I can’t tell you how many posts I’ve read at TenForums and Microsoft’s Answers and Social forums about Microsoft’s spying and intrusiveness. It’s at least in the hundreds of individual threads, with many thousands of individual items in the aggregate. Seemingly, a great many people are both afraid and concerned that Microsoft, through the reporting facilities built into Windows 10 and many of its apps and applications, is watching everything they say and do online. Thus, there are many ways to turn down or mute telemetry built into Windows 10 itself. There is also a variety of tools available — such as O&O Shutup10, to name a well-regarded and capable example — to provide control over Windows reporting, monitoring, tracking, and so forth.
What’s All the Fuss About?
Having followed Microsoft’s communications on this topic closely, and listened to the company’s perspectives at the most recent MVP Summit in Redmond (March 2018), I’m of the opinion that those who worry about Microsoft building individual dossiers around their OS and online behavior fall somewhere between slightly and pathologically paranoid. Those of us who interact regularly on this topic at TenForums call some of the more outspoken members of this cadre the “Tin-Foil Hat Brigade.” You need only read the Microsoft Research Blog post from December 8, 2017 to get the company’s own take on what it’s doing and learning through telemetry. Entitled “Collecting telemetry data privately” it explains the steps that Microsoft takes to employ Local Differential Privacy (LDP) to anonymize the results collected from users. Here’s a choice quote from that post:
Somewhat surprisingly, while observing values … coming from a large population of users, a data collector can tell almost nothing about any specific user, but can see general trends in the population, such as the mean, histogram, or other aggregates of users’ values.
This gets to the very heart of the matter, as far as the value of telemetry is concerned. Microsoft (and other software makers who also collect information when and as they can) simply DOES NOT CARE about individual data points (or the individuals who generate them). They care about the overall sample in the aggregate, and they care a lot about the kinds of issues, errors, and anomalies that data collection of this kind can turn up. That’s why the afore-cited Microsoft Research post begins with these words:
The collection and analysis of telemetry data from users and their devices leads to improved user experiences and informed business decisions. However, users have concerns about their data privacy, including what personal information software and internet companies are gathering and whether their data is protected from potential leaks and hacks.
Simply put, the role of LDP in data acquisition is to create a mathematical shield around data collected so that it cannot be traced back to specific individuals. It’s as much a way to protect the collector (Microsoft, in this case) as it is to protect the collected (the users from which telemetry data originates). If it could be traced back to specific individuals, it would become a source of potential risk and exposure for Microsoft — especially under the draconian fines and penalties that apply to personal and private information under the GDPR. You need only read the paper in its entirety to understand that Microsoft has thought long, hard, and carefully about how to collect data in a way that respects individual privacy and personal data while figuring out how to represent the overall experience and information coming from the entire sampled (or measured) population.
Let Microsoft Make Use of Your Telemetry, Please!
That’s why I urge all users of Windows 10 and other Microsoft products to understand and respect the impulse that causes the company to instrument its code and to gather up and analyze its telemetry data. You shouldn’t be too concerned about that data coming back to haunt you, because MS is taking prudent, mathematically defensible steps to make that somewhere between fiendishly difficult and impossible to do. On the other hand, if you have other causes for concern about telemetry (the most benign example might be for a machine used to handle other people’s private or confidential data), then you can investigate the many methods and tools available to turn telemetry down or all the way off it you must. But the more devices left whose telemetry data is left to flow back to Microsoft unfettered and unfiltered, the better use the company will be able to make of that data. Presumably, that means better user experiences for everyone, and a better picture of the devices and hardware on which Windows 10 and other MS software must run.
Author: Ed Tittel
Ed Tittel is a 30-plus-year computer industry veteran. He’s a Princeton and multiple University of Texas graduate who’s worked in IT since 1981 when he started his first programming job. Over the past three decades he’s also worked as a manager, technical evangelist, consultant, trainer, and an expert witness. See his professional bio for all the details.