> Bottom line, if MS is going to show you telemetry data that's been gathered, they've got to know its you that they've gathered it from, so authentication has to occur.
I understand that. I just want to stop sending data from now on.
> I realize that setting it to 'basic' isn't going to satisfy the conspiratorial minded among us
I want no private or personal data to be sent. Calling me "conspiratorial-minded' is simply wrong. There isn't a conspiracy that Microsoft is collecting data about Windows 10 machines; it's an admitted fact, it was never secret. And I would prefer not to send such data, but Microsoft doesn't want to give me that option.
There is no official information on what data is gathered under the Basic setting. The page you linked to has just one sentence, and it's very vague:
> information about your device, its settings and capabilities, and whether it is performing properly
"Information about your device" could cover a lot indeed. What information does this collect that's covered under GDPR? How has it changed, and will change, over time? Who has access to it? I don't know. That doesn't make me a conspiracy theorist.
I don't buy the Microsoft claim from the same page that "This is the minimum level of diagnostic data needed to help keep your device reliable, secure, and operating normally.". It can't be impossible for Windows 10 to be reliable or secure without sending data home. It's evidently not impossible for the Enterprise edition. I accept that this data helps Microsoft do these things, but it should still be my choice as to whether to send it or not, and my right to know what's included in it. And now the law says so too, at least in the EU.
The Dutch DPA already determined Microsoft to be in violation of the GDPR a year ago (https://autoriteitpersoonsgegevens.nl/en/news/dutch-dpa-micr...). I don't know about more recent developments there. But this isn't just a few private individuals' opinion.
> More details, and instructions to disable via regedit
Those are not official Microsoft instructions or documented settings. Windows updates have been known to revert them, and (separately) to require changes to the instructions. Messing with the Registry and disabling system services might have other effects beyond the desired. This is not a satisfactory solution, exactly because I do care about "keep[ing] your device reliable, secure, and operating normally".
Ok, I'll admit mistakes on my original post. The regedit method clearly isn't seen as a suitable fix for the broad population, and 'basic' telemetry isn't the same as 'no' telemetry.
Some other points:
> I want no private or personal data to be sent
I would say that none is sent on basic, but the definition of 'private or personal' is overloaded enough that we might disagree.
> Calling me "conspiratorial-minded' is simply wrong
Sorry, I didn't call you that, just a hypothetical broader population. Probably bad wording on my part either way.
> There is no official information on what data is gathered under the Basic setting.
The best way to see what's gathered would be to sign up for an MSA, enable basic telemetry, and then go to the privacy account page and view it yourself.
> The Dutch DPA already determined Microsoft to be in violation of the GDPR a year ago
Not sure what to make of this since most US companies targeted compliance for May 2018, nor does that article mention the GDPR.
> Those are not official Microsoft instructions or documented settings.
Thanks. I'm glad you're able to see my point of view.
> I would say that none is sent on basic, but the definition of 'private or personal' is overloaded enough that we might disagree.
It's less about definitions, and more that I just can't be sure what exactly is sent.
> Lots more info here:
Thanks, that was informative. It seems they gather as complete a profile as they can of all my hardware and of the software they deem relevant (drivers, Microsoft apps) and its configuration. This is clearly enough for a globally unique fingerprint, many times over. (I don't know that they're building one, but they clearly can.)
The part that most worries me here is that at every point this doc says the list is inclusive, not exclusive. "The data gathered at this level includes". "Examples include". "Device attributes such as". There's no wording that I can see that would exclude anything at all that Microsoft might choose to collect now or later.
This holds for the Basic level, unlike the Enterprise-only Security level that explicitly says "No user content, such as user files or communications, is gathered" and "we take steps to avoid gathering any information that directly identifies a company or use". It's pretty clear that this doesn't hold for the Basic level. (Even if the purpose of gathering the data isn't to identify anyone.)
> nor does that article mention the GDPR.
You're right, it predates the GDPR and refers to a Dutch law. I was wrong to reference it and I'm sorry for muddying the discussion.
> Many of our products require some personal data to provide you with a service. If you choose not to provide data necessary to provide you with a product or feature, you cannot use that product or feature
And then in the section on Windows:
> Rather than residing as a static software program on your device, key components of Windows are cloud-based [...] In order to provide this computing experience, we collect data about you [...]
It seems Windows is included in the statement that collecting personal information is mandatory and without it you "cannot use that product or feature". Although it's not explicit and so that may not be the intent for Windows - but it's not clearly disclaimed either.
Of course, any claim that collecting "Basic" data is truly required for Windows to work well is highly suspect because the Enterprise edition doesn't do it.
But OK, there's a "Learn More" link at the end of the Windows section that shows much more text. Unfortunately, while it includes many details, it also contains lots of inclusive statements. E.g., Activation is said to send "data about the software and your device" with no further explanation.
Bottom line: I would like to trust Microsoft (in this particular regard, at least). I think it's more likely than not that nothing terrible is going on. I think so because collecting data about me is not really part of Microsoft's business model, does not benefit them in any obvious way, and might harm them if it became known. But it would help a lot if Microsoft made a clear public statement (and put it in their contracts and EULAs), instead of all this "for example" wording.
I understand that. I just want to stop sending data from now on.
> I realize that setting it to 'basic' isn't going to satisfy the conspiratorial minded among us
I want no private or personal data to be sent. Calling me "conspiratorial-minded' is simply wrong. There isn't a conspiracy that Microsoft is collecting data about Windows 10 machines; it's an admitted fact, it was never secret. And I would prefer not to send such data, but Microsoft doesn't want to give me that option.
There is no official information on what data is gathered under the Basic setting. The page you linked to has just one sentence, and it's very vague:
> information about your device, its settings and capabilities, and whether it is performing properly
"Information about your device" could cover a lot indeed. What information does this collect that's covered under GDPR? How has it changed, and will change, over time? Who has access to it? I don't know. That doesn't make me a conspiracy theorist.
I don't buy the Microsoft claim from the same page that "This is the minimum level of diagnostic data needed to help keep your device reliable, secure, and operating normally.". It can't be impossible for Windows 10 to be reliable or secure without sending data home. It's evidently not impossible for the Enterprise edition. I accept that this data helps Microsoft do these things, but it should still be my choice as to whether to send it or not, and my right to know what's included in it. And now the law says so too, at least in the EU.
The Dutch DPA already determined Microsoft to be in violation of the GDPR a year ago (https://autoriteitpersoonsgegevens.nl/en/news/dutch-dpa-micr...). I don't know about more recent developments there. But this isn't just a few private individuals' opinion.
> More details, and instructions to disable via regedit
Those are not official Microsoft instructions or documented settings. Windows updates have been known to revert them, and (separately) to require changes to the instructions. Messing with the Registry and disabling system services might have other effects beyond the desired. This is not a satisfactory solution, exactly because I do care about "keep[ing] your device reliable, secure, and operating normally".