Microsoft Finally Reveals What Data Windows 10 Really Collects

Starting today, Microsoft is updating its privacy statement and publishing information about the data it collects as part of Windows 10. From a report: "For the first time, we have published a complete list of the diagnostic data collected at the Basic level," explains Windows chief Terry Myerson in a company blog post. "We are also providing a detailed summary of the data we collect from users at both Basic and Full levels of diagnostics." Microsoft is introducing better controls around its Windows 10 data collection levels in the latest Creators Update, which will start rolling out broadly next week. The controls allow users to switch between basic and full levels of data collection. "Our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure," says Myerson. "As a result, we have reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level."

The real problem...

... of course, is that we have to wait for Microsoft to "inform" us about that in the first place.

Re:The real problem...

[ytene]

And the only reason Microsoft are doing this is [likely to be] because the EU were basically telling them that their latest privacy-slurping OS was going to run foul of EU legislation if they didn't come clean. Having Windows 10 banned in the EU because of privacy concerns was likely a suitable incentive. What a shame it has come to the point where companies need this sort of inducement to come clean.

Re:The real problem...

[Kjella]

What a shame it has come to the point where companies need this sort of inducement to come clean.

Companies will run slave plantations unless somebody forces them not to. Capitalism is useful but it'll throw you under the bus if it means higher profit, it's nobody's friend just raw application of economic power. Once you're past the size where anyone feels personally responsible and they only answer to shareholders who want return on interest it has no conscience, ethics or morality. So I'm not sure what you think is new or different here, the only time they don't act like total psychos is exactly when there's consequences. Otherwise they'd make Soylent Green out of you.

Re:The real problem...

Exactly this.

This announcement is akin to:

We've listened to our customers who are upset about the ass rape, so to address your concerns, we've added an exciting new option!

-Lubed ass rape
-Unlubed ass rape (for our TRUE believers)

Real link

[AmiMoJo]

Link to the actual list, not an article about the list: https://technet.microsoft.com/...

Re:Real link

[AmiMoJo]

Okay, let's have a quick look at some interesting items from the list:

- userId The userID as known by the application.
This is what you type when Windows asks "what is your name?" during account creation, so it's quite likely to be the user's real name.

- did XBOX device ID
- xid A list of base10-encoded XBOX User IDs.

- localId Represents a locally defined unique ID for the device

- friendlyName Represents the name of the file requesting elevation from low IL.
- cmdLine Represents the full command line arguments being used to elevate.
Don't enter passwords on the command line!

- PCFP An ID for the system that is calculated by hashing hardware identifiers.

- BiosDate The release date of the BIOS in UTC format.
- BiosName The name field from Win32_BIOS.
- Manufacturer The manufacturer field from Win32_ComputerSystem.
- Model The model field from Win32_ComputerSystem.

The list is very long, I'm about 1/3rd the way in...

Calling Stallman

[jawtheshark]

We all know that without the source, it is impossible to verify their claims.

Re:Any evidence...

[Volanin]

It doesn't matter if this is the complete list. This list by itself is already bonkers.
At the very least, they admit that they:

- Uniquely identify you, your device, and your location/network.
- Record what you navigate and search on the internet.
- Record what you watch, listen to, and read.
- Record your purchase history.

Not that it matters though. I believe almost everyone does this nowadays.
At least they are being transparent.

Removed half of stats before disclosing

"Our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure," says Myerson. "As a result, we have reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level."

I wonder what they felt they needed to remove before they were willing to publish the disclosure.

Re:Don't forget about open source projects.

[Raenex]

Some open source supporters will make claims like "But they're being transparent!" or "But you can opt out!" or some other nonsense like that.

But guess what? None of that matters!

It does matter. It's relatively trivial to opt out of Mozilla's data collection and to know what's being collected, whereas that's absolutely not the case with Microsoft. So when you say shit like this:

"we cannot consider them to be any better than Windows, or conversely, we can't consider Windows to be any worse than projects like Firefox"

I know you're either shilling for Microsoft or being idealistically stupid about practical differences.

Re:Thanks, but

[denis-The-menace]

It's been tried.

They try to upload to 100s of different DNS names and IPs...just like spyware.

Edited MSDN Article about Full Levels...

You should look into the msdn historical edit article where they showed that microsoft removed verbiage on it's MSDN page about collecting even worse information such as your documents and allowing microsoft employees investigating any crash reports sent by your machine to actually remotely access your machine and view your documents and run your programs.

Not trolling either. It was a link passed around here awhile ago and microsoft even sent a takedown to the wayback machine which previously had the edit but now does not. Yet on a different microsoft site that lists wiki-style diff's of it's pages, it's still there.

Someone find it please. They are backpedaling so hard on this it's sad.

Re:Don't forget about open source projects.

[Just+Some+Guy]

I disagree. RMS is supremely practical over long periods of time. His core message is "if you tie your fate to something you don't control, you will get burned." I've never seen this not be correct. Vendors come and go. Sometimes they change their pricing model from reasonable to extortionate. Maybe they discontinue features that were critical to you. Perhaps they throw away the whole thing and start over. But whatever form it takes, the end result is the same: if you can't control it, it will control you.

Apple and Microsoft have probably been the best major companies for keeping their changes small and manageable. Eventually you had to migrate off VB6. Eventually you had to click the "also compile this for Intel" checkbox in Xcode. But that doesn't change the fact that if you use their platforms, you are subject to their business decisions, even when they conflict with yours.

Perhaps hypocritically, I'm typing this on a Mac. I've decided that given Apple's track record, they're probably not going to yank the rug out from under me overnight. But you can bet that all the code I write is in FOSS languages and deployed to FOSS operating systems. I can change my desktop OS - with some pain and gnashing of teeth to be sure - without compromising the things I design. That's because RMS is correct: he's convinced many of us that it's practical to choose open platforms instead of closed shininess where it really matters.