Windows Timeline is a unified activity history explorer that received a prominent placement next to the Start menu button in Windows 10 . You can see all your activities including your web browser history and app activity across all your Windows devices in one place, and pickup and resume activities you were doing on other devices. This is a useful and cool feature, but it’s also a privacy nightmare.
You may have read about a cool new browser extension that adds your web browsing history from third-party web browsers — including Firefox, Google Chrome, Vivaldi, and others — to Windows Timeline. The extension attracted some media attention from outlets like MSPoweruser, Neowin, The Verge, and Windows Central.
I helped develop the extension and made sure to add prominent information about how the extension works and its consequences for user privacy. The way Windows Timeline works has some serious implications for user privacy, and the extension should have raised some attention to the matter or at least raised some eyebrows. However, none of the media coverage for it mention privacy or how the extension works. I’m disappointed with all the Windows fanboy-sites and The Verge for not giving privacy a single though in the context of this extension and Windows Timeline.
The first version of the extension even had a bug that submitted all activities from private/incognito mode web browsing to Microsoft. (Sorry about that; fixed in version 1.0.2.) Yet no one even raised the topic of privacy or the massive data collection that Microsoft do through Windows Timeline.
Windows Timeline works by sending all your activities to Microsoft, and then have Windows fetch a list of all activities you’ve done on your local computer down from Microsoft’s servers. The data is associated with you personally though your Microsoft Account.
Microsoft stores collected activity data forever, as I discussed in more details only . However, Windows Timeline only shows you the activities for the last month; meaning they also should have been automatically deleted when they’re no longer needed.
This design is completely backwards from the “privacy by design and default” principle of the General Data Protection Regulation (GDPR). I’m amazed that Microsoft would release this feature just a month before the GDPR went into effect. However, it’s nothing new that Microsoft is collecting all your web browser history. They’ve been doing it by default and for many years already in both Internet Explorer and Microsoft Edge.
As I said going in to this: Windows Timeline is a useful feature. Useful enough that many users would opt to share all this data about their online activities with Microsoft to get it. The thing is: this is a false premise for Windows Timeline. It could have been designed to be much more privacy-friendly, but Microsoft chose to build it as a tool for collecting personal data on their customers instead. Microsoft could have encrypted the activity data end-to-end so that there wouldn’t be a privacy issue in the first place, but Microsoft chose to just scoop up and keep all of this data for their own ends. Microsoft could have automatically deleted the data when it’s no longer useful to the end-user, but Microsoft chose to retain it indefinitely.
I’m over Windows Timeline as its clearly a mass data collection tool that we the end-users don’t know the eventual consequences of using. I find Windows Timeline useful enough to help develop an extension to make it work with non-Microsoft browsers, yet I strongly disagree with Microsoft’s data retention and data protection policies around the feature (and Windows 10 in general).
Microsoft has a long way to go to make Windows Timeline respect user privacy. By using Windows Timeline, you’re opting to automatically send a whole lot of information to Microsoft. The Windows Timeline extension for other web browsers sends less information to Microsoft than what Microsoft normally gets if you use the Microsoft Edge browser. Microsoft Edge sends the address of every webpage that’s loaded in the browser to Microsoft including frames (ads, embedded video) and every redirect. The extension only shares the address of the primary document and only after it has been displayed in the browser for a minimum amount of time.