Privacy: what Windows Live knows about your friends
The way that Windows Live lets you control your privacy online is a model other social networks and aggregators would do well to follow. You can easily make things private, shared with just close friends, open to friends of friends or public to the world and you don't feel like you'll have to write your own social network to do it.
That's very deliberate on Microsoft's part; Walter Harp of the Windows Live team told me "Some people might think privacy in social networks is not important; the users we talk to say it is super important. 78% of users are concerned about the privacy of their social network profile. We want to default to making it private and default to making it easy."
The social network page that comes with Windows Messenger Wave 4 is a really nice way to see updates from friends across multiple networks (apart, oddly, from Twitter - I'm trying to find out why the agreement with Twitter over connecting to Live that expired at the end of June didn't get renewed but Microsoft is staying mum). You can even hide updates from specific people who you friended but don’t actually want to hear from. Roll over a specific update and click the Settings cogwheel that appears next to it and you can choose Hide updates from a user. For now it's just for updates from Messenger itself but it will let you hide specific Facebook friends once Messenger comes out of beta.
I was impressed with the attitude and the clear and simple options - and with the fact that unlike Gmail, Hotmail doesn't read your email to give you relevant ads (which I think has unexpected privacy implications. In fact I was so impressed that I was quite surprised when a reader complained about the privacy breach they felt was implicit in the opt-out section of the Microsoft Online Privacy Statement covering ads and Windows Live.
In the opt-out section of the Microsoft Online Privacy Statement, it says this: ... (b) the pages you view and links you click when using Microsoft’s and its advertising partners’ Web sites and services, and (c) the search terms you enter when using Microsoft’s Internet search services, such as Bing, and (d) information about the users you most frequently interact with through Microsoft’s communications or social networking services …"
That did sound suspicious. What information might that be? If I IM with my friend about a tile cutter, will both of us see DIY ads? If I mail my sister about a holiday, will either of us see travel ads? Or will we be grouped into some kind of profile of shared interests - and what could that be used for? So I asked Microsoft: "Why collect details of who I talk do and what are the se details used for?"
First Microsoft wanted to reassure me that Windows Live only gathers a little information about you. "Windows Live ID service is an authentication system and it does not store customers’ personal information other then credential information (e.g. member name and password). Profile information is separate from the ID service. Information shared with Microsoft Windows Live services is not shared with any third party." That's a good start.
And while we're asking, what does it know about me? "For security purposes and to better personalize content, when a new user signs up for a Windows Live ID, we ask for basic information including name, location, gender and date of birth. We use this information to help users regain access to their account if they have forgotten their password and to prevent third parties from gaining access."
All good, but then there's the bit you have to expect with ad-funded free services. "In addition, Microsoft may use this information to better personalize content, services, and advertising." Personalized ads aren't necessarily a bad thing; ads for things I'm interested in are more likely to be useful or at least interesting than ads for things I don't care about. But only if it's properly anonymous, otherwise it feels creepy.
"We use a technical method (known as a one-way cryptographic hash) to store search terms separately from account holders’ personal information, such as name, email address, etc. so they can’t be systematically recombined. As a result of this “de-identification” process, when Microsoft’s online ad targeting platform serves individually targeted ads, it selects them based only on data that does not personally and directly identify the individual. As a matter of policy, Microsoft takes steps to separate any information that can be used to personally and directly identify a use from the information in its ad selection system. "Additionally, consistent with our privacy policy, Windows Live users who do not wish to receive targeted advertising can opt-out at the following site. We’ve also taken an extra step and made the opt out “roamable.” This allows people to have their opt-out choice apply to any computer they log onto with their Windows Live ID."
So far so good; I particularly like not having to opt out on every computer I use my Live ID on - but what about the information about my friends? It took a little digging to find the right person at Microsoft to ask, but eventually I got a response from the advertising team.
"We use Windows Live IDs to associate people with their social graph. For example, user A and user B are friends because user A has user B in their address book. If they’re Friends on Windows Live we assume that they have frequent interactions and potentially similar interests – we don’t actually track the interaction. When user A goes to a commercial site and buys something we get activity information back. This is using standard behavioral targeting technologies and rules. When this information returns to us, we use the information combined with other demographic information to serve an ad to other friends in user A’s address book and others matching that criteria. User B and anyone else matching the criteria does not know what was bought and by whom nor whether this ad came from their friends’ interests or general demographic information." So Windows Live isn't reading my messages or doing anything particularly intrusive or sinister - although it could be much better explained in the policy. In fact it's being rather simplistic; it assumes that if I'm friends with someone who books a holiday, I'm also the kind of person who takes a holiday and maybe I've been talking to my friend about them going away so I might be attracted by an advert for a great holiday deal. That's not a Facebook beacon breach of privacy or a Google Buzz breach of privacy. I do wonder about the deals that provide that 'activity information' to Microsoft - that must be buried in the privacy policy of the commercial site user A is shopping on...
Leaving that aside, I continue to be impressed by the way Microsoft gets online privacy - although it's clear that personalised ads are a minefield. As users we want free services and we say in surveys that we're happy with ads; advertisers want to reach the right people and personalised ads are the way to do that. But there's obviously a line between personalisation and privacy intrusion that the industry and users need to agree on.
Equally there's a tension between how advertisers and ad platform providers want to personalise ads and how the developers of tools like Windows Live and IE want to protect privacy. If the claims that an ex-Microsoft vice president in charge of advertising had the strong privacy protection planned for IE 8 watered down are true (having InPrivate browsing on by default would have blocked a lot of that 'activity information' mentioned above but also broken a lot of sites - a point the IE Blog makes without confirming or denying the claim), it's a discussion Microsoft is having internally.
But if we're serious about wanting to have our privacy protected online, we need to do some of the work. We need to think about what we post and where and who we open that up to - and we need to think about what we want to get for 'free'. Because given that there is no such thing as a free lunch, we're paying for it in some way, with our attention as potential buyers and with the information that makes us more valuable as targeted potential buyers. If we just demand content and services for free without considering the consequences, we're kidding ourselves.
-Mary