Electronic Frontier Foundation Points to Windows 10 Privacy Missteps
The Electronic Frontier Foundation (EFF) has taken a position on Windows 10, stating that "Microsoft blatantly disregards user choice and privacy" for those persons using the operating system.
The nonprofit organization, which advocates for "civil liberties in the digital world," published an announcement this week asking Microsoft "to come clean with its user community" and to acknowledge its privacy "missteps." It also asked Microsoft to separate "security updates from operating system upgrades going forward." There are some signs of a legal backlash against Windows 10 already, the EFF's announcement noted. Moreover, the EFF is starting to get requests to take action, it added.
Last month, a French privacy agency gave Microsoft three months to address a list of privacy issues, including Windows 10's handling of advertising IDs, cookies, PIN security, data transfers and telemetry reporting. The word, "telemetry," typically implies data collection for service improvement purposes or problem-solving purposes, but it's a somewhat ambiguous term. The agency warned that Microsoft could face sanctions if it didn't comply with its change requests.
U.S. regulatory agencies haven't been too vocal about Windows 10 and potential privacy issues. But, in general, privacy doesn't appear to be a top-of-mind consideration for those agencies, nor regulation, for that matter.
Organizations do have the ability to manage Windows 10 telemetry connections, as described in this TechNet article. They can control 31 separate Group Policy settings. However, only Windows 10 version 1607 Enterprise and Education editions offer full control over those settings. Here's how the article described it:
Some of the network connections discussed in this article can be managed in Windows 10 Mobile, Windows 10 Mobile Enterprise, Windows 10, version 1507, and Windows 10, version 1511. However, you must use Windows 10 Enterprise, version 1607 or Windows 10 Education, version 1607 to manage them all.
Microsoft describes how to use the Windows 10 user interface to remove Cortana at this page, which involves turning off its use with e-mail, calendar, contacts and the Edge browser, among other applications. Cortana is also integrated with Office 365 applications. Group Policy can be used to turn off Cortana more programmatically, which is the option that organizations likely would use. However, a manual registry edit is required with the Windows 10 Home edition, according to this ZDNet article, making that an unlikely option for consumers wanting to turn off Cortana.
In terms of security, Microsoft announced in February that U.S. Department of Defense agencies were advised to "standardize on Windows 10." And presumably the DoD is assured about Windows 10's privacy protections, too -- that is, privacy for governmental agencies. Microsoft reportedly was an early collaborator with the U.S. National Security Agency's PRISM program, which secretly harvested people's communications data from around the globe, which, if true, renders Windows 10 privacy assurances kind of moot.
In the end, it's all about trust, in a world of mass spying (or marketing) by government and industry. Last year, Terry Myerson, Microsoft's executive vice president for the Windows and Devices Group, said that Microsoft was committed to transparency with regard to Windows 10 and privacy:
It's a strong statement of assurance. But at least two organizations now aren't seeing Microsoft's Windows 10 privacy assurances in that way.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.