Wow! An actually well written article... on the internet of all places!
Been talking about Windows 10 privacy settings a lot lately and how people have been blowing things WAY out of proportion, which is why I was super surprised to see this article. Says a lot of the same things I said, but more eloquently. I blog to vent mostly, so that maybe isn't a high bar to get over. But, the fact that it is a sensible and well thought out article is surprising.
A lot of confirmation bias here most likely, but the most important parts here are that the article doesn't fail to draw the parallels between what Microsoft does and what other companies do. And it also clearly points out that very few things are free. Some things simply don't have an upfront monetary cost, but privacy IS a cost and it is one most people have been willingly paying for all sorts of things for ages. And for most people the cost is out of sight and thus out of mind.
To recap my stance; the fears over Windows 10's privacy settings are MASSIVELY overblown. Most articles are misleading and implying things that are untrue or are purely hypothetical (and could be said of most privacy policies).
I tend to agree with those that feel Microsoft hasn't done the best job here in the wording of their policies. Though, I think most would fail to produce an example of anyone who has delivered on a flawless privacy policy and implementation thereof in the first pass. And many of these things are new to their privacy policy.
Some of the biggest problems are that many of these settings are grouped together in illogical ways and while I have little issue with them being opt-out as opposed to opt-in I can also agree that it is too easy to opt-in without a sufficient indication of what you're opting into, and the repercussions of opting-out aren't well enough explained.
The truth is, these are largely harmless settings, and they enable some of the key differentiating features platform. If they were surfaced to the user as forced decision using the terminology they use today, most people would opt-out and the user experience for the OS would be hampered. And this is why Microsoft "hides" these behind the custom settings in the out-of-box experience.
What Microsoft really needs to do within the OOB experience is break at least the most common features that can collect data. So instead of describing what you're collecting, have a heading for Cortana that says something like "allow Cortana to access my calendar proactively? (calendar information may be sent to Microsoft for processing)". Such wording tells me, under a relevant category (like "Cortana") what information would be collected and gives a clear indication of why it is being collected. It also gives a fairly good idea of the sorts of functionality that would be lost.
Same thing goes for things like sending keystrokes and voice. The way it is worded in the privacy policy the average person doesn't even need a paranoid blogger to blow this one out of proportion for them. Even I can agree that it sounds "allow Microsoft to eavesdrop on anything I do". It is really important to be VERY succinct on a topic like this about what you're collecting, under what circumstances and VERY VERY specific info on how the data is used. Microsoft hasn't done this. And the internet just jumped all over it.
The way to think of this is, your keystrokes are largely being analyzed by an algorithm to determine things like the most common words used, most common typos, most common sentence structures, etc... I don't believe that the actual keystrokes and data are being persisted. And, if it was, there would simply be too much data for anyone to ever make use of directly.
For speech it is similar. Pronunciation can be hard especially with the array of accents and languages out there. Anything that handles voice commands needs to be trained to be able to adapt to individuals as well as "learning" as many of these variations as possible. And, all of that along with many of the same things as needed for text prediction. Knowing what words commonly follow what other words is a good way to help rule out possible bad interpretations. Again, unlikely this data is being persisted anywhere. Voice commands are likely sent, analyzed, metadata is produced based on the analysis, sample is discarded, and metadata is used to improve the speech recognition algorithms.
The good to come of this is perhaps that it is causing people in general to become more aware of the other ways we pay for things when we think we're getting something for free and to make more informed decisions about when and with who we share that sort of data.
At the end of the day though, almost any service that either monetizes your private information, uses it to improve services or both does so via an opt-out and not an opt-in policy. These services can only become valuable if the majority of their users give up those privacies. In this way, Windows 10 is no more malicious than anyone else. These services and features largely wouldn't be worth using if it were any other way.
Maybe the new norm for the internet in a few years will be pay or opt-in to giving up privacy information. And, I wager if such a time comes to pass, 99% of people will choose to pay with their private info most, if not all of the time.
But then, there is security in numbers as well. The more people that give up their private information, the less likely anyone is actually paying attention to it.
A lot of confirmation bias here most likely, but the most important parts here are that the article doesn't fail to draw the parallels between what Microsoft does and what other companies do. And it also clearly points out that very few things are free. Some things simply don't have an upfront monetary cost, but privacy IS a cost and it is one most people have been willingly paying for all sorts of things for ages. And for most people the cost is out of sight and thus out of mind.
To recap my stance; the fears over Windows 10's privacy settings are MASSIVELY overblown. Most articles are misleading and implying things that are untrue or are purely hypothetical (and could be said of most privacy policies).
I tend to agree with those that feel Microsoft hasn't done the best job here in the wording of their policies. Though, I think most would fail to produce an example of anyone who has delivered on a flawless privacy policy and implementation thereof in the first pass. And many of these things are new to their privacy policy.
Some of the biggest problems are that many of these settings are grouped together in illogical ways and while I have little issue with them being opt-out as opposed to opt-in I can also agree that it is too easy to opt-in without a sufficient indication of what you're opting into, and the repercussions of opting-out aren't well enough explained.
The truth is, these are largely harmless settings, and they enable some of the key differentiating features platform. If they were surfaced to the user as forced decision using the terminology they use today, most people would opt-out and the user experience for the OS would be hampered. And this is why Microsoft "hides" these behind the custom settings in the out-of-box experience.
What Microsoft really needs to do within the OOB experience is break at least the most common features that can collect data. So instead of describing what you're collecting, have a heading for Cortana that says something like "allow Cortana to access my calendar proactively? (calendar information may be sent to Microsoft for processing)". Such wording tells me, under a relevant category (like "Cortana") what information would be collected and gives a clear indication of why it is being collected. It also gives a fairly good idea of the sorts of functionality that would be lost.
Same thing goes for things like sending keystrokes and voice. The way it is worded in the privacy policy the average person doesn't even need a paranoid blogger to blow this one out of proportion for them. Even I can agree that it sounds "allow Microsoft to eavesdrop on anything I do". It is really important to be VERY succinct on a topic like this about what you're collecting, under what circumstances and VERY VERY specific info on how the data is used. Microsoft hasn't done this. And the internet just jumped all over it.
The way to think of this is, your keystrokes are largely being analyzed by an algorithm to determine things like the most common words used, most common typos, most common sentence structures, etc... I don't believe that the actual keystrokes and data are being persisted. And, if it was, there would simply be too much data for anyone to ever make use of directly.
For speech it is similar. Pronunciation can be hard especially with the array of accents and languages out there. Anything that handles voice commands needs to be trained to be able to adapt to individuals as well as "learning" as many of these variations as possible. And, all of that along with many of the same things as needed for text prediction. Knowing what words commonly follow what other words is a good way to help rule out possible bad interpretations. Again, unlikely this data is being persisted anywhere. Voice commands are likely sent, analyzed, metadata is produced based on the analysis, sample is discarded, and metadata is used to improve the speech recognition algorithms.
The good to come of this is perhaps that it is causing people in general to become more aware of the other ways we pay for things when we think we're getting something for free and to make more informed decisions about when and with who we share that sort of data.
At the end of the day though, almost any service that either monetizes your private information, uses it to improve services or both does so via an opt-out and not an opt-in policy. These services can only become valuable if the majority of their users give up those privacies. In this way, Windows 10 is no more malicious than anyone else. These services and features largely wouldn't be worth using if it were any other way.
Maybe the new norm for the internet in a few years will be pay or opt-in to giving up privacy information. And, I wager if such a time comes to pass, 99% of people will choose to pay with their private info most, if not all of the time.
But then, there is security in numbers as well. The more people that give up their private information, the less likely anyone is actually paying attention to it.
Comments
Post a Comment