After 18 months of users’ howls, threats from the French privacy watchdog and a slap from the Electronic Frontier Foundation (EFF), Microsoft is making a series of changes to tackle privacy concerns around Windows 10.
On Tuesday, Microsoft announced the launch of a web-based privacy dashboard that lets you pick and choose what information gets sent to the company – be it tracking data, speech recognition, diagnostics or advertising IDs that apps glue on to your system for targeted marketing.
Concerns have been raised over the operating system’s Wi-Fi password sharing feature (which was updated last year in response to those concerns), Microsoft’s plans to keep people from running counterfeit software, the inability to opt out of security updates, weekly dossiers sent to parents on their kids’ online activity, and the fact that Windows 10 shares a lot of your personal information by default – contacts, calendar details, text and touch input, location data, and more – with Microsoft’s servers.
In July, France’s privacy watchdog declared that Windows 10 was gobbling up too much data and snooping on users’ browsing without their consent.
The National Data Protection Commission (CNIL) gave Microsoft three months to get compliant with the French Data Protection Act.
To do that, Microsoft had to stop collecting what CNIL said was “excessive data” and tracking users’ browsing without their consent. CNIL Director Isabelle Falque-Pierrotin told Microsoft to “take satisfactory measures to ensure the security and confidentiality of user data”.
The EFF, for its part, said in August that Microsoft was “blatantly” disregarding user choice and privacy.
Take, for instance, Microsoft’s somewhat determined efforts to get users to upgrade:
The tactics Microsoft employed to get users of earlier versions of Windows to upgrade to Windows 10 went from annoying to downright malicious. Some highlights: Microsoft installed an app in users’ system trays advertising the free upgrade to Windows 10.
The app couldn’t be easily hidden or removed, but some enterprising users figured out a way. Then, the company kept changing the app and bundling it into various security patches, creating a cat-and-mouse game to uninstall it.
In June, Microsoft started asking users to upgrade a bit more nicely.
The EFF was also critical of Microsoft’s policies around data collection, what’s known in the trade as telemetry:
A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so.
Microsoft also won’t say how long this data is retained, instead providing only general timeframes. Worse yet, unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it.
After months of micro-splaining its policies publicly and in meetings with regulators, Microsoft earlier this week announced a series of privacy-related actions.
Terry Myerson, who runs the Windows and Devices Group:
Many of you have asked for more control over your data, a greater understanding of how data is collected, and the benefits this brings for a more personalized experience. Based on your feedback, we are launching two new experiences to help ensure you are in control of your privacy.
First, today we’re launching a new web-based privacy dashboard so you can see and control your activity data from Microsoft including location, search, browsing and Cortana Notebook data across multiple Microsoft services.
Second, we’re introducing in Windows 10 a new privacy set up experience, simplifying Diagnostic data levels and further reducing the data collected at the Basic level.
Myerson said that the changes to Windows 10 are being introduced soon in a Windows Insider build for feedback. Next, they’ll be rolled out to all with the Windows 10 Creators Update in the spring.
ZDNet’s Ed Bott reports that the Creators Update version isn’t going to creep up and jump us like previous updates. Rather, Microsoft will notify Windows 10 users when it’s available and let them schedule its installation.
Users will get the opportunity to make explicit choices about privacy settings when they schedule the upgrade.
As far as the diagnostics and data collection goes, Microsoft is simplifying the collection from three levels down to two: Basic and Full. Those who previously selected the Enhanced level will have the option to choose Basic or Full with the Creators Update.
It’s also cut back on data collected at the Basic level, which includes data necessary to keep the OS and apps secure, up to date and running properly, as well as basic error reporting back to Microsoft.
Microsoft has more info here on configuring Windows telemetry/diagnostics.
Finally, here’s a welcome thing to hear: Microsoft says that regardless of data collection choices, it will not be using the contents of our email, chat, files or pictures for targeted advertising.
Jim
Microsoft has really gone haywire. I used to trust them above all other companies; their stuff worked, and didn’t invade my space. And, it was the most secure consumer-level OS on the planet.
But, Windows 10 turned that all around. If it weren’t for the fact that I require MS Office, I would jump to some (ANY) other platform than Windows 10. But, their monopoly position in Windows and Office means that it’s simply not practical to leave them.
What a change a CEO and a couple of years can make.
Matt Parkes
Office is available on the Mac why not migrate?
Philip McCleary
Hello Jim
Have you considered Open Office or LibreOffice on a Linux platform? There always better options than Windows. I understand if your tied to a corporate environment but for home use any version of Linux will provide better security and better options. Also while I think Apple products are over priced devices owned by people that wear tinfoil hats they are a better option than Microsoft.
Before the Apple crowd jumps on me and beats me with some tinfoil hats I do own an iPad but this was not written on it.
Good luck
Phil
PIngu
unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it.
Linux?
IT Guy
The bigger problem here is transparency. Microsoft making vehement claims that they are not collecting any personal data without expounding upon what they are actually gathering.
I cannot, for one minute, begin to believe that with the communication vectors they are tapping that a significant amount of personal data is not being transmitted, stored and probably offered for sale in one form or another.
Spryte
I have Win10 with multiple profiles for family use. Every time I (or anyone) goes to log in there MSoft’s pretty picture of the day and guess what else, ads.
Perhaps they didn’t make enough money last year.
Aslso for those that are interested in getting rid of the bloatware that comes with it there are several PowerShell scripts to remove them (just use your favourite search engine and the terms Powershell AND Windows 10 built in apps).
Some of this software is needed but idf you don’t want Weather, or XBox you can safely delete them ***after creating a restore point***!
Paul Ducklin
I’ve never seen ads on Windows 10, including st the login screen, and I’ve installed and reinstalled it any number of times in the test rig I use for malware screenshots for my articles.
However, when I do my installs I pick “custom” and not “express settings” at the relevant setup configuration prompt, and then turn all the options off using the toggles. I assume this helps reduce the tat that I see compared to what some other people are seeing.
To be honest, I don’t think it’s especially hard to find Microsoft’s privacy/security settings pages as it is, but I admit that I know where to look now because I’ve deliberately gone looking for them in the past.
So I welcome anything that makes it clearer and easier to do this, and if it took consumer pressure to get Microsoft to do this…
…I guess that’s a good sign, because it means that Redmond isn’t quite the soulless and unyielding beast that some might think :-)
IT Guy
Paul
If other governments acknowledged end user privacy as much as the French, more would be accomplished and probably much quicker.
qqq
My work computer does have “Do you like this?” and some small text ad, but at home login screen is just static picture (it doesn’t even change like at work).