Windows 10 Worst Secret Spins Out Of Control
Back in November Microsoft confirmed Windows 10’s worst kept secret: its extensive telemetry (or ‘spying’ as it has been labelled) cannot be stopped. What no-one realised until now, however, is just how staggering the extent of this tracking really is…
Blowing the lid on it this week is Voat user CheesusCrust whose extensive investigation claims Windows 10 contacts Microsoft to report data thousands of times per day. And the kicker? This happens after choosing a custom Windows 10 installation and disabling all three pages of tracking options which are all enabled by default.
The raw numbers come out as follows: in an eight hour period Windows 10 tried to send data back to 51 different Microsoft IP addresses over 5500 times. After 30 hours of use, Windows 10 expanded that data reporting to 113 non-private IP addresses. Being non-private means there is the potential for hackers to intercept this data.
Taking this a step further, the testing was then repeated on another Windows 10 clean installation again with all data tracking options disabled and third party tool DisableWinTracking was also installed which tries to shut down all hidden Windows 10 data reporting attempts. At the end of the 30 hour period Windows 10 had still managed to phone home with data 2758 times to 30 different IP addresses.
The full tabulated results can be seen on the user’s Voat thread and is also broken down on gHacks.
A further interesting fact is these tests were conducted using Windows 10 Enterprise Edition – the version of Windows 10 with most granular level of user control and far more than the standard Windows 10 Home edition used by most consumers. All of which confirms, this controversial data tracking simply cannot be stopped.
What To Make Of This
The obvious first reaction to this might be to panic and scream about class action lawsuits, but it’s a little more complicated than that.
Firstly the Windows 10 EULA (end user licence agreement) which very few users ever read, gives Microsoft full legal rights to do this. Secondly Microsoft has made several attempts to stress that the telemetry and data tracking aspects to Windows 10 are essential to its ongoing maintenance and improvement.
Speaking in November, Microsoft Corporate Vice President Joe Belfiore argued: “In the cases where we’ve not provided options [to disable tracking], we feel that those things have to do with the health of the system…In the case of knowing that our system that we’ve created is crashing, or is having serious performance problems, we view that as so helpful to the ecosystem and so not an issue of personal privacy, that today we collect that data so that we make that experience better for everyone.”
He also stressed: “We’re going to continue to listen to what the broad public says about these decisions, and ultimately our goal is to balance the right thing happening for the most people – really, for everyone – with the complexity that comes with putting in a whole lot of control.”
And yes, of course, the problem here is one of scale. For most users essential “health of the system” will not tally with Windows 10 making thousands of data connections every day to over 100 Microsoft IP addresses. And, more to the point, even if all this data sharing is somehow vital then Microsoft has made no attempt to explain why or divulge the processes at play.
With this in mind I contacted Microsoft with the full data results, asked it to explain the findings and held back on publishing until the company had the chance for a full right of reply. The response was worryingly predictable: “I’m afraid we are not able to provide a comment on this.”
This is the same response I’ve to Windows 8 support cuts, Windows 10 future pricing and lifecycle support as well as data tracking. In fact this is the same response the company gives to almost any question relating to disclosure of how its operating systems are being run. It’s a notable change in policy from the openness of Microsoft in the past and makes the comment this week from BetaNews’ Mark Wilson, the site which broke the story, all the more pertinent:
“With Microsoft facing unprecedented levels of criticism for its lack of transparency over spying components, these findings will serve only to add fuel to the fire.”
Yes, this is the issue in a nutshell – yet again.
Note: with Microsoft having declined to give feedback on the data, the Voat thread’s results are being disputed with the argument that Microsoft is responsible for only a small portion of it. What it agreed, however, is that Windows 10 does indeed continue to submit data to its servers without making it clear to users. The good news is Microsoft has subsequently agreed make changes to its policies to address this and any follow ups it would like to give on the telemetry tracking here will be updated to this post.
It is important to state Microsoft is not alone in using telemetry from user operating systems, most notably Google has done this openly for years. Of course Microsoft has attacked this in the past running a two year global marketing campaign ‘Scroogled‘ which lambasted Google for the tracking in its products and services.
Follow Gordon on Twitter, Facebook and Google+