Microsoft Tribe


Windows, Privacy, and You


So you got Windows 10, but now you're worried that Microsoft is stealing your data, even when you turn most the new features off. Let me explain.

Now that Microsoft's latest operating system is on the market many are concerned of their privacy, and what Microsoft may be doing with the data that is collected. You'll hear FUD about Microsoft collecting your browser history, logging activity, going through files, and much more, but what are they actually doing?

Surprisingly, answers lie in one of the most unread documents on the internet: The Privacy Policy

That's right; One of two documents (the other being the Terms of Service, or EULA in software's case) consumers blindly click, tap. or otherwise choose "Yes I agree" to has the answers to most all everyone's privacy concerns around Windows 10. One need only need to comprehend this policy to have a better understanding of what's going on.

But this is hard; Not everyone is good at grasping some of the terminologies used within these legal documents. That's why I've taken the liberty of grabbing some of the most important concerns and "translating" them below.

1. Microsoft is tracking my location and collecting all my personal information!

Cortana is your personal assistant. Cortana works best when it can learn about you and your activities by using data from your device, your Microsoft account, third-party services and other Microsoft services. To enable Cortana to provide personalized experiences and relevant suggestions, Microsoft collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device

Microsoft's Cortana assistant, in a manner very much like Google Now, allows you to get personalized results and find relevant information with the click of a button, or the utterance of the phrase "Hey, Cortana?". However many of the software's features cannot function without access to relevant data. For example, when you tell Cortana "Next time I call Aunt Kathy, remind me to pick up flowers", she can't know who "Aunt Kathy" is without access to your contact data. In another example, when you say "Remind me to get orchids when I'm at a florist", Cortana doesn't know when you're at a florist without knowing your location. The more one actually explores what Cortana can do, the more they'll realize how relevant having access to that data can be.

And in the event you don't have any need for Microsoft's personalized assistant, there is actually a master switch that turns it off, with no need to peruse through various options: in Cortana's settings, you can turn off "Cortana can give you suggestions, reminders, alerts, and more.", which will disable Cortana and clear everything about your device collected via Cortana. This doesn't affect interests or other devices; Interests are device-agnostic and manually chosen, and naturally you disable Cortana on a device by device basis. But these have 0 impact on your privacy on the current device.

2. Microsoft is collecting my browser history and everything I do online!

Some Microsoft browser information saved on your device will be synced across other devices when you sign in with your Microsoft account. This information can include your browsing history, favorites, saved website passwords, and reading list. For example, in Microsoft Edge, if you sync your reading list across devices, copies of the content you choose to save to your reading list will be sent to each synced device for later viewing. You can control which information is synced (see Sync Settings). You can also disable syncing of Microsoft Edge browser information by turning off the sync option in Microsoft Edge Settings.

Microsoft Edge and Internet Explorer use your search queries and browsing history to provide you with faster browsing and more relevant search results. These features include:

  • AutoSearch and Search Suggestions in Internet Explorer automatically sends the information you type into the browser address bar to your default search provider (such as Bing) and offer search recommendations as you type each character. In Microsoft Edge, this feature automatically sends this information to Bing even if you have selected another default search provider.
  • Page Prediction sends your browsing history to Microsoft and uses aggregated browsing history data to predict which pages you are likely to browse to next and proactively loads those pages in the background for a faster browsing experience.
  • Suggested Sites recommends web contents that you might be interested in based on your search and browsing history.

Browsing data collected in connection with these features is used in the aggregate and you can turn off any of these features at any time. These features will not collect browsing history while you have InPrivate Browsing enabled.

In order to provide search results, Microsoft Edge and Internet Explorer send your search queries, standard device information, and location (if you have location enabled) to your default search provider.

Both Internet Explorer and Microsoft Edge have the ability to provide enhanced features such as search suggestions in the address bar (standard on most web browsers), as well as enhance load times by predicting and loading pages in the background to save time loading in the foreground later on. These features require access to your search history and browsing history, however.

Your search history allows the web browser to pull up previous web searches along with improving the search suggestion's predictive features. How do you think a search engine, whether it be Google or Bing, is able to predict and list various suggestions for search terms when you begin typing in the address bar? Additionally, Edge sends search history to Bing alongside your search engine of choice, likely both for the improvement of their own search suggestions as well as to ease the syncing process of that information across different machines. It also means that if you switch to Bing your search history is already present, allowing for more relevant results.

As far as your web history, this allows the web browser to better predict the next page you visit, improving the page prediction accuracy and enhancing load times. It also means it can show you past websites and autofill them in the address bar when you start typing.

If you don't wish for either of these functions, you can turn them off respectively in your browser's advanced settings.

3. OMG Microsoft is giving everyone the password to my Wi-Fi!

Wi-Fi Sense allows you to automatically connect to Wi-Fi networks around you to help you save cellular data and give you more connection options. If you turn it on, you will automatically connect to open Wi-Fi networks. You will also be able to exchange access to password-protected Wi-Fi networks with your contacts

Okay, so this one isn't clearly explained in the Privacy Policy. I did say "most all", did I not? Wi-Fi sense is a nifty feature that allows you to connect to hotspots automatically, but it also allows you to share access to your password protected networks. But before you worry that Microsoft is giving people the password to your in-home Wi-Fi, one must know two things:

  1. The sharing capabilities of Wi-Fi sense are opt-in on a case by case basis; You actually have to tell Windows you want to share access for each Wi-Fi network.
  2. Your password is never visibly shared. Windows will send an encrypted form of the password to your friends with Wi-Fi sense compatible devices which will then automatically set up the connection; The password is never viewable by anyone.

In fact, here is an excerpt from the Wi-Fi sense FAQ:

No networks are shared automatically. When you first connect to a network that you decide to share, you'll need to enter the password, and then select the Share network with my contacts check box to share that network


When you share access to a password-protected Wi‑Fi network by using Wi‑Fi Sense, your contacts don't see the network password. For networks you choose to share access to, the password is sent over an encrypted connection and is stored in an encrypted file on a Microsoft server, and is then sent over an HTTPS connection to your contacts' PC or phone if they use Wi‑Fi Sense.

4. Why does Microsoft still send data even when I disable access?

Microsoft regularly collects basic information about your Windows device including usage data, app compatibility data, and network and connectivity information. This data is transmitted to Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device and understand the device's service issues and use patterns. The data we collect includes:

  • Configuration data, including the manufacturer of your device, model, number of processors, display size and resolution, date, region and language settings, and other data about the capabilities of the device.
  • The software (including drivers and firmware supplied by device manufacturers), installed on the device.
  • Performance and reliability data, such as how quickly programs respond to input, how many problems you experience with an app or device, or how quickly information is sent or received over a network connection.
  • App use data for apps that run on Windows (including Microsoft and third party apps), such as how frequently and for how long you use apps, which app features you use most often, how often you use Windows Help and Support, which services you use to sign into apps, and how many folders you typically create on your desktop.
  • Network and connection data, such as the device's IP address, number of network connections in use, and data about the networks you connect to, such as mobile networks, Bluetooth, and identifiers (BSSID and SSID), connection requirements and speed of Wi-Fi networks you connect to.
  • Other hardware devices connected to the device.

Some diagnostic data is vital to the operation of Windows and cannot be turned off if you use Windows. Other data collection is optional, and you will be able to turn this data collection on or off in Settings.

It's something called the "Customer Experience Improvement Program", or rather, it's successor, as CEIP appears to be permanently opted out in control panel. Windows will automatically collect data on your machine and how you use it for the purpose of improving the operating system as well as solving issues that arise:

Microsoft employees, contractors, vendors, and partners might be provided access to relevant portions of the information collected, but they’re only permitted to use the information to repair or improve Microsoft products and services, or third party software and hardware designed for use with Microsoft products and services.

You can't fully opt out of sending diagnostic information, but you do have 3 different options on how much data you send. Taken from the Windows 10 Feedback & Diagnostics FAQ:

  • Basic information is data that is vital to the operation of Windows. This data helps keep Windows and apps running properly by letting Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also turns on basic error reporting back to Microsoft. If you select this option, we’ll be able to provide updates to Windows (through Windows Update, including malicious software protection by the Malicious Software Removal Tool), but some apps and features may not work correctly or at all.
  • Enhanced data includes all Basic data plus data about how you use Windows, such as how frequently or how long you use certain features or apps and which apps you use most often. This option also lets us collect enhanced diagnostic information, such as the memory state of your device when a system or app crash occurs, as well as measure reliability of devices, the operating system, and apps. If you select this option, we’ll be able to provide you with an enhanced and personalized Windows experience.
  • Full data includes all Basic and Enhanced data, and also turns on advanced diagnostic features that collect additional data from your device, such as system files or memory snapshots, which may unintentionally include parts of a document you were working on when a problem occurred. This information helps us further troubleshoot and fix problems. If an error report contains personal data, we won’t use that information to identify, contact, or target advertising to you. This is the recommended option for the best Windows experience and the most effective troubleshooting

For those who wish to refrain from sending anything but the most basic information they can do so under the Feedback & Diagnostics page of Privacy in Settings.

5. Microsoft is sharing my information to target ads!

Microsoft uses cookies (small text files placed on your device) and similar technologies to provide our services and help collect data. Cookies allow us, among other things, to store your preferences and settings; enable you to sign-in; provide interest-based advertising; combat fraud; and analyze how our services are performing. Microsoft apps use other identifiers, such as the advertising ID in Windows, for similar purposes.


Windows generates a unique advertising ID for each user on a device. Your advertising ID can be used by app developers and advertising networks to provide more relevant advertising. You can turn off access to this identifier at any time in the device Settings. If you choose to turn it on again, a new identifier will be generated.

The advertising ID is essentially cookies for apps; It is personalizing, or "targeting" ads, in a similar manner to cookies. But it's easy to turn off in settings, and it's not really harming anything by having it on. Ads are a fact of software; Wouldn't you at least want to see ads that are tolerable, or in a rather rare occurrence, even likeable?

6. Who is Microsoft sharing this data with, and when?

We share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorized. We also share data with Microsoft-controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our services; and to protect the rights or property of Microsoft.

Microsoft only shares data with affiliates, subsidiaries, and vendors working on their behalf, when required by law, as well as to... It's pretty clearly laid out this time. Reiterating it would only serve to be redundant.

7. Why did Microsoft change all this with Windows 10?

They didn't! Search suggestions and page prediction are features that have existed long before Windows 10, and actually showed up first in browsers like Google Chrome (in the case of search suggestions) before making their way to most browsers you see today. Windows 8.1 also brought the integration of Bing to the system along with location-relevant results, and provided the easy ability to opt out in settings. Other things such as the Customer Experience Improvement Program have existed since at least Windows 7, and the advertising ID has been seen in similar forms on other OSes. In all, only a handful of these new features, and the privacy concerns they bring, are actually in fact new. Most people have just been either unaware or just did not care of their existence in past operating systems and software.

Microsoft is doing nothing out of the ordinary, and despite the daunting appearance of the Privacy settings, it's rather easy to control your privacy. Much of the privacy settings are either intended for third-party apps in the store, and the intent is to give you, the consumer, finer control of what your apps can do then you've ever been given in the past. If anything, Windows 10 puts you more in control then ever before.