Windows 10 is spying on your every move: here’s why and how to stop it
You have probably heard the news by now: Microsoft has updated a controversial service agreement that lays out in scary detail how your personal data is being used and abused – at least, that’s what the major tech blogs are saying. But the reality is, even if you read Microsoft’s 12,000-word service agreement, it’s still confusing and vague at best.
Horacio Gutierrez, Deputy General Counsel of Microsoft’s legal and corporate affairs, wrote about the company’s commitment to transparency on the Microsoft blog back in June 2015. This move, of course, was preceding the new privacy statement and service agreement that accompanied the release of Windows 10.
As he put it, “We are simplifying the services agreement and privacy statement because we believe that real transparency starts with straightforward terms and policies that people can clearly understand. As our services evolve, we recognize we must continue earning your trust.”
2018 Update
A few years have passed since we first wrote this article. During this time, a wide range of privacy activist groups (including the EU privacy watchdogs also known as the Article 29 Working Party) have criticised Microsoft for its clumsy approach to privacy, prompting the tech giant to gradually become more transparent about the way it handles user data. Over the course of a few major updates, Microsoft has also introduced new settings options that provide users with a greater level of control over their privacy. As an operating system, Windows 10 is probably still more nosy than it has any right to be, but the updates undeniably represent steps in the right direction. We’ve rounded up a few of the most notable changes below:
April 2018
Version 1803 sees the rollout of the Diagnostic Data Viewer, a new Windows-integrated tool that allows you to keep tabs on your PC’s diagnostic data. In this tool, you can see all the encrypted data that is sent to Microsoft servers and used to improve the operating system. The information shown in the viewer is incredibly detailed and offers a lot of insight into what Microsoft is actually doing with your data. Microsoft also introduces the ability to disable inking and typing recognition in an effort to allay fears that Windows 10 was using a pseudo keylogger to improve the typing experience.
April 2017
The Creators Update brings with it a slew of new changes for Windows, including a bunch of improvements aimed to make Microsoft’s data collection processes more transparent. The company begins publishing more information about the data it collects, starting by releasing a detailed summary of the data it collects at Basic and Full levels of diagnostics. Microsoft also reevaluates how much data it really needs to collect to keep your system running securely, and consequently halves the volume of data it collects at the Basic level of diagnostics. Microsoft also adds more detailed descriptions of your privacy settings to help you make a more informed decision. In addition, Microsoft makes it easier to change your privacy settings when running a fresh install of Windows 10 by replacing the old “Get going fast” and “Customize settings” screens with a new intuitive privacy setup screen.
January 2017
In early 2017, Microsoft unveils a new web-based privacy dashboard that allows you to see and manage the activity data collected by Microsoft services. The dashboard pulls your collected data into one place, allowing you to easily monitor and clear your browsing history, search history, location activity, and Cortana’s Notebook.
How Windows 10 is spying on you
The reality is, we can’t know what Microsoft is doing with your private data, but the privacy policy and service agreement can give us some great insight. Yes, these long and tedious documents leave a lot of room for interpretation, but they also inspire something important: a discussion about how data harvesting and lack of digital privacy has become the new normal.
Cortana: your personal assistant, or a spy?
Cortana is your voice-activated personal assistant, much like Siri and Google Now. But in order for her to operate, Windows 10 collects your personal information to better serve you. This includes calendar events, contact information, alarm settings, what you view and purchase, your browsing history, emails and text messages… “and more”.
An advertiser’s greatest dream
You may not have realized it, but each user on each Windows device will be issued a unique advertising ID that is tied to the email address they have on file. The idea is that you will be better served through ads, because according to Microsoft, “Advertising keeps many of the services you use free of charge”.
Microsoft will share this profile (created from information aggregated from your personal files) with their partner ad networks – who in turn serve you ads on certain applications, like solitaire. If you were concerned with ad networks collecting information from your browsing history, then be aware that Microsoft is taking it to the next level with Windows 10.
Data syncing with OneDrive
OneDrive is Microsoft’s cloud storage system, and it comes with the Windows 10 territory. You might think it’s great because there is no additional sign up or installation required. You can access it from any of your Microsoft devices. But this new convenience comes with a price.
Every time you are signed into your machine with your Microsoft account, your operating system immediately syncs your settings and other data to the company’s servers. This includes browser behavior and history, as well as mobile hotspots and Wi-Fi network passwords.
What are they doing with this information?
If you had the time to read through the long privacy policy and service agreement, you might get a vague understanding of what Microsoft will do with your data, but little more. Besides, we all know better than to take giant corporations for their word – they have their own interests to look after. The real questions end up being:
What can Microsoft do with this information? And ultimately, what are they most likely to do with it?
Advertisers can “serve” you better!
People are getting used to free services online left and right, so these expectations dominate the tech marketplace right now. Windows 10 doesn’t cost you any money (at least it didn’t until July 2016), but it still comes at a price.
As Alec Meer of Rock Paper Shotgun points out, Microsoft is increasingly trying to compete with Google through software and applications. But this model requires that “money comes from harvesting data and flogging it to advertisers and other organizations who want to know exactly what we’re all up to online”.
Comply with big brother
Microsoft doesn’t beat around the bush when it comes to surveillance state issues:
Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies…
It’s important to note that while this may seem horrifying to some, it’s really not so different from any other privacy agreements. Just take a look at this snippet from Apple’s privacy policy:
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for Apple to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
At the end of the day, there are few companies that are able to take a stance against big government agencies. The best you can hope for is that providers don’t bury this in privacy agreements, but who are upfront and honest about their current operations as they relate to the surveillance state.
Why should I care? What could go wrong?
As an infamous activist once said:
“Arguing that you don’t care about privacy because you have nothing to hide is not different than saying you don’t care about free speech because you have nothing to say.”
But if that’s not reason enough to get up in arms, there are a number of practical concerns to consider:
First and foremost, you don’t know which ad networks this data is going to, and you don’t know what their policies are for dealing with this very private information.
What happens in the event of a hack? You might feel safe if your information is with a big company like Microsoft, which undoubtedly has major systems in place to protect your data. But do you really trust any of Microsoft’s ad network customers? A hacker could trace these transactions and conduct a large-scale hack just by finding a single vulnerability in this line of data transfer.
You might say you have nothing to hide, and that the only person who does is clearly breaking the law. If that’s truly the case, why don’t you leave your bank account details in the comments below?
The real truth: Microsoft isn’t the only bad guy
Shifting tides in modern culture have created two dangerous and commonly accepted thoughts on digital privacy, which could make you think that:
- Privacy must be compromised for safety.
- Privacy must be compromised for convenience.
While there are serious debates on the subject, it’s important to stop and wonder who is ultimately responsible for these ideas, which create the basis for how many companies, institutions, and individuals make their decisions about privacy.
But the reality is, the Windows 10 privacy agreement isn’t so much a revelation as it is a sign of the times. While it has understandably stirred up some controversy, it hasn’t inspired a mass exodus of users from Microsoft software or products, despite the media widely covering the news that Windows 10 is spying on its users.
This is as it should be because most of us know that it isn’t different with the developers of other major operating systems and mobile operating systems…like Apple and Google.
Siri’s telling everyone what you did last night
Sure, Apple and Google may have made a show of their commitment to user privacy, with smartphone encryption and very convincing, public battles with high-profile government agencies.
But you shouldn’t let these PR stunts fool you. Even when these companies have the best intentions, there is still a bottom line at the end of the day, and that’s money.
Don’t believe us? Cortana isn’t the only personal assistant who likes to abuse your privacy. Apple hands your voice recordings over to third parties for analysis, and you agreed to it in the privacy agreement. Whether it’s a personal message to your sweetheart or your child asking Siri silly questions, Apple stores those messages for two years and essentially does with them what they want.
It might be tempting to switch over to Google Now for your voice commands, but that would come at the cost of both your privacy and sanity. Google Now has a feature called Now cards, which are recommendations for products, services, and information based on your messages and recent searches. Even if you don’t rely on Google Now too much for recommendations, Google already knows so much about you because at some point you have probably used their products or services.
And if you use Gmail, you’ll note that Google has been serving ads through Gmail for some time now – and if you haven’t noticed any, just check under your Gmail’s “Promotions” tab. They get information straight out of your private emails to help their ad network partners target you. It’s right there in their privacy agreement. Microsoft even attacked Gmail over these privacy violations and launched a “You got Scroogled” marketing campaign.
What you can do to protect your privacy in Windows 10
The reality is, short of becoming a Linux user or developing your own operating system, there is little you can do to keep your information entirely private. Even recent Windows 7 and 8 updates come with their own host of privacy issues, so don’t think you’re out of the woods just because you haven’t made the move to Windows 10.
But there are several steps you can take to maximize your privacy while using Windows 10, and we encourage you to explore these options – whatever agency you can take over your privacy is better than none.
Windows 10 privacy settings to look into
If you have yet to install Windows 10 be sure to decline the Express Settings, which enables all of the privacy-compromising features. Look through the different setting options and disable anything that makes you uncomfortable.
If you already enabled the Express Settings when you downloaded Windows 10, open the Start menu and select Settings. From there you’ll find that most of these invasive features are listed under Privacy. There are many options to go through, and we encourage you to look carefully at each one. There are several big ones we think you may want to consider disabling:
1. Cortana
You may not be comfortable with Cortana spying, sorry “collecting”, so much personal information about you, and if that’s the case, you should disable the “Getting to know you” option under Speech, inking, & typing (see image above for its location).
Additionally, you can open Cortana and click on the gear icon where you can access the Cortana settings, where you can enable or disable her (as well as manage information kept about you in the cloud).
2. Advertising ID
If you are concerned about the data harvesting for advertisement purposes, we do recommend you disable the setting, “let apps use your advertising ID for experiences across apps”. This is located inside the General tab in the Privacy settings (see image above).
Unfortunately, just moving the toggle isn’t enough to keep ad networks from reaching your personal data. You will also have to go to this Microsoft site and disable personalized ads several times over.
3. Location
You may be used to location services, and they sure are handy when you’re trying to get from point A to B. But Microsoft’s new privacy agreement suggests they are sharing this location information (and your location history) with “trusted” third parties. If that makes you uncomfortable, it may be best to disable this. The Location tab is located directly beneath the General tab under the Privacy Settings.
4. Wi-Fi Sense
Update: in June 2016, Microsoft quietly disabled its controversial Wi-Fi Sense feature. While they never acknowledged the privacy issues, it’s nevertheless good to see it gone and have one less controversial feature to worry about.
Wi-Fi Sense was either very practical or very invasive, depending on how you looked at it. This feature allowed you to automatically share your Wi-Fi password with your Outlook, Skype, and Facebook contacts, which supposedly saved a lot of hassle when friends come over and need your password.
On the other hand, this may not be wise for those with broad social networks, because this option did not allow you to selectively pick which contacts to share it with.
5. Create a local user account
If you’re not concerned with convenience and want maximum privacy, you should consider a using a local user account instead of your Microsoft account. You will lose out on a number of features, particularly synchronization across your different devices.
But if that doesn’t bother you, locate Accounts under Settings, then click Your info. You should see the option to “Sign in with a local account instead” just above where your picture should be.
Try O&O ShutUp 10 for a free third-party solution
If you’d like to stop Windows 10 spying unnecessarily, consider using O&O Software’s free privacy tool, ShutUp 10. This tool simplifies the privacy process by giving you a single interface to deal with all of the myriads of settings you’d like to enable or disable on Windows 10. You can also simply apply all of their recommended settings.
O&O ShutUp10 is entirely free and does not have to be installed. Moreover, it will not install or download potentially unwanted or unnecessary programs (PUPs), like so many others do these days!
Educate yourself about privacy options that feel right for you
At the end of the day, you might be tempted to throw up your hands and give up perusing privacy at all. You might not see the point, since disabling certain settings doesn’t really guarantee that you are not being spied on, or that your personal data isn’t being sold or distributed.
You might feel that you might as well have the conveniences of certain tools then, or would prefer more relevant advertising. But if we all collectively begin to educate ourselves about our privacy options and pursue them, we have a better chance of creating a culture that is concerned with cyber safety and privacy, instead of one that just thinks it’s a cost needed for a better world.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialHave a nice (privacy-conscious) day!