France: Windows 10 Collects 'Excessive Personal Data', Issues Microsoft With Formal Warning

France's National Data Protection Commission (CNIL) has ordered Microsoft to "stop collecting excessive data and tracking browsing by users without consent," adding that Microsoft must comply with the French Data Protection Act within next three months. BetaNews reports: In addition to this, the chair of CNIL has notified Microsoft that it needs to take "satisfactory measures to ensure the security and confidentiality of user data." The notice comes after numerous complaints about Windows 10, and a series of investigations by French authorities which revealed a number of failings on Microsoft's part. Microsoft is accused of not only gathering excessive data about users, but also irrelevant data. The CNIL points to Windows 10's telemetry service which gathers information about the apps users have installed and how long each is used for. The complaint is that "these data are not necessary for the operation of the service."

Just wait until ms turns the data over

france will become silent and declare ms is a strategic partner in fighting terrorism. Until then, it intrudes privacy.

Anyway, everybody who wants to protect their data should use linux.

But it's okay because GOOGLE reads your email!

It's perfectly fine that Microsoft spies on you because Windows 10 is free! Unlike evil GOOGLE, who reads your email to find people who do things they don't like!

Re:But it's okay because GOOGLE reads your email!

[LichtSpektren]

It's perfectly fine that Microsoft spies on you because Windows 10 is free! Unlike evil GOOGLE, who reads your email to find people who do things they don't like!

God, I'm tired of refuting this stupid shill argument. Google's services are free. They tell you explicitly what they do with your data. Google does not have a monopoly on email, you're free to use many other providers. Since I'm concerned about my privacy, I only use gmail as a spam box.

Microsoft, on the other hand, has been evasive and deceptive about collecting peoples' data, completely silent about what they *do* with that information, and they collect all this info by leveraging their de facto monopoly on the desktop OS market (yes, you can use macOS or GNU, but billions of dollars of legacy Win32 programs and contracts are wrapped up on Microsoft's end, and so switching is not so simple for the privacy-concerned).

Re:But it's okay because GOOGLE reads your email!

[LichtSpektren]

Ha, you're right. Mea culpa, now allow me to clean the egg off my face....

Re:But it's okay because GOOGLE reads your email!

Is someone whose computer suddenly upgraded to Windows 10 going to read the EULA bit-by-bit, especially when eyes glaze over at daunting EULA's so easily that they have given up their first born technically? No, their computer isn't working and they need to get in NOW, so they click OK.

Plus even if it uninstalls, it's never going to be the same again. Windows 10 probably tore out who knows what doing the unwanted upgrade.

And let's never mind the fact that Windows 10 is being dumped on just about every Intel computer out there, and your choices are pretty much either ridiculously expensive, draconian, or very difficult for an end-user to use. That's like being given arsenic, and being told that if you don't like it, you're free to choose cyanide or stab yourself and get gangrene over a few weeks, when you really don't particularly want to poison yourself at all.

Plus the fact that the OS is a specially privileged piece of software. It's like security cameras on the street versus one in your bathroom that you can't remove.

I'm no fan of Google's. They're pulling all kinds of horrid shit. But Microsoft is on a new level. And it really doesn't matter if people dogpile Microsoft more than Google. The fact that Google does terrible things but gets less flack does not excuse Microsoft in the least, and that is a crappy argument. Plus Google is better known for its search engine, so it gets flack there, whereas Microsoft is best known for Windows, so most of its flack goes there, accordingly.

Bottom line is that Microsoft is on the forefront of the movement that wants to own the device you paid for and everything you do with it, not unlike most phone manufacturers as well as tractor manufacturers

Re:But it's okay because GOOGLE reads your email!

[thegarbz]

What would it take to not be completely silent in your eyes?

Content. That's all. Microsoft is very good at privacy statements and and reassuring that the telemetry they are collection will only be used for good ... without actually telling you what any of it actually is or showing it to you. What would it take to not be silent? How about something written by an engineer instead of a lawyer. Or how about writing words that actually say something rather than just appearing as meaningless text on a page.

Re:But it's okay because GOOGLE reads your email!

[donaldm]

And how would he activate it? Which serial number should he use?

No problem. Do you see that sticker on your PC with the name Microsoft on it, you can use that code to activate your fresh Windows 10 installation providing that sticker was for Windows 7, 8 (you did upgrade to 8.1 didn't you?) and 8.1.

Of course, you do have to agree to the EULA as well as inputting your legitimate activation code and then you will be sent, free of charge a magnificent set of gold plated chains with the promise that Microsoft will discreetly spy on you to provide a better slave (err! user) experience.

Nothing some polish can't fix

[madwheel]

The largest issue here is creating the advertising ID and sending it over seas without user consent. This is pretty easy to comply with though, given it can all be done with a patch/UI modification.

Re:Nothing some polish can't fix

[ausekilis]

Peoples browsing/application/usage habits are unique enough that any generated random ID will be just as good and can likely uniquely identify an individual with very high accuracy. You've swapped one identifier for another. Privacy through obscurity?

I doubt swapping a user identifier (first.last, userid, whatever...) for an advertising ID will work. After all, Facebook tracks you by generating a random ID for every visit to a page that has a like button. If you are signed in, that page visit is tracked by them. If you sign in later, that page visit is retroactively added to your history. If you create an account later, that random ID is then merged with your account.

Similarly, I almost never sign into any google stuff other than the infrequent email that for whatever reason I can't get on Thunderbird or my phone. Yet the ads I see when I do sign into gmail are for those same items I searched for days/weeks ago. Though with a phone, Google tracks your location too. I seem to remember there being a patent on location-based coupons being sent to user phones some time ago...

Three cheers for France

[LichtSpektren]

Most likely this will result in nothing, but I'm really, really hopeful that more countries will band together with France on this and hit Microsoft with some considerable sanctions, and switch off of Windows.

At the very least, this is something I can show to aggravating Microsoft fans/shills who are still in complete denial about the Orwellian nature of Windows 10.

Re:Three cheers for France

Th problem is you'll start caring when they knock you out.

Maybe they won't, but some people prefer to avoid the risk.

Something I have notices is that people don't have "anything to hide" until someone takes something they, in fact, do have to hide, such as the document they were working on, their credit card numbers, or their kids' school.

People who think all the privacy pundits want is to be able to cover up their crime and porn are in for an extremely nasty surprise someday - and possibly sooner than they think, especially with the way that so much on the Internet is attempting to pull off thought policing these days.

About time too !

It's about time Microsoft were forced to remove their spyware. Once again Europe seems the only place where there's even a pretence of respecting an individuals rights.

Vive La France !

So many shared (dynamic?) libraries

[fustakrakich]

apps users have installed and how long each is used for... is not irrelevant at all.

This is why, despite the apparent bloat, all applications should be completely self contained (portable, sandboxed, kinda) in their own folders (statically linked). So when you toss the folder, all traces of the app are gone with it. The old Macs were sort of like that. But with Microsoft, and Linux to an extent, they take a shotgun to your drive and then fill in the holes, splattering the application all over the place. It's kind of incestuous the way everything mixes up together. Apps that you don't even know about, running in the background cause many mysterious crashes. Sending the black box info to Microsoft has become necessary.

I just run a personalized live system now. Boots factory fresh every time.

Re:So many shared (dynamic?) libraries

[mrprogrammerman]

Mirekusoft Install Monitor tracks where an application get installed so it can be completely removed. Disclaimer: I developed it because I was tired of applications installing wherever they wanted.

Re:So many shared (dynamic?) libraries

[donaldm]

You assume much. By "factory" I meant this [slackbook.org]. I don't believe it contains any adware, but maybe I'm not looking hard enough.

At least with a Linux, BSD or Slackware distribution the chance you will get adware is very small. If you don't mind compiling everything from source then Slackware is fine, however, I actually prefer Fedora (currently 24) which I would not recommend for novices at least not on the first day a new distribution is released. Sure I could get sources and I am quite capable of compiling from source but I don't have the time or inclination to do so.

Unless you are totally paranoid you do have to trust your preferred operating system, however, I think I would rather trust an operating system like BSD, Linux or Slackware before I would trust a commercial operating system like Microsoft Windows which if you have installed Windows 10 from ISO has by default all features turned on and some of those features are highly intrusive.

I do know that most Linux applications do install into more than one directory, and some of the pieces have really weird names.

By weird names do you mean like /usr (short for user) or /bin, /usr/bin or /usr/local/bin (directory or folder for binary executable files) as an example? Most of these names harken from Unix naming conventions and are very logical. As for Linux (Slackware and BSD are similar) appropriate pieces of software are install into logical directories such a "man" for manuals, "bin" for binaries, "lib" for libraries and so on. You could if you like install private software under a directory tree or in any area you have write access to.

Re:Windows N

[bigfinger76]

Your last two points are false.

Just following Apple's lead.

Apple Mail: using IMAP to my mail servers, pings 3 different apple servers while processing any new incoming email. NOWHERE in the chain does Apple need to be involved. Use any push service and they all much use Apple's control panel, and they all ping Apple servers right alongside whatever service you're using. Apple's official reason: "Ensure product is up to date and to cross reference any known security issues." That could just be done via a single update, say daily, completely unrelated to my personal accounts.

They're all doing it and all in some sort of shitty dog race to see who can be the biggest asshole of the lot.

Re:Windows N

[blackomegax]

re: point 2. I know dell sells Linux laptops, I know some 3rd party ODM resellers sell linux laptops. But go to a brick and mortar and find me one. Go to dell.com and find them without diving really really deep into their website. Go to lenovo.com or acer.com and find me one at all. They ARE hard to find. MS encourages that practice.

Commenting to undo moderations

[blind+biker]

But ok, I do have a comment: how come nobody in the EU is looking into the criminal activities of how Microsoft shoved Windows 10 down people's throats?

Re:Windows N

[ilsaloving]

But they arn't.

Have you looked at the sheer amount of shovelware the average PC comes with? It's breathtaking. And a lot of it can be oddball stuff that you've never heard of before, by manufacturers you may well not have heard of. So you are forced to either reinstall the OS from scratch so you have a known clean system, or you have to vet every odd thing you find in your Programs and Features window, and even then hope that there is nothing else installed. And hopefully that's the end of it, which may not be the case. Lenovo has already been caught shoving insecure crapware into the UEFI bios that windows will automatically install whether you want it or not.

Unless you purchase the Enterprise version of Windows 10, you cannot disable telemetry. Period. You cannot disable updates. Period. Microsoft also has the power to extract any and all data from your machine, remotely, without needing your consent first. You flat out do not have control of your own computer anymore if you use Windows 10. And incidentally, some US gov't judge has declared that people no longer have an expectation of privacy when using their computers in their own home. You do the math there.

Re:Special Version

[tlhIngan]

Could Microsoft make a special version of Windows 10 to comply with French or even EU regulators?

Of course they can.

There already are special versions of Windows available - there's the "K" ones, which are specially made for Korea (not sure what it entails), and there's the "N" ones which lack media player (earlier Europe ruling).

All Microsoft needs to do is modify the N build to exclude data collection or ask for user permission to collect data.

You can see these builds when you make a Windows 10 image and click Advanced.

Our FTC Doesn't Care

[BrendaEM]

The U.S. Federal Trade Commission all about being on its hands and knees, blowing Microsoft. The concerns, security, and well-being of American. citizens just doesn't matter to them.

Comment removed

[account_deleted]

Comment removed based on user account deletion