Cortana Is Listening

[surphninja]

Bottom line though....Windows 10 is also opt-in.

In regards to being able to change privacy settings or in not having to use the OS?

Either way, you're wrong. Even after locking down the privacy settings, Windows 10 is still sending personally identifiable information back to Microsoft's servers.

And using Windows is not optional for many people; many modern applications require Windows (applications which many people may have to use for work or school), and most pc's are sold with it already installed (especially on the affordable end of the spectrum). In the year 2015, access to a modern and up to date pc is no longer optional. You can't even apply for most jobs without a pc and internet access. You sign up for free email, social networks, or whatever other services, sure you can expect to be tracked. These services are not necessary, and there are typically competing services which will behave better. But simply logging into a modern OS should not be the point at which you're signing away the rights to your data, especially when you realistically often have no other choice.

I suppose, technically, you could consider it opt-in, in that you could write your own OS, or maybe go live in a remote cabin in the woods. But I was trying to stay more within the realm of realistic here.

 

[jimmysmitty]

Bottom line though....Windows 10 is also opt-in.

In regards to being able to change privacy settings or in not having to use the OS?

Either way, you're wrong. Even after locking down the privacy settings, Windows 10 is still sending personally identifiable information back to Microsoft's servers.

And using Windows is not optional for many people; many modern applications require Windows (applications which many people may have to use for work or school), and most pc's are sold with it already installed (especially on the affordable end of the spectrum). In the year 2015, access to a modern and up to date pc is no longer optional. You can't even apply for most jobs without a pc and internet access. You sign up for free email, social networks, or whatever other services, sure you can expect to be tracked. These services are not necessary, and there are typically competing services which will behave better. But simply logging into a modern OS should not be the point at which you're signing away the rights to your data, especially when you realistically often have no other choice.

I suppose, technically, you could consider it opt-in, in that you could write your own OS, or maybe go live in a remote cabin in the woods. But I was trying to stay more within the realm of realistic here.

I have yet to see any definable proof that the data being sent is personally identifiable. The only thing people have found is that packets are being sent to Microsoft servers which doesn't tell me anything except that certain services are checking into their server counterparts.

People want all the benefits of a connected world but they don't want to allow the changes to happen that are needed.

Yet they still post everything they can to Facebook, even stuff that gets them fired. Of course they complain about that too.....

 

[surphninja]

Yet, as pointed out before, Googles Android and iOS collect a lot of the same data. Hell I have installed apps that ask permission to my contacts. Games. What for? To mine the data and sell to make money.

I have linked articles showing what companies like Google think about your privacy, they don't care. To them you are nothing but a money bag. Yet people use and have been using their services without blinking.

The second Microsoft does it everyone gets up in arms.

As I said, I still want more control especially for the super paranoid people out there but the amount of attention it is getting is pretty funny.

As well I trust Microsoft much like I trust VALVe. They are both companies that tend to secure data better than others. As I said, how many times have you seen an article showing millions of users personal data has been compromised from Microsoft? Not many. If so I haven;t found it online, just some small breaches. Now look at other major companies, including banking. They all have had major breaches, even the US government has.

I am sure this will die down in the near future but I am also sure that Microsoft will also make some additional changes to allow for more control on the desktop version as the majority of these things seem to pertain to the more mobile aspect of Windows 10, which again it is a AiO OS meaning that the mobile version will be the same as the desktop version.

But Google's services have competitors that you could optionally switch to, and many people do. Using Windows is not an option for many people, which is exactly why they're doing this without regard for people's outrage- because they know we're locked in. And even if you do use certain Google services, you can turn them off. Putting this level datamining at the OS level is a huge ramp-up in privacy erosion, and they will have access to more intimate knowledge of our private activities than any other company in history.

You don't have to wait for a data breech for your data to get out- they are actively trying to sell it! It's laughable that you would trust them. For one, hackers can and have posed as legitimate advertisers and bought this kind of private data through legitimate methods. But besides that, I don't want that data to be in anyone's possession- not microsoft's, not advertisers, not anyone, because my computer usage is None. Of. Their. Business.

It's a logical fallacy to say "other people do it, so it should be ok." Not sure why you've repeated it in every post here like it's a good point.

 

[surphninja]

I have yet to see any definable proof that the data being sent is personally identifiable. The only thing people have found is that packets are being sent to Microsoft servers which doesn't tell me anything except that certain services are checking into their server counterparts.

Then look it up. Windows 10 is sending out your machine ID, even with the privacy settings locked down. Many outlets reported on it. Off the top of my head, I know Ars Technica did.

Is this services checking their server counterparts? Yeah, probably. But again, there's no opt-out. If you've locked down the privacy settings completely, there's no reason Windows should be doing anything outside of the local machine until you instruct it to do so.

 

[USAFRet]

I suppose, technically, you could consider it opt-in, in that you could write your own OS, or maybe go live in a remote cabin in the woods. But I was trying to stay more within the realm of realistic here.

Windows 10 is opt-in, as there is Windows 7, 8.1, Apple, various flavors of Linux.

 

[USAFRet]

Then look it up. Windows 10 is sending out your machine ID, even with the privacy settings locked down. Many outlets reported on it. Off the top of my head, I know Ars Technica did.

Is this services checking their server counterparts? Yeah, probably. But again, there's no opt-out. If you've locked down the privacy settings completely, there's no reason Windows should be doing anything outside of the local machine until you instruct it to do so.

Since the advent of the Windows (and Office) activation scheme, when has "sending out your machine ID" not been the case?
You'd have to go back to before XP.

 

[GObonzo]

This is too much! All the people who want Cortana so it can tell you your phone is ringing? And you can't remember an appointment? You are not among the people being dumbed down, you are already dumbed down! Cortana is nothing more than a branch of the NSA that it sifting your info every minute of your sad life.

watch out. if she hears you talking bad abut Microsoft the NSA will come looking for you.

 

[jimmysmitty]

I have yet to see any definable proof that the data being sent is personally identifiable. The only thing people have found is that packets are being sent to Microsoft servers which doesn't tell me anything except that certain services are checking into their server counterparts.

Then look it up. Windows 10 is sending out your machine ID, even with the privacy settings locked down. Many outlets reported on it. Off the top of my head, I know Ars Technica did.

Is this services checking their server counterparts? Yeah, probably. But again, there's no opt-out. If you've locked down the privacy settings completely, there's no reason Windows should be doing anything outside of the local machine until you instruct it to do so.

Windows XP, Vista, 7, 8 have all had active connections to Microsoft servers. You have the activation server, the Windows update server and a few others that have been running for quite a while. Most people have not said anything about them because of the fact that those are useful services, you want an active version of Windows and of course updates.

The machine ID that I have read about is one created randomly when installing Windows 10. It is not say the name of your PC or anything that you would normally see. It is an ID created by Windows probably for the activation service to help stop piracy, and Microsoft has every right to do that if it helps prevent their products from being stolen.

A lot of what you are looking at also mainly pertains to a install when using a Live account. If you create a local account the majority of services are rendered uselss as they require a Live account to work.

 

[Memhorder]

MS may sell the Data but I imagine it's in bulk form. Specifics would be left out unless you're being eyeballed for shady dealings and your search patterns would most definitely be your show your interests whether it be fat chicks or home made ordinance. Never the less your MAC and IP address are your footprint and the Internet Service provider would surly have everything logged. If your illegally downloading movies and the production lawyers subpoena the list of who was downloading, the ISP has to give the list. Doesn't matter if you use MS or not. I'd say marketing and mass trends are where the moneys at. If find Amazon tries to stuff the items you viewed in your face on other web sites after visiting them with tracking cookies. It's everywhere regardless and it's only going to get more efficient.

 

[Christopher1]

To update from my last post, some people have narrowed down what Cortana shares and all the data is anonymized so it is not as big of a privacy risk as it appeared to be at first.
I'm still iffy about that "Get to know me!" stuff however, it seems to harvest an AWFUL lot of data.

 

[GObonzo]

To update from my last post, some people have narrowed down what Cortana shares and all the data is anonymized so it is not as big of a privacy risk as it appeared to be at first. I'm still iffy about that "Get to know me!" stuff however, it seems to harvest an AWFUL lot of data.

you're gonna ruin the conspiracy theorists day. they aren't happy unless the NSA or aliens are "invading their privacy".

 

[palladin9479]

To update from my last post, some people have narrowed down what Cortana shares and all the data is anonymized so it is not as big of a privacy risk as it appeared to be at first.
I'm still iffy about that "Get to know me!" stuff however, it seems to harvest an AWFUL lot of data.

It's not Cortana that is doing the data monitoring and it's most certainly not anonymized.

http://windows.microsoft.com/en-us/windows-8/monitor-child-pc-activity

That system isn't possible unless the platform is already doing the monitoring. You don't have to enable it, you aren't even notified that it's happening. A previous poster only found out because he received an email from MS telling him what his kid was doing. He never configured it or told MS to do this.

People are focusing too much on Cortana and not on the platform it's built upon. All Cortana does is analyze use patterns and other data to predict how to be the most useful, the program itself isn't collecting much data. Windows OS platform on the other hand is harvesting massive amounts of data and then indexing that data to your systems unique machine ID along with any Microsoft Accounts you have tied into your system.

This isn't really debatable because MS has no qualms telling you what they are doing.

Now thankfully there are groups out there cataloging the different address's and ports that it's being sent to. Soon it will be possible to black hole and / or block those so that it's not possible for the OS to phone home about what it's user has been doing.

And here is the killer line

http://windows.microsoft.com/en-us/windows-10/feedback-diagnostics-privacy-faq

Who sees the diagnostic and usage information that’s collected through feedback and diagnostics?

Microsoft employees, contractors, vendors, and partners might be provided access to relevant portions of the information collected, but they’re only permitted to use the information to repair or improve Microsoft products and services, or third party software and hardware designed for use with Microsoft products and services.

So yeah anyone who MS wants to see it, including any and all Government agencies.

 

[jimmysmitty]

MS may sell the Data but I imagine it's in bulk form. Specifics would be left out unless you're being eyeballed for shady dealings and your search patterns would most definitely be your show your interests whether it be fat chicks or home made ordinance. Never the less your MAC and IP address are your footprint and the Internet Service provider would surly have everything logged. If your illegally downloading movies and the production lawyers subpoena the list of who was downloading, the ISP has to give the list. Doesn't matter if you use MS or not. I'd say marketing and mass trends are where the moneys at. If find Amazon tries to stuff the items you viewed in your face on other web sites after visiting them with tracking cookies. It's everywhere regardless and it's only going to get more efficient.

But a judge has already stated that an IP address is not a person and the majority of consumers are on a dynamic IP system so their IP always changes.

MAC does not but again a MAC address does nothing but define the PC and that can change especially if you have friends or family over and they use your WiFi.

Who sees the diagnostic and usage information that’s collected through feedback and diagnostics?

Microsoft employees, contractors, vendors, and partners might be provided access to relevant portions of the information collected, but they’re only permitted to use the information to repair or improve Microsoft products and services, or third party software and hardware designed for use with Microsoft products and services.

I am pretty sure this has been the same for all versions of Windows since this has even been in Windows (XP) where you could choose to send diagnostic data to Microsoft. Considering that a memory dump in and of itself can contain information about drivers or software from third parties that were related to or caused the BSoD/crash it is not a bad idea to show that data to those companies in order to help solve the issue.

Or Microsoft could just say screw it you are on your own and a crash/issue never gets resolved. They are not obligated to fix other companies issues or even to assist them to.

And this clause does not apply to ALL of the OS. this applies to the feedback (voluntary and can be turned off) and the diagnostic data.

 

[palladin9479]

I am pretty sure this has been the same for all versions of Windows since this has even been in Windows (XP) where you could choose to send diagnostic data to Microsoft. Considering that a memory dump in and of itself can contain information about drivers or software from third parties that were related to or caused the BSoD/crash it is not a bad idea to show that data to those companies in order to help solve the issue.

Or Microsoft could just say screw it you are on your own and a crash/issue never gets resolved. They are not obligated to fix other companies issues or even to assist them to.

And this clause does not apply to ALL of the OS. this applies to the feedback (voluntary and can be turned off) and the diagnostic data.

You didn't read the link did you.

Activity data is considered diagnostic data and sent in with the rest on a regular basis.

Jimmysmitty opened a web browser and proceeded to watch cat videos for thirty minutes. During this time he had a conversation with his mother, wife and so on / so forth. He then opened on Skyrim where he played for one hour and fifteen minutes. Afterwards he searched the Internet for a torrent of a movie that was just released. He then did ..... and some application crashed.


That is what Microsoft considers diagnostic information. It collects all usage information by default and sends it home for future analysis. This isn't crash dumps ... this is Event log data on crack. That information is not anonymized and if you think that it's being used for "bug sensing" then there isn't much use in having a conversation with you. This isn't crash dumps ... this is Event log data on crack.

You can turn set it to disabled but MS is still sending encrypted packets home. Even with all options set to off, MS is still sending packets back. We don't know what's inside those packets yet but people will eventually figure out because Windows has never been this chatty before.

Furthermore it wouldn't be possible to have a "family report" feature automatically enabled and fully functional out of the box unless the system wasn't already doing intense levels of monitoring. And this system runs separately from the diagnostic and application usage system.

So what we're left with is a multi-layer system observational platform that's enabled and fully operational by default. All system activity is logged and sent home for future usage. That system activity data is also used for various other usability features. This data is not anonymized as that would break several features. And that's without going into the data sharing agreements with Government entities that MS most certainly has.

 

[palladin9479]

And here you go, please find a way to explain away this stuff

https://i.imgur.com/nbpujpi.jpg

And it seems you can't disable it's usage data sending because MS might need to hand it over to comply with a legal request. So all those "off" settings don't actually stop it from being sent, they only let MS know that you don't want them to use it.

And if someone believes them then ......

Here is the bottom portion typed out, thankfully it's just Onedrive and as long as you turn off file sync or don't use a passport account your good.

we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.

Yeah ... so about them being good guys .... and this being "completely acceptable" .....

 

[jimmysmitty]

Basic information is data that is vital to the operation of Windows. This data helps keep Windows and apps running properly by letting Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also turns on basic error reporting back to Microsoft. If you select this option, we’ll be able to provide updates to Windows (through Windows Update, including malicious software protection by the Malicious Software Removal Tool), but some apps and features may not work correctly or at all.

That is the setting I put my diagnostic data to. It no where states they will be collecting personal data. This is what has been in Windows since they have had the ability to, again XP.

There are other levels but only if you have them set is it possible. Personally I have no issue with them getting some basic info on my hardware and what app could have caused the issue. Again that information is and always has been stored in a crash dump or event log and any time someone clicked "send additional information to Microsoft" for an issue they had it was sending that information.

I specifically left out the famils activity because I don't disagree with that. I just think you cannot apply the diagnostic to just 10 since it has been the same sine XP/Vista/7/8.

 

[palladin9479]

They aren't using it for diagnostic info.... and it's not related the previous incarnations.

Diag info from previous OS's was a button you pressed to send in a crash report. This isn't that, that is still there. This is frequently sending in application usage data automatically, without a crash, without you clicking anything.

Now the stated purpose is so they can analyze the application data and use it to find ways to make Windows faster. Most likely the real purpose is to resell that data the same way Google does your search history.

The key point is they are collecting very detailed, very incriminating, borderline illegal, amounts of data on individuals and permanently storing it. This data is linked to your name, location, computer and includes what your doing it your computer. It's like a giant replay button that someone like me could easily use to discern what your activities were and possible punish you for them. Wiretapping laws exist for a reason and this is a great way to go around them.

Now I'm going to blow you all away with a VERY plausible and VERY scary scenario.

Right now we have an election happening in the USA. It, like all major elections, is highly contentious. Now this isn't about politics so nobody try to jump on a team or whatever.

How beneficial to a candidate would it be if they could "acquire" the computer usage history and data of their competition? If someone like Donald Trump (again please no politically infighting, this is just for demonstration) could acquire the Microsoft Data from someone like Jeb Bush and from that find out which sites he had visited, which search terms, what porn he likes to watch and so forth and so forth. Now Donald Trump wouldn't be the one to release this himself, it would be leaked through third parties to a media outlet who would have a "break news at 10" moment that references "anonymous insider sources". The data would be damning and Jeb Bush would be forced out of the primary.

That's just an easy example, but lets jack it up a notch. A senior government entity could easily acquire, through various means, any data that the FBI, NSA or CIA have access to. Now they couldn't release it publicly themselves, but through third parties a leak could be established. How easy would it be for those same entities to blackmail someone or even control an outcome by selectively releasing certain info. They already do this so don't act surprised or think they never would. So any data collected through this system would be squarely in the hands of people who do not have your best interests in mind.

But hey why stop there, lets go into the future. Lets take a stroll twenty years down the road. Now in this future technology is much like it is now, only faster, cheaper, smaller and even more social networking. It's now functionally impossible to live a life without being connected somehow. Now law enforcement has had access to this "Lifestyle usage data" (because that's what this is) for a decade because a law was passed to "equip our finest with the best law enforcement tools available" and in doing so created a system that enables all law enforcement to search through the national "life style usage database" which was created from the data OS and Application vendors collect. Now this "Protect Americans Act" was supposed to enable law enforcement to rapidly search through all this stored usage data to identify criminals who had committed a crime, the same way they search through your phone or credit history. They can already do this, it just takes a lot more time and effort on their part.

Now you would think this isn't a bad thing, we all want our police to have the best tools right, because they only seek to protect citizens right...

Now that I'm done laughing.

So time goes on and bad guys figure out how much data the police can now easily search through to identify them, so they hire people like me to shield their devices and prevent this data from getting into the police's hands. The first thing I would do is use some open source "privacy" tools easily found on the net to stop this. This becomes common place and renders the whole system mostly useless to finding real criminals. So you think they police would stop using it right .... yeah me neither. Instead they complain until a politician, sensing a moment to be seen as "hard on crime" creates a "Act for Combating Criminals" law that gets pushed through. The law makes it illegal to tamper with any software connected to the aforementioned system created by the "Protect Americans Act". It's now effectively illegal to block or prevent this system from transmitting data or to create a tool that enables such. All those open source tools I was using now become much harder to acquire, I would still use them obviously but now it's all grey market stuff that could get me jailed if I'm caught with it. But more importantly it now enables whole scale monitoring, even from those who "disabled" the software as that's no longer an option. You can't just "switch to Linux" because your now required, by law, to have that monitoring software installed and functional on any computing devices you use.

This may sound like a plot to some bad B movie, but it's not only possible but highly likely to occur. People value safety over both privacy and freedoms and frequently trade in both to secure the first. That is how we got the Patriot Act, TSA, HLS, NSA spying and other current issues.

The worst thing about this isn't law enforcement using it, but rather the enormous room for abuse that's created. How hard would it be for someone to do permanent lifelong damage to someone through a system like this? Furthermore, how hard is it for someone to forge data in the system to either implicate someone else or mask their own culpability? We can get into some really scary stuff if we go down this path.

I think of these things because instead of sticking my head in the sand and thinking "how could this hurt me", I take the opposite position and think "how could I use or abuse this". I'm a pretty intelligent person but I'm not the smartest nor more devious individual in the world, so if I can come up with these scenarios this easily then other people, who are far less morally constrained, could come up with worse. So next time one of you tries the old "why are you worried if you have nothing to hide", guys like me smile inside.

 

[surphninja]

I still would like to know why you can't just switch Cortana from cloud to local. I'm fine with the 'getting to know you' aspect, so long as everything is stored locally. Why is that not an option?

 

[CATERWAULER]

The problem with any ap or O/S/ that gathers data on you for even the most supposedly 'innocent' reasons,
(there are NO innocent reasons to to gather such data, and none that will benefit you personally) is that sooner or later the info will end up in the wrong hands.
Sooner, probably.

I do agree to a point but remember people happily use online banking and various other things that collect and store a lot of personal data.

And so far, Microsoft has yet to have a massive data breach like some banks, Sony or even Google.

This is too much! All the people who want Cortana so it can tell you your phone is ringing? And you can't remember an appointment? You are not among the people being dumbed down, you are already dumbed down! Cortana is nothing more than a branch of the NSA that it sifting your info every minute of your sad life.

You assume that people who would benefit from something like Cortona have only a few appointments? You must not have seen a top level employee of a company that has multiple appointments every day.

And I can tell you from experience that it does not hurt to be reminded when you have something to do, especially on a busy day when time will fly away from you without noticing.

 

[CATERWAULER]

Do you really believe that if Microsoft DID have a data breech, that you or anyone else but their own security would even KNOW about it?

 

[jimmysmitty]

Do you really believe that if Microsoft DID have a data breech, that you or anyone else but their own security would even KNOW about it?

Considering that larger corporations have had them and we know, yes. Google had one, and we know about it. Sony had one, and we know about it. The US Government had a massive one, and we know about it.

I would attribute it to mainly that Microsoft doesn't have as much of peoples personal data as companies such as Google or maybe they know how to secure their OS and servers better than the others. Who knows.

Hell VALVe had a security breach and we knew about it, although they were using a 512bit encryption so it was mostly pointless.

 

[palladin9479]

I still would like to know why you can't just switch Cortana from cloud to local. I'm fine with the 'getting to know you' aspect, so long as everything is stored locally. Why is that not an option?

I wouldn't mind data usage patterns being stored locally either. It's fine for the OS to do this kind of stuff but keep it local and only transmit it at the discretion of the user.

The problem is MS wants to collect this data and use it to generate that Google cash. Google is primarily an information company. Information is their product and vendors are their customers. Google collects usage data off internet sites, and then sells that data to companies. Microsoft has wanted in on this business for awhile but Bing doesn't generate nearly enough usage to provide them with valuable data, so instead they want to leverage their dominance in the Consumer PC markets to acquire the usage data from there. That is why Windows 10 is offered so cheaply / free, they aren't planning on making money from selling it nor are they giving it out from the kindness of their hearts, they plan on making money off the data they can scrape from your PC's. And because they can't be entirely sure what will and won't be useful, they just decided to record everything and sort it out later.

My big issue with all this is that there is a huge amount of room for potential abuse, especially once you start involving three letter government agencies. When you centralize this much data, and that bulk data can easily be tied to a physical name and location, it just screams "please abuse me" to the people who would want to do so.

And when every apologist's reply falls into one of these fallacies, it really starts making me wonder.

• 
  ■"[COMPETITOR A] does something similar! Oh look at them!" (deflection)
  
  ■"Oh it's not on by default." (lie)
  
  ■"It's not that big of a deal." (dismissal)
  
  ■"[Personal attack implying paranoia for simply wanting THE PREVIOUS STATUS QUO of not having every goddamned thing uploaded to Microsoft servers]" (character attack; the most pathetic of them all)

 

[king smp]

Well first if any three letter agency like the NSA or FBI is asking M$ about YOU then you are already so deep in poop you are done.
Second I really doubt that M$ is going to get involved in anything more than selling anonymous usage statistics which i really do not think is a big deal.
Every web page we go to has cookies. Heck Toms Admins can read all of your PMs if they feel like it and if you ever have used Google or an Android device then it has already been done to you.
and if you really have some sensitive stuff you need to keep hidden then use a Ubuntu VM inside of Windows 10 with I guess or dual boot Ubuntu.
Heck Ubuntu nowadays is almost as simple as Windows to use

 

[palladin9479]

Well first if any three letter agency like the NSA or FBI is asking M$ about YOU then you are already so deep in poop you are done.
Second I really doubt that M$ is going to get involved in anything more than selling anonymous usage statistics which i really do not think is a big deal.
Every web page we go to has cookies. Heck Toms Admins can read all of your PMs if they feel like it and if you ever have used Google or an Android device then it has already been done to you.
and if you really have some sensitive stuff you need to keep hidden then use a Ubuntu VM inside of Windows 10 with I guess or dual boot Ubuntu.
Heck Ubuntu nowadays is almost as simple as Windows to use

So basically

• 
  ■"[COMPETITOR A] does something similar! Oh look at them!" (deflection)"

 

[jimmysmitty]

Well first if any three letter agency like the NSA or FBI is asking M$ about YOU then you are already so deep in poop you are done.
Second I really doubt that M$ is going to get involved in anything more than selling anonymous usage statistics which i really do not think is a big deal.
Every web page we go to has cookies. Heck Toms Admins can read all of your PMs if they feel like it and if you ever have used Google or an Android device then it has already been done to you.
and if you really have some sensitive stuff you need to keep hidden then use a Ubuntu VM inside of Windows 10 with I guess or dual boot Ubuntu.
Heck Ubuntu nowadays is almost as simple as Windows to use

Be careful where you go with this. I am pretty much done. Sorry but that long post by palladin has me out for the most part.