New Windows 10 privacy controls: Just a little snooping – or the max
Microsoft offers two settings – on and almost off – and a dashboard of collected data
Posted in Security, 11th January 2017 08:02 GMT
Microsoft has built an online dashboard of privacy controls in an attempt to soothe lingering anger over Windows 10 and its ability to phone home people's private information.
The new web portal lists some of the personal data that is collected from PCs and devices and sent back to Redmond, and allows people to somewhat limit the snooping. Meanwhile, Microsoft will also tweak Windows 10's built-in privacy controls, giving Home and Pro users a choice between some system surveillance or full-blown system surveillance.
It's the software giant's way of dampening last year's outcry over its silent slurping of telemetry data from people's machines. The changes are also a result of Switzerland's data protection watchdog threatening to prosecute Microsoft for allegedly breaking Swiss privacy law with its Windows telemetry. Redmond promised to modify its software worldwide to avoid any trouble, and that has satisfied the Swiss: the privacy regulator this week dropped its investigation.
"We are continuing this commitment to make it as easy as possible for you to make informed choices about your privacy with Windows 10," Terry Myerson, executive veep of Microsoft's Windows and Devices group, blogged on Tuesday. "With that in mind, in the Creators Update, we are making some changes by simplifying the privacy settings themselves and improving the way we present the privacy settings to you."
The dashboard, now live, reveals how Microsoft logs people's whereabouts as well as their search requests, Cortana chats, and browser histories pulled from their Windows 10 computers and gadgets. This data can be deleted on request via the portal. According to Microsoft:
When you are signed in with your Microsoft account, you can go to account.microsoft.com/privacy to review and clear data such as browsing history, search history, location activity, and Cortana’s Notebook – all in one place. This is our first step in expanding the tools that give you visibility and control over your data spanning Microsoft products and services, and we will continue to add more functionality and categories of data over time.
For those running the Windows 10 Insider builds, Microsoft will soon roll out, in an upcoming update, simplified categories for the telemetry settings: basically it's on or almost off, depending on your edition of Windows 10. This change is due to be pushed out to the general public in the Windows 10 Creators Update slated for the spring.
For Windows 10 Home and Pro editions, gone is the "enhanced" setting level, leaving users to select from the "basic" or "full" telemetry plans. Microsoft says it will reduce the amount of data it collects under the "basic" plan, allowing peeps with Home and Pro editions to somewhat limit the transfer of information back to Redmond.
"Basic" is the lowest those two editions can go. Right now, it includes the state of your hardware and its specifications, your internet connection quality, records of crashes and hangs by software, any compatibility problems, driver usage data, which apps you've installed and how you use them, and other bits and pieces. According to Redmond, the new "basic" level of snooping will cover:
Data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft.
"Full", on the other hand, sends over the "basic" level of slurping plus the old "enhanced" level and then even more information about your system. The "enhanced" level includes records of events generated by the operating system, bundled applications and devices, and some crash dumps.
This "full" mode will also give Microsoft your "inking and typing data." Engineers, with permission from Microsoft’s privacy governance team, can obtain users' documents that trigger crashes in applications, so they can work out what's going wrong, from people's machines running in "full" mode. The techies can also run diagnostic tools remotely on the computers, again with permission from their overseers.
Essentially, if you're on Windows 10 Home or Pro and you install these changes, you still won't be able to turn off telemetry completely, and your only other option will be to hand it all over in full. It's either the new "basic" collection or "full" telemetry. Microsoft is, right now, vague about exactly what is disclosed by its operating system at the new "basic" level.
If you have Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core, or Windows Server 2016, you can fine tune the telemetry. Disabling it completely is, if possible on your edition, fiddly and not recommended by Microsoft.
In this day and age of government surveillance, it is easy to be paranoid. If you want to give Microsoft the benefit of the doubt, the corporation is unlikely to be snooping on individuals – the data it collects from systems is anonymized and collated into reports for engineers to use to find and fix bugs and diagnose performance bottlenecks. Microsoft insists it needs all this data to tune and improve its software.
On the other hand, Microsoft – like other American tech companies – can be compelled to hand over this sort of customer information to the Feds, who are about to be under the control of a remorseless bully who loves to hold a grudge. And given the vast resources of the Windows giant, you may feel a little aggrieved at being treated as a test subject in the wild. Shipping code to see how it fares in the field, knowing telemetry will help programmers home in on their blunders, feels like a cut corner.
Ultimately, while Redmond hides behind words like "data that is vital to the operation of Windows," it isn't surprising that people are paranoid. Trust must be earned, not dispensed from a mealymouthed blog post. ®