Recent concessions by Microsoft in the data its Windows 10 “phones home” to company servers won cautious praise from one critic this week.
“The changes were very welcome from our perspective,” said Maul Kalia, legal intake coordinator at the Electronic Frontier Foundation (EFF) in an interview Wednesday. “They were definitely needed.”
Kalia was referring to the announcement Tuesday that Microsoft would soon reduce the amount of diagnostic data collected from Windows 10 under an optional setting, and immediately launch an online portal where customers can lock in privacy settings.
Windows 10 collects a sweeping array of data—from programs run on the device to details about crashes—and transmits the information to Microsoft, where it’s analyzed, the company has maintained, to safeguard customers’ machines and to improve the operating system.
The practice was widely criticized, with complaints centering on the quantity of data gleaned and the fact that, unlike earlier Windows editions, Windows 10’s collection could not be disabled.
Five months ago, Kalia and the EFF had condemned Windows 10’s data collection practices in a blistering editorial. Kalia urged Microsoft to “come clean” with customers about the harvesting and give users “meaningful opt-outs” from the practice.
In the intervening months, the EFF and Microsoft had conversations about the former’s concerns, Kalia said. He declined to elaborate on the content of those talks.
“These are solid and welcome steps,” Kalia said, pointing to the new privacy dashboard that launched Monday as one example. “But we do still want the company to be more forthcoming.”
In the August editorial, Kalia pointed out that Microsoft refused to say how long the collected data would be kept, and that the company’s argument that it couldn’t serve security updates without simultaneously collecting data from PCs was illogical.
“This is a false choice that is entirely of Microsoft’s own creation,” Kalia wrote then. “There’s no good reason why the types of data Microsoft collects at each telemetry level couldn’t be adjusted so that even at the lowest level of telemetry collection, users could still benefit from Windows Update and secure their machines from vulnerabilities, without having to send back things like app usage data or unique IDs like an IMEI number.”
Transparency remained the EFF’s biggest concern about Microsoft’s data collection practices in Windows 10, the announced changes notwithstanding, said Kalia. “More transparency is what we want from the company,” he said. “I’m glad they took some of our suggestions to heart, and we’re happy that they did that, but we’d prefer them to be more transparent with users about what is collected and why.”