Over the past few weeks we’ve covered the various ways that Windows 10 fundamentally changes the paradigm of what users can and should expect from their OS as far as privacy, data mining, and support. Multiple authors have declared that this new violation of privacy and the inability of the user to lock down their own data is the new normal, even as a recent investigation found that there’s essentially nothing the end user can do with official settings to prevent Cortana or the Start Menu from phoning home to Microsoft.
Now, The Verge’s Russell Brandom has weighed in, saying that in 2015, “this is simply how computing works. Consumers expect smart recommendations and continually improving services. We expect computers — all computers — to be able to answer any question at any time. In return, companies get constant access to your computer for data collection, automatic updates, and offboard processing. This isn’t an option anymore; it’s the default. And anyone who doesn’t like the deal is going to have a very hard time using today’s computers.”
This is a common argument today, but it conflates the idea of controlling how and when a device collects and transmits information with the idea that these information services shouldn’t exist. I agree users expect a computer to be able to return personalized information, particularly when that information is fundamental to an application’s function. Turn-by-turn directions to a given location become much more difficult if your phone can’t determine where you currently are, and there’s no way to tell an app to show you restaurant or business locations nearby without transmitting some localization data.
Just because location and user data are critical for some functions, however, doesn’t mean they’re critical for every function. More importantly, it doesn’t mean users should be prevented from choosing whether to share search queries, opting out of Microsoft’s SkyDrive, or preventing the OS from transmitting user telemetry. Brandom notes that Apple ran into problems on this front when it revamped Spotlight Search to handle web-facing queries. Security researchers discovered that the contents of Spotlight queries — all of them — were being packaged up and sent to Apple as well as to Microsoft (though the latter wasn’t supposed to store them). If you had location services enabled, your laptop location was sent to Apple every time you typed a Spotlight search query.
Brandom asks, “If Spotlight is going to handle web-facing queries like ‘restaurants near me,’ what else could it do?”
This is only a rhetorical question if you assume that user control and location-based services are diametrically opposed. Apple could’ve made such services opt-in instead of opt-out. It could have made opting out of the feature easy, instead of requiring users to change three different settings in three different locations to completely deactivate the service.
I’ve used Apple for this specific example because I want to illustrate that this problem is scarcely unique to Windows 10. It’s no accident that Apple, a company founded on the idea that a user should be able to interact more easily and naturally with a computer, somehow missed that this particular setting is quite difficult for an average user to disable. Apple could have handled queries like “restaurants near me” by only querying a device’s location after the user typed that string or something similar. It could’ve offered a check box or confirmation dialog notifying the user that such a query would result in data being sent to Apple, along with an option not to display the box in the future.
None of these alternatives prevent Spotlight from handling web-facing queries. All of them respect user choice far more than the status quo.
“The network is hostile”
I came across this phrase in a blog post by Matthew Green, a cryptography expert and user privacy advocate. He uses it to refer to the recent revelation that AT&T has been an enthusiastic and willing supporter of the NSA going back to 1985. Cooperation between the two has only increased since then; AT&T agreed to wiretap the United Nations at the request of the US government in 2012. Green’s post is focused on cryptography and the NSA’s expressed desire to vacuum up all data about everyone, everywhere, and the various ways that corporations have supported this goal, either directly and willingly or through a lax attitude towards internal security. Google may not have intended to give the NSA the ability to spy on its data centers, but that’s what it did by failing to encrypt its internal communications.
It would be absurd to suggest Google’s relentless hoovering of user information or Microsoft’s Windows 10 telemetry gathering are equivalent to the NSA’s mass surveillance programs. It’s not crazy, however, to note tech companies are falling all over themselves to suck up as much personal information about you as possible, and to extract maximum revenue from it.
The problem with that tendency, aside from the security issues it creates, is that extracting maximum revenue from someone is rarely the same as protecting their own best interests. Why, for example, does Windows 10 enable a feature that creates a sticky personal advertising ID for its customers that will persist across devices? Because that’s more profitable for Microsoft — notbecause it needs to actually do so to provide you with any kind of service. Far from protecting user privacy, modern EULAs are littered with references to “Trusted Partners,” verbiage that basically means, “We can share your data with anyone we want.”
User-level control is the only layer left
I’m under no illusions end-users have much control left over these policies and settings, or that Microsoft, Google, and Apple are going to change their current practices. In the smartphone world, it’s nearly impossible to prevent data collection, though using a device like the Blackphone does offer some protection. Now this model is creeping into the PC space; both OS X and Windows 10 require substantial modification to turn off phone-home features.
With billions of dollars in revenue on the one hand and the frustration of privacy and security advocates on the other, it’s easy to see which route companies will take, especially when they can wrap these changes in a thick layer of plausible deniability and claimed user benefits. The network, after all, is hostile.
Imperfect as they are, however, user-level controls and policies are the last bulwark left. Supporting the need for such controls doesn’t mean rejecting connected devices with network location services. I’m the first to agree that connected devices with user-controlled behaviors can be a tremendous boon for end users. That’s why I’m eventually planning to upgrade to Windows 10, to take advantages of features like DirectX 12 — as soon as privacy advocates and researchers have finished putting the finishing touches on tweaks, settings, and under-the-hood changes that give me, not Microsoft, control of when and how the OS talks to others.
In the long run, if such changes continue, even end-user hacking may not be enough to give the end user control. For now, it still is. The least we can do when we talk about these issues is stop pretending that trends in cloud-connected operating systems or user-friendly services require policies that undermine privacy and user control. It’s possible to build systems that respect both.