delightfully-invasive dept
Since launch, Windows 10 has seen no limit of criticism for violating user privacy. Some of these concerns have been legitimate -- such as the fact that the OS keeps communicating with Microsoft when core new search services like Cortana have been disabled, or that users don't seem to have complete, transparent control over what the operating system is doing. But other complaints seem to have been based on false rumors that Windows 10 is embedded with a nefarious "keylogger" that tracks everything you type and say or is reporting your BitTorrent activity to Hollywood middlemen.So far, Microsoft's been dead silent on these issues for months, which hasn't done much to defuse the situation. This week, the company decided to finally comment on user concerns in a blog post and both consumer and enterprise privacy documents that address at least some user worries. Microsoft's Terry Myerson starts by promising that Windows 10 user data is encrypted in transit, the company isn't scanning your files or e-mails to blast you with ads, and any data collection Microsoft is engaged in is simply the company trying to develop a "delightful" OS experience:
"We aspire to deliver a delightful and personalized Windows experience to you, which benefits from knowing some things about you to customize your experience, such as knowing whether you are a Seattle Seahawks fan or Real Madrid fan, in order to give you updates on game scores or recommend apps you might enjoy– or remembering the common words you type in text messaging conversations to provide you convenient text completion suggestions."Microsoft also takes a few shots at Google in the entry:
"Unlike some other platforms, no matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you."The problem with Microsoft's response is largely one of omission. Sure, the OS doesn't scan your e-mail and files for ad purposes, but you'll note the company doesn't really mention the OS's ingrained search and Cortana data being used for that purpose. Microsoft also doesn't really address why users don't really have control over telemetry (crash) data as in previous Windows versions (the enterprise version of Windows 10 allows crash telemetry data reports to be disabled entirely, while the mainstream Home and Pro versions of Windows don't). Ars Technica probably puts it best:
"There's nothing new here and nothing that's likely to convince those concerned about Windows 10's privacy. Two classes of data are excluded—communications (including e-mail and Skype) and file contents—but everything else appears to be fair game for ad targeting. So while Cortana can't use your e-mail to tailor ads to your interests, it appears that she could use the appointments in your calendar to do so, for example."Microsoft also doesn't really address concerns about Windows 10 just being annoyingly chatty, sending numerous reports back to the Redmond mothership even when the operating system is configured to be as quiet and private as possible. The core problem with Windows 10 remains that opt-out settings remain muddy and in some cases ineffective, and it's not really clear how a lot of the OS-collected data is being used. Microsoft's blog post fails to really address this, though the company at least promises to start elevating the privacy conversation to the level of security-related discourse.
Granted, there's no shortage of people who will simply never trust the company no matter how much progress is made, justifiably citing decades of bad behavior as precedent. And while it's lovely that Microsoft's focused on crafting a "delightful" OS experience, the refusal to give Windows 10 users total, clear control over their OS still doesn't reflect a company that now claims to be in the vanguard of consumer privacy issues.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: privacy, windows 10
Companies: microsoft
Reader Comments
The First Word
“Do not want.
Want operating system.
The End.
Subscribe: RSS
View by: Time | Thread
First: I'm absolutely sick and tired of this "your files on all your devices" tactic these corporations are pushing onto people. Why in the hell would I want my personal income taxes pushed to my Xbox or Windows Phone?
Take a picture and automatically have it uploaded to the cloud? I'm sure the celebrities who had their personal pictures exposed to the world loved that.
Second: the options are becoming too conflated for anyone to manage. If a user turns "off" Cortana, another service will be more than happy to cover for the disabling. In fact, with Windows 10, disabling some options may require changing them in more than one damn place!
Third: Screw these corporations. It's bad enough I pay for the software and now to be told I'm going to have to deal with ads is utter nonsense. Do these shitheads not make enough money to funnel out of the United States via the Irish Double?
I once quipped Corporate America would ruin the internet in 20 years. I am not surprised they beat this estimate by 5 years.
I'm really starting to hate the internet. Unfortunately, it truly has become a utility. Don't have it? Good luck trying to function in the digital society.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Many PC games have a 'phone home and verify' requirement when you start the game or you can't play it. This has been an issue for many years. I first found out about this years ago when I had an ISP outage and tried to play a game only to have it balk because it couldn't connect to it's home.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
When the the ISP has an outage, no computer in the house can connect to the Internet.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
Searches for "[game name]" "offline" or "[game name]" "disconnected" may help you find whether other people have had problems using the game without an Internet connection. In rare cases, you might find that the publisher eventually relented and released a patch that relaxes or removes the DRM, possibly including removing the Internet connectivity requirement.
Good Old Games specifically markets itself as a DRM-free store and emphasizes that none of their games require call home for single player. However, they can only sell the limited set of titles for which the rightsholders play nice. Some rightsholders are so dead set on DRM that they are unlikely to ever approve the game being sold through GOG. When the game is sold through GOG, you would need to buy it through them to get a DRM-free copy, even if you previously had a DRM-infected copy from another source (e.g. retail CDs). The games are usually cheap ($5-$20 for titles 5+ years old), so repurchasing is not too bad unless you need to rebuild a large collection of games.
[ link to this | view in chronology ]
Re:
Windows 10 is awesome!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
When Win 7 is no longer supported I move to Linux.
[ link to this | view in chronology ]
Re:
Hopefully she can learn the system at a young enough age that she doesn't get locked into the MS BS like I have, and I can have a reason to support it and get ready for my own switch. Once support for Windows 7 disappears, MS will have lost me completely.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Linux Mint, like many Linux distros, can downloaded to a live DVD/USB drive so you test on your hardware before installing.
[ link to this | view in chronology ]
Re: Re: Re:
But when you are trying to escape Microsoft spying, why would you use any of their software?
[ link to this | view in chronology ]
Re:
If you want out of this mess, then you MUST use entirely open-source software, for starters. Operating systems, applications, everything. No smartphones. No so-called "social networks". No "free" email providers. Defend your browser with NoScript, uBlock, Privacy Badger and other tools. Make sure you use an email client that is NOT HTML-enabled. And so on. (Don't tell me this can't be done: I've done it. For years.)
Even all that isn't a panacea. But it's a good start, and it's a foundation for the rest. The Internet is still usable and occasionally even wonderful, but you have to make the effort required to distance yourself from the worst parts of it -- of which Microsoft is quite clearly one.
[ link to this | view in chronology ]
DW10S - Works pretty damned well...
Gets rid of those pesky telemetry bits, allows removal of "un-removable" windows apps, including one drive. Creates firewall rules to block telemetry where modifying the hosts file doesn't work (Windows 10 ignores hosts file entries for telemetry servers - seriously - breaking tcp/ip to allow telemetry regardless of user's attempt to restrict it).
I'm sure there are other utilities that assist with this as well, but this is the one that I felt most comfortable about using.
[ link to this | view in chronology ]
Re: DW10S - Works pretty damned well...
[ link to this | view in chronology ]
Well, if you're slightly crazy...
The only real way of determining this would be to load up _notepad_, then type in something like "WHERE CAN I DOWNLOAD HARDCORE CHILD SEX ABUSE VIDEOS?" (Obviously record yourself doing this on your smartphone/tablet, and upload it to a cloud storage service like Mega as an insurance policy.)
If the police kick down your door within the next few days, then you've got your answer.
It would be interesting to see Microsoft deny it after that point, though...
[ link to this | view in chronology ]
Re: Well, if you're slightly crazy...
oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
reports.wes.df.telemetry.micro soft.com"
Came from http://fossbytes.com/windows-10-sends-tons-of-data-every-30-minutes-to-microsoft-even-when-told-not- to/ which then cites Ars Technica. There was another blog I found that talked about other things it does. Example: if you disable Cortana, it collects all your voice data, and uploads it to a few locations, immediately, where as if Cortana is enabled, it converts your speech to text, then uploads just the text.
Seems to me that it does come with a keylogger.
[ link to this | view in chronology ]
Re: Re: Well, if you're slightly crazy...
http://investmentwatchblog.com/a-traffic-analysis-of-windows-10-2/
[ link to this | view in chronology ]
Third Party Data
[ link to this | view in chronology ]
But I want the OS to "know" anything about me.
[ link to this | view in chronology ]
Delightful OS experience?
Most of the time I get spared this silliness as I've switched to UNIX instead of even starting to bother with Windows and went to GNU/Linux when it became feasible. But next weekend I have to visit my father since his Windows 7 or 8 installation (no idea whether this has anything to do with Microsoft trying to suggest to him that Windows 10 would be just the thing) recently decided that his Linux partition was likely not delightful enough for him and has removed or inactivated the boot loader.
And I fully expect that it will take me longer to get this delightfulness in check again than it usually takes me to install 3 different GNU/Linux distributions.
I fought the "secure boot" crapola almost for a day last time.
[ link to this | view in chronology ]
Re: Delightful OS experience?
On the brightside, she has been pushing me to let her try out what I use, so it looks like we'll have someone else on Kubuntu before long.
[ link to this | view in chronology ]
Re: Re: Delightful OS experience?
At any rate, get yourself a dynamic DNS account and set up your great aunt's router to use it and to punch through port 22 (SSH). Configure SSH to only accept public key authorization. Upload your public SSH key to your login on your aunt's computer. Configure her desktop to allow remote access, preferably not just viewing access. Now whenever she has a problem, use remmina to connect to her desktop. You can look at it and also effect changes on it (if you want to use desktop hotkeys that are interpreted remotely rather than on your computer, you can switch that sort of thing on and off using Right-Control).
Total life saver.
[ link to this | view in chronology ]
Re: Delightful OS experience?
Worth a try.
[ link to this | view in chronology ]
Re: Re: Delightful OS experience?
[ link to this | view in chronology ]
Re: Delightful OS experience?
[ link to this | view in chronology ]
Windows Loader.
For computer games with online activation requirements, hacks get written by enthusiast coders.
For Microsoft Windows, the key-gen / activation bypass was written by company engineers, since the activation process was slowing down intra-office tech support.
Thanks to the anti-circumvention clause, it's illegal in the US, but standard operating procedure throughout Europe.
You may be right, though, that Microsoft didn't learn from this, but Windows Loader was the end result of Windows Genuine Advantage for XP and Win7. I'm assuming there's a Loader for the Eights.
I wouldn't be surprised if someone's working right now on a way to strip down Windows 10 of all its spyware, but make it generate data so it looks like it's operating normally.
[ link to this | view in chronology ]
Re: Re: Delightful OS experience?
That's because most people worked around it. I remember those days, and those were the days when universal OEM activation were a thing -- so people just used those instead of having to keep track of a different code for each installation.
[ link to this | view in chronology ]
Re: Re: Re: Delightful OS experience?
I dropped a word. Should be "universal OEM activation codes were a thing"
[ link to this | view in chronology ]
Do not want.
Want operating system.
The End.
[ link to this | view in chronology ]
Re:
http://imgur.com/aYcdWjy.jpg
... sigh
[ link to this | view in chronology ]
A reputation well-earned
The deep suspicion that most people feel toward Microsoft represents a distrust the Microsoft has EARNED over the years.
It seems unwise to hold our breath expecting a change in policy there.
[ link to this | view in chronology ]
Re: A reputation well-earned
Oh, Microsoft can most definitely be trusted. Also you can most definitely shoot a powder keg in the house.
You just don't want to do either if you got half a brain left. Which is doubtful if you enjoyed either of those delightful experiences too much for your own good.
[ link to this | view in chronology ]
FREE OS
[ link to this | view in chronology ]
Re: FREE OS
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So what if our last 2 OS's were utter crap because we focused more on being like the other guys, everyone likes the phone experience so why not desktops behaving that way?
Rather than build something consumers want, we built a me too operating system, and now we need to track what you are doing to the maximum degree so we can make sure you are loving it.
So what if we are going to ignore peoples concerns, legitimate or not, we have you by the balls. Besides all coverage is good coverage, and the more of you talking about us the better our product must be!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
packet capture analysis has proven WIN10 keylogger.
If you'd even bothered to read the article you posted, and given appropriate weight to all the weasel words- you'd see even that BS MS propaganda piece admits there IS a keylogger- but they say it's not a 'keylogger' cause in their opinion they don't have a 'malicious intent'. It still can send everything you type to microsoft.
[ link to this | view in chronology ]
Re: packet capture analysis has proven WIN10 keylogger.
>>opinion they don't have a 'malicious intent'.
More accurately, their keylogger is malware wrapped in an envelope of a larger malware (Windows itself).
[ link to this | view in chronology ]
Re: packet capture analysis has proven WIN10 keylogger.
[ link to this | view in chronology ]
Re: Re: packet capture analysis has proven WIN10 keylogger.
http://www.winbeta.org/news/relax-windows-10-doesnt-have-a-malicious-keylogger
They don't explicitly say it's "everything", but they say "When you input text, handwrite notes, or ink comments, we may collect samples of your input to improve these input features"
As for the claim "proven with packet capture", I'd also like to see more than e.g. this:
http://investmentwatchblog.com/a-traffic-analysis-of-windows-10-2/
[ link to this | view in chronology ]
Why just MS?
[ link to this | view in chronology ]
Re: Why just MS?
[ link to this | view in chronology ]
picked up a 'bare bones' intel nuc computer to run mint.. it has never had an operating system on it that wasn't the mint i installed.
a usb kvm hdmi switch allows me to switch back to my old win7 setup when i want, so i have all the software still available on it.. when i want to transfer something from one unit to the other, inserting a usb drive into the kvm switch allows me to put info on the usb drive, hit the switch button, and then take the info off the drive into the other machine.. it is smart to 'stop' the drive each time before hitting the switch button, however.
so, when i want internet, fuck microsoft.. when i want to use irfanview, win7 is sitting there, wagging its tail just like i want it to.. and there's nothing microsoft can do about it unless they have seals.
[ link to this | view in chronology ]
"You keep using that word. I don't think it means what you think it means."
[ link to this | view in chronology ]
Re: I already have a delightful OS experience with Linux (Linux Mint 17 MATE)
I have had no need to touch Windows, since I retired 7 years ago, and only used it because the companies I worked for required it.
The good thing is other people I socialise with are beginning to realise I don't have the computer problems they have, I'm the resident free geek, and are starting to ask for upgrades to what I'm using.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Microsoft addresses Windows privacy?
"when you input text, handwrite notes, or ink comments, we may collect samples of your input to improve these input features, (e.g., to help improve the accuracy of autocomplete and spellcheck)." ref
[ link to this | view in chronology ]
[ link to this | view in chronology ]
No OS is safe
The telemetry gets Microsoft information on configurations to help them make a better product for those thousands of iterations of hardware which includes location, ISP and other info that system builders use... that's it. That is the telemetry as I understand it from Microsoft.
The thing is, and this is a big issue for me is that most of it is Opt-In by default, as well many of the check boxes and items that a user can Opt-Out of don't really turn telemetry, those underlying services or applications completely off e.g. Cortana still shows in my task bar and the process cannot be killed. Turned off all live tiles and yet News (which I don't use their app for) still shows up in the task manager on occasion and downloads some content according to their own data usage tools, et.
I understand the Windows Insider and using telemetry for alpha and beta products. I also have read that Windows 10 isn't complete and the big patch coming in October is what Windows 10 should have looked like at launch.
That being said, the big patch better disable the items that I've Opted Out of, process, service the whole shabang needs to stop running when I've explicitly checked the boxes to turn them off.
I'm still wary of Microsoft since their XBox One launch and the disregard they showed consumers.
I don't know Microsoft's business plan. They bought ad companies, they sold ad companies... is Microsoft an application vendor or an ad vendor? I can understand Bing being an Ad platform but the operating system that most businesses rely on, that the business users more than likely use when they get home doesn't seem to make sense as an advertising platform. I just want an Operating System, that I own (lease whatever) that is mine to use unfettered by intrusive and obfuscation, I want details on every piece of data collected written by Microsoft in a way that makes them liable for that data being misused or collected without express permission by me the end user.
Yes I stated it, it would help my trust of Microsoft if they put into writing that messing up and any of my data being used outside of building a better product would wind them up in court.
[ link to this | view in chronology ]
Re: No OS is safe
> The telemetry gets Microsoft information on configurations ... that's it. That is the telemetry as I understand it from Microsoft.
Perhaps a closer reading of the Microsoft press release (well, blog post) might be instructive:
> We aspire to deliver a delightful and personalized Windows experience to you, which benefits from knowing some things about you to customize your experience, such as knowing whether you are a Seattle Seahawks fan or Real Madrid fan ...
They are not talking about hardware configurations. They're talking about knowing things about you (supposedly "to serve you better").
[ link to this | view in chronology ]
Re: Re: No OS is safe
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Learning to interpret official statements in a post-Snowden / NSA world
Should be read to mean:
...Windows 10 and other Microsoft software products do scan the content of your email and other communications, and your files in order to fulfill other purposes such as submitting intelligence to government agencies and as evidence towards any litigation Microsoft might want to file.
[ link to this | view in chronology ]
Re: Learning to interpret official statements in a post-Snowden / NSA world
"we don't scan your emails, we don't have to cause we log all the key presses made while you write them."
[ link to this | view in chronology ]
Re: Learning to interpret official statements in a post-Snowden / NSA world
I think should probably be interpreted as:
...neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you, but we do scan it and send it to everyone else who asks, we just won't be doing for the explicit purpose of delivering "targeted" advertising.
[ link to this | view in chronology ]
Re: Learning to interpret official statements in a post-Snowden / NSA world
[ link to this | view in chronology ]
I have customers..
the systems HATE IT..and thats win8.1
The system gets bogged down, because ti wants access to the net, to Download updates, and do OTHER THINGS..
I go over to fix things, and its SLOW AS SNOT, because its trying to do updates, install changes, Update drivers, and OTHER STUFF..
NOW you are telling me that Win10 is a NET BOOK interface..its WANTS the net. that this is NOT A stand alone OS, that just Works...on its own, without contacting MS..
REALLY sounds like the first steps of a RENTAL OS..
PAY for it to work properly.
Pay for your access to Everything else..
PAY for your DATA..
[ link to this | view in chronology ]
Re: I have customers..
How this ends up slowing the system is beyond stupid. And that's just WUpdate.
Ah, and never mind the joys of creating an online account to log into your local system. More fun when that fails repeatedly. And then there are upgrades and updates that fail and make a mess all over a clean install. Go figure.
[ link to this | view in chronology ]
Its existence is admitted in the "Windows 10 and your online services" document linked in this article (in the "consumer" link in the sentence "This week, the company decided to finally comment on user concerns in a blog post and both consumer and enterprise privacy documents that address at least some user worries").
That document states:
How does it get those typing "samples"? Via keylogging, of course. Then they sift through it - otherwise how could they "automatically take out things that could potentially be used to identify you".
I can't see giving MS all my passwords - to my budgeting, taxes, other online accounts, etc. If you use LastPass or another "password manager", have fun giving MS the "master password" to all your other passwords. Then think of the fun you'll have later - when they get "breached" and all that info goes into the wild.
Speaking of "pass" - I'll pass on all of it..
[ link to this | view in chronology ]
nothing left to talk about
[ link to this | view in chronology ]
How nice of MS to confirm the "But google does it too!" posts that always show up too quickly and too reliably in any of the big tech formus Win10 threads are official policy, implying many of those saying it are either paid shills or "Limbaugh's audience" grade useful idiots.
[ link to this | view in chronology ]
In defense
[ link to this | view in chronology ]
Re: "Unlike some other platforms"
Funny how carefully that statement is qualified. They don't scan for _ADVERTISING_ purposes. So how about a list of all the purposes they DO scan for?
And is that scanning individually qualified? Do you get extra scanning if say, your a judge or a congressman, a doctor or a lawyer? How about if your name is foreign? And who reviews that content? And what algorithms are used to do the scanning? And how is authorization of that scanning managed?
Meanwhile, on cabal news: "Congress debates methods for debating about debates, free condoms, and rap lyrics."
[ link to this | view in chronology ]
Or maybe it's just a flimsy excuse for spying on people...you decide.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I had an experience on a website lately where I did a bunch of searches using the site's search box. The site eventually popped up a notice saying that it has determined my special interest from my searches and will tailor the site to the tastes that it now assumes I have.
That's not only ultracreepy, but the opposite of useful. Because I searched for different kinds of hats a bunch of times in one setting doesn't mean that hats are a special interest of mine overall.
[ link to this | view in chronology ]
Enjoying The Good Life
[ link to this | view in chronology ]
Bricked computers have no privacy concerns
A few minutes after upgrading from Windows 7, my machine went into a loop displaying "WDF_VIOLATION" and restarting. I killed power. Now the machine won't boot.
Others have complained about this in Microsoft forums (http://answers.microsoft.com). It appears Windows 10 corrupts the BIOS.
[ link to this | view in chronology ]