If you opt for the “Express settings” during initial setup, by default, Microsoft chooses the most intrusive privacy settings possible. In the setup window, “Express settings” appears as a big fat button. “Customize settings” is a small link on the other side of the window and can easily be missed.
If you choose Express settings, among other things, you will:
- “Personalize your speech, typing, and inking input by sending contacts and calendar details, along with other associated input data to Microsoft”
- “Send typing and inking data to Microsoft to improve the recognition and suggestion platform.”
- “Let Windows and apps request your location, including location history, and send Microsoft and trusted partners some location data to improve location services.”
- “Use page prediction to improve reading, speed up browsing, and make your overall experience better in Windows browsers. Your browsing data will be sent to Microsoft.”
If you want to know what Microsoft does with the information it collects, a handy-dandy 45 page privacy statement that they describe as “transparent” is offered. Among other things, that statement says:
“We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to.”
Along with that, after reading the 45 pages, nobody seems to have a clue who Microsoft’s “trusted partners” are.
As Alec Meer from Rock, Paper, Shotgun states:
There is no world in which 45 pages of policy documents and opt-out settings split across 13 different Settings screens and an external website constitutes “real transparency.”
Certainly, there are benefits to sending certain types of data to the cloud. It’s great to back up your contacts and calendar. But at this point, the only option for doing this is to set up your computer account with your Microsoft ID. You can’t do it with a local account.
All digital assistants require an online “assist,” and Microsoft’s Cortana is no exception. However, we’re not assured that information collected by Cortana will remain private. In contrast, Apple’s Siri doesn’t “associate this information with your Apple ID, but rather with your device through a random identifier.… You can reset that identifier at any time by turning Siri and Dictation off and back on…”
If I’m reading privacy policies, I like to see words and phrases like “anonymous,” “not associated with your ID,” “non-persistent,” “encrypted,” “identifier resets,” etc. I’m seeing little to none of this with Windows 10.
I’m not likely to need Windows 10, so a lot of the privacy stuff doesn’t affect me. But its WiFi Sense feature potentially affects everyone, whether they use Windows or not.
When you log into a WiFi network on Windows 10, you’re asked if you’d like to share the network login credentials with all of your Outlook and Skype contacts. Optionally, you can also share them with your Facebook friends. This puts an encrypted key to your network on Microsoft’s servers. When any of these people are within range of your network, they can connect to it without a password. You’re not given the option of making this information available to a single person; you have to do it for entire groups.
Some of the abuse scenarios that are posted around the ’net are pretty far fetched, and in theory, there shouldn’t be a big safety issue involved because everything’s encrypted. But since I don’t have Windows 10 myself and haven’t shared my contacts with Microsoft, people using my network have to log in the old fashioned way.
At that point, they’ll be presented with the dialog asking them if they’d like to share my network with all of their contacts. They can say no, but some people say yes to everything. And even with the right intentions, it’s easy to hit the wrong button. We’ve all done that.
Not to worry. If you’ve decided to share a network and change your mind, Microsoft will clear it from its servers within several days.
The way to prevent your network from being shared is to add “_optout” to your network name. I don’t want to do that. I have a simple network name that looks good in a list of available networks, and it’d be easy to type if I decided to make my network non-discoverable.
For others, many will have no clue that WiFi Sense exists and won’t be aware that they might want to do something about it. Others might want to add “_optout” but won’t know how.
Here are some more links.