Are you using Windows 10?
While extremely popular and easy-to-use, this operating system poses perhaps the biggest threat to end-user's overall online privacy.
Privacy issues with Windows 10
While Microsoft isn't quite on the same level as Google or Facebook, their products (free and paid) haven't always been the most privacy-friendly out there. Of these products, Windows - especially Windows 10 - proves one of the least privacy friendly product that the company currently offers.
More so than previous versions of Windows, Windows 10 connects to the internet a lot - independent of your browsing activity or other user activity. It engages in more telemetry and "phoning home" than previous editions of Windows. Many functions and "services" that Windows 10 uses require connections to Microsoft and its servers... Windows 10 has literally been described by Microsoft as an "operating system as a service."
Even with all the changes that Windows 10 has undergone over the years since its initial release in July 2015, these background connections still ferret large sums of data back and forth to Microsoft and its services.
1. Cortana's data mining
Perhaps the biggest threat to your privacy when using Windows 10 is Microsoft's implementation of Cortana.
Cortana is heavily integrated with Windows 10 as it aims to be your virtual personal assistant. For everything.
However, for how much Cortana may (or may not) help, what data Cortana has access to, it (she?) certainly collects. This data Cortana collects gets sent back to Microsoft.
Cortana can/will collect:
- Searches (forwarded to Bing - Microsoft's search engine)
- Voice data (if mic is present on device)
- Your email (reading contents of emails)
- Your contacts
- Purchase history
- Payment history
- Data stored on your calendar
- Keystrokes/Typing history (no, really, it's like the keyloggers of old.)
Cortana's data collection can be curbed via fiddling with the correct settings, however it cannot be uninstalled at this time. "Temporarily" disabling Cortana is possible, whereas disabling Cortana permanently is cumbersome and requires use of the Windows Registry Editor to do so.
Be aware that Microsoft itself collects a lot of data, independent of Windows and Cortana - think, do you have a Microsoft account?
If you have a Microsoft account, then Microsoft can collect/has access to:
- Personal identifiable information (email, physical address, ID-related information)
- Your phone number
- Data collected amongst other Microsoft offerings (ex: Using Office 365, Teams, Xbox Live all with the same Microsoft account)
- Contacts (independent of Cortana)
- Data syncing info (think: Wi-Fi networks you frequently connect to or specific app settings across multiple different devices you may own/use)
- Location data
- Usage data (ex: exactly when, where, for how long you use an app)
Ultimately, when it comes to Cortana, the golden rule is: Whatever data Cortana has access to is sent to Microsoft.
Additionally, due to what information Microsoft has access to in a Microsoft Account, you might want to avoid signing into your Microsoft Account if using Windows 10.
2. Extensive Telemetry
To start, your device is assigned a unique advertising ID. While this can be disabled by digging around in the settings, it's actually enabled by default.
Windows collects a vast amount of telemetry. To use Windows 10, telemetry is required in the sense that it can never be outright and totally disabled. In other words, there is a "basic level" of telemetry that you cannot opt-out of.
Required telemetry within Windows includes:
- Device connectivity data (ex: established connections to networks, presumably online and offline OR what peripherals are attached to given device)
- Specific device properties (ex: manufacturer, memory specifics, processor information. Can include identifiers such as UUID)
- Error reporting
- Status of OS-related services (disabled? configured? running?)
- Apps installed
- Drivers installed (ex: graphics card drivers)
Depending on what other Windows services you have enabled, additional "required service data" can be collected. Please reference,
Data Collection in Windows from Microsoft
and Diagnostics, feedback, and privacy within Windows.
Overall, the options Microsoft provides to "opt-out" simply aren't enough to stop the bulk of the constant phoning home Windows performs. In the end, what "privacy options" in the general settings presented to users barely scratch the surface of disabling the data collection and telemetry within Windows.
3. Data Sharing
Put very simply: Your use of Windows 10 means that you consent to your data being shared with whoever Microsoft deems fit to receive it.
While Microsoft does say that they "share data with your consent," they also say that they also share data with "approved third-parties." Third-parties can include vendors, affiliates, subsidiaries, and agents.
Microsoft also retains data for an undisclosed amount of time.
Your privacy and the Operating System
Since all of the above focuses on Windows, you might still be wondering exactly how your device's operating system directly affects your privacy.
You'll probably find that the operating system gets frequently overlooked in terms of privacy discussions. However, put very bluntly, the operating system is very tightly tied to privacy.
Operating System = Your Command Center
This fact is probably the sole reason your device's operating system matters so much when it comes to privacy.
The operating system provides an interface for software to interact with the hardware of the device.
Your operating system literally sees everything, and knows everything that's happening when it comes to the device.
Naturally, in such an exchange, you give up some level of privacy. It's important to understand though that this is not a bad thing - in order for the operating system to perform its job, it needs this omniscient power.
This is why it's imperative that you're able to trust the operating system. This is true for any operating system that you use - including the recommendations found further down this page.
With the operating system having this sort of power, you need to be able to trust that it isn't sending your system logs to a remote server.
You need to trust that it isn't silently collecting "required" telemetry and sending it off another server.
You need to trust that it isn't logging your keystrokes or recording voice inputs and sending them somewhere else.
Does your "command system" have your back? Or is it snitching on you by phoning home the things you do? Do you trust it?
If not - or if, you know, your daily driver is Windows, then you might want to consider a reliable alternative.