Microsoft finally reveals exactly what telemetry Windows 10 collects about your PC

Ever since Microsoft launched Windows 10, privacy advocates and concerned users have loudly argued that the firm needed to improve and clarify its privacy policies. To date, the company has mostly ignored those requests, though Windows 10’s recent Creators Update did move the ball forward in some meaningful ways. But as of today, the company is doing more to explain how, where, and when it collects data, as well as explaining how that information is used.

First, everyone who updates to the Creators Update will be presented with a privacy screen showing them what their current device settings are in certain key areas, as shown below:


Everyone who installs the Creators Update will be offered the option to change these settings.

Previous updates to Windows 10 didn’t flag users with the option to adjust their privacy settings, so we’re glad to see Microsoft deliberately informing current users that they have the option to change settings they may not have been aware of prior to the update.

Users who are installing Windows 10 for the first time will see the updated Privacy settings we’ve highlighted before, but Microsoft makes a nice point in its blog post: The privacy settings are now designed to fit into two columns on a monitor, as opposed to requiring end-users to scroll down to find the rest of them. That kind of tweak enhances discoverability, and while it’s a small thing, we’re glad to see it.

Microsoft has also updated its own documentation to make it extremely clear which data is gathered and under what circumstances. Here’s a snip from the article on Basic collection, by Brian Lich:

The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Windows Store. When the level is set to Basic, it also includes the Security level information. The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.

There’s an enormous section (30,000 words) following this, which defines all of the extensions, events, and information that can be collected in Basic mode, in case you want to investigate the situation for yourself. I won’t claim to have read the novella, but I have spot-checked it, and there’s no sign that I can see of MS collecting anything nefarious in “Basic” mode. The reason the list is so long is because Microsoft’s diagnostic data gathering is rather thorough. The Census.* section is a decent example of this:


Click to enlarge.

The information Microsoft is gathering in its Basic telemetry option appears to be confined to general data about the system state as opposed to anything personal. In this specific case, I think the company’s claim that it gathers this information for bug-fixing and troubleshooting purposes passes muster. Microsoft has long used such programs — that’s how we found out that 22 percent of Windows crashes in Windows Vista were actually caused by buggy Nvidia drivers.

The company has not yet published a Robert Jordan novel exhaustive list in the same fashion for its “Full” collection mode, but it has documented exactly which kinds of information are collected in various scenarios and the circumstances in which this information is sent to Microsoft. Much of the data gathered in “Full” mode is still general system state information, but there are places where personally identifiable information (PII) may be sent to Redmond. Here’s an example of the “Browsing, Search, and Query data.”


Click to enlarge

Disclosing this kind of information is a critical step towards answering the privacy questions concerned Windows users have been raising for at least two years (questions about privacy in Windows 10 were being raised well before the OS actually launched). Microsoft’s privacy policy has also been updated. It’s fairly well written, easy to understand, and features a refreshing lack of weasel words.

A definite step in the right direction

The Creators Update was already expected to improve Windows 10’s privacy controls, but publishing these secondary documents is, we think, an important demonstration of good faith. We still maintain that the best way for Microsoft to deal with these privacy issues is to give users the option to opt-out of telemetry gathering altogether. Similarly, there are going to be users who remain disinterested in Windows 10 until and unless Microsoft adopts this stance.

For users who have been somewhere in the middle — unhappy with the state of things, but not swearing off the OS just yet — these updates and additional changes should answer a lot of previous concern. I honestly don’t know why it took Microsoft so long to realize it should deal with user concerns by actually releasing information, as opposed to offering a vague, hand-waved “trust us,” but we’re glad to see the company finally disclosing this data. A few weeks ago, we criticized Microsoft for claiming to value user feedback while ignoring a huge chunk of its audience who were unhappy with privacy in Windows 10. We’re not declaring victory just yet, but it looks as though Microsoft has been listening at least a little more than we thought they were.

Let’s block ads! (Why?)