[Thoughts] Microsoft, Windows 10 and Private Data

UPDATE: Not content to hoover up your personal data, inundate you with ads on your desktop and provide backdoors for the NSA, Microsoft now provides Windows DVD Player, previously freely included with WIndows, for $15 for purchase. Bravo.

Stallman was right. I won’t delve too deeply here since I ditched Windows years ago, bar for occasional testing, but this is definitely worth a quick mention. After installing Windows 10 in a VM, it’s safe to say that I haven’t seen this amount of privacy-violating opt-ins since the peak of Facebook a few years ago. To disable most of them requires flipping dozens of switches in deeply buried menus, editing the registry and further group policy edits, some of which can only be done in the Enterprise edition. Windows has been taking bites out of user privacy for years, but now they’re going for the whole cake in one shot.

Microsoft knows that nobody but the most ardent will go through 13 Settings screens to keep their data from being fed to Microsoft. It’s all enabled by default, naturally and even then, you have no assurance that Windows is still not collecting information. This is after the ill-informed Scroogled campaign Microsoft waged for two years against Google, citing the latter’s mining of your personal information. Microsoft then went on to fiercely contend for Europe’s ‘Right To Be Forgotten‘ laws. It appears that they’ve realised now that user data does pay and want in on the action. However, unlike a web page or web service which you can shut off, the OS you’re using knows far, far more.

Make no mistake, this is the NSA and GCHQ’s dream come true in every way, and people are willingly using it. Ignorance is bliss.


Windows 10 will vacuum up plenty of your personal information – browsing and location data, unique IDs, keystrokes, voice data, wireless network passwords, social network logins, hashes of your file contents, storage encryption keys, the list goes on and on. Users agree to be milked and sold to third-parties, by accepting the 40+ page horribly invasive EULA. For ‘convenience’ of course. Some are willing to make this trade-off, but increasingly, many people are becoming wary, especially since Microsoft was one of the first and most willing companies to sign onto the NSA’s surveillance programs (including PRISM). It’s a near certainty that there are a non-zero number of hidden backdoors built into Windows 10 which allow governmental access to data, that cannot be disabled in any way. There is no way to check in this closed-source piece of software. Want to encrypt your drive? Your private keys are stored on OneDrive, and by extension, the NSA’s servers, how convenient.

Privacy wise, this type of widespread data gathering is considered the norm if you self-inflict a noxious browser toolbar or some malware from a shady site, but definitely not from an officially released OS that being rolled out to hundreds of millions of users. The reasoning is simple – Microsoft has realised that there’s no long-term future in pay-once software – ongoing subscriptions (ala Adobe Cloud) and data-gathering (or specifically, targeted advertising ala Google) is where the money is. To add insult to injury, by default again, your internet bandwidth is used to seed Windows updates to random peers – so if your internet quota gets blown up suddenly, check this.

Then, the worst injustice of all, they’ve bastardized the holy grail – Solitaire now has ads. Full screen video ones. Microsoft, please.

The number of improvements in Windows 10 can be named on one hand – Reversion of some unpopular Windows 8 changes, DirectX 12, Cortana (questionably), Xbox streaming, more cross-platform unification and some marginal security and performance improvements. In exchange for your soul, no less. Microsoft knows that the vast majority of people might grumble, but their memories are short. Don’t accept this raw deal, you DO have a choice.

It’s important to note that even if one goes through the entire process of carefully disabling all available invasive options, you still can’t be sure that there’s nothing nefarious going on under the hood. You would have to have implicit trust in Microsoft, the company who found it perfectly reasonable to sell you out in the first place. Being that the Home and Pro versions are unable to disable automatic updates, who can say what future changes they might make? This story does not end well. Maybe not in the immediate future, but eventually. The thing with privacy and security is, you usually never find out till it’s too late, if ever.

The solution is simple but will take time – if you’re already on Windows, stick to Windows 7 [official support ends in 2020]. It’s still a questionable choice, but the lesser of many evils for now. Then, prepare to move across to a variant of Linux (Ubuntu or Mint are very user-friendly) as soon as possible. The amount of time and headaches you will save in the long-term is worth the initial time-investment, many times over. Remember that once your data is exfiltrated from your system, it’s non-reversible forever. It’s worth mentioning, OS X has its own set of issues, including the antiquated HFS+ filesystem, a closed-source fiercely walled approach and Apple storing your keys on their servers.

It’s also worth mentioning that Android/iOS also generate unique advertising ID’s like Windows 10. For a barrel of laughs on how leaky Android is, read my Android M permissions article here. For some information on how to protect your privacy, see my guides here.

Windows 10 privacy is seeing some widespread media coverage, including:

Slate: “By default, Windows 10 gives itself the right to pass loads of your data to Microsoft’s servers, use your bandwidth for Microsoft’s own purposes, and profile your Windows usage. Despite the accolades Microsoft has earned for finally doing its job, Windows 10 is currently a privacy morass in dire need of reform.”

BetaNews: “With Windows 10, Microsoft has failed to be completely transparent with users about just what is going on in the background.

InfoWorld: “Windows 10 collects much, much more personal data than any of its predecessors. The data’s generally sent to Bing and from there it’s attached, presumably, to either your Microsoft account or some sort of identifier based on your IP address. There’s also your personal Advertising ID. You knew about your personal Advertising ID, yes? “

The Guardian: “Elsewhere, Windows 10 also harvests user information in order to teach the built-in personal digital assistant Cortana, Microsoft’s answer to Siri. To enable Cortana, the company says, it “collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device”.”

TheNextWeb: “And, like so many other companies, Microsoft has grabbed some very broad powers to collect things you do, say and create while using its software. Your data won’t be staying on your computer, that much is for sure.”

Ars: “Windows 10, by default, has permission to report a huge amount of data back to Microsoft. By clicking through “Express Settings” during installation, you allow Windows 10 to gather up your contacts, calendar details, text and touch input, location data, and a whole lot more. The OS then sends it all back to Microsoft so that it can be used for personalisation and targeted ads.”

HowToGeek: “Windows 10 phones home more than any other version of Windows before it. Along with Windows 10, Microsoft released a new privacy policy and services agreement containing 45 pages of legalese. If Google wrote these, Microsoft might say you were being “Scroogled.””

TechRepublic: “The model itself got some backlash, especially from organizations that don’t want to upgrade their system that frequently. More recently, though, some criticism has arisen over privacy concerns brought on by the new OS.”

AcclaimedNews: “It granted NSA and FBI access to SkyDrive, and after purchasing Skype the company actually tripled the amount of video calls the NSA were recording via the service.”

Alphr: “This is an issue, because buried deep in the small print are a number of disconcerting points that stand to give Microsoft greater control of your data come 1 August, when the new policies take effect.”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s