A Breakdown of the Windows 10 Privacy Policy

WheezyJoe writes: The Verge has a piece on Windows 10 privacy that presents actual passages from the EULA and privacy policy that suggest what the OS is capturing and sending back to Microsoft. The piece takes a Microsoft-friendly point of view, arguing that all Microsoft is doing is either helpful or already being done either by Google or older releases of Windows, and also touches on how to shut things off (which is also explained here). But the quoted passages from the EULA and the privacy policy are interesting to review, particularly if you look out for legal weasel words that are open to Microsoft's interpretation, such as "various types (of data)", diagnostic data "vital" to the operation of Windows (cannot be turned off), sharing personal data "as necessary" and "to protect the rights or property of Microsoft". And while their explanations following the quotes may attempt an overly friendly spin, the article may be right about one thing: "In all, only a handful of these new features, and the privacy concerns they bring, are actually in fact new... Most people have just been either unaware or just did not care of their existence in past operating systems and software." Even pirates are having privacy concerns and blocking Windows 10 users.

weasel words = gaping hole

Posting anon for obvious reasons.

In a former life, there was some question about what and how far an org could go into customer data that was collected through remote telemetry or use of cloud services. A couple years ago, legal counsel informed us that we could capture, examine, and retain essentially any customer data, because any security-related review fell under the clauses about use of customer data for "enhancement of customer experience", to which the customer consented in the EULA. This is why some entities feel very free to capture any data they want from endpoint computers and effectively lie about it in marketing documents: because end-users consented to a free-for-all in the prior/overriding legal license.

Simple

Windows 10 Privacy = Oxymoron

Vital diagnostics

Exactly how vital can they be if the fucking computer still works with no Internet connection?

Re:Vital diagnostics

[Dunbal]

Vital to Microsoft. So they can mine/sell the data. Get it now?

What are you all so worried about?

"This water is only one degree hotter now than a few minutes ago," said the frog to his companions.

Half the story

[HideyoshiJP]

The article seems to only be telling half the story about previous versions of Windows and about sending data "critical" to the operation of Windows.
A. The Customer Experience Program could be opted out of.
B. Windows 10 only sends data "critical" to the operation of the system in the "basic" telemetry setting. It's funny how you can disable it in enterprise. I guess it must not be so critical, huh? I don't care what they do with home versions, but I take issue with not being able to do this in Pro. An individual cannot buy Enterprise.
C. It's not fair to compare this to Google. Google provides their products free of charge. Despite Microsoft giving out a free update, Windows is not free. You can purchase a retail copy. I'm sorry to criticize your apologist article, Verge, but these are issues that affect the company I work for. I don't care what you do with your personal computer; the government doesn't regulate that.

Re:Half the story

[Anonymous+Brave+Guy]

I don't care what they do with home versions, but I take issue with not being able to do this in Pro. An individual cannot buy Enterprise.

I've been wondering about that. If it's still going to be true once they've got their act together, then presumably that also affects most small businesses? That could be a very expensive strategic mistake. The hoi polloi will put up with a lot, and big businesses will do their own thing and probably not update for a long time anyway, but alienating the smaller and more agile businesses that might have updated sooner seems unwise, and alienating the geek community -- who run IT in those businesses and advise their less geeky friends -- seems downright commercially suicidal.

Re:Windows 10, it's free

No, I think his point is more like "Never look a gift horse in the mouth while its trying to mount you." Or something like that.

Re:Closed-source operating systems

The advice is to use a possibly compromised operating system over a guaranteed compromised operating system.

Do you have a better suggestion for those who has to use windows?

Or not

[Anonymous+Brave+Guy]

If you're running automatic updates on 7 or 8 you already have the same "telemetry" components as well.

No, I don't. You see, the great thing about still being on Windows 7 is that I'm not forced to install whatever user-hostile updates Microsoft deems necessary. So I didn't.

By the way, neither did a lot of other people. Many of the professionals I know have been "security updates only" for quite a long time, even on personal use machines rather than work ones. Plenty more joined the fold recently after the Win10 nag message update.

It frustrates me that the casual press keep repeating the dogma that the forced updates in Windows 10 are a good thing because security experts recommend applying all patches immediately or similar, as if Microsoft hasn't been pushing non-security updates for years.

Yikes

[Chris+Johnson]

'It's okay, it's already being done by Google' is NOT reassuring! D:

Linux Mint

[dmt0]

All this talk about Windows made me rediscover Linux. Tried out latest Mint and was really pleasantly surprised by how well polished the thing is overall. Everything worked right from Live CD. Things that I could never get to work on Ubuntu even a year ago. Bluetooth speaker just connected, Android phone didn't make any components die a quiet death. Skype. All menus are reasonably laid out. Configurations work. Started being productive on it just after two hours of installation/configuration. Breath of fresh air.

Re:IDEA

[ihtoit]

you've clearly never had to deal with people complaining that their Facebook doesn't work.

Don't try explaining to them that their browser is what's broken, not the website (for various measures of "broken"), they don't give a fuck at the wire gauge used in their talking toaster. They cannot and will not even try to differentiate between hardware and software, cached content and streaming, Telepresence (the Cisco brand) and Skype (the Microsoft brand). Wilful ignorance is the bliss of the average end user for which there is no cure and keeps we nerds in work.

Re:Doesn't explain the "Telemetry Update" to 7 and

Way to jeopardize the Net as a whole by teaching people to turn off and never trust updates again.

Go fuck yourself, Microsoft. Fucking idiots.

What is really happening

[execthis]

From a meta point of view, what is really happening? If nothing else, there is some kind of breakdown between reasonable expectations of people who use Windows and the actions of Microsoft. Aside from particulars of what exactly is being or not being collected, Microsoft handled this poorly by not anticipating that many people are rightfully highly sensitive to data collection/telemetry/tracking issues, and the fact that it is being disclosed only via EULA legalese doublespeak only damages the situation by orders of magnitude.

Microsoft needs to have a press conference and set up a special page for users concerned about privacy and who want to know more about telemetry/tracking. You do not address users' concerns by blowing them off, but by engaging them.

In this day and age it is reasonable to expect that a complex system such as an OS actually needs to communicate with central servers for reasons related to routine the operation of the system. But what are those routine things?

All we get from EULA's is BS.