Windows 10 is not really free: you are paying for it with your privacy

What Microsoft is prepared to share, though, doesn’t stop at the data it uses for advertising. Although it maintains that it won’t use personal communications, emails, photos, videos and files for advertising, it can and will share this information with third parties for a range of other reasons.

The most explicit of these reasons is sharing data in order to “comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies”. In other words, if a government or security agency asks for it, Microsoft will hand it over.

Meaningful transparency
In June, Horacio Gutiérrez, Deputy General Counsel & Corporate Vice President of Legal and Corporate Affairs at Microsoft, made a commitment to “providing a singular, straightforward resource for understanding Microsoft’s commitments for protecting individual privacy with these services”.

On the Microsoft blog, he stated:

In a world of more personalized computing, customers need meaningful transparency and privacy protections. And those aren’t possible unless we get the basics right. For consumer services, that starts with clear terms and policies that both respect individual privacy and don’t require a law degree to read.

This sits in contrast to Microsoft’s privacy statement, which is a 38 page, 17,000 word document. This suggests that Microsoft really didn’t want to make the basic issues of its implementation absolutely clear to users.

Likewise, the settings that allow a user to control all aspects of privacy in Windows 10 itself are spread over 13 separate screens.

Also buried in the privacy statement is the types of data Cortana – Microsoft’s answer to Apple’s Siri or Google Now – uses. This includes:

[…] device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device. Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more.

Note that the “and more” statement basically covers everything that you do on a device. Nothing, in principle, is excluded.

Privacy by default
It is very difficult to trust any company that does not take a “security and privacy by default” approach to its products, and then makes it deliberately difficult to actually change settings in order to implement a user’s preferences for privacy settings.

This has manifested itself in another Windows 10 feature called Wi-Fi Sense that has had even experts confused about the default settings and its potential to be a security hole.

Wi-Fi Sense allows a Windows 10 user to share access to their Wi-Fi with their friends and contacts on Facebook, Skype and Outlook. The confusion has arisen because some of the settings are on by default, even though a user needs to explicitly choose a network to share and initiate the process.

Again, Microsoft has taken an approach in which the specific privacy and security dangers are hidden in a single setting. There is no way to possibly vet who, amongst several hundred contacts, you really wanted to share your network with.

There are steps users can take to mitigate the worst of the privacy issues with Windows 10, and these are highly recommended. Microsoft should have allowed users to pay a regular fee for the product in exchange for a guarantee of the levels of privacy its users deserve.

David Glance is Director of UWA Centre for Software Practice at University of Western Australia. This article is published courtesy of The Conversation (under Creative Commons-Attribution/No derivative.