Microsoft has a privacy problem.
It's not the one you've read about lately, though. Instead, Microsoft's biggest problem is that its customers don't understand its privacy policies, and a sensational press is all too eager to manufacture outrage over policies that don't exist.
In reality, Microsoft has been building privacy protections into its software products for years. Apple sparked a furor over ad blockers with the recent release of iOS 9, for example, but Microsoft built nearly identical tracking protection features into Internet Explorer 9 nearly five years ago.
The company felt confident enough in its privacy practices several years ago to launch an aggressive campaign against Google; the "Scroogled" campaign was widely considered a flop and quietly ended last year.
Given the long awareness of privacy in Redmond, then, the virulent attacks against Windows 10 this summer came as an unwelcome surprise. Critics have accused Windows 10 of spying on customers and collecting data for nefarious purposes, and those criticisms, despite a lack of supporting evidence, have persisted.
Today, the company published a series of detailed technical articles designed to explain how its actual practices align with its privacy policies across the board. The explanation starts with two clear principles:
1. Windows 10 collects information so the product will work better for you.
2. You are in control with the ability to determine what information is collected.
Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties. The company appears to be granting itself the right to share your data either with your consent "or as necessary".
That's an overly broad, completely inaccurate characterization.
Today's series of privacy-related explainers from Microsoft starts with this general explanation:
To operate at its most basic level, Windows 10 collects and uses a limited set of data. To make your device more personal and delightful to you, we give you choices to use additional features. These features are optional, and they work better if Windows 10 understands your interests and preferences.
Those data-collection policies and practices can be broadly divided into three categories.
"We collect a limited amount of information to help us provide a secure and reliable experience," the company says. "This includes data like an anonymous device ID and device type. ... This doesn't include any of your content or files, and we take several steps to avoid collecting any information that directly identifies you, such as your name, email address or account ID."
In Windows 10, telemetry data is stored on dedicated servers that are used exclusively for reliability purposes. I've seen several online analyses using network packet sniffers that point a suspicious finger at the unique ID included with each packet. But as Microsoft engineers have explained in the past, the point of those identifiers isn't to tag an individual person; rather, that ID is essential to tell whether 100 identical problem reports are from a single device or from 100 different devices.
Windows 10 has three telemetry settings: Basic, Full, and Enhanced.
- Basic. This information includes information about security settings, quality-related info (such as crashes and hangs), and application compatibility.
- Enhanced. This level includes the Basic information and adds details about how Windows and Windows apps are used, how they perform, and advanced reliability info.
- Full. This setting, which is the default for Windows 10, includes all information from the previous levels, plus additional details necessary to identify and help to fix problems.
In earlier Windows versions, telemetry (Windows Error Reporting) was an opt-in feature. In Windows 10, it's on by default. Individuals and small businesses can change telemetry collection to the Basic level with the flip of a switch in Settings. Organizations running Windows 10 Enterprise or Education have the option to disable telemetry completely, although Microsoft recommends against it.
Personalization and services
In a world where software and cloud-based services are increasingly intertwined, software companies have to "collect" your information to carry out your wishes. If you upload a file to OneDrive, for example, the software has to collect its contents to store it online and index it for your later retrieval and use. To make that happen, you have to grant permission for the software to act on your behalf.
As the company explains, "Windows sends and gets info ... to give you access to online services like Outlook, OneDrive, Cortana, Skype, Bing and the Microsoft Store, to personalize your experiences on Windows, to help you keep your preferences and files in sync on all your devices, to help keep your device up to date, and so that we can make the next features of Windows ones that you'll enjoy."
The fact that the operating systems and connected services are collecting data on your behalf does not mean that the company running those services is keeping a separate copy for its own use. But that's what critics misunderstand after reading the various privacy policies.
Their confusion is similar to what happened several years ago when Dropbox and Google published apparently outrageous terms of service for their cloud storage services. But those broad terms of service are essential for those services to work properly. What really matters is that the agreement makes clear that the data collection is necessary only to fulfill your specific requests, and that the actions of the service match with its policy.
In addition, as our devices get smarter, we expect them to anticipate our needs and make suggestions rather than simply waiting passively for commands. That's the goal of Apple's Siri, Google's Google Now, and Microsoft's Cortana.
As usually happens, the Internet echo chamber turned the complex technical details of Windows 10 privacy into a series of gross oversimplifications. Even normally sober publications like PC World succumbed to the hysteria, offering advice on "how to turn off Windows 10's keylogger," adding parenthetically, "Yes, it still has one."
No, it doesn't.
First and foremost, the Cortana service, which has the capability to use personal information based on your typing or voice input, is off by default. You have to specifically enable it.
Second, the information you type or speak isn't collected randomly and stored for use by Microsoft. It represents input. If you ask Cortana to create an appointment with a friend at a specific location, the service needs to be able to identify that friend from your contacts and identify that location to add to your calendar. Those names, locations, and other details are stored in your personalized dictionary. As Microsoft explains:
To give you text suggestions and auto-corrections that actually help, we make your personalized dictionary by using a sample of your typed and handwritten words.
The typing data includes a sample of characters and words you type, changes you manually make to text and words you add to your dictionary. We automatically take out things that could potentially be used to identify you, like IDs and IP addresses.
We use tiny samples of your scrubbed typing and handwriting info to improve our dictionaries and handwriting recognition for everybody who uses Windows, when you turn on typing, inking, and speech data.
That's not a keylogger, by any definition of the word.
Microsoft is no longer a major player in the advertising business. That initiative ended after the write-off of the disastrous aQuantive acquisition.
Like Apple, Microsoft does allow developers who build apps and deliver them through the Windows Store to support those apps with ads. Windows 10 includes an advertising ID that makes it possible for Microsoft's ad servers to keep track of which ads you've seen as you move across apps. Personal information about you isn't shared with app developers; rather, the point is to make the ad experience tolerable for users.
If you don't like that idea, you can disable the advertising ID in apps.
More to the point, Microsoft doesn't collect global information and use it as the foundation of its ad business, the way Google does. Specifically:
We don't use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to choose which ads to show you.
Unlike some other platforms, no matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you.
In a world where our computing experiences are increasingly defined by interactions with online services, the definition of privacy is evolving rapidly. That makes people understandably uncomfortable, which is why this sort of dialog is so important.
The idea that a computing device can be entirely disconnected is increasingly quaint. There are certainly edge cases where activists and people involved in sensitive transactions need to be hyper-aware of every packet exchanged with the global network. That's why Windows 10 includes a broad range of Group Policy settings for IT professionals to lock down devices.
But for most of us ordinary citizens, the Internet is a better place when we share information with other people and organizations. Those transactions require transparency and ongoing monitoring to be sure that policies and practices are in alignment.
To make that world possible, we also need to calmly discuss these issues and avoid succumbing to paranoia. For Microsoft, today's communications are a good first step in that discussion.