As you may have heard, a company called Microsoft has just launched version 10 of one of its products. Here on Techdirt, we don’t do software reviews — you might be able to find one or two online if you search a little — but we do like to analyze privacy policies. In this respect, it seems that Microsoft is breaking new ground, as EDRi.org found when it looked at updated terms and conditions that came into effect on August 1, just in time for Windows 10:
We copied and pasted the Microsoft Privacy Statement and the Services Agreement into a document editor and found that these “straightforward” terms are 22 and 23 pages long respectively. Summing up these 45 pages, one can say that Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties. The company appears to be granting itself the right to share your data either with your consent “or as necessary”.
If you want more details, the French site Numerama has picked out the key elements (original in French), summarized in English by EDRi:
When signing into Windows with a Microsoft account, Windows syncs some of your settings and data with Microsoft servers, for example “web browser history, favorites, and websites you have open” as well as “saved app, website, mobile hotspot, and Wi-Fi network names and passwords”. Users can however deactivate this transfer to the Microsoft servers by changing their settings.
More problematic from a data protection perspective is however the fact that Windows generates a unique advertising ID for each user on a device. This advertising ID can be used by third parties, such as app developers and advertising networks for profiling purposes.
Other features include generating a recovery key when encrypting the drive that Windows is installed upon, which is automatically backed up online in the Microsoft OneDrive account.
Microsoft’s updated terms also state that it collects things about you, your devices, and app data, as well as information about the networks you connect to. Then there is Microsoft’s personal assistant software “Cortana.” If you use it, here’s what it will gather:
Your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device. Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more.
And in case you thought that was everything, it also collects:
Your voice input, as well your name and nickname, your recent calendar events and the names of the people in your appointments, and information about your contacts including names and nickname.
Any one of these would be enough to raise serious privacy concerns, even if some can be turned off; put together, they look as if an executive order has gone out to harvest the maximum amount of personal information, and to disregard privacy issues completely. Back in 1999, when Sun’s CEO Scott McNealy famously declared “You have zero privacy anyway, get over it,” he could be forgiven for living in an innocent era when the harm that might flow from that situation seemed circumscribed. Today, in the post-Snowden world, putting “zero privacy” at the heart of your latest product in the way that Microsoft seems to have done with Windows 10, is not just foolish and anachronistic, but downright contemptuous of users and their safety.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+