After 18 months of users’ howls, threats from the French privacy watchdog and a slap from the Electronic Frontier Foundation (EFF), Microsoft is making a series of changes to tackle privacy concerns around Windows 10.
On Tuesday, Microsoft announced the launch of a web-based privacy dashboard that lets you pick and choose what information gets sent to the company – be it tracking data, speech recognition, diagnostics or advertising IDs that apps glue on to your system for targeted marketing.
Concerns have been raised over the operating system’s Wi-Fi password sharing feature (which was updated last year in response to those concerns), Microsoft’s plans to keep people from running counterfeit software, the inability to opt out of security updates, weekly dossiers sent to parents on their kids’ online activity, and the fact that Windows 10 shares a lot of your personal information by default – contacts, calendar details, text and touch input, location data, and more – with Microsoft’s servers.
In July, France’s privacy watchdog declared that Windows 10 was gobbling up too much data and snooping on users’ browsing without their consent.
The National Data Protection Commission (CNIL) gave Microsoft three months to get compliant with the French Data Protection Act.
To do that, Microsoft had to stop collecting what CNIL said was “excessive data” and tracking users’ browsing without their consent. CNIL Director Isabelle Falque-Pierrotin told Microsoft to “take satisfactory measures to ensure the security and confidentiality of user data”.
The EFF, for its part, said in August that Microsoft was “blatantly” disregarding user choice and privacy.
Take, for instance, Microsoft’s somewhat determined efforts to get users to upgrade:
The tactics Microsoft employed to get users of earlier versions of Windows to upgrade to Windows 10 went from annoying to downright malicious. Some highlights: Microsoft installed an app in users’ system trays advertising the free upgrade to Windows 10.
The app couldn’t be easily hidden or removed, but some enterprising users figured out a way. Then, the company kept changing the app and bundling it into various security patches, creating a cat-and-mouse game to uninstall it.
In June, Microsoft started asking users to upgrade a bit more nicely.
The EFF was also critical of Microsoft’s policies around data collection, what’s known in the trade as telemetry:
A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so.
Microsoft also won’t say how long this data is retained, instead providing only general timeframes. Worse yet, unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it.
After months of micro-splaining its policies publicly and in meetings with regulators, Microsoft earlier this week announced a series of privacy-related actions.
Terry Myerson, who runs the Windows and Devices Group:
Many of you have asked for more control over your data, a greater understanding of how data is collected, and the benefits this brings for a more personalized experience. Based on your feedback, we are launching two new experiences to help ensure you are in control of your privacy.
First, today we’re launching a new web-based privacy dashboard so you can see and control your activity data from Microsoft including location, search, browsing and Cortana Notebook data across multiple Microsoft services.
Second, we’re introducing in Windows 10 a new privacy set up experience, simplifying Diagnostic data levels and further reducing the data collected at the Basic level.
Myerson said that the changes to Windows 10 are being introduced soon in a Windows Insider build for feedback. Next, they’ll be rolled out to all with the Windows 10 Creators Update in the spring.
ZDNet’s Ed Bott reports that the Creators Update version isn’t going to creep up and jump us like previous updates. Rather, Microsoft will notify Windows 10 users when it’s available and let them schedule its installation.
Users will get the opportunity to make explicit choices about privacy settings when they schedule the upgrade.
As far as the diagnostics and data collection goes, Microsoft is simplifying the collection from three levels down to two: Basic and Full. Those who previously selected the Enhanced level will have the option to choose Basic or Full with the Creators Update.
It’s also cut back on data collected at the Basic level, which includes data necessary to keep the OS and apps secure, up to date and running properly, as well as basic error reporting back to Microsoft.
Microsoft has more info here on configuring Windows telemetry/diagnostics.
Finally, here’s a welcome thing to hear: Microsoft says that regardless of data collection choices, it will not be using the contents of our email, chat, files or pictures for targeted advertising.