Microsoft's Windows 10 operating system (OS) has gained a reputation of playing it fast and loose with user privacy. Now, an independent security analyst called Mark Burnett has taken to twitter to outline his analysis of its enterprise version – and it's not pretty.
During his initial analysis, via a social media thread from 21 May, Burnett detailed a number of oddities. Microsoft's tracking-related services, error reporting notices and anti-phishing service ("SmartScreen") all appeared to still be connected to Microsoft servers, despite being disabled.
One tweet read: "I have every policy set to not sync settings plus I have the sync-related services disabled. Still connects." Another read: "With every possible setting to block connections to MS (except updates) here are a bunch of advertising-related connections."
Even Microsoft Paint was impacted. "I deleted Paint 3D and Microsoft silently reinstalled it and added a firewall rule to allow it to connect out," Burnett claimed. The thread gained significant traction online, with many quickly sharing complaints about Windows.
This week, 22 May (Monday), the researcher scaled back his first round of assertions but stressed that Microsoft was still collecting too much information from its enterprise users.
He explained: "I made mistakes on my original testing and therefore saw more connections than I should have. But [it still makes] too many connections. You are opted-in to just about everything by default and have to set hundreds of settings to opt out.
"Most Microsoft documentation discourages opting out and warns of a less optimal experience. It's almost like they don't want you to opt-out. But you can't completely opt-out. Windows still tracks too much. Home and Professional users are much worse off."
He added: "The point of this [...] isn't to bash Microsoft or ditch Windows. We face the same thing with Apple, Google, and so many others. What we need to do is fix this, even if that means getting lawmakers involved. It can only get worse from here."
In response to the complaints, a Microsoft spokesperson told IBTimes UK: "Enterprise users are able to configure the necessary settings to achieve zero emissions and we provide guidance and actual script to configure their systems.
"We don't recommend turning off the settings as it disrupts user experiences and security. We give our customers a number of choices to help manage telemetry settings for an enterprise environment and how to confirm these settings."
Click on the Twitter post to read the full thread:
As uncovered by technology website The Inquirer, commentators on YCombinator were quick to comment on the Windows enterprise functions. Microsoft recently released statistics claiming the software was now running on 500 million devices globally.
"I've already had to revert a client to Win 7 because they failed a PCI compliance audit using Win 10 Enterprise. Which, by the way, is very expensive for small businesses. Win 10 Enterprise isn't viable for business," wrote one commentator under the name "Donkeychan".
Burnett's findings – even when scaled back – are from the first allegations of data collection over-reach. In early 2017, the EUs data protection watchdog urged Microsoft to "clearly explain what kinds of personal data are processed for what purposes" after a significant review.
Earlier this month, during the Microsoft Build conference, CEO Satya Nadella indicated he was aware of such concerns. "I do believe that it is up to us to ensure that some of the more dystopian scenarios don't come true," he said, referencing George Orwell's novel, 1984.
Burnett doesn't seem convinced. "A shift in Microsoft's philosophy has led to a massive collection of data from Windows computers. For me, it's not only a privacy issue but a security issue. It is hard to control what is happening on your computer when you aren't in control," he wrote.