10:30 AM
Mark Weinstein
Mark Weinstein
Connect Directly
E-Mail vvv

Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy

You can read all you want about Windows 10 powerful new privacy features, but that doesn't mean you have them.

The Windows 10 reviews are pouring in and the general consensus seems to be that it rocks (especially over Windows 8). It’s feature-rich, fun, and best of all, free. So why then is Slate.com calling it a privacy nightmare in dire need of reform? Because most of the powerful privacy settings are turned off by default. Yikes. Forget Clippy ever happened. There’s a new Microsoft sheriff annoying users in town.

The issue comes down to your personal information. Microsoft is acting as if it wants to collect lots of yours, more than it ever has before. And it’s not telling us why. In an Edward Snowden world, that scares people, as well it should. Sure, in certain instances it makes logical sense. Take Cortana for example, your friendly neighborhood personal digital assistant. Just like Apple’s Siri, in order to give you good ideas, Cortana needs to get to know you, your interests, and where you like to hang out. You can play with her settings if you choose, but the onus rests entirely on you. And therein lies the fundamental flaw of Windows 10: everything is on you.

You can read all you want about Windows 10 privacy features, but that doesn’t mean you have them. It’s kind of odd. A company builds powerful privacy into its application but then leaves it up to you to become Sherlock Holmes to find them. Even worse, Microsoft doesn’t highlight this fact. There’s no FYI; no “just in case you’re wondering.” Most people will never know what’s missing or in fact what they’ve got.  

To those who know about the privacy issue and want to resolve it, there’s another mountain to climb: changing the settings. This is not a one-click procedure. If you have the time and patience and want to go all techno-geek, then you can probably get there. If not, you’re kind of screwed. The end result is that everyday people won’t bother. They’ll opt for leaving well enough alone over being mired in some techno-hell. Isn’t that why most of us stick too long with technology, even when we know change would be for the better?

So what was Microsoft thinking? On the one hand, there’s the whole issue of keeping up with the Jones’s. Apple, Facebook, Google, all of Microsoft’s main competitors, collect information about you. Microsoft does too for that matter. But Apple and its CEO Tim Cook, as shown in recent speeches and blogs, suggest they want to change their tune. Microsoft looks like it potentially does too, but it sounds like the wrong song.  

Secondly, as Forrester Research’s Tyler Shields points out, it’s simple addition. Microsoft makes money off of its value-added services. If you offer those services as an opt-in, something that requires action and thought, most people tend to opt-out. If you reverse the equation, then most people are already opted-in and either uninformed about or uninterested in taking the time to reverse the settings.

Here’s what I recommend. Take care of business yourself. First off, start with an easy action item. Turn off Wi-Fi Sense, which is on by default. Wi-Fi Sense connects you to trusted Wi-Fi networks around you that your friends use. Hey, I get it. Not all of us have data plans. Sometimes we exceed our limits. And it’s kind of cool to chill in a room with friends and share the same network. But Wi-Fi Sense automatically shares access with everyone in your Outlook address book as well as your frenemies on Facebook whom you want to make feel small with exaggerations of your high life.

Next, stick with your own local account. Microsoft wants you to create a Microsoft account (formerly known as a Live ID). It’s all part of the wave that companies such as Facebook and Google ride where your whole life sits in a single account. They tell you it’s so easy and convenient, that you can access your stuff on any device. It also means they can lump your data together, making it easier to collect. I don’t trust that idea myself, not without clear protection of data and a transparent privacy policy, which is what I set up at my own social media company, MeWe.

Finally, I would fire Cortana. Take her off everything, except maybe your phone. If she’s on your phone, then minimize what you want her to know. Keep her as a work friend, one who only needs to know one aspect of your life instead of the entire you.

Microsoft is not the first to follow such user-unfriendly practices, nor will they be the last. That’s why we need to continue to demand that companies clearly inform users about the information they collect, how they use it, and where it goes. Only use companies and applications that follow such practices. In these modern times, actions really can speak much louder than words. In this case, yours can impact how Microsoft responds in this instance and others in the future. 

Mark Weinstein is one of the USA's leading social media and privacy experts and CEO of MeWe.com. Mark is a founder of social networking, a leading privacy advocate, and author of the award-winning Habitually Great book series. Mark is revolutionizing online communication at ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
9/3/2015 | 12:24:59 PM
Pivot This, MSFT
Glad I'm a slave to the Redmond Beast only at work these days, with Linux the primary OS at home, the dust blown off Win7Pro only when I must. Managed to avoid Win8 like I managed to avoid Vista (and Me before that); with luck Win10 will never make it into the house either.
User Rank: Apprentice
9/3/2015 | 8:48:29 AM
Re: Good Advice
I hate W10 for that, now we are the product !
User Rank: Strategist
9/3/2015 | 7:52:06 AM
If it's free
If it's free, then the product is you.
User Rank: Apprentice
9/2/2015 | 11:35:19 AM
Apple's data collection
Apple has never collected all of that data. It isn't that they want to stop. So let's get that right, at least. Google has been the worst, with Facebook second, because they are advertising agencies. Their "products" are just their way of gathering private info and placing it on their properties. Microsoft has mostly been a software company, selling software. But that situation is changing. In their rush to rival Google as a search engine, they had to collect a lot of data as well, in order to pay for it, and still lose hundreds of millions on Bing every year. But with them needing to give Windows away, a major way they're going to make money in the future, is with advertising, which we will be seeing in the OS itself, for the first time, as well as personal data collection that Microsoft can sell. A few years ago, Eric Schmitt, then CEO of Google (now chairman), said in a speech called "creepy", that "Soon, Google will know more about you than you will know about yourself, and will make decisions for you before you know you want to make them." Around the end of 2013 or 2014, Microsoft's Ballmer made the same statement about Microsoft. With Win 10, and now Win 7 and Win 8, we're seeing the truth of that. I don't worry about the pitiful amount of data about us that the NSA collects, which is really just the contacts we make on our phones every month, which is the data we see in our phone bills. I worry about Facebook, Google, Microsoft, Yahoo and others, whose business depends upon their collection of ever more data about us that the NSA can only dream of collecting. And if the NSA, or other law agency wants that data, it's just a warrant away, and maybe not even a warrant away. People would do well to remember that.
User Rank: Ninja
9/2/2015 | 11:30:31 AM
Good Advice
This is good to know. I figured this would be the case in most cases because the ease of use principle is held in almost just as high of a regard with the functionality of the software.

I will definitely be taking off Wifi Sense. But besides that I would just suggest tweaking the other settings within Cortana and Live Account Security. Removing them entirely takes away from the overall functionality of the software and isn't that why we upgrade in the first place?
Intel Says to Stop Applying Problematic Spectre, Meltdown Patch
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/22/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.