Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Privacy Begins with the Operating System

With the release of Windows 10, Microsoft took a lot of heat for particularly permissive default privacy settings, as well as being unclear about exactly what information is sent back to Microsoft, and under what conditions.

While they’ve addressed some of those issues in the months since, it all serves to highlight an important concept that many people all too readily overlook: the operating system on your machine has a tremendous capability to protect – or violate – your privacy.

Do you trust it?

Become a Patron of Ask Leo! and go ad-free!

The OS sees all and knows all

The operating system on your computer is the interface between all of your software and hardware and the rest of the world.

When an application wants to read from the disk, it does so via the operating system. If an application wants to communicate on the network or internet, it uses the operating system. Even when an application just wants to display something to ask you a question, it’s the operating system that displays the message and collects your response.

This puts the operating system in a unique position to see everything you do, because it’s instrumental in making anything you do happen at all.

It’s something we rarely think about, at least until things like the furor over Windows 10. Then things change, a little or a lot; but in the long run, the issue blows over, because we need to get on with our work. The fundamental power of the operating system, and that it’s in such a unique position to examine what we do, is something that fades to the background again.

It’s not just Windows

Privacy SettingsI use the Windows 10 release as an example, because it made a lot of news at the time, and because so many people use Microsoft Windows.

But before you start pointing fingers, it’s critical to realize that every operating system has this level of access to what you’re doing. Be it Mac OS, iOS, Linux, Android, or something else completely, by the nature of what they do, all operating systems are in position to examine, record, and report back anything they care to.

It’s not that they do; it’s that they can. It’s not something malicious or even surprising. A fundamental side effect of giving an OS the power to do its job also gives it the power to examine what’s going on.

How do you know it’s not sharing that information with others? Well, as an average computer user, you really can’t.

It all boils down to trust.

If you don’t trust it, why are you using it?

One of the more frustrating aspects of my job is hearing people rail against some large entity like Microsoft, Apple, or Google, all the while using the software and/or services provided by – you guessed it – Microsoft, Apple, or Google.

It might sound a little brutal, but the bottom line is simple: if you really don’t trust Microsoft Windows1, for example, then don’t use it. That could be as extreme as never, ever using it, or it could be more strategic, choosing to avoid it for certain types of activities you consider particularly sensitive. Either way, “fixing” the operating system is not an option, so the only true options you have are:

  • Live with it
  • Avoid it for specific areas of concern
  • Avoid it completely

And again, while Microsoft Windows is my example, these statements apply equally to any software vendor whose products you choose to use.

Alternatives to consider

Whenever we talk about alternatives to operating systems, we’re really asking the question, “Who do you trust?” As I’ve said repeatedly, using any operating system means placing some degree of trust in a product.

When it comes to desktop and laptop PCs, this typically means either:

  • Windows: you’re trusting Microsoft
  • Mac: you’re trusting Apple
  • Linux: you’re trusting an army of independent developers (as well as the sponsor of the particular distribution you’re using)

When it comes to tablets and mobile devices, the choices are:

  • Android and Chrome OS: you’re trusting Google, and to some degree Linux
  • iOS: you’re trusting Apple

Oh, and in almost all cases, if your device come pre-loaded with the operating system, as many do these days, you’re also trusting the vendor of the device, since they can and do add things.

As I said, the question really does boil down to: of those alternatives, who do you trust?

Or, perhaps, who do you distrust the least?

The pragmatic reality

Operating systems and the privacy implications they bring are truly much too complex for the average consumer to completely understand. We shouldn’t have to get that deep an understanding, or we’d never have time to actually move on to whatever it is we’re trying to accomplish!

In many ways, some privacy exposure is part of the cost of using today’s complex systems. For any system you use, information is likely being shared “upstream” for a variety of reasons, ranging from beneficial and benign (such as information used to make the software better) to malicious and invasive (such as truly tracking what you as an individual are doing).2

Unfortunately, we might also find ourselves faced with constraints – software we rely on that only runs on an OS we don’t trust, or cross-platform compatibility issues with people we work with on a regular basis, for example – that might force us to rely on an OS we’d prefer to avoid.

In situations like this, it’s important to understand what’s possible, and take whatever steps you feel are appropriate.

As for me, I run almost all the operating systems I’ve mentioned here (except iOS, for no reason other than time) and honestly have few concerns. I trust that any information these operating systems transmit “home” is either inconsequential, appropriately anonymized, or appropriately protected, and serves to make the software and my experience using it better.

I also know not everyone agrees with my approach.

Podcast audio

Play

Footnotes & references

1: For any reason, really. If you don’t trust their privacy protections, security, or overall capability, then avoiding their product would be the thing to do. Even if that’s all OK to you, perhaps you don’t trust that they won’t change something out from underneath you in a future version. Either way, it all comes back to trust.

2: My stance remains: you and I simply aren’t interesting enough for this level of detailed, personal tracking. But it’s important to understand that the possibility exists.

7 comments on “Privacy Begins with the Operating System”

  1. “One of the more frustrating aspects of my job is hearing people rail against some large entity like Microsoft, Apple, or Google, all the while using the software and/or services provided by – you guessed it – Microsoft, Apple, or Google.”

    I too scratch my head at people who complain about the “lack of privacy” that they perceive, yet continue use Chrome, Gmail, Google search engine, Google Maps, etc. Not realizing that Google is just as bad/good as the company they complain about. And worse, is that they use all of the services provided by one company. That means that this company is capable of building a good profile of the person, if the company had any interest in doing so.

  2. Isn’t the open source aspect of Linux a safeguard against invasive phoning home? The source code is available to everyone, and thousands are looking at it for vulnerabilities. Or do the various distros have some closed source components?

  3. Let’s not dump everything into the same bucket by saying since they all spy on you, then it’s all OK. There is a distinction between being on the internet and using a standalone computer independently or on a private network. To many it may be an astounding revelation that a computer can be used productively without being online and on Facebook or Twitter. In fact, most productive uses of a computer in business and industry don’t (or shouldn’t) need an internet connection. I use my computer without necessarily needing an online interface and use the OS as a tool to run my computer. As such, I don’t expect my OS to attempt to spy on me or to stop working because I’m not connected to the mothership. This article says that the OS needs the connectivity “to do its job”. No, it doesn’t. Constantly downloading obscure updates or other garbage is not a part of an OS’s job. Mining information from my hard drive is not an OS’s job. Parsing my email to get a profile of me is not the OS’s job. Controlling what applications I can use on my machine is not an OS’s job. And, if an OS requires internet connectivity and registration with the OS manufacturer to allow me to use my paid-for computer and OS, it is holding me hostage and asking for a ransom.

    The article also says that if you don’t trust it, then don’t use it. That may be true for a brand of cheese, but not a ubiquitous OS such as Windows which is used by billions of people. Most of us have built our entire digital lives and businesses around Windows and can’t just decide not to use it. Certainly, someone like Leo, who’s career is dependent on Windows, can’t just drop it. Windows is a necessary commodity product – and it is precisely that fact which allows Microsoft to abuse the trust of its customers. By analogy, consider not using a car because you’re afraid of getting into an accident. Or consider not going to the doctor because you’re afraid your ailment will be reported to the insurance company.

    Finally, the article says that any information sent back “home” is inconsequential. Firstly, no one really knows. Secondly, this era of spying is just the first phase of social acclimation and spy technology development. No, I’m not saying it’s a conspiracy, but the natural evolution of social technology. History suggests that every big brother action has evolved to grow and become more intrusive and pervasive. Don’t expect governments to scrutinize or stop this type of spying – not only governments don’t seriously challenged company spying, they are happy to have easy access to back doors for more information gathering themselves. The next device to spy on you is your smart TV in your living room (this is already happening).

    • Constantly downloading updates *is* part of the job of a good OS. Unless you write one yourself, you can expect to need constant updates. Even Linux installs constantly update.

    • Of course I could stop using Windows. There would be ramifications and costs, but if I were that distrustful of Windows I could choose to switch.

      I’d not about driving a car or not, it’s about choosing which car to drive. There are cars that I would not drive because I’m afraid that I’d be more likely to be injured in an accident. Other cars are safer. That’s the choice I make when I elect which car to use.

      Absolutely we can (and should) debate what the job of an OS is, but one thing I will disagree with right away: “Constantly downloading obscure updates or other garbage is not a part of an OS’s job.” – Keeping itself up to date absolutely is the OS’s job today. It’s more critical than ever.

    • In all this post there is one valid point: an Internet connection is not essential to use a computer. Its use may be somewhat limited, but it will still function adequately and be very productive.

      I agree with Leo; if you don’t trust something, don’t use it. The similitudes (wrong use of “analogy”) presented make a singular item into a generality. A better comparison would be when I quit using an axe because the head came off while I was slinging it. (Nothing like seeing a bare axe handle strike a log and not knowing where the head went!) That didn’t stop me from using axes – I just replaced it with one I could trust.

      No one is actually forced to use any particular product. It is a matter of choice. The user has to decide which features or functions they want, and what trade-offs they are willing to make. OSs and other software are no different. I totally fail to understand why people seem to expect these to be any different from all other products they use.

      As for “spying”, I’ve been a member of Microsoft’s User Experience program since it first started as an Opt In. For the most part, Windows will ask permission to send a report – with the option to view what will be sent. That doesn’t mean some information isn’t being passed without my consent, though. I do trust Microsoft (on a scale of 8 out of 10) enough to continue using their products.

      As Leo frequently says: I just am not that interesting. I don’t have any government/corporate secrets, patient/client records, extensive high-finance records, or any other high-profile information on my computer. For the most part I’m just so much background noise. I don’t use any fancy tools or techniques that would only tend to bring attention to me. [Which would draw more attention: a common house in a crowded neighborhood, or a heavily guarded and secured place just out of town?]
      NOTE: Try this experiment. Walk through a busy shopping center. Then see how many people you remember seeing – and why you remember them. Unless you have an exceptional memory, the only ones you remember are those who were different in some way. The rest were only “there”.

  4. An interesting article for sure. I totally agree with Leo. Having said that, I do not use or allow Google on my computer. I also stopped using my Android Phone but that was because I like the Blackberry Classic much better as I can encrypt it if needed. I stay away from Google because even once it is uninstalled (PC), it remains on the computer in several different places. Well written software should uninstall clean but Google embeds itself. The only way to get completely rid of it is to search the registry. In a previous version, it took me over two hours but in the latest one I tried it took about an hour pressing F3 over and over until the registry was clean. The file is update.exe (or close to that). If you run Chrome, check the registry for the update file because that is the one that will be in several areas of your computer.

    As for Microsoft, I started in computers prior to DOS on an IBM mainframe. I’ve used ever single PC version of Windows they ever put out (even Windows ME that I dubbed Misery Everlasting). I loved Windows 7 and did beta testing before it was released. I ordered before it was finished and never regretted my decision. It worked flawlessly out of the box. I was happy.

    Then came Windows 10. I checked the Dell site to make sure there were no concerns or warnings. I backed up all of my drivers, updated them, etc. Then Microsoft installed Windows 10 whether I wanted it or not. It ran fine for over a year and then it killed my computer by trying to update the Intel video driver. It left my XPS 3300 dead and unrecoverable. I am not the only person this has happened to. Only after the crash did I see a notice on the Dell site that my computer might not run properly with Windows 10. Needless to say, my faith in Microsoft has been sorely tested but I live and work in a Microsoft world. I considered Linux but it would not be a viable solution so I bought a new Dell XPS 8910 built for Windows 10. So far, so good but I no longer have the same level of trust I once had.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.