33

There have been quite a few news stories relating to the use of "Telemetry" in Windows 10 (and also now Windows 7/8) with suggestions that users would want to disable or remove these updates due to privacy concerns caused by sending this information to Microsoft.

What I'm interested in are the details of what data is sent to Microsoft by these patches and any concrete privacy security implications of this transmission as many of the comments on-line seem to lack this information.

pacoverflow
  • 262
  • 1
  • 10
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • 1
    Do you have any credible sources saying that Windows 7 is also affected ? Looks like I'll have to switch to Mac OS sooner than I thought. :( – André Borie Aug 31 '15 at 10:06
  • @AndréBorie the general reporting I've seen on this says that windows 7/8/8.1 now have telemetry enabled (e.g. http://www.forbes.com/sites/gordonkelly/2015/08/30/windows-10-spying-on-windows-7-and-windows-8/) One of the problems is I don't see any information about whether I should actually be concerned about telemetry from a privacy standpoint. I'm not sure if it's anything to be concerned about or not (hence the question) – Rory McCune Aug 31 '15 at 10:10
  • 3
    Switching OS seems a bit drastic. Just [disable telemetry entirely](http://winaero.com/blog/how-to-disable-telemetry-and-data-collection-in-windows-10/). – Polynomial Aug 31 '15 at 11:25
  • Also, the answer to this depends on your settings. The "Basic" option sends back your hardware spec, list of installed programs, and some of your configuration settings in Windows. I don't know the details of what gets sent with other options. – Polynomial Aug 31 '15 at 11:26
  • 3
    @Polynomial yeah I'd agree disabling telemtry would seem like an idea, although if it's done in an unsupported fashion (i.e. the OS doesn't recognise that as an option) there's always the risk that it'll just get re-enabled in a later update. – Rory McCune Aug 31 '15 at 12:05
  • 1
    @Polynomial Only on Entreprise Edition you disable it entirely. Otherwise you can *turn it off* only yo **Basic** *mode* –  Sep 02 '15 at 13:40
  • @Begueradj Read the article I linked. The Enterprise version offers the "turn off" option *in the GUI*, but the registry fix works regardless of your OS edition. – Polynomial Sep 02 '15 at 14:29
  • 1
    @Polynomial [Ars](http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/) suggests that some data is still being sent even when Telemetry is disabled. – Iszi Sep 09 '15 at 18:29
  • @Iszi The [instrumentation telemetry](https://msdn.microsoft.com/en-us/library/dn589775.aspx) contains nothing that I'd consider privacy-impacting. It's essentially just a list of error event IDs that have occurred for Windows components. Both Windows and OS X have been doing that for time immemorial, and several Linux distros (incl. Ubuntu) have similar features. – Polynomial Sep 13 '15 at 12:46

1 Answers1

23

What is Telemetry?

Windows OS monitors and debugs information about the user's running applications. This is called instrumentation. Gathering remote information that is collected by instrumentation is what is called Telemetry.

As the product is not opensource, one can legitimately think of the worse. But to keep the answer as objective as possible, I prefer to quote from Windows 10 feedback, diagnostics, and privacy: FAQ:

As you use Windows, we collect performance and usage information that helps us identify and troubleshoot problems as well as improve our products and services. We recommend that you select Full for this setting.

  • Basic information is data that is vital to the operation of Windows. This data helps keep Windows and apps running properly by letting Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also turns on basic error reporting back to Microsoft. If you select this option, we’ll be able to provide updates to Windows (through Windows Update, including malicious software protection by the Malicious Software Removal Tool), but some apps and features may not work correctly or at all.

  • Enhanced data includes all Basic data plus data about how you use Windows, such as how frequently or how long you use certain features or apps and which apps you use most often. This option also lets us collect enhanced diagnostic information, such as the memory state of your device when a system or app crash occurs, as well as measure reliability of devices, the operating system, and apps. If you select this option, we’ll be able to provide you with an enhanced and personalized Windows experience.

  • Full data includes all Basic and Enhanced data, and also turns on advanced diagnostic features that collect additional data from your device, such as system files or memory snapshots, which may unintentionally include parts of a document you were working on when a problem occurred. This information helps us further troubleshoot and fix problems. If an error report contains personal data, we won’t use that information to identify, contact, or target advertising to you. This is the recommended option for the best Windows experience and the most effective troubleshooting.

Note that only on Enterprise Edition one can turn that feature off totally. On Windows 10 Home and Professional, for instance, it can be set only it to Basic.

UPDATE 1:

Is this information specific to the telemetry service or just general information that Windows collects? I've had problems in tying up what's telemetry (which was back-ported to win8/7) and what's general data passed back to MS.

Telemetry is a main part of Diagnostics Tracking Service available in Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1, Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows Server 2012 R2 Standard and Windows 10. The quoted paragraphs concern the Diagnostics Tracking Service mechanism in which other modules, apart from Telemetry, are included.

Diagnostics Tracking Service consists mainly in these files:

  • telemetry.asm-windowsdefault.json
  • diagtrack.dll
  • utc.app.json
  • utcresources.dll

As you can see Telemetry is a JSON file that is used to describe the data sent back and forth between Windows machine (client) and server.

If you are curious about the details, you can see its content when you downloand the appropriate patch you want. When you extract the content of MSU file (instructions here) and retrieve the CAB files, you will find a folder which name looks something like this: amd64_microsoft-windows-u..ed-telemetry-client followed by several numbers. Check the content of that folder and open the Telemetry file in JSON format to have a technical insight about its details, mainly description of the data echanged between your machine and Microsoft server(s).

Telemetry is also seen as a part of Microsoft Customer Experience Improvement Program as

it is impossible for us to contact most of our customers in person to get their feedback. The Customer Experience Improvement Program (CEIP) was created to give all Microsoft customers the ability to contribute to the design and development of Microsoft products.

If you check Privacy Statement for the Microsoft® Customer Experience Improvement Program you can read:

When you participate, we collect basic information about how you use your programs, your computer or device, and connected devices. We also collect information about how each is set up and performing. These reports are sent to Microsoft to help improve the features our customers use most often and to create solutions to common problems.

Which statement is in contradiction with the first text we quoted as the user has no ability to turn off totally Telemetry.

As for the exact data being exchanged through Telemetry, apart from the quoted text and the efforts you may make to read that JSON file (and may be survey your machine's communication?), I can not say more. But it is really very interesting to know that precisely (if it is possible).

UPDATE 2:

Additional information I found ( I still refer to official documentation only to stay objective):

From Instrumentation and Telemetry Guidance, we can read that the information generally include:

  • Details of operational events that occur as part of the normal operation of the application, together with useful information about that event. For example, in an ecommerce site it would be useful to record the order number and value of each order that is placed. These are typically informational events that are used to collect data about the way the application is used.
  • Details of runtime events that occur, and useful information about that event such as the location or data store used and the response time for access to the data store. These are also informational events that can provide additional insight into the normal operation of the application. The event should not include any sensitive information such as credentials, or any other data that might enable an attacker obtaining the logs to compromise the system.
  • Specific data about errors that occur at runtime, such as the customer ID and other values associated with an order update operation that failed. Typically these are warning or error events and will contain one or more system-generated error messages.
  • Data from performance counters that measure specific values related to the operation of the application. These might be built-in system counters, such as those that measure processor load and network usage, or they might be custom performance counters that measure the number of orders placed or the average response time of a specific component.

(Further reading: Telemetry – Application Instrumentation, Windows Azure: Telemetry Basics and Troubleshooting)

From Share telemetry data with Mozilla to help improve Firefox, we can read that it collects for example:

  • memory consumption
  • responsiveness timing
  • feature usage
  • memory configuration
  • hardware configuration

Note that whatever a user does, it seems it is impossible to know what Windows collects and sends permanently. Windows does not stop sending undefined information on his/her behalf as this study shows: Even when told not to, Windows 10 just can’t stop talking to Microsoft. But still what the official documentation describes is not very good for the user such as when Windows takes system files or memory snapshots, which may unintentionally include parts of a document you were working on when a problem occurred.

Community
  • 1
  • 2
    Thanks for the answer. Is this information specific to the telemetry service or just general information that Windows collects? I've had problems in tying up what's telemetry (which was back-ported to win8/7) and what's general data passed back to MS. – Rory McCune Aug 31 '15 at 12:01
  • 1
    Aside from just witnessing the connection, has anyone actually tried to *read* the telemetry data? – Iszi Sep 09 '15 at 19:02
  • @Iszi Yes. Check the last link I pointed to (last paragraph). It is an attempt to read/see what is *communicated out* –  Sep 09 '15 at 19:04