Windows package manager does not permit opting out of telemetry

Windows package manager does not permit opting out of telemetry

You might wish to properly perhaps perhaps perhaps’t submarine consent to telemetry the utilization of an app or an substitute when the phrases of the GDPR are utilized. This is why:

Utilizing a Microsoft legend to login to House home windows 10 approach that the product (and Microsoft) has compile admission to to for my allotment identifiable recordsdata regarding the person.

This for my allotment identifiable person may clear be outfitted the totally different to decide out of any and contemplating about my allotment identifiable recordsdata sequence, may clear be allowed a replica of any and all composed recordsdata upon set up a matter to and should furthermore not be opted in by default to any for my allotment identifiable recordsdata sequence. That’s the GDPR and likewise you acknowledge this.

Anonymous recordsdata sequence is one factor that this explicit case cannot declare to be this ability that of the indeniable reality that the login legend is an identification. An identification Microsoft already has a replica of. The the identical identification which is used to set up the person after they login by job of their Microsoft legend.

This method that the recordsdata is explicitly not nameless.

If the person has agreed to the EULA for House home windows 10 (and due to this fact agreed to telemetry at that specific particular person carve-off date) the settlement considerations the applying at that specific particular person carve-off date and easiest House home windows 10. It doesn’t quilt an utility set up in at a later date. Nor does it quilt a utility app retailer or an app set up in from said retailer. That’s significantly acceptable to utility which isn’t required to induce the working system. The EULA covers easiest the core of the working system (which modified into set up in onto the machine on the time the EULA modified into conform to.) And easiest that.

If recordsdata sequence is being made by job of an app retailer, consent to enact so should furthermore be individually sought when a for my allotment identifiable person is alive to.

This method that an substitute or an app cannot be set up in staunch right into a for my allotment identifiable person’s legend that allows recordsdata sequence with out them first explicitly agreeing to it. Doing so is a sad pattern most incessantly generally known as ‘submarine-ing consent.’

Instead of this, telemetry in House home windows 10 should furthermore be decide out by default in compliance with the GDPR this ability that of the indeniable reality {that a} logged in Microsoft legend holds for my allotment identifiable recordsdata. The EULA is a contract between the actual particular person and Microsoft. It is a good distance easiest enforceable in opposition to the actual particular person if Microsoft is acutely aware of their identification.

Be careful too. A specific particular person agreeing to a protracted and obfuscated EULA isn’t any settlement between the 2 events to waiver the default decide out. The GDPR furthermore covers this too.

Privateness; Consent to Make use of of Information. Your privateness is indispensable to us. Nearly positively probably the most utility elements ship or compile recordsdata when the utilization of these elements. Loads of these elements may properly even be switched off inside the person interface, or it’s best to perhaps decide to not make exhaust of them. By accepting this settlement and the utilization of the applying you agree that Microsoft may raise, exhaust, and repeat the recordsdata as described inside the Microsoft Privateness Assertion (, and as may properly perhaps even be described inside the person interface linked with the applying elements. windows/10/UseTerms_Retail_Windows_10_English.htm

In provide an explanation for to current this computing expertise, we raise recordsdata about you, your utility, and the approach you exhaust House home windows. And since House home windows is private to you, we offer you picks regarding the private recordsdata we raise and the blueprint wherein we exhaust it.

Is in opposition to the regulation beneath GDPR as a result of:

This settlement describes your rights and the circumstances upon which that it is seemingly you will additionally exhaust the House home windows utility. You perhaps may properly perhaps clear assessment the general settlement, along with any supplemental license phrases that accompany the applying and any linked phrases, as a result of all the phrases are essential and collectively fabricate this settlement that applies to you. You perhaps may properly perhaps assessment linked phrases by pasting the ( hyperlink staunch right into a browser window.

By accepting this settlement or the utilization of the applying, you conform to all of those phrases, and consent to the transmission of apparent recordsdata staunch via activation and staunch via your exhaust of the applying as per the privateness assertion described in Fragment 3. Should you enact not accept and be aware these phrases, that it is seemingly you will additionally not exhaust the applying or its elements. windows/10/UseTerms_Retail_Windows_10_English.htm

for my allotment identifiable recordsdata sequence should not be decide in by default.


  1. That's not what I understand.

    > diagnostic data collection (telemetry) is not enabled for private builds

    > this data collection is covered by windows 10 privacy, You can find the windows 10 privacy statement and details of controlling the diagnostic and feedback settings here.

    So if you build from source, you can disable it, and if you don't build from source but install it from the store, then telemetry is controlled by the central privacy settings in Windows 10.

    Presumably this would be a problem only if you specifically don't want MS to have telemetry from winget, but you also specicifically want them to have telemetry on the rest of your OS, which would be… weird.

  2. Are people worried about the actual contents of these kinds of telemetry, or rather just annoyed by the fact that it's there at all?

    The first position seems a bit odd for something that is open source (so presumably you can verify what's being sent). I mean it might be bad to send "I installed product X" or "I used the command X" to a remote server, but on the other hand if I really feel this is a problem would I ever even be using the closed source binaries that the package manager installs, without worrying more what they might do, than what happened when the package manager ran?

    Some times I get the feeling that the telemetry thing just became an expression of annoyance with something else entirely, or just the current state of affairs. It's like one of those cultural wars where every battle is so symbolic that everyone forgot what the real issue was ("Why do we worry so much about who uses which bathroom again dad?").

  3. Telemetry seems to be a sore and curt topic with Microsoft. I've yet to see anyone make headway on even just having a discussion about it with public facing MS devs; it almost always gets a quick, rote toe-the-line response and the discussion gets terminated or blackballed or ignored thereafter.

    It has the airs of an internal mandate. I can't help but be deeply suspicious of this behaviour.

  4. I find it outrageous; "Telemetry" is built into most new Microsoft software. For example, they recently released a replacement for powershell and CMD, called "Terminal 1.0", which also comes with some aggressive telemetry built in:…

    This also applies to newer releases of powershell, aka PS Core. I haven't tried either, but I guarantee you telemetry in both applications is not opt-in but opt out using some obscure method, if that is even possible.

    In any case, the claim that telemetry is necessary to improve anything related to customer experience is ridiculous. Not only is a general data collection unnecessary; it would be more efficient to run some experiments, and be it some opt in A/B tests. Surveillance like the above is encroaching and can easily be abused. The data collected are usually fine-grained enough to allow for some nice fingerprinting of individual users. The potential for abuse is high.

  5. On the topic of Microsoft is not less evil than before : today I needed to use Teams, I was pleasantly surprised by the fact it supported a web client. I tried to use it and got caught in a tunnel of dark ux. You go to the website, click to sign in, get asked for your email and password, then verify your email, then you discover that you actually signed up for something else and now you can signup for teams. You follow the wizard again, then you are told to use Skype because you are not a company. You restart and make sure to check the box saying you are a company, then put your company info, it works! You try to start a call, and you get told it does not work in firefox…


Please enter your comment!
Please enter your name here