What we have published

Fill 4

ERNW White Paper 52

Some Recommendations Regarding Windows 10 Privacy Settings

Privacy in the context of information technology usually refers to the protection and control over the access to one’s own personal data. This is also what is covered by data protection laws. The European Data Protection Directive, which has to be implemented by national law within the European Union, defines personal data the following way: “’personal data’ shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;”

So, in the legal sense, personal data does not include all data worth of protecting, as for example business plans. The collection, storage and analysis of personal data is going to be problematic, if the data subject does not give his or her voluntary and informed consent to it. Especially the “informed” part is what data privacy experts criticize about the general Microsoft privacy statement, which also describes Microsoft’s approach in Windows 10, by claiming that it is not transparent enough regarding what data is collected, for which goal and how to object to it.

While criticism of Microsoft’s privacy policy was already widespread with the release of Windows 8.1 and the introduction of Smart Search, the public discussion reached a peak with the release of Windows 10 default integration of features such as OneDrive. Although the user can customize the privacy settings to minimize the amount of data shared with Microsoft and installed apps (Windows apps as well as third-party apps), it was criticized that Microsoft did not decide to follow a privacy by design approach. Instead, Microsoft opted to go for loose privacy settings by default, combined with an opt-out policy, which does not even give the opportunity to entirely prevent the flow of privacy-related data to Microsoft.

The discussion gained further momentum with the release of the optional patches KB3068708, KB3022345, KB3075249 and KB3080149 for Windows 7 and Windows 8/8.1. These “patches” have been suspected to backport data collection and telemetry services functionality implemented in Windows 10 to Windows 7/8/8.1. A closer look showed that these patches related mainly to the diagnostics services for customers that participate in the Customer Experience Improvement Program (CEIP) - which is for most applications an opt-in process and can be switched off entirely via the control panel. But patch KB3075249 added telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels.

Privacy settings can be set via the GUI and Group Policies (or directly in the Windows registry). In enterprise environments, the distribution of settings via Active Directory-defined Group Policies is the standard deployment process of settings that have to be applied enterprise-wide. Thus, administrators are able to enforce configurational settings, and users without administrative permissions on their systems are not able to change these settings.

Some of our customers turn off everything, but this is not necessarily needed for a good level of security and privacy. If you don´t turn off all the privacy-related stuff completely, you should know the potential privacy impact. In case of doubt, the data security officer of your organization should be consulted. To make the decision easier for you, we have created an extensive sheet that covers each possible privacy setting together with a recommendation. It can be found in our official ERNW development channel at GitHub.