What data does Microsoft's Xbox services collect? We break it down
Ever since a Microsoft executive turned on the Xbox One with a voice command—“Xbox on”—potential customers have wondered what Microsoft’s new console will see, hear, and report back to Redmond.
What’s new? Microsoft offers more information on how the Xbox One’s Kinect sensor uses your data, plus an explicit “Kinect Off” command in case you want to be sure the console’s camera isn’t watching you. And there’s an explicit warning that anything you say during a multiplayer session may be heard by other players. (Well, duh.)
The bottom line: How Microsoft uses your data appears reasonable, at least to us. And at the time we wrote this, of course.
Want to know everything that TechHive knows, thinks, and has written about the Microsoft Xbox One? Check out our dedicated Xbox One page, constantly updated with new content.
How old do you have to be to use Xbox services?
Kids under 13 are not allowed on the Xbox services without a parent’s permission. Kids under 17 can’t create an account without a parent’s permission.
What information does Microsoft collect on signup?
Signing up for a Microsoft Xbox account requires four pieces of information: gender, country, birthdate, and postal code. You’ll also need to provide an email account where Microsoft can contact you.
When you sign in, however, Microsoft also collects a bit more: your IP address, your web browser version, and a time and date. Further, if you use a Microsoft account to sign into a device or into software that is installed on a device, a random unique ID is assigned to the device. None of this data is assigned to you, meaning you as a distinct person. Not surprisingly, it’s all used to create a profile that Microsoft can sell to advertisers, who will send you personalized ads.
Apps that allow you to sign in with your Microsoft account can share that email and unique ID with other services. That unique (though anonymous) ID can only be used to complete a business transaction, though.
What information does Microsoft collect as you use its services?
Whew. Quite a bit, basically. But this should be what you’d expect Microsoft to know about as you used its services.
Once you log on and start playing games on the Xbox, Microsoft collects information regarding the number of times you sign in and sign off, games you have played, and game-score statistics. Also, Microsoft will pull Xbox console hardware and operating performance data, manufacturing codes from game discs, network performance data, and data that indicates the quality of the Xbox service itself. And, to prevent cheating, Microsoft reserves the right to collect your IP address, operating system, and Xbox Live software version. If you use Bing for searches, expect Microsoft to record search terms and also samples of any voice commands you used to perform the search. This is all used to improve your experience, according to Microsoft.
Microsoft may also collect information about what you watched using the Xbox One’s television service, and what music and videos you watched or listened to using Xbox Live.
And if you actually use the Xbox One to play games, this next bit may come as a surprise: “If you participate in leaderboards, live-hosted gameplay, achievements, tournaments, and gamer-profile sharing, Microsoft and such partners as game publishers and service providers may collect, disclose and share your game scores; game play sessions; your presence on the Services; the time you spend on or within particular portions of the Services; portions of the Services that are displayed on your monitor or screen and the duration of that display; rankings, statistics, gamer profiles, avatars, and content that you may submit; and other usage information. These may be provided with or without attribution to you, your gamertag or avatar.”
How does Microsoft use all this data?
In a word, advertising. Naturally, Microsoft’s advertisers will also add cookies to your computer or console.
In general, Microsoft won’t share this data to a third party without your consent. Some exceptions include law enforcement requests, mergers, and “to protect life and safety.” And if you’re concerned about what data the company is accessing (and whether you can control any of it), you can always go to the My Account page.
What data does each Xbox service use?
Kinect: Xbox One’s motion camera can log you in by recognizing your face. To do so, however, it “measures distances between key points on your face to create a numeric value that represents only you”. For gameplay, Kinect will map distances between your body’s joints to create a stick figure—a “skeleton”—whose data will be stored on your console, then destroyed at the end of the session.
Kinect is also aware of your expressions, which can be used to control a game. Like the skeleton, this data is stored locally, then destroyed at the end of your game. Some games will also photograph you. You can choose whether to keep the photos, share them, or erase them.
Microsoft does not record Skype calls. But Microsoft takes pains to note that your multiplayer sessions can be recorded. “You should not expect any level of privacy concerning your use of the live communication features such as voice chat, video and communications in live-hosted gameplay sessions offered through the Services,” Microsoft says. “We may monitor these communications to the extent permitted by law, but we cannot monitor the entire Service and make no attempt to do so. You understand that others can record and use these communications. Communications in live-hosted gameplay sessions may also be broadcast to others.”
Some games (such as Xbox Fitness) will also store fitness information on the console. You’ll have the option of providing height, weight, age, and gender to improve Xbox Fitness and its estimates of your heart rate, but that information won’t be shared with other Xbox users unless you allow it.
Finally, there’s the option to turn the Kinect on or off by using the “Kinect Off” command, or else a similar “Xbox On/Off” command. Microsoft’s said before that the Kinect sensor could be turned off, but how it’s doing it is new.
Xbox Music/Video/TV: Microsoft may display recommandations based on the content you play. It may send your device IP address, device software version, your regional and language settings, and an identifier for the content back up to Microsoft. It’s not quite clear what that ID will reveal about the source of those “shared” MP3s you acquired way back in the day. What you watch on television may be shared with your friends, but Microsoft won’t collect this information for teens and children.
GameDVR: You can choose to record a gameplay session and share it. Not surprisingly, someone else can record your multiplayer game, too.
Xbox on Windows Phone: Your location may occasionally be stored. “For example, games may use your location to award an achievement based on the distance traveled between game sessions,” Microsoft says.
SmartGlass: Microsoft’s “second-screen” SmartGlass app may pass along what games you’re using in conjunction with SmartGlass.
Xbox Social: This catchall term basically tells you that your Xbox Live Gamertag will be shared with others, as well as any high scores. Achievements—accomplishing something cool—will be shared, while “Magic Moments” (such as a perfect dance routine) will be shared only if your privacy control allows it.
Is there anything to be worried about?
While the amount of data that Microsoft is collecting is a little shocking, much of it seems like a natural offshoot of your normal interactions with its products and services. Nevertheless, you’re still “paying” above and beyond the $60 or so Microsoft and its partners will charge per game.
Still, some of you will never be satisfied. If you’re worried, for example, about the NSA peering over Microsoft’s virtual shoulder, consider a more drastic step: unplugging it when not in use. Or try wearing a mask.