Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Finally Reveals What Data Windows 10 Really Collects (theverge.com)

Posted by msmash on from the opening-up dept.

Starting today, Microsoft is updating its privacy statement and publishing information about the data it collects as part of Windows 10. From a report: "For the first time, we have published a complete list of the diagnostic data collected at the Basic level," explains Windows chief Terry Myerson in a company blog post. "We are also providing a detailed summary of the data we collect from users at both Basic and Full levels of diagnostics." Microsoft is introducing better controls around its Windows 10 data collection levels in the latest Creators Update, which will start rolling out broadly next week. The controls allow users to switch between basic and full levels of data collection. "Our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure," says Myerson. "As a result, we have reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level."

8 of 286 comments (clear)

  1. Any evidence... by CrimsonAvenger · · Score: 4, Interesting

    that this list is really complete and conclusive? Or is this just what MS is saying is the complete list?

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
  2. Re:Real link by AmiMoJo · · Score: 5, Interesting

    Okay, let's have a quick look at some interesting items from the list:

    - userId The userID as known by the application.
    This is what you type when Windows asks "what is your name?" during account creation, so it's quite likely to be the user's real name.

    - did XBOX device ID
    - xid A list of base10-encoded XBOX User IDs.

    - localId Represents a locally defined unique ID for the device

    - friendlyName Represents the name of the file requesting elevation from low IL.
    - cmdLine Represents the full command line arguments being used to elevate.
    Don't enter passwords on the command line!

    - PCFP An ID for the system that is calculated by hashing hardware identifiers.

    - BiosDate The release date of the BIOS in UTC format.
    - BiosName The name field from Win32_BIOS.
    - Manufacturer The manufacturer field from Win32_ComputerSystem.
    - Model The model field from Win32_ComputerSystem.

    The list is very long, I'm about 1/3rd the way in...

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Don't forget about open source projects. by Anonymous Coward · · Score: 0, Interesting

    It's weird to see people get all bent out of shape about Windows collecting data, but then totally ignore the open source projects that really aren't any better.

    Just look at how much data Firefox collects and sends to Mozilla or others.

    Or consider the data that Homebrew collects and sends off.

    Some open source supporters will make claims like "But they're being transparent!" or "But you can opt out!" or some other nonsense like that.

    But guess what? None of that matters!

    The real real problem, which you missed, is that it's possible for this software to collect and transmit such data to begin with.

    Disclosure and "transparency" don't matter. Being able to opt-out doesn't matter.

    Getting rid of any and all software support for such data collection is what matters!

    Until open source projects like Firefox and Homebrew totally remove all support for any and all data collection, we cannot consider them to be any better than Windows, or conversely, we can't consider Windows to be any worse than projects like Firefox and Homebrew.

  4. Re:Real link by lq_x_pl · · Score: 4, Interesting

    Keep in mind, this is the list for now.

    --
    An internal system operation returned the error "The operation completed successfully.".
  5. Re:Thanks, but by denis-The-menace · · Score: 5, Interesting

    It's been tried.

    They try to upload to 100s of different DNS names and IPs...just like spyware.

    --
    Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
  6. Edited MSDN Article about Full Levels... by Anonymous Coward · · Score: 5, Interesting

    You should look into the msdn historical edit article where they showed that microsoft removed verbiage on it's MSDN page about collecting even worse information such as your documents and allowing microsoft employees investigating any crash reports sent by your machine to actually remotely access your machine and view your documents and run your programs.

    Not trolling either. It was a link passed around here awhile ago and microsoft even sent a takedown to the wayback machine which previously had the edit but now does not. Yet on a different microsoft site that lists wiki-style diff's of it's pages, it's still there.

    Someone find it please. They are backpedaling so hard on this it's sad.

  7. Comment removed by account_deleted · · Score: 3, Interesting

    Comment removed based on user account deletion

  8. Citations? by Optic7 · · Score: 4, Interesting

    At the very least, they admit that they:

    - Uniquely identify you, your device, and your location/network.
    - Record what you navigate and search on the internet.
    - Record what you watch, listen to, and read.
    - Record your purchase history.

    Any citations for these (like field names in that huge list) that you could provide? I searched for some keywords to find anything related what you mentioned (ex: web, browse, history, internet, purchase, etc) and could not find anything as nefarious sounding as your summary. Perhaps I'm not looking closely enough and it's a huge list, so citations would be appreciated. I really would like to know if they are collecting the info you listed. Thanks.