The Electronic Frontier Foundation has slammed Microsoft for its "blatant disregard" for user privacy with Windows 10 and has called on the company to formally acknowledge that its update programme was flawed.
In a damning editorial published on 17 August, EFF staff member Amul Kalia blasts Microsoft for misguiding users as part of its attempt to push Windows 10 to machines and calls attention to the "unprecedented" volume of user data it collects.
This includes location data, text input, voice input, touch input, webpages visited and telemetry data regarding how customers use their computer.
Kalia claims Microsoft gathers this information without giving users the tools to properly opt-out and provides no explanation as to how it anonymises user data, nor how long it stores it for. He also accuses Microsoft of providing a "false choice" to customers by claiming that users are putting their security at risk if they lower data-sharing settings on Windows 10.
"Windows 10 sends an unprecedented amount of usage data back to Microsoft, particularly if users opt in to 'personalise' the software using the OS assistant called Cortana," says Kalia.
In France, Microsoft has been threatened with legal action for collecting excessive amounts of data and bombarding customers with ads.
Kalia points out that while some of Cortana's awareness features can be disabled, this doesn't necessarily stop the computer sending usage data back to Microsoft's servers. The company's reasoning behind this is sketchy at best.
"Microsoft has tried to explain this lack of choice by saying that Windows Update won't function properly on copies of the operating system with telemetry reporting turned to its lowest level... But this is a false choice that is entirely of Microsoft's own creation," explains Kalia.
"There's no good reason why the types of data Microsoft collects at each telemetry level couldn't be adjusted so that even at the lowest level of telemetry collection, users could still benefit from Windows Update and secure their machines from vulnerabilities, without having to send back things like app usage data or unique IDs like an IMEI number."
Customers choose between privacy and security
Kalia adds that because of Microsoft's pushy tactics with Windows 10, which saw the company attempt to bury the OS inside of security updates, some users have stopped downloading security patches altogether, leaving them at risk.
He concludes that Microsoft has forced users to choose between privacy and security with Windows 10, and calls on the company to address its mistakes by offering customers straightforward, corrective measures.
"Microsoft should come clean with its user community," says Kalia. "The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations.
"We urge Microsoft to listen to these concerns and incorporate this feedback into the next release of its operating system. Otherwise, Microsoft may find that it has inadvertently discovered just how far it can push its users before they abandon a once-trusted company for a better, more privacy-protective solution."