You certainly didn’t need to be a grumpy old cynic to question Microsoft’s promise of a free operating system. It turns out that they really were being honest about that; Windows 10 is absolutely 100% free. The stuff that’s on it… not so much. We’ve already heard how Microsoft is trying out subscription based Solitaire, but there is something a bit more insidious and a lot more important going on. To Microsoft, Windows 10 is not the product – you are.
The obvious way in which you are a product is information, something Windows 10 is already getting flak for in Korea [The Guardian]. Your digital life is collected and stored on a server. They know your browser history, your contacts, your passwords and your email. That’s all pretty standard, mostly used for targeted advertising, which is something of a double edged sword. On the one hand, most of you have to put up with fewer irritating ads, probably a worthwhile trade-off. If you spend lots of time looking at camping equipment then it’s a safe bet that you will see ads for tenting. No problem there. I, on the other hand, am seeing the other side of the blade.
A few weeks ago I celebrated my continued survival for the 18th year in a row. And like most birthdays I woke up feeling exactly the same as the day before. But a few more things became legal because I’d crossed an arbitrary threshold of maturity. Microsoft was quick to learn of this, and within a week I noticed that instead of Battlefront appearing before my daily dose of NerdCubed, I was greeted with ads for gambling sites. I should also point out that my age is nowhere to be found on my PC. I lie about my age to most websites so that I could do things like buy GTA V, so were any of those websites selling my data I’d have known about it sooner. I really don’t know how they came about that data, it also can’t have been something like Facebook because my (thankfully) long dead Facebook account seems to think I’m about 14 and I don’t exist on anything else, much less accurately give my age on anything, so… I don’t know where they got the data from, but it was accurate to within a week. That frightens me a little. I’m very careful with my personal information.
But I digress. The ads in the corner could be disabled and I tagged it as ‘irrelevant’, in the hope that them and their 30 second counterparts would kindly sod off. All that changed was the gambling site being advertised. It was clear that my PC had been added to a list that had just been sold off to a load of gambling companies. I find it disturbing, though frankly not that surprising, that these companies would target 18 year olds so aggressively, because these adverts started to appear anywhere that did targeted ads. It also highlighted something I think we as consumers need to understand in full: we are the product in a way that goes far beyond raw data. Companies say they’re being helpful, but the reality is somewhat less philanthropic.
For my real age to wind up on dozens of databases tells me two things. Firstly, Microsoft is aggressively collecting information, and not just information like age. I lied about that, most sites think I’m a year older or younger than I actually am and even if I did give my real age at some point they’d have no way of knowing if I was being genuine, such is the nature of lying. Therefore there is some algorithm somewhere piecing things together to work out unknowns like they were running a police investigation, but instead of doing something useful like solving crimes they’re just looking to increase my value by putting the pieces together. I may not have stated my age with any consistency, but you wouldn’t have to be a genius to work it out.
Secondly, it is an indicator of the future, or rather the normality of it. Windows 10, rather than just sticking to information that could be pieced together with a Google search and a quick browse of Facebook, it collects your contacts, your calendar information, your documents – the last two are (mostly) new to Windows 10, and enabled by default. I say mostly because since a recent update my security software is reporting breeches from Microsoft left right and center on my Windows 8.1 – more on that later.
Only to Google have I ever given access-at-will to my files and in fairness that’s because I back up my files on Google Drive. Theoretically, Microsoft could have read this before I even posted it without my permission (it’s been stewing on my HDD for about a day before posting) and that is worrying. What I write about and who I meet are now something Microsoft sells, which it did not previously. Of course, it may not be that bad. It could be that they just use the information to profile me (still a bit creepy) and sell that, rather than just sell bits about me. But the fact that my age in particular seems to have been singled out for sale within the space of a few days does not offer encouragement.
In this way, Microsoft is moving from selling what you look at, to selling who you are. They know your hopes, they know your friends, and they then sell that on to companies that hope to bring their services to your attention, or turn you onto gambling - as the case may be. If NerdCubed weren’t so reliant on ad income I wouldn’t hesitate to de-whitelist Youtube. 888 Casino can fuck off.
But the fact that it was gambling being thrust into my monitor brought something more serious to my attention. We as internet users are conditioned to ignore the slippery slope. First it’s innocuous, publicly available data like your IP address, then we were subtly introduced to the idea of cookies and browser histories, still not that bad. Then contacts, getting creepy but still within the realms of reason. Then targeted ads, which we’ve discussed. Then your files and your calendar – which serves no-one but Microsoft. Google also collects this data, but almost always offers some sort of advantage to users like email notifications or to refine searches – though they still sell it, obviously. But there is no advantage to Cortana by sending my calendar to a server rather than keeping it in the file next to her. It’s pure data collection.
And with Windows 10 there is a lot more hidden collection than in Windows 8.1, trawling through the privacy options. Windows 8.1 collected data on internal file searches but I can turn pretty much everything off (and although the privacy settings aren’t easy to find, a quick internal search brings them up no problem). It didn’t stop Facebook storing my data but it did stop Microsoft, all in a couple of menus. In Windows 10 that menu is there, but there is also a website that they only tell you about in the small print of their 45 page services booklet. That’s a little bit naughty, because EU law requires that all data collection is only legal ‘Where the individual concerned, (the 'data subject'), has unambiguously given his or her consent, after being adequately informed’. The EU put that bit in bold, not I.
The simplified breakdown of EU data laws can be found here, and it’s fair to say that Microsoft is in breach of quite a lot of them with Windows 10 simply because they have hidden the information in a sodding 45 page booklet and definitely do not ‘adequately inform’ you as having these options enabled by default without telling people is also illegal. It also seems that some of these privacy options mysteriously turn themselves back on after a restart. That’s very illegal. Hopefully it’s just a bug. Even Facebook isn’t that shifty.
So, for those of you interested, Rock Paper Shotgun did a pretty thorough job of how to disable most of the spyware on Windows 10. Read it here if you want.
The fact that this is unsurprising bothers me. It’s not new either, Windows 8.1 had most of these ‘features’ too – though when you turned them off they stayed off. Seriously, if that’s not a bug then Microsoft’s going to get a whooping from the EU at some point. But I wouldn’t be surprised if it was intended, and we’ll be told to quietly accept it – encouraged to ignore the slope we have been skating down for years.
We see this slope most obviously in our industry - in gaming. The transition from horse armor to Mortal Kombat X is one we were all aware of but one that we mostly made no effort to resist. It’s a horrible thing to realise, but we are played by the industry like a flute. We frankly have little choice in the matter. We need entertainment just as we need operating systems. And we have no choice about how that is presented, not really. We have a limited power to punish, and that is the extent of our abilities as a collective consumer. So I propose that you ask yourself where the line is, in DLC, in spyware, in adware. Are you comfortable with where that line is? Do you want to move it? Then have a long hard think about how it might be done, because I for one am not happy about the line. But nor do I know how to move it; such is the insidious nature of the business structures that now exist. It would take an industry crash to wipe the slate clean, but I really don’t want it to come to that. Some have taken note though and been perfectly reasonable, PC Projekt Red very much the leading example with its mix of free and paid DLC.
They recognize that we are human, worth more than our data or wallet. I suggest that if you ever find yourself dealing with a big tech company, remind them that you are a person and not a profile to be bought and sold. For as long as they are able to dehumanize their consumers in the way they do, the shifty spyware, insidious adware and exploitative market practices will never stop.
Now, as much as I dislike this whole ‘big data’ thing – is it illegal? Well, that depends on who you ask, obviously, and it requires a deviation into data collection law and what governments do to protect you from spying. The US government doesn’t give a shit and until courts got involved they did it themselves. The UK is even worse, because although GCHQ (our NSA equivalent)did less data collection, Theresa May – our Home Secretary – placed GCHQ above data laws and plans to have it surpass the NSA’s capabilities like something out of Deus Ex. So if GCHQ uses Microsoft or Facebook and the like as part of their resources, which they probably do to save time, then it’s legal. She and David Cameron also seem to want to ban all encryption [The Guardian], which is moronic beyond comprehension for obvious reasons and frankly I suspect it is so they can claim to be compromising when they go back to their original position, which is somewhat dishonest and a little bit scummy.
Actually, it’s a lot more complicated than that in the UK. Two MPs challenged May’s decisions in the courtroom and won which halted her plans, much to her anger [The Guardian]. Then we have to add to this the EU, which as well as the aforementioned data collection laws, maintains the controversial ‘right to be forgotten’ – namely that companies must remove personal data upon request unless it is in the public interest for that data to remain available. So if you are an EU citizen, you have the luxury of being able to tell Microsoft to delete any data it collects as soon as it is collected – though that’s no guarantee that they’ll actually do it. For instance, yesterday Google openly declared their intent to defy French rulings demanding that they facilitate the right to be forgotten outside the EU [BBC]. Frankly, only Google even shows the slightest chance of actually doing as you ask (though only if you are in the EU and an EU citizen) and that’s only because the EU is threatening to break up the company if they ignore you. So for EU citizens, we have the EU on our side, and can use that to full effect. Outside the EU however, you’re a little bit screwed.
As for other illegal stuff, it is said that many sites like Twitter, Facebook, or less reputable social networks like IMVU install adware and spyware on your PC. I have certainly experienced this as I used to get pop-ups appearing when I started my PC in the morning until I stabbed them in the registry keys. I usually have basic ad-block on and my security software is pretty ruthless. So… let’s run a search for adware and spyware on my PC and see all the stuff it has quarantined or blocked over the past month. Keep in mind that I’m pretty careful, as internet users go. There should be no alerts in this screenshot:
Hmm... that's quite a lot of orange dots, indicative of medium level security threats. In short it detected: one adware, one spyware, plenty of stuff from Microsoft. Norton and Microsoft had a fight, too. Some Windows files tried to access my documents (something I cannot disable since it turned up a few updates ago) at 6:43am and Norton stopped it from accessing those files every single time, calling it a ‘medium intrusion risk’. It also used its own firewall; separate from Microsoft’s, to stop Microsoft servers and files accessing my PC on over 20 occasions in the last 3 days, including 2 attempts to access the word document in which this is written. I don’t think Microsoft realize that those files are my property, so they should leave them alone. So some reputable third party software wouldn’t go amiss.
But Windows 10 isn’t actually that evil, relatively speaking, if only because a lot of other tech corporations are marginally less bad. Facebook does all that Win 10 does, but without snooping at your files. Google does all that Microsoft does, but offers some useful stuff in return. Twitter is in the same boat as Facebook, but is far less upfront about it. They are all breeching laws somewhere, usually the EU (seriously, those data laws are fantastic) by being underhanded and insidious. It dehumanises their customers, us. Their buying and selling of personal data makes it easy to view people as nothing more than the collective worth of their information – which when it comes to treating people right, is a dangerous path indeed.
Massive thanks to Pixie, who gave me some pointers on writing this.