Microsoft finally reveals what data Windows 10 really collects

Photo by Chris Welch / The Verge
If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Microsoft has been responding to Windows 10 privacy concerns for nearly two years now, and it appears the company has finally got the message and is prepared to act. Starting today, Microsoft is updating its privacy statement and publishing information about the data it collects as part of Windows 10. “For the first time, we have published a complete list of the diagnostic data collected at the Basic level,” explains Windows chief Terry Myerson in a company blog post. “We are also providing a detailed summary of the data we collect from users at both Basic and Full levels of diagnostics.”

Microsoft is introducing better controls around its Windows 10 data collection levels in the latest Creators Update, which will start rolling out broadly next week. The controls allow users to switch between basic and full levels of data collection. “Our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure,” says Myerson. “As a result, we have reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level.”

Microsoft is publishing its documents detailing the Windows 10 data collection over at the company’s TechNet site, and it plans to provide more information in the future. “We will also share more information about how we will ensure Windows 10 is compliant with the European Union’s General Data Protection Regulation,” says Marisa Rogers, Microsoft’s Windows and devices privacy officer.

Windows 10 Creators Update new privacy controls

The real test of Microsoft’s documents will be whether they go far enough to ease concerns over privacy with Windows 10. Last month a number of misleading stories once again claimed Windows 10 has a keylogger built in, and there have been similar unfounded concerns about gaming and ad-supported versions of Solitaire.

All of these concerns have pressured authorities to dig deeper into Microsoft’s practices with Windows 10. France ordered Microsoft to stop tracking Windows 10 users, and European Union data protection watchdogs warned earlier this year that Microsoft’s Windows 10 Creators Update changes don’t go far enough. The Electronic Frontier Foundation also previously accused Microsoft of disregarding user choice and privacy with Windows 10, but it’s not clear if the EFF has changed its stance with the latest Creators Update changes.

Either way, all of these concerns have created an air of uncertainty around Windows 10 and whether it can be trusted not to track users. Microsoft is hoping to finally address that today, but it will be up to regulators and privacy advocates to dig into the documents and decide whether Microsoft has really gone far enough.


You should use an older picture, maybe browsing a GeoCities page.

It’s a Surface device with an Edge tab illustrating the notation feature on the Verge website.
Why does it matter its not from this week?

Hey, it could be worse there was a period of time where this picture was used in every article about hacking.

Another key point is that this update reduces the telemetry by about half, according to Microsoft. So that means we don’t really know what they were including in the existing version of Windows 10 before the Creator’s Update.

Hijacking the first comment makes sure everyone knows just how super important your opinion is!

Keep up the good work!

Does anyone know if Apple or Google also disclose this information? If so, please provide a link.

With Google, you can pretty much assume everything you do is being data mined. Apple and MS are a different story.

Yeah.. that page is a solid reason not to use Google services. It’s why I keep my family away from all of their products and services where I can. Obviously YouTube is pretty much a monopoly, but the rest is mostly avoidable.

Right but at least with Google it’s not your OS your not paying to use it. (Keep in mind Android itself is free) Google gives away its services for free in exchange for selling ads against you as the user.

edit: I was very tempted to lmgtfy this link, as it was the first listing in Google.

Not the same but if you already have a Google account you can go here and see everything they got from you

And I just found this

That site has information on how to review your privacy, what can you control and how Google secure your data.

Things you do

When you use our services — for example, do a search on Google, get directions on Google Maps, or watch a video on YouTube — we collect data to make these services work for you. This can include:

Things you search for
Websites you visit
Videos you watch
Ads you click on or tap
Your location
Device information
IP address and cookie data
Things you create

If you are signed in with your Google Account, we store and protect what you create using our services. This can include:

Emails you send and receive on Gmail
Contacts you add
Calendar events
Photos and videos you upload
Docs, Sheets, and Slides on Drive
Things that make you "you"

When you sign up for a Google account, we keep the basic information that you give us. This can include your:

Email address and password
Phone number
We do not sell your personal information to anyone.
Advertisers pay only for ads that people see or tap

When advertisers run ad campaigns with us, they pay us based only on how those ads actually perform — never on your personal information. That could include each time someone views or taps an ad, or takes an action having seen an ad, like downloading an app or filling out a request form.

I will link this site every time someones says Google sells your data

Google wouldn’t sell that data, it’s too valuable to them

People dont understand that and is on their interest to keep that data safe from hackers etc

That’s a bad argument. Is it ok that Congress just let ISPs start selling browser data? ISP still can’t sell your PERSONAL data, but we’re certainly not happy about it. See, the only difference is that ISPs aren’t delivering the ads themselves. Google isn’t any better about your privacy, they’ve just made the process more efficient.

We try to show you useful ads by using data collected from your devices, including your searches and location, websites and apps you have used, videos and ads you have seen, and personal information you have given us, such as your age range, gender, and topics of interest.

If you are signed in and depending on your Ads Settings, this data informs the ads you see across your devices. So if you visit a travel website on your computer at work, you might see ads about airfares to Paris on your phone later that night.

This is the standard now – relevant ads technology. This is WORSE THAN ISPs – that data is still aggregated and not personalized. Google doesn’t attach your phone number or name to your advertising data. But, guess what.. it doesn’t need to. You might as well be just an advertising ID.

(To be clear, I’ve come to terms with living in this world. I’m still using google services, and I will continue to do so. I will probably be burned by that, along with millions of others. We will continue doing it even after that.)

That is correct. They do not sell the raw data, but the data mine everything you do in order to sell advertising targeting you because of what they have learned about you.

Google has a specific privacy dashboard website. You can see what information they have and can opt in/out of specifics. Not so with Microsoft.

Really? No, not really.

EDIT: Less condescending tone (thought better of it).

Thanks, I was unaware of that site.
Do you have any idea how long it has existed?
Still Microsoft has not been transparent with Windows 10 until now. But it is good that they are making positive changes.

Ever since Microsoft integrated account management for Windows/Xbox/Mail. So some version of it has been around 5 years, give or take. The more services have become integrated, the more those settings have been brought into one place. This current version has been around for about 2 years, i.e. since Windows 10 launched.

I think they’ve been quiet on this up until now because they’ve been experimenting and haven’t decided exactly how they wanted to gather telemetry data. If they spelled it out in detail in the beginning, they would be bound to that and not have the flexibility to try different things and see if its valuable. Two years in now, they’ve settled on what data is useful and what isn’t and they are willing to commit to saying long term what they will or wont do. That, and pressure from Europe probably sped up the process.

Which is bullshit. Microsoft needed to tell users exactly what it was doing from the beginning. Changing what they collect is fine, but hiding it from your paying users isn’t.

Look how big that list is, at Basic level it is massive. Not sure what they’re really missing at Basic.

A Mac where you can turn the little bit (to talk to Siri) totally off or Linux looks better and better…

Transparency has never been a Microsoft skill.

View All Comments
Back to top ↑