Clarity on Windows 10 Data Collection

by [Published on 21 Oct. 2015 / Last Updated on 21 Oct. 2015]

In this article we consider the reasons behind Microsoft’s data collection protocol for Windows 10 and how to opt out of certain features if you choose.

Some confusion and mixed opinions have surfaced regarding Microsoft’s requirement to collect data from their users when utilising the Windows 10 OS. Windows 10 launched recently with many default settings for collecting certain data.

Introduction

Data privacy and security is a hot topic at present. We want the right to keep our data private and secure, the two go hand in hand. Millions of users have taken to upgrade, for free, to the new Windows 10 edition, to keep abreast with the evolving technology and the new features promising improvement on previous renditions.

Some people are disconcerted by the magnitude of data mining being undertaken through the new OS. Confusion has set in, be it through misinformation or mere unawareness, it has surfaced for some and users are now battling data concerns with regards to the what, where and whys?

To add further fuel to the fire, many of the data collecting features reach the user as default ‘on’, some cannot be opted out of and if they can it is extremely difficult to do and to achieve comprehensively, this has been noted by tech savvy users so if they find it challenging it will be near impossible for the average user. The privacy settings appear to be very intrusive by default and many users will accept these default settings without question, never knowing what data they are openly handing over not because they necessarily don’t mind but rather due to the lack of clarity and not being knowledgeable of what is happening behind the scenes.

Microsoft has also rolled out diagnostic data collection procedures, in the form of updates, to previous Windows versions, 7 and 8 to improve and diagnose the products.

Perhaps user concerns are unfounded, nevertheless it seems as though users are unclear of how Microsoft has adapted features to collect and send data and are also uncertain as to what they are able to do about it, if they disapprove.

The need for user tracking and data collection

Microsoft has launched many great features with Windows 10; it is easier to navigate and a lot quicker. It is suggested that this efficiency and many new features of the OS are only fully achievable through learning from its users and thus tracking and using their data.

Microsoft collects data on how the platform, computers, devices connected to it and applications are utilised for diagnostic purposes and to improve their products. By default, tracking the way in which users type, the applications they use as well as their browsing history and personal information that is configured for Windows 10. However the data retains anonymity.

Microsoft is not alone in tracking and information collection; other tech giants practice the same (Google, Facebook, Apple, Twitter), perhaps digital privacy is evolving and letting go of some privacy is necessary to move forward and is becoming more of the norm. For those utilising social media and the likes they may have less apprehension but others feel concern regarding their privacy.

Through tracking, user experience can be greatly improved however the same data used to do this may be utilised for other commercial reasons as well, with no benefit to the user.

The type of data collected and why

Microsoft collects three types of data (all data is encrypted and is non-identifiable)

Data required for functioning with safety and reliability

This data includes device IDs, and device types connected to the platform as well as crash reports and data that can assist in improvement of the software. Many of the Microsoft apps require personal information to function (location for example). Also tracking app usage gives insightful information.

Personalisation data

This is to aid in a personalised windows user experience. Personal data is collected the user is tracked so that Microsoft can learn your inclinations and behaviours and offer an experience best suited to you. Personal data is also collected for communication purposes (phone number, email, and mailing address of its users).

Advertising data

Data related to targeted advertising. Windows 10 creates a unique advertising ID for each user.

Default privacy settings and choosing to opt out

Microsoft’s Privacy statement clarifies the data that is collected and when you download the Windows 10 OS and accept the terms of service you are saying you understand and agree. Unfortunately, not many users read these pages of terms; many users simply check the box and move on. Many users are not aware of the extent of those terms.

The privacy settings are a concern mainly because they are not set to ‘private’ by default and this is left to the user to realise and change.

The concern that users may have with the Windows 10 OS is the privacy settings are broad, unclear and very difficult to locate. Some argue that Microsoft are lacking in transparency with regards to Windows 10 OS. It is challenging for the user to understand what is going on behind the scenes and when they do realise, it is more challenging to opt out. Even if the user chooses to opt out of all data collection during the OS setup, some data-sharing features can only be disabled if utilising an enterprise version of the OS. Thus some features are obligatory for and concealed from some users of some Windows 10 OS editions.

The lack of transparency is causing trust issues, although Microsoft advocates that any information shared with them is done at the users own discretion and never without their permission furthermore the data is anonymous and secure.

Some users feel cheated and left in the dark as the responsibility of vigilance is left solely to the user to decide what they are comfortable with and figure out how to change things if they are not.

Changes to these settings appear to be anything but simple, multiple settings screens and external websites prove how convoluted it may be.

For some of the Windows 10 features to work, these settings need to be enabled, however if the user is not contented with the magnitude of data being shared and how it is being used there are a few things that can be done during installation of the OS and once it is installed.

Features like Cortana and the Edge Browser with Windows 10 OS require data for functioning and actively collect user data. For Cortana to function in the way that it does it needs to acquire all that personal information.

Also if you choose to utilise Express set up, many of the features are set as default features and you are agreeing to share that data. If you have concerns regarding your privacy and that of your data it is best to not utilise the Cortana feature and Edge and be sure to not use Express set up.

Cortana collects data through tracking your Internet searches and perusing your email, searching for information it can use to ascertain about you. Cortana collects a lot of data; the data may include information on location, contacts, calendar detail, input data, speech/voice and text and the frequency of your interaction as well as the people you interact with. If you are not comfortable with this you can choose to disable this feature through not linking Windows 10 to a Microsoft account. This is done at set up through ‘creating a new account’ and not signing in with a Microsoft account. Cortana will not be able to function but your privacy in this regard will remain intact. The information stored about you is secured and you can choose to edit it. It must be noted that Microsoft will disclose this information with the authorities and/or government if required by law.

The creation of a Microsoft Account is prompted by default. If you are concerned at all about your privacy you should avoid this. Opting out of creating an account will keep your information and activity local to your computer whereas if you create one, Microsoft can link all the information gathered to your ID.

If you sign in with a Microsoft account the OS automatically syncs by default, the user settings and data sync to the Microsoft cloud. This may be a useful feature but some may wish to disable this feature to retain further privacy.

Edge, the new Microsoft browser, is another area where data is collected. The browser defaults to Bing, which studies user data for page prediction and advert personalisation. If you choose to protect your browsing history, the user can opt out of ad tracking through Microsft.com site and page predictions, search suggestions and SmartScreen filter can be disabled in Edge’s settings.

By utilising Express set up many default privacy settings are enabled. To avoid this do not use Express settings, use Customise settings and disable everything you are not comfortable with.

There are a multitude of privacy settings to consider, most importantly under ‘General’, ‘Speech, Inking & Typing’ and ‘Location’ pages. Disable everything you do not need or that you feel may infringe on your privacy. You can change the settings for how your computer uses the data about location, devices (camera, microphone) etc. You can also set the settings for ‘feedback frequency’ to ‘never’ and ‘diagnostic and usage data’ to ‘basic’, limiting the information that can be collected.

The Wi-Fi-password sharing, Wi-Fi Sense, feature allows you to easily share passwords with friends allowing for automatic connection to your network. If you are not comfortable with your passwords being stored with Microsoft you should disable this feature by opting out your networks name.

Conclusion

The digital age is evolving and for functioning and innovation data is required. Microsoft is not alone in gathering data and using it in the way that it does.

Many choose to utilise these ‘free’ products and services but nothing is ever really free, payment is being made in other forms, information sharing is one.

This is the way of the digital world and notably, from the millions of users on social media presently, not everyone is too concerned about their data or the usage thereof. However for those who are, the options to opt out should be clearly available and made easy to achieve.

Ultimately the responsibility is with the user to make sure that they are happy with the privacy settings and enable or disable as required, in order to do this the user needs to be properly informed and facilitated to make these choices easily. The terms should be clear and the user should ensure that they read and understand them so that they can achieve a balance that they are comfortable with.

See Also


The Author — Ricky M. & Monique L. Magalhaes

Ricky M. & Monique L. Magalhaes avatar

Ricky M Magalhaes is an International Information Security architect, working with a myriad of high profile organizations. Monique is an international security researcher, she holds a BSc Degree (Cum Laude). Previously she has focussed on research and development at leading enterprises in the Southern hemisphere.