User privacy has been at the forefront of the conversation around Windows 10 since the launch of the new platform. Here are five specific issues that were highlighted by the debacle.
While awareness of user privacy has been rising throughout 2015, one of the biggest issues that has inflamed the conversation has been the release of Windows 10.
The latest version of Microsoft's flagship OS was released as a free download for existing users in July and it defaulted to sharing personal user information with the company. An option to disable the features in question was provided, but even if they were disabled, Windows 10 still seemed to be sending information back to Microsoft.
"Privacy continues to be a hot topic for consumers and it frustrates them to no end when they hear when companies use and expose private information about them without their knowledge," said Gary Davis, chief consumer security evangelist at Intel.
The Windows 10 privacy controversy brought about plenty of backlash from the tech community but, more than that, it heightened the conversation around expectations of privacy in technology in general. Here are five big takeaways:
1. Personalization vs. privacy
Over the past few years, we have seen a gradual shift in Microsoft's business model from traditional software to cloud service. However, said SANS Institute fellow Jason Fossen, properly implementing cloud services for individual users requires personal data.
"Microsoft executives didn't give away free Windows 10 upgrades out of the kindness of their hearts, they need to jump start the Windows Store and Microsoft cloud ecosystem," said Jason Fossen, fellow at the SANS Institute.
What Microsoft is doing with Windows 10 is nothing new. Tech giants like Google, Apple, and Amazon are all collecting and using personal data to customize and improve the product experience for individual users. The major struggle that has been brought to light is the exchange of personal data for convenience and ease of use. The big question becomes: Do we want better privacy or a better product?
"If we want a better product, it may make sense to allow for some communication to be sent back to Microsoft. It's no different than we do in Apple with things like Siri. If you don't use Siri, it doesn't get any better," said John Pironti, president of IP Architects.
There's no definitive answer here, as the individual user will have to choose the level of trade-off that he or she is most comfortable with.
2. Opt-out vs. opt-in
Another issue brought up by Windows 10 was the amount of control users want to exercise over their personal data. With major hacks and breaches hitting the news regularly, many users desire clarity regarding how their data is transmitted, secured, and used.
"Given the sensitivity of privacy that's arisen over the last couple years, I think it's fair to say that individuals want the choice to decide how their systems interact with the world," Pironti said.
Users who downloaded Windows 10 were given the opportunity to opt-out of the default setting for information sharing. This means they were given the chance to disable the features that sent personal data back to Microsoft either at the time of install (if they went with a custom install) or after the fact.
Users in countries like the US have come to accept opt-out as the de facto model for new software and services. However, places such as the UK and EU, Pironti said, have an opt-in model where the default is to send no personal information, but users can click a button, or check box, to allow their information to be used.
This prompts the question of whether we want to be an opt-in society or an opt-out society. Also, though, do we appreciate the implications of what these mean, Pironti asked? Defaulting to sharing may be perceived as a violation of privacy, while defaulting to opt-in means you may not be able to take advantage of certain key features.
3. False options
Despite the hype that emerged over this situation, collecting personal data is a common practice. And, with some companies, the option to opt-out isn't even on the table.
For example, Pironti said, Google admits to caching every search request since day one and they have a massive amount of metadata around those requests. They've never lied about that, but they also never presented a distinct option to opt-out if you want to use their services.
Microsoft, on the other hand, did present a way to opt-out, but it didn't work the way it was expected to work.
"I think the big difference you're running into when we look at Microsoft is that you were given the option to disable and that option is false," Pironti said.
In the grand scheme of things, the bigger issue is that users believed they had an out when, in fact, they didn't. Microsoft and other tech companies need to be more transparent about the limitations of their policies.
"Transparency along with simple-to-understand privacy language and ability to easily set and control one's privacy settings should be top of mind for all companies today," Davis said.
4. Privacy is subjective
The answer to the question of how much privacy we should expect will be different depending on who you ask. Most people have at least one conspiracy theorist in their friend group or family who may desire more privacy than the average user.
These differences also extend out along demographic lines as well. Pironti said that many Millennial users feel as if they don't have privacy any more and they are more willing to give up privacy for more features. While older users still tend to be less trusting and more wary.
Personal information is collected and used for a variety of reasons, but it is usually something benign like advertising or personalizing an application, Fossen said. Bear in mind, though, once your information has been commoditized in a way you don't like, there is almost no way to reverse it.
"If you trust Microsoft to protect your interests, and you trust the technical skill of Microsoft's engineers to protect your information, then sign up for everything without reservation," Fossen said.
5. Companies vs. users
The impact of the controversy surrounding Windows 10 didn't actually deal a major blow to Microsoft. The initial install rate was very high, and the stories that broke about the privacy issues in the OS didn't appear to slow it much.
When asked if he thought users had lost trust in Microsoft, Pironti said he didn't think they had. As public as the issues were, if everyone was truly worried, he said, there would be a higher rate of uninstalls of the OS.
Fixing the problem requires effort from both tech companies and their users. Microsoft and other tech giants need to be more forthcoming about their treatment of personal information and they must spell it out clearly in official documentation. Things like Google's privacy dashboard are a good start.
Users must push back on features they are not comfortable with. Facebook, for example, has changed its privacy guidelines many times. Sometimes, the user base has pushed back against these changes and Facebook has had to back off on certain updates.
So far, Pironti said, what we've seen is just an initial reaction to change. The tech market will continue to shift and users will grow alongside it in their reactions and responses.
"Like everything else, we'll adapt and we'll have to decide what are our reasonable expectations and what are the limits we're willing to accept and not accept," Pironti said. "And, I think that we'll learn together with Microsoft and they will adjust their approach the same."