Deutsch
English
Sometimes, it takes government pressure to spur a company into action. For years, there have been rumors that Microsoft Office is a telemetry data hog with little to no transparency as to what is collected and when. The Dutch government had finally had it and prompted an extensive investigation. The result: 91 pages of unfettered and unabated data collection frenzy along with a lack of organizational structure that borders on chaos - enough to shake up even the most consummate of business professionals.
The now public study was carried out by Privacy Company, a large Dutch-based privacy consulting firm. Its findings are alarming and show that Microsoft collect huge amounts of data through their Word, Excel, PowerPoint and Outlook applications - personalized, unregulated data sets, and there is nothing users can do about it! If you thought the telemetry transmissions only included crash reports, the study will definitely teach you otherwise. The numbers are staggering. Data processing itself is triggered by "events" as defined by Microsoft developers. This includes malfunctions but also operations like running a spellchecker or simply using the program in general. While Windows 10 tracks 1,000 events, backed by a team of 10 analysts at Microsoft, MS Office takes the cake with anywhere between 23,000 and 25,000 events and 30 data analysts. Surprised? So am I!
Though Privacy Company were unable to find out precisely what information is sent to Redmond, thanks to encryption, even Microsoft seem to be in the dark about the exact scope of their data collection. Apparently, developers have free reign and there's no expiration date after which data sets are deleted. No binding standards, no documentation! Once a team member deems a program aspect interesting enough, they are able to query the corresponding data through a separate program ("telemetry agent") that comes bundled with each Office installation. And while Windows 10 includes privacy settings, with no shortage of third-party apps to this effect, MS Office phones home unfetteredly, unsolicitedly and in an uncontrollable manner. Naturally, all data (including personal information) ends up on US servers fully accessible by US law enforcement agencies. Not only is this a violation of user privacy, but also a violation of European laws.
Default program, market leader, data hogger
At least investigators were able to identify a few of the events. Translations offered through MS Office and email subject lines are affected. Microsoft also collect information on how long we use Word or PowerPoint. Part of this data is necessary to provide the related services, however, Microsoft were unable to clarify why it's stored indefinitely. There are storage periods in place ranging from 30 days to 18 months in most cases but information considered particularly valuable is never deleted. Data collection is especially rampant in current MS Office versions like 2016 MSI and Office 365 that feature extensive internet-based capabilities. The scope varies, with crash reports being collected from all users while information on other events is limited to small sample sets that roughly affect 2% of users. There is currently no way to object to these practices. If you use MS Office, you're a willing participant.
That's already enough to feel uneasy, but there's more. Initially denied, Microsoft now admit to collecting personal data. With the help of audit logs (originally intended for admins), they can easily obtain email addresses, user ids, subject lines and much more. Time for data protection officers to get that rope ready and brush up on their hangman skills! Sure, Microsoft should (and must) collect data to improve their software or web-based services, but, this time, they've crossed the line. It seems they've completely forgotten that data collection must be governed by transparency and purpose.
One multi-national, many nosy employees
Change is coming, thanks to the Dutch Ministry of Justice and Security, who took action not primarily to protect end users but the 300,000 civil servants who are avid MS Office users, many of them dealing with classified material. To save their reputation, their dominance on business PCs, and to avoid costly lawsuits, Microsoft caved and promised to better themselves. Procedures are said to become documented and more transparent, thanks to a soon to be developed review tool, and admins (and private users?) will receive more control over the extent of the data collection. But there's no definitive schedule for the implementation of these measures yet. It seems, Microsoft were caught slightly off guard. Until a solution is found, privacy-wary users are advised to stay away from SharePoint and OneDrive, refrain from using the web-based version of Office 365, disable all "Help us improve" requests or rely on local user accounts. Rather unsatisfactory, if you just need to drop a few lines in Word. Here's my tip for you: Use a different Office suite!
What I would like to know: How do you view MS Office's data hunger? Are you already using a software alternative?
Open Office and Libre Office are designed mainly for Linux, in the time of the 90's people ranted on windows and how the pricing was for the windows office, it cost much more than windows OEM version of windows open office is known as Apache office originally and was developed as an alternative office solution replacing windows versions in the '90s, Libre Office is open office only developed better in how it's installed and ran, however you deal with lagging and slow start to even use it. Office 365 is an online based app used to operate for uses online and offline projects, however, anyone remember the remark Microsoft made what you do on windows is copyright of Windows means you consented to let Microsoft take your developments and use them without paying for the creation you made and stealing your credit of the creation anyone remember Stardock Themes Microsoft took that and placed it in XP it was not Microsofts project, they illegally posted a TOU Terms of Use in Windows XP policy, that caught the eyes of someone involved in Consumer retail then slammed Microsoft for it in court during the time of the battle between Lindows and Windows where Microsoft was trying to claim Dows as there own trademark creation and got Banned off selfs thus why Linux is widely used more so than it was in the early nineties I have tried out the Ashampoo Office after many people it really is quicker to load and faster to process than any office system I have used though I do know where its creation originates from because I have used that as well.
I am using LibreOffice as much as I can.
The problem with, from my experience, Open Office and Libre Office (especially) is that they are not fully compatible... this is especially true of Excel compatibility. I was doing a copy of an Excel spreadsheet (version 10 btw) in Libre Office and it wouldn't do what I had done in Excel. Tried in Open Office which was better but still not fully compatible. And really that is a total pain in the bum. If I don't want my data slurped (and I don't, it's one of the many reasons I don't use anti-Social Media) then my only option is to use these programmes in an offline computer. Which isn't a biggie for me, but really I shouldn't need to.
Honestly though, Linux is looking more and more attractive by the day.
An interesting blog post, as always.
This post is part of what pushed me to buy SoftMaker Office just now (which Ashampoo also sells as Ashampoo Office). It's more lightweight and better designed (IMO) compared to either the free alternatives or Microsoft Office, and I'd guess that it's not collecting so much information.
It's not that I really need an office suite, but it's nice to occasionally support the little guys.
Suggestion for the next version of my favorite Ashampoo utility "Winoptimizer": When a browser suddenly cannot connect to the internet ADD the ability to save and restore wifi settings (including DNS etc.) in Winoptimizer. It eliminates troubleshooting for the average user and would be so convenient and trustworthy to have Ashampoo Optimizer do it for us. Just a thought.
Thank you very much for your suggestion! I always pass such feature requests on to the product manager.
Hi Sven,
Thanks for your answer to my comment.
Your comment related to EU laws but Britain and other countries want to exit the EU,
Hopefully Britain for one of several countries will be free of the EU very soon, therefore Microsoft, et al will be aware of this and I foresee a long, drawn-out battle to determine, conclusively, right from wrong.
As an example, refer to the Facebook fiasco with Mark Zuckerberg facing a variety of judgement meetings, and how many charges were laid with punishment served.
Microsoft Office is established (welded) in millions of business institutions and organisations around the world, and how much of our personal and private information is held 'for our eyes only' in a secret compartment under our control only.
Very little, if any at all.
Vielen Dank für Ihre regelmäßigen Blogs
Oh yes, Brexit saddens me particularly, being the Britain fan that I am. I'm hoping everything will turn out well. EU regulations are fairly clear and Microsoft already admitted to their violation. I'm expecting the required code modifications to be rolled out world-wide, since I can hardly imagine Microsoft giving the EU special treatment.
It does not surprise me as data is a valuable commodity for many reasons. Always looking at alternative to get away from big brother. But there are many people that don't know much about computing and accept things on good will. Pity is is only one way...
What data do YOU collect? None?
Our customer profiles include only data required to complete a purchase or registration process. Apart from that, we don't collect any personal information and fully comply with (very strict) German and EU data privacy laws.
I also use Libre Office it's the best.
as more damage you do to the rest of the world, more paranoia is present inside.. more control over everybody else you want, more tools you are trying to develop to maintain it.. at the end, you do not care about law, others feelings, rights -- anything.
this happens today in our world, started someplace slowly, and then, as a disease, starts to spread around, until somehow stopped by affected ones, once the awareness of potential damage becomes obvious ..
Thank you, Sven, for raising this up !! It is much more important for everybody in this world, than most people see now.
Yes, simple avoidance of such products helps a little, especially if you stop paying to be controlled by those who will use this to hurt you, not necessarily with some logical reason, but often to discredit you, to gain theirs goal in become the Master of you, your posession and your labor, and to rule your life at the end !! You are the consumer, you decide what will happen to you.
Be well and smart !
I use Office 2007
Hi Sven, just a question first, Does mso collect data when offline (mso 2016) then phone home when on line, or just only phone home data collected when online?.... This is TRULY FRIGHTENING.... when will it stop.? Maybe it's time to vote with data fingers and give WPO or something other programs a try.... Only problem with that is MSO is so good and easy to use....and so versatile and feature packed. The alternatives are not so.
This case isn't mentioned in the study but I'm assuming the program will sync the next time you go online. Many cloud or gaming services, like Steam, act the same way.
More food for thought Sven.
Thank You.
In the beginning man created Internet, it was a new beginning for communication, speedy storing of every type of information, and everything else, good and bad used by good and bad people all over the world.
With the invention of the motor car and the 'dangers' involved to the occupants and pedestrians alike a comprehensive book of road and rules and regulations were made law, and to this day a minority do not follow the rules.
The use of The Internet does not have a book of rules, and to state what should be done to stop governments, law authorities, banks, private corporations, hackers, miscreants et al accessing the personal and private information of individual people will never stop completely, and until a book of rules and regulations are written, and complied with by the majority of honest people and the above institutions, those involved in accessing personal and private information will not stop because a defined law to abide by has not been written.
Microsoft do not have to state that they can, and will access all 'your' information stored anywhere in their Microsoft office Suite, there isn't a law that states it is illegal.
Thanks for your rather philosophical thoughts. :) The study tries to determine whether Microsoft has violated any laws, European in this case. For instance, EU laws prohibit the storing of personal data on US servers without the option to delete them. I can't wait to see how many modifications Microsoft will have to make.
Sven, Thanks for another informative blog article. This information is mind boggling to me. I will continue switching to Libre Office and Ashampoo office. I've used both products and found them easy to use and compatible with other major office products. I am learning Linux as I have time and while there is some adjustment I am converting all my data to Linux. I resent having my info mined by others. I wish it wasn't that way but enough is enough! Thanks again! -RL
Libre Office for the win. Sorry Sven, I own about a dozen AShampoo products, but I've used Libre Office for forever it seems, and never had a lick of problems. And for free. Who could ask for anything more?
I wholeheartedly agree. :)
A few years ago, when computer magazines occupied shelves in newspaper stores, many of them would express concern over privacy issues with MS Office. Since then, I've vowed to use any reasonable alternative to MS products, although I use Win 10 (with privacy setting enabled) because I'm not a power user. The Ashampoo Office suite is great for what I need, and I use Firefox for web browsing. I'm not engaged in nefarious activity, or breaking any laws, but I just don't like the idea of some stranger going through my stuff.
I have been using WordPerfect )Quattro Pro, Presentations and Paradox for office quites) since DOS 4.2. All windows versions (except 5.0 & 6.0) were superior in form and function to equivalent MS Office programs. Corel (current owner of WordPerfect) maintains file comptaibility with older version, unlike MS Office products and does not royally screwup the user interface forcing total relearning of the entire program. Basic editing the MS and Corel products are effectively identical, but moving into advanced edit features, the Corel products are substantially simpler and easier to use. Never trusted Microsoft products regarding privacy, only more confirmation of longstanding concerns.
What versions of MS Office are affected? I still use 2007 but have been thinking of switching to the Ashampoo product. Only problem I've had is finding an alternative to Outlook. I'm trying Thunderbird but having some issues.
Only the latest versions of MS Office were analyzed. Sorry, I don't know whether older versions are affected.
Haven't used Microsoft Office for years. I switch between Libre Office and Open Office on an irregular basis. Can't change to Linux as I have too much investment in esoteric software.
I've tried some the the alternate office products. Softmaker Office is the best I've found but I still prefer Microsoft office. Since I don't deal with classified material, I think I will stick with Office 365 for now.
Sven, this is an outstanding wake-up call to the public. You're quite right about using a different office suite. The question now is, which one? Ashampoo offers a sterling office suite, but it appears to have been developed and sublicensed by Ashampoo, making it a bit questionable in my mind. Although I fully trust Ashampoo with my data, I have no way of knowing where it goes from there. Corel's Wordperfect is a viable alternative, but is Corel to be trusted more than Microsoft? And the list goes on. Having said all that, I have no qualms about using your office suite, after all I'm not plotting nefarious deeds and my grandmother's fruitcake recipe is really not that top secret, so it doesn't bother me much if someone wants to litter up their storage with details of my existence. I'll just keep on keeping on until the PC police break down my door and drag me off to the proverbial "Facebook Jail" or wherever they send miscreant computer users these days.
Our Office suite only performs a license and update check on each startup. I didn't mention it here because this blog is not meant for advertising. :)
This is a total disgrace. How have they got away with this so long and why hasn't the Data Protection office sussed them out and prosecuted. I can only imagine that Microshaft has registered VERY liberal reasons and conditions of their registration.
I think more of us should kick them into the long grass and use Open Office or Libre Office. Who knows if they keep on messing up with their twice yearly Windows releases, perhaps more will try a Linux release and learn to love it.!
I'm fed up with Microshaft for its cavalier attitude. Equally fed up with Adobe for making Creative Suite subscription only. Looks like open source is the way forward.
I never liked MS Office, I didn't trust it. Also dislike using the cloud at all! I have been using Softmaker software for several years. (retired computer programmer/analyst)
I feel that ALL of my online activities are "Out There" no matter what i do (ex. opt out, password manager, encrypt, use a VPN, firewall, etc), and that I have no control over it. I am a normal US citizen who does not break the law. Except for Identity theft (I check my credit reports regularly) I don't worry if Microsoft, or anyone else, knows that I have $2,000 in my checking account, or If I worry about people knowing that I bought a pair of headphones from Amazon, I would drive myself crazy. I am not that interesting for them to care about my online habits.
Geez! George Orwell wasright.