196

Windows 10 is perhaps the most Internet-connected and cloud-centric operating system released by Microsoft to date. This, of course, has caused many users to be concerned about how the OS respects their privacy (or doesn't).

Multiple sources are now claiming that this OS reports user data to Microsoft which could be violating the users' assumptions of privacy. (A couple of examples are linked below.)

How legitimate are these concerns and claims? Is Microsoft actually collecting data about Windows 10 users' location and activity? Are they actually authorized to do so, simply by a user's acceptance of the EULA?

I'm aware that Windows 10 sends malware files to Microsoft for analysis. This is a common and generally-accepted practice for most antivirus products, and antivirus is known to be integrated into this OS. What about the other information?

Peter Mortensen
  • 885
  • 5
  • 10
  • 1
    Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/26996/discussion-on-question-by-zviad-gabroshvili-how-does-windows-10-allow-microsoft). – Rory Alsop Aug 15 '15 at 11:02
  • 17
    This is a highly relevant question but a key component seems to me forgotten. `↵` What is the risk that these reports to Microsoft will cause **data leaks** to **companies** and **governments**? How could it be seen as acceptable that this risk is **accepted** by an **EULA**? – dan Aug 15 '15 at 13:24
  • 6
    Please note that it's not just Microsoft that's "spying" on you. Every other company that you do business with does their own market analysis in some way. Even supermarkets analyse your purchasing habits and can even figure out if your daughter is pregnant before you do. It's when this data is shared with people that might abuse that information, like governments or criminals, that you should start worrying. As stated in some answers, Microsoft will only disclose this data if it's needed to comply with law enforcement. – Nzall Aug 15 '15 at 19:58
  • 9
    The Privacy statement that's included by mention as part of the EULA says "we will access, disclose and preserve personal data ... when we have a good faith belief that doing so is necessary to ... protect our customers, for example to prevent spam ...". Comments are not for extended conversation, so I will not add another comment here, but a careful read of the EULA and its inclusions, especially the Privacy statement, does not remotely support the claim that "MS will only disclose this data if it's needed to comply with law enforcement". – raiph Aug 15 '15 at 20:15
  • 3
    @raiph Agreed, Microsoft will ultimately use the data for whatever purpose Microsoft deems will provide the greatest benefit to Microsoft, just like any other company will. Tandy Corporation is a good, recent, "for instance," putting all their customer PII up for sale after promising (cross our heart, honest) that they would never do that. The thing about Windows 10 is that the tracking is built-in to the operating system itself and unless you disable it, every search you make for anything *on your own computer* is also stored at Bing. – Craig Tullis Aug 16 '15 at 17:57
  • 1
    After reading through this post, i thought i should change some privacy settings to opt-out, this tutorial was very helpful [How to Turn off Windows 10 'Spy - Keylogger' Privacy Settings](http://dothisbest.com/how-to/turn-off-windows-10-spy-keylogger-privacy-settings/) – Luzan Baral Sep 08 '15 at 13:12
  • 1
    Coming back to your interesting question, if you are still interested, you may read **[this question](http://security.stackexchange.com/questions/98172/what-are-the-privacy-and-security-implications-of-windows-telemetry)** and see the nature of data Windows 10 *steals* from its users (including personal files). Unlike the answer above that states you can survey Windows 10 traffic, I mentioned a serious study that says it is impossible to do that (they see Windows leaking out data but they can not read it). –  Sep 09 '15 at 20:08
  • I thought we should only do "Next..Next..Next..finished"? who reads terms and conditions/Agreements/privacy statement? >:) jk – Ceeee Nov 23 '15 at 04:52
  • It's worth noting that, according to the snowden leaks, Microsoft was apparently among the very first to agree to the NSA's PRISM collection program. I think that should tell you all you need to know about their trustworthiness with personal information. https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data – Alkanshel Jun 14 '20 at 21:55
  • I can't turn this into a full response because I don't have enough reputation ... I recently had to reinstall Windows. The installation wizard contains a lot of screens in which you have to basically press "Next" repeatedly (like what is your keyboard layout, what is the language, etc.). Then when you are on the verge to press "Next" again, the serious questions pop up. One of it specifically asks you if you want to send Microsoft "enhanced" personal information, specifying that these informations would include **all the websites you visit** (again, it's clearly written explicitly) cont. – robertspierre Dec 07 '20 at 01:24
  • ... and other personal data (location, GPS, names, etc.) which I don't remember the full list (it would be easy to me to install it in VM and take a screenshot, but don't have enough rep to make a reply). The second option would to send them more "basic" info (I am sure that didn't include the lists of all websites you visit). After you installed Windows, the OS insists on you using Edge. If you search for "Google Chrome" using Microsoft Edge (and Bing), a pop-up will show us, where Microsoft strongly recommends you to stay with Edge, it being faster, nicer, etc. cont. – robertspierre Dec 07 '20 at 01:27
  • I guess that their insistence on using Edge is related to the question about sending them all the websites you visit? Point is: (i) pay very strong attention to the questions it makes during installation, don't press "Next" repeatedly because after the more obvious questions come the questions about privacy (ii) I guess it would be technically possible for them to send the personal websites also if you use Google Chrome, but that would mean intercepting Google Chrome traffic somehow and would seems to far – robertspierre Dec 07 '20 at 01:30

4 Answers4

161

It's worth noting that your first link is in relation to the Windows Insider program. The Windows Insider program provides you with pre-release software that does call home with usage details and other information. This is something that you agree to by installing the Windows Insider preview - if you don't like it, you don't have to install it, it's completely your choice.

The EULA for the released version of Windows 10 doesn't include this section and there is no evidence that this information is being collected (which of course could just mean they're better at hiding it).

The second link that you've provided is regarding the Family functionality, this is functionality that has to be enabled in order for it to work and collects application usage statistics and browsing history. In the instance linked in the article, it's perfectly possible that this functionality was enabled in Windows 8 and expanded upon when the upgrade to Windows 10 occurred. On my clean install I don't have this going on so this isn't enabled by default and has to be something that you opt into - again, when you opt into something like this you're given an agreement to agree with stating that additional information will be collected. If the information wasn't collected, functionality like this simply couldn't work.

Windows 10 has a large number of privacy settings - many of these are on by default but they're easy enough to disable by opening up the Settings app and working your way through the Privacy settings. This covers a large variety of options from your unique advertising identifier, which is shared across various applications to allow Microsoft to track your use of the apps and show you targeted ads, to Bing search in the start menu, which will send your search queries to Microsoft Bing. This also includes many settings from older versions of Windows, such as the SmartScreen filter, which sends URLs to Microsoft for validation.

Windows 10 also contains Cortana, with Cortana enabled, you're asking Microsoft to provide you a personal assistant and this will include sending information about your activities (including applications you run, GPS locations, browsing history) back and forth between your machine and Microsoft. This can include things like your handwriting and what your voice sounds like, but these can be disabled individually within Speech, inking & typing within Privacy settings. Cortana isn't unique in this behavior. (How do you think Google Now and Siri work?)

If you sign into Windows 10 with a Microsoft account, authentication is handled via Microsoft as well. This will also provide you with the functionality to synchronize your desktop settings, passwords, web browser settings and more between multiple devices running Windows 10. If these options are enabled then this is additional information that is synchronized to Microsoft's servers. Each of the individual sync settings can be toggled in the Settings app under Accounts > Sync your settings, or you can simply not log in with a Microsoft account and use a local account. If you're using Windows 10 Home edition, you will need to use a Microsoft account in order to enable BitLocker, and your recovery key will be uploaded to Microsoft's servers. This restriction does not apply to Windows 10 Pro or higher.

With the "Sample submission" option for Windows Defender enabled, Windows Defender will send your files off to Microsoft - for example if you had some kind of confidential document with a macro in it that Windows Defender identified as a threat, with the option enabled, this file would be submitted to Microsoft for analysis.

There are reports that even with all of the above functionality disabled some information is being passed back and forth to Microsoft (Arcs Technica), and Microsoft's response on this matter is as follows:

As part of delivering Windows 10 as a service, updates may be delivered to provide ongoing new features to Bing search, such as new visual layouts, styles and search code. No query or search usage data is sent to Microsoft, in accordance with the customer's chosen privacy settings. This also applies to searching offline for items such as apps, files and settings on the device.

It's worth noting that Arcs Technica states this statement from Microsoft is consistent with their findings

Basically, as part of the Windows Feedback and error reporting, diagnostic data is reported back to Microsoft, this can only be disabled in the Enterprise and Server editions of Windows 10 through the use of group policy editor but can only be set to a "basic" mode on Home and Pro editions which "limits the amount of data sent". This can be set in the Settings app under Feedback & Diagnostics.

Microsoft have never hidden the fact that Windows 10 is supposed to be the last major release and that future functionality will be provided as automatic updates. Any such system will require information to be passed to Microsoft to work. Ultimately, there are a lot of components in Windows that will individually and collectively synchronize their status with their online counterparts and this will result in internet traffic.

kalina
  • 3,374
  • 5
  • 21
  • 36
  • 12
    Do you have references for any of this, other than the Ars article? That Microsoft response quote does not address the privacy of any data other than “query or search usage data”. – Anko Aug 14 '15 at 00:01
  • 7
    *"If you don't like it, you don't have to install it, it's completely your choice."* Maybe clarify this, because I feel like this is true of all software... – user541686 Aug 14 '15 at 07:08
  • 1
    @Mehrdad there are often multiple versions of the product available: a "stable" build for the general audience (where bugs are unlikely and there's a minimum amount of usage tracking) and an "unstable" build (with more bugs and features, with some more data accumulated for developers to improve the product more efficiently). It's about the latter: if you don't like the terms of testing newer builds, don't, wait for them to stabilize, meanwhile use older stable versions. – D-side Aug 14 '15 at 08:22
  • @D-side: Right, but with the same reasoning you could just as well say "if you don't like the terms of the stable version, use some other software", so what makes that response more sensible than this one? (I'm not disputing that it is; I'm just saying the reason should be in the answer.) – user541686 Aug 14 '15 at 08:25
  • It *is* true of all software, in fact, it's true of all things. You don't take out a credit card agreement if you don't like the terms so why do you install software without reading the terms only to subsequently complain about something happening that *you should already know happens and why*? – kalina Aug 14 '15 at 08:29
  • @Mehrdad implied is a switch from "a Windows user" to "a Windows Insider", whether it's viable and/or necessary. Agreed, that should be clarified. – D-side Aug 14 '15 at 08:32
  • 19
    I don't understand what you want me to address, would you like to hear a story about making your own choices and free will? How about reading agreements that you're accepting before you accept them rather than retrospectively? I am not responsible for the way the world works and I can't make you follow best practices. – kalina Aug 14 '15 at 08:44
  • 2
    FYI: Family Safety is disabled on all accounts as part of the Windows 10 upgrade process. It must be re-enabled per account after the upgrade is complete. – James Snell Aug 14 '15 at 08:50
  • 1
    @JamesSnell but does the screen just say " would you like to (re-)enable family safety" or does it say "would you like to enable family safety, which now logs..."? – Chris H Aug 14 '15 at 09:26
  • 1
    @ChrisH - Neither. In the RTM upgrade there is no option to take any action at all, it's literally a message which says Family Safety been disabled on all the accounts and to go into user accounts if you want to put it back on. I've not done it yet, but it looks like you have to set it up from scratch. – James Snell Aug 14 '15 at 11:02
77

Microsoft Windows Pre-Release Preview (aka Windows Insiders) Privacy Statement, January 2015: (no longer applies)

When you acquire, install and use the Program software and services, Microsoft collects information about your use of the software and services as well as about the devices and networks on which they operate. Examples of data we may collect include your name, email address, preferences and interests; location, browsing, search and file history; phone call and SMS data; device configuration and sensor data; voice, text and writing input; and application usage. For example, when you:

  • install or use Program software and services, we may collect information about your device and applications and use it for purposes such as determining or improving compatibility (e.g., to help devices and apps work together),

  • when you use voice input features like speech-to-text, we may collect voice information and use it for purposes such as improving speech processing (e.g., to help the service better translate speech into text),

  • when you open a file, we may collect information about the file, the application used to open the file, and how long it takes to use it for purposes such as improving performance (e.g., to help retrieve documents more quickly), or

  • when you input text, handwrite notes, or ink comments, we may collect samples of your input to improve these input features, (e.g., to help improve the accuracy of autocomplete and spellcheck).

This is so serious that even some political parties here in France that have nothing to do with technologies denounced Microsoft Windows 10 practices.

A member claimed that the statement above does not concern the shipped version of Windows 10.

Well:

  1. We have not been provided any proof that Microsoft removed all those monitoring modules of its Windows 10 beta version in the final release. And, since Windows is closed-source, there's no way for us to check ourselves.
  2. The media has reported a history of Microsoft spying as its practice (e.g. Microsoft, China clash over Windows 8, backdoor-spying charges, also NSA Built Back Door In All Windows Software by 1999).
  3. For the shipped version of Windows 10, we can see the same information with smoother words: Privacy Statement

Additionally, after the release of the shipped version of Microsoft Windows 10, this is what was written in Microsoft Windows 10 Privacy Policy:

We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services,

Only by the start of this August, and after lot of organizations and even political parties complained about Windows 10 being a spyware, Microsoft changed its privacy policy statement to softer terms to which I linked to. But is this change of policy statement followed by retrieving Windows 10 from the market and replacing it by a new one? Of course not.

Note that the last paragraph I quoted is only still available in external websites including famous newspapers by the start of this August (which thing means after Microsoft started already to sell its Windows 10), but we do not find this paragraph anymore in the updated version of the privacy policy statement anymore. So Microsoft removed it already.

Update:

From Windows 10 feedback, diagnostics, and privacy: FAQ (shipped version of Windows 10, NOT Pre-Release Preview), we can also read regarding Diagnostics Tracking Service:

As you use Windows, we collect performance and usage information that helps us identify and troubleshoot problems as well as improve our products and services. We recommend that you select Full for this setting.

  • Basic information is data that is vital to the operation of Windows. This data helps keep Windows and apps running properly by letting Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also turns on basic error reporting back to Microsoft. If you select this option, we’ll be able to provide updates to Windows (through Windows Update, including malicious software protection by the Malicious Software Removal Tool), but some apps and features may not work correctly or at all.

  • Enhanced data includes all Basic data plus data about how you use Windows, such as how frequently or how long you use certain features or apps and which apps you use most often. This option also lets us collect enhanced diagnostic information, such as the memory state of your device when a system or app crash occurs, as well as measure reliability of devices, the operating system, and apps. If you select this option, we’ll be able to provide you with an enhanced and personalized Windows experience.

  • Full data includes all Basic and Enhanced data, and also turns on advanced diagnostic features that collect additional data from your device, such as system files or memory snapshots, which may unintentionally include parts of a document you were working on when a problem occurred. This information helps us further troubleshoot and fix problems. If an error report contains personal data, we won’t use that information to identify, contact, or target advertising to you. This is the recommended option for the best Windows experience and the most effective troubleshooting.

Note that only on Enterprise Edition one can turn Diagnostics Tracking Service off totally.

Diagnostics Tracking Service available in Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1 and Windows 10. The quoted paragraphs concern the Diagnostics Tracking Service mechanism in which other modules, apart from Telemetry, are included.

Diagnostics Tracking Service consists in these files:

  • telemetry.asm-windowsdefault.json
  • diagtrack.dll
  • utc.app.json
  • utcresources.dll

Note that the answer below claiming that nothing private is collected by Windows 10 as a qualified user may listen to the traffic of his Windows operating system is wrong. It is impossible to know what Windows collects and sends permanently. Windows does not stop sending information on his/her behalf as this study shows: Even when told not to, Windows 10 just can’t stop talking to Microsoft. But still what the official documentation describes is not very good for the user such as when Windows takes system files or MEMORY SNAPSHOTS, which may unintentionally include PARTS OF A DOCUMENT YOU WERE WORKING ON on when a problem occurred (From: What are the privacy and security implications of Windows Telemetry)

  • 95
    Isn't this the privacy statement for the _pre-release_ Windows 10? It makes sense collecting this kind of data from participants in a beta evaluation program. – Gruber Aug 13 '15 at 10:47
  • 50
    If you sign up for a limited and free Windows beta evaluation program, you are likely to be a power user knowing that it will be subject to special conditions like this. What really matters is the Privacy statement of the product shipped to consumers. – Gruber Aug 13 '15 at 11:04
  • 44
    Note that Android has the same kind of data collection policy: http://www.google.com/intl/en/policies/privacy/. [Mac OS X Yosemite](http://images.apple.com/legal/sla/docs/OSX10103.pdf) has the same clauses, albeit all more specific under each program's point. – rubenvb Aug 13 '15 at 11:43
  • 5
    @Gruber is right but look at the key words "*for example*". That should have been enough to make the beta testers run a mile; the text allows them to collect anything they want. – Chris H Aug 14 '15 at 09:21
  • 8
    This answer quotes an out-of-date MS Privacy statement. The [new Privacy statement](https://www.microsoft.com/en-us/privacystatement/default.aspx), which currently applies to use of many MS products and services (not just Windows 10) includes stuff like ""we will access, disclose and preserve personal data ... when we have a good faith belief that doing so is necessary to ... prevent spam ..." Remarkably, the situation is far worse than that abstract suggests but I wanted to stick to a simple example. Go the page, click 'Expand All' (at top right) and search for 'Reasons We Share'. – raiph Aug 15 '15 at 20:35
  • 3
    I have an idea. How about we programmers just do a really good job of developing a product that does things right the first time around so we dont have to spy on people to see if our software works well. Test things, sure, in the lab, on test subjects. If I need my product to self improve (for example next-word guessing, for language mannerisms), I'll go out of my way to develop a system that encrypts and decrypts that data on the client side before being stored on my servers. Private key for the client, shared between his devices securely. – J.Todd Aug 25 '15 at 06:02
  • That's what Apple does, which is why I like Apple. (: – SilverWolf Dec 12 '18 at 06:00
22

With a Windows Profile you can see a portion of what's been collected. Expanding on Flyk's Last point. Microsoft Updates will be turned on by default with a peer to peer model for updating over your LAN or LAN and the Internet. Cortana seems to be the main intrusion with Windows 10. Optional extra's include linking to Office 365 linking to Power BI for data collection, data visualization and reports . Office programs now default to One Drive Documents for saving. Wi Fi Sense will need to share information of who is connecting to your network. Privacy Statement for Updates includes the following which they've been doing for a while.

  • The Microsoft software and other supporting software
  • Your Windows Update and/or Microsoft Update configuration settings
  • The successes, failures, and errors you experience when accessing and using the Update Services.
  • Plug and Play ID numbers of hardware devices
  • Globally Unique Identifier (GUID)
  • BIOS name, revision number, vendor, and revision date
  • Manufacturer, Model, Platform Role, and SKU Number—information

If in doubt listen to the traffic. Personalize requires a Microsoft Account to modify it so your settings propagate to each device (not confirmed).

lloyd
  • 348
  • 1
  • 9
  • 12
    In XP and 7, I sometimes saw the error screen which I sarcastically summarize as "PLEASE click OK to send us a debugging file. It will contain personal information but we promise not to look at it." Since I was a developer for a health care provider, I had to catch and ignore any exception that didn't have any possible recovery. To risk a user clicking OK would violate HIPAA. – WGroleau Aug 14 '15 at 05:21
  • 3
    @WGroleau It's tricky. It doesn't send a whole lot of data - it's extremely unlikely any of it would actually contain personal information. But there's no way to make sure - it's not like we have an algorithm for that. Of course, the "proper" course was to have your application signed and registered, which meant the crash data was sent to you - but that's expensive and hard to setup, not to mention that it still means the data is *sent* (though over a secure connection, of course). – Luaan Aug 14 '15 at 10:58
  • 3
    @Luaan It's not "tricky", it's simply a high risk that you'll send personal information. Another example of this is in Microsoft Office, which randomly pops up a dialog asking to send them your misspelled words (which likely contain personal information, names, numbers, etc.) and similar random queries for the IME tool, asking you to send your conversion data to Microsoft. The risk of accidentally clicking yes (since it is the default option) makes this a huge privacy concern. – Brandin Aug 16 '15 at 22:51
6

As the accepted answer already states, Microsoft kept the right to collect nearly everything from users of the open beta/technical preview. Keep in mind that they cannot do everything the terms of service or the free Windows 10 Technical Preview allow them to do, because especially in the EU privacy laws make some of this illegal.

Before we go into the discussion that they could simply ignore the law, or their own terms of service, let's be clear what any OS maker can do if they ignore the law: They can "forget" to fix a security vulnerability and can make sure a third party finds and uses that vulnerability, giving the third party full access to everything. This is true for every operating system, including open source systems, because nobody can make sure the 10,000,000 lines of the Linux kernel don't contain vulnerabilities - and that doesn't even account for all the software installed on top of the kernel, which is several times more lines of code. Since this is true for all operating systems, it doesn't make sense to discuss it solely in the context of Windows 10.

The license agreement for the release version of Windows 10 does not contain any of the text of the open beta/technical preview. In fact, nothing changed in terms of privacy: http://www.zdnet.com/article/microsoft-releases-new-license-terms-for-windows-10-no-surprises/

The one thing that actually changed is that if you activate Cortana, like any other personal assistant, it will link up with your calendar, email, and location, and store data related to your search queries and link it to your Microsoft account in order to synchronise across multiple devices.

Peter
  • 3,620
  • 3
  • 14
  • 24