How serious are the Windows 10 privacy issues?

Profile picture for user jreed By Jon Reed August 4, 2015
Some unsettling stories about Windows 10 privacy and security issues are surfacing. How serious are these issues? And how will they impact buyers? Jon gives his take.

Windows 10 opened to a successful launch, with 14 million downloads on the first day of availability. Compared to the mobile-first, screw-the-desktop indifference of Windows 8, Windows 10 seems a promising way forward - still mobile-friendly, but with more thought to Microsoft's corporate/desktop user base.

Young businesswoman gestures for silence or keeping a secret with one finger before her lips.

But as the Windows 10 launch neared, grumblings about features that either breach privacy or user autonomy started to build. After launch, more unsettling stories hit the tech press. The question is: will the bad PR hurt Windows 10 adoption? And just how serious are these issues? And what should buyers do?  Check out this laundry list:

1. Microsoft installs Windows 10 pimpware on  Windows machines via automatic updates. As an intentional Windows 7 laggard, I got my first taste of Microsoft's aggressive Windows 10 strategy when an "upgrade to Windows 10" icon appeared on my Wintel menus, taking up precious real estate (turns out, in its first questionable privacy/autonomy move, Microsoft loaded Windows users with pimpware based on a recommended update that most of us tend to install, blandly described as:

This update enables additional capabilities for Windows Update notifications when new updates are available to the user. It applies to a computer that is running Windows 8.1 or Windows 7 Service Pack 1 (SP1).

But it's not so bland after all. Removing the icon is the problem - unlike other icons, if I remove the Windows 10 icon from my display, it returns upon startup. That's probably fixable via some kind of hack, but Windows has never done that before with its other icons. As such, it's an early warning that Windows 10 is an aggressively promotional platform. I also consider is a small violation of a trust I have with Windows on how I control my experience.

2. When existing users upgrade to Windows 10, their application preferences (including browsers) are erased, and default to Windows products. Perhaps because the platform is (mostly) free, at least to existing users, Windows 10 seems to be more determined to leverage its proprietary aspects. Mozilla, for one, is unhappy - unhappy enough for the Mozilla CEO to pen a missive to Microsoft CEO Satya Nadella. The gist? When users upgrade to Windows 10, their prior preferred application preferences, including browser preferences, are erased - unless they know about the issue and take pro-active steps during the installation.

3. Prior to the Windows 10 launch, Microsoft confirmed that updates would be installed automatically - tech problems have already resulted.  In past releases, Microsoft provides users with more control over when to install "automatic" updates, and what aspects of those updates would be installed. That's changed in Windows 10, An issue with a conflict between Windows updates and Nvidia drivers is already lighting users up. As per Forbes:

The flaw revolves around Nvidia graphics cards with users taking to Nvidia’s forums to report Windows Update is automatically installing new drivers which break multimonitor setups, SLI (dual card) configurations and can even stop PCs booting entirely which pushes Windows 10 into its emergency recovery mode.

“Please pull these off Windows update!!!” writes Nvidia forum poster slycoder. “It makes my second monitor not work and lots of flickering! Please. I roll back and Windows Update reinstalls them :/”

4. Windows 10 attempts to opts users into an advertising network, though you can opt-out during install. (After install, you'd need to take another trip into the operating system settings if you didn't opt-out yet). I first saw this reported in The Guardian, but this summary in NDTV Gadgets drives the point home:

The company is seemingly trying to bolster its advertising efforts with Windows 10. As pointed out by The Guardian, Microsoft has assigned a unique advertising ID to every registered email address. The company's 45-page terms and conditions document is getting flak as well. The European digital rights organisations says that "Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties."

Updated: updated to reflect that even during the express install, you are informed of the advertising network and given the option to opt-out.

5. Windows 10 leverages users' Internet bandwidth when users are idle (to deliver Windows Updates). When I first read blogger Lauren's Weinstein's piece on this new Windows 10 Feature, I wasn't alarmed - I assumed he was just being an alarmist. But I later confirmed this from a variety of news sources. Again, deep in the settings somewhere, you can opt-out of this problematic feature (which, to be fair, could be useful for updating all computers on a home network, if the proper setting is chosen). As per Neowin:

In order to alleviate some of the load on its servers and allow users to upgrade faster, however, Microsoft has introduced what it calls Windows Update Delivery Optimization, which works similar to a torrent, hosting the install files on local PCs and then propagating them to other PCs on either your local network or the internet.

The problem comes in the fact that Microsoft has enabled this option by default and that no notice is provided to customers that Windows is, in the background, using some of their bandwidth and their data for updating other users' Windows. Several web sites have already called Microsoft out for this and what they - and other consumers - find to be misallocation of their network without permission.

My take - Windows 10 buy or sell?

This is not even a complete list of the known privacy and/or autonomy issues with Windows 10. Others include: Microsoft Cortana, the Windows 10 virtual assistant, pulls data from your texts and emails (To Microsoft's credit, there is a detailed privacy FAQ on Cortana). Another feature, Wifi Sense, offers to share your WiFi credentials with your Outlook and Facebook contacts, without offering granularity on which contacts from within a network you might want to share with.

WiFi Sense also has a setting that automatically connects you to trusted, open networks  - another setting which needs to be carefully managed. Again, you can configure most of these settings to restrict data sharing with proper tutorials.

Update: it should also be noted that these features requiring opt-out after the fact are part of the Windows 10 express install, the installation option Microsoft emphasizes. If you know how to choose a custom install and know what you are doing, you can opt-out of quite a few of them during the install itself. Here's pointers from Tech Republic, and here's one from How-to Geek. And yes, you can opt-out of all of these settings after the install from what I've been able to determine, but they are located in a range of places so you'll need to know what you are doing.

From a modern design/rollout perspective, I view the sum of these issues as an absolute disaster. Deciding to leverage your own customers' computers, without a transparent announcement, is a shocking breach that shows someone at Microsoft is asleep at the design wheel. Forget about design thinking; this is design sneaking.

The average consumer might not pick up on this stuff, but tech forums across the Internet are destroying Microsoft for these privacy-blind maneuvers. That's an audience Microsoft could have won over with Windows 10, if more thought had been given to collaborating on proper design. Yes, I expect the consumer market to largely move ahead with their upgrades, but the tech forums/press critiques are going to impact corporate Windows 10 adoption - until they are properly addressed.

Because these features are adjustable, it's possible for Microsoft to change them - for example, in addition to an express install, they could offer a "review my privacy settings install." But for now, the underlying philosophy of intrusive data sharing and promotional Easter eggs is troubling, lending credence to Oliver Marks' argument that Microsoft has blown it.

Some of my colleagues have shrugged, assuring me these things can be addressed after you upgrade. It's great that super-users can tweak settings - that's always been a strength of the Windows OS - but these defaults should be presented for easy configuration during the upgrade itself. And: they should be opt-in, not opt-out.

I swore off buying any new Windows machines after Windows 8 (have purchased Macs instead), and for now, I won't buy a Windows 10 computer. Not until I get a clear sense of where all the intrusive defaults lie. At that point, I might reconsider. But I am wary of Microsoft's current Ready/Fire/Fix-It-On-Your-End approach.

This might sound weird, but prior to Windows 8, I trusted Microsoft computers. Yeah, they were clunky at times, but with my propeller hat on, I made them work. That trust is gone, and interacting with the happy talk helpers at Microsoft Help on Twitter has made it worse. It's not about making a promotional icon go away; it's about something that's been lost in translation. Whatever that something was, it's the difference between me purchasing Microsoft products versus holding off.

As for corporate buyers, most enterprises hold off on Microsoft OS upgrades until the smoke clears. I'd certainly advise that in this case. A company-wide Windows 10 upgrade would require serious evaluation and planning from a data security standpoint. This can't be what Microsoft has in mind. Granted, I'm thousands of miles from Redmond, but at the moment, I feel like I'm on another planet.

End note: thanks to Frank Scavo for a Twitter gut check on some of these issues.

Update: updated 8/5/2015 1:15 am in several places, including: noting that the ad network has an opt-out option during the express install, which was not originally pointed out. Also noted that the custom install allows for opting out of many of these issues during the install, and included links to overviews on managing custom installs (Microsoft emphasizes the "express" install, but a custom install is still possible). Added the suggestion for a "review my privacy settings" install. Finally, I clarified language around Cortana and Wifi Sense to better explain how those services work.

Image credit: Businesswoman - Quiet or Keep a Secret © ptnphotof -