Windows Fall Creators Update will shake up privacy settings

Microsoft's Windows 10 Creators Update introduced several changes in the privacy settings of the operating system. The Fall Creators Update will shake up Windows 10's privacy model again by adding per-application privacy settings for applications obtained through Microsoft's Windows Store. The software company is also taking steps to make it easier and simpler for users to learn more about Windows' data collection and privacy policies. Enterprise customers will also gain the ability to control the amount of diagnostic data that is shared with Microsoft.

Applications that access location data already have to obtain user permission on an invidual basis. Microsoft is extending the per-app permission requirements to additional resources like contact and calendar information, as well a device's camera and microphone. The permission prompts will only apply to apps installed after the Fall Creators Update itself. Users will be able to review the privacy settings for previously-installed programs through Settings, as described in Microsoft's blog post. These new per-app permissions requirements apply only to apps obtained through the Windows Store, however.

Microsoft is also making it easier for users to learn about Windows' privacy settings during the operating system's installation. The OS' privacy statement will be accessible during the install, and the Learn More page in the privacy settings screen will let users read up on individual topics like location, speech recognition, diagnostics, and ads without having to click through the entire statement.

Enterprise customers will gain greater control over the amount of data shared with Microsoft through the Windows Analytics program. In particular, a new setting will allow administrators to quickly set the amount of data shared with Redmond to the minimum required for Windows Analytics.

The Fall Creators Update is scheduled for release on October 17. The privacy revisions share the spotlight with Fluent UI design tweaks, Windows Mixed Reality support, and a redesigned Photos app, among other improvements. 

Comments closed
    • psuedonymous
    • 3 years ago

    It appears these are the [url=https://support.microsoft.com/en-us/help/10557/windows-10-app-permissions<]exact per-app privacy options[/url<] already available (from launch) for programs downloaded from the Windows Store, just with an added prompt. Though I guess by the number of people commenting as if this is a new thing, Microsoft need to shove privacy setting in their face for people to actually use them.

    • wingless
    • 3 years ago

    I think I need to re-read ‘1984’….

    • rechicero
    • 3 years ago

    “Microsoft is also making it easier for users to learn about Windows’ privacy settings”

    The main thing I’d like to learn is how to disable the snooping.

    • firewired
    • 3 years ago

    I will not be installing this update either, but not for the reasons most people might think.

    Windows 10 1703 broke my VPN, irreparably. I even tried fresh installs of 1703 from ISO but still it breaks my VPN. So I rolled back to 1607. I then used the MS ‘wushowhide’ tool to disable the 1703 update from installing. My VPN software is more important to me than my OS is. Hopefully that disables the update permanently but I will have to wait and see.

    Further to that line of thought I grew so annoyed by Win10’s automatic update downloads and installs interrupting and impacting on interactive PC use performance (as in gaming, work, so on), including rebooting in the middle of gaming sessions, that I used the Group Policy Editor to force Win10 Pro to never automatically download or install updates. Instead I set it to prompt me for them, like good old Win7 used to. Of course, this is only an option with Enterprise and Pro if I recall correctly, so Home users are out of luck if they want to use this particular trick.

      • Jason181
      • 3 years ago

      You can set your ethernet connection to “metered” in home edition, and it will disable automatic downloads. I did this because I was getting the same thing… downloading and installing updates in the middle of online gaming. Not sure how this made it past QA; shouldn’t it only download if there’s no interaction from the user at all?

      I forgot how to do it, but googling windows 10 metered connection should do the trick.

        • synthtel2
        • 3 years ago

        For wifi it’s easy, for ethernet it takes registry permission changes.

      • Laykun
      • 3 years ago

      So you’re basically fine with connecting a machine to your private network whose security is going to get worse and worse over time? (assuming this is what you use your VPN for)

      Unfortunately certain feature updates seem to lose support fairly quickly [url<]https://support.microsoft.com/en-nz/help/13853[/url<] , 1607 will lose support march next year. The creators update, 1703 has fucked us a bit too since we rely on a specific version of DotNET 4.0 for our game editor and 1703 forces DotNET 4.7 for what ever reason meaning our editor breaks in certain scenarios, costing us money (we didn't make the editor but we're working to fix it). The real fix here is to get better VPN software.

    • albundy
    • 3 years ago

    the only privacy setting worth mentioning is to pull the ethernet cord. anything else is a play of words. any and every company will sell your info.

      • GrimDanfango
      • 3 years ago

      Anyone know if there’s some way to dedicate a physical network device to just a single application, and make it invisible to the OS otherwise?

        • MOSFET
        • 3 years ago

        I’m no expert but it seems that device drivers would get in the way.

        • usernam3
        • 3 years ago

        I was thinking of setting up a web proxy set only in FireFox (that’s not using system stack), possibly an SSL proxy (mitm, with “public” key imported into FF key store). DNS, beside the proxied traffic would be only one allowed out on the network router. This would keep anything but FF from getting past. Would be nice to find some turn key solution. I’m not sure how livable would this be though. Likely these that cared will end up on Linux at some point anyway (considering that most time I spend on the browser by dependence on Windows is down to 0, especially once MS killed Media Center). With MS help, the life of Windows user has got just too hard to bear.

      • synthtel2
      • 3 years ago

      FOSS almost never does, and certain companies are happy to let me pay them directly instead of making money by spying (like Fastmail). Very few computing product or service categories don’t have a non-spying option like that.

      For complete privacy, you’ve got to worry about things like the Ken Thompson hack, and it’s all but impossible to ensure you’re clean even if you’re Stallman. Very few people have a threat model like that, though. Getting an order of magnitude or two of improvement is good enough for most and not that difficult.

    • GrimDanfango
    • 3 years ago

    “a new setting will allow administrators to quickly set the amount of data shared with Redmond to the minimum required for Windows Analytics.”

    Is this not just yet another way to package up the statement “We’ll still make it as obtuse as possible to actually turn it off entirely” as a supposed benefit?

    There’s a very simple solution to all the privacy concerns around analytics/telemetry/whatever-else-they-euphemize-bulk-data-collection-as. Give us all one clear option to disable Windows from sending out any data from anything besides a program we choose to run outselves.

    Anything less than that is just dressing up bull**** to take attention away from their nasty business practices.

    (Obligatory yes-I’m-well-aware-phone-OSs-are-worse, and no-that-doesn’t-make-it-acceptable)

      • MOSFET
      • 3 years ago

      The scope of this collection goes SO far beyond Microsoft that I’m not sure people are even seeing the big picture anymore.

      • Ummagumma
      • 3 years ago

      I agree with you.

      Micro$haft is merely “putting lipstick on a pig” and hoping that nobody will notice that it’s still a pig.

    • maxxcool
    • 3 years ago

    What Privacy? seriously..

    Look at your smart phone, unless it is rooted and you have custom permissions for the apps, Google and Apple spy on you 100X more than you damned fixed position desktop. and if you install apps at all they spy even worse.

    In reality … using windows 10 on a non-mobile desktop one of the least invasive objects you operate.

      • meerkt
      • 3 years ago

      Mobile OSes aren’t the benchmark…

      • not@home
      • 3 years ago

      My phone is for making phone calls (mostly work related), GPS for job sites, and occasional lists and notes. If anyone spies on my phone, I don’t care. I have almost no personal data on it. My home PC on the other hand has lots of personal data on it. There is a big difference between usage and acceptable privacy.

        • curtisb
        • 3 years ago

        That’s your use case, but definitely isn’t the norm for 99% of people who carry a smartphone. My wife and kids rarely ever touch a PC. They do everything through their smartphones.

        Anyone who thinks that Google, Apple, and Amazon don’t each spy on and collect more personal data than what Windows 10 does just has their head stuck in the sand. Here’s one for you. That brand new Face ID function that Apple just put into the iPhone X that everyone is going gaga over…what if Apple/Google/Amazon started using that to track your facial expressions when you view an ad, app, or webpage? Now they have the capability to not only know what you’re looking at and present targeted ads, but how you’re [i<]emotionally[/i<] responding to those targeted ads. It's obvious that apps can activate the feature...they demonstrated it with Snapchat.

        • Froz
        • 3 years ago

        So you turn off your phone after making a call? Or you don’t consider tracking your location 24/7 to be personal data? Seriously, what are you doing on your desktop that is more private?

          • synthtel2
          • 3 years ago

          I mostly don’t bring my phone places, if I do there’s a high chance it’s in airplane mode (for this exact reason), and the GPS may never have been turned on. Calls, texts, a very rare bit of non-sensitive web browsing, and occasional tower location data are it unless the camera/mic are being actively snooped.

          All of the computing that isn’t happening on my phone is happening on my desktop. That’s much, much more data to track.

            • Froz
            • 3 years ago

            Well. I don’t want to say I don’t believe you, so let’s just say this is highly unusual. I don’t know anyone who puts their phone in airplane mode if they take it with them anywhere.

            And I still don’t know what’s so private about anything you might be doing on your desktop. “All of computing” sounds as if you are talking about business, which is a different story completely.

            • synthtel2
            • 3 years ago

            It is unusual, yes.

            On the desktop, there’s 99.9% of my web browsing (reflecting a great deal of my thought processes), a big pile of notes (reflecting many of the same thoughts), email/Discord/etc comprising many more communications than go over my phone, and yes, business stuff (not that much of that is sensitive in this case).

            I don’t have root/LineageOS on my current phone – Lineage wiki said this sub-model it was supported, but it turns out AT&T locked it down since that was written (the global model is still fine but cost a lot more). There’s obvious spyware on it I can’t remove from at least both Motorola and AT&T, though strangely Google themselves got out of the way easily enough. If it were properly rooted and cleaned up, I would be a lot more trusting of it, though far from completely.

        • One Sick Puppy
        • 3 years ago

        I only keep a photo of my johnson on my phone. That way, if someone wants to be snoopy, jokes on them.

      • Froz
      • 3 years ago

      Yeah, I’m always amazed why people are protesting about this here so much and we hear almost nothing when it comes to phones. Even here on Tech Report people are happily using flagship phones from Apple, Samsung etc. without really worrying about this. And phones have so much more private data about us than desktop ever could.

    • smilingcrow
    • 3 years ago

    MS still have a Windows Store? How quaint.
    I would admire their confidence if they weren’t such a bunch of grasping, desperate, incompetent wannabes.

      • Pville_Piper
      • 3 years ago

      C’mon… Tell us how you really feel!

        • smilingcrow
        • 3 years ago

        $£%$& $^% 43%$% %^&*£$£ pjm%$”£%G %^%$^435g Aaaaaaaaaaaagh. ***** ***** *** **** ***

          • Chrispy_
          • 3 years ago

          I thinks that’s pretty accurate for windows users who want control of their system these days.

            • Redocbew
            • 3 years ago

            It’s close, but they forgot the semi-colon.

            • smilingcrow
            • 3 years ago

            My colon is only semi functioning since it was introduced to the culprit.

    • derFunkenstein
    • 3 years ago

    [quote<]per-application privacy settings[/quote<] There. Was this so hard? Android and iOS have been doing this for years now. [quote<]for applications obtained through Microsoft's Windows Store[/quote<] Wait, what? NO NO NO! Do this for all apps. Anything that wants access to non-userspace storage, camera, microphone, Ethernet, Wi-Fi, and cellular network (if equipped). Why is this so hard??? [quote<] In particular, a new setting will allow administrators to quickly set the amount of data shared with Redmond to the minimum required for Windows Analytics.[/quote<] And why can't consumers have this?

      • Andrew Lauritzen
      • 3 years ago

      > Anything that wants access to non-userspace storage, camera, microphone, Ethernet, Wi-Fi, and cellular network (if equipped). Why is this so hard???

      It’s technically challenging for Win32 applications. There’s not a good solution to trying to insert fine-grained access control into applications that were written with the assumption that APIs “just work”. You’re basically stuck with all or nothing solutions like UAC, and you know how much people loooooved those prompts 😉

      I dislike Windows Store stuff at least as much as the next person, but if you want mobile-like features in this area, you need different APIs and that’s fundamentally what they are trying to accomplish. I personally think they are going about it in a too heavy-handed and arrogant way (as well as tying up other somewhat unnecessary political games with it), but there’s some core technology that is well-meaning buried in there…

        • derFunkenstein
        • 3 years ago

        I like UAC, but I wish it would have told me what an app is trying to do or why the prompt was triggered. Just showing the name of the app isn’t really enough. It looks like everything is going to grind to a halt in order to do this for store apps.

        I don’t have the necessary development experience or knowledge to fully understand, so I’ll definitely defer to you, but if everything has to stop anyway then I figure why not? As long as it’s configurable.

          • Voldenuit
          • 3 years ago

          Couldn’t microsoft virtualize the machine for every win32 app, and let you control how much access the VM has to the physical machine?

          Just give it a dummy registry, dummy links to DLLS/WinSxX, dummy file storage, a virtualized network stack, virtualized encrypted RAM allocation with dynamic randomized addresses, etc.

            • derFunkenstein
            • 3 years ago

            Would that potentially kill gaming performance for non-store games (and other performance-dependent apps)? Then you’d have gamers complaining that MS is conspiring to intentionally hobble their games to get a competitive advantage.

            • Voldenuit
            • 3 years ago

            Make it user-configurable. Let the user decide whether any given app gets dumped into a VM, and give you control over any dial-home, boot sector trojan, dll or registry editing behavior any program might have.

            • derFunkenstein
            • 3 years ago

            Windows management is already a nightmare, and as a result, I think you’re over-estimating the abilities of the basic computer user. Maybe when an EXE is launched for the first time you could ask the user if you wanted it to be run in “managed mode” and explain that it’s safer but the app might run slower.

            Note to the thumbers: I’m just spitballing, not actually recommending this.

            • smilingcrow
            • 3 years ago

            And what would the overhead be for that?
            Don’t encourage them to push even more **** into W10.

            • cygnus1
            • 3 years ago

            If it was a container instead of VM, basically no appreciable overhead.

            • cygnus1
            • 3 years ago

            It doesn’t even need to be a full VM. It could be a container, they have the tech for that in Windows Server already. Although, I would think some software might have trouble when Win32 calls fail to come back in their normal amount of time because they’re waiting on a user prompt to be answered. Of course, then entire container could be suspended while the prompt is up and then it actually becomes transparent to the app, the app is just completely frozen and can’t even do background processing while the prompt is up.

            • Voldenuit
            • 3 years ago

            Yep, give apps their own compartmentalized tick rate so if you ‘stop time’ for it, it doesn’t even know.

      • usernam3
      • 3 years ago

      It’s funny how inconsistent their Settings apps is – some of privacy setting are set globally while some apply per app (with MS sneaking in new ones when you snoozed).
      Telemetry settings update – more like a slap in the face than meaningful change. PR move so the dust settled down and everyone moved on (having accepted fate of digital hostage).

      • psuedonymous
      • 3 years ago

      [quote<]Wait, what? NO NO NO! Do this for all apps. Anything that wants access to non-userspace storage, camera, microphone, Ethernet, Wi-Fi, and cellular network (if equipped). Why is this so hard???[/quote<] Legacy of Win32. Microsoft add 'modern' features that break Win32 (because of legacy apps not designed to cope with them), people throw a shitfit that "Microsoft is killing Win32!" Microsoft add modern featured to UWP, people throw a shitfit that "Microsoft are trying to kill off Win32!" Microsoft don't add modern features, people throw a shitfit that "Microsoft are old and not keeping up with modern practices!" You can't have your cake and eat it too. If you want modern features, use the modern API. If you don't want to use the modern API (because muh privacy, but I don't actually want to change my OS to do anything about protecting muh privacy) then you'll have to live with the consequences of using the decades old pile of legacy cruft that is Win32. Hell, we've seen how difficult it is just to try and hack in resolution-independant scaling to Win32, and that's far higher level than trying to add granular access control.

Pin It on Pinterest

Share This