Windows 10: keeping control over your data

July 31, 2015

We’ve written about a rather radical approach to updates delivery, which Microsoft adopts with Windows 10. Now, since the OS arrived two days ago, new security-related concerns have surfaced. First and foremost, it is about control over the data on Windows 10-based PCs and other devices.

It all started with this tweet, which caught our eye yesterday:

https://twitter.com/kaepora/status/626773729197064193

The author isn’t just a random Twitter user; he’s a PhD student at the French Institute for Research in Computer Science and Automation, studying applied cryptography (according to his own Twitter userinfo), so he apparently knows a thing or two on the matter.

“Well, really?” was our initial reaction. We decided to dig deeper, and here’s what we found:

BitLocker

First of all, device encryption is not new and unique to Windows 10; it’s been introduced in Windows Vista, which makes it a 9-year-old feature. It was present in the top-tier editions of OS, though: Ultimate/Pro and Enterprise.

According to Microsoft’s BitLocker-related FAQ, BitLocker Recovery Keys indeed may be saved to online Microsoft accounts, albeit it is also possible to save them to a local file.

Also, take a look at this 2013 article. It reads:

“For domain-joined machines, there is also the “option” to upload recovery keys to Active Directory— in other words key-escrow to the IT department, (In quotes because the decision is not made by end users but configured centrally by IT policy.)”

And the most “interesting” option is to use Microsoft’s own cloud as an “key-escrow agent.” And since Windows 8.1, any machine that happens to have requisite TPM hardware, BitLocker disk encryption will be enabled with recovery keys escrowed to MSFT automatically.

In Windows 10 the BitLocker recovery keys are also stored to your account at OneDrive (Microsoft’s cloud service) by default. This is grounds for at least some privacy concern, namely who actually owns the keys. Although it is unlikely that Microsoft may have actual access to these keys, hence the data encrypted with them.

Data gathering, in troves

There are many other things to consider, though. Take a look at this article at The Next Web. It appears Microsoft has introduced into Windows 10 a bit too many tools to gather data on users’ activities.

“Sign into Windows with your Microsoft account and the operating system immediately syncs settings and data to the company’s servers. That includes your browser history, favorites and the websites you currently have open as well as saved app, website and mobile hotspot passwords and Wi-Fi network names and passwords”, the article says. It is possible to deactivate, but this will require a deep dig into settings, which many users may not be willing to do.

Then there is the virtual assistant, Cortana, for which Microsoft will need some data. Namely:

“…Your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device.

Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more.”

As the TNW author notes, “Lots of things can live in those two words ‘and more.'” In fact, Cortana would be next to useless without this data, but again, there are privacy concerns.

Hello, Cortana. So you need some info?..

Hello, Cortana. So you need some info?..

In addition, Microsoft is apparently going to collect the data “from you and your devices”  – and, as we know, Windows 10 is going to form a unified ecosystem for both PC and mobile devices. Windows 10 will log your activities – including the apps you run and networks you connect to – and will also generate a unique advertising ID for each device. And it will show the ads, ostensibly tailored just for you. This feature can be turned off as well in any device, but again – it sits deep in the settings.

As for networks, there is a function called Wi-Fi Sense, which is said to be able to “tap into your network of Facebook contacts”. “Technically, Windows Wi-Fi is a third-party app that accesses your Facebook friends so Microsoft knows who you’re friends with.”

That doesn’t sound encouraging. And reading the official sources won’t help much:

“Wi-Fi Sense automatically connects you to nearby Wi-Fi networks… Wi-Fi Sense can do a lot of things for you to get you connected to the Internet using Wi-Fi, so you don’t have to do them on your own. These include:

  • Automatically connecting you to crowdsourced open Wi-Fi networks it knows about.
  • Accepting a Wi-Fi network’s terms of use on your behalf and providing additional info for you to networks that require it.
  • Letting you exchange password-protected Wi-Fi network access with your contacts to give and get Internet access without seeing each other’s Wi-Fi network passwords.

You can have it do all of these things, some of them, or none at all. That’s up to you.”

It’s obvious this is a “lazy” feature for the mobile end-users who don’t give a (insert your four-letter word of choice here); they just want to hook up to a neighboring network and get online. Besides, all those “friends” – not only Facebook, but also Skype and Outlook – won’t get to see your password and you won’t see theirs. But we’ve yet to see if this system is bullet-proof; data security compromises could be in the making.

Now, there are extra notable entries in the new Privacy Policy and Service Agreement:

We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services.”

Sounds vague, to put it mildly. And while the wording here is a subject matter for lawyers, the actual control over your data is in question here, too.

Our readers might like to read this Reddit thread as well – some clarifications are available there, as long as chaff and weeds are separated – and the chaff is abundant there.

So what?

As we have written before, the level of security of your data depends – to a large degree – on the level of control you retain over it. The data owner should know what is going on with the data, where it is, and how to not lose access to it.

Microsoft’s new terms of service is, well, a sort of “environmental condition” – it’s unlikely that the OS maker is going to change them, unless the feedback is overwhelmingly negative. And it is, in turn, unlikely too, because all of these features are quite trendy – without any malice suggested. Things like Cortana and Windows Wi-Fi are just what people want – things that do a lot of routine operations for them.

But it is not necessarily welcome for businesses. These fancy new additions may threaten data integrity across various devices. And as for encryption, it is a good tool to prevent data loss, but in case the recovery keys are lost for some reason, so is the data. All in all, recovery keys are best stored in a safe place, without escrowing them.

As for the functions that may light up privacy concerns, it looks like they can mostly – if not totally – be deactivated. They probably should be in order to retain control over the data across devices. Additional issues with BYOD are likely bound to arrive with all of those fashionable things like Wi-Fi credentials sharing.

The most important thing here is to know how Windows 10 works, and what it does with the data by default – and how to change it, if possible and necessary. And read the EULAs, of course.