It is no secret that Microsoft's products have always been considered somewhat invasive by security experts; none more so than Windows 10. Since its release in July of 2015, Windows 10 has garnered significant criticism because of its data practices. Now, three years later, it is still getting negative press.
When it comes to digital privacy, most experts agree that invasive data collection should be opt-in, rather than opt-out. In fact, the EU's new GDPR legislation - which is due to come into full effect on 25 May - enshrines this belief into law. It forces firms to gain full consent before collecting personal data which is retained on file.
In its current state, Windows 10 ships with a large number of invasive default settings. The OS constantly gathers data from users, which is sent back to Microsoft's servers. Some of those overreaching settings can literally never be deactivated, and nobody is quite sure what Microsoft does with that 'diagnostic data'.
Now, an annual award ceremony called the Big Brother Awards has decided to bestow its less-than-honorable accolade on Microsoft Germany... and it’s all thanks to 'the last Windows ever'.
Shame on you
The Big Brother Awards is a yearly event that seeks to shed light on privacy and data protection offenders in both business and politics. It was once aptly declared the 'Oscars for data leeches' by the French newspaper Le Monde.
Now, Microsoft has (for the second time) been gifted the Big Brother Award in the 'Technology' category. The award details the firm’s use of 'implanted telemetry' (the transmission of diagnostic data) in Windows 10 as the reason for its dishonorable mention.
Last Windows ever
When it released Windows 10, Microsoft decided to make it the last Windows operating system ever. Instead of selling Windows as a onetime purchase, like it used to, Microsoft is now providing the operating system as a service.
With Windows now a service, Microsoft is looking for novel ways to create revenue streams from its users. Namely, by targeting extra services at them. For this reason, the tech giant is keener than ever to figure out what Windows users are doing on their machines.
The BigBrotherAwards (BBA) picks on the lengths to which Microsoft is now going to snoop on its users. pointing out that:
“It starts with the licence activation, which requires an online connection. If I do not want to use the Internet, for which there are good reasons, then Windows 10 makes that practically impossible.”
It then goes on to criticize the telemetry that Windows 10 is constantly collecting and storing about its users. Some of that accumulated data might seem trivial to many internet users. However, data privacy experts like those at BBA find it of grave concern. BBA specifically condemns the fact that nobody really knows why Windows 10 is collecting so much data:
“[Microsoft keeps] a list of all software that is installed on [a user's] computer. Why should it concern Microsoft whether I use my computer as a typewriter, a toy, a television set or for image editing? And what does the company do with this information? We do not know.”
Some data that Microsoft collects seems arbitrary. For example, Microsoft collects data pertaining to how often the key combination Alt+Tab is used to switch between currently running programs; seemingly trivial and unnecessary data.
Again, BBA admits that some Windows users may not particularly care that this data is being collected. However, the award judges (and most privacy experts) find it problematic that users cannot easily opt out of these invasive practices:
“Surely there must be a switch for that somewhere?! If you check Settings → Privacy, you will be overwhelmed with switches and option lists. Dozens of things are there to activate and deactivate, and most of us cannot know what consequences one decision or another may have.”
EU GDPR to the rescue?
The awarding body goes on to point out that the EU’s forthcoming data protection laws (GDPR) should improve things for European users, by giving them the ability to deny consent to at least some of Windows 10's invasive features. However, BBA urges consumers to 'keep an eye on whether Microsoft will stick to that'. How might GDPR help?
GDPR makes it a legal requirement for consent to be clearly expressed before data can be gathered from consumers. In addition, GDPR stipulates that firms must permit people to withdraw consent for data collection at any time. Pre-ticked boxes are no longer permissible under GDPR. This means that previous accusations relating to Windows 10 automatically updating should no longer be possible.
What's more, data should only be held for the period of time when it is actually necessary and GDPR stipulates that consent must specifically cover "'the purposes of the processing and the types of processing activity'. In theory, at least, this should stop Microsoft from being able to collect data without informing consumers about what it is being used for.
Sadly, it seems likely that Windows will still be able to collect telemetry in an aggregated manner that does not directly link to personally identifiable information. This remains problematic, especially considering that numerous studies have proven that anonymized data sets can often be re-attributed.
In addition, it seems more than likely that Windows will simply require people to provide consent to data collection, or else opt out of using the operating system altogether.
This is one gray area that GDPR will not be able to adequately protect against, and which will - unfortunately - still leave the door open to continued data abuse; not to mention the fact that GDPR only stands to protect Windows users in Europe and not elsewhere in the world.
Only time will tell how much data protection GDPR actually affords Windows 10 users. One would hope that the principles contained within the legislation will improve the way that data is collected from consumers.
However, it seems likely that the process will not happen overnight and that firms will impose their dominance in the market to railroad people into continuing to provide their data en masse. For a full guide on how to disable as many invasive Windows 10 features as possible please click here.
For more information about staying secure, take a look at our best vpn for PC guide.