Windows 10 Allegedly Keylogs, Sends Data To Microsoft Every 30 Minutes
It's time for another dose of skepticism, because more information has been brought to light over how much data is being sent to Microsoft with its latest operating system. According to an anonymous source on a Czech website (translation available here), key-logged information and even file search results are sent back to Microsoft with Windows 10.
This follows on from information regarding data being sent back to Microsoft, even with the various privacy options disabled. The Internet-enabled services like Cortana, OneDrive, News, Weather, etc., can be set to not send information back to Microsoft, but telemetry data can still be sent (what buttons were clicked, where, how often), even with the services disabled. What's disturbing is this telemetry can include the machine ID of the system.
When services are used, Microsoft does keep tabs on the network use and processor time of specific services. How accurate this is, is another matter. Open up the Task Manager, full view, then go to the App History tab, and you can see some of the metrics.
Now, a huge amount of salt should be taken regarding the findings of the article. While the traffic and the URLs reported may be real, the specifics of the actual information sent may not be so revealing or insidious in nature. While it's still disturbing that information regarding an open mic is sent back to Microsoft, even with personal inking data disabled (and thus Cortana with it), it's hard to figure out what exactly is being sent. Why? It's encrypted. That in itself is partially a good thing, because at least it's not sent as plain text. What isn't so good is that we (the users) cannot see exactly what's being divulged.
Supposedly, searching for films can result in indexing services crawling through your media folders, sending the results back to Microsoft. Honestly, if it were searching for pirated material, there are better methods -- like monitoring the hundreds of public and private torrent trackers that are available. There is a major issue with the results too -- the information collected, the metrics, URLS, et cetera, were gathered from Windows 10 Insider Preview Build 10240. While this build is close to final retail, it's still technically a preview, and as such, many of the metrics collected may be bloated in size due to the extra information Microsoft is gathering regarding what's effectively a beta build.
The issue at the heart of the matter is the fact information is being sent to Microsoft, but we do not know if it is personally identifiable or not, since we only have Microsoft's word to go on. Even if none of it isn't identifiable, it's still possible to build up profiles of specific users.
Things such as your machine ID, web browser, browser plugins, time zone, localization settings and so forth, are not identifiable pieces of information in of themselves. Put them together, and it's possible to build up a profile of a specific user. While your name may not be known, it's still possible to build up a significant profile just by using non-identifiable information.
If you are truly paranoid, the answer to these privacy concerns is quite simple: don't use Windows 10. In fact, don't use Windows at all -- or Facebook, or Bing, or Chrome, or any Internet related service. Even walking into town will have your activity tracked across hundreds of cameras, your credit card transactions, loyalty cards, and on and on. I'm not saying we should get used to being tracked, but not all tracking data contains information about you. However, it would be nice if there was some more transparency regarding what actually is sent, not just by Microsoft, but all services.