Thursday, October 29, 2015

Peeping Into Windows 10: Cortana

One of the great things about Windows 10 is, well I can't really think of any. On the flip side I can enumerate on a couple things I don't like about it. On top of my list is Cortana's collection of data.

Cortana is Microsoft's answer to Apple's Siri. 'She', as Microsoft likes to think of 'it', is a voice activated personal assistant.  According to Microsoft, "Cortana is your clever new personal assistant. Cortana will help you find things on your PC, manage your calendar, track packages, find files, chat with you, and tell jokes. The more you use Cortana, the more personalized your experience will be."

What is less obvious, unless you actually dig around the net, is this: As long as Cortana is turned on in Windows settings 'she' will be eavesdropping on everything you say. Yep, everything within microphone shot. All in an effort to further personalize your experience. Your device may also send 'speech data' back to Microsoft periodically, though it is unclear what that might include. If that isn't enough, Cortana also collects data based on email*, calendar, instant messages, OneDrive, and web history.

Fortunately, there are some things you can do to control what she hears. The links below dive deeper into what is collected and how it is used by Microsoft. Of primary interest should be the first link as it describes how to manage Cortana settings. The other links dive more into how Microsoft uses and manages user privacy.

Cortana-Privacy-FAQ

Microsoft's Privacy Statement

Microsoft's Corporate Citizenship

And, while this post hyper-focuses on Microsoft's use of personal data and collection, by no means are they alone. Microsoft will push targeted ads, but if you use other services such as Google Mail you already know that data mining occurs for this purpose. The difference here is how that information is collected, how much is collected, and how it is used.

*This is a bit ambiguous as some articles I have read state that Microsoft is mining emails, while other articles state the Microsoft has been clear about not doing so, particularly after some backlash from them looking at a customer's Hotmail account for illegally shared trade secrets from a former Microsoft employee.