Reminder: How to get a grip on your files, data that Windows 10 phones home to Microsoft
Redmond updates official guide
If you don't know how to control the information Windows 10 sends back about you to Microsoft, the Redmond giant has updated its guide on how to do so.
Snappily titled "Configure telemetry and other settings in your organization", the page was tweaked on Tuesday, and some corners of the web are rather excited by this development. The guide was first published around the middle of last year. You may not have seen this page before, but if you have: you can safely go back to your coffee.
The document applies to Windows 10 build 1511, which was released in November. It goes over what Microsoft says Windows 10 collects about you and sends back to Redmond's servers via encrypted HTTPS transfers. This telemetry allows the software giant to analyze the types of computers running Windows 10, exactly how programs are used by people, and why apps and services crash.
Some will call that spying, others will call it harmless diagnostic data. However you want to label it, it's possible Windows will send back your files, or fragments of files, from your system to Microsoft engineers investigating programming bugs in their code. That may be a surprise to you, it may not.
The aforementioned configuration guide is quite long and detailed, so here's our summary of things you ought to know:
- There are four telemetry settings: "Security", "Basic", "Enhanced", and "Full".
- Here's how Microsoft sums up the four modes:
- Security: "Information that’s required to help keep Windows secure, including info about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender."
- Basic: "Basic device info, including: quality-related info, app compat, and info from the Security level."
- Enhanced: "Additional insights, including: how Windows and Windows apps are used, how they perform, advanced reliability info, and info from both the Basic and the Security levels."
- Full: "All info necessary to identify and help to fix problems, plus info from the Security, Basic, and Enhanced levels."
- Windows 10 Enterprise, Windows 10 Education, and IoT Core defaults to Enhanced. Windows 10 Home and Pro default to Full.
- Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and IoT Core editions can select Security – no other edition can.
- Security provides the most privacy and can block the transmission of all and any telemetry, if required. "No user content, such as user files or communications, is gathered at the Security telemetry level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID," says Redmond.
- Basic hands over details of the software and hardware you have installed. Enhanced hands over details of events happening within your system.
- Full is where things get a little dicey, depending on how much you prize your privacy. If your system reports back strange crashes that Microsoft techies can't get their heads around, they can request extra data from your machine, which Windows 10 will hand over under remote control if management approves. This extra information can include some of your files so the engineers can recreate the exact crash in their labs using your data and apps. Microsofties can also run diagnostic tools on your system to gather more evidence. Here's Microsoft's explanation of the process:
Before more info is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
- Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
- Ability to get registry keys.
- Ability to gather user content, such as documents, if they might have been the trigger for the issue.
In short: if you value your privacy, you'll want to select Basic. If you're super-paranoid, you can select Security, and if you can't do that due to your Windows 10 edition, well, Basic will have to do. If you don't want your documents flung back to Redmond, don't use the Full setting.
Microsoft urges you to not opt out of this telemetry collection because it has been used to debug nasty errors and catch early malware infections – attempts to exploit vulnerabilities trigger weird new crashes that engineers haven't seen before.
That's just Redmond's opinion: on Windows 10, go to your PC's Settings application, find the Feedback & Diagnostics pane, and change your telemetry level to what you want, not what Microsoft wants.
Don't forget, much of this information is collated into anonymized business reports that are shared within the company. Microsoft is not exactly spying on you individually, but it's taking a keen interest in what its users are up to.
How often does Windows 10 phone home data? "Real-time events, such as gaming achievements, are always sent immediately," explains Redmond. "Normal events are not uploaded on metered networks. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks."
The company adds: "Sensitive info is stored in a separate data store that’s locked down to a small subset of Microsoft employees in the Windows Devices Group. The privacy governance team permits access only to people with a valid business justification.
"Microsoft believes in and practices information minimization, so we only gather the info we need, and we only store it for as long as it’s needed to provide a service or for analysis. Much of the info about how Windows and apps are functioning is deleted within 30 days."
Check out the above linked page for individual settings and controls over your operating system – particularly if you're an IT admin worried about this kind of stuff.
If you're annoyed by this collection of data – which isn't terribly well sign-posted by Microsoft – and want to get your own back, set up a virtual machine running Windows 10, enable full telemetry, and then fuzz Redmond's operating system with the most horrendous or ridiculous image files you can find. Can you imagine how much porn or cat GIFs their engineers already end up receiving in crash data? ®
Sponsored: Becoming a Pragmatic Security Leader