Consider this a short follow-up to my earlier report debunking a slipshod attack on Windows 10 privacy from Gordon Kelly at Forbes.
In a follow-up post, Mr. Kelly reports that his coverage inspired a "change of heart" at Microsoft, which has agreed to modify Windows 10 in response to his concerns. A "U-turn," he calls it.
I have confirmed with three independent sources who have detailed knowledge of Microsoft's product plans that Mr. Kelly's report is incorrect in all details. It is apparently based on a misunderstanding of an unrelated announcement from last fall.
On February 13, two days after the initial publication, Mr. Kelly updated his post, acknowledging the error:
Update 13/02/16: Microsoft has confirmed the statement issued to me came from a 2015 blog post and does not relate to plans for 2016.
In a subsequent update, dated February 15, Mr. Kelly blames his error on a miscommunication with Microsoft's UK-based PR agency.
In today's [11-Feb] post, Mr. Kelly writes:
I took this data to Microsoft and it declined to comment, but now the company has had a change of heart.
Contacting me again a Microsoft spokesperson explained the company now wanted to speak about the issue. In short: Microsoft is taking action. It has decided to release updates "later this year" which will enable users to fully control all background telemetry and data tracking and, if desired, disable it completely. Microsoft also asked me to stress that disabling these background operations is something it would "strongly recommend against"
My sources tell me there are no such plans and that there is no such statement. Executives believe that existing privacy controls are reasonable for consumers and there's no need for a drastic change. A change in telemetry options for enterprise customers was announced last fall and is already included in Windows 10 version 1511.
All of my sources declined to speak on the record, but based on their comments I found the most likely explanation for Mr. Kelly's confusion.
A blog post by Windows boss Terry Myerson from late September 2015 used language that was nearly identical to the phrasing in Mr. Kelly's post earlier today. Here's a comparison for you.
First, the Forbes post:
Now, the Microsoft blog post from last September:
Microsoft did indeed deliver those updates a few months later, with the release of version 1511 in November 2015. That update includes an option available only for Enterprise edition that reduces telemetry to a bare minimum.
This option must be set through Group Policy or via manual registry edits and is only effective on Windows 10 Enterprise edition or the nearly identical Education edition (both are available only through volume licensing agreements).
That enterprise feature has some serious side effects that require mitigation work from IT pros. Most significant is the fact that enabling the Enterprise-only telemetry option, called Security, completely cuts off access to Windows Update, Windows Defender, and the Malicious Software Removal Tool. As a result, it is only recommended for organizations that have an alternative update infrastructure in place, such as Windows Server Update Services or System Center Configuration Manager.
Very few home and small business users have access to such an infrastructure.