How Microsoft (Ab) Uses Windows Default Setting To Collect Information

Globally, 70% of desktop and laptop users prefer Microsoft Windows as their operating system for home or business purposes. The amount of data stored and exchanged on these interconnected systems is exponential and sensitive. Users are now aware and informed about the risks that a data breach entails in the aftermath of scandals like Cambridge Analytica. Social media platforms have created an environment through queries and information that has made a general user aware of the dos and don'ts regarding the privacy policy of various platforms.

Microsoft, much like other technological giants, is transparent with its privacy policy and data on government information requests to debunk any theories of malice. The details, though, lie in the fine print of these agreements and disclosures. Windows works on default settings after installation. The default settings give access to users’ diagnostic feedback, which monitors the browsing history and the apps used to personalize the Windows experience.


The default settings also give camera and location access, which makes the system susceptible to spying by providing audio-visual content. Targeted advertising, activity history, location tracking, account information, contacts, and browser information are some of the other things that Windows can access via default settings.

Users have aggressively complained about Windows collecting data in spite of disabling specific settings. The underlying cause of this lies in the Windows 10’s diagnostics data collection, which by default, is set to ‘Full’. The ‘Full’ setting sends all primary diagnostic data, along with information about websites and app usage and features, in tandem with additional data about device health and enhanced error reporting.

The logical question that subsequently arises is: what does Microsoft use this data for apart from financial maneuvering? Government, for criminal, emergency, and civil legal purposes, periodically asks Microsoft for user data. On their part, Microsoft, according to their terms and policies, discloses the information only after doing an independent investigation. Between the years 2015 - 2018, a total of 30,321 law enforcement requests were made, asking data for 74,743 individual accounts. That is approximately 2.5 accounts per request.



The requests are further divided into criminal, emergency and civil legal purposes. Microsoft, in its numbers disclosure, classifies the data into ‘Disclosure of Content’ and ‘Disclosure of Only Subscriber/Transactional Data.’ As the graph shows, Microsoft categorizes most cases under the latter category. At first glance, this statistic looks harmless unless we dissected what exactly constitutes ‘Only Subscriber/Transactional Data.’ 

According to Microsoft, “Non-content data includes basic subscriber information, such as email address, name, state, country, ZIP code, and IP address at the time of registration. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information.”

They further define ‘Content’ as what users create, communicate, and store through Microsoft’s services, even personal and professional emails, photographs, documents stored in OneDrive, and other cloud offerings like Office and Azure.  

Moreover, the number of requests increases before or during the election years. For example, 2015 and 2016 together saw more than 50,213 accounts specified requests in comparison to 24,530 requests in the year 2017 and 2018. There have already been 14,273 account requests in the first half of 2019. In comparison, there were 14,204 requests in the year 2018.