Microsoft’s new Windows 10 privacy controls should avoid ‘keylogger’ concerns

Microsoft is once again tackling privacy concerns around Windows 10 today. The software giant is releasing a new test build of Windows 10 to Windows Insiders today that includes changes to the privacy controls for the operating system. While most privacy settings have been confined to a single screen with multiple options, Microsoft is testing a variety of ways that will soon change.

There have been some concerns that Windows 10 has a built-in “keylogger,” because the operating system uses typing data to improve autocompletion, next word prediction, and spelling correction. Microsoft’s upcoming spring update for Windows 10 will introduce a separate screen to enable improved inking and typing recognition, and allow users to opt-out of sending inking and typing data to Microsoft.

Microsoft is also testing the idea of Windows 10 users receiving seven individual screens for all the privacy controls in the operating system, and the company is looking for feedback from its Windows Insiders to find the right balance between too many screens and enough insight into the various options.

These latest privacy changes will arrive alongside a separate Windows Diagnostic Data Viewer. The viewer includes an overview of data being sent to Microsoft’s servers by Windows 10. Microsoft collects a bunch of anonymous Windows 10 data from users to help improve the operating system and make product decisions. The new viewer is similar to something like Wireshark, and it lets Windows 10 users decrypt data that is sent encrypted to Microsoft’s servers.

Microsoft is making privacy changes to Windows 10 as the company has faced continued concerns over its collection of data. France previously ordered Microsoft to stop tracking Windows 10 users, and the EU has voiced its own concerns. Microsoft did reveal what data Windows 10 really collects last year, but these latest changes are a step further in addressing concerns.

Comments

Microsoft’s transparency has tremendously improved and they deserve to be lauded for it.

However, they still don’t offer a supported way for users of Windows 10 Home or Pro to turn telemetry completely off. Instead, we’re forced to do it by hand (which is not trivial) or run a third-party program like Shutup10, and then MS turns telemetry back on with each bi-annual update, disregarding the user’s clear preferences. That isn’t OK.

There is zero effort required for Microsoft to allow users to disable telemetry. Windows 10 Education and Enterprise versions already permit it, with the "Security" option. This option was deliberately not included in Win10 Pro and Home.

as long as Telemetry data is anonymous, i don’t really mind it. If how many times i click the start button or swipe the notification menu somehow helps in the development of future versions, then great. As long as no personal information is sent along with it.

It is not truly anonymous, because behavior data and metadata can be correlated with a single personally identifiable datapoint to pinpoint a specific person. The only way to collect telemetry and respect privacy is what Apple does with differential privacy, which makes it mathematically provably impossible to correlate activity to a single user, even a non-named one, by only looking at actions in aggregate.

Assuming Apple did it properly, anyway. They said all the right words, but haven’t provided any real detail on how they actually implemented differential privacy.

It is not truly anonymous, because behavior data and metadata can be correlated with a single personally identifiable datapoint to pinpoint a specific person.

Assuming what you say here is correct, what actual motivation do you imagine Microsoft has to be concerned with your specific hardware/software use from among the 3/4 billion Windows 10 users on the planet? Do you think there is a Microsoft employee sitting at a desk somewhere reviewing Rodalpho’s PC stats? I personally have a hard time picturing this.

It’s great that Microsoft is becoming more transparent about its practices, but as far as I know, not one critic has yet shown any actual consumer harm from the anonymized telemetry (or any of the higher levels of opt-in data sharing for that matter).

Whenever someone makes that argument, and someone always makes that exact argument, I circle back to the README.TXT I first read in in Phil Zimmerman’s PGP package back in 1991. He encapsulated it quite well back then.

https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

"Perhaps you think your email is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don’t you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email?"

It doesn’t matter if you’re just a normal guy, not breaking the law. It doesn’t matter if nobody’s watching you. You are entitled to your privacy.

I agree with you. Privacy is important, and everyone should have options for it. Microsoft needs to provide it.

You are entitled to your privacy.

Yes you are. !00% agree with everything you said.

Problem is, pretty much all of the internet disagrees. Every move you make online is tracked in some form or another.

So whilst Microsoft has done a pretty reasonable job of listening to concerns about telemetry, giving some more opt outs, and attempting to show what and how they collect data, Why (in their mind) should they stop doing it entirely when a) its very important to growing their business and b) EVERYONE ELSE IS DOING IT….like….LOADS!!!!!!.

People who complain (not you, i hasten to add…) about this kind of "intrusion" never put it into this context and it drives me nuts.

The only way to stop this sort of intrusion is to persist in criticizing it. If enough people complain, they’ll stop. If not, they won’t.

Who will stop? You can keep complaining, but you’re talking about a time when the Echo/Alexa might be the biggest, most recognizable thing in consumer tech. When they essentially make a joke about sending your personal information to Amazon to be answered by random people into an advertisement. It is absolutely intrusion. People absolutely do not care. Do I think it’s crazy, yea, sure. But as attached to the idea of privacy as we are, we’re not really that into the actual practice of it.

I think this is the point:: People are freely willing to give up their privacy in order to get access to these services.

In that deeply entrenched culture, how on earth will anything change?

While I agree with your main point I’d also argue MS puts too much emphasis on telemetry already.

The decisions they made with Windows 8 were largely supported by telemetry but were still received, lets say, poorly on release. There is a huge gap between data and insight and I don’t think the Googles and Microsofts of this world have quite grasped that yet.

See also their Xbox one release. The focus on entertainment was a result of telemetry data.

the entertainment value of the Xbox was correct. The messaging was not delivered correctly.
Most reasonable people, who understand the digital gaming paradigm, would have supported MS original vision of Xbox, if MS could just had delivered the message correctly.

100%.

Both consoles essentially have the same feature set from a media perspective, it was the messaging which differed.

Not entirely as the initial Xbone also supported watching TV. Its HDMI passthrough, which is still present (and awesome!) was Microsoft’s push to get on "Input 1".

Also nothing to do with media stuff, but Microsoft’s initial Xbone vision was always-online, which really upset people.

Most reasonable people, who understand the digital gaming paradigm,

Understanding is the key part, your license would have lived in the cloud for lack of a better term.. It was the next step to the digital age, going from disk to download games but now we are in a cruel limbo between the two.

Not entirely as the initial Xbone also supported watching TV. Its HDMI passthrough,

Indeed. But the failures discussed were not down to an additional port on the console.

Not entirely as the initial Xbone also supported watching TV. Its HDMI passthrough, which is still present (and awesome!) was Microsoft’s push to get on "Input 1".

And heres the beautiful Irony. Microsoft will probably take the telemetry from Xbox one, conclude that nobody uses HDMI pass through, drop the feature, and once again deprecate the value of their product whilst pissing off their user base.

See also their Xbox one release. The focus on entertainment was a result of telemetry data.

I`d love to read more on that, care to link to your source?

While I agree with your main point I’d also argue MS puts too much emphasis on telemetry already.

What…. compared to other tech companies?

The decisions they made with Windows 8 were largely supported by telemetry but were still received, lets say, poorly on release

I dont see any basis for that assertion, but putting that aside for a moment

Capturing telemetry, and the inferences you take from the data are separate things.

Microsoft are brilliant at pulling products based on usage data, which can result in some quite short-termist (some woudl say dumb) decisions being made.

But they are Microsoft`s decisions to make, nonetheless

Main problem with Windows 8.0 was that it put touch first, compromising the desktop experience and leveraging their millions of desktop users to attack Apple and Google. That decision wasn’t driven by telemetry, it was driven by people in really sharp tailored suits. Stupid people in really sharp tailored suits.

That decision wasn’t driven by telemetry, it was driven by people in really sharp tailored suits. Stupid people in really sharp tailored suits.

Quite right. In your example, Sinofsky. He lost his job shortly afterwards.

Well I think he realized, quite correctly by the way, that mobile was the future and Microsoft was being left behind. That happened before with the internet, when they essentially shrugged and allowed Firefox and then Chrome to eat Internet Explorer’s huge lead.

The problem wasn’t that Microsoft devoted massive resources towards competing on mobile, nor was it that they ambitiously targeted convergence, "one windows to rule them all" in both desktop/tablet/mobile form factors. That strategy was ambitious, but it could have borne fruit.

The problem was that they allowed their focus on touch and mobile to compromise the desktop experience, burning many millions of established users. That is why Windows 8.0 was such a huge misstep.

However, they still don’t offer a supported way for users of Windows 10 Home or Pro to turn telemetry completely off.

I dont think they ever will, nor will they see why its justified for them to do so in the first place.

I do understand that their dominant position in the desktop market makes them an obvious target for these criticism`s but singling them out and ignoring the rest of the industry doesn’t help to further the discussion in a helpful way.

View All Comments
Back to top ↑