With more than 14 million downloads, in less than 24 hours since it’s launch, Microsoft Windows 10 is being considered the best-ever Windows product. Why shouldn’t it be, it’s free after all (for those who hold genuine Windows 7 or 8 license). An year of free Windows is a commendable initiative by Microsoft to ensure the quick growth of Windows 10.
For those who are impatient, like me, and don’t want to wait for the magic pop-up to appear, here’s a way out. All you have to do is to download the media creation tool and start the upgrade process. Windows 10 is approximately 3.3 GB in size so it would take some time to download, depending on your internet connection speed, but post that the process is a breeze.
As I was exploring the features of Windows 10, I came across an article talking about Windows 10 Privacy issues. As they say, there’s no free lunch. The price of ‘free’ Windows 10 is your privacy. As per the article, there are thirteen different setting screens which need to be modified in order to tame Windows 10. I got curious and decided to have a look at those screens to know what sort of information they’re collecting and how can I control/prevent it.
I am sharing my experience below. I’ll walk you through each of these screens, what they mean in terms of your privacy and what settings to configure in order to keep your information private. I’ll assign a Privacy Impact Rating (PIR) (HIGH, MEDIUM or LOW) to each of the options, which will help you in deciding whether to leave that option on or turn it off.
To access the Privacy options in Windows 10 go to Start > Settings > Privacy.
General Privacy Options
The first screen you’ll see is of General Privacy Options:
Advertisement ID: This is a unique Identifier that Microsoft assigns to a user to provide relevant advertisements by tracking their online activity. PIR: MEDIUM
SmartScreen Filter: SmartScreen Filter is a feature in Internet Explorer that helps detect phishing websites. SmartScreen Filter can also help protect you from downloading or installing malware (malicious software). PIR: LOW
Typing & Writing: When you interact with your Windows device by speaking, writing (handwriting), or typing, Microsoft collects speech, inking, and typing information—including information about your Calendar and People (also known as contacts)—that helps personalize your experience. PIR: HIGH
Locally Relevant Content: This option helps websites and Microsoft store in displaying content relevant to your region, depending on the language you’ve chosen at the time of installation. PIR: LOW
This is pretty much self-explanatory. Windows 10 apps use your location to deliver content personalized and relevant to your location. By default, the option is on, meaning that Windows 10 will track your location and may store it for some time. Though it gives you an option to enable location services for individual apps, I’d recommend turning this off unless you specifically need it. PIR: HIGH
By default, this option gives apps the access to the inbuilt webcam or externally attached camera. You can limit access to individual apps. If this option is left on, enable access for only those apps which you use frequently and require webcam, for e.g. Skype. Keep an eye on the LED next to webcam for any suspicious activity. PIR: MEDIUM
By default, this option gives apps the access to the inbuilt or externally attached mic. You can limit access to individual apps. If this option is left on, enable access for only those apps which you use frequently and require mic, for e.g. Skype. PIR: HIGH
Note: The combined PIR of Camera and Microphone is HIGH
Speech, Inking & Typing
This setting is for Windows Cortana feature, which is equivalent to Siri found on Apple devices. In order to understand your commands it needs to collect tremendous amounts of personal data. Turn this off if you’re not planning to use this feature. PIR: HIGH
Lets apps access your account information including name, picture, contacts, mails, calendar etc. PIR: HIGH
Lets apps access your contacts. Unfortunately, there’s no option to turn it off completely. Therefore, you need to exercise caution in deciding which apps should you give access to. PIR: HIGH
Lets apps access your calendar. PIR: LOW
You wouldn’t let your best friend read your SMS or MMS, why should you allow an app? Unless it’s an app that sends or receives SMS, it has no business accessing your messages. PIR: HIGH
Some apps may need to access the Bluetooth or Wifi radio of your laptop for them to work. I’d recommend turning it off, unless you’re using an app that uses this service. PIR: LOW
The risk in leaving this option on is that it exposes your device and the information on it to hackers operating in stealth mode. Your machine is vulnerable to them specially in public places like Airports, Restaurants, Hotels etc. You may allow access to certain trusted devices like Xbox One, TVs etc. but only if you’re connecting them to your computer. I’d recommend you turn them off otherwise. PIR: MEDIUM
Feedback & Diagnostics
This is the data Microsoft collects to fix bugs, crashes and for usage analysis. You can set the frequency as per your preference. Before deciding on Diagnostic and usage data option read this to understand what each option entails. PIR: LOW
Here you can chose which apps can run in background. They do this primarily to receive information, send notifications and stay up-to-date. The more the number of apps that run in background the higher the battery consumption. Turn off the ones you do not require to run in background. PIR: LOW
Microsoft Personalized Ad Preferences
In addition to configuring Privacy settings in Windows 10, there’s one more place you need to check before relaxing. Visit this website in every browser you use and configure the options as per your preferences.
Personalized ads in this browser: Leaving this option on would mean that your browser will track your web history and display ads accordingly. It may track your visits to online stores, bank websites, work websites etc. I’d recommend you turn this option off. PIR: HIGH
Personalized ads wherever I use my Microsoft account: This is much like the ads displayed by Google in your Gmail Inbox (if you have one), only more intrusive. This option, if left on, will track every activity and data associated with your Microsoft account and use it to display ads. However, if you don’t have a Microsoft account, you need not worry about this. For those who have, you’ll need to sign in first and then change it. PIR: HIGH
If you’ve followed this tutorial and have come this far, kudos to you. However, your work doesn’t end here. What we covered were the easy steps in protecting your privacy. Here comes the hardest part. In order to understand the full impact on your privacy you’ll need to know the 5 wives and 1 husband (What, Why, When, Where, Who and How) of Microsoft’s intentions related to your data. The only way to do this is to read Microsoft’s Privacy Statement. It’s a lengthy and boring document but once you’ll go through it you’ll be able to sleep better.
Alternatively, readers can download this tool (at their own risk) to configure the above mentioned privacy with just one click. Please note, this tool is not developed by us and Yakṣas CSC will not be liable for any damages caused as a result of using this tool.
Hope you found this tutorial useful. Share it and help those around you protect their privacy. In case of any further clarifications, feedback or corrections either leave a comment below or drop me a mail at csc [at] yaksas [dot] in.
Uday Mittal (OSCP, Associate CISSP, DCPP) is the founder of Yaksas CSC. He has over 4 years of experience in dealing with various issues related to cyber security. He is actively working towards educating people on cyber security risks and steps to mitigate them. He’s also a member of (ISC)2, ISACA and DSCI.