The Internet is alive with the sound of discontent. In his book, Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World, and in an interview in Wired, Bruce Schneier proposes the following paradigm: “Right now, the companies that follow your every virtual movement on the Internet, or your every physical movement, can do whatever they want with that data.” This quote was prompted by a discussion about Facebook and Google. Your data is valuable and these companies are making money with it.
Interestingly, one wonders why Microsoft escaped Bruce’s vision. The computer giant fell behind in the “gathering” of your personal information to “enhance your experience”, and is trying to make up for it fast. It’s moving the collection of data from “free online services” down to your workstation, maybe even your server.
Better ads = better experience?
“Enhancing your experience” is a euphemism for feeding you advertisements. And it’s big business. Pricewaterhouse Coopers predicts that Internet advertising will soon become the largest advertising segment. Total global Internet advertising revenue is forecast to grow from US$135.42bn in 2014 to US$239.87bn in 2019, a CAGR over the period of 12.1%. As the segment captures an ever-larger portion of advertising budgets, it will exceed TV to become the largest single advertising category by 2019.
It’s not surprising then to see a play by Microsoft into this arena – as Bruce contends, “Free services are not ‘Free’.” Your Windows 10 upgrade may be ‘Free’ for a year, but no for-profit company would willingly give up a year’s worth of profits from a slick new operating system, which took hundreds of millions of dollars to develop. There, as they say, is something afoot.
And it doesn’t take long to unearth the plan. Login or create your Microsoft account, and Windows 10 almost begs you to use a Microsoft account rather than a local account. This allows the company to collect and track your activity across different devices and online services, and to share data with apps. So is “synchronizing your data experience” in this way valuable? Perhaps. At least if you know exactly what it is that is being synchronized.
Big data = big problem?
The main Windows 10 security issues are not found inside the operating system, in fact the operating system by all reports seems rock solid. The problem is in the “big data collection” Microsoft is somewhat clandestinely installing onto its stock of modern operating systems. Recent updates to Windows 7, 8.1, and 10 ensure the OS reports data to Microsoft even when asked not to. You can uninstall them, but many people won’t know they’re there.
For the average home user maybe these features are no big deal, perhaps you’re happy to trade your data and activity about your data generating activities for an “Enhanced Experience” and synchronized access to your data. However, in a corporate or legal world it may be disconcerting to know that given enough anonymously gathered data it becomes easy to de-anonymize your activity and your identity?
There are many articles and guides on turning off and increasing Windows 10 privacy, but that’s not the point. There are many that believe Microsoft should default to privacy. The point is that the new Microsoft and its equally new operating system are interested in making money from your data and are going to launch updates with potential privacy violating and gathering capability without telling you.
Microsoft’s stance is simple: “If search engines can track users and profit, why can’t our operating system track users and profit?” Fair point; prepare to give up your data.
Ian Thornton-Trump, CSA+, CD, CEH, CNDA is CTO at Octopi Managed Services Inc. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.You can follow Ian on Twitter® at @phat_hobbit.