Report: Windows Privacy vs Security a 'False Choice'

John Lister's picture

A consumer rights group has slammed Windows 10's privacy settings. The Electronic Frontier Foundation (EFF) says Microsoft is unfairly linking privacy to security in its update system.

The attack comes in a lengthy blog post by the EFF's Amul Kalia, published just after Microsoft released its Windows 10 Anniversary Update. It starts by recapping the numerous complaints about Microsoft using unfair measures to try to maximize the number of people upgrading to the system, including closing an on-screen window as consent for the installation. (Source: eff.org)

Data Transfer Is "Unprecedented"

The EFF's main concern is with the 'telemetry' in Windows 10 - meaning the data that Windows 10 collects about the user and the computer, and then relays that information back to Microsoft. The Electronic Frontier Foundation labels this as "an unprecedented amount of usage data." The post also takes issue with Microsoft's lack of detail about how it removes data that personally identifies the user, and how long it holds on to that data.

Furthermore, the Electronic Frontier Foundation says that Microsoft is acting unfairly when it comes to distributing its security updates. It says that enterprise (business) users who reduce telemetry tracking will not receive all security updates, which then makes the choice between privacy and security completely unnecessary. (Source: eff.org)

Microsoft Rejects Criticism

The post concludes by reiterating a point that many analysts have argued, which is: by distributing Windows 10 automatically as a free upgrade (during July 29, 2015 to July 29, 2016), Microsoft has risked the possibility that many users will have shut off their automatic updates entirely in order to avoid upgrading to Windows 10. If that were the case, these users may continue to miss out on critically important security updates.

Microsoft responded to the post with a media statement, stating that: "Microsoft is committed to customer privacy and ensuring that customers have the information and tools they need to make informed decisions. We listened to feedback from our customers and evolved our approach to the upgrade process. Windows 10 continues to have the highest satisfaction of any version of Windows." (Source: zdnet.com)

What's Your Opinion?

Do you agree with the Electronic Frontier Foundation's arguments? Has Microsoft gone too far in collecting data from users and linking security to privacy? Or it is simply a case of consumer choice and if you don't like it, don't use it?

Rate this article: 
Average: 5 (4 votes)

Comments

Dennis Faas's picture

Data privacy is certainly a hot topic, especially when Microsoft is involved. I know a lot of folks are going to complain that Windows 10 is constantly spying on you - which is true out of the box, but that can be shut off easily using third party apps like Spybot Anti-beacon.

As far as privacy is concerned in 2016 (and beyond) - here's what you can expect:

1. Smartphones are the way of the future - whether you like it or not, and many apps for smartphones and tablets use GPS (whether you like it or not!) because it is incredibly beneficial to be able to use location under certain circumstances. Examples include: weather, amber alerts, and GPS maps while driving or trying to find your way around a city.

2. Microsoft understands that smartphones and tablets are the way of the future and is therefore trying to 'catch up' to this technology and to avoid becoming antiquated by giving us Windows 10.

3. Microsoft also understands that tracking users is a huge money maker - Google has been doing this for years - which is why it decided to give away Windows 10 for free during the one year period and get as many people upgraded as possible. Microsoft is also trying to one-up Google by turning its entire operating system into a data tracking tool, instead of limiting it to the browser.

4. If you (a) can't figure out how to shut off the spying and (b) can't accept that some of your data may be collected at some point along the way, then please don't use Windows 10 - and yes, you have that choice. You can then continue using old desktop operating system technology (Windows 7, 8) using software that is likely to be phased out in the very near future, because most major tech companies will continue to innovate on a platform that consumers will use the most - which is the smartphone and tablet market, and now Windows 10.

jamies's picture

Thanks for the advisory note -
and the comment - Yes, you can continue using other OS's, but don't expect Microsoft to be integrating their current, or new software into other than variants of windows-10.
And - don't expect to be able to buy a new PC with a different microsoft OS than a windows-10 variant .

-------------------------------

And - re Microsoft's concern to assist in the usage of the PC:

Yesterday I got a blue banner panel across my windows 10 desktop indicating
that
"the terms and conditions were changing - click here to see the details"

The panel had no supplier details on it - and my immediate thoughts were MALWARE - got past the pop-ups stopper, and wants me to click on the link to install trojans - cryptoware etc.

Couldn't get to task manager to kill that "screen" via the OS threadid -
Indeed seems that I have a choice - activate the link to whonosewhat - or the wallswitch.

Wallswitch - and start up a severely firewalled and otherwise restricted system - with taskmanager as pretty much the started facility, followed by a screen recording facility.

Ah! - it's from Microsoft telling me (on the 23rd August) that the terms and conditions of some of the microsoft provided facilities are changing - and by continuing to use them I would be accepting the new terms - the alternative was to cease using those facilities (and - I presume get the equivalent facility from another supplier)
Well, I have recently taken out a 5 year subscription for Office365 (family - 5 user version) and setup the family's PC's to use the facility - including the Onedrive facility for sharing files.

So - Just after I pay for a 5 year usage, and spend hours setting up the system - Microsoft are changing the terms ??

Actually - on reading the detail it seems that the terms changing are for "stuff" I do not use -

BUT I bet others are using those facilities -

And - the really annoying thing about the notification, apart from the distribution being with the appearance and effect of malware -
The change and do-not-use effective date is the 2nd August -
Yes - to not accept the new terms I should have replaced the facilities, or at least stopped using the Microsoft ones ...

3 weeks ago

:

So considering
Microsoft responded to the post with a media statement, stating that: "Microsoft is committed to customer privacy and ensuring that customers have the information and tools they need to make informed decisions. We listened to feedback from our customers and evolved our approach to the upgrade process. Windows 10 continues to have the highest satisfaction of any version of Windows." (Source: zdnet.com)

Yes - we don't see why you should have anything private from US - We will maintain your stuff private from the government (or maybe not)
Information and tools - yes - The tools to allow us to control your windows-10 working environment and security are installed, or will arrive as essential security updates.
We listen to the feedback - well from those who can phone us - reading is for users!
Yes - the upgrade process has evolved to include almost all that the prior feedback objected to.

Yes - We are very happy with the way we distribute windows-10 and it's updates to get it past the for initial marketing feasibility test version we originally shipped.

Sort of like the lawyer who says
"I have not seen any evidence to indicate I am wrong"
while reminding corporate security staff that - and the corporate policy will remain instant dismissal, removal from the premises (use the nearest - well fastest to use egress portal.) and court order for a 5 mile exclusion zone for anyone trying to acquire, or present such evidence to me.

petershaw's picture

I'm becoming concerned that there may be something very wrong with me because, unlike others, I do not share the same level of concern about all this personal data that is being collected about me.

In fact I just don't care. I can't see that I put anything online about myself that would put me at risk. I've never heard of anyone else being damaged by any information collected by Microsoft, Google or, come to think of it, other companies other than those acting purely illegally.

So, Google knows what I searched for and looked at on Amazon and sends me ads. Big deal, I can ignore those ads as simply as I ignore ads on TV, that is if they're not blocked.

Nothing Microsoft, Google etc has done has left me with a level of mistrust and I don't believe these companies have any intention of doing anything harmful to me. I'm not very good at being convinced by Conspiracy Theories either.

So what is wrong with me?

ifpusr's picture

With all possible delicacy I hope to answer your question.

I think smugness would be the obvious and main problem; the belief that taking a position very far from the possibility of accusations of paranoia is a safe strategy. How can you be accused of being too sane? This smugness informs the complacency that is being displayed ('I just don't care'), which exacerbates the selfishness ('I can't see that I put anything online that would put me at risk'- emphasis on 'me'). Add to this ignorance ('I've never heard of anyone else being damaged') and there is a reasonably comprehensive suite of flaws that preclude the op from perceiving that there is a possibility of a threat to his comfortable existence by virtue of the fact that he is willing to permit a large corporation to surveil him in his own home.

Phone tapping of ostensibly innocent people is illegal, yet people are being pushed- and in some cases are willing- to allow virtual computer 'tapping'.

Once again, it's necessary to state the clear truth that one person's not having anything to hide is not the point. The point is that everybody has a right to communicate with the outside world in privacy. That privacy should be inviolable, not just violated with every passing second with vague assurances that what has been taken will be either thrown away or stored safely by the thief, while the person under surveillance should suffer a perpetual assault of ads trying to sell him viagra for his impotence, toupees for his baldness and weight loss products for his belly fat.

Personal responsibility; the taking of in your considerations. A good thing. It's not all about you; it's about all of us.

matt_2058's picture

Just a thought...

ifpusr 's point relating to phone tapping is interesting and made me think of some things. How would that fit in if internet service is classified as a utility? How could policies be structured to work, like it does for phones? And what's going to happen once the other corporations try to get in on the data collection bandwagon?

To get electricity, will the electric company require consent to sensors for each electrical device, so they can monitor your TV time, icebox usage, W/D usage, A/C & heater usage, vacuum cleaner? Shoot, they will almost be able to tell how you eat each day with that info: rice cooker, George Foreman grill, crockpot, mixer, deep fryer, microwave, etc.
How about the water company collecting data on water usage like shower, dishes, clothes washing, etc? How long do you take a shower and how much water used? Do you wash clothes once a week or every other day? How many loads?
Gas company monitor your gas grill usage, along with the stove and water heater?

Wait a minute...this data collecting has started. It's call the Internet of Things!

I think IoT is neat and could be useful, but I don't want the data leaving my home.

ifpusr's picture

Re: power/utility use monitoring (surveillance): even without the Internet Of Things, that's happening. We have here what's known as a 'Smart Meter'. It does what you describe. Nobody was given a choice about its installation, and the data certainly doesn't stay here.

We The People are so many steps behind we it's more than ludicrous; it's scary. We had better catch up fast and carve out some rules that don't have us entirely screwed.

Apropos of the IOT, to me it sounds horrific. They'll say it's all fine, with many safeguards and redundancies, but inevitably there will be people away from home too long, relying on the wondrous IOT while their pets/children/elderly/disabled, supposedly fed and comfortable, overheat/freeze and starve...and other scenarios. If you want a thing done, do it yourself. We should go round and open those windows and turn on those lights. We might even reach 200 steps a day by so doing.