Put down your coffee and admire the sheer amount of data Windows 10 Creators Update will slurp from your PC
Official list of phoned-home info revealed by Microsoft
Next week Microsoft will begin the slowish rollout of its big update to Windows 10, the Creators Update.
Right now, it's doing a little damage control, and preempting complaints about privacy, by listing the types of information its operating system will automatically and silently leak from PCs, slabs, and laptops back to Redmond.
When Windows 10 came out, Reg readers were alarmed by the volume of information the software was collecting and sending back to base. Ever since then, Microsoft has been fighting a PR battle to reassure people that such data slurping isn't all bad – it's "just" telemetry and diagnostics and potentially your files.
Now Redmond's had a little rethink for the Creators Update, and decided to come clean on exactly what the software will phone home – even insisting the closed-source operating system will scoop up less surveillance this time.
"Our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure," said Windows supremo Terry Myerson on Wednesday.
"We looked closely at how we use this diagnostic data and strengthened our commitment to minimize data collection at the Basic level. As a result, we have reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level."
Windows 10 Home and Pro has, right now, two levels of data collection, Basic and Full. When a computer is in Basic mode, Microsoft says Win 10 takes a note of the state of your hardware and its specifications, your internet connection quality, records of crashes and hangs by software, any compatibility problems, driver usage data, which apps you've installed and how you use them, and other bits and pieces.
In Full mode, shedloads more is sent over. It includes everything at the Basic level plus records of events generated by the operating system, and your "inking and typing data." Engineers, with permission from Microsoft’s privacy governance team, can obtain users' documents that trigger crashes in applications, so they can work out what's going wrong. The techies can also run diagnostic tools remotely on the computers, again with permission from their overseers.
In the Creators Update, aka Windows 10 version 1703, all this information will be collected in Basic mode. A lot of it is to help Microsofties pinpoint the cause of crashes and potential new malware infections, although it includes things like logs of you giving applications administrator privileges via the UAC, battery life readings, firmware version details, details of your hardware down to the color and serial number of the machine, which cell network you're using, and so on.
Then there's the information collected in Full mode, which includes everything in Basic plus your user settings and preferences, your browser choice, lists of your peripherals, the apps you use to edit and view images and videos, how long you use the mouse and keyboard, all the applications you've ever installed, URLs to videos you've watched that triggered an error, URLs to music that triggered an error, time spent reading ebooks, text typed in a Microsoft web browser's address and search bar, URLs visited, visited webpage titles, the words you've spoken to Cortana or had translated to text by the system, your ink strokes, and more.
"Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash)," said Microsoft's Brian Lich.
If you're running Windows 10 Enterprise, or one of the Windows Server 2016 editions, you have some finer grain controls over what gets sent back. Everyone else will get either Full or Basic, judging from these screenshots of the Creators Update build:
This Microsoft TechNet document, last updated this week, claims all desktop and mobile builds of Windows 10 can choose between four different snooping levels: just security-related collection; basic mode; enhanced mode; and full mode. However, the security-only level is "limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016." And Enhanced doesn't seem to be available from the new user interface.
So for Home and Pro users, it's still some slurping or full-fat slurping. Thanks, Microsoft.
Along with the slightly new user interface, Redmond has rejigged its privacy statement for the operating system. It confirms it does collect data to push out personalized adverts, but says it doesn't spy on documents, emails and voice chats to do so.
While informing users is all well and good, the Microsoft statement makes it clear that the recent probes into the operating system's data slurping by European nations have had an effect. Redmond has agreed to make some changes, says Marisa Rogers, the Windows and Devices group privacy officer.
"The Windows 10 Creators Update is a significant step forward, but by no means the end of our journey," she said.
"In future updates, we will continue to refine our approach and implement your feedback about data collection and privacy controls. We will also share more information about how we will ensure Windows 10 is compliant with the European Union's General Data Protection Regulation and how using Windows 10 and other Microsoft products will help our enterprise customers with compliance in their environments." ®
PS: Yes, we know that Microsoft engineers use this data for diagnosing software faults. Yes, we know Apple and Google and others also vacuum up similar data from devices. Yes, we know Microsoft has been getting creepy with ads. We just wish we could completely turn it all off in Windows and avoid being treated like Redmond's guinea pigs.
Sponsored: Becoming a Pragmatic Security Leader