A prominent web developer has found a number of anomalies in Windows 10’s default privacy settings.
Web developer Jonathan Porta reported uncovering the issues in a blog post on Friday.
His concerns focus on seven key privacy settings that are switched on by default in Windows 10.
The settings allow Windows 10 to:
- “Personalise your speech, typing, and inking input by sending contacts and calendar details, along with other associated input data to Microsoft.”
- “Send typing and inking data to Microsoft to improve the recognition and suggestion platform.”
- “Let Windows and apps request your location, including location history, and send Microsoft and trusted partners some location data to improve location services.”
- “Send Microsoft and trusted partners some location data to improve location services.”
- “Use page prediction to improve reading, speed up browsing, and make your overall experience better in Windows browsers.”
- “Automatically connect to suggested open hotspots. Not all networks are secure.”
- “Send error and diagnostic information to Microsoft.”
The settings are officially designed to improve Windows 10’s services, such as the Cortana voice assistant, and tailor the operating system to meet its user’s needs.
However, according to Porta, there are two key issues with the settings. First, Porta thinks they are overly vague and do not adequately explain what specific data is being collected.
Second, Porta thinks the settings do not offer enough clarity on which third party companies Windows 10 customers’ data is being shared with.
Porta says, when the settings are on, Microsoft will have free reign to collect any data it wants and concludes: “I might as well relocate my computer to Microsoft headquarters and have the entire company look over my shoulder.”
Time to get the tinfoil hat
Porta is not alone in his concerns about Windows 10’s privacy issues. A conspiracy theory has appeared on the 4Chan message board claiming Windows 10 is actually connecting machines to a surveillance botnet. Botnets are a network of machines that have been enslaved by a hacker.
There is no solid evidence to support the claim. However, Microsoft has been linked to government-sponsored surveillance campaigns in the past.
Documents leaked to the press by whistleblower Edward Snowden showed Microsoft was one of the technology companies the NSA siphoned web user data from during its PRISM campaign. The campaign saw the NSA siphon data from many tech firms including Facebook, Twitter, Google, Yahoo and Apple.
During it the NSA forced firms to hand over data using special secret court orders. Microsoft has since publicly campaigned to combat the orders. Microsoft was one of 140 companies to send an open letter to US President Barack Obama urging him to hamper intelligence agencies, such as the NSA’s, ability to collect customer data.
A reality check
A Microsoft spokesperson moved to downplay the concerns about Windows 10’s privacy settings in a statement sent to Business Insider. Microsoft said the data is being collected purely for product improvement purposes.
“To effectively provide Windows as a service, Microsoft collects some performance, diagnostic and usage information that helps keep Windows and apps running properly,” said the spokesperson.
“Microsoft does not sell this data or use it for advertising purposes. We give a select number of Microsoft employees and third party engineers access to select portions of the information to repair or improve Microsoft products and services.”
Trend Micro cyber security consultant Bharat Mistry lent credence to Microsoft’s claim telling Business Insider, while the settings are vague, it is unlikely Windows 10 is actually spying on its users.
“The settings would suggest that Microsoft is trying to understand user behaviour in more detail — in terms of sites accessed, the time of day and also from location as well,” he said.
“Users should be concerned — [but] just don’t accept the defaults!”
Business Insider Emails & Alerts
Site highlights each day to your inbox.