Broken Windows Theory

150803_BIT_Windows10-Holes — Windows 10 is currently a privacy morass in dire need of reform.

Windows 10 is the operating system Microsoft needs. In other words, it’s not Windows 8, a Frankenstein’s monster of a tablet-plus-desktop OS that alienated everyone from PC manufacturers to corporate users. Instead, Windows 10 is an incremental improvement on Windows 7, one that is faster, slicker, and has some new bells and whistles, like virtual desktops and functional tablet support. One of Windows 10’s leaps, unfortunately, is straight into your personal data.

David Auerbach is a writer and software engineer based in New York, and a fellow at New America.

Apple and Google may have ignited the trend of collecting increasing amounts of their customers’ information, but with Windows 10, Microsoft has officially joined that race. By default, Windows 10 gives itself the right to pass loads of your data to Microsoft’s servers, use your bandwidth for Microsoft’s own purposes, and profile your Windows usage. Despite the accolades Microsoft has earned for finally doing its job, Windows 10 is currently a privacy morass in dire need of reform.

150803_BIT_Windows10-01 — Some of the many, many privacy settings in Windows 10.

The problems start with Microsoft’s ominous privacy policy, which is now included in the Windows 10 end-user license agreement so that it applies to everything you do on a Windows PC, not just online. (Disclosure: I worked for Microsoft in the days of Windows XP.) It uses some scary broad strokes:

Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary.

Some have spun conspiracy theories out of that language. I’m more inclined to blame vagueness and sloppiness, not ill intent. With some public pressure, Microsoft is likely to specify how and why it will share your data. But even that won’t excuse Microsoft’s ham-fisted incursion into users’ data, nor how difficult it is restore the level of privacy back to what it was in Windows 7 and 8. Apple’s and Google’s privacy policies both have their own issues of collection and sharing, but Microsoft’s is far vaguer when it comes to what the company collects, how it will use it, and who it will share it with—partly because Microsoft’s one-size-fits-all privacy policy currently applies to all your data, whether it’s on your own machine or in the cloud. As Microsoft puts it:

Rather than residing as a static software program on your device, key components of Windows are cloud-based. … In order to provide this computing experience, we collect data about you, your device, and the way you use Windows.

In other words, Microsoft won’t treat your local data with any more privacy than it treats your data on its servers and may upload your local data to its servers arbitrarily—unless you stop Microsoft from doing so. Microsoft’s security story has been far from perfect; this move could make it far worse. For now, it’s not easy to restrict what Windows collects, but here’s how.

Don’t Use Express Settings During Setup

During installation, Microsoft will encourage you to accept its “express install” defaults. Without exceptions, these defaults will result in the maximum sharing of your information with Microsoft. Instead, select the “custom install” option, which will bring up a bunch of toggles. The first set of toggles, concerning personalization and location, looks like this:

150803_BIT_Windows10-02 — Turn these off.

These settings all send your personal data to Microsoft with little upside for you (unless you like customized advertising). I recommend turning them all off.

The second set of toggles is more cryptic but more important:

150803_BIT_Windows10-03 — Turn these off too.

While the first two settings here, for SmartScreen and page prediction, simply send more of your activity to Microsoft, the next two are subtler. Automatic connection to open hotspots and to your contact’s networks means that your computer will connect to certain networks without your explicit consent. Unless you trust Microsoft’s judgment and all of your contacts, it’s best to disable those. Last, sending error and diagnostic information may seem harmless, but when something goes wrong, that “information” might include tons of sensitive stuff—if you were editing a spreadsheet of your romantic dalliances when your computer crashed, it’ll get uploaded. If you feel like helping out Microsoft, you can leave this enabled, but I turned it off.

Turn Off the Secret Settings

The install settings are only a subset of Windows 10’s privacy settings, which occupy more than a dozen different pages and dialogue boxes across the user interface, none of them in plain sight. Moreover, one of them reveals that Microsoft wasn’t being quite honest during setup. When you turned off “Send error and diagnostic information,” you really only turned it down from “Full” to “Enhanced.” To really reduce the amount of information sent to Microsoft, you need to go to the Start menu, select Settings, choose Privacy from the list of settings, and then go to the Feedback and Diagnostics section:

150803_BIT_Windows10-04 — Settings->Privacy: Set diagnostic and usage data to “Basic.”

Choosing “Basic” will keep the amount of random data sent to Microsoft to a minimum.

That leaves, however, the other 12 Privacy sections. I recommend going through all of them, painful as that may be, and carefully assessing what you’re willing to share. In a pinch, however, there’s only one really important one that wasn’t already changed during install, which is under Account info:

150803_BIT_Windows10-05 — Settings->Privacy: Turn off sharing of account info.

This gives any app you install permission to see an arbitrary amount of your account info. Until Microsoft makes this considerably more fine-grained and transparent, as Apple and Google have done with their app stores, it’s a bad idea to leave it on.

Use a Local Account

Microsoft will encourage you to create a “Microsoft account” (formerly known as a Live ID) so that signing on to Windows is akin to signing into Microsoft’s online services. In this Microsoft is following Apple’s lead of associating your OS with a single account. This is the single biggest privacy compromise you can make. As long as you’re signed in, Microsoft could conceivably upload whatever data it wants to your server-side profile without you knowing. Without a Microsoft account, it’s harder (though hardly impossible) for Microsoft to lump your data together, and it disables other potentially problematic features like Wi-Fi Sense. Not using a Microsoft account will single-handedly protect you from many of Microsoft’s attempts to collapse the local-remote distinction in its privacy policies. Instead, use a local account, and use Gmail or Yahoo Mail or anything other than Microsoft.

150803_BIT_Windows10-06 — Settings->Accounts: Use a local account, not a Microsoft account.

Don’t Let Microsoft Steal Your Bandwidth

By default, Microsoft turns your computer into a peer-to-peer node to help it distribute Windows 10 updates, in order to save Microsoft server bandwidth costs. “Microsoft calls it Windows Update Delivery Optimization,” or WUDO. WUDO really should have been turned off by default, because it may slow you down and may even cost you additional money if you have a metered connection. Instead, it is also one of the hardest settings to turn off, requiring clicking through four obscure screens. I’ll walk you through it.

First, start up Settings and click on Update & security.

In the Windows Update screen of Update & security, select Advanced options.

In Advanced options, select Choose how updates are delivered. (You may also want to change the drop down to “Notify to schedule restart” so that Windows won’t spontaneously reboot your machine after installing updates.)

Finally—finally!—turn off peer-to-peer distribution of updates:

It’s almost as though Microsoft didn’t want you changing that setting. (Microsoft really wants your bandwidth.)

Don’t Use Edge or Cortana

Microsoft’s Siri-imitating Cortana personal assistant and its new Edge browser are designed to take advantage of as much personal information as possible to customize user experience, take annotations, and learn all about you. Until Microsoft clarifies its privacy policies, I recommend against using them. Stick with Firefox or Chrome as a browser, or even good old Internet Explorer.

This is not a complete list, but it hits the most important spots where Microsoft has made the defaults uncomfortably intrusive, nosy, or simply greedy. Microsoft needs to centralize these and other settings in a far more transparent and easy-to-understand box, clarify their implications, and pledge to users that it won’t upend their privacy settings in so egregious a way again. Until then, protect yourself.

This article is part of Future Tense, a collaboration among Arizona State University, New America, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.