The 21st century has an ever changing demand for new technology which is faster and more innovative than its predecessors. Modern advancements in technology mean that science and technology are at the forefront of debate.
The release of Windows 10 on 29th July 2015 could not have come at a more opportune moment, just a week before security consultants from around the world gathered in the desert playground of Las Vegas for the Black Hat USA, Def Con and Bsides LV conferences. With recent security flaws hitting the headlines and one of the globes biggest software companies releasing its latest version the spotlight understandably shifted to ‘how secure is Windows 10’?
Windows 10
So a month after the launch, what does the world know about Windows 10 and how secure it is? From a privacy perspective, it’s not immediately obvious to users exactly to what extent their user data is or is not being shared after upgrading to Windows 10.
Unfortunately, privacy can no longer be guaranteed in today’s digital age as Microsoft has joined the likes of corporate giants such as Google, Apple and Facebook in accumulating increased volumes of user information. Windows 10 by default gives itself the right to pass on user information to Microsoft Servers and use an individual’s bandwidth for Microsoft’s own purpose, in order to profile a user’s Windows 10 usage.
A prime example of this is Microsoft Privacy Policy, which is included in the Windows 10 end-user licence and applies to everything you do on a Windows Operating System, online or offline. Out of the box and if all default settings are chosen, Windows 10 is designed to monitor activity such as input and speech so it can personalise the user experience. In the most part this is great but it does raise security and privacy concerns.
Users may therefore want to opt out of serving up their user information on a plate and despite some Windows 10 features being impacted, it will provide the more privacy-conscious user with some piece of mind.
Following initial analysis of Windows 10, here are some tips to enable users to limit the information they share.
Installation – Custom Install Settings
When upgrading or installing Windows 10, there are a number of additional options if you select the ‘Custom Install’ mode rather than the default ‘Express Install’. This allows the user to make changes to the installation and turn off certain functions which may impact their privacy. For example, within the ‘Customize Settings’ dialog there are several key options which users may wish to disable :-
There are also additional ‘Customize Settings’ options> Users may wish to turn these off as well with the exception of ‘SmartScreen’.
Windows 10 Settings to Disable
Once the upgrade has completed (or if you have already upgraded), there are some additional privacy related options which you may wish to review and disable. Equally, you may wish to review the privacy settings to ensure that are all set correctly.
Within the Settings menu (type “settings” into the handy search box on the taskbar next to the Start menu), navigate into the ‘Privacy’ area.
General Settings to Disable
In the ‘General’ tab users may wish to turn off everything apart from the ‘SmartScreen’ filter.
Location Settings to Disable
In the ‘Location’ tab you may wish to turn off location tracking altogether or be specific about which applications have access to your location to help protect your privacy.
Account Information to Disable
In the ‘Account Info’ users can stop applications from being able to access their name, picture and other account info.
Messaging Settings to Disable
In the ‘Messaging’ tab you can prevent applications from being able to read/send messages or control which apps can.
Other Devices to Disable
In the ‘Other Devices’ tab users can disable their Windows 10 devices from automatically sharing and syncing information with wireless devices that haven’t been explicitly paired with the PC, tablet or phone. This is a key setting to disable, not so much for privacy but for wider security of your system and data.
Feedback & Diagnostics Settings to Disable
In addition, it is a good idea to disable automated feedback data to help protect privacy and also limit the volume of diagnostic and usage data that is sent to Microsoft.
Account Settings to Disable
If you want to help protect your privacy even further, consider not using a Microsoft account. You’ll lose a lot of the cloud benefits such as syncing of settings with Skydrive but in turn most user information will remain local to an individual’s PC.
Other Key Privacy Issues to Consider
Cortana ‘Speech, Inking & Typing’ privacy option
Microsoft’s new challenger to Siri, the Cortana personal assistant, and Edge browser are designed to take advantage of as much personal information as possible in order to customize user experience. You can be rid of Cortana (well almost) by selecting the ‘Stop getting to know me’ options within the ‘Speech, inking & typing’ privacy options. However, to fully clear Cortana’s history you’ll need to visit your online account and remove the information. This in turn will help protect your privacy but requires a handy piece of software engineering.
Disabling ‘WiFi Sense’
Microsoft’s ‘WiFi Sense’ aims to automatically connect users to nearby Wi-Fi networks it trusts, which in itself it not something new, but what’s interesting is the option to share password-protected WiFi access with any of your contacts, allowing them to access your network without needing a password. Privacy related concerns again relate to the Microsoft Servers that store this data or even stored hashes, somewhere on the device itself. There has been a lot of controversy about this feature in the media, so for the moment at least it’s a good idea to disable this within ‘Manage Wi-Fi Settings’.
Final Thoughts
Whilst Windows 10 brings a number of great enhancements and improvements to Windows 7 and 8, it also appears to share ‘out of the box’ a lot more than you may be expecting to ‘enhance’ the user experience. Those who are conscious of their privacy in this fast-paced and rapidly growing online world, where user data seems to be compromised on a daily basis, may want to choose exactly what they are sharing with Microsoft, or anyone else for that matter.
References
Microsoft. (2015). Privacy Statement. https://windows.microsoft.com/en-gb/windows/preview-privacy-statement/
Microsoft. (2015). Microsoft Services Agreement. https://www.microsoft.com/en-us/servicesagreement/
BlackHat USA. (2015). https://www.blackhat.com/us-15/
Defcon (2015). https://www.defcon.org/
Bruce Schneier (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. USA: W. W. Norton & Company
Jeff P & Chris S. (2015). Fiat Chrysler Knew of Hacking Risk 18 Months Ago. https://www.bloomberg.com/news/articles/2015-08-05/fiat-chrysler-hacking-…
Guardian. (2015). Windows 10: Microsoft under attack over privacy Statement. Available: https://www.theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings