Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 8 Tells Microsoft About Everything You Install

Posted by Soulskill on from the they-know-about-your-third-party-minesweeper-clone dept.

musicon writes "According to Nadim Kobeissi, Windows 8 is configured by default (using a new featured called Windows SmartScreen) to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations." While SmartScreen is enabled by default, it's possible for users to turn it off. Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year. (Not that it exculpates this behavior.)

9 of 489 comments (clear)

  1. Re:Does Windows 8 have an opt-out feature? by Anonymous Coward · · Score: 5, Informative

    At the rate Microsoft is going, they might as well add a "Windows 8 opt-out feature."

    I know this is a joke, but yes, they do, It's called "downgrade rights"

  2. The actual tracking... by Galaga88 · · Score: 4, Informative

    There's no indication that Microsoft themselves keeps track of which individuals downloaded/installed which programs.

    The issue this article seems to propose is that somebody could sniff the network traffic between yourself and Microsoft to grab the SmartScreen data and see what you'd installed when Windows contacts MS to see if the file is marked as safe/unsafe/unknown.

    If they're in a position to do that, wouldn't they theoretically be in a position to have potentially snooped on the download of the software which is triggering the SmartScreen traffic? (Depending of course, on where in the network their sniffer is at.)

    The only valid complaint seems to be that Microsoft is using a known-insecure version of SSL for the website all this data is sent to. If they fix that, I'm not sure what reasonable issue would be there.

    I would argue that for the average user, SmartScreen is a useful feature and having it turned on by default (assuming MS is tracking individual user downloads of software for some nefarious purpose) is a good thing.

  3. Re:Wow... by hobarrera · · Score: 4, Informative

    Did you check if it doesn't run with wine? You'd be surprised how much it has improved recently.

  4. Re:Wait... by wiedzmin · · Score: 4, Informative

    How do you people thing virus scanners work?

    Erm, by checking against a local signature database of known viruses or running local heuristic checks?

    --
    Bow before me, for I am root.
  5. Re:Opt-in vs opt-out by Missing.Matter · · Score: 4, Informative

    No, it's that it's opt-out and they don't tell you what they're sending.

    I take this back. I just checked the windows install process, and on the page where you choose "Use Express Settings" or "Customize" there are two options to "Learn more about express settings" and "Privacy Statement" where Microsoft details each feature, what data they collect, and how they use that data.

    For Smartscreen the text reads:

    What this feature does

    Windows SmartScreen helps keep your PC safe by checking files and apps with Microsoft to help protect you from potentially unsafe files and apps. Windows will ask you what you want to do if the file or app is unknown or potentially unsafe before it's opened"

    Information collected, processed, or transmitted

    If you choose to use this feature, information about some of the apps you use and some of hte files you download from the Internet will be sent to Microsoft. This information may include a file name, file ID ("hash"), and digital certificate information along with standard PC information and the Windows SmartScreen filter version number. To help protect your privacy, the information sent to Microsoft is encrypted.

    Windows SmartScreen randomly generates a number called a GUID that is sent to Microsoft with your SmartScreen usage data. The GUID lets us determine which data is sent from a particular PC over time. The GUID does not contain any personal information.

    Use of Information

    Microsoft uses the information described above to provide warnings to you about potentially unsafe files and apps. We also use the information to analyze performance of the feature to improve the quality of our products and services. We use the GUID to determine how widespread the feedback we receive is and how to prioritize it. For example, the GUID allows Microsoft to distinguish between one computer experiencing a problem one hundred times and one hundred customers experiencing the same problem once. Microsoft doesn't use the information to identify, contact, or target advertising to you.

    Choice and control

    If you choose express settings while setting up Windows, you can turn on Windows SmartScreen. If you choose to customize settings, you can control Windows SmartScreen by selecting Use Windows Smartscreen Filter to Check Files and Apps with Microsoft under Help protect your privacy and your PC. After setting up windows, you can change this setting in Action Center in the Control Panel.

  6. Re:Does Windows 8 have an opt-out feature? by atlasdropperofworlds · · Score: 4, Informative

    I don't see why you don't just get a system built by newegg, or ncix, or whoever. Choose some quality components (or have them choose some for you), and don't buy and OS. It's not like it's hard.

  7. Re:Does Windows 8 have an opt-out feature? by _xeno_ · · Score: 4, Informative

    The 'warnings' and 'lies' you describe have yet to be seen by me..

    Here, let me Google that for you. Amusingly Google autocompleted that for me from "app is d," so it's not exactly an uncommon error. Generally speaking, the app is not damaged when you get that error - it just isn't Apple-blessed. If you try and run it through the command line, it'll run just fine.

    Which kind of disproves the idea that Gatekeeper is about security, if all it takes to bypass it is fork() and exec().

    --
    You are in a maze of twisty little relative jumps, all alike.
  8. Re:Does Windows 8 have an opt-out feature? by snadrus · · Score: 5, Informative

    I took my shiny, still-wrapped laptop box to an Acer service center to return Windows 7. They swapped my hard drive for a blank one & I was mailed $65. Not bad for a laptop I bought $300.

    --
    Science & open-source build trust from peer review. Learn systems you can trust.
  9. Re:Does Windows 8 have an opt-out feature? by coinreturn · · Score: 4, Informative

    Congratulations on focusing on half the post. The other half is about the "usage and diagnostic data" that Mac OS X sends to Apple - which does contain information about what applications you have installed, and has since whenever they added that feature.

    Exactly what data does Apple get? Well, according to Apple themselves, they collect "[u]sage information (for example, data about how you use Apple and third-party software, hardware, and services)." What does that mean? Who knows.

    The bottom line is that if you don't want some company to know what third-party software you're using on "their" computer, you don't want to go Apple.

    And congratulations to you for ignoring the summary. Windows 8 has this on BY DEFAULT and you have to turn it off. Mac OS asks you if you want usage data sent before it ever does it.