But it’s not the first Windows release to face scrutiny and controversy, and as it turns out, Microsoft’s data policies are a lot clearer than its competitors in a number of key areas. Plus, much of the advice that concerned users are offering can cause more privacy problems than they solve.
Is this Winpocalypse, or just tinfoil hat paranoia?
Remote app kill
The idea that Microsoft can remotely remove unlicensed applications is a common misconception, and it starts with a correct interpretation of the wrong document. True, the Microsoft Services Agreement states explicitly “We may automatically check your version of the software and download software updates or configuration changes, including those that prevent you from accessing the Services, playing counterfeit games, or using unauthorized hardware peripheral devices.”
Security risks need to be dealt with quickly, and are almost never solvable at the user end.
But scrolling a little further down reveals another more relevant truth — that agreement doesn’t include Windows as an operating system. It does cover apps downloaded or purchased from the Windows Store, as well as Xbox and Windows Live games. But most companies use some form of DRM on games anyway, and the policy doesn’t extend to non-Microsoft titles.
It’s also very important that Microsoft be able to do this, at least with apps distributed through the Window Store and Windows Update. Security risks need to be dealt with quickly, and are almost never solvable at the user end. In those cases where an app has started spreading malware, machines that aren’t updated will continue to be affected by, and propagate, the software.
Data or telemetry
One of the keys to understanding why the Microsoft privacy policies aren’t that scary is knowing the difference between data and telemetry. While data is the actual contents of the files on your system, telemetry is the usage data that every system keeps track of, and Microsoft treats them very differently.
Microsoft couldn’t be clearer about the difference. In a plain English blog post discussing privacy concerns in Windows 10, it’s clearly stated that collected data includes “an anonymous device ID, device type, and application crash data” and “doesn’t include any of your content or files.” In addition, Microsoft takes “several steps to avoid collecting any information that directly identifies you, such as your name, email address or account ID.”
If error reporting and anonymous traffic is still a concern, then the next step is smashing your smartphone and getting off the grid. If you just don’t believe Microsoft specifically, that’s a different story, and one that statements from them won’t assuage.
Solutions to avoid
One of the most popular solutions the privacy changes in Windows 10 is to stick with Windows 7. That’s a far greater security risk than updating, even if you’re convinced Microsoft’s cronies are after you.
One site I found recommended blocking all network contact by Windows using the built-in firewall. The site suggested doing so by downloading and running a batch script as an administrator. That’s such a bad idea, my mind nearly imploded after reading it. I still can’t comprehend how anyone could even suggest it with a straight face. Perhaps they weren’t – perhaps it’s opportunistic malware.
This isn’t the same tone-deaf Microsoft that took away the Start menu in Windows 8.
There are other issues, too. Blocking Windows telemetry at the firewall level is guaranteed to disable not just features like Cortana, but also important system events like error reporting and critical security updates, even if the features that require contact have already been shut off.
Apart from that, running a downloaded batch script could enable all sorts of worse reporting and tracking from people who won’t be honest about that data’s use like Microsoft will. Doing so is a far greater security threat than anything Microsoft is doing, and you should question the security advice of anyone who points you in that direction.
Hard drive upload and access
Dr. Avery Jenkins, a chiropractor in Litchfield, Connecticut with a background in tech, points out what he believed to be a serious privacy concern for doctors using Windows 10 on his blog. In it, he cites a specific passage of the Windows privacy policy, claiming that it “gives Microsoft permission to Hoover up every particle of data on a doctor’s hard drive.”
There are two important factors that prevent this from being the case, and they have to do with how Microsoft defines data, and the reasons that data can be shared. Importantly, the data collected by Microsoft only includes files you upload to OneDrive, not all of the data stored locally, or even on another non-Microsoft cloud service.
When it comes to government requests for data, Microsoft is almost shockingly open about its cooperation, sharing what it can on the Microsoft Transparency Hub. While some companies share this information in similar ways, most release only occasional reports with a few numbers on percentages of requests fulfilled.
What can actually be done
Dr. Jenkins is actually offering sane, reasonable advice about protecting your privacy. With a little bit of extra work learning how an operating system functions, Linux is an effective option for keeping private information local. Carefully selecting and maintaining a distribution leaves systems beholden to no business, but places security in the user’s hands.
“I turned to Linux years ago because I was concerned with security, as well as reliability. Today, all my systems are open source and run on Linux. My server runs Debian, and all of the other computers use Ubuntu.” It would seem the source of Dr. Jenkins move wasn’t Windows 10 specifically, but instead he knew that truly protecting patient privacy means examining computing needs at a very basic level, and putting in the time yourself.
If that solution seems a bit extreme, it’s not a bad idea to stick with Microsoft. The amount and contents of the uploaded data is not tied to you in any meaningful way, and there’s no clear indication that any sensitive data is finding its way into the telemetry.
Times have changed. Operating systems, from mobile to desktop, are more reliant on the cloud than ever, and the communal effort to improve the OS experience is stronger than ever. Achieving that requires some compromise on the user end.
But this isn’t the same tone-deaf Microsoft that took away the Start menu in Windows 8. Windows 10 is a modern OS in line with common data use and computing practices. You can either get used to it, tweak it to fit your needs, or check out what Linux has to offer.
