EFF Blasts Microsoft Over ‘Malicious’ Windows 10 Rollout Tactics

EFF holds nothing back when it comes to criticism over Microsoft’s Get Windows 10 app along with new Windows 10 privacy policies.

The Electronic Frontier Foundation is blasting Microsoft for its “malicious” and “annoying” tactics when it comes to prodding Windows users to update their operating system to Windows 10.

The digital watchdog group says Microsoft’s strategy of pushing the Windows 10 upgrade application onto users systems was unwelcome by many and the company crossed the line when users began uninstalling the app and Microsoft reacted by changing the app multiple times and bundling it into various security patches, creating a “cat-and-mouse game to uninstall it,” wrote Amul Kalia, legal intake coordinator at the EFF.

“The tactics Microsoft employed to get users of earlier versions of Windows to upgrade to Windows 10 went from annoying to downright malicious,” he said. “The app couldn’t be easily hidden or removed.”

Kalia blames Microsoft’s ambitious stated goal to install Windows 10 on one billion devices by the end of 2018 for its drive to “aggressively” push the OS update on users. Officially Microsoft called the update campaign Get Windows 10 (GWX) and offered Windows 7 and 8.1 users the ability to upgrade to Windows 10 for free before July 29, 2016. According to Microsoft, 300 million devices were running Windows 10 in May, but it’s unclear how many upgraded using the GWX app.

With GWX Microsoft sparked a vocal user backlash from some Windows users who insisted they were forced to upgrade to Windows 10. The hostile response also included four lawsuits against Microsoft for its “questionable” upgrade tactics. New York Attorney General Eric Schneiderman announced he would be pursuing a GWX investigation as well.

When asked to comment on the EFF’s critique of its GWX efforts Microsoft supplied Threatpost with the boilerplate statement: “Microsoft is committed to customer privacy and ensuring that customers have the information and tools they need to make informed decisions. We listened to feedback from our customers and evolved our approach to the upgrade process. Windows 10 continues to have the highest satisfaction of any version of Windows.”

Originally, Microsoft pushed the Windows 10 upgrade app via its Windows Update system. Users who received the app had a Windows 10 upgrade icon placed in their system tray that doubled as a way to initiate the OS upgrade download as well as offering an advertisement that boasted new Windows 10 features.

Over time Microsoft became more aggressive, according to the EFF, bundling Windows 10 ads as part of an Internet Explorer security patch. Also criticized was the fact in many instances Microsoft didn’t just download the Windows 10 upgrade app, but also downloaded the entire required Windows 10 installation files (4GB).

But the EFF maintains on May 2016 Microsoft crossed a line when it changed the expected behavior of a dialog prompt used in a window tied to the Windows 10 upgrade app. “Specifically, when prompted with a Windows 10 update, if the user chose to decline it by hitting the ‘X’ in the upper right hand corner, Microsoft interpreted that as consent to download Windows 10,” Kalia wrote.

The EFF also asserts that with the introduction of the Cortana digital assistant, a feature introduced with Windows 10, Microsoft demonstrated another disturbing behavior pattern and disregarded user privacy under the guise of Cortana customization.

“Windows 10 sends an unprecedented amount of usage data back to Microsoft,” Kalia maintains, including location data, text input, voice input, touch input, webpages you visit, and telemetry data regarding your general usage of your computer, including which programs you run and for how long.

Of course users can disable data sharing features that limit the amount of personal information Microsoft collects. However, the EFF says even those who opt out of sharing data within Windows 10 still can’t escape sharing some data with Microsoft via the operating system’s telemetry reporting.

Windows 10 telemetry, also known as the Universal Telemetry Client (UTC), is “system data that is uploaded by the Connected User Experience and Telemetry component.” Information shared with Microsoft via UTC includes system uptime and crash data and hardware attributes such as CPU, installed memory, and storage, according to Windows experts Ed Bott who has written extensively about Windows 10 telemetry.

UTC can collect personal data as part of a crash report when specific files are the cause of the system failure. Users of Windows 10 Enterprise Edition can turn telemetry data sharing off, but Home and Pro users can’t, the EFF maintains.

“There’s no doubt that Windows 10 has some great security improvements over previous versions of the operating system. But it’s a shame that Microsoft made users choose between having privacy and security,” Kalia said.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.