The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Windows Store. When the level is set to Basic, it also includes the Security level information.
The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
The long, long, long list of data Microsoft gathers when Windows 10’s data collection is set to ‘basic’. Some… Light reading as the Windows 10 Creator’s Update, which is now available, installs (you can also wait until 11 April to get it through Windows Update).
The most important thing I want to know is… does Microsoft know the amount of time I spend watching cat videos? Because I’d really like to keep that under wraps
I suspect most people didn’t bother reading. I even gave up about halfway through, but then again, I’m not running Windows 10.
Most of the fields are fields that “are available”– this is essentially a giant data structure guide.
It does appear they attempt to anonymize some of the data (generating local uids, for instance)– but then again, there are efforts out there to track you by how fast you type, or by aggregating tons of information that can be accumulated by treating the entire web as a giant database for marketing.
Other than a handy checklist of registry keys that turns various bits on and off, there’s not that much in there that would constitute an “OMG! Microsoft knows less about me than Google does! Panic!”, because really, Google knows more about you than Microsoft, the NSA and China put together.
Thom posted an article the other dayabout how the internet, and computing, is broken– I’ve assumed since 1995 that anything I put on a computer attached to a network is, by definition, known by someone else.
Heck, the last DXDiag file I looked at had more detailed “telemetry” in it than the stuff I’m seeing in Microsoft’s documentation.
Not saying some of Microsoft’s apps and decisions (like wanting you to use a Microsoft account to run your home PC– just like Apple and Google want you to use their One True Account) aren’t questionable, and the inability to disable some of the telemetry makes Microsoft look like bad guys– but I suspect the reality is far overblown by the usual suspects in the Internet Echo Chamber.
Assuming that Microsoft is being honest, at least they are disclosing what is being disclosed to them. That is a lot more than can be said about most software vendors, which will (at best) state that data is being data is being collected for such-and-such purposes.
While I try to remain rational about the issue of data collection, because the vast majority of the data collected about software is probably collected to improve the software, I do find it difficult to treat the data collection as anything more innocent as creepy. I understand that companies want more reliable means to isolate bugs. I understand that companies want to focus upon features that are appealing to their customers. Yet the end result of these practices has the feeling of some guy that is stalking me, while politely insisting that he is doing so for our mutual benefit. The talk about mutual benefits may sound good, but the actual stalking is the issue.
MacTO,
I hear you, but the truth of the matter is if it were entirely for our benefit then we’d be allowed to turn it off for our benefit. Like many of microsoft’s decisions as of late, the real reason we can’t turn it off is because they want the data for their benefit.
When it comes to bug fixing data, their benefit is our benefit.
True. The problem is how to write monitoring software that only sends them information that is relevant to bugs. That would be very clever software indeed!
I don’t see why that data couldn’t be collected locally on your machine, and only sent to Microsoft when something happens worthy of a bug report. Then it can gather the information together, show you what it’s sending, and let you click the “Submit” button yourself. Lots of software does that and it seems to work quite well.
daedalus,
Anything that microsoft can collect on us, realistically should be considered accessible to the government as well considering what’s happened in the past.
It’s not far fetched that a group like the NSA would feel entitled to it on the basis that in their view even US citizens don’t have a right to privacy when it comes to “metadata”.
Indeed, which is why I suggested it should be gathered *locally* and only sent to Microsoft after you’ve reviewed it and are happy for that information to be released.
daedalus,
Yes, we are in agreement. Didn’t it used to be like this after an application crash that the user could elect to submit the data then?
I can think of some potentially devious uses of this telemetry data. For example over an annonymous VPN you could trigger various performance events in a web browsing session that would cause telemetry data to get logged and create a signature. When this telemetry data gets sent to microsoft, potentially using an identifiable IP, someone could correlate the records collected by microsoft with the events triggered over the anonymous VPN thereby defeating the anonymity.
Because not all bugs have a clear cut indication from the software itself that there is a bug. Performance issues are a classic example of this, but there are all kinds of bugs that don’t involve the software crashing or otherwise thinking something went wrong, and even if it does crash, then it may not be a bug in that software (For example, the version of Cinnamon I’m using on my laptop will crash if running in software rendering mode when something else pokes at certain OpenGL functions in Mesa, which in turn brings down whatever app was trying to use the functions in the first place. The bug is solidly in Cinnamon, but the other app ‘crashes’ too).
WHile I may not agree with what MS is collecting, I do in general agree with the practice of collecting runtime telemetry from actual customer systems simply because what matters in terms of things like performance is not how well it works on your test systems, but how well it works on actual customer systems.
Yes, of course. That data could be collected locally though instead of being constantly transmitted to Microsoft. Then you’re in control of what is and isn’t sent. If there’s a crash, or some sort of performance issue, you have the logs that you can submit if you like.
That ignores one simple fact however. Unless it makes the software completely useless or ends up costing the user money, most end-users won’t ever submit a bug report. Even when reporting a bug is super easy, most people just seem to not want to do it (I personally don’t get this mentality, especially when they then invest more effort into complaining about the bug than it would take to actually report it).
On top of that though, it can also be rather hard for a non-programmer to recognize a bug, especially if it’s a performance issue. With something like an application segfaulting, it’s pretty obvious something went wrong. IF instead the issue is just that it takes a bit longer than it should to do something, then most people won’t really notice.
You make valid points, but at best it calls for switching from “opt-in” (user specifically chooses to send the telemetry data) to “opt-out” (user specifically chooses not to send the telemetry data).
What microsoft has done here with this “basic telemetry” is strip owners of their right to any informed choice as all. This to me shows overt disrespect for customer’s wishes.
It technically already is opt-out, because you start at ‘full’ by default and select lower levels. The disconnect here is that Microsoft’s definition of ‘basic telemetry’ does not by any means match up with what the name implies and covers way more than they actually need for their claimed usage.
The root of the issue is that most people will opt out because of all the fearmongering and lack of proper documentation of what’s sent. The fact that users can’t see the exact data that is sent from their system themselves except with a packet sniffer and some serious binary decoding skills just adds on top of this. As a result of this, Microsoft has to collect way too damn much data on the ‘basic’ level just to get all the info they want, and things in turn just keep getting worse.
ahferroin7,
Consumers will never end in submitting bug reports especially if they paid money for it.
They simply expect the “damn thing” to work.
That was the task of people engaged in testing department and QA but sadly those days are long gone.
Sidux,
It depends how difficult it is. If I have to go to a website, create and account, enter the details, sure very few people are going to file a report. IMHO firefox sets a good example for how to do opt-in bug reports without hassle: when it crashes it opens a simple dialog that explains what happened and allows the user to trivially submit a report. In this case I suspect a lot of people do it, including myself.
The opt-out is a compromise between forced data collection versus owner rights. The vast majority of users will leave the defaults except for those who have a problem with it. From an ethical standpoint this is a necessary compromise if the company wants to respect an owner’s wishes. Alas, more and more companies simply do not respect our privacy rights.
This is what (theoretically) matters to developers, not users. To users, in aggregate, there is a potential for benefit over time for improved software perhaps, but only if they continue to use and upgrade the program over time. Is that worth the privacy, data use, and unintended consequences of telemetry?
That question is one for the user to answer (opt-in). It is arrogant to assume the desires of the developers should trump that of the expectations of the end user. Sure, developers own the code – but users own the program once in their hands, and the hardware it runs on.
From the users perspective, it would be better to have the option to temporarily enable enhanced logging, and to be able to edit or review those resultant logs before sending (double opt-in). That respects the user, while also allowing for users to diagnose their own issues if so capable (i.e., telemetry won’t generally let you know if you have failing RAM or a bad hard drive).
I’m also not sure how many performance gains or bug fixes would need to be found to make it worth all the UI rejiggery and dumbification which have inevitably drawn from various types of telemetry data to justify their implementation. I can say it’s a great many more than are delivered these days.
Drumhellar,
While I admit that not everyone may be offended by it, when it comes to *our benefit*, it’s not microsoft’s call to make. They don’t have the right to say that taking our data against our will is for our benefit because only we get to decide that. Sure I get that’s the excuse that they use, but if it were solely for “our benefit” rather than theirs, we’d be able to turn it off.
Microsoft doesn’t even remotely come close to doing due diligence in writing low bug software. Or Fixing them when they do show up.
Microsoft is writing a highly detailed and technical document describing their telemetry…
Apple is admitting they went they wrong way for Pro’s…
Ubuntu is admitting they went the wrong way with their GUI..
It is almost as if these companies are starting to listen to their customers and all started to do “The Right Thing (TM)” at the same moment.
Was there something in the water today????
End of year financial reports?
I can sort of understand the push for data collection due to the mobile and app centric approach windows is taking (App Store that is), but it is a lot of data collected.
As much as people distrust government use of private data, people are right to distrust companies even more since they’ll sell them to anyone for money and since the new isp deregulation in USA companies don’t have to tell anyone if they’ve been hacked…
On the flip side, they are telling you what hey collect, which is better than what some software used to do after a crash.