Reality check: How Windows 10’s proposed new privacy controls work in the real world

Topic

New Reply

You’ve read about the new Windows 10 Creators Update privacy push – a new setup routine, new questions, new online privacy dashboard. The proposal is
[See the full post at: Reality check: How Windows 10’s proposed new privacy controls work in the real world]

Reply | Quote

Replies

So …” no perceptible beneficial effect, as yet, on privacy.”…

I’ve got about a half-dozen Win 7 machines, and a few Vista/Win8.1 boxes, as well. I didn’t allow any of them to be dragged into Windows 10. I’m glad of that now. I’ve intensely disliked the Metro-Playskool UI from the start anyway. That UI remains a downgrade to the user experience on desktops and laptops.

When Vista and it’s issues rolled out, I configured a machine or two with Linux Mint and Fedora (which were pretty nice back then, already.) Win 7 immediately won me back.

Considering the multitude of problems I’ve had with Windows Update on almost every Win7 and Vista machine that I support (and updates’ mysterious corrupting effects on Office 360 requiring re-installation of the Office package), I’ve had about enough. I don’t really care what the Europeans say.

Reply | Quote

Trust must be earned.

It’s not what they say, it’s what they do that counts.

A thorough examination of the new privacy settings in the real world by informed and competent professionals is essential.

Only after it passes muster and there is a general consensus that privacy has been improved will there be a possibility that Microsoft’s epic integrity lapses can be forgiven and that it’s damaged reputation can be salvaged.

Reply | Quote

Woody, thanks for the deep dive into this whole mess. While there seem to be some minor gains in controlling privacy for W10 users, my overall impression is that these new measures are like changing the carpeting in a room without addressing the leaky pipes direct overhead: it’ll look good for a while but it doesn’t fix the larger problem. And it’s certainly nowhere near enough to make me choose 10 over 7, or even a tightly configured 8.1.

Reply | Quote

It’s all smoke and mirrors.

They haven’t changed what they are collecting. The average Joe User simply clicked on “Next” and got the Express install because they didn’t know better and because they’ve been “trained” to do just that. If you choose the “Customized” install (in small letters so you didn’t notice it), instead of the “Express” you already had the same choices. They are just putting the “customized” up front and Joe User will not understand and will still not know what to do with it.

And if the data is on their servers, they’ve already had access to it and used whatever they want. So what! if you delete it an hour/day/week/month later.

And the people who were smart enough to get around their scam to make you think you had to create a MS ID to use your computer – what do they do? They don’t have access to the “Privacy Dashboard” (what a farce!!!)

They sure have pulled the wool over everyone’s eyes!!!

Reply | Quote

“A product you will love and trust.” Windows 10? Something from Microsoft?
Following which there was peace on earth and Goodwill to all.

Reply | Quote

My first impulse was to say that it’s just more lipstick for the pig. I quickly realized that it would be a disservice to the pig to associate their species with W10. I humbly apologize to pigs everywhere for this indignity.

Reply | Quote

“They haven’t changed what they are collecting.”
Bing, done, end of discussion. That right there.
10000% correct, and the reason that it doesn’t mean a d**n thing that they’ve made these changes.

Reply | Quote

PKCano – You’ve hit the nail on the head, just as you always do.

Reply | Quote

This is the danger of tech companies: Gullible societies.

Reply | Quote

Aside: I wont access any site that dumps ads upfront that will close in 20 secs without a way to close them. Goodbye InfoWorld.

Reply | Quote

+1

Reply | Quote

OK, but there IS a way to bypass them.

Reply | Quote

“As best I can tell, until this week, Microsoft had never announced that it is storing Edge URL history on the internet.”

The fact that Cortana collects browsing history was in the original privacy statement at Windows 10 launch 18 months ago:
http://security.stackexchange.com/questions/95374/just-how-intrusive-is-cortana
http://news.softpedia.com/news/microsoft-edge-sends-browsing-history-to-microsoft-how-to-block-it-490684.shtml

“clearly Microsoft includes personally identifiable data—what one might call snooping—in its definition of “diagnostic data.””

I’m not clear how this is clear to you, unless your definition of personally identifiable data is different from the rest of the world:
https://en.wikipedia.org/wiki/Personally_identifiable_information

Reply | Quote

The readers here may be interested in this article too, related to privacy and European development, but not directly related to the main subject which is privacy implementation only in Windows 10
http://www.politico.eu/article/click-yes-if-you-have-read-and-agree/

Reply | Quote

… and the World will end

Reply | Quote

The Swiss organization and the EU privacy watchdog have failed to recognize that the only way to protect user privacy across the board is to insist that all data-collection be turned off, as the default setting.

The vast majority of users accept default settings and that benefits Microsoft. Right now with the default being everything turned on, it is primarily users with a higher level of system knowledge who are aware that there are options to protect their privacy and are opting-out. They are the minority of Microsoft users.

Opting-in should require a concerted effort. It should not be the other way around. MS can still collect diagnostic and usage stats without intrusively mining private data.

Reply | Quote

Great article, with much details

Reply | Quote

Intresting article as ever raises more fears by (un)intentional obviscation of facts than it addresses. A real simple soultion is to add a few words next to each setting as to the consequences of using it. Theres another way probably a lot of hassle for M$ and that is to “Pop up” a window to tell you what they are being sent. They used to do that for errant programmes. If it is a real inconvenience you can incorperate a slider to disable in settings but at least you have the option and the veneer of transparency. They have damaged theyre reputation by obviscation of the facts about the whole data gathering process and taking to long to fix it. I can accept sending fault data back if it improves the OS as a whole. Clearly the updates and just lately the Driver fiasco is still ongoing and I have to ask my self what has my browsing History and location got to do with my Win10 machine baulking at the install of M$s latest monthly offering? Well I suppose if theres lots of visits to Tech web sites it could mean one of two things I am having problems or I am a computer hobbyist (hate to use the word Geek) and since they are software Engineers not Detectives we can only assume the worst from that kind of data gathering.

Reply | Quote

Is there such a thing as privacy on the internet any more? Try as we might, data is hoovered up every time we go online because big data is big money. Although my browsing fits neatly into the “If you’ve nothing to hide, then you have nothing to fear” category, I still jealously guard my privacy as well as I can, purely on a point of principle. I don’t need M$ to enhance my browsing experience by targeting me with ads, because I am perfectly capable of signing up to sites, such as Woody’s, that chime with my interests without their help. I wonder if it’s a generational thing, given that it seems that much of the younger generation (anyone under 50 in my case) appear to live their life online, with hardly a care for privacy. I understand why M$ want all this data, but if they won’t tell us what they are collecting, and what they intend to use it for, then you have to wonder what they have to hide. I will avoid Windows 10 for as long as I can, until they come clean on what they are doing with this data.

Reply | Quote

Bypass how?

Reply | Quote

I repeat: Prior to Jan 15, I’ve never seen any official notification that Edge keeps a copy of its browsing history in the cloud. Both of the articles describe Cortana’s involvement in ferreting away browser URL history. But I don’t see anywhere that Microsoft says, by default, Edge keeps your URL history in the cloud, independent of the URL history stored on the computer.

To me, Cortana is a red herring. Cortana doesn’t collect browsing history, Microsoft does, and it collects the data from Edge, not from IE or any other browser, as best I know.

Microsoft says its “diagnostic data” enables “Tailored experiences with diagnostic data / Get more relevant tips and recommendations to tailor Microsoft products and services for your needs. Let Microsoft use your diagnostic data to make this work.” That’s personally identifiable data, no matter how you slice it.

Reply | Quote

If you use the Smart Screen Filter in IE (Win7 and later – see menu) your browsing is collected and sent to MS SUPPOSEDLY to protect you from undesirable websites. That has been so as long as Smart Screen has been a part of IE.

That was before they installed Smart Screen on the desktop as well, and started collecting data on what programs you installed and how you used them. I got popups when I installed the Diving software in Win7 to the effect “this is an unknown program/publisher – do you really want to install it.”

Smart is just another data collection point.

Reply | Quote

Absolutely – and it’s an URL collector without a method for expunging history.

Reply | Quote

[ Corrected. Sorry. ] All of the InfoWorld ads have a “This ad will close in 20 seconds. Continue to site >>” notification. I find myself constantly clicking the notification.

Reply | Quote

But SUPPOSEDLY you can turn off Smart Screen in IE and on the desktop. You can’t just turn off Cortana/Bing/Edge.

Reply | Quote

Is it just my setup (Windows 7, Chrome but it does it too with IE11, resolution 1920×1080), or does everyone find that the piece pasted into the second half of this article (from the headline “View or delete browsing history in Microsoft Edge”) extends across the margin on the right side of the screen? I noticed it with another article the other day.

Reply | Quote

Once trust is lost, it can be almost impossible to regain.

Reply | Quote

“But I don’t see anywhere that Microsoft says, by default, Edge keeps your URL history in the cloud, independent of the URL history stored on the computer.”
It’s in Microsoft’s privacy statement of 18 months ago quoted in the first link:
“To enable Cortana … Microsoft collects … your browse … history, and more.”

The Microsoft quote of 16 months ago in the second link reinforces this:
“If you’re using Cortana with Microsoft Edge, your browsing history will be sent to Microsoft to help Cortana personalize your experience.”

“That’s personally identifiable data, no matter how you slice it.”
You’re certain they could identify me as an individual from their diagnostic data used to tailor experiences?

Reply | Quote

But nowhere does it say that two copies of your URL history are being maintained – one on the device, the other in the cloud – and that in order to clean out your URL history, you have to both delete history in the browser, and go online and delete the history on Microsoft’s web site.

Indeed, up until a few days ago, I don’t think it was even possible to delete your URL history data in Microsoft’s database.

“To enable Cortana … Microsoft collects … your browse … history, and more.” That doesn’t say “Microsoft collects your Edge browser history whether you use Cortana or not – and sticks it in two places.”

And… the diagnostic data used to tailor experiences has to be tied to something, likely your Microsoft account, but possibly your advertiser ID. How else could Microsoft tailor my experience?

Reply | Quote

Huh?

Reply | Quote

That’s my fault. Lemme fix it.

Reply | Quote

Ooops. I crossed my threads. Sorry about that.

Reply | Quote

Quite true.

Reply | Quote

No its true for everybody w. Half a brain.

Reply | Quote

Its still obnoxious and I don’t like things forced on me.

Reply | Quote

+++++++++ !!!! Especially the bit about WHAT HAVE THEY GOT TO HIDE…… The boot is definitely on THEIR foot. Good one! LT

The best thing about telling the truth is…you don’t have to remember what you said! — unknown

Reply | Quote

Fair enough. You noticed how there aren’t any pushy ads around here. I don’t like them, either – although I’m making just enough to keep the lights on, while many of the pushy sites have to support families and organizations.

Reply | Quote

@ fp ……. It is a fair trade-off for cptr users to get free web services in exchange for non-obtrusive ads being displayed on their cptrs, … eg free Google Search, Google Maps, Google News, Google Play Store, Facebook, Yahoo News, GHacks, AskWoody, etc, … which is similar to TV-users watching free ads-interrupted TV shows on ABC/CBS/NBC/FOX, as compared to paying subscriptions for Cable TV or Netflix.
……. In comparison, cptr users hv to pay subscriptions for full access to the less-ads-filled New York Times website.

Reply | Quote

Thanks Woody. It’s partly fixed now in that the headline is contained within the page, but the two numbered items are still extending across the margin.

Reply | Quote

OOPS….

I just loooooove editing raw HTML.

Reply | Quote

Looks good now – thanks :)!

Reply | Quote

I have Windows 8.1 & I’ve turned off sending any search data to Bing. That may include any locations, since I used the ‘privacy dashboard’ Location tab & don’t see any saved location data for the last 2 weeks or older. Looks like the page, except for location data, is specific to Windows 10. Still thinking about the $120 upgrade to Win 10 Home… & still not in any hurry.

Reply | Quote

Here is the loophole in the Personally Identifiable Information (date) or PII issue.

From the Wiki link provided: https://en.wikipedia.org/wiki/Personally_identifiable_information

“However, PII is a legal concept, not a technical concept. Because of the versatility and power of modern re-identification algorithms,[6][7][8] the absence of PII data does not mean that the remaining data does not identify individuals. While some attributes may be uniquely identifying on their own, any attribute can be identifying in combination with others.[9][10] These attributes have been referred to as quasi-identifiers or pseudo-identifiers.[11][12]”

A dribble or info here, a dribble there, a leak, a hack, the too much information one foolishly posts on Facebook including photos with identifiable backgrounds with written explanations, or geo-tags in the EXIF info of the photo uploaded to social media, or resumes published on LinkedIn before Microsoft bought it, and you have a clear roadmap to the person’s identity, if not the actual identity. Add in some link analysis or analytical software and you have an entity and linkages to relatives and contacts.

What is the harm? Well, think critically and inquisitively. Why are employers looking at social media of applicants? Why do some even try to ask the passwords of social media sites as a pre-employment offer condition? What if you have it locked down? The law lags behind on these issues. (Europe is further ahead on the Privacy issue.)

So some say what is the concern? Well if history is any lesson, it is that even though all looks innocent and calm now, the world is not stagnant. The photos of an inebriated evening, or your attendance at a specific event or visiting certain websites can all have a harmful effect when they become criteria for making decision to offer a job, give credit, or assess your vulnerability to identity theft, or make you a target for an oppressive government.

I apologize for taking this further than just the url history retention issue of Win10 and Edge, but all these leakages of your personal privacy have impacts. If your data elements can be profitable, there are businesses and people who will act in THEIR interest to exploit it. This can range from MS sending you commercials (ads) for Candy Crush, to scammers sending you phishing emails, to using your data to establish credit in your name.

It is from small seeds that trees grow, and with the small bits of data, analyses and inquiries can be conducted. Once the data is aggregated off of your PC or area you control, it is gone. You have no idea who it is sold to or acquired by.

Privacy is like a can of dental floss, very easy to pull out of the can, but very, very difficult to get back in as it was without major work (or for an easier vision think of toilet paper off the roll.

I prefer to use the old Boy Scout motto or “Be Prepared.”

Reply | Quote

Exactly!

See Window 10 was NOT “free.”

You just never got a bill, but you are still making payments.

Reply | Quote

Don’t fall for their Dog and Pony Show slider components… Unless they change their EULA then they haven’t changed anything… Just look for the section that contains the phrase…

“We reserve the right to change this agreement at any time without further notice”

Reply | Quote

On the other hand I’ve never had an ad on my TV breach my security, invade my privacy or render my TV inoperable…

http://www.usatoday.com/story/tech/2015/01/20/malvertising/21889547/

Should I be unable to bypass the ads I would have to say Adios Woody… There’s a lot of people who do things for free, because it’s a cause they believe in or for charity, not everyone needs to make a buck…

Reply | Quote

You’re right regarding the younger generation not regarding privacy as essential. I have recognized this too. Perhaps its the naivety of youth having not lived long enough to see how power corrupts.

And to those that say “If you have nothing to hide, you have nothing to fear”, I disagree. The Jews in Germany had nothing to hide when they answered the 1937 German Census accurately, but 3 years later the Nazis were in power and the Nazis knew exactly how many Jews lived at any particular address… It’s not about “hiding” it’s about “protecting”… civil liberties… Those who don’t understand the concept were probably too busy texting during that subject in school…

Reply | Quote

Thanks again for the good reporting, Woody.

Just one small correction for the IW article; the organization is the Electronic Frontier Foundation (EFF), not the Electronic Freedom Foundation.

Keep up the good work.

Reply | Quote

As an aside, according to Wikipedia (not the most reliable of sources I admit) the 1937 census was postponed until 1939, but given that the Nazis had been in power since 1933, and the Nuremburg Laws came into effect I believe in 1935, any Jew filling in the census should have seen the writing on the wall. I agree with you that those who think they have nothing to ride are foolish to believe they have nothing to fear; I was merely using the phrase to show that whist I have nothing to hide, I still value my privacy.

Reply | Quote

And let’s let this be the end of comparisons to Nazi Germany.

Reply | Quote

GACK! I edited that once, but it crept back in. Thanks!

Reply | Quote