Microsoft Sort Of Addresses Windows 10 Privacy Complaints With New Privacy Dashboard

from the hoover-up-ALL-the-data dept

For the last few years, Microsoft has been under fire because its Windows 10 operating system is unsurprisingly chatty when it comes to communicating with the Redmond mothership. Most of the complaints center around the fact that the OS communicates with Microsoft when core new search services like Cortana have been disabled, or the lack of complete, transparent user control over what the operating system is doing at any given time. Microsoft has since penned numerous blog posts that claim to address consumer concerns on this front — without actually addressing consumer concerns on this front.

This week, Microsoft penned a new blog post claiming that the company has been listening to annoyed customers and privacy activists, and will finally be making substantive changes to Windows 10 privacy settings to give users more control. Among them will be new operating system-level privacy controls that make consumer options more granular. But Microsoft also says it is building a new privacy dashboard the company says will be doled out to Windows Insiders in an upcoming build, and will look something like this:

Microsoft says the company will simplify the operating system’s diagnostic data collection levels, so that it’s clearer what telemetry data is being sent back to the company?s servers. As it stands, Windows 10 currently has three snooping levels, but in the Creators Update (expected sometime in the Spring) there will be just two: an option to switch between “basic” and “full” data collection levels, depending how much invasive snooping you like with your morning coffee. Said basic tier is the lowest the settings will go, and includes collection Microsoft claims is necessary for the functioning of the OS. Basic includes:

“Data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft.”

The problem is that Microsoft has often hidden behind claims that it has to collect a lot of this data or the operating system won’t work, and there’s still no option to eliminate the collection of telemetry data completely. “Full” data collection, in contrast, will collect everything that the basic setting covers, as well as “inking and typing data.” That can include sending Microsoft the document you were working on that caused a system crash, and giving Microsoft support permission to access the OS remotely for troubleshooting.

The entire goal, Microsoft claims in the post, is to make consumer privacy easier to understand:

“When it comes to your privacy, we strive to make choices easy to understand while also providing clear visibility and control over your data. We believe finding the right balance is one of our most important tasks in delivering great personalized experiences that you love and trust.”

We’ll have to wait until Spring to see if these changes address concerns of the EFF, which last August criticized Microsoft’s malware-esque forced upgrade tactics and its refusal to answer consumer privacy inquiries in a straightforward fashion. Microsoft’s also trying to appease French regulators, who last summer demanded that Microsoft “stop collecting excessive user data” and cease tracking the web browsing of Windows 10 users without their consent. Of course if having total, granular control over how chatty your OS is over the network is your priority, not using Windows whatsoever probably remains your best option.

Filed Under: , ,
Companies: microsoft

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Microsoft Sort Of Addresses Windows 10 Privacy Complaints With New Privacy Dashboard”

Subscribe: RSS Leave a comment
64 Comments
Max says:

Oh, it’s a very easy equation: regardless of how many concessions they make, they will NEVER agree to a “ZERO bytes go to microsoft.com, ever (or indeed anywhere else I didn’t mean to send some)” policy, which in turn guarantees that I will never willingly operate any MS OS past Windows 7, and even that one preferably only when I can’t manage with a non-MS option. Simples…

Anonymous Coward says:

Said basic tier is the lowest the settings will go,

Not actually. Corporate administrators can disable more data collection (proving it’s not "necessary for the functioning of the OS"). Clearly MS is concerned about corporations avoiding their software, but they know users aren’t going to do anything except complain.

We’ll have to wait until Spring to see if these changes address concerns of the EFF

I don’t have to wait: I’ll say "no" right now. If the only choices are "fully on" or "mostly on", you’re ignoring the choice of everyone who would have preferred "off".

Dr. David T. Macknet (profile) says:

Even better

Rather than accept Microsoft’s word for it, I’ve simply added the following to my hosts file, so that any request to their spy sites gets simply discarded:

# Windows SPY sites
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn.com
0.0.0.0 rad.msn.com
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com

I imagine that I should hunt about for an update to that list, as no doubt they’re aware of some of us trying to stop them spying, but it’s a good start.

Ben S (profile) says:

Re: Even better

You forget that windows is hard coded to bypass the hosts file for its internal tracking services. Those entries in the hosts file won’t do much of anything at all to stop tracking. I had a cousin show me a program he had installed to block the tracking, but I forget what it was called, and never did look into it to see if it actually does the job.

Note: I don’t have Win 10, so I can’t really test the software myself.

Anonymous Coward says:

Re: Re: Even better

I had a cousin show me a program he had installed to block the tracking, but I forget what it was called, and never did look into it to see if it actually does the job.

It might, but in general a program cannot be relied on to police an OS it runs within. Future Windows updates could easily break it, intentionally or not.

Realistically you’d need to run Windows in a VM to prevent it from doing this. But "realistically" is the wrong word, because in practice a VM cannot easily decrypt traffic to tell the difference between Windows Update downloads and telemetry uploads, so you’d have to disable networking entirely.

AEIO_ (profile) says:

Re: Re: Re:2 Even better

“… that or block those IP’s on a hardware firewall rather than within Windows itself.”

Not really — the internal Windows firewall will be good enough for blocking. The SECOND Microsoft gets caught bypassing it’s own firewall rules is the same second all of the security pros begin to dump Windows. You might not trust every program not to do something stupid, but if you can’t trust the OS to enforce blocks then it’s pointless.

Yep, you could kill it at the outgoing border gateway but if Windows won’t support it’s own firewall rules there’s no reason to use it. (There’s less and less every day — inertia, both programmatically and human. AD however, won’t go away. Shame it wasn’t Novell’s NDS, out years earlier than MS.)

Ii wouldn’t be surprised if there wasn’t someday an automatic AD-enforced rule that disabled some of the call-home stuff — that way Win HOME and Win Pro non-AD could be configured out of the box that way and no one would gripe.

Anonymous Coward says:

Re: Re: Re:3 Even better

The SECOND Microsoft gets caught bypassing it’s own firewall rules is the same second all of the security pros begin to dump Windows.

That’s optimistic. They were already caught bypassing the hosts file. I expect if they’re ever caught bypassing the firewall, they’ll just say it was to protect against malware that was interfering with Windows Update. People have been threatening to dump Windows for years due to privacy invasion, ever since the mandatory product activation in XP, and now MS are calling the bluffs of home users (not corporate users though–MS lets them disable telemetry because they might not be bluffing).

Anonymous Coward says:

Re: Re: Re:2 Even better

Well, that or block those IP’s on a hardware firewall rather than within Windows itself.

A Windows computer is opening an encrypted connection to microsoft.com:443. Do you allow or block it? If you block too much you’re not going to be able to update the OS. And if MS don’t want you to have privacy, which they seem to not want, why do you think the traffic will be easy to identify? The IPs and hostnames could change at any time, and you can probably use domain fronting to access any MS domain through any MS hostname/IP anyway. (You could block every domain related to MS, but then why are you using Windows?)

Thad (user link) says:

Re: Re: Re:3 Even better

Well, yes; using an operating system implies a certain level of trust. (This is especially true of proprietary OS’s, but it’s even true of free/open-source ones. Even if you’re compiling the OS from source yourself, and even if a checksum is provided so that you can confirm that no unauthorized code has been injected by the compiler, it’s unlikely that you’ll personally have the opportunity to audit every single line of code in every program you use. Unless your workflow is very limited.) That’s what Shuttleworth meant when, in response to an outcry against Ubuntu sending its launcher’s search data home to solicit ads from Amazon, he responded, "We have root." It was a foolish and arrogant thing to say, but he’s not wrong — if you’re using Ubuntu, that means you’re already giving Canonical a substantial amount of trust not to take advantage of your most intimate information.

That list of domains provided by Dr. David T. Macknet is a list of places we know Windows 10 is sending private data. You’re correct that it could just be sending it encrypted to microsoft.com. It could also be sending it to any other domain, including ones not obviously owned by Microsoft, or funneling it through a third party. And how do you know it’s only Windows 10 doing it? How do you know Windows 7 isn’t doing it too?

The answer is that you don’t. On some level, if you’re using Windows, you’re trusting Microsoft, at least a little bit.

Somebody who blocks that list of domains at the firewall trusts MS less than somebody who doesn’t. But you’re right, if I’m using Windows at all, I’m trusting MS at least a little bit.

Roger Strong (profile) says:

Re: Even better

Some hardcoded DNS domain names will resolve to their proper IP addresses regardless of what you put into the HOSTS file:

http://www.msdn.com
msdn.com
http://www.msn.com
msn.com
go.microsoft.com
msdn.microsoft.com
office.microsoft.com
microsoftupdate.microsoft.com
wustats.microsoft.com
support.microsoft.com
http://www.microsoft.com
microsoft.com
update.microsoft.com
download.microsoft.com
microsoftupdate.com
windowsupdate.com
windowsupdate.microsoft.com

That’s as of last summer. The list could change with an update.

R.H. (profile) says:

Re: Re: Even better

This is for a very good reason. Microsoft has had issues with malware altering the HOSTS file in older versions of Windows and redirecting people from MS sites to other sites in the past. So, they hard coded their websites to always go where they’re supposed to go. If you don’t trust Microsoft though, don’t use Windows.

AEIO_ (profile) says:

Re: Even better

Don’t do HOSTS. That only works with DNS lookups, not if the IP addresses themselves are actually encoded within the product — for ALL apps, not just the OS. DNS just makes it easier.

Instead use firewall rules as primary and HOSTS as a secondary backup. Destroy Windows Spying (DWS) has a good rule set.

Even if you can’t actually read and understand all of the code, you can still get a good impression of what’s going on and what they’re doing.

https://github.com/Nummer/Destroy-Windows-10-Spying/releases/tag/1.6.722

File MainDwsForm.cs. Code:
private void AddToHostsAndFirewall()
string[] hostsdomains =
“a.ads1.msn.com”,
“a.ads2.msads.net”,
“a.rad.msn.com”,

and so on. These lines add HOSTS blocks to 0.0.0.0 to stop DNS lookups. [They’re actually created in the “/C” code at the end of the array.] Then later on they block actual IP addresses,

private void BlockIpAddr()
string[] ipAddr =
“104.96.147.3”,
“111.221.29.177”,
“111.221.29.253”,

These block the actual embedded IP addresses using the native Windows firewall. [literally adding null routes via the trailing “/C” code again.] The second Microsoft is caught bypassing it’s own firewall to communicate home I think is the second they get dumped.

This is the same type of thing that PeerGuardian / Peerblock does, only they target ever-changing RIAA/MPAA IP addresses.

MS changes IP collection addresses only occasionally and sometimes it’s not even their fault. But don’t rely on this 100% to block mothership access; they’ll someday add a new patch that’ll not be blocked. Gee, if only there were a monthly update system in Windows that could update this.

[GEE, IF ONLY THEY WOULD QUIT COLLECTING THIS DATA TO START WITH. IT’S ONE THING TO HOLD PROGRAM LAUNCH NAMES AND TIMES ON MY PC, BUT ANOTHER to store them all in Redmond. You don’t need to know I’ve got VLC playing My Little Pony in an endless loop. And you SURE don’t need to know I’m controlling a botnet of LOIC nodes. In this case I guess it’d be a botNOT. :-)]

Jinxed (profile) says:

Re: Even better

@Dr. Macknet:

Move these addresses to your router and block them there. Windows ignores the hosts files (confirmed by many, including myself).

At the router, Microsoft has no control.

If your router doesn’t give you the ability to administer IP addresses, buy a new router.

In addition: you can buy third party software which regulates internet traffic, blocking what you need to (regardless of what is trying to get through). The con to this type of software is you have to spend a good deal of time “Allowing” as most sites are turned off by default.

Anonymous Coward says:

> The problem is that Microsoft has often hidden behind claims that it has to collect a lot of this data or the operating system won’t work

That’s a bunch of bullshit. An earlier version of Myerson’s blog post included the fact that enterprise users can turn off all data collection because enterprises have different needs than consumers. It’s interesting that they removed that.

Myerson is right about the differing needs. If I lost my work laptop and my personal laptop, it’s my personal machine that I would be freaking out about. It’s consumers that should be able to keep their secrets private. I don’t care if Microsoft sees my TPS reports but I do care if Microsoft sees my personal medical or financial information.

I think the real issue is that my TPS report is useless when it comes to targeting ads at me whereas my blood work lab report is just what the pharmaceutical companies need to figure out what ads to show me.

I’m fortunate enough to have an “unlimited” data connection, but people that are stuck on a metered connection have even more reasons to demand less chat between Windows and Microsoft.

I’d like to see open source router firmware makers start offering to block Microsoft servers. Windows sure is starting to feel like malware.

Anonymous Coward says:

Re: Re:

If I lost my work laptop and my personal laptop, it’s my personal machine that I would be freaking out about. It’s consumers that should be able to keep their secrets private. I don’t care if Microsoft sees my TPS reports but I do care if Microsoft sees my personal medical or financial information.

Your medical and financial information are someone else’s "work" information.

Anonymous Coward says:

Re: IN THE LAST 10+ years...

Not sure where you are but most games I have obtained over the last few years are finished products. The only exceptions being games that I bought/supported specifically as under development.

Since your examples start with games one suspects that games are your major focus. Let’s keep it to the subject.

You might need to tune your tinfoil hat.

Anonymous Coward says:

Someone doesn't know how to write and OS.

[quote]The problem is that Microsoft has often hidden behind claims that it has to collect a lot of this data or the operating system won’t work[/quote]
This is seriously wrong.

I have written device drivers, worked on I/O systems, Real Time OSs, maintained them, administered Unix/Xenix, admined and modified Linux since

Anonymous Coward says:

Re: Someone doesn't know how to write and OS.

When Microsoft says the OS won’t work without the data collection, they are being a little dishonest.

As you know, there’s a line between operating system and applications. Where the line is changes over time, but with Windows 10, Microsoft is moving that line for business reasons, not technical reasons. So the part of the operating system that won’t work are the parts that get personalized. Those also tend to be the parts that those of us asking for better privacy controls don’t want to work.

Lurker Keith says:

Not can't, refuses to

The problem is that Microsoft has often hidden behind claims that it has to collect a lot of this data or the operating system won’t work

Then they need to design their OS better, so it can work without all that collection. It isn’t impossible, they just don’t want to respect privacy concerns.

I found out the hard way (relative’s computer) that rejecting the ToS did force the OS to revert back to what it was before Microsoft forced the illegal "upgrade".

Anonymous Coward says:

The fact that so many people are upset with the lack of privacy controls is really a sign that Microsoft isn’t executing very well on their Windows 10 vision.

They need to add features so compelling, that customers want to give Microsoft their personal data. If by giving Microsoft access to my files, calendar, contacts and location some amazingly useful features were made possible, I’d be excited. The way it is now though, I have to give up a lot and get very little in return. It’s a bad deal.

My personal data is something that I should choose to share with Microsoft, not something they just take from me.

LVDave (profile) says:

All I can do is shake my head..

I spent close to 20 years supporting MS products in the workplace and up until I retired in 2010, I dualbooted Win7 and Linux. At that time, I decided I was done with Microsoft’s products, and deleted the Win7 partition on all of my home systems. Since Windows 10 has come out, and I hear of all of the abuse that people who still use MS products get from MS, the forced updates, updates that brick the system and the textbook malware methods MS used to get the “free” Win10 on as many systems as they could AND THEN the blatant spyware aspects of Win10, all I can do is shake my head and realize that a VERY large number of people either don’t know what a turd Win10 is, or they know and DON’T CARE..

Certainly am glad I don’t use MS products anymore…

Anonymous Coward says:

There’s something that most here don’t seem aware of. You can turn your settings off. Sooner or later, M$ in it’s wisdom will decide to turn them back on for you. Especially if the software believes it should be on, no matter what you chose.

I see this issue often, with the wifi side. I don’t have wifi on, it’s all hard wired. When I am not on the net, I turn the net drivers off. When I go to turn them back on ever so often, the wifi has changed on it’s own but to enable.

Seeing this, I decided to go check some of those other settings I turned off. Sure enough, some of them had re-enabled on their own.

You can’t depend on your privacy settings staying where you put them.

bshock says:

I'm trying very hard to find this story important

If you’re still using Windows 10, it’s either because that’s the office OS or because you’re too lazy, too apathetic, or too dumb to care.

This reminds me of the situation where people build their homes on the bank of a river and then seem astonished when it overflows and almost drowns them. Sure, I’ll help them because it’s the human thing to do, but don’t look for me to feel terribly sympathetic.

Anonymous Coward says:

Re: And I'm trying very hard to find a shred of sense in your post

“because you’re too lazy, too apathetic, or too dumb to care.”

Harsh in the extreme and grossly unfair. How about ignorant? How about uninformed? How about “it came with the machine”, which applies to what, 99.99% of all desktop/laptop sales?

And your analogy is crap. Who the hell is building their own houses, let alone on a river bank? Builders build houses and flog them to people. And yes, they sometimes build them on flood plains, because they’re allowed to do so by god damn awful planning regulations and kickbacks, but that’s another story.

bob says:

Re: I'm trying very hard to find this story important

You forget that a lot of PC games still only run on windows. It’s getting better now that more developers will make their games cross-OS compatible. but until the games I play can run on Linux I’m stuck with windows.

Speaking of houses and windows those that live in glass houses…

shouldn’t use the bathroom.

Gwiz (profile) says:

Re: Re: I'm trying very hard to find this story important

I am curious as to what games you play that won’t run on Linux.

My Debian laptop is approaching 10 years old and basically I have found (with a few exceptions) that if my hardware could handle the game in Windows then it would also run under Wine on the Linux OS.

Being that my computer is so old, I don’t often attempt to play the newer, high-end graphics games that are out there nowadays, so I am curious as to which games you couldn’t get to work on Linux.

Thad (user link) says:

Re: Re: Re: I'm trying very hard to find this story important

Some games run fine under WINE; Trails in the Sky is a recent example that works great.

Some don’t; I never could get Civ4 to do anything but crash on load.

An increasing number of games are getting native Linux versions, too, making WINE unnecessary. This is especially true for indie games. Major studio games sometimes get native Linux releases too, but there’s usually a lag, and it’s never a sure thing.

But there’s another problem: DirectX just works better than OpenGL. This doesn’t matter on lower-end games, but if you’re playing a game that really maxes out your hardware’s capabilities, DirectX is a better choice than OpenGL. Which means Windows is a better choice than Linux.

Vulkan seems to be closing the gap a bit, but it’s still not on par with DirectX, and it’s still early days and Vulkan’s not widely supported.

Believe me, I’m hoping this changes; I’ve been waiting for an opportunity to ditch Windows completely for around 15 years now. But for now, I’m still running Windows on my HTPC, and keeping a dual-boot on my main computer, so I can play games.

Not an Electronic Rodent (profile) says:

Re: Re:

"The problem is that Microsoft has often hidden behind claims that it has to collect a lot of this data or the operating system won’t work"

Yeah, this one’s even harder to swallow…

So, Mr. Microsoft, you’re claiming that if you try and use Windows 10 on a network without an internet connection, or (shock, horror!) airgapped, it’ll just randomly fail…. is that right? Wow, way to build an OS!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...