"Your privacy is very important to us." Read the Microsoft Privacy Statement
Last week was largely marked by Microsoft - more precisely, discussions about what personal data a new operating system collects. But before analyzing this issue in detail, let me quote from The Guardian :
Well, now let's see what Microsoft wants to know about us.
The document is big enough. 12 font about 30 pages, so we will quote selectively.
What can a company collect about us if we use its solutions?
')
Squeezing the water out of the above:
Someone resented the state's intentions to collect information about us? The NSA and the KGB are quietly jealous - after all, they need to beat the budget for all this and get permission from the authorities and the opposition. And here for all of the above users pay!
And what do the experts think?
Group-IB CEO Ilya Sachkov believes that “a corporation stores personal data as much as is necessary to provide services and perform the transactions you request or for other important purposes.
The interest in the user agreement Microsoft, manifested in the Russian media space, in the same interview is called "artificially exaggerated." "There is no reason to say that Microsoft does not guarantee the privacy of its users"
But back to company policy.
Note that marketing materials are only “including”, but not all. And it is not at all clear what is “to ensure our business activity”. The following document describes examples of such activity, but they clearly do not include all the options.
Note that the situation when the user has logged in is not described, that is, we can assume that the data are not impersonal.
I fully understand when they show me advertising in a free application. But in general, the situation is when the purchase of an application automatically means the suspension of advertising
Why then is the content of the documents analyzed?
How many I use the company's products, I have never seen a request to extend the retention of my data. Well written below:
Is it possible to refuse advertising?
It seems to me alone that this promise to spam for refusing to target advertising?
Perhaps this is five. Since there is no general agreement (and there will be no it), having come up with our technology, we will not give up on surveillance, even if the user has told us not to do it.
Please pay attention to the phrase "and similar technologies." In essence, this creates an open list for the implementation of control services, since it is not explicitly stated that, say, these technologies are used only in the browser. Accordingly, the technology applied by Lenovo is also legitimate from the point of view of this document.
You cannot refuse Microsoft web beacons.
The transfer of possibly confidential information and the possible introduction of bookmarks, if this information is of interest to anyone.
What about protecting this file from being stolen?
Does this mean that if I saved data (for example) in a public folder with access only for one person, then the whole world will be able to see it?
No options like privacy policy settings?
I pay attention that when it is spoken about confidential data, the word “for example” is used - that is, the list is not complete and can be anything.
Someone still doubts that the company does not limit itself in fulfilling any requirements of the legislation?
It's five. You can opt out of targeted advertising, but you will still receive it.
That is, you cannot create an identifier or delete it.
Input personalization
Microsoft collects and uses data such as speech, handwriting input and keyboard input on Windows devices, which improves the process of personalizing and recognizing input data.
For example, for personalized speech recognition, we collect voice input data, as well as your name and pseudonym, recent calendar events, the names of people with whom you have set up appointments, as well as information from contacts, including names and aliases . This additional data helps us recognize people and events when you dictate documents or messages.
In addition, we collect typed and handwritten words to create a personalized user dictionary that helps you better recognize characters when typing or typing on your device, and also provides hints for words when typing or typing.
The goals are noble, but to show to the side what I am writing and with whom I communicate ...
Sending files that may contain confidential information, by default ... Say the macro in Word did not like.
That is, there is no impersonality. Information that “helps to recognize a specific user” is collected. As expected. Taking into account the above obedience to the law ...
That is also the analysis of third-party programs.
Data on networks and connections, such as the IP address of the device, the number of network connections in use and information about the networks to which you connect, such as mobile networks, Bluetooth and identifiers (BSSID and SSID), connection requirements and Wi-Fi speed -Fi to which you connect.
Other equipment connected to your device.
Some diagnostic data that is important for Windows and cannot be disabled if you are using Windows.
Web browsers: Microsoft Edge and Internet Explorer
Some Microsoft Browser information that is stored on your device will be synchronized with other devices when you log in with your Microsoft account.
Note that it is not said that synchronization will occur only with the owner’s devices.
That is, by default, all my photos fly to the network? Where are analyzed for compliance with the law.
What about security?
A somewhat unusual term.
Note that according to the document, updating the application does not require updating the description of the functions used and / or notification of this. That in the light of the possibility of replacing an application with an infected one is not good.
Judging by the errors - not many users have read the license agreement. On Habré, any error in the article does not go unnoticed. And in such an important document ...
Another very interesting quote:
I wonder how Microsoft imagines its customers and their habitat? Probably two thirds of my business trips are hotels with WiFi, which really only works at the reception or when everyone falls asleep. Well, again - banks, critical facilities, military systems, and so on. All of them, at a minimum, should be located in an isolated network and be sensitive to any information. And certainly not to welcome her free movement around the world.
Everything? Not really. It remains the most important.
How many people re-read the license agreement for the night?
In conclusion, we note that the document constantly contains references to other documents. For example:
And a couple of quotes:
My personal opinion is that the aggressiveness of data collection goes beyond all boundaries. I consider it legitimate, when advertising is shown in a free application - developers also want to eat. But not so cheap, and even with the impossibility of shutting it down to the end ...
Several residents of London agreed to “give away their firstborn” in order to gain access to free Wi-Fi in one of the busiest areas of the capital of Great Britain during an experiment exploring the dangers of using public access points. People who did not know about the experiment tried to find Wi-Fi, and, finding a free network, thoughtlessly “signed the user agreement” without even reading it. Meanwhile, for the access to the Internet from the user they demanded to give the provider of their eldest child "forever and ever."
After six people agreed with this condition, this part of the experiment was discontinued.
Well, now let's see what Microsoft wants to know about us.
The document is big enough. 12 font about 30 pages, so we will quote selectively.
What can a company collect about us if we use its solutions?
')
The set of data we collect depends on the services and functions you use, and may include the following.
Name and contact information. We register your first and last name, email address, postal address, telephone number and other such contact information.
Credentials. We collect passwords, password hints and other security-related information used for authentication and access to accounts.
Demographic data. We collect data about your age, gender, country and preferred language.
Interests and favorite activities. We collect data about your interests and your favorites, for example, the teams you follow in sports applications, stock news in financial applications or your favorite cities that you added to the weather forecast applications. In addition to data that you provide explicitly, conclusions about your interests and favorite activities can also be obtained or derived from other data we collect.
Payment details We collect the data you need to process your payments when you make purchases, such as the number of your payment instrument (credit card) and the security code associated with your payment instrument.
Usage data We collect information about your interactions with our services. This includes data such as the functions you use, the products you purchase, the web pages you visit, and the search keywords you enter. It also includes information about your device, including the IP address, device identifiers, regional and language settings, and information about network settings, the operating system, the web browser, and other software you use to connect to services. This also includes data related to the health of services and problems that you encounter when interacting with services.
Contacts and relationships . We collect information about who you are in contact with, and with whom you maintain relationships , if you use Microsoft services to manage contact information, as well as to communicate and interact with other people and organizations.
Location data. We collect your location data, which may be either accurate or contain an error. When you have services or functions based on your location enabled, we collect accurate position data that can be obtained using the Global Positioning System (GPS), as well as the position of cellular stations and Wi-Fi access points. Approximate location data can be obtained, for example, based on your IP address or data that is more or less related to your location, such as your city name or postal code.
Content. If necessary, to provide you with appropriate services, we collect data about your files and transmitted data. This includes the content of your documents, photos, music, or video that you upload to Microsoft services , such as OneDrive. This also includes the content of your messages sent or received through Microsoft services, for example:
- subject line and email text
- text or other instant message content,
- audio or video recording of a multimedia message; and sound recording and decoding from a voice message you received or text dictated by you.
We also receive data from third-party suppliers (including other companies). For example, we supplement the data we collect by purchasing demographic information from other companies. We can also use the services of other companies to obtain information about your location by IP address to apply the appropriate localization settings.
Squeezing the water out of the above:
- We register your first and last name, email address, mailing address, telephone number and other such contact information.
- We collect data about your age, field, country, location
- We collect data about your interests.
- We collect data about who you are in contact with and who you maintain relationships with.
- We collect passwords
- We collect the security code associated with your payment instrument.
- We ... the contents of your documents, photos, music or video, messages
- And if this data is not enough for us, we get data from third parties.
Someone resented the state's intentions to collect information about us? The NSA and the KGB are quietly jealous - after all, they need to beat the budget for all this and get permission from the authorities and the opposition. And here for all of the above users pay!
And what do the experts think?
Group-IB CEO Ilya Sachkov believes that “a corporation stores personal data as much as is necessary to provide services and perform the transactions you request or for other important purposes.
The interest in the user agreement Microsoft, manifested in the Russian media space, in the same interview is called "artificially exaggerated." "There is no reason to say that Microsoft does not guarantee the privacy of its users"
But back to company policy.
Microsoft uses the data we collect ... (1) to support our business activities ..., (2) to send correspondence, including marketing materials ...
Note that marketing materials are only “including”, but not all. And it is not at all clear what is “to ensure our business activity”. The following document describes examples of such activity, but they clearly do not include all the options.
We store the data we receive from you when you are not logged in (not logged in), separately from any information from your account that directly identifies you, such as your name, email address or phone number.
Note that the situation when the user has logged in is not described, that is, we can assume that the data are not impersonal.
Advertising. Many of our services exist due to advertising fees. We use the data we collect to facilitate the selection of advertisements provided by Microsoft, regardless of whether the services are advertised by us or third-party suppliers.
I fully understand when they show me advertising in a free application. But in general, the situation is when the purchase of an application automatically means the suspension of advertising
Microsoft does not use phrases from your emails, chats, video conferencing, or voicemails, or your documents, photos, or other personal files to match targeted advertising.
Why then is the content of the documents analyzed?
Data retention period. The data used for the selection of target advertising is stored no more than 13 months, unless we get your consent to extend this period.
How many I use the company's products, I have never seen a request to extend the retention of my data. Well written below:
Microsoft stores personal information for as long as it is necessary to provide services and perform the transactions you request or for other important purposes, such as satisfying our legal obligations, resolving disputes, and enforcing agreements.
Is it possible to refuse advertising?
You may opt out of receiving targeted advertising from Microsoft by visiting the opt-out page.
Since the data used to receive targeted advertising is also used for other necessary purposes (including ensuring the operation of our services, analytics and fraud detection), refusing to receive targeted advertising does not mean stopping the collection of these data. It also does not mean that you stop receiving advertising or will receive it in smaller volumes. After refusal, the advertising materials you receive will no longer be targeted and may diverge from your interests.
It seems to me alone that this promise to spam for refusing to target advertising?
Browser controls for the Do Not Track feature. Some browsers have a Do Not Track feature (Do Not Track) or DNT, which sends a signal to the websites you visit that you want to stop tracking. Because there is not yet a common understanding of how to interpret failure tracking signals, Microsoft does not respond to such browser signals on its websites and services on the Internet, as well as on third-party sites and on third-party services on the Internet. used by Microsoft for advertising, content or other information . Microsoft continues to work with the Internet industry to create a common understanding of how to respond to failure tracking signals. In the meantime, you can use many other tools to control the collection and use of data, including the ability to opt out of sending targeted advertising to Microsoft, as described above.
Perhaps this is five. Since there is no general agreement (and there will be no it), having come up with our technology, we will not give up on surveillance, even if the user has told us not to do it.
Cookies and similar technologies
Microsoft uses cookies (small text files placed on your device) and similar technologies to operate our services, as well as to collect data ...
Microsoft uses cookies and similar technologies for the following purposes:
- Storage options and preferences. From time to time, your device may store configuration data that ensures the correct functioning of the services or contain your parameters. For example, if you specify your city or zip code to get local news or weather information on Microsoft, we can store this data in a cookie so that you can see relevant local information the next time you visit the site. If you refuse to receive targeted advertising, we will save your choice in a cookie on your device.
- Target advertising. Microsoft uses cookies to collect information about your online activities and determine your interests, which allows us to deliver ads that best match your interests. You may opt out of receiving targeted advertising from Microsoft, as described in the Access and Controls section of this privacy statement.
- Analytics. Cookies and other identifiers are used to collect information about the use and performance of our services, which ensures their proper functioning. For example, we use cookies to record the number of unique visitors to a web page or service, as well as to obtain other statistics related to the operation of our services.
Please pay attention to the phrase "and similar technologies." In essence, this creates an open list for the implementation of control services, since it is not explicitly stated that, say, these technologies are used only in the browser. Accordingly, the technology applied by Lenovo is also legitimate from the point of view of this document.
Microsoft Web sites may contain electronic images, known as web beacons (also called “single-pixel gif files”), which are used to simplify the placement of cookies on our sites, determine the number of visitors to these sites, and provide services in conjunction with other companies. Web beacons are also included in e-mail advertising materials or newsletters to determine whether these messages were opened and what happened to them afterwards.
In addition to placing web beacons on our sites, we sometimes cooperate with other companies that advertise on Microsoft sites, while placing our web beacons on sites or in promotional materials of such companies.
Finally, Microsoft services often include web beacons and similar third-party technology.
You can refuse to collect or use such data by analytical companies by clicking on the following links:
- Google Analytics: tools.google.com/dlpage/gaoptout (browser add-on required)
- ...
You cannot refuse Microsoft web beacons.
Office Services
Search services. For example, when you search for a specific word or phrase, Office sends the plain text of your query to the service (and, when using Insights, to provide context-relevant search results to you, Office sends the word or phrase you requested and some surrounding content from your document ), as well as information about the software you are using, the localization settings of your system and, if required by a third-party content provider, the authorization data indicating and that you have the right to download relevant content. Often the information you receive contains a link to additional information from the content provider of the website. If you click on this link, the content provider can place a cookie on your device to identify you during future transactions.
The transfer of possibly confidential information and the possible introduction of bookmarks, if this information is of interest to anyone.
Microsoft's data classification and recommendation service in the Power View add-in for Excel.… If the recommendation service is turned on, new categories will be periodically downloaded to your computer — this improves the ability of the recommendation service to identify the data categories in your books.
Search in Outlook. Searching in Outlook allows you to quickly find the desired content in your inbox. Outlook creates a file that contains some Outlook data, such as an email address, folders, and contacts from the address book.
What about protecting this file from being stolen?
Onedrive
For example, if you save content in a shared folder, this content will be public and open to any Internet user who can find this folder.
Does this mean that if I saved data (for example) in a public folder with access only for one person, then the whole world will be able to see it?
When you share content through a social network like Facebook from a phone that is synchronized with your OneDrive account, your content is either uploaded to this network, or a link to that content is placed on that network. Content hosted on a social network that is physically located in the OneDrive section is available to any user of this social network.
No options like privacy policy settings?
Skype
Partner Companies ... Microsoft may access, disclose and store your data ( including confidential content , such as your instant message, saved video messages, voice mail, or transferred files) to provide services or to help your local partner or local operator your participation in communication sessions with current legislation or for responding to inquiries within a judicial process, including from law enforcement agencies or other shock organizations.
I pay attention that when it is spoken about confidential data, the word “for example” is used - that is, the list is not complete and can be anything.
Someone still doubts that the company does not limit itself in fulfilling any requirements of the legislation?
Skype advertising. In some versions of Skype software that offer targeted ads based on your interests, you may opt out of receiving targeted ads based on your interests displayed in this software by opening the privacy settings in the software or in the account settings menu. In the event of such a refusal, you will still receive targeted advertisements based on your host country, language settings, and location, determined by IP address, but without using other data.
It's five. You can opt out of targeted advertising, but you will still receive it.
Windows generates a unique ad recipient identifier for each device user. Your advertiser ID can be used by application developers and ad networks to provide you with targeted advertising. You can close access to this identifier at any time by changing the device settings. If you decide to use this function again, a new identifier will be created.
That is, you cannot create an identifier or delete it.
Input personalization
Microsoft collects and uses data such as speech, handwriting input and keyboard input on Windows devices, which improves the process of personalizing and recognizing input data.
For example, for personalized speech recognition, we collect voice input data, as well as your name and pseudonym, recent calendar events, the names of people with whom you have set up appointments, as well as information from contacts, including names and aliases . This additional data helps us recognize people and events when you dictate documents or messages.
In addition, we collect typed and handwritten words to create a personalized user dictionary that helps you better recognize characters when typing or typing on your device, and also provides hints for words when typing or typing.
The goals are noble, but to show to the side what I am writing and with whom I communicate ...
Windows Defender. After you turn on Windows Defender (Windows Defender) monitors the security status of your device and automatically send reports to Microsoft containing data about suspected malware and other unwanted software, and can also send files that potentially contain malicious programs ... Windows Defender can set up so that it does not transmit reports and suspected malware to Microsoft.
Sending files that may contain confidential information, by default ... Say the macro in Word did not like.
Data on the use and communication sessions. Microsoft regularly collects basic information about your Windows device, including usage data, application compatibility data, and information about connecting to networks and communication sessions. This data is transmitted to Microsoft and stored along with one or more unique identifiers that help identify a specific user on a particular device in order to determine the features of the device and the patterns of its use.
That is, there is no impersonality. Information that “helps to recognize a specific user” is collected. As expected. Taking into account the above obedience to the law ...
Among other things, we collect the following data:
- Configuration data, including the manufacturer of your device, model, number of processors, screen size and resolution, date, regional and language settings, and other data about the characteristics of the device.
- Software installed on the device (including drivers and firmware supplied by device manufacturers).
- Data on the use of applications in the Windows system (including Microsoft and third-party applications), for example, how often and for how long you use applications, what functions of applications do you use most often, how often do you use Windows help and support, what services do you use for registration in applications, as well as how many folders you usually create on your desktop.
That is also the analysis of third-party programs.
Data on networks and connections, such as the IP address of the device, the number of network connections in use and information about the networks to which you connect, such as mobile networks, Bluetooth and identifiers (BSSID and SSID), connection requirements and Wi-Fi speed -Fi to which you connect.
Other equipment connected to your device.
Some diagnostic data that is important for Windows and cannot be disabled if you are using Windows.
Web browsers: Microsoft Edge and Internet Explorer
Some Microsoft Browser information that is stored on your device will be synchronized with other devices when you log in with your Microsoft account.
Note that it is not said that synchronization will occur only with the owner’s devices.
Your photos, videos, and screenshots stored on the “film” of your camera are automatically uploaded to the OneDrive section. You can control the placement of photos and / or videos in the OneDrive section, as well as disable automatic loading in the settings.
That is, by default, all my photos fly to the network? Where are analyzed for compliance with the law.
Wallet (Wallet). The Wallet app can store information about coupons, loyalty cards, tickets, and other digital content.
What about security?
Windows Search (Windows Search) gives you the ability to search your household and the Internet from one place.
A somewhat unusual term.
Permissions for apps from the store. Information about the functions used in the application are given on the product description page in the store. You can view a list of functions that applications can use, as well as information on which functions require your consent before the application can access them, and which functions can be turned on or off ...
Application Update. In updated applications, it is possible to use other hardware and software functions when compared with previous versions, which can give them access to other data on your device. If the updated application requests access to specific functions, for example, to determine the location, you will be warned about it. You can also view which hardware and software functions are used by the application by opening the product entry page in the Windows Store (Windows Store);
Note that according to the document, updating the application does not require updating the description of the functions used and / or notification of this. That in the light of the possibility of replacing an application with an infected one is not good.
You can control the use of specific functions of applications from the store in the settings of your device, as described by the link go.microsoft.com/fwlink/?LinkId=529552 .
Judging by the errors - not many users have read the license agreement. On Habré, any error in the article does not go unnoticed. And in such an important document ...
Another very interesting quote:
Windows 10 (“Windows”) is a personalized computerized environment that provides unified access to roaming and access services, settings, and content across all of your computing devices, from phones to tablets to single-piece Surface Hub computers. Key components of Windows are not permanently on your device as static software, but are elements of cloud technologies : at the same time, both cloud and local elements of Windows are updated regularly, providing you with the latest improvements and features. To create the most favorable conditions for the use of computer equipment, we collect data about you, about the device and how you use the Windows system. Since Windows is your personal system, you can choose which personal data we will collect and how we will use it .
I wonder how Microsoft imagines its customers and their habitat? Probably two thirds of my business trips are hotels with WiFi, which really only works at the reception or when everyone falls asleep. Well, again - banks, critical facilities, military systems, and so on. All of them, at a minimum, should be located in an isolated network and be sensitive to any information. And certainly not to welcome her free movement around the world.
Everything? Not really. It remains the most important.
If necessary, we will update this privacy statement, taking into account the wishes of users and changes in our services. If there are significant changes to the application, or if Microsoft changes the principles of using personal data by Microsoft, you will be notified in advance in one of two ways: either through a general announcement or by means of a notification that will be sent directly to you. We strongly recommend that you read this privacy statement regularly in order to know how Microsoft is protecting your personal information.
How many people re-read the license agreement for the night?
In conclusion, we note that the document constantly contains references to other documents. For example:
Windows For more information about data collection and privacy, go go.microsoft.com/fwlink/?LinkId=529552 .
And a couple of quotes:
57% of respondents are not against providing additional personal information (location data, information about the names of five friends on Facebook and family members, etc.) in exchange for financial rewards or improved service quality. 54% of clients even agree on certain conditions to allow the transfer of this data to third parties.
The easiest way is to get the personal data of their consumers to doctors, bankers and sellers - 90%, 76% and 70% of users, respectively, are ready to provide additional information if it helps them to get something in return.
My personal opinion is that the aggressiveness of data collection goes beyond all boundaries. I consider it legitimate, when advertising is shown in a free application - developers also want to eat. But not so cheap, and even with the impossibility of shutting it down to the end ...
Source: https://habr.com/ru/post/264885/
All Articles