Why Windows 10’s Privacy Settings Don’t Really Protect You
Windows 10 depends on the Internet, and on Microsoft’s servers, for many of its features. It also offers users numerous privacy settings to disable many of the cloud-enabled functions and the privacy compromises that necessarily go with them. Unfortunately, it seems that the operating system’s privacy settings and controls aren’t enough to prevent Windows 10 from going online and connecting with Microsoft’s own servers.
Peter Bright reports for Ars Technica that some of the traffic between the operating system and Microsoft’s servers is obviously harmless, some of it looks harmless but feels like it shouldn’t be happening, and some of it seems more troublesome. An easy example is what happens when you type a query into the Start menu. Even when Cortana and searching the web from the Start menu are disabled, Bright notes that opening Start and typing will send a request to www.bing.com for a file that contains some Cortana information and a random machine ID that persists across reboots.
A more harmless example, with minimal privacy impact, is how machines try to request two URLs upon connecting to a new network in order to ascertain whether a given network is routed to the Internet, and if there’s a captive portal in the way. An instance that falls into the harmless but still unnecessary category is how Windows 10 seems to download new tile info from MSN’s network from time to time, using unencrypted HTTP, even when there are no Live Tiles pinned to the Start menu.
More troublesome is how the operating system periodically sends data to a Microsoft server called ssw.live.com, which seems to be used for OneDrive and a few other Microsoft services. The operating system transmits data to the server even when OneDrive is disabled and logins use a local account that’s not connected to a Microsoft account. Bright also reports that some of the traffic between Windows 10 and Microsoft’s servers is “impenetrable,” with the operating system making requests to a content delivery network that bypasses the HTTP and HTTPS proxy with which Ars Technica configured its test machine.
The publication asked Microsoft if there is any way to disable the communication, and received the response from the company that, “As part of delivering Windows 10 as a service, updates may be delivered to provide ongoing new features to Bing search, such as new visual layouts, styles and search code. No query or search usage data is sent to Microsoft, in accordance with the customer’s chosen privacy settings. This also applies to searching offline for items such as apps, files and settings on the device.” Bright notes that’s consistent with what he saw, but runs counter to users’ expectations for the privacy the operating system offers (or doesn’t).
Increasingly, operating systems require users to make compromises in the interplay between functionality and privacy. Bright notes that for many users, the tradeoffs are worthwhile, since they afford access to services like Cortana (or Siri or Google Now), and cloud syncing of passwords and files. Many users, if confronted with the choice, make the decision that the loss of privacy is an acceptable price to pay for modern software features. But users who choose to disable these services should be allowed to really disable them — something that Windows 10 doesn’t seem to be doing right now.
Russell Brandom recently reported for The Verge that Windows 10 “is the end of cloud-free computing.” Users who are scared off by the data collection routinely carried out by Google and Apple now have nowhere to turn, since Windows 10 requires constant access to Microsoft’s servers. “In 2015, this is simply how computing works,” Brandom explains. “Consumers expect smart recommendations and continually improving services. We expect computers — all computers — to be able to answer any question at any time. In return, companies get constant access to your computer for data collection, automatic updates, and offboard processing.” This is the default for modern software, and anyone who doesn’t like it will have a hard time using modern computers.
Brandom notes that for a while, Microsoft was the exception to that rule. The company rolled out its cloud services as discrete offerings, but the logic changed with Windows 10 because Microsoft needs to steal users back from Apple and Google, and in the process match services like Siri and Google Now. That requires “plugging into the cloud at the deepest possible level.”