The evolution of an always on internet has lead to wonderful things such as fully redundant backup of photos and videos. It also means that a lot of our personal information is available on-line. This isn’t a problem for most people, but some are cautious for various reasons. Incorporating the internet of things into our operating systems was only a matter of time. But is that ok? Should you be worried? Did you miss Windows 9?…
So what happened to Windows 9? Well, Windows 8.1 was actually version 6.3, build 9600. Windows 10 is the 10000 range and so Microsoft decided to skip Windows 9 to help prevent developers and OCD sufferers going bald. Windows 10 is the gradual and natural evolution of Windows 8. Several excellent new features have been included to take advantage of the cloud environment which most of us can enjoy. Some additions, such as a new peer-to-peer update system seems logical although annoying.
Some of the new additions were a little surprising upon first inspection. Windows 10 has a whopping 12 pages of privacy settings, many of which are somewhat ambiguous. My top tip to tightening up the privacy options on Windows 10 is simple: Avoid “express install” when upgrading or installing the operating system. This will show far more granularity, including the privacy settings. Below, I examine those which I believe to be the most important changes to Windows, regardless of the chosen installation option.
Important Privacy Changes
Some of these options, such as location data, seem to be designed with mobile usage in mind. This isn’t a list of Do’s and Dont’s, merely personal preference. Most of the options are fairly innocuous to most users, but if you’re worried about the NSA or Chinese government you may want to take a closer look…
These options are available under Settings » Privacy »…
General:
Let apps use my advertising ID for experiences across apps (turning this off will reset your ID)
The Microsoft advertising ID is a per user identifier shared with marketing partners associated with Microsoft. This will, to the average user, mean nothing more than more personal with the aim of being less annoying. The clue as to the function of a unique identifier is in the name; it’s designed to make tracking a single user in a busy crowd easier. Tin foil hat wearers and spies may want to disable this.
Send Microsoft info about how I write to help us improve typing and writing in the future
Security and privacy advocates have suggested suggested this could be a Microsoft keylogger. Let’s be honest, Microsoft could covertly do so if they desired. I would hazard a guess that this option is designed to help improve usability of mobile devices such as the Surface.
Location:
When location services for this account are on, apps and services you allow can request location and location history.
As above, this option is clearly aimed at mobile usage. Most people don’t take their desktop to Starbucks or work. It will, however, be useful for location based searches in Bing – or Google, if you’re not a Microsoft employee. All individual applications default to ‘Off’ which is nice.
Camera / Microphone:
Let apps use my camera / microphone
The two options above are fairly obvious. Disabling will make running a Youtube channel difficult, while enabling them will mean the devices are accessible for/to applications. These are per-application settings, so can be set as desired. As with ASLR, hackers will probably find a way to bypass this if they really care about your data.
Speech, inking, typing:
Windows and Cortana can get to know your voice and writing to make better suggestions for you. We’ll collect info like contacts, recent calendar events, speech and handwriting patterns, and typing history.
I, for one, am not comfortable with my computer constantly listening for me to say “Hey, Cortana” or “Ok, Google”. This is another good example of personal preference. I have nothing to hide, but also don’t want hackers watching or listening to me have sex, for example. Nobody expects to get hacked… until they do.
Account info
Let apps access my name, picture, and other account info
Unless you decided to name your computer “Dave’s government hacking PC at 101 North Lane, London”, this is probably fairly safe to ignore. Applications can see your user name which is admittedly tied to your Microsoft account, but if you need to worry about this, you don’t need me to tell you why.
Other devices:
Let your apps automatically share and sync info with wireless devices that don’t explicitly pair with your PC, tablet, or phone
Microsoft is constantly looking to improve usability and functionality to keep up with Google’s Android and Apple’s OSX operating systems. This option was introduced to help improve connectivity with devices on the same network. If you own a Windows phone or Xbox One and want it to work without being a networking and security genius, leave this on.
Feedback:
Windows should ask for my feedback
This is an ambiguous option but has been in Windows for a while, under Windows error reporting and other services. I appreciate the options page dedicated to this. The options are “Automatically” (default), “Always,” “Once a day,”Once a week” and “Never”. Just how paranoid are you?
Additional Privacy Concerns
I didn’t elucidate on the entire 13 pages of privacy settings for obvious reasons. But sadly, I’m not finished. Below are a few additional changes which should be noted…
WiFi Sense
Wifi Sense was added with the apparent aim of helping users connect to wireless networks of contacts. Networking for nans, if you will. The Wifi Sense FAQ cites two possible uses:
Automatically connect you to open WiFi networks it knows about by crowdsourcing networks that other people using Windows have connected to. These are typically open WiFi hotspots that you see when you’re out and about.
I’m a little worried about their definition of crowdsourcing. My infosec Spidey sense is tingling a little. This depends on how important ease of network connectivity is to you. I’m experienced enough to enter my own Wifi password, but my nan isn’t.
Automatically connect you to WiFi networks that your Facebook friends, Outlook.com contacts, or Skype contacts have shared with you after you’ve shared at least one network with your contacts.
I have mixed reactions to this change as it assumes that people on my Facebook friend list are actual friends and trusted. A Twitter user I follow recently posted an exploit that crashed anyone reading the message on an iPhone. It wasn’t intentional, but encounter problems such as this when the entire planet is hammering your code.
The positive side is that Microsoft sends an encrypted copy of your network keys to their servers, which are then passed to other users you trust. I trust them as far as I can throw an NSA subject access request court order.
Wifi Sense will probably get mainstream media coverage at some point. It looks like an easy target for hackers interested in your credit card details.
You can change your Wi‑Fi Sense settings choosing Settings » Network & Internet » Wi‑Fi » Manage Wi‑Fi settings, then changing these settings under Wi‑Fi Sense:
- Connect to suggested open hotspots
- Connect to networks shared by my contacts
Protecting your network also requires changing your network’s SSID to end with “_optout”. Forget the tinfoil hat, Wifi Sense makes me feel like I want to wrap my laptop in tinfoil!
Bitlocker and OneDrive:
Microsoft have been encrypting drives, by default, since Windows 8.1. Devices supporting Hardware Certification Kit (HCK) under the Trusted Platform Module are automatically encrypted to help improve security. This is a great improvement for the average user’s security. Encryption keys are now stored online using OneDrive, which is where the controversy comes in. Unless you’re worried about your ISP or the NSA getting your keys on the upstream, then stealing your computer you should be safe.
The new privacy options remind me of the initial Windows firewall release; allow everything by default. This was changed to a strict white list after people realised you could Google for C:\ drives. I expect adjustments to be made over the next few updates. Until then, I’ll stick to Windows 8.1.
Yes, I go through and turn everything off that I feel isn’t really needed on a desktop PC which is probably 99%. Some of that stuff is really dumb.
Rather complete article, informative, interesting; I’d even say : essential!
If the author doesn’t mind (if he does, I’m afraid it’s too late!) I’m downloading this very nice resumé via PrintFriendly (for my archives the day I get to install Mighty 10).
Not a problem Ali, glad you found it useful.
@adam davies. So you love the return of the start menu, do you Adam? So would I if it was the same as the Windows 7 start menu – but it isn’t, is it?!! No, you have to keep scrolling down a very long list of programs (both pre-installed and user installed) to find the program you wish to use. And you can’t even pin it to the top of that useless Windows 10 start menu, as you have been able to do for many years. No, MS will either LET you pin it to the taskbar OR pin it to the Modern UI start menu! So, if you don’t want to have to keep switching to the Modern UI, your only choice is to pin all your frequently used programs to the taskbar – which rapidly gets filled up!
Fortunately, I have an article showing how to create a quick launch bar – and it still works in Windows 10 🙂
So what with that and the terrible start menu, I would have rolled back to Windows 8.1 had I not installed Classic Shell and created a quick launch bar!
Switching?? In my Windows 10 they display side by side in the same window. What’s the issue with pinning to Start Sheri? What difference does it make if the program you’re after is on the left side of the Start menu or the right?
We’re all different; some of us like to move forward, others prefer to be stuck in the past.
Jim, I concur. I mean how many favorite programs do you have anyway? I have about 12 and I overcame the problem by simply adjusting the SIZE of the shortcut icon on the RHS UI to a quarter of the normal size, and now I can fit about 20+ favorites there now. I love win10 but unfortunately it did not like my computer and had to roll back to 7. I will try again in a few months when hopefully they update the problems.
Thanks heaps for this article as I also save it for later.
You can also use full page start and use W10 just like W8.1, which is what I do, or you can open the file location of a installed program and send it to the desktop as a shortcut. I will not run Classic Shell but if that is your cup of tea then go for it.
I still get my work done with XP running a VM and hardly ever boot into W10.
I have loaded Windows 10 over Windows 7 a couple of times and each time I’ve learnt something new. As mentioned earlier DO NOT choose “express installation” As you go through the initial installation there are questions about Microsoft Services, turn them off because they send information to MS. Secondly if you don’t like the new IE you can tell the installation you don’t want it. By doing this if you prefer Internet Explorer that is what you will have. If your also like me and like the Win 7 desktop, a little program called “Classicshellsetup” will give you the functionality of a Win 7 desktop. Once your inside Win 10 as explained here turn off any program you believe will send info to MS.
The other problem with Win 10 is if you decide to download it, it’s still the July version. Why the hell cant they just bring out updated versions instead of going through the BS of massive updates.
In addition, having the Windows 10 engine and the Win 7 chassis works really well.