Privacy: what Windows Live knows about your friends

Privacy: what Windows Live knows about your friends

Summary: The way that Windows Live lets you control your privacy online is a model other social networks and aggregators would do well to follow. You can easily make things private, shared with just close friends, open to friends of friends or public to the world and you don't feel like you'll have to write your own social network to do it.

TOPICS: Windows

The way that Windows Live lets you control your privacy online is a model other social networks and aggregators would do well to follow. You can easily make things private, shared with just close friends, open to friends of friends or public to the world and you don't feel like you'll have to write your own social network to do it.

That's very deliberate on Microsoft's part; Walter Harp of the Windows Live team told me "Some people might think privacy in social networks is not important; the users we talk to say it is super important. 78% of users are concerned about the privacy of their social network profile. We want to default to making it private and default to making it easy."

The social network page that comes with Windows Messenger Wave 4 is a really nice way to see updates from friends across multiple networks (apart, oddly, from Twitter - I'm trying to find out why the agreement with Twitter over connecting to Live that expired at the end of June didn't get renewed but Microsoft is staying mum). You can even hide updates from specific people who you friended but don’t actually want to hear from. Roll over a specific update and click the Settings cogwheel that appears next to it and you can choose Hide updates from a user. For now it's just for updates from Messenger itself but it will let you hide specific Facebook friends once Messenger comes out of beta.

I was impressed with the attitude and the clear and simple options - and with the fact that unlike Gmail, Hotmail doesn't read your email to give you relevant ads (which I think has unexpected privacy implications. In fact I was so impressed that I was quite surprised when a reader complained about the privacy breach they felt was implicit in the opt-out section of the Microsoft Online Privacy Statement covering ads and Windows Live.

In the opt-out section of the Microsoft Online Privacy Statement, it says this: ... (b) the pages you view and links you click when using Microsoft’s and its advertising partners’ Web sites and services, and (c) the search terms you enter when using Microsoft’s Internet search services, such as Bing, and (d) information about the users you most frequently interact with through Microsoft’s communications or social networking services …"

That did sound suspicious. What information might that be? If I IM with my friend about a tile cutter, will both of us see DIY ads? If I mail my sister about a holiday, will either of us see travel ads? Or will we be grouped into some kind of profile of shared interests - and what could that be used for? So I asked Microsoft: "Why collect details of who I talk do and what are the se details used for?"

First Microsoft wanted to reassure me that Windows Live only gathers a little information about you. "Windows Live ID service is an authentication system and it does not store customers’ personal information other then credential information (e.g. member name and password). Profile information is separate from the ID service. Information shared with Microsoft Windows Live services is not shared with any third party." That's a good start.

And while we're asking, what does it know about me? "For security purposes and to better personalize content, when a new user signs up for a Windows Live ID, we ask for basic information including name, location, gender and date of birth.  We use this information to help users regain access to their account if they have forgotten their password and to prevent third parties from gaining access."

All good, but then there's the bit you have to expect with ad-funded free services. "In addition, Microsoft may use this information to better personalize content, services, and advertising." Personalized ads aren't necessarily a bad thing; ads for things I'm interested in are more likely to be useful or at least interesting than ads for things I don't care about. But only if it's properly anonymous, otherwise it feels creepy.

"We use a technical method (known as a one-way cryptographic hash) to store search terms separately from account holders’ personal information, such as name, email address, etc. so they can’t be systematically recombined. As a result of this “de-identification” process, when Microsoft’s online ad targeting platform serves individually targeted ads, it selects them based only on data that does not personally and directly identify the individual. As a matter of policy, Microsoft takes steps to separate any information that can be used to personally and directly identify a use from the information in its ad selection system.   "Additionally, consistent with our privacy policy, Windows Live users who do not wish to receive targeted advertising can opt-out at the following site. We’ve also taken an extra step and made the opt out “roamable.” This allows people to have their opt-out choice apply to any  computer they log onto with their Windows Live ID."

So far so good; I particularly like not having to opt out on every computer I use my Live ID on - but what about the information about my friends? It took a little digging to find the right person at Microsoft to ask, but eventually I got a response from the advertising team.

"We use Windows Live IDs to associate people with their social graph. For example, user A and user B are friends because user A has user B in their address book. If they’re Friends on Windows Live we assume that they have frequent interactions and potentially similar interests – we don’t actually track the interaction. When user A goes to a commercial site and buys something we get activity information back. This is using standard behavioral targeting technologies and rules. When this information returns to us, we use the information combined with other demographic information to serve an ad to other friends in user A’s address book and others matching that criteria. User B and anyone else matching the criteria does not know what was bought and by whom nor whether this ad came from their friends’ interests or general demographic information."   So Windows Live isn't reading my messages or doing anything particularly intrusive or sinister - although it could be much better explained in the policy. In fact it's being rather simplistic; it assumes that if I'm friends with someone who books a holiday, I'm also the kind of person who takes a holiday and maybe I've been talking to my friend about them going away so I might be attracted by an advert for a great holiday deal. That's not a Facebook beacon breach of privacy or a Google Buzz breach of privacy. I do wonder about the deals that provide that 'activity information' to Microsoft - that must be buried in the privacy policy of the commercial site user A is shopping on...

Leaving that aside, I continue to be impressed by the way Microsoft gets online privacy - although it's clear that personalised ads are a minefield. As users we want free services and we say in surveys that we're happy with ads; advertisers want to reach the right people and personalised ads are the way to do that. But there's obviously a line between personalisation and privacy intrusion that the industry and users need to agree on.

Equally there's a tension between how advertisers and ad platform providers want to personalise ads and how the developers of tools like Windows Live and IE want to protect privacy. If the claims that an ex-Microsoft vice president in charge of advertising had the strong privacy protection planned for IE 8 watered down are true (having InPrivate browsing on by default would have blocked a lot of that 'activity information' mentioned above but also broken a lot of sites - a point the IE Blog makes without confirming or denying the claim), it's a discussion Microsoft is having internally.

But if we're serious about wanting to have our privacy protected online, we need to do some of the work. We need to think about what we post and where and who we open that up to - and we need to think about what we want to get for 'free'. Because given that there is no such thing as a free lunch, we're paying for it in some way, with our attention as potential buyers and with the information that makes us more valuable as targeted potential buyers. If we just demand content and services for free without considering the consequences, we're kidding ourselves.


Topic: Windows

Simon Bisson

About Simon Bisson

Simon Bisson is a freelance technology journalist. He specialises in architecture and enterprise IT. He ran one of the UK's first national ISPs and moved to writing around the time of the collapse of the first dotcom boom. He still writes code.

Mary Branscombe

About Mary Branscombe

Mary Branscombe is a freelance tech journalist. Mary has been a technology writer for nearly two decades, covering everything from early versions of Windows and Office to the first smartphones, the arrival of the web and most things inbetween.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • "Walter Harp of the Windows Live team told me "Some people might think privacy in social networks is not important; the users we talk to say it is super important. 78% of users are concerned about the privacy of their social network profile. We want to default to making it private and default to making it easy."

    I wish they would take this kind of proactive approach to the default settings of their operating systems then.
  • What settings would you like to see different by default? I'll hunt down those responsible and ask for their reasoning
    Simon Bisson and Mary Branscombe
  • Gawd now your asking for a list, :s this can span anything from xp to win 7 to their live service accounts default privacy or minor settings, many many little things that you tend to change on the fly as you come across them.

    One prime example would be an application for both 7 and xp called Auslogic Boost-speed which is a great application at bringing your attention to all sorts of background settings within the OS's environment's, that a user would not normally be aware of and could have being set to a better default choice which are present. :O

    That tool is as mentioned is great for things like that as well as its primary focal point which is grouped maintenance task management across your windows based systems, I would highly recommend you to try it if you run a windows based system.

    With regards to windows live account that I setup some time ago for ms messenger which consequently I have now dumped, I remember having to shuffle through 24 pages of linked settings to ensure my privacy was best served with that account/type.

    At the end of the day I only needed to sign up to this because I wanted to use msn messenger and that was it, but it would seem in this massive inherit on-line drive to get people to use social mediums I had to sign into an account type that is/was? geared to gather & share! share! share! by default.

    This seems to be the general overall ethos now not only with ms but with many other on-line services out there, I dare not even imagine how google's OS will be geared towards by default, or whether or not the privacy settings will be changeable at all.

    Everyone's obsessed with other's personal information, to say that humans are nosy is a understatement of the beginning and the end.
  • Oh one more thing if your going to chase up some Redmond people try finding out why on earth they decided to make 7's firewall options on ultimate or any other 7 for that matter, so bloody overly complicated to just edit specific ports?
  • With the firewall, I know the expectation is that ordinary users won't change things themselves but if you type firewall into the Start menu and open the Windows Firewall with Advanced Security console - which is the top result on the Start menu - there's a wizard on the right called New Rule and one of the options there is Port, so that's the recommended route for doing that.

    With the Windows Live privacy, you might want to take another look but this is something that has changed completely in the Wave 4 beta; it's the kind of simplicity it always ought to have been.

    To pursue any of these with Ms I'd really need to have a list of the ones you care about and what you think they should have been for 7 - but you might be interested to search the Engineering 7 blog Steven Sinofsky did during the Win 7 beta as a lot of settings and defaults were discussed in surprising detail; most of them have a reason for being what they are, even if it's not obvious. I never could convince them to put Explorer thumbnail checkboxes back on my default or to have Win-key E open Libraries instead of Explorer though ;-)

    I'm personally very suspicious of tweaking tools for Windows; having spent 5 years doing support Q&A on Windows XP, I found that the majority of problems I saw were 1 malware and spyware 2 incompatible apps and DLLs 3 strange side effects from settings changed by tweaking tools in an attempt to make something faster (turning off services indiscriminately, tweaking registry keys and so on) or just changing things for the sake of it. It makes me feel like the archetypal janitor in Scooby Do, shaking my fist and muttering about meddling ;-)
    Simon Bisson and Mary Branscombe