Email
Password
Remember meForgot password?
    Log in with Twitter

article imageTurning on Windows 10's privacy controls may not actually do much

By James Walker     Aug 14, 2015 in Technology
Windows 10 has been found to send and request data from Microsoft's servers even when the user enables privacy controls designed to disable this behaviour. Details transmitted include a unique machine ID that has the potential to link computer and owner.
Many of Windows 10's new features rely on a connection to Microsoft's servers. The Bing-powered Cortana search bar simply wouldn't work without one while the Start menu has to periodically poll servers for live tile updates.
People who are concerned about privacy do have the option to disable these potentially hazardous features. Cortana can be turned off completely and the obvious solution to the Start menu issue is to simply unpin every tile.
Unfortunately, research by Ars Technica has found that the OS doesn't always respond as you would expect it to. Just opening the Start menu prompts the download of a file from Microsoft - even when searching the web by typing on Start is turned off.
The file is called threshold.appcache and apparently contains data that is used by Cortana, despite the digital assistant having previously been disabled. It contains a unique, persistent machine ID that theoretically could identify your computer.
One would think that enabling the option to not use the search bar would prevent any such downloads but apparently Microsoft thinks otherwise, despite there being no obvious need for the file. The same happens with the Start screen itself: with every tile unpinned, Windows still periodically requests updated tile data for installed apps.
Ars Technica explains that the network traffic "looks harmless but feels like it shouldn't be happening." The news site has a point that users are likely to echo as there is no apparent logical reason for downloading data for disabled features.
It isn't just Cortana and Start that have a potentially harmful addiction to Microsoft's servers. Ars Technica found something "a little more troublesome" after discovering that Windows 10 sends data at regular intervals to Microsoft's ssw.live.com server, apparently used for processing OneDrive data.
The files sent appear to be telemetry data about the computer and yet again there is no reason for them to be transmitted at all. On Ars Technica's test system, OneDrive was completely disabled. It couldn't even be activated if desired - the researchers were logged in using a local user account with no Internet-connected Microsoft account in sight.
Microsoft offered an explanation but it isn't exactly transparent: "As part of delivering Windows 10 as a service, updates may be delivered to provide ongoing new features to Bing search, such as new visual layouts, styles and search code. No query or search usage data is sent to Microsoft, in accordance with the customer's chosen privacy settings. This also applies to searching offline for items such as apps, files and settings on the device."
Ars Technica confirmed Microsoft's claim that no search query data is sent but it still seems very counterintuitive to keep firing data over the Internet, accompanied by a machine ID, when effectively offline and using a local user account. For Windows 10 to be successful, Microsoft will have to convince its users that it is trustworthy. That is unlikely to happen when the off button doesn't always do exactly what it claims.
More about Microsoft, Windows, windows 10, Privacy, Control
 
Latest News
Top News