With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy: A Deep Dive
With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy: A Deep Dive
A Deep Dive
Microsoft had an ambitious goal with the launch of Windows 10: a billion devices running the software by the end of 2018. In its quest to reach that goal, the company aggressively pushed Windows 10 on its users and went so far as to offer free upgrades for a whole year. However, the company’s strategy for user adoption has trampled on essential aspects of modern computing: user choice and privacy. We think that’s wrong.
You don’t need to search long to come across stories of people who are horrified and amazed at just how far Microsoft has gone in order to increase Windows 10’s install base. Sure, there is some misinformation and hyperbole, but there are also some real concerns that current and future users of Windows 10 should be aware of. As the company is currently rolling out its “Anniversary Update” to Windows 10, we think it’s an appropriate time to focus on and examine the company’s strategy behind deploying Windows 10.
Disregarding User Choice
The tactics Microsoft employed to get users of earlier versions of Windows to upgrade to Windows 10 went from annoying to downright malicious. Some highlights: Microsoft installed an app in users’ system trays advertising the free upgrade to Windows 10. The app couldn’t be easily hidden or removed, but some enterprising users figured out a way. Then, the company kept changing the app and bundling it into various security patches, creating a cat-and-mouse game to uninstall it.
Eventually, Microsoft started pushing Windows 10 via its Windows Update system. It started off by pre-selecting the download for users and downloading it on their machines. Not satisfied, the company eventually made Windows 10 a recommended update so users receiving critical security updates were now also downloading an entirely new operating system onto their machines without their knowledge. Microsoft even rolled in the Windows 10 ad as part of an Internet Explorer security patch. Suffice to say, this is not the standard when it comes to security updates, and isn’t how most users expect them to work. When installing security updates, users expect to patch their existing operating system, and not see an advertisement or find out that they have downloaded an entirely new operating system in the process.
In May 2016, in an action designed in a way we think was highly deceptive, Microsoft actually changed the expected behavior of a dialog window, a user interface element that’s been around and acted the same way since the birth of the modern desktop. Specifically, when prompted with a Windows 10 update, if the user chose to decline it by hitting the ‘X’ in the upper right hand corner, Microsoft interpreted that as consent to download Windows 10.
Time after time, with each update, Microsoft chose to employ questionable tactics to cause users to download a piece of software that many didn’t want. What users actually wanted didn’t seem to matter. In an extreme case, members of a wildlife conservation group in the African jungle felt that the automatic download of Windows 10 on a limited bandwidth connection could have endangered their lives if a forced upgrade had begun during a mission.
Disregarding User Privacy
The trouble with Windows 10 doesn’t end with forcing users to download the operating system. Windows 10 sends an unprecedented amount of usage data back to Microsoft, particularly if users opt in to “personalize” the software using the OS assistant called Cortana. Here’s a non-exhaustive list of data sent back: location data, text input, voice input, touch input, webpages you visit, and telemetry data regarding your general usage of your computer, including which programs you run and for how long.
While we understand that many users find features like Cortana useful, and that such features would be difficult (though not necessarily impossible) to implement in a way that doesn’t send data back to the cloud, the fact remains that many users would much prefer not to use these features in exchange for maintaining their privacy.
And while users can disable some of these settings, it is not a guarantee that your computer will stop talking to Microsoft’s servers. A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so. Microsoft also won’t say how long this data is retained, instead providing only general timeframes. Worse yet, unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it.
Microsoft has tried to explain this lack of choice by saying that Windows Update won’t function properly on copies of the operating system with telemetry reporting turned to its lowest level. In other words, Microsoft is claiming that giving ordinary users more privacy by letting them turn telemetry reporting down to its lowest level would risk their security since they would no longer get security updates1. (Notably, this is not something many articles about Windows 10 have touched on.)
But this is a false choice that is entirely of Microsoft’s own creation. There’s no good reason why the types of data Microsoft collects at each telemetry level couldn’t be adjusted so that even at the lowest level of telemetry collection, users could still benefit from Windows Update and secure their machines from vulnerabilities, without having to send back things like app usage data or unique IDs like an IMEI number.
And if this wasn’t bad enough, Microsoft’s questionable upgrade tactics of bundling Windows 10 into various levels of security updates have also managed to lower users’ trust in the necessity of security updates. Sadly, this has led some people to forego security updates entirely, meaning that there are users whose machines are at risk of being attacked.
There’s no doubt that Windows 10 has some great security improvements over previous versions of the operating system. But it’s a shame that Microsoft made users choose between having privacy and security.
The Way Forward
Microsoft should come clean with its user community. The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations.
Otherwise it will face backlash in the form of individual lawsuits, state attorney general investigations, and government investigations.
We at EFF have heard from many users who have asked us to take action, and we urge Microsoft to listen to these concerns and incorporate this feedback into the next release of its operating system. Otherwise, Microsoft may find that it has inadvertently discovered just how far it can push its users before they abandon a once-trusted company for a better, more privacy-protective solution.
Correction: an earlier version of the blogpost implied that data collection related to Cortana was opt-out, when in fact the service is opt in.
IS33 escribió:@dCrypt, a ver, alma de cántaro,
IS33 escribió:La diferencia es que Google es un buscador, una herramienta de internet
IS33 escribió:@dCrypt, bueno, cierto es que abarca mas campos, pero de lo que tiene yo solo conozco cuatro cosas contadas y que no uso, Android, Google y deriviados (Maps y demás...) y servicio de mensajería que ahora no se ni como se llama.
IS33 escribió: @Madoc, bueno habría que matizar lo de los datos. Está claro que ahora el sistema de Microsoft ya no es solo un sistema, porque con lo de cortana que hace las funciones de una especie de google universal, se jodió la privacidad en el momento que lo uses.
IS33 escribió:Yo no tengo pirateado Windows, de hecho lo tengo instalado sin licencia porque el servicio es el mismo practicamente que sin ella.
IS33 escribió:Lo de la experiencia de uso te lo dice en la misma instalación, al principio de configurar algunas cosas, no se exactamente en cuales porque tampoco lo presté mucha atención ya que desactivé lo del wifi y poco mas, pero quitando esto, en conferencias, post y blogs he leído ese argumento por parte de Microsoft, en concreto de Satya. Pero vamos, que lo hacen todas las compañías, no solo esta.
IS33 escribió:Para mi recopilar demasiada información irrelevante es por ejemplo el uso de la agenda telefónica. ¿cual es el motivo de mejorar un servicio en concreto para tener toda tu lista de teléfonos?
IS33 escribió:Y otra por ejemplo es que según he leído el otro día en un blog, cuando estás trabajando en un documento y el sistema se cuelga o falla la app, te recopila la hora, el error y hace una captura de lo que estabas haciendo. Hace falta realmente la captura? y si hay una foto de familia o de amigos/pareja en ese documento? no se, con la privacidad me refiero a cosas como esta, y como es lo que no han explicado, es normal que esté demonizado.
Correction: an earlier version of the blogpost implied that data collection related to Cortana was opt-out, when in fact the service is opt in.
IS33 escribió:@dCrypt, con lo de no tener el sistema pirateado me refiero a que no lo tengo crakeado. No estoy seguro de que el hecho de no usar licencia sea sinónimo de tenerlo pirateado, puesto que lo único que te capan es la personalización, así que por este lado es muy sencillo, si no tienes licencia, no puedes instalarlo, y sin embargo yo me lo puedo bajar de su propia página e instalarlo. Así que pirata lo que se dice pirata, yo no lo veo por ningún lado.
Y aunque he buscado, tampoco he leído que un sistema sin activar sea pirata, porque como en muchas otras aplicaciones que hay en la red, las puedes usar sin límite pero con funcionalidades capadas, y si quieres esas funcionalidades extra, entonces es cuando pagas. Apple por ejemplo no te permite instalar un sistema de un Mini en un iMac, no da mas opción, en cambio Microsoft es bastante ambigua con esto.
5. Authorized Software and Activation. You are authorized to use this software only if you are properly licensed and the software has been properly activated with a genuine product key or by other authorized method.
La respuesta que he dado si te parece vaga es tu opinión, no es algo que yo me haya inventado, así que si no te vale el argumento es tu problema. Lo que he leído en un blog son fragmentos de cosas que ha dicho Satya nadella como ya te he dicho, así que te digo lo mismo, que tu interpretes lo que te de la gana es eso, cosa tuya. Por otra parte, como no tiene credibilidad lo que dicen "esos blogs" o webs porque que según tu interpretan lo que dice no se quien, de nuevo según tu, tampoco tiene ninguna validez lo que tu digas, porque no se quien eres, ni de donde vienes ni para quien trabajas, y tampoco las intenciones, así que tus opiniónes y argumentos desde ya, quedan anuladas e ignoradas a mi criterio.
TRASTARO escribió:The Electronic Frontier Foundation sigue esperando la respuesta oficial [y sobre todo acciones] por parte de microsoft.