With Windows 10, Microsoft has raised user data tracking to new levels. Worse, Microsoft has been reticent to divulge what it’s collecting and exactly how it uses that gathered data, further blurring the thin line it’s walking between telemetry and snooping.
In fact, Microsoft’s unwillingness to share details about the user data it gathers from Windows 10 has been one of the two main reasons for sticking with Windows 7. (The other, forced updates, may be solved in a few months.) So when Executive Vice President of Windows and Devices Terry Myerson announced forthcoming changes to Microsoft’s data collection features in Windows 10, you can bet the Windows faithful were listening.
In his blog post, Myerson renewed Microsoft’s commitment to providing “the most secure Windows ever and a product you love and trust.” It’s a laudable goal and, given the current regulatory pressures in Europe and a scathing rebuke from the Electronic Frontier Foundation, a timely one. Says Myerson:
Many of you have asked for more control over your data, a greater understanding of how data is collected, and the benefits this brings for a more personalized experience. Based on your feedback, we are launching two new experiences to help ensure you are in control of your privacy.
First, today we’re launching a new web-based privacy dashboard so you can see and control your activity data from Microsoft including location, search, browsing, and Cortana Notebook data across multiple Microsoft services. Second, we’re introducing in Windows 10 a new privacy set up experience, simplifying Diagnostic data levels and further reducing the data collected at the Basic level.
Any reduction in Win10 data gathering is praiseworthy, as is any increase in transparency. But will this new initiative significantly reduce the amount of data collected? Or, more important, will we learn more about what data is harvested and how it is handled? The days of “love and trust” for Windows may be gone, but there’s still hope that plain talk and honesty may help us Windows users sleep a little better at night.
Following is a side-by-side comparison of Myerson’s new offerings for Windows 10 Creators Update (due in April or so) and what we already have in Win10 (version 1607, released last July). The results may surprise you.
The Settings app
Win10 currently sports an enormous array of privacy settings—almost 100, scattered across 16 categories in the Settings Privacy applet (screenshot).
We don’t yet know what the final Creators Update Privacy Settings will look like, but comparing the current (1607) Privacy Settings with the latest beta (15002) Privacy Settings reveals no significant differences.
Conclusion: If there’s an improvement in privacy in the Creators Update, it has yet to appear in the 15002 Settings app.
The Privacy Dashboard
Windows 10 users currently have access to many websites to control how much data is collected about your Microsoft account. In some cases, these sites allow you to remove items from history or change what data will be collected in the future. The privacy review sites include the following:
- An advertising opt-out page that lets you disconnect targeted advertising from your Microsoft Account and the independently maintained Advertising ID.
- A Bing Personalization page that points you to the next four pages and lets you clear Cortana data for personalized speech, writing, and typing.
- A Bing My Interests page with details of your preferences for news, financial information, sports, weather, and the like. You might want to take a look at what Cortana (er, Bing) knows about your financial interests.
- The Bing Maps page with “Show my Places” enabled. You can remove any saved places by clicking the Edit button in My Places, then clicking the “X” to the right of the place you want to remove.
- The Bing Search history page lists recent searches conducted with Bing, Edge, and Cortana. In my tests, manually clearing the search history in Edge did not clear the history on those pages.
- The Bing Settings page, which may include your location.
I have no information about similar data collected for Local accounts and whether they’re associated with IP addresses or Microsoft Advertising IDs.
In conjunction with Myerson’s announcement yesterday, Microsoft completely revamped its Account page (account.microsoft.com) adding, among other items, a new tab called “Your privacy” (screenshot), which Myerson dubbed the “Privacy Dashboard.” The redesigned site looks much more modern than the old Bing pages, but when it comes to the nitty-gritty details, it’s a mixed bag.
It’s important to note that the new Account page—the Privacy Dashboard—is not tied to the Windows 10 Creators Update. It’s live, right now, and it works with existing versions of Win10.
The Privacy Dashboard’s Browse tab now explicitly states that your Edge browsing history—the list of URLs you have visited—is stored on your computer and on Microsoft’s servers: “If browsing history in Cortana is turned on, your Microsoft Edge browsing history is sent to Microsoft.” To find the Browsing History slider, click on the Cortana circle, choose the notebook on the upper left, then Permissions. I have no idea why the setting isn’t in Edge.
Part of this Privacy Dashboard entry is old as the hills: It explains how to delete browsing history in Edge, aka the list of URLs stored on your computer. Part of it is new, though. To wipe away your browsing history, you have to clear it out of your browser and then go to this site to get the vestiges swept off the web. As best I can tell, until this week, Microsoft had never announced that it is storing Edge URL history on the internet (Google cache here).
This Privacy Dashboard entry serves as notification that Edge browsing history is stored outside of your machine, and it gives you tools to delete that browsing history. Repeated attempts to get Internet Explorer to stow its URL history on the web were unfruitful.
The Location tab on the Privacy Dashboard works differently from the Bing Maps page. In Bing, you can delete saved Places. In the Privacy Dashboard, you can delete your location history, over the past two weeks, three months, six months, or forever. Of course, any location history stored by one of the Windows apps is unaffected.
There’s also a link on the Privacy Dashboard to the Microsoft Health web page.
Conclusion: Aside from the revelation that Edge browser history is stored in Microsoft’s Cloud, there are only two changes I could find with the Privacy Dashboard, neither of which is tied to the Creators Update.
- The ability to delete Edge URL history that’s stored in the cloud
- The ability to delete recent location tracking history
Changes to Setup
Myerson demonstrated a new privacy screen that appears when you set up Win10 Creators Update. He says:
We will introduce a new set up experience for you to choose the settings that are right for you. This experience, which replaces previous Express Settings, will look slightly different depending on the version of Windows you are using. If you are moving from Windows 7 or Windows 8, or doing a fresh install of Windows 10, the new set up experience will clearly show you simple but important settings and you will need to choose your settings before you can move forward with setup. If you are already using Windows 10, we will use notifications to prompt you to choose your privacy settings.
Nobody’s seen the new screen in action, but we have a prototype (screenshot).
This single screen replaces two screens that appear in the current Win10 version 1607 setup (screenshots).
As you can see, the new Location setting correlates very closely with the old Location setting. The new Speech recognition setting includes some of the old Personalization setting. The new Diagnostics setting encompasses both the old “Send error and diagnostic information to Microsoft” and parts of the old Personalization settings, with some browser info thrown in for good measure. It ties in to the new Diagnostic data collection level (see the next section). And the new Relevant ads setting seems to correspond to the old “Let apps use your old advertising ID for experiences across apps.”
The odd man out is the new setting marked “Tailored experiences with diagnostic data.” That one raises a red flag for me because it says Microsoft can use diagnostic data to “get more relevant tips and recommendations to tailor Microsoft products and services for your needs.” I guess it all depends on what you mean by “diagnostic data,” but clearly Microsoft includes personally identifiable data—what one might call snooping—in its definition of “diagnostic data.”
Each of these setup settings has to map onto some setting in Creators Update. Presumably most of them would go into the Windows Settings app. But given that build 15002’s Settings app is almost indistinguishable from 1607’s (see the first section), it’s not clear how Win10 users will be able to change these setup privacy settings.
Conclusion: Major changes in the Creators Update, with no perceptible beneficial effect, as yet, on privacy.
Changes to Diagnostic data collection levels
You might have noticed that the Diagnostics setting in the setup screen is marked “Full” instead of “On.” There’s a reason why. Your alternative to “Full” is called “Basic”—most emphatically not “Off.”
In the current Win10, version 1607, buried deep in the Privacy Settings applet, there’s a setting called Diagnostic and usage data (screenshot).
You can currently choose from three settings—Basic, Enhanced, and Full (Recommended). Myerson explains that the Enhanced option is going away in Creators Update:
We’ve simplified our Diagnostic data collection from three levels to two: Basic and Full. If you previously selected the Enhanced level, you’ll have the option to choose Basic or Full with the Creators Update. We’ve further reduced the data collected at the Basic level. This includes data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft.
There’s a Microsoft Privacy page devoted to this setting that hasn’t been updated yet to reflect the new two-level system. You can see a lot of overlap in terminology between Myerson’s description of Basic and the description in that Privacy page.
If I may put on my tinfoil hat for a moment, the description of Basic diagnostic data that appears in Myerson’s post sounds like plain-vanilla telemetry. But check out the description of diagnostic data in the initial privacy setup screen:
Tailored experiences with diagnostic data / Get more relevant tips and recommendations to tailor Microsoft products and services for your needs. Let Microsoft use your diagnostic data to make this work.
It sure sounds like Google-level snooping.
Conclusion: I don’t know what to make of it.
The upshot of Microsoft’s stance on your privacy
Microsoft has never given us a definitive list of what, exactly, is included in Basic diagnostic data. It sounds like it’d be simple enough, but I’ve never seen a list. We have no way of verifying what data is going out—the packets are encrypted, as they should be. On top of all that, we don’t really know which privacy choices lead to what kinds of data heading to the mothership. There’s a lot more than Basic diagnostic data floating around.
Instead of providing a plain, simple list—and a big Off switch—Microsoft could arrange to have an independent auditor take a look at the situation. That seems unlikely to happen now, as the new setup screen has passed muster with the Swiss data protection authority, according to Reuters:
“The FDPIC investigations revealed that data processing in connection with Windows 10 did not conform in every respect with the data protection legislation,” the authority said in a statement. In response, Microsoft made proposals to the commissioner which had been agreed after adjustments by the FDPIC. “The technical implementation of the modifications requested by the FDPIC will be carried out worldwide as part of the two Windows 10 software releases planned for 2017,” the FDPIC said. The Swiss government agency said the agreement with Microsoft meant there was “no need for court proceedings”.
Even the Electronic Freedom Foundation has toned down its initial stab. Nick Heath at TechRepublic quotes Amul Kalia, the author of the original EFF report, as saying: