EFF Blasts Microsoft Over ‘Malicious’ Windows 10 Rollout Tactics

EFF holds nothing back when it comes to criticism over Microsoft’s Get Windows 10 app along with new Windows 10 privacy policies.

The Electronic Frontier Foundation is blasting Microsoft for its “malicious” and “annoying” tactics when it comes to prodding Windows users to update their operating system to Windows 10.

The digital watchdog group says Microsoft’s strategy of pushing the Windows 10 upgrade application onto users systems was unwelcome by many and the company crossed the line when users began uninstalling the app and Microsoft reacted by changing the app multiple times and bundling it into various security patches, creating a “cat-and-mouse game to uninstall it,” wrote Amul Kalia, legal intake coordinator at the EFF.

“The tactics Microsoft employed to get users of earlier versions of Windows to upgrade to Windows 10 went from annoying to downright malicious,” he said. “The app couldn’t be easily hidden or removed.”

Kalia blames Microsoft’s ambitious stated goal to install Windows 10 on one billion devices by the end of 2018 for its drive to “aggressively” push the OS update on users. Officially Microsoft called the update campaign Get Windows 10 (GWX) and offered Windows 7 and 8.1 users the ability to upgrade to Windows 10 for free before July 29, 2016. According to Microsoft, 300 million devices were running Windows 10 in May, but it’s unclear how many upgraded using the GWX app.

With GWX Microsoft sparked a vocal user backlash from some Windows users who insisted they were forced to upgrade to Windows 10. The hostile response also included four lawsuits against Microsoft for its “questionable” upgrade tactics. New York Attorney General Eric Schneiderman announced he would be pursuing a GWX investigation as well.

When asked to comment on the EFF’s critique of its GWX efforts Microsoft supplied Threatpost with the boilerplate statement: “Microsoft is committed to customer privacy and ensuring that customers have the information and tools they need to make informed decisions. We listened to feedback from our customers and evolved our approach to the upgrade process. Windows 10 continues to have the highest satisfaction of any version of Windows.”

Originally, Microsoft pushed the Windows 10 upgrade app via its Windows Update system. Users who received the app had a Windows 10 upgrade icon placed in their system tray that doubled as a way to initiate the OS upgrade download as well as offering an advertisement that boasted new Windows 10 features.

Over time Microsoft became more aggressive, according to the EFF, bundling Windows 10 ads as part of an Internet Explorer security patch. Also criticized was the fact in many instances Microsoft didn’t just download the Windows 10 upgrade app, but also downloaded the entire required Windows 10 installation files (4GB).

But the EFF maintains on May 2016 Microsoft crossed a line when it changed the expected behavior of a dialog prompt used in a window tied to the Windows 10 upgrade app. “Specifically, when prompted with a Windows 10 update, if the user chose to decline it by hitting the ‘X’ in the upper right hand corner, Microsoft interpreted that as consent to download Windows 10,” Kalia wrote.

The EFF also asserts that with the introduction of the Cortana digital assistant, a feature introduced with Windows 10, Microsoft demonstrated another disturbing behavior pattern and disregarded user privacy under the guise of Cortana customization.

“Windows 10 sends an unprecedented amount of usage data back to Microsoft,” Kalia maintains, including location data, text input, voice input, touch input, webpages you visit, and telemetry data regarding your general usage of your computer, including which programs you run and for how long.

Of course users can disable data sharing features that limit the amount of personal information Microsoft collects. However, the EFF says even those who opt out of sharing data within Windows 10 still can’t escape sharing some data with Microsoft via the operating system’s telemetry reporting.

Windows 10 telemetry, also known as the Universal Telemetry Client (UTC), is “system data that is uploaded by the Connected User Experience and Telemetry component.” Information shared with Microsoft via UTC includes system uptime and crash data and hardware attributes such as CPU, installed memory, and storage, according to Windows experts Ed Bott who has written extensively about Windows 10 telemetry.

UTC can collect personal data as part of a crash report when specific files are the cause of the system failure. Users of Windows 10 Enterprise Edition can turn telemetry data sharing off, but Home and Pro users can’t, the EFF maintains.

“There’s no doubt that Windows 10 has some great security improvements over previous versions of the operating system. But it’s a shame that Microsoft made users choose between having privacy and security,” Kalia said.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.


  • byrdwoman29@wordpress on

    glad i didnt get it
  • Michael Wallace on

    It also shared key strokes, wifi hotspots, If you store username/passwords in Internet explorer, it reports those back to Microsoft. It's a complete intrusion of privacy.
  • Angry to Windowsten on

    What a hell the Windows 10 system is - I had Windows 7 64 bits premium previously, but windows now upgraded to a Windows 10 Home. After I set an update time, it now no longer letting me to change it. I have chosen to for it to let me know about update/upgrade only, now I am being pushed again: the set upgrade time by MS was initially at 3.30 am, it sticked on the same time one day later several times when it failed when it failed to do so the first few days, then this morning, once I connected to power and started the computer, it automatically set the upgrade time in less than an hour, then lastly, when it failed, it reset the time to 10 am. What a hell Windows 10 is!! What a malicious leader its Indian CEO is !! Certainly Windows now employs an Malicious expert team who are very dishonors to privacy, to public order and to public and business safety. It wants something similar to Apple and Androids, but its business philosophy is extremely opposite to its competitors. It treats any third party software / apps that it dislike as malicious, and they continuously, without any consent, stops/removes the third party software, which even had been installed in the system and runs well, aiming to at least a purpose to rob the public - you have to spend more money in MS store and to buy customer unwanted apps.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.