16

According to this Forbes article by Gordon Kelly, a condition of using Microsoft's Windows 10 operating system is to agree to the following:

[Microsoft] will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary.

If this is true, and I'm reading that correctly, that means that Microsoft currently has the ability, via Windows 10, to access any file on Windows 10 systems and transmit it to them. Also, it sounds like they don't even need a court order to do this; they just need to have a "good faith belief that doing so is necessary".

Is this true?

RockPaperLz- Mask it or Casket
  • 3,114
  • 21
  • 50
  • 8
    Technically, they can install software on any computer with Auto-Updates enabled, and such software could monitor anything you do. Windows 10 is encouraging users to do more cloud storage and backups, but I can't speak for differences in their terms of agreement about how they would treat sensitive data. – 700 Software Jul 06 '16 at 18:44
  • @GeorgeBailey That appears to be quite true. However, if the user did not explicitly agree to transferring data outside of their system(s), it would be illegal in many jurisdictions. The license agreement, however, appears to waive any such protections by giving Microsoft unlimited access to everyone's data if Microsoft feels they have a "good faith belief". – RockPaperLz- Mask it or Casket Jul 06 '16 at 18:51
  • I've deleted my answer because I'm having difficulty tracking down the articles I was recalling from memory and I'm out of time to do that right now. I'll look for them later and undelete if possible. –  Jul 06 '16 at 19:05
  • Are you asking if they can legally do this, or if they have the technological ability to do this? – Alexander O'Mara Jul 06 '16 at 19:43
  • 2
    They have the ability and they always had - automatic updated exist since a decade and they can push spying software through it. Until now Microsoft has been pretty trustworthy so we didn't worry but since they started agressively pushing the Windows 10 nagware that trust has been lost. Who knows what they'll do next. – André Borie Jul 11 '16 at 10:01
  • [George Bailey's comment](http://security.stackexchange.com/questions/129376/can-microsoft-access-all-private-data-if-a-user-installs-windows-10#comment240191_129376) answers your question as far as security is concerned. It sounds (especially from your bounty text) like you want to know what they are *legally allowed* to do, rather than what they are *able* to do. This is off-topic here, you should ask for your question to be migrated to [law.se] after clarifying which jurisdiction you are in. – Gilles 'SO- stop being evil' Jul 11 '16 at 12:25
  • @Gilles I am not very interested in the legal side, as it is almost impossible to hold multi-billion dollar corporations accountable (unless the plaintiff is seeking *very* minor damages). I have gone toe-to-toe with billion dollar corporations in the past (not Microsoft), and I quickly learned how much the legal system (in multiple jurisdictions) is rigged to favor large corporations and is designed to make lawyers rich. Whoever is willing to spend the most on attorneys will likely win, and *huge* corporations can afford to outspend almost everyone. – RockPaperLz- Mask it or Casket Jul 11 '16 at 22:04
  • @GeorgeBailey Microsoft can *technically* install whatever they want via Windows Update. But, until I read the Forbes article with the above quote, I had the understanding that they would not install software onto people's computers that would secretly transfer personal data files to external servers. The above quote, however, makes it sound like Microsoft, with Windows 10, is fully prepared to do exactly that if they feel they have "a good faith belief that doing so is necessary". – RockPaperLz- Mask it or Casket Jul 11 '16 at 22:06

3 Answers3

11

This is the whole passage (source: https://privacy.microsoft.com/en-us/privacystatement):

Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails in Outlook.com, or files in private folders on OneDrive), when we have a good faith belief that doing so is necessary to:

  • comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
  • protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;
  • operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
  • protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer's private content ourselves, but we may refer the matter to law enforcement.

Microsoft is not allowed to access the files that are only on your local machine. Technically they could implement a function that sends them all your files (something like onedrive synchronization, ;-) ) but someone would definitely notice the high traffic if Windows OS would do so. Your machine would have to open the connection, they can't just open it from outside because of basic networking principles.

I don't think that I have to add something to the legal aspect because the quoted passage explains it pretty well. Of course, there are more limiting words than "good faith belief"...

Edit: Here's a report from a German security company about Windows10 privacy stuff and how to configure it. It's written for company admins but it's an interesting and compact read: https://www.ernw.de/newsletter/newsletter-52-february-2016-some-recommendations-regarding-windows-10-privacy-settings/index.html (didn't want to link the pdf download directly).

Knorke
  • 464
  • 2
  • 5
  • 2
    Thank you for your answer. That passage is notably different from the one quoted in the Forbes article. The passage you quoted is a generic one that does not appear to be specific to Windows 10. Does Windows 10 include a different agreement? If not, the Forbes article appears to be outdated or erroneous. If so, it will be necessary to quote from the appropriate agreement. – RockPaperLz- Mask it or Casket Jul 06 '16 at 23:50
  • 5
    Even if you opt-out of anything and disable what you suppose to, Windows 10 is still spying on you: http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/ . – Overmind Jul 07 '16 at 12:59
  • And LinkedIn was added to list recently. – Aria Jul 11 '16 at 23:13
2

As Knorke mentions and the expanded passage explains, the article you referenced specifically refers to information stored on Microsoft Owned information systems such as that stored on servers that provide outlook.com email, or the file servers that house OneDrive cloud storage.

A few other good references can be found in the following links:

General overview of Privacy

Blog post from Terry Myerson, Executive Vice President, Windows and Devices Group which specifically says they WILL NOT use any data collected from your Email or OneDrive contents for targeted advertising.

The link Knorke referenced is the Official Microsoft Privacy statement which covers all MS products and is what you agree to with the Terms of Use agreement for all MS software, which can be found by searching for the Windows Terms of Use.

If you actually read through most of it you can summarize a lot of the concerns you're asking about with the following:

  1. Cortana/Bing report more or less everything you search or ask for. Each unique account requires a voice database to help with voice recognition and voice commands, if these features are activated. Cortana is considered a Bing enabled service, so it all gets lumped together under Bing, this may be included in the information MS provides to partners.

  2. All Location Enabled devices running Windows 10 (Or pretty much any other OS like Android or iOS) collects Location data to provide better search results, habit information which can be used to provide more targeted responses, search results and media preferences which can be used to offer personalized suggestions, etc... This information CAN and WILL be shared with Microsoft partners, and subsidiaries, for advertising and personalization services. This is explicitly stated in both the Terms of Use and the Privacy Statements.

  3. Data that leaves your hard drive and gets stored on their servers, be it files in your OneDrive, a live or outlook email address, is no longer really yours. Microsoft is legally allowed to examine that information to protect itself, comply with law enforcement, or prevent illegal activities without your consent. It can also be used to enhance services provided to you:

When you use OneDrive, we collect data about your usage of the service, as well as the content you store in order to provide, improve and protect the services. Examples include, indexing the contents of your OneDrive documents so that you can search for them later and using location information to enable you to search for photos based on where the photo was taken.

Taken from the Privacy Statement Knorke referenced earlier.

It is important to remember however, that is true of ANY cloud based, or third party provided, service. Google has the same power with Google docs and Gmail, Apple can do the same with iCloud and their mail servers. Unless explicitly stated in an agreement with a company providing a service to you (Typically this would be a business arrangement with a company, not a personal user). Once the data is on their servers they have implicit access to the data for a multitude of reasons.

To specifically answer OPs question though--Microsoft cannot randomly examine files from your hard drive that are not explicitly associated with a service designed to provide information to them, such as the search histories from IE/Edge, Bing, Cortana, etc... Contacts and Maps and many others (Too many to comprehensively list) keep local files on the computer which share information with MS servers. Most of the information Windows will share can be limited, or completely turned off via the Windows 10 Privacy settings, but as they say this can have a negative impact on user experience, suggestions, location based search results, etc...

Hope that helps a bit

Mortesil
  • 61
  • 3
  • Thank you for your answer. Are you saying that the Forbes article is not factually correct? Did Microsoft change their policies after the article was written? Is there evidence that the author of the Forbes article fabricated that quote from the Microsoft policy? Does Microsoft have more than one policy, perhaps for different regions or products? – RockPaperLz- Mask it or Casket Jul 11 '16 at 22:12
  • It's not that the Forbes article is incorrect, it's just a little misleading because it lacks specificity. The Privacy Statement Knorke referenced is a blanket statement which applies to ALL MS products. If you read through it you will see if has sections which specifically address certain products in addition to the general information. More specific information about an individual product (Like Win10) can also be found in the Terms of Use agreement you have to agree to when installing the software, if such extra information is required for that product. – Mortesil Jul 12 '16 at 16:50
  • Thanks. I might be misunderstanding something, but the agreement quoted by Knorke is substantially different from the one quoted in the Forbes article. It's not just a matter of specificity, the different words (and words added/omitted) substantially change the meaning. – RockPaperLz- Mask it or Casket Jul 12 '16 at 21:37
  • The passage you quoted from the Forbes website, as well as what Knorke posted, is directly from the Privacy Statement he linked to. You have to click 'Learn More' under the section 'Reasons We Share Personal Data' It is word for word what the Forbes article you quoted said with the exception 'We' was replaced with '[Microsoft]' – Mortesil Jul 13 '16 at 15:14
  • Furthermore, The Forbes article is just like any other out there, they choose what to include to grab your attention. If it read 'MS can see what you store on their servers and how you interact with MS services, if you choose to let them do so' nobody would give it a second thought and we wouldn't be having this conversation. Instead of explaining the entire context of the paragraph, they specifically quoted a small passage which is up for interpretation. It's a large document, so you have to read more than just that little piece to fully understand the context of how that passage applies. – Mortesil Jul 13 '16 at 15:28
0

I only have a windows version in my house to connect to a computer. The rest is run on Linux.

Most of us are decent people, and doubt that would eve be subject to the interest of Microsoft. But in reality this is an honest declaration that your data is available to them and anybody that has access to that data in transit.

If you have something that you want to keep private, you can also keep encrypted partitions that are inaccessible to MS, and keep just vanilla-ice data in those partitions that MS is able to see.

Imagine your house. You have a security box, a lock in your bedroom and an open kitchen. when the cleaning/maintenance lady comes you can give her access to areas, but can keep stuff away from her. If you are suspicious of her, then.... clean your own house.

user117669
  • 1