MS adheres to GDPR regulations and has applied those protections to all users. You can opt out of telemetry, you can view what they've collected on you and delete it.
The article you linked points to an online Microsoft Account Privacy dashboard.
I have Windows 10 installed with a local login. I don't have or want an online Microsoft account. It doesn't seem to be possible to disable telemetry in this case, or at least I haven't found out an (officially supported) way to do it.
Bottom line, if MS is going to show you telemetry data that's been gathered, they've got to know its you that they've gathered it from, so authentication has to occur. Without going into details, it's hard enough to do this with an online account, and quite impossible for local logon scenarios, and getting it wrong opens up possibilities for malicious actors. So, that's why the privacy dashboard requires a Microsoft account.
Best information I can provide on limiting telemetry for the local logon scenario is here:
I realize that setting it to 'basic' isn't going to satisfy the conspiratorial minded among us, but I will say that I, personally, have no qualms setting my machine to 'basic'.
More details, and instructions to disable via regedit following the instructions here:
Hang on, are you seriously saying people need to create a MS online account just in order to tell their own computer to NOT send data to MS?
That's ridiculous. There should be an obvious friggin question during install "Enable telemetry and data collection?" and if the answer is no... that's it. No telemetry or data collection gets done. Ever. End of story and question doesn't get asked again. Ever.
Any other approach is literally just weasel words trying to deceive people. "Just manually change this RegKey setting" is a good example.
> Bottom line, if MS is going to show you telemetry data that's been gathered, they've got to know its you that they've gathered it from, so authentication has to occur.
I understand that. I just want to stop sending data from now on.
> I realize that setting it to 'basic' isn't going to satisfy the conspiratorial minded among us
I want no private or personal data to be sent. Calling me "conspiratorial-minded' is simply wrong. There isn't a conspiracy that Microsoft is collecting data about Windows 10 machines; it's an admitted fact, it was never secret. And I would prefer not to send such data, but Microsoft doesn't want to give me that option.
There is no official information on what data is gathered under the Basic setting. The page you linked to has just one sentence, and it's very vague:
> information about your device, its settings and capabilities, and whether it is performing properly
"Information about your device" could cover a lot indeed. What information does this collect that's covered under GDPR? How has it changed, and will change, over time? Who has access to it? I don't know. That doesn't make me a conspiracy theorist.
I don't buy the Microsoft claim from the same page that "This is the minimum level of diagnostic data needed to help keep your device reliable, secure, and operating normally.". It can't be impossible for Windows 10 to be reliable or secure without sending data home. It's evidently not impossible for the Enterprise edition. I accept that this data helps Microsoft do these things, but it should still be my choice as to whether to send it or not, and my right to know what's included in it. And now the law says so too, at least in the EU.
The Dutch DPA already determined Microsoft to be in violation of the GDPR a year ago (https://autoriteitpersoonsgegevens.nl/en/news/dutch-dpa-micr...). I don't know about more recent developments there. But this isn't just a few private individuals' opinion.
> More details, and instructions to disable via regedit
Those are not official Microsoft instructions or documented settings. Windows updates have been known to revert them, and (separately) to require changes to the instructions. Messing with the Registry and disabling system services might have other effects beyond the desired. This is not a satisfactory solution, exactly because I do care about "keep[ing] your device reliable, secure, and operating normally".
Ok, I'll admit mistakes on my original post. The regedit method clearly isn't seen as a suitable fix for the broad population, and 'basic' telemetry isn't the same as 'no' telemetry.
Some other points:
> I want no private or personal data to be sent
I would say that none is sent on basic, but the definition of 'private or personal' is overloaded enough that we might disagree.
> Calling me "conspiratorial-minded' is simply wrong
Sorry, I didn't call you that, just a hypothetical broader population. Probably bad wording on my part either way.
> There is no official information on what data is gathered under the Basic setting.
The best way to see what's gathered would be to sign up for an MSA, enable basic telemetry, and then go to the privacy account page and view it yourself.
> The Dutch DPA already determined Microsoft to be in violation of the GDPR a year ago
Not sure what to make of this since most US companies targeted compliance for May 2018, nor does that article mention the GDPR.
> Those are not official Microsoft instructions or documented settings.
Thanks. I'm glad you're able to see my point of view.
> I would say that none is sent on basic, but the definition of 'private or personal' is overloaded enough that we might disagree.
It's less about definitions, and more that I just can't be sure what exactly is sent.
> Lots more info here:
Thanks, that was informative. It seems they gather as complete a profile as they can of all my hardware and of the software they deem relevant (drivers, Microsoft apps) and its configuration. This is clearly enough for a globally unique fingerprint, many times over. (I don't know that they're building one, but they clearly can.)
The part that most worries me here is that at every point this doc says the list is inclusive, not exclusive. "The data gathered at this level includes". "Examples include". "Device attributes such as". There's no wording that I can see that would exclude anything at all that Microsoft might choose to collect now or later.
This holds for the Basic level, unlike the Enterprise-only Security level that explicitly says "No user content, such as user files or communications, is gathered" and "we take steps to avoid gathering any information that directly identifies a company or use". It's pretty clear that this doesn't hold for the Basic level. (Even if the purpose of gathering the data isn't to identify anyone.)
> nor does that article mention the GDPR.
You're right, it predates the GDPR and refers to a Dutch law. I was wrong to reference it and I'm sorry for muddying the discussion.
> Many of our products require some personal data to provide you with a service. If you choose not to provide data necessary to provide you with a product or feature, you cannot use that product or feature
And then in the section on Windows:
> Rather than residing as a static software program on your device, key components of Windows are cloud-based [...] In order to provide this computing experience, we collect data about you [...]
It seems Windows is included in the statement that collecting personal information is mandatory and without it you "cannot use that product or feature". Although it's not explicit and so that may not be the intent for Windows - but it's not clearly disclaimed either.
Of course, any claim that collecting "Basic" data is truly required for Windows to work well is highly suspect because the Enterprise edition doesn't do it.
But OK, there's a "Learn More" link at the end of the Windows section that shows much more text. Unfortunately, while it includes many details, it also contains lots of inclusive statements. E.g., Activation is said to send "data about the software and your device" with no further explanation.
Bottom line: I would like to trust Microsoft (in this particular regard, at least). I think it's more likely than not that nothing terrible is going on. I think so because collecting data about me is not really part of Microsoft's business model, does not benefit them in any obvious way, and might harm them if it became known. But it would help a lot if Microsoft made a clear public statement (and put it in their contracts and EULAs), instead of all this "for example" wording.
Am I the only one that doesn't get apps auto installed? I wonder if it's because my locale is Hong Kong - English which seems to have basically cut me off from the world when it comes to media, and other recognized options...
Does this include data collected from activity on Windows 10 endpoints? Previously, this could only be disabled on Windows 10 Enterprise. Can all on-device data collection and telemetry be disabled on Windows 10 Pro or Home, including "Customer Improvement" data collection, crash logs, keystrokes, screen grabs?
It requires informed consent for any personal data being processed. It's entirely plausible to have a useful telemetry system without any personal data. (I have no knowledge of what MS does store.)
The GDPR only requires consent if it's personal data that is not necessary for doing business.
You don't need consent to store the shipping address of a customer and you don't need to consent to run basic analytics on your database to see what products are popular and how many customers you have. You also don't need consent to process the IP address in the TCP connection from the customer browser so you can show a website (though you do need consent if you log the entire IP for analytics purposes).
Telemetry is not like storing your shipping address, though. It's more like the delivery guy delivering to your shipping address, waiting for you to turn your back and then rummaging through the stuff in your house – unless you happen to shout the magic phrase "Simon says no telemetry!" as soon as you open the door.
Not really. It's more like the delivery guy noting how long on average you take to get to the door and the average size of packages with the intention of being able to optimize the delivery route and pick the correct delivery vehicle.
Since we're just talking telemetry, wouldn't it be more like the delivery guy turning up and taking note of all the contents in your house - including make and model numbers where available - their exact position in each room, which container(s) they're in, the size and position of the nearest windows, and also the make & model number of the alarm system you have.
All "to provide you the best delivery service possible".
MS adheres to GDPR regulations and has applied those protections to all users. You can opt out of telemetry, you can view what they've collected on you and delete it.
https://www.techrepublic.com/article/microsoft-extending-gdp...