Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Windows 10 keylogger adds fuel to the privacy fire

Microsoft's data collection practices in Windows 10 have been under scrutiny since the company released the OS. The Windows 10 keylogger doesn't do much to quell privacy fears.

There's been quite a bit of talk about Microsoft collecting keystrokes and other data in Windows 10. Some might call it paranoia or fearmongering, but it's definitely a concern for IT administrators and end users alike.

The truth is the default Windows 10 keylogger is really nothing new. It just received some online press recently, because this feature collects typing and handwriting data to improve typing and writing services on the OS. And even though Microsoft vows to be more transparent about what data it collects, the new Windows 10 Creators Update still gathers a good bit of private information from users by default.

Just because it's not new does not mean the Windows 10 keylogger is something IT can ignore. A ton of sensitive information flows through the keyboards of any business computer -- from intellectual property, to details on mergers and acquisitions, to personally identifiable information, to passwords; a lot is at stake.

How can data collection hurt organizations?

Some of the paranoia may be over the top, but it's still important to know how Microsoft is using the data it's collecting.

Privacy advocates never like to find out about companies collecting this kind of information and possibly using it for -- or against -- them in untold ways. The personal privacy concerns associated with Windows 10 data collection are not the whole story, however. Organizational issues exist, as well.

Some of the paranoia may be over the top, but it's still important to know how Microsoft is using the data it's collecting. The data could reveal a contract violation between an organization and its customers, or between its customers and business partners. The data could also expose organizations to an unforeseen cyberattack. Regulatory compliance is also crucial to keep in mind.

What should admins do about it?

Admins can disable the Windows 10 keylogger on a computer-by-computer basis or manage it through their domains.

Windows 10 keylogger
The Windows 10 keylogger. Note that it is disabled in this example.

Spybot Anti-Beacon is a great tool to disable the keylogging -- and much more -- to truly enhance Windows 10 privacy settings. It may be for noncommercial use, but taking a look at what the tool does can spark some ideas for admins looking to tweak their own enterprise Windows 10 standards, either pre- or post-deployment.

Regardless of how worried IT admins are about Windows 10 data collection, they must talk about it. Windows 10's default privacy settings underscore the importance of establishing policies and standards around enterprise desktops, BYOD and shadow IT -- and then enforcing them.

If anything, the Windows 10 keylogger highlights why IT should involve legal counsel in its security decision-making. There's a lot going on here, and it's likely to get more complicated, so admins must be sure they have all the right people on board to make decisions that are in the best interest of their businesses.

Next Steps

Windows 10 data collection is a necessary evil

A look at Windows 10 telemetry data collection

How users can take control of their privacy

Dig Deeper on Endpoint security management tools

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What do you make of Microsoft's data collection practices in Windows 10?
I refuse too use Windows 10. It's the definition of malware (forced on my laptop) Spyware (keystroke and voice recording) Bloatware (groove alarm clock etc) crap ware (photo app defender movie player) The reason they call windows 10 the most secure OS, is because Microsoft is already stealing the information hackers want.
There is no need, it is part of the "collect everything" mentality of the Government and Corporate America. Nvidia graphics drivers have a telemetry module to send information (can be uninstalled).

The Constitution is just lip service, their actions show how little they regard it and the rights it is supposed to guarantee us. Bait and switch!!
If Microsoft wants to collect keystrokes in Windows 10 then there is no way to stop Microsoft from doing it with third party software.

Third party software relies on the programming interface provided by Microsoft to stop the key logging - Microsoft only needs to create a 'back door' in Windows 10 where the keystroke data is taken and there is no programming interface available to stop it being taken.

A keylogger is the least of the privacy issues with Windows 10 - there is a screen recorder, screen dumps, facial recognition, voice recording, scanning of emails and recording or browser search histories with identifying information attached (contrary to what Microsoft has stated on numerous occasions), the scanning of file systems and the ability to remove any piece of information from your computer for some 'legitimate' legal purpose.

All of this is apart from the NSA having a direct connection with Microsoft so that it can bulk data collect any time it wants to as specified under the Patriot's Act.

Windows 10 is the ultimate spyware system - definitely not suitable for public consumption.