[Njtechdiv] Windows 10 Privacy
Mario
mrb620 at hotmail.com
Wed Aug 5 23:59:49 UTC 2015
again, not to alarm anyone, just be aware:
Windows 10 privacy problems: Here’s how bad they are, and how to plug them.
http://www.slate.com/articles/technology/bitwise/2015/08/windows_10_privacy_problems_here_s_how_bad_they_are_and_how_to_plug_them.single.html
Aug. 3 2015 12:24 PM
Apple and Google may have ignited the trend of collecting increasing
amounts of their customers’ information, but with Windows 10, Microsoft
has officially
joined that race. By default, Windows 10 gives itself the right to pass
loads of your data to Microsoft’s servers, use your bandwidth for
Microsoft’s own
purposes, and profile your Windows usage. Despite the accolades
Microsoft has earned for finally doing its job, Windows 10 is currently
a privacy morass
in dire need of reform.
The problems start with
Microsoft’s ominous privacy policy,
which is now included in the Windows 10 end-user license agreement so
that it applies to everything you do on a Windows PC, not just online.
(Disclosure:
I worked for Microsoft in the days of Windows XP.) It uses some scary
broad strokes:
block quote
Finally, we will access, disclose and preserve personal data, including
your content (such as the content of your emails, other private
communications
or files in private folders), when we have a good faith belief that
doing so is necessary.
block quote end
Some have spun conspiracy theories out of that language. I’m more
inclined to blame vagueness and sloppiness, not ill intent. With some
public pressure,
Microsoft is likely to specify how and why it will share your data. But
even that won’t excuse Microsoft’s ham-fisted incursion into users’
data, nor how
difficult it is restore the level of privacy back to what it was in
Windows 7 and 8.
Apple
’s and
Google
’s privacy policies both have their own issues of collection and
sharing, but Microsoft’s is far vaguer when it comes to what the company
collects, how
it will use it, and who it will share it with—partly because Microsoft’s
one-size-fits-all privacy policy currently applies to all your data,
whether it’s
on your own machine or in the cloud.
As Microsoft puts it:
block quote
Rather than residing as a static software program on your device, key
components of Windows are cloud-based. … In order to provide this
computing experience,
we collect data about you, your device, and the way you use Windows.
block quote end
In other words, Microsoft won’t treat your local data with any more
privacy than it treats your data on its servers and may upload your
local data to its
servers arbitrarily—unless you stop Microsoft from doing so. Microsoft’s
security story has been far from perfect; this move could make it far
worse. For
now, it’s not easy to restrict what Windows collects, but here’s how.
Don’t Use Express Settings During Setup
During installation, Microsoft will encourage you to accept its “express
install” defaults. Without exceptions, these defaults will result in the
maximum
sharing of your information with Microsoft. Instead, select the “custom
install” option, which will bring up a bunch of toggles. The first set
of toggles,
concerning personalization and location, looks like this:
These settings all send your personal data to Microsoft with little
upside for you (unless you like customized advertising). I recommend
turning them all
off.
The second set of toggles is more cryptic but more important:
While the first two settings here, for SmartScreen and page prediction,
simply send more of your activity to Microsoft, the next two are
subtler. Automatic
connection to open hotspots and to your contact’s networks means that
your computer will connect to certain networks without your explicit
consent. Unless
you trust Microsoft’s judgment and all of your contacts, it’s best to
disable those. Last, sending error and diagnostic information may seem
harmless,
but when something goes wrong, that “information” might include tons of
sensitive stuff—if you were editing a spreadsheet of your romantic
dalliances when
your computer crashed, it’ll get uploaded. If you feel like helping out
Microsoft, you can leave this enabled, but I turned it off.
Turn Off the Secret Settings
The install settings are only a subset of Windows 10’s privacy settings,
which occupy more than a dozen different pages and dialogue boxes across
the user
interface, none of them in plain sight. Moreover, one of them reveals
that Microsoft wasn’t being quite honest during setup. When you turned
off “Send
error and diagnostic information,” you really only turned it down from
“Full” to “Enhanced.” To really reduce the amount of information sent to
Microsoft,
you need to go to the Start menu, select Settings, choose Privacy from
the list of settings, and then go to the Feedback and Diagnostics section:
Choosing “Basic” will keep the amount of random data sent to Microsoft
to a minimum.
That leaves, however, the other 12 Privacy sections. I recommend going
through all of them, painful as that may be, and carefully assessing
what you’re
willing to share. In a pinch, however, there’s only one really important
one that wasn’t already changed during install, which is under Account info:
This gives any app you install permission to see an arbitrary amount of
your account info. Until Microsoft makes this considerably more
fine-grained and
transparent, as Apple and Google have done with their app stores, it’s a
bad idea to leave it on.
Use a Local Account
Microsoft will encourage you to create a “Microsoft account” (formerly
known as a Live ID) so that signing on to Windows is akin to signing
into Microsoft’s
online services. In this Microsoft is following Apple’s lead of
associating your OS with a single account. This is the single biggest
privacy compromise
you can make. As long as you’re signed in, Microsoft could conceivably
upload whatever data it wants to your server-side profile without you
knowing. Without
a Microsoft account, it’s harder (though hardly impossible) for
Microsoft to lump your data together, and it disables other potentially
problematic features
like
Wi-Fi Sense.
Not using a Microsoft account will single-handedly protect you from many
of Microsoft’s attempts to collapse the local-remote distinction in its
privacy
policies. Instead, use a local account, and use Gmail or Yahoo Mail or
anything other than Microsoft.
Don’t Let Microsoft Steal Your Bandwidth
By default, Microsoft turns your computer into a peer-to-peer node to
help it distribute Windows 10 updates, in order to save Microsoft server
bandwidth
costs. “Microsoft calls it Windows Update Delivery Optimization,” or
WUDO. WUDO really should have been turned off by default, because it may
slow you
down and may even cost you additional money if you have a metered
connection. Instead, it is also one of the hardest settings to turn off,
requiring clicking
through four obscure screens. I’ll walk you through it.
First, start up Settings and click on Update & security.
In the Windows Update screen of Update & security, select Advanced options.
In Advanced options, select Choose how updates are delivered. (You may
also want to change the drop down to “Notify to schedule restart” so
that Windows
won’t spontaneously reboot your machine after installing updates.)
Finally, turn off peer-to-peer distribution of updates:
It’s almost as though Microsoft didn’t want you changing that setting.
(Microsoft really wants your bandwidth.)
Don’t Use Edge or Cortana
Microsoft’s Siri-imitating Cortana personal assistant and its new Edge
browser are designed to take advantage of as much personal information
as possible
to customize user experience, take annotations, and learn all about you.
Until Microsoft clarifies its privacy policies, I recommend against
using them.
Stick with Firefox or Chrome as a browser, or even good old Internet
Explorer.
This is not a complete list, but it hits the most important spots where
Microsoft has made the defaults uncomfortably intrusive, nosy, or simply
greedy. Microsoft needs to centralize these and other settings in a far
more transparent and easy-to-understand box, clarify their implications,
and pledge to users that it won’t upend their privacy settings in so
egregious a way again. Until then, protect yourself.
More information about the NJTechDiv
mailing list