July 31, 2015

Windows 10’s default privacy settings and controls leave much to be desired

By

W10-Feature
Windows 10 launched yesterday, so it’s time to focus in on some specific issues and evaluate the OS in bite-sized chunks. First up, we’re going to investigate the setup process, privacy options, user accounts, and some under-the-hood basics related to Windows Update and overall update control. Unlike some other writers on ExtremeTech, I deliberately held off spending much time in Windows 10 before Build 10240 so that I could experience the RTM version fresh and cover the changes as I discovered them.

All of the images below can be clicked to enlarge them and we recommend doing so for optimum viewing. This article is primarily written as a comparison against Windows 7, given that a significant percentage of Microsoft users skipped Windows 8 altogether. Windows 8 is still referenced when applicable.
Windows10-Account
The Windows 10 account creation screen
Let’s start at the beginning, with basic account setup. Much has been made of the fact that Microsoft no longer pushes you to sign up for a Microsoft Account at install. This is a noteworthy and positive trend that’s somewhat undermined by the default “Express Install” options.

Installing Windows 10

First, let’s take a look at how the default “Express” settings and their explanations have changed between the two operating systems. Microsoft introduced the concept of Express settings in Windows 8, and offered the following explanation of what the Express settings did, with an option to select a Custom Install alternative. Windows 10 continues this trend, but what the OS shares by default may not please the privacy-minded.
The first page of options for "Custom Install"
The first page of options for “Custom Install”
Windows 10 Privacy
Privacy options, second page. Windows 10 no longer enables “Do Not Track” by default, but since DNT is worthless, that’s no loss.
The above images show the relevant section of the OS’s “Custom” install screen. Windows 8 enabled many of these options by default as well, but there are a few new categories in Windows 10. Specifically, Windows 10 now synchronizes your contacts and calendar information, sends additional data to Microsoft to enable page prediction (this is a Microsoft Edge feature), and automatically connects to shared networks and open hotspots. While the Windows 8 custom install options only asked to send location data to Microsoft. Windows 10 notes that location data notes that location data will be shared with “trusted partners,” which basically means “anyone Microsoft feels like giving your data to.” Trusted partners is a weasel phrase — you never get to decide if you trust these partners or not.
I applaud Redmond for making these options visible and configurable, but the fact that they exist in the first place is an example of how much huge companies don’t care about violating user privacy. The idea that you have an intrinsic right to keep this information private and that companies should be required to ask if you want to share it is dead. The old adage “If you aren’t paying for the product, you are the product” doesn’t apply here, because Microsoft doesn’t offer retail purchasers of Windows 10 any additional controls or default opt-in settings than it gives to the free upgrades. You’re the product whether you pay for it or not.

The new Start Menu

The Start Menu that Windows 10 ships with is a combination of the classic Windows 7 Start Menu and the Windows 8 Start Screen. As you can see below, it offers a combination of icons and links with Live Tiles updating on the right-hand side, assuming that you keep them on. I haven’t poked at its function much yet, other than to note that you can remove apps from the left-hand side if you don’t like their positioning. The right-hand side of the Menu can be expanded or contracted as you like, and applications can be pinned in various configurations.
Start Menu
The new Start Menu
One significant problem Ars Technica found is that the Start Menu is currently limited to 500 items — and every single link inside the classic Windows 7 Start Menu counts as “one item.” This could cause real problems for upgraders since the same database that holds the 500 items to display also controls search results. This means that if you install applications 501 – 510, hit Start, and start typing, they won’t be found.
If you’re building a fresh system you won’t run into this right away, but if you’re upgrading from an older OS, you almost certainly will. According to Peter Bright, there’s no easy way to tell the OS to scan its own database and build a fresh directory listing, which means that even removing unwanted programs doesn’t fix the problem. Start Menu personalization is also locked out unless you activate Windows, as are background changes, color palette options, and photo choices for the lock screen.
I’m cautiously optimistic about the new Start Menu, provided Microsoft fixes the rather enormous “500 item limit” bug.

The new “hybrid” Control Panel

Of all the changes Microsoft made in Windows 8, its “new” Control Panel was one of the worst. Microsoft needed a Metro-style Control Panel to give tablet and touchscreen users the ability to access system settings and controls, but the Windows 8 Settings page was a poorly organized mess of options that often ended up sending you back to the Desktop control panel anyway. Certain functions were never ported to the new UI and remained sandboxed in “Desktop” while other capabilities were locked into the Metro Settings panel. Instead of duplicating CP functionality with a Metro interface, Microsoft opted for a confused approach that required both applications.
Windows 10, unfortunately, is only a modest improvement on Windows 8 in this regard. The old Control Panel has been hidden by default (it still exists, but you’re clearly supposed to use the Windows 10 version). Unfortunately, the Windows 10 version still isn’t good enough to serve as a substitute.
Control Panel Windows 10
The new Control Panel
Let’s start with the obvious — the UI design is terrible, with absolutely no way to tell if you’re clicking on the title bar to reposition the window or just meaninglessly clicking in dead space. There’s no option to organize the categories any different way, or to change the layout at all. These are nitpicks, to be sure, but they betray a deeper problem — Microsoft is still struggling with how to integrate Metro and Desktop application capabilities or settings. It’s still forcing tablet or touchscreen users to interact with Desktop apps, and it’s still requiring Desktop users to navigate a touchscreen-first “Settings” application that, despite the deprecation of the classic CP, can’t handle the same tasks.
Win10Ethernet
Windows 10 Ethernet configuration from both the Control Panel and the Settings page.
Nothing drives this point home faster than the two methods of accessing important network information and controls. At first glance, it looks like Microsoft has implemented two methods of making changes — you can either use the newer Metro-style interface to the right or the classic Control Panel option to the left. What you can’t tell from this screenshot is that every single one of the “Related Settings” options actually opens the Desktop network control interface. The other thing you can’t tell from this screenshot is that the “Ethernet0″ item in the Metro section is actually clickable. It’s not clear why Microsoft highlights all of the other clickable options on the page but leaves the Ethernet adapter black and looking like a static element.
Microsoft clearly wants you to use the new Settings menu, not the old Control Panel interface, but the company has done very little work to actually integrate the combined functionality of the two. In 2012 this was at least understandable, if not acceptable. In 2015, it’s harder to tolerate.

Windows Update, Windows Defender

As previously reported, Windows 10 is designed by default to force you to take all updates and drivers that Microsoft distributes. I’m fine with this approach for security updates, but less enthused about mandatory driver updates. Windows Update now resides entirely in the Metro “Settings” menu.
Windows Update
Windows Update
This isn’t terribly different from Windows 8’s update mechanism, though Windows 8 still offered the option to use the Control Panel version of the software. In both Windows 7 and Windows 8 (via the CP), if you clicked on an already-installed update, you received a link to a KB article that referenced and explained the patch in question. In Windows 10, that convenient link to a further explanation of the update is gone. You have to search for an explanation of what an update does manually.
The “Advanced Options” tab contains additional goodies we need to talk about.
Update Install
Choosing how updates are delivered
The first thing under the advanced menu is a teeth-grinding notification that Microsoft will “restart your device automatically when you’re not using it.” You do have the option to change this to “Notify to Schedule Restart,” but that’s not the default selection. Because I’m running Windows 10 Professional, I also have the option to defer updates. See the option called “Choose how updates are delivered?” Here’s where it takes you.
Torrent Updates
Windows updates, BitTorrent-style

We’ve known that Microsoft would include torrenting for Windows 10 updates for quite some time, but the option to use it is turned on by default. Microsoft’s documentation implies that Windows Delivery Optimization at least temporarily chews up hard drive space for file distribution, since updates are cached for an undisclosed amount of time. There’s no statement on whether or not the update / torrenting process will run while the system is performing other tasks, or if it’s designed to only function when idle. Microsoft recommends that users who have strict caps on bandwidth usage (like Canadians) should tell the OS to identify their Internet as a metered connection. Again, this is not the default.
Finally, a word on Windows Defender. Its settings are also located under “Update and Security.”
Windows Defender
Windows Defender
The OS helpfully informs you that if you attempt to deactivate real-time protection, it’ll be reactivated for you after “a while,” automatically. Windows Defender does disable itself if you install an alternate security suite, and I can’t fault Redmond for wanting to keep users secure, but the non-technical language and inability to configure the setting from the main menu irritates me. You can crawl under the hood into gpedit.msc and make changes, but that appears to be the only way.
If you install a secondary security suite, Windows Defender will automatically turn itself back on if certain features of the third-party suite are disabled. This could prove problematic if you’re working with files that are being identified as a false-positive virus or Trojan — instead of turning the suite of temporarily, you’ll have to program exclusions through one suite or the other.

Disabling Windows Update

There are two methods of blocking or at least delaying Windows Update that I’m currently aware of. The first is a troubleshooting tool that Microsoft provides for managing updates that either break something in the system or are incompatible with current software. That tool, available here, can be used “To temporarily prevent the driver or update from being reinstalled until a new driver or updated fix is available.”
GPedit
The second, which may or may not be possible on non-Pro Windows 10 devices, is to use the gpedit.msc tool and make changes directly to Windows settings. Options available in gpedit.msc include the ability to completely disable Windows Update as well as options to configure its function, its scheduled update and reboot time, or to disable driver updates and downloads. I don’t have much to say about this section yet, because it’s not clear how many of these options still function in Windows 10 (many of them only reference Windows 8.1 and below). Several options that would seem to resolve the problem also have potentially unwanted side effects, like blocking access to the Windows Store.
Currently, there does not seem to be a way to restore the flexibility that users previously enjoyed with Windows 7 and Windows 8. Updates can be completely disabled, certain types of updates can apparently be blocked, and the troubleshooter tool we already discussed can flag bad updates and “temporarily” block them — but I’ve found nothing that would restore the ability to pick and choose which updates to download and install.

Conclusion

This story didn’t start off as an overview of Microsoft’s privacy controls, data harvesting, or UI elements. I knew going in that I wanted to investigate the Windows Update situation and DirectX 12, but that was all. The more I poked around the OS, however, the less happy I was with some of the default choices and decisions that Microsoft makes for its end users.
For decades, one of the anchor points in the Apple vs. Microsoft debate was that Microsoft gave you more control over your OS than Apple did, even if it layered that control in obtuse menus and difficult-to-parse options. With Windows 10, the balance of power has clearly shifted. The company that brought us the “Scroogled” campaign now hoovers up your data in ways that would make Google jealous. It selects defaults that allow it to use your bandwidth to distribute its own software without any exposed option for how and when that sharing takes place.
My problem with these elements of Windows 10 boils down to this: It feels, once again, as if Microsoft has taken the seed of a good idea, like providing users with security updates automatically, and shoved the throttle to maximum. This new information opacity is present at so many levels, it feels more like a deliberate design decision than an accidental omission. Want to know what specific KB updates do? You’ll have to look them up manually. Want some information on how Windows Defender works in Windows 10? You won’t find much on Microsoft’s official pages for the operating system.  Taken as a whole, it’s harder to configure many of these settings in the way you might want them, information is harder to come by, and Microsoft is sucking down more user data than ever.
Despite the tone of this article, there are plenty of things I like about Windows 10 and I’m going to talk about them in future stories. Metro/Universal apps now play much nicer with Desktop applications. The Windows Store has been overhauled and has a better layout. DirectX 12 is a huge step forward for gaming, and an undoubted high point of the launch. There are a lot of things to like about this operating system, and I want to talk about them in turn.
But as far as user privacy, intrusive settings, and the need to crawl under the hood to optimize settings that Microsoft used to give you options for? This, in my opinion, is where Windows 10 stumbles, and stumbles badly.
Update (7/30/2015): Twitter user Adrian Chmielarz has posted a screenshot of additional invasive privacy settings that I missed in this article. By default, Windows also gives itself permission to display ads in the Start Menu, to collect telemetry about your device (this can only be turned off with the Enterprise edition of the operating system, and to send your browser history and keystrokes directly to the company for analysis.

No comments:

Post a Comment