Windows 10: An OS With A Privacy Guide 1,243 Pages Long

by The Cat

Now that the European Union's General Data Privacy Regulation (GDPR) has pushed the big tech to state what they are collecting from their users, I decided to give a look on the privacy policy of MS Windows 10 -- the most widely used desktop/laptop operating system in the world -- and try to find out what is the bare minimum of data that Microsoft is collecting from a user.

Navigating through the jungle of the several and different Microsoft's privacy policies and webpages is not an easy task. Their "Privacy Statement" is 140 pages in length, and if you really want to delve into the details, they have a "Windows 10 & Privacy Compliance: A Guide for IT and Compliance Professionals" with nothing less than 1,243 pages containing six different privacy policies to the several versions of Windows 10!

I focused my research on the most recent versions of Windows 10 (21H1, 20H2 and 2004), picking up "only" their Privacy Statement (140 pages) and the "required Windows diagnostic events and fields" with another 166 pages, which, according to their website, would take five hours and forty minutes to read! Let's get started!

According to their Statement, they will collect:

Activity history

That's what I call starting in great style! They will keep track of almost everything you do on your device: "the apps and services you use, the files you open, and the websites you browse." So, Windows 10 stores every single file you open and all sites you visit. Ah, and it's not only Windows. If you use Edge, Word, Excel, etc., they will also call headquarters and inform them about what you are doing. It is stored locally, but if you have an MS account and was a little distracted, just clicking "I agree" to all the boring stuff appearing on your screen, it is very likely that you authorized that all your activity history was sent to Microsoft! And once doing so, your activity is entirely in the cloud, being used by Microsoft to "enable cross-device experiences" (nice wording, no?), and to provide things like anticipating your needs. Do you remember the gypsy at the sidewalk trying to see your future? Microsoft can do it better!

Advertising ID

Not being enough that many web browsers and sites do that, Windows generates a unique advertising ID for each user on a device to help out those fellows. Thus, "app developers [...] can associate personal data they collect about you with your advertising ID". They say this can be disabled.

Diagnostic data

This is certainly the "big one", so much that it has a special, 166 page-length document dedicated to describe what it gathers. Microsoft is so nice that it has even left you the choice between optional and required diagnostic data, which lead, us to conclude that there is a mandatory data collection, and it is not few. It amounts to 450 "events". They will collect information like:

• downloads: tracking of all ongoing downloads and its current state;


• connected peripherals;


• applications installed;


• batteries: type and capacity data, as well as the number of connected standby devices in use;


• the processor type, OEM manufacturer, firmware, ROM and RAM memory
  attributes;


• IP address, mobile network (including IMEI and mobile operator), and whether the device is connected to a free or paid network;


• displays;


• temperature.

Anyway, MS has a software that allows you to visualize what data they are receiving from you. It's named Diagnostic Data Viewer and you can download it (yes, it doesn't come preinstalled on your PC).

Location

"Data about a Windows device's recent location history is also stored on the device even if not using a Microsoft account, and certain apps and Windows features can access this location history." They say you can clear your location history on your device, but not stop it from being collected.

Speech recognition

If permission is given in Cortana, they will collect, among other things, your name and nickname, recent calendar events and the names of the people in your appointments -- that is, not only family birthdays, social/work/religious gatherings, but also your relatives, friends and co-workers' names. Enough? No! They also will pick up information about the names of your favorite places, the apps you use, and your music preferences! And this even if your device is locked: "... if enabled, the relevant app will continue listening to the microphone for voice keywords when you have locked your device and can activate for anyone who speaks near the device. When the device is locked, the app will have access to the same set of capabilities and information as when the device is unlocked."

Microsoft's New Mantra

As most privacy regulations require a justification for data gathering, the tech giant from Seattle solved it with an abracadabra: how to explain each one of the 450 diagnostic events, the microphones turned on, the geolocation and all your activity history -- including all your downloads -- being sent to their servers? "Let's just pronounce this incantation: The data collected with this event is used to help keep Windows up to date. Fantastic! Problem solved! Now we're compliant, and no one will dare to sue us!" You will find this mantra 78 times only in the diagnostic data section. I wonder if they display this phrase in a poster at their cafeteria.

Final Thoughts

This is what the latest versions of Windows 10 collect from a user. It doesn't include any MS app nor older versions, whose privacy policies are even lengthier. This is certainly not a surprise for many. But for how long will Microsoft be able to stay in business with so much data collected under such dubious arguments, in a scenario of increasingly strict privacy laws? Will they just sit and wait until people -- and governments -- start to take legal action against them? Whether those guys are taking a huge risk or whether they are planning something else -- like jumping off the Windows boat and embarking on the "Microsoft Linux" idea, as people speculated some months ago. While others said it was unlikely to see a Windows system running on a Linux kernel, as Linux is certainly much more privacy-respectful, at least from the legal point this would relieve their actual burden. But, as a Linux user, I would rather prefer to see Windows far, far away from us, before distributions, in exchange for generous donations or lucrative partnerships, start to push users towards MS products and... but wait! Red Hat and Canonical are already MS partners! And SUSE and the Linux Foundation, too! Fortunately, we are for now protected here on PCLinuxOS, but I believe that in the coming years the battle for autonomy inside the Linux community will be tough. May the force be with us!