Posted on | July 30, 2015 | No Comments
Since Microsofts new privacy statements and services agreements are a total of (hard-to-understand) 45 pages,
here is a little extract of the most important things.
This extract is not original research, just a compilation of things found in the root texts and sources quoted below.
Microsoft basically grants itself very broad rights to collect everything you do,
say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties.
The company appears to be granting itself the right to share your data either with your consent “or as necessary”.
Sync by default
Microsoft will sync settings and data by default with its servers.
This includes your browser history, favorites and the websites you currently have open
as well as saved app, website and mobile hotspot passwords and Wi-Fi network names and passwords.
This is pretty much like how Google Chrome sync works,
however, if you are not comfortable with sharing your usage habits you can deactivate it from settings.
“When you share Your Content with other people, you expressly agree that anyone you’ve shared Your Content with may,
for free and worldwide, use, save, record, reproduce, transmit, display, communicate (and on HealthVault delete) Your Content. ”
“To the extent necessary to provide the Services to you and others (which may include changing the size, shape or format of
Your Content to better store or display it to you), to protect you and the Services and to improve Microsoft products and services,
you grant Microsoft a worldwide and royalty free intellectual property licence to use Your Content, for example,
to make copies of, retain, transmit, reformat, distribute via communication tools and display Your Content on the Services.”
Cortana, the personal assistant
“To enable Cortana to provide personalized experiences and relevant suggestions, Microsoft collects and uses various types of data,
such as your device location, data from your calendar, the apps you use, data from your emails and text messages,
who you call, your contacts and how often you interact with them on your device.
Cortana also learns about you by collecting data about how you use your device and other Microsoft services,
such as your music, alarm settings, whether the lock screen is on, what you view and purchase,
your browse and Bing search history, and more.””
“we collect your voice input, as well your name and nickname,
your recent calendar events and the names of the people in your appointments,
and information about your contacts including names and nicknames.”
Windows 10 generates a unique advertising ID for each user on each device.
That can be used by developers and ad networks to profile you and serve commercial content.
Like data sync, you can turn this off in the Setting menu > Privacy> general > Change privacy option
Microsoft obtains your Encryption key
When device encryption is turned on,
Windows 10 automatically encrypts the drive its installed on and generates a BitLocker recovery key which is backed up to your OneDrive account.
Microsoft WILL disclose your data – in “good faith”
“We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders),
when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services.”
Activated by default, WiFi Sense lets you share Wi-Fi network access with your Facebook, Outlook.com, and Skype contacts.
It works in the background, automatically sharing networks you choose to share and downloading credentials for Wi-Fi networks your contacts have shared with you.
The claim is that the sharing stops to function the moment you stop WiFi Sense or stop sharing a certain network.
Note that this is in conflict with their general Content rules that say “once shared, always shared”.
It is also claimed that this will not work for 802.1x protected networks.
Both limitations, with regard to time and type of authentication, are clearly merely imposed by the client.
From a technical point of view, any type of access info may be shared, and may remain shared for unlimited time.
Note that Microsoft admits that when a sharing is revoked, it may take several days (!) for that revocation to come into effect.
This demonstrates the technical issues with the sharing model.
Microsoft Privacy Statement
Microsoft Services Agreement