Windows 10 Extended Security Updates are Now FREE! At a Price!

Posted on by Sasch Mayer
Windows 10 FREE ESU comes with a hidden price tag

The Windows 10 Extended Security Updates (ESU) program can now help you access free security updates, but that FREE price tag comes with important privacy and security risks.

In return for an extra year of security patches, you’ll need to agree to sync your personal data with the Microsoft Cloud. And that process of exposing your private information through services like Windows Backup carries some inherent risks.

Understanding these risks, such as data breaches, Microsoft’s data collection practices, and the potential use of your information for AI training, is crucial.

Further, while this option delays the end of Windows 10 support until October 2026, it’s still only a temporary fix that requires careful consideration, if you’re looking to protect your personal information.

Below, I’m explaining the risks of FREE Windows 10 ESU in simple terms for non-technical users:

1. Risk of Data Breaches

    • What it means:
      When you sync your data (like files, photos, or settings) to Microsoft’s cloud, it’s stored on their servers. If hackers break into Microsoft’s systems, your personal information could be stolen.
    • Why it’s a concern:
      Data breaches happen. Big companies like Microsoft are targets for cybercriminals. For example, in 2024, Microsoft disclosed a breach where Russian hackers accessed some employee emails. While Microsoft has strong security, no system is 100% safe. If your sensitive data (like documents or passwords) is on their cloud, it could be exposed in a breach.
    • Impact for you:
      Stolen data could lead to identity theft, financial loss, or scammers using your personal info. For instance, if you sync financial documents or personal photos, they could be accessed by hackers if Microsoft’s servers are compromised.

    Likelihood: Low

    Breaches are rare but possible. Microsoft invests heavily in security, but large companies are frequent targets. So the risk is low but not zero.

    2. Microsoft Spying on Your Data

    • What it means:
      “Spying” refers to Microsoft accessing or monitoring your data without your clear permission. Some worry Microsoft might look at your files or settings to gather information about you.
    • Why it’s a concern:
      Microsoft’s privacy policy (updated as of 2025) states they collect data to provide services, improve products, and personalize ads. Microsoft also reserves the right to report any illegal activity it detects to the appropriate authorities.

      When you sync to their cloud, data like your PC settings, app preferences, or files may be analyzed to “improve” Windows. And while Microsoft says this is anonymized (not tied to your name), this alone should make you feel uncomfortable.

      At the very least they will track which apps you use most to suggest features or ads.
    • Impact for you:
      If you sync sensitive files (like tax documents or personal letters), you should be concerned that Microsoft could access them. There’s currently no clear evidence Microsoft directly “spies” on individual users’ files for malicious purposes, but their broad data collection practices feel like an invasion of privacy.

    Likelihood: Medium

    Microsoft likely doesn’t routinely target individual users’ data for spying, as this will terminally damage their reputation if proven. However, their policies allow automated systems to scan data for service improvements, illegal or hateful content, etc.

    And while nobody really talks about this in plain terms, this effectively means that Microsoft has insight into ALL your files, with only the worst of bad excuses.

    3. Using Your Data to Train AI Systems

    • What it means:
      Microsoft develops AI tools like Copilot, which learn from large amounts of data. There’s a concern they might use your synced data (like documents or settings) to train these AI systems.
    • Why it’s a concern:
      Microsoft’s privacy policy allows them to use “de-identified” data (stripped of personal details) for AI training. If you sync files to their cloud, they might process this data to improve AI, even if they claim it’s anonymized. However, mistakes in anonymization could link data back to you. For example, a 2023 study showed that poorly anonymized data can sometimes be re-identified, risking exposure of personal details.
    • Impact for you:
      If your synced data is used for AI training, it could indirectly contribute to Microsoft’s products without your full control. If anonymization fails, sensitive info (like health or financial details) could potentially be exposed.

    Likelihood: Medium to High

    Microsoft probably uses aggregated, anonymized data for AI training, as stated in their policies. The risk of your specific data being misused is still fairly low, but the lack of transparency about AI training processes makes many users uneasy.

    4. Why This Matters for the Windows 10 ESU Program

    • Data Risks:
      The ESU’s free option requires syncing your PC settings to Microsoft’s cloud via Windows Backup. This means your personal settings (like desktop preferences or app data) are sent to their servers, exposing you to the risks detailed above.
    • Temporary Fix:
      The ESU only extends Windows 10 security until October 2026. So syncing to the cloud for free updates doesn’t solve the long-term problem.

      After 2026, your PC will still be unsupported and at higher risk of getting hacked and becoming incompatible with up-to-date software. You’ll also still face the same privacy concerns if you keep using Microsoft’s cloud after support ends.
    • It’s a Trade-off:
      You avoid the $30 ESU fee by syncing, but you give up some control over your data and privacy. If you’re uncomfortable with cloud storage, paying the $30 or earning 1,000 Microsoft Rewards points avoids syncing but still only delays the inevitable end of Windows 10 support.

    Put Simply… Be cautious about what you sync: Only sync essential PC settings, not sensitive files like bank records or personal photos. Use an external USB drive for backups instead of the cloud.

    Check Privacy Settings:

    In Windows 10, go to Settings > Privacy to limit what data Microsoft collects (e.g., turn off personalized ads or diagnostic data.)

    Start Planning Ahead Now:

    The ESU is a one-year bandage. Start saving for a new Windows 11 PC or explore options like switching to a more private operating system, like Linux. If your needs are those of a standard user, like email, browsing, online banking and shopping, office application use, etc. then Linux is a free, more secure alternative to both Windows 10 and 11.

    Stay Informed:

    If you’re worried about Microsoft’s intrusive data handling practices, read their privacy policy at privacy.microsoft.com or ask someone you trust to explain it. We’re currently working on a breakdown of this and of Microsoft’s terms of service, but this is a lengthy, time consuming undertaking, which is likely to take another month to six weeks from date of publication of this piece.

    Avoid syncing sensitive data if you don’t fully trust cloud storage.

    Actively Reduce Risks:

    Use a strong, unique password for your Microsoft account and enable two-factor authentication (like a code sent to your phone) to make it harder for hackers to gain access your data.

    The risks detailed above are relatively low but VERY real, and the ESU only delays the need to upgrade to a supported system like Windows 11 by one year.

    And even then, Windows 11 comes with many shady privacy invasion features baked in.

    For Example, There’s Windows 11 Telemetry

    Windows 11 Telemetry is a system where Microsoft collects data about how you use your computer, ostensibly to improve Windows and its services. It tracks things like which apps you use, how often you use certain features, your device’s performance, and sometimes your location or browsing habits if you’ve enabled certain settings.

    This data is sent to Microsoft’s servers, often in an anonymized form, but it’s still tracking you because it monitors your activity. For instance, telemetry might note that you frequently use Microsoft Edge or get error messages from a specific app.

    Microsoft says this helps fix bugs and tailor experiences, but the practie raises serious privacy concerns because your data is shared with them, and you can only reduce, not fully stop, this tracking through Windows 11’s privacy settings.

    Ultimately, switching to a more privacy-focused Operating System, like Linux Mint, may be a better option for you than potentially compromising your data privacy and security.

    Contact Us is you have any questions about the points raised by this article.

    Leave a Reply

    Your email address will not be published. Required fields are marked *