I was reading Martin Brinkmann’s ghack article this morning entitled Reclaim privacy on Windows 10 with new Debotnet tool” He also has a comparison list of anti-windows 10 spying tools tools which he maintains here. Thanks Martin!
But all this begs the question – why is Microsoft allowed to get away this? Windows is not free and thus users pay for the right to have their private data hoovered up and sold on with out compensation. That is nonsense. Microsoft explained in this convoluted and technical article “Windows and the GDPR: Information for IT Administrators and Decision Makers” 10 May 2018, that yes, it does collect a great deal of information in various modules. It offers several complicated ways to address the concerns. It is a hash of course.
Last October, the Register published an article dealing with EU states, the GDPR and Microsoft that concluded “The Dutch investigation demonstrates that trying to apply generic data protection laws to cloud services of the scope and complexity of Office 365 is a difficult undertaking and unlikely to discover all the nuances and implications of the various data flows. … the problem exists because of Microsoft’s data collection practices. This was probed by the Dutch Ministry of Justice and Security, which has published the results in a series of papers [several in English]. These documents are required reading for those interested in the nuances of telemetry, data collection, personalisation, and the roles of different organisations as defined in the GDPR.”
On the other side of the Atlantic, even though Microsoft has stated that it will abide nationwide by the California Consumer Privacy Act, or CCPA, which went into effect on Jan. 1, 2020, that remains to be seen. What concerns me is the complication factor. If compliance means performing a complex set technical administration gymnastics, then to me, it will not meet the bar. On a positive note, Microsoft has shown some leadership on privacy and “appears” to be correctly sniffing the wind on the privacy issue. I actually applaud their nationwide approach. Several companies, Netflix among them, have adopted a two speed privacy agreement, one for California and one for the rest of country. (I intend to blog on this later).
But all of this fails the KISS principle (Keep it Simple..). Privacy settings need to be defaulted as OPT OUT (that is, all privacy settings are on 100% “out of the box”). Netezins need to continue to lobby hard for this for all products.