Is Windows 10 slurping too much data? No, says Microsoft. Nuh-uh. Nope

Doth Redmond protest too much?


Is Windows 10 spying on you by grabbing all sorts of personally identifying data about you without your permission? Not at all, claims Redmond.

On Monday, Microsoft OS boss Terry Myerson let fly a blog post explaining that all the Sturm und Drang on blogs and in the media about Windows 10's data collection policies is unfounded – although he did admit that the OS does regularly phone home by default.

"We collect a limited amount of information to help us provide a secure and reliable experience. This includes data like an anonymous device ID, device type, and application crash data which Microsoft and our developer partners use to continuously improve application reliability," Myerson wrote. "This doesn't include any of your content or files, and we take several steps to avoid collecting any information that directly identifies you, such as your name, email address or account ID."

So has this telemetry data every actually helped? Sure, Microsoft says. By way of example, Myerson said Windows 10's data collection helped to fix a problem where a graphics driver update was crashing people's PCs. (He stopped short of naming Nvidia.)

Mind you, most critics of Windows 10's new upgrade policy argue that if Microsoft is going to ram updates down customers' throats without letting them know what's in them, then graphics drivers – which are notorious for affecting system performance – certainly shouldn't be delivered via Windows Update.

Myerson said enterprise customers will be able to disable collection of telemetry data – once the long-fabled enterprise features for Windows 10 are delivered later this year, that is – but added that "we strongly recommend against this."

Moving right along, Myerson confirmed that Microsoft would love to collect words and phrases that you type – something we've known about since the first Windows 10 Technical Preview shipped – but explained that it's not about advertising. Rather, it's about being able to "deliver a delightful and personalized Windows experience to you."

The Windows 10 Privacy Statement gives examples of data that Redmond might collect, including "name, email address, preferences and interests; location, browsing, search and file history; phone call and SMS data."

'Nothing whatsoever to do with advertising'

In his blog post, Myerson expanded upon that somewhat, giving the hypothetical that Microsoft might like to know "whether you are a Seattle Seahawks fan or Real Madrid fan, in order to give you updates on game scores or recommend apps you might enjoy" – recommending apps, of course, having nothing whatsoever to do with advertising.

"Unlike some other platforms, no matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you," Myerson claimed.

He also said that newer features that want to grab more data than usual, including the Cortana personal assistant software, are disabled by default and offer additional privacy customization options.

Microsoft has also published new documents explaining what data it collects and how customers can configure their preferences – one aimed at consumers and another aimed at IT admins.

"If you ever find a situation where our software is not behaving the way it should with your privacy settings, please let us know here," Myerson said. "Like security, we are committed to following up on all reported issues, continuously probe our software with leading edge techniques, and proactively update supported devices with necessary updates." ®


Other stories you might like

  • Microsoft postpones shift to New Commerce Experience subscriptions
    The whiff of rebellion among Cloud Solution Providers is getting stronger

    Microsoft has indefinitely postponed the date on which its Cloud Solution Providers (CSPs) will be required to sell software and services licences on new terms.

    Those new terms are delivered under the banner of the New Commerce Experience (NCE). NCE is intended to make perpetual licences a thing of the past and prioritizes fixed-term subscriptions to cloudy products. Paying month-to-month is more expensive than signing up for longer-term deals under NCE, which also packs substantial price rises for many Microsoft products.

    Channel-centric analyst firm Canalys unsurprisingly rates NCE as better for Microsoft than for customers or partners.

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading
  • Microsoft promises to tighten access to AI it now deems too risky for some devs
    Deep-fake voices, face recognition, emotion, age and gender prediction ... A toolbox of theoretical tech tyranny

    Microsoft has pledged to clamp down on access to AI tools designed to predict emotions, gender, and age from images, and will restrict the usage of its facial recognition and generative audio models in Azure.

    The Windows giant made the promise on Tuesday while also sharing its so-called Responsible AI Standard, a document [PDF] in which the US corporation vowed to minimize any harm inflicted by its machine-learning software. This pledge included assurances that the biz will assess the impact of its technologies, document models' data and capabilities, and enforce stricter use guidelines.

    This is needed because – and let's just check the notes here – there are apparently not enough laws yet regulating machine-learning technology use. Thus, in the absence of this legislation, Microsoft will just have to force itself to do the right thing.

    Continue reading

Biting the hand that feeds IT © 1998–2022