Are we fighting a losing battle for privacy?

Helluva good question from Brian, in a comment on the Avast post:

In your professional opinion- are we, the public of the world, fighting a loosing battle against Microsoft in trying to keep our Windows 7/8.1 and our private lives in tact?

Here’s my response:

In short, we’re losing the battle to keep our private lives private. It isn’t just Windows. It’s ab-so-lute-ly everything. When you think of the privacy implications of, e.g., face recognition on public-facing cameras, the mind boggles.

People need to figure out their tolerance for snooping. Many of the capabilities people want – say, maps with directions on their phones, or Alexa responding to factual questions, or Google sorting out photos – are only possible if they give up some privacy.

I think one of the great political debates of the coming decade will be about data gathering and retention. Right now, we have some (ineffective) safeguards in place for the credit reporting industry. There are more-effective but still holey safeguards with medical data and credit card info. Some day, people are going to demand details about what data is being gathered about them – they’ll want full reporting, and the ability to delete (or at least challenge) data they don’t like.

Or maybe people don’t care. Maybe the benefits being provided (and there ARE benefits) outweigh the loss of privacy. I don’t claim to have a one-size-fits-all answer to the problem.

As for privacy in Win7/8.1… clearly, Microsoft is trying to retrofit more data gathering into Win7 and 8.1. If you install all of the updates to Win7 or 8.1, they’re going to get more telemetry – more snooping. All of the telemetry between your machine and Microsoft’s big data dump in the sky is encrypted, just as you would want it to be. But that means nobody (outside of a very small handful of people inside Microsoft) knows what’s being collected.

Some of the new telemetry, we’re told, is tied to the Customer Experience Improvement program (CEIP) settings on a computer. Again, we have no way of knowing exactly what gets sent with a CEIP-on computer, vs a CEIP-off computer. We’ve never known what gets sent with CEIP on, which is why I’ve recommended that people turn CEIP off, and I’ve been recommending that since the early days of XP.

Bottom line: Microsoft has published lots of info about how they treat data, how they protect it, how they won’t let it go. You can opt in to certain snooping ways in Win7, 8.1 and 10, or you can opt out. But there’s no hard information about what’s being collected, how it’s being handled, and there are few promises about what will be done with it one, five, ten years down the road.

As for keeping Win7/8.1 on your machine – I haven’t seen any indication that Microsoft is changing the rules of engagement. If you’re using GWX Control Panel, or Never10 – or you’ve flipped the Registry bits manually — I think there’s a very good chance you’ll never get Win10 forced on you. Microsoft’s running out of sticks. Perhaps they’ll finally revert to a primarily-carrot approach.

Almost certainly, Google has more information about you than Microsoft. Almost certainly, every other software manufacturer is trying hard to get more info about you and guide you to more targeted advertising. Apple has just announced a unique approach, but the techniques behind “Differential Privacy” are hotly debated.

It’s a jungle out there. But then, it always has been.