Revealed! The crucial detail that Windows 10 privacy critics are missing

Here we go again. The usual suspects are trying to turn routine diagnostic information into another manufactured privacy controversy over Windows 10. Don't fall for it. (PS: You won't believe what Apple's privacy policy says.)
Written by Ed Bott, Senior Contributing Editor

Here we go again, with another ginned-up controversy over Windows 10 and privacy.

I know, I know, you're probably as sick of this as I am, and much of the "controversy" is being spread by dedicated Microsoft haters and clueless writers who make a living with breathless clickbait. They're actually not interested in facts, because the controversy sells so well.

So let's tackle the latest outrage du jour. Betanews and Forbes are shocked, shocked by a recent blog post by Microsoft exec Yusuf Mehdi, who recites statistics about how 200 million users of Windows 10 are using the new OS.

Microsoft knows, for example, how much time Windows 10 users have spent using the new Microsoft Edge browser since the OS launch last July (44.5 billion minutes).

Thanks to telemetry, Microsoft knows that 82 billion photos have been viewed in the Windows 10 Photos app and that Cortana has answered 2.5 billion questions.

And they have similar statistics about search queries and streaming Xbox games to Windows 10 devices.

How could they possibly know these things?

Ladies and gentlemen, this is not "spying." It's analytics.

That distinction is not semantic. It is essential to understanding how software is developed in the modern, cloud-connected world.

It has also been fully, even exhaustively disclosed. Anyone who writes about Windows and isn't aware of that should probably change careers or at least be honest about their sensational headlines. (Seriously, "Massive Windows 10 News Hides 5 Nasty Surprises" is an actual Forbes headline. I think it needs a few exclamation points, an OMG, and a poop emoji to be complete. Don't you?)

Microsoft does not care that a random Windows 10 user (let's call him George), used a particular app for 40 minutes yesterday, or that he installed an app and only used it once, or that he changed his default browser from Edge to Chrome yesterday.

In fact, they are so not interested in George's individual activities that they anonymize the telemetry data returned by Windows 10 so that it cannot be used to personally identify him. You and I are similarly protected.

So Microsoft knows what percentage of their installed base uses Edge, but they can't tell a thing about the behavior of individuals like you or me or George. We are not being spied upon. Our anonymized data is worthless on its own and only becomes valuable as part of a massive data set.

I wrote about this last November. Here's a snippet, but I encourage you to read the entire article:

Microsoft insists that its telemetry system is designed to prevent any privacy issues. "We collect a limited amount of information to help us provide a secure and reliable experience," the company says, describing telemetry data without using the term. "This includes data like an anonymous device ID and device type. ... This doesn't include any of your content or files, and we take several steps to avoid collecting any information that directly identifies you, such as your name, email address or account ID."

The privacy settings in Windows 10 include three levels under Diagnostic and Usage Data heading, and a link on that page explains that the feedback includes:

data about how you use Windows, such as how frequently or how long you use certain features or apps and which apps you use most often. This option also lets us collect enhanced diagnostic information, such as the memory state of your device when a system or app crash occurs, which may unintentionally include parts of a document you were working on when a problem occurred. We also use this information to measure reliability of devices, the operating system, and apps.

It's not exactly a mystery.

And if you don't like that data being collected, you can dial the feedback setting back to Basic, which collects only simple error reports.

Data collected as part of those error reports, which could inadvertently include personal information, is encrypted, and has been since Windows 8. Microsoft's formal policy says, "Microsoft employees and contingent staff may access the error reports to maintain Windows Error Reporting or to improve Microsoft products. They may not use the reports for other purposes." Elsewhere, the policy says, clearly, "If an error report contains personal data, we won't use that information to identify, contact, or target advertising to you."

I repeat, Microsoft is not interested in "spying" on what you as an individual are doing. They want to know what their installed base of 200 million users (and growing) is doing, because that is how they prioritize development and improve the quality of Windows and Windows apps.

Knowing that only 6 percent of all Windows users ever touch a particular feature is important when prioritizing development decisions. Knowing that 75 percent of the 6 percent of users who try that feature once never use it again offers equally valuable data. If 10 percent of all installations of a particular device driver fail, that indicates the need to arrange a conference call with the developer of that driver to fix it.

As I explain in that article, you can dial back the telemetry to the bare minimum if you want, and you can use third-party utilities to block data collection completely. But if you do, you forfeit the right to complain about bugs and wonky updates and drivers that crash.

Speaking of spying, you realize that the owners of any large web property (like Forbes or ZDNet), can tell how many minutes have been spent on the site in the past hour or the past week, month, or year? Those website owners aren't "spying" on you when they do that; they're analyzing their audience so they can be more responsive to it.

Website owners can also track details about visitors, including what web browser their visitors are using, and what articles they click on or search for. Thanks to easily available free analytics programs, website owners can get extremely detailed and accurate information about their audience.

That does not mean that those sites are "spying" on you.

There are, of course, large tech companies that have exactly the opposite focus. Thanks to the widely used Google Analytics, for example, Google has built up enormous and impressive personal profiles of everyone with a Google account, which includes hundreds of millions of Gmail users, YouTube visitors, and Chrome users.

Regardless of what operating system our prototypical "George" uses, Google knows about every website he visits. All that information is recorded and added to the profile Google has on him, and on you and me unless we take extraordinary pains to hide our tracks.

Facebook gets similar information thanks to those ubiquitous Like buttons, which track you even if you never click them.

Google knows what you've been searching for. Facebook knows what you like and dislike. Dozens of analytics companies collect similar information by correlating your activities across multiple sites. That information is incredibly valuable because it allows those companies to sell targeted ads based on what they know about you.

Is that "spying"? I'm not going to hurl that accusation around lightly. But it's certainly a far cry from the anonymized data collection built into Windows 10.

By the way, if you think you can escape telemetry collection by getting a Mac, think again. Apple's privacy policy reads a lot like Microsoft's [emphasis added]:

  • We may collect information such as occupation, language, zip code, area code, unique device identifier, referrer URL, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.
  • We may collect information regarding customer activities on our website, iCloud services, and iTunes Store and from our other products and services. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our website, products, and services are of most interest. Aggregated data is considered non‑personal information for the purposes of this Privacy Policy.
  • We may collect and store details of how you use our services, including search queries. This information may be used to improve the relevancy of results provided by our services. Except in limited instances to ensure quality of our services over the Internet, such information will not be associated with your IP address.
  • With your explicit consent, we may collect data about how you use your device and applications in order to help app developers improve their apps.

That's Apple, a company that has a stellar reputation for privacy protection, using exactly the same industry-standard techniques that Microsoft does. They don't call it telemetry, but it's exactly the same thing.

Is that "spying"? I don't think so. But if you apply the same strict criteria that the Windows 10 doomsayers use, then it obviously is.

Windows 1.0 to 10: The changing face of Microsoft's landmark OS

Editorial standards