Category Archives: Privacy

Windows 10 telemetry details revealed by Microsoft

Microsoft has finally provided some details regarding Windows 10’s telemetry: the data Windows 10 collects and sends back to the Redmond mothership.

A recent post on the Windows blog (Windows 10 privacy journey continues: more transparency and controls for you) highlights three changes related to Windows 10 privacy:

  1. With the April 11 Creators Update, Windows 10 itself will provide more useful and detailed information about privacy settings, both during initial setup and in the Settings app.
  2. The privacy statement for Windows 10 has been updated.
  3. Most importantly, you can now see exactly what data is being collected from your computer and sent to Microsoft.

Telemetry data revealed

The information Windows 10 collects at the Basic privacy/telemetry/diagnostic level is listed in great detail on a new page on the Technet site: Windows 10, version 1703 basic level Windows diagnostic events and fields. The information is moderately technical, and may not be of much use to regular users, but it’s worth skimming if you have any concerns about Windows 10 telemetry.

There’s a similar new Technet page that describes, in somewhat more general terms, the data collected at the Full privacy/telemetry/diagnostic level: Windows 10, version 1703 Diagnostic Data.

Now someone just needs to review all that information, looking for red flags. Any volunteers?

Ars Technica: Microsoft opens up on Windows telemetry, tells us most of what data it collects

The Verge: Microsoft finally reveals what data Windows 10 really collects

Windows 10 Creators Update

The next big update for Windows 10 was released on April 11, Patch Tuesday. Opinions differ as to the significance of the update: while Microsoft touts it as something amazing, others see it as something less than a major update.

Still, the new version contains incremental improvements, and a few changes that are likely to be useful. Interesting, but not particularly useful changes include Paint 3D, mixed reality support, and 4K gaming support. Visuals, Ink, Surface Dial, Bluetooth, notifications, background execution, Cortana, Skype, Windows Defender, Windows Store and app download all get modest improvements.

Enhancements to Desktop Bridge, which allows traditional desktop apps to be migrated to the new Windows UI, will make a lot of lives easier. The Windows Subsystem for Linux is also expanded with new functionality. The Edge browser gets some new features that are likely to be helpful for people who actually use Edge. A new Game Mode may make Windows 10 gaming slightly more palatable. Beam game streaming is now built into Windows 10. A new feature called Night Light allows Windows 10 to reduce blue light from a display at specific times.

Windows 10’s privacy settings are overhauled in the new version, including a new privacy dashboard, although the overall result seems to be less control rather than more. The window of time during which Windows 10 can update itself has been widened slightly, but there’s still no way to avoid Microsoft’s remote fiddling unless you’re using an Enterprise version.

All in all, there’s nothing particularly objectionable about this update, and there are enough improvements to make it worthwhile. Which is good, because you’ll get it whether you want it or not. Whenever Microsoft wants you to get it.

More information from Microsoft

Windows 10 privacy improvements, sort of

The good news is that Microsoft is improving the state of privacy in Windows 10, albeit slowly, and grudgingly. The bad news is that the improvements are unlikely to satisfy anyone genuinely concerned about what Windows 10 is really doing.

New: Privacy Dashboard

A few days ago, Terry Myerson, Microsoft’s Executive Vice President of the Windows and Devices Group, announced a new web-based Privacy Dashboard, accessible via your Microsoft account. If you don’t have a Microsoft account, you’re out of luck. I’m still using my Microsoft account to log into my test system, because otherwise I’d have to buy a Windows 10 license. You probably already have a Microsoft account even if you don’t use Windows 10, as they are used for XBox Live, Skype, and other Microsoft services as well.

Poking around in the Privacy Dashboard, the Browsing History section is empty for me, presumably because I don’t use Cortana or Edge. The Search History section is also empty for me, because I don’t use Bing search. But if you use Cortana, Edge and Bing, you’d be able to see all that history here, and be able to remove it as well.

The Location section shows where you’ve been when you logged in on Windows 8.1 and 10 computers. Again, you can clear any or all of this. The section for Cortana’s database shows everything Cortana knows about you, based on your interactions. This is where things get interesting for me, because I only used Cortana for a couple of days when I first installed Windows 10. Cortana knows how often I eat at restaurants, and how far I go to get there. It knows my main mode of transportation. It knows what kind of news interests me. It’s not much, but it’s enough to be kind of creepy.

The Privacy Dashboard is a step in the right direction, and it’s very useful for anyone interested in seeing exactly what information Microsoft has collected. It also allows you to clear much of that information. But what if you want to prevent Microsoft from gathering this information in the first place?

Privacy improvements in Windows 10

Also revealed in Myerson’s post are upcoming changes to the privacy settings in Windows 10. The initial privacy setup has changed, and now provides a bit more information about the various privacy levels and settings. Microsoft is “simplifying Diagnostic data levels and further reducing the data collected at the Basic level.” But in fact there will be fewer privacy levels to choose from, and there’s still no real explanation of exactly what data is sent. And of course the most useful ‘Security’ level (which disables almost all telemetry) is only available to Enterprise users. Us regular folks can only throttle data collection down to the ‘Basic’ level.

According to Microsoft, the Basic level “includes data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft.” This sounds reasonable, but it’s lacking in detail and — for many users — still sounds like an intrusion.

Luckily, there are alternatives. I recently discovered a Powershell script called Reclaim Windows 10 that can disable all of the telemetry settings in Windows 10. I’ve yet to test the script, but it looks promising.

Advertisements in Windows 10?

Microsoft still insists this isn’t about advertising: “We want you to be informed about and in control of your data, which is why we’re working hard on these settings and controls. And regardless of your data collection choices, we will not use the contents of your email, chat, files, or pictures to target ads to you.” I’d like to believe that, but it seems unlikely. Microsoft is clearly taking aim at Google’s huge lead in online advertising, and the idea of having a captive audience for advertising (in the form of millions of Windows users) is obviously just too tempting to resist.

Microsoft continues to push Windows 10, now at the expense of Windows 7, which it now says “does not meet the requirements of modern systems, nor the security requirements of IT departments.”

Update 2017Jan18: Techdirt weighs in.

Anonymity isn’t the problem

There are good reasons to be anonymous online. And yet most people assume that anonymity is just a license to be a jerk. The fact is that some people will be jerks online whether they’re anonymous or not.

Sadly, some less-well-informed people have decided that anonymity is somehow the root of all evil on the net, and think that forcing people to use their real names online will magically make everyone nice. This kind of thinking has even pervaded some very high profile companies, including Google and Facebook, both of which have pushed hard to make people use their real names.

Anonymity is a frequent topic of discussion over at Techdirt, where the comments section is open to the public and allows anonymity. Because the Techdirt staff actually engage with commenters (jerks and otherwise), the debate rarely gets out of hand, and some of the most interesting comments are posted by anonymous users.

Let’s Encrypt’s finances

I’m a big fan of Let’s Encrypt, an organization committed to encrypting all web traffic by proving free security certificates.

I’m also a big fan of transparency, so when LE published a summary of their financial information recently, my regard for their efforts clicked up another notch.

Highlights from LE’s financial information post:

  • Let’s Encrypt will require about $2.9M USD to operate in 2017.
  • The majority of LE’s funding comes from corporate sponsorships.
  • You can donate to Let’s Encrypt using PayPal.

For the record, this web site (boot13.com) and all my other secure sites now use Let’s Encrypt certificates.

Opera 40

Version 40 of alternative web browser Opera includes several major enhancements. Most notable among the changes are:

  • free, unlimited, no-log browser VPN service: when turned on, the browser VPN creates a secure connection to one of Opera’s five server locations around the world;
  • automatic battery saving features for mobile device users;
  • Chromecast support via the Chrome extension;
  • improvements to the video pop-out feature;
  • the newsreader feature now supports RSS feeds;
  • updated browser engine (Blink, aka WebKit).

Sadly, the folks behind Opera seem to be taking a (rather dysfunctional) page from Mozilla – at least in the way changes are reported. Release announcements for Opera are still in the same place on the Opera Desktop blog. But whereas changes in previous versions were reported in changelog posts on the desktop blog (such as this one for version 39), on a page on the Opera documentation site (which stops at version 37), and on the Opera history page (which also stops at version 37), there doesn’t seem to be anything like a change log for Opera 40. Hopefully this is a temporary issue, and something better is on the way. But I’m not holding my breath. This trend toward a general reduction in (and dumbing-down of) information provided to users is not helpful, in my opinion.

Cory Doctorow on the future of the privacy wars

Noted writer and technology analyst Cory Doctorow just posted a new article on the Locus Online web site: “The Privacy Wars Are About to Get A Whole Lot Worse.”

After providing some background on the current privacy situation, and how we got here, Doctorow speculates on what will happen when even the absurd notice-and-consent terms of use agreements that we see (and blindly agree to) every day are gone, leaving us surrounded with devices that invade our privacy without any pretense at consent, all in the name of commerce.

In case you hadn’t guessed, we are talking about the Internet of Things. Despite plenty of warnings from privacy advocates, and numerous real-world examples of the consequences to privacy of poorly-designed devices, the current move toward ‘smart’, connected devices continues apace. And these devices won’t ask for your consent, they’ll just compromise your privacy by default.

Meanwhile, Doctorow wonders whether and when this will come to a head with some kind of legal challenge. There have been attempts to challenge the validity of terms of use agreements that nobody ever reads, but so far the results are not promising.

I’d like to see Microsoft singled out for its current Windows strategy, which includes gathering and transmitting user information, ostensibly for the purpose of providing better support, but which can also be used to better target advertising, another feature of newer versions of Windows. To be sure, these features are currently protected behind terms of use agreements, but even those could disappear in a world dominated by smart devices.

Doctorow is worried about this, and so am I.

The EFF scolds Microsoft for anti-consumer Windows 10 tactics

The Electronic Frontier Foundation (EFF) is “the leading nonprofit organization defending civil liberties in the digital world.” If you’re not familiar with their work, you should be.

In a recent post on their site, the EFF provides a scathing review of Microsoft’s troublesome decisions in relation to Windows 10, including: hitherto unheard-of free upgrades; insistent and entrenched upgrade prompts on Windows 7 and 8; pushing Windows 10 upgrades via Windows Update; categorizing privacy-compromising and advertising-related updates as important for security; user interface tricks that are common to malware; collecting and transmitting large amounts of potentially sensitive data from Windows computers to Microsoft; failing to provide either adequate explanations for — or methods for disabling — various unwanted features; obfuscating their intentions behind claims of improved security and enhanced functionality; and claims that Windows Update is somehow unable to function without privacy-violating functionality enabled.

It concludes with a stern warning:

Microsoft should come clean with its user community. The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations.

Otherwise it will face backlash in the form of individual lawsuits, state attorney general investigations, and government investigations.

We at EFF have heard from many users who have asked us to take action, and we urge Microsoft to listen to these concerns and incorporate this feedback into the next release of its operating system. Otherwise, Microsoft may find that it has inadvertently discovered just how far it can push its users before they abandon a once-trusted company for a better, more privacy-protective solution.

Windows users face a choice:

  • Option #1: Continue using Windows 7, 8 and 10. Trust that Microsoft’s intentions are good; that they are not really trying to control what we see, and track what we do, when we use Windows.
  • Option #2: Continue using Windows 7, 8 and 10. Assume that Microsoft will back down from its more aggressive moves, whether prompted by consumer backlash or legal action.
  • Option #3: Continue using Windows 7, 8 and 10. Disable what you can, block what you can, and stop using Windows Update, hoping that this will prevent Microsoft from compromising your privacy, but making your computer increasingly less secure.
  • Option #4: Continue using Windows 7, 8 and 10. Rely on the computing community to develop ways to block Microsoft’s attempts to control and monitor users (without compromising security), as we’ve already seen in the form of GWX Control Panel and other software.
  • Option #5: Stop using Windows 7, 8 and 10. Rather than wait for Microsoft’s plans to reach their probable conclusion (a Microsoft-controlled advertising platform on every desktop), switch to a less problematic operating system, such as Linux.

Recommendation: Option #5 if you can; otherwise Option #4. Option #3 should be viewed as a temporary solution only, and dangerous in the long run. Option #2 is probably overly optimistic. Option #1 is just sadly naive.

The Verge and Techdirt have their own take on the EFF’s post.

Microsoft: “Upgrade to Windows 10 or we’ll make Windows 7 and 8.1 just as bad.”

Microsoft just announced the next move in their fight to push their advertising platform into our faces, and it’s very bad.

Let’s review, shall we? Microsoft really wants you to use Windows 10. Their official explanation for this includes vague language about reliability, security, productivity, and a consistent interface across platforms. Their claims may be true, but they hide the real reason, which is that Microsoft saw how much money Google makes from advertising, realized that they had a captive audience in Windows users, and added advertising infrastructure to Windows 10 to capitalize on that. The privacy-annihiliating features are easily explained: the more Microsoft knows about its users, the higher the value of the advertising platform, since ads can be better targeted.

A short history of Microsoft’s sneakiest Windows 10 moves

Move #1: Offer free Windows 10 upgrades for Windows 7 and 8.1 users. Who doesn’t like free stuff? Many people jumped at this opportunity, assuming that newer is better.

Move #2: Dismayed by the poor reception of Windows 10, and upset by all the recommendations to avoid it, Microsoft creates updates for Windows 7 and 8.1 that continually pester users into upgrading, in some cases actually upgrading against their wishes or by tricking them. Angry users fight back by identifying and avoiding the problematic updates.

Move #3: Still not happy with people hanging on to Windows 7 and 8.1, Microsoft creates updates that add Windows 10 features to Windows 7 and 8.1, including instrumentation related to advertising. Again, users fight back by identifying and avoiding these updates.

Move #4: Microsoft announces that business and education customers can avoid all of the privacy-compromising and advertising-related features of Windows 10 through the use of Group Policy. This is good news for bus/edu customers, but then again, those customers pay a high premium for Enterprise versions of Windows already. At least now Windows 10 is a viable option for those customers.

Move #5: Microsoft realizes that the Group Policy tweaks provided for bus/edu customers can also be applied to Pro versions of Windows, Microsoft disables those settings in the Pro version. Windows 10 Home users never had access to those settings. Angry users are running out of options.

Move #6: Which brings us to today. Since the only way to avoid privacy and advertising issues (borrowed from Windows 10) in Windows 7/8.1 will be to stop using Windows Update entirely, angry users are now looking at alternative operating systems.

We know business and education customers won’t be affected by this latest change. The rest of us will have to suffer – or switch.

Assuming Microsoft doesn’t back way from this decision, I imagine my future computing setup to consist primarily of my existing Linux server, and one or two Linux machines for everyday use, development, blogging, media, etc. I’ll keep a single Windows XP machine for running older games and nothing else. In this scenario, I won’t run newer games if they don’t have a console version. Aside: if I’m not the only person doing this, we might see a distinct decline in PC gaming.

Dear Microsoft: I only kind of disliked you before. Now…

Computerworld has more. Thanks for the tip, Pat.