Veteran Security Analyst Warns Windows 10, Even With Tracking Off, Still Tracks Too Much
Burnett details a very specific and highly controlled installation of the Microsoft OS where he sets up Windows 10 Enterprise Edition in a virtual machine and adds NIC (Network Interface Card) tracing, then lets the machine sit untouched overnight. The kicker is he also installed the Windows Restricted Traffic Limited Functionality Baseline to the OS before connecting it to the Internet (see here). For reference, this is a Microsoft-built configuration for Windows 10 that shuts down much of the tracking functionality, but according to Burnett, not all. The ramifications here reach far beyond just a single user and in fact HIPPA compliance organizations in the US recommend this Restricted Traffic configuration to avoid personal health privacy violations with Windows 10 in health care. According to Burnett, a 7 time Microsoft MVP, it’s very easy to get confused with how to properly disable basic privacy settings for things like telemetry. It’s further noted that though the Windows Restricted Traffic Limited Functionality Baseline config does cut back on tracking data being pushed back to the Microsoft cloud significantly, it does not block everything.
Even according to Microsoft’s documentation on this specific security level, it does still gather telemetry info on the programs you run, app diagnostics, Windows DRM, Microsoft Office and what the Mail and Calendar apps have access to. On the flip side, this highly restricted setup still allows Microsoft OneDrive nag screens to get through, though Windows Updates are disabled, presumably because in this configuration for the enterprise, your company IT department would likely manage these for you.
To make matters worse, if you don’t have Windows 10 Enterprise Edition, the most you can do is turn the OS down to basic telemetry, which still allows Microsoft gather a certain amount of data on your machine and its use. Not to mention, many less-savvy users probably have telemetry and other Windows tracking features set to maximum default levels, because Microsoft’s OS is quick to point out any reduced functionality concerns with apps, should you turn its tracking features off.
Burnett underscores that "You are opted-in to just about everything by default and have to set hundreds of settings to opt out, even on an Enterprise Windows system. Sometimes multiple settings for the same feature. Most Microsoft documentation discourages opting out and warns of a less optimal experience. It’s almost like they don’t want you to opt-out.”
And of course Redmond doesn’t want you to opt out. In this day and age where operating systems are more than just software to control devices and give users a UI to work with, the big players like Microsoft, Google and Apple all leverage their software to lock the user into their ecosystem in order to sell more product and services to them. It’s by design and on some levels it does improve the user experience and platforms as a whole as well. The problem is, where do you draw the line on privacy at the expense of services and functionality? That’s likely a personal decision for most users and we’ll put away our tinfoil hats for now. However, either way, it’s always best to be fully informed of exactly what you’re sharing for data, and with whom you’re sharing it with.