Windows 10 has just arrived and there’s a new Privacy Policy and Service Agreement from Microsoft coming swiftly in its wake.
The new policies take effect on 1 August and there are a few unsettling things nestling in there that you should be thinking about if you’re using the company’s services and software.
The Privacy Statement and Services Agreements combined come to 45 pages. Microsoft’s deputy general counsel, Horacio Gutierrez wrote that they are “straightforward terms and polices that people can clearly understand.” The reality is, you’re probably not going to read them. So I did…
And, like so many other companies, Microsoft has grabbed some very broad powers to collect things you do, say and create while using its software. Your data won’t be staying on your computer, that much is for sure.

Data syncing by default

 

Sign into Windows with your Microsoft account and the operating system immediately syncs settings and data to the company’s servers. That includes your browser history, favorites and the websites you currently have open as well as saved app, website and mobile hotspot passwords and Wi-Fi network names and passwords.
You can deactivate that by hopping into settings, but I’d argue that it should be opt-in rather than on by default. Many users won’t get round to turning it off, even though they would probably want to.

Windows-10-final-14-1200x800
Cortana knows *a lot* about what you’re doing…

 

Cortana is a sexy spy in the machine

 

Turn on Cortana, the virtual assistant, and you’re also turning on a whole host of data sharing:
To enable Cortana to provide personalized experiences and relevant suggestions, Microsoft collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device.
Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more.”
Lots of things can live in those two words “and more.” Also note that because Cortana analyzes speech data, Microsoft collects “your voice input, as well as your name and nickname, your recent calendar events and the names of people in your appointments, and information about your contacts including names and nicknames.”
Realistically, Cortana can’t work in the semi-magical way it does without being able to gobble up all that information. But it’s worth being aware of just how wide-ranging its access to your and your friends’/contacts’ data is.

Whatever happens, Microsoft knows what you’re doing…

 

The updated terms also state that Microsoft will collect information “from you and your devices, including for example ‘app use data for apps that run on Windows’ and ‘data about the networks you connect to.'”

Advertisers will know exactly who you are

 

Windows 10 generates a unique advertising ID for each user on each device. That can be used by developers and ad networks to profile you. Again, you can turn this off in settings, but you need to know where to look:

Where to go to kill the ad tracking ID in Windows 10…
Where to go to kill the ad tracking ID in Windows 10…

 

Your encryption key is backed up to OneDrive

 

Not necessarily a bad thing but something you should be aware of. When device encryption is turned on, Windows 10 automatically encrypts the drive its installed on and generates a BitLocker recovery key. That’s backed up to your OneDrive account.

Open the window and Microsoft can do pretty much what it wants with your data…
Open the window and Microsoft can do pretty much what it wants with your data…

 

Microsoft can disclose your data when it feels like it

 

This is the part you should be most concerned about: Microsoft’s new privacy policy assigns is very loose when it comes to when it will or won’t access and disclose your personal data:
We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services.
I’m not suggesting Microsoft and its lawyers are alone in making provision for such sweeping power over your data, but we should all be very careful about relying on the “good faith” of corporations. I’m not even sure such a thing exists.

Privacy Statement | Services Agreement [Microsoft] h/t to EDRI for flagging up a number of these issues.

Read more about Microsoft’s new stuff: 
Review: Windows 10 reimagines the OS with flexible and functional design7 reasons you should make Microsoft Edge your default browser, and one reason you probably won’t