After last year's Windows telemetry outcry, Microsoft's new privacy settings promise to put the user in control of privacy. Does it do enough?
Last year saw an outcry when Microsoft detailed Windows 10 privacy practices and how much data was actually being collected by the latest version of their operating system. It began with (mostly) harmless diagnostics such as crash reports and anonymised hardware specifications, right through to allowing remote control and downloads of files or parts of files by Microsoft engineers directly from your PC. Windows also sends detailed telemetry on apps installed and how often you use them.
Yesterday Microsoft released a new web-based privacy dashboard for Windows 10 beta users, slated for public release in the spring. They say it will "make it as easy as possible for you to make informed choices about your privacy with Windows 10 [and] we are making some changes by simplifying the privacy settings themselves and improving the way we present the privacy settings to you."
The new dashboard reveals how Windows 10 collects telemetry data from logged in users, geolocation, search requests, Cortona chats, and browser history data.
Windows 10 Home and Pro editions allow users to select from only two telemetry options; Basic or Full. Microsoft says that it will reduce the amount of data collected under the Basic setting, but ultimately there is no off switch. It will send information about your hardware specifications and drivers, crash logs, installed and running applications, and information about your Internet connection, amongst others. Microsoft describe this as "data that is vital to the operation of Windows" but is vague on exactly what is sent and when.
Windows 10 Enterprise, Mobile Enterprise, IoT Core, Server 2016 and Education editions do allow more fine-grained control over telemetry information. It does allow itself to be completely disabled, although the task is difficult and not recommended by Microsoft.
The dashboard is sprinkled with uncomfortable one-liners like "Microsoft puts you in control of your privacy". Just a little semantics here - Microsoft can only put you in control of your privacy if they take it away in the first place. I notice too the "Save" button is labelled "Accept" because we're signing away privacy rights in an app which promises to protect privacy.
According to Microsoft "This is our first step in expanding the tools that give you visibility and control over your data spanning Microsoft products and services, and we will continue to add more functionality and categories of data over time" which hints that Windows 10 and other Microsoft products are collecting more information than they disclose.
Ultimately this is not enough control over telemetry data and privacy. Corporations and small businesses around the world cannot risk accidentally sending sensitive customer information to a US company. Schools and education facilities don't make it clear to students that their Windows profile and schoolwork might be sent back to Microsoft, because most of them don't know. And if you're using Windows Home or Pro edition you have little control at all.