Striking a Balance Between Privacy and Technology -- Navigating the Microsoft 10 “Free” Upgrade
August 18, 2015
By Greg Wasson, End Point Security Program Manager

The widely covered launch of Windows 10 has elicited numerous warnings from privacy advocates and online security experts in recent weeks.  Why?

Microsoft 10, which is available in the form of a free upgrade for Windows users, has been met with positive reviews but its privacy settings are concerning. The new operating (OS) system will automatically collect an enormous amount of user information (including offline data), unless users specifically alter the preset privacy settings. As a default setting, Windows 10 collects, retains and even shares with “partners” valuable user data that has been gathered without user knowledge. This could clearly cause some serious privacy concerns, and consumers need to remain aware of what their options are.

This “free” upgrade is a clear example of the trade-offs that users make every day – free technology in exchange for our information. While there is no perfect answer to the question of what users should and should not feel comfortable sharing (that is up to each individual and organization) I can say for certain that all users need to be more educated about what they’re signing up for. Below, I outline some key information you need to know.

Installing the Upgrade

How does the new operating system (and privacy settings) get installed on your computer in the first place?

When a user decides to upgrade their operating system to Windows 10, one of the first options that a user is presented with is a screen that asks if the user wants to “Use Express settings”. Most users simply click “yes,” use the default settings and move on with the installation. Rather users should click the “Customize setting” box and spend time to customize the security settings on their own. I urge everyone to take a closer look and check off these specific boxes that pertain to personalization, advertising and geolocation tracking.

Using Windows 10

Once Windows 10 is installed, a user will be able to customize the default settings of Windows 10 even after its installation. However, it is important to note that many of the new and most useful features of Windows 10 (such Cortana, geofencing, Xbox One integration, etc.) are not available unless users have opted to allow their personal data to be shared.

Once again, the user is presented with a set of choices. Some of the data shared with Microsoft, such as current location, are relatively benign and even useful to share with Microsoft. Other things may not be. It is up to the consumer, or the enterprise, to check the privacy settings and determine what they are and are not willing to share.

Fortunately, Microsoft does a very good job of making all of the privacy settings easily navigable and user friendly. All of the nearly fifteen various privacy options throughout the operating system are compiled into one single category under “Privacy Settings”. Microsoft also makes a clear effort to describe what each setting means and what data will be shared.

How to Selected Privacy Settings:

What Does This Mean for Enterprises?

For an individual user, the question of what they are willing to share in exchange for free technology is a personal choice. It is an entirely separate question for enterprises. The installation of Windows 10 will certainly make enterprise IT more complex – especially if you consider organizations that have Bring Your Own Devices (BYOD) policies.

In Windows 10, even if all of the data sharing options are disabled in the settings, the operating system still tries to contact Microsoft with user information.

The screenshot below shows that one of the settings can’t be completely disabled.

While some of the information shared is encrypted or may seem benign, regulated industries such as healthcare, financial services, government, etc. will have to work closely with their Windows 10 users to ensure that serious privacy infringements do not occur. In healthcare, sharing user data may have HIPAA implications especially if the data being shared involves patient information.  

So Where Does This Leave All of Us?

There are some very positive new developments in Windows 10 that make using the OS more secure – including the fact that critical security updates are automatic, this relieves the user of the need to constantly monitor for updates related to security patches.

So what can you do?

Consumers must remain educated about the technology they are using, and enterprises will need to remain diligent about using Windows 10 in their organization as well as keeping their employees informed about security and privacy.

Last, but not least, and in fairness to Microsoft, they are by no means the only tech company that is harvesting large amounts of user data.  As I tell all of our clients, “be vigilant about protecting your personal information”.

Comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.