Microsoft responds to Windows 10 privacy concerns

[HEXUS]

New blog post talks about what data may be collected, and why.

Read more.

[Spreadie]

The problem, as I see it, is that fact that Windows 10 privacy settings default to "opt-in", rather than "opt-out". If the settings are in our best interests, why doesn't Microsft make a valid case for people switching them on, rather than make us jump through hoops to switch them off!

[enemys]

The problem, as I see it, is that fact that Windows 10 privacy settings default to "opt-in", rather than "opt-out". If the settings are in our best interests, why doesn't Microsft make a valid case for people switching them on, rather than make us jump through hoops to switch them off!

Yeah, because it's sooo hard to use these switches (you are asked whether you want defaults or your own settings) during OS installation...

[Corky34]

Question: How can a device ID be anonymous, isn't the very nature of an ID to identify someone or something, if so how can it be anonymous? They say steps are taken to avoid information that might directly identify the user but does that mean indirectly identify the user is OK?

Also if their not scanning the content of my email or other communications, or my files, in order to deliver targeted advertising, then what is the recently added (I believe on the fast ring) suggestions feature in the startmenu, is that not advertising apps from the app store?

[kalniel]

Question: How can a device ID be anonymous, isn't the very nature of an ID to identify someone or something, if so how can it be anonymous? They say steps are taken to avoid information that might directly identify the user but does that mean indirectly identify the user is OK?

Essentially, yes - you can identify the device, or even a user ID no problem, as long as there is no similarity between said ID and any personally identifying information. Same in the medical world - as long as a patients ID number bears no relation to any personally identifying feature of the patient then you can bandy the ID about pretty well as much you like. Only a problem if some kid is named 1567812

[KeyboardDemon]

Anonymised telemetry data that could be used to resolve driver, software or potential security risks doesn't seem like a bad thing to me.

A personal profile that helps me find specific results for searches based on previous search history could be both useful and also intrusive. I can think of one potential scenario here for example when searching for surprise wedding anniversary presents or birthday presents for my wife I most certainly wouldn't want any trace of those results coming up into view when my wife is using the PC, however it could be quite handy to search for things I want her to buy me as when she uses the PC she will see ads that are tailored to my previous search history but might not know she is seeing that GTX980Ti as a result of my having completed 10's or 100's of searches for it. lol

IMHO we are going to have live with advertising on the internet moving forward, I prefer the idea of having my ads targeted so that I am not being constantly bombarded by ads for things that I have no interest in at all, I like that some services such as Facebook let me tell them when I don't like an ad so that it doesn't get displayed again, or even when I don't want to see posts from a particular app or person. Targeting ads means that advertisers can reach the people they want to reach in the most cost effective way possible, not targeting ads could potentially end up costing advertising more when they want to tell people like me about their latest GTX980Ti cards which in turn could drive up the price of that card. So while I am not keen on having too much personal information about me being disclosed, I am also not very keen having to pay more for products to cover the costs so advertisers can find more creative ways to find me or on seeing advertising for dog grooming products, though my neighbour would love to see those as she found that a GTX980Ti doesn't really help bring her Afghan Hound up to pedigree show standards.

[shaithis]

I'm sure there will still be a lot of tinfoil hat wearers who will swear this is more smoke and mirrors so that Microsoft can keep an eye on their activities....

[Corky34]

Essentially, yes - you can identify the device, or even a user ID no problem, as long as there is no similarity between said ID and any personally identifying information. Same in the medical world - as long as a patients ID number bears no relation to any personally identifying feature of the patient then you can bandy the ID about pretty well as much you like. Only a problem if some kid is named 1567812

So does that mean in effect it's not anonymised data? It seems more like pseudonymised data in that it could allow tracking back the data to a specific users or person, using things like IP, logon name, app store details, etc, etc. That's not to say Microsoft is doing that, just that it would/could be possible if it needed to be done.

[shaithis]

So does that mean in effect it's not anonymised data, it seems more like pseudonymised data in that it could allow tracking back the data to a specific users or person, using things like IP, logon name, app store details, etc, etc. That's not to say Microsoft is doing that, just that it would/could be possible if it needed to be done.

Unless it is stored WITH the IP and/or AppStoreID and/or personal details, then its anonymous.

Of course, in the future they could turn on saving that additional data and then that could be linked to past datasets.....

But as I've been saying for a while, they will never do this as long as they have enterprise customers.

[aidanjt]

Anonymised telemetry data that could be used to resolve driver, software or potential security risks doesn't seem like a bad thing to me.

'Anonymised telemetry data' is doublespeak for 'doesn't contain your name'. That doesn't mean you can't be tracked down with the information the communication delivers and infers.

[kalniel]

So does that mean in effect it's not anonymised data? It seems more like pseudonymised data in that it could allow tracking back the data to a specific users or person, using things like IP, logon name, app store details, etc, etc. That's not to say Microsoft is doing that, just that it would/could be possible if it needed to be done.

As soon as you stored someone's logon name then that would be a breach since it is potentially personally identifying. IP should be fine since it's not personally identifying without further information, however ease of getting that information means you tend not to use it for individuals, only to group people together for example to say users from a certain country (as long as there are enough that the characteristics are effectively anonymised just by numbers). There are a whole bunch of caveats to using IP numbers that I'm sure MS are more than aware off too.

[Corky34]

Unless it is stored WITH the IP and/or AppStoreID and/or personal details, then its anonymous.
...

That's not how I understand the terms anonymised and pseudonymised, afaik anonymised means the level of detail is reduced rendering a reverse compilation impossible, while pseudonymised means it contains a level of detail that should allow tracking back of the data, like IP, app store details, etc, etc.

It seems almost impossible to me that a device ID uniquely identifying a device couldn't be used in tracking data back to a unique users, that's if they/someone wanted to, again not saying that is happening just saying it could/would be possible.

[Spreadie]

Yeah, because it's sooo hard to use these switches (you are asked whether you want defaults or your own settings) during OS installation...

No, not all of the privacy options are available to you at installation, but thanks for the snotty attitude nonetheless.

[epiqpwnage]

Yeah, because it's sooo hard to use these switches (you are asked whether you want defaults or your own settings) during OS installation...

Your sarcastic douche tone aside, don't you know that not all users install their own OS? That some people buy PCs/Tabs/smartphones with preinstalled OS?

Don't you know that not all privacy issues are not resolved by switching off those in the installation? Of course you don't know that...you just pretend you know it all. Try googling other ways to disable privacy issues in windows 10.

[kalniel]

It seems almost impossible to me that a device ID uniquely identifying a device couldn't be used in tracking data back to a unique users, that's if they/someone wanted to, again not saying that is happening just saying it could/would be possible.

Not without other information, and it's that other information that would be the subject of a breach of privacy, eg associating a device ID to a username, or email etc.

[YazX]

those options are just the surface, there are alot of spying crap under the hood, go to mydigitallife forums and there are plenty of scripts to disable everything, people who wrote those scripts monitored the packets sent from their PCs and discovered that those options are just a fraction of whats going on.