Privacy and advertising in Windows 10: Both sides of the story

Privacy and advertising in Windows 10: Both sides of the story
Credit: CSO staff

Maybe it’s time to break out the tinfoil hats, maybe we’re seeing an industry-wide shift in exchanging privacy for features -- or maybe both

While Microsoft’s been collecting personally identified information of various kinds for more than a decade, Windows 10’s going to turn that trickle into a gusher. You can curb some of the data-gathering proclivities with various tools and websites, but you won’t be able to turn it off entirely without disabling some features that you’ll probably want to use. And no matter how you shake it, Windows needs access to that info in order to provide you with the services you likely want.

The decrease in privacy and concomitant increase in advertising in Windows 10 is a multi-edged sword. I’m not saying you should necessarily avoid it. I am saying you should understand it. The privacy infringement goes much deeper than simply setting up a Microsoft account.

Let’s start with the obvious: Windows 10 collects much, much more personal data than any of its predecessors. The data’s generally sent to Bing and from there it’s attached, presumably, to either your Microsoft account or some sort of identifier based on your IP address. There’s also your personal Advertising ID. You knew about your personal Advertising ID, yes?

Chris Hoffman at HowToGeek.com has an excellent overview of 30 different ways Windows 10 collects data and sends it to the Microsoft servers. If you haven’t yet read that article, you should. By default, Microsoft starts adding data to your Advertising ID, sharing that data with Universal (nee “Metro”) apps. There’s a list of every URL you visit, and every program you download. Location and location history. Voice, writing, and speech patterns. Contacts, calendar events, handwriting, typing “history.” Communication history from messages and apps (presumably including Universal Mail). All of your usage telemetry. All of your searches, even local, get sent to Bing and Windows Store. BitLocker recovery keys (with some nuances) are saved, unencrypted, in the Microsoft cloud. Windows Defender malware samples. Edge sends along every character that you type in the search box. If you use a Microsoft account, you also send many of your settings to Microsoft’s servers, along with a list of all devices you’ve logged in from. Windows 10 can use some of your bandwidth to upload patches to other computers.

Many of those settings can be turned off; some can’t. Many of those settings exist in Windows 8.1. Few are in Windows 7. Some are brand new to Windows 10.

Microsoft has one large site, choice.microsoft.com, that lets you control how/if Microsoft uses the collected personal data to dish up ads. You can even opt out of receiving Microsoft-personalized ads in your browser, and/or in all the places where you use a Microsoft account. Note how that doesn’t keep Microsoft from gathering the data, and it doesn’t flush your existing data from the Microsoft servers.

There’s also a Bing site that lets you clear saved favorites, interests, places, and Cortana data, with links to similar sites for Xbox, OneDrive, and Outlook. Again, there’s no offer to flush all existing data, except for Bing searches and Cortana data.

Hoffman concludes by saying:

This is just a conservative list, and probably isn’t complete. There are many other ways Windows 10 arguably phones home. Windows 10 includes apps for a variety of Microsoft services: Cortana, Bing, Outlook.com, OneDrive, Groove Music, MSN, and Xbox. Each of these services may have its own privacy policy and store data about you in a different place if you use them.

Sebastian Anthony at Ars Technica UK has a rundown of the settings you can change to minimize -- but not eliminate -- the Windows 10 data harvest. John Brandon at Computerworld points to Microsoft’s privacy policies, and reflects on some of them based on responses from Microsoft.

Microsoft’s expecting some major gains in Bing usage, specifically because of Windows 10. Given all the alleys from Windows 10 to your personal Bing information, it’s easy to understand why. Bing ads GM David Pann posted a blog about the topic, but it looks like Microsoft pulled it. You can see a Google cache of the blog. In it, Pann says:

We’re estimating query volume gains from 10 to 15 percent as early as September -- not only from new users, but from existing Bing users who will now use Bing more frequently.

What’s behind this increase?

Windows 10 puts Bing and Cortana at your service when and where you need them, without having to leave what you’re doing to launch a browser -- even if you can’t spell or type.

For example: The new task bar on the Windows 10 desktop is a direct line to Cortana (and Bing). Spoken or typed Web searches now bring up Bing search results, which includes relevant ads.

When users launch the new Microsoft Edge browser, they will see the brand new MSN -- optimized for search. Only Edge has Cortana built right into the address bar.

I think you might understand why Microsoft pulled the post -- assuming they did pull the post, and it didn’t just self-destruct. 

Windows 10 doesn’t just collect data. It’s perfectly capable of using that data to dish up ads. Not the browser, not the website: The operating system itself. We saw some of that in exuberance during the beta.  For example, the Windows 10 lock screen used to have a feature called Windows Spotlight, which appeared to be an advertising opportunity waiting to happen. It’s since been removed from the Lock Screen list. The Windows 10 Start menu used to have a reserved “suggestions” slot on the left, just below the Recently Added slot. The setting for it was labelled “Occasionally show app and content suggestions in the Start menu.” It’s gone, too, but not forgotten. Microsoft started plastering ads on its Weather app in Windows 8, at least in some locations. For a short time, the ads also appeared in the Windows 10 beta. The action met with such vehement reaction in the Windows Feedback arena that Microsoft pulled them quickly.

Microsoft's collecting the data. At some point they're going to use it. In Edge, yes, and on websites with Microsoft-delivered ads, certainly. But they may well use that data for advertising inside Windows. Microsoft has already demonstrated, conclusively, that it’s capable of taking almost any Windows 7 or 8 computer and inject advertising. They’ve done so with impunity. Advertising inside Windows 10 may well become commonplace.

A friend of mine, who identifies himself as a “privacy nut” and no doubt wears a tinfoil hat from time to time, has been peppering me with questions. They’re good ones.

I have nothing to do with Windows 10, but I email a friend who has Win 10 and has allowed all of the settings to be left in their defaults. Doesn't this mean that not only can Microsoft see his outgoing emails but also my incoming one as well? It seems to me that my privacy might be compromised by Microsoft if I communicate with anybody using Windows 10 even though I want nothing to do with it.

I can avoid having my information mined by social media by not participating on such sites. I can prevent my browsing to be tracked to a decent extent by my choice of browser, how I browse, and what anti-tracking software I run ... I have gone to great lengths not to be tracked, not to be the subject of targeted advertising ... The primary difference is that for Google to get my information and be able to use it, I have to visit a Google site. But Windows10 is not a site, it is an OS. When the invasive things become part of one’s basic operating system, tracking has been raised to a whole new level.

And what will happen down the road when clever hackers penetrate Microsoft and help themselves to all the stored data?

Unfortunately, I think, times are changing. More and more people are willing to give up some of their privacy in exchange for features that they want. For example, there’s no way in hell Cortana can tell you that you need to leave for a meeting unless it knows when and where the meeting will happen -- most likely by scanning email.

Microsoft says it doesn’t scan the contents of emails for the purpose of targeting ads, nor does it look inside OneDrive files, although there are exceptions, which you enable as part of setup for Cortana. Google admits to scanning mail and files but it refrains, we’re assured, from looking at the contents of paid accounts and academic accounts (Apps for Business and Apps for Education accounts) -- an approach that was certainly helped along by various lawsuits. Apple likes to stand aloof, but there have been reasonable questions asked, for example, about Siri and privacy. Matthew Hughes at Makeuseof explores a charge that Siri recordings made by Apple end up in the hands of third-party analysts.

I tend to think of the whole situation as a shift in the business model for Windows. Microsoft won’t make as much by selling Windows. Perhaps it’ll make up for the loss by gathering information Google-style, targeting ads in Bing results, Universal apps, Edge, and/or advertising in free copies of Windows.

Heaven knows they’ve perfected the method for pushing “important updates” to advertise in Windows 7 and 8.1. And Windows 10, with its forced updating, could adapt to advertising in nothing flat.

What does it all mean for you, the Windows customer? That depends a great deal on how you feel about your privacy. The most important concern, from my point of view, is that you understand the breadth and depth of the tar pit you’re about to jump into.

If it’s any indication, I, personally, have embraced our electronic snooping overlords. I’m happily using Windows 10, Cortana, even a little bit of Edge on my main machine all day, every day. I figure Microsoft can throw all the ads at me that they want. I don’t have to click ‘em.

Your reaction may well differ.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies