Windows 8 Tells Microsoft About Everything You Install

← Back to Stories (view on slashdot.org)

Windows 8 Tells Microsoft About Everything You Install

Posted by Soulskill on Friday August 24, 2012 @03:38AM from the they-know-about-your-third-party-minesweeper-clone dept.

musicon writes "According to Nadim Kobeissi, Windows 8 is configured by default (using a new featured called Windows SmartScreen) to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations." While SmartScreen is enabled by default, it's possible for users to turn it off. Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year. (Not that it exculpates this behavior.)

40 of 489 comments (clear)

Min score:

Reason:

Sort:

Does Windows 8 have an opt-out feature? by erikwestlund · 2012-08-24 03:42 · Score: 5, Funny

At the rate Microsoft is going, they might as well add a "Windows 8 opt-out feature."
1. Re:Does Windows 8 have an opt-out feature? by Anonymous Coward · 2012-08-24 03:44 · Score: 5, Informative
  
  At the rate Microsoft is going, they might as well add a "Windows 8 opt-out feature."
  I know this is a joke, but yes, they do, It's called "downgrade rights"
2. Re:Does Windows 8 have an opt-out feature? by Anonymous Coward · 2012-08-24 03:51 · Score: 4, Insightful
  
  Does Windows 8 have an opt-out feature?
  Yes, they do.
3. Re:Does Windows 8 have an opt-out feature? by Anonymous Coward · 2012-08-24 04:11 · Score: 5, Interesting
  
  "The Unofficial Windows 8 Developer FAQ
  Today, I’m going to attempt to dos something Microsoft staff should have done long ago or didn’t do correctly or simply were held back from doing so. I’m going to release the Unofficial FAQ on “What Just happened” in Microsoft for developer(s) worldwide."
  http://www.riagenic.com/archives/960?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MsMossyblog+(MS+MossyBlog)
4. Re:Does Windows 8 have an opt-out feature? by macbeth66 · 2012-08-24 04:22 · Score: 4, Interesting
  
  Heh
  My 77 year old mother has one on her laptop. Its called Ubuntu. She is still trying to say it right.
  And to think I was a little nervouse when she got internet access and started sending me puppy emails. Now she just complains about having to do a sudo and type in her password way too often.
5. Re:Does Windows 8 have an opt-out feature? by Anonymous Coward · 2012-08-24 04:29 · Score: 4, Funny
  
  I'm extremely tempted to write a program called "Fuck you Microsoft, you worthless sacks of shit", which installs itself only long enough to send Microsoft the notification that this program was installed, before formatting the hard drive.
  Or maybe I should just make a program that essentially installs with that name, displays some text saying 'notification to Microsoft sent', then uninstalls itself. The user can install this as many times as they want to tell Microsoft they're worthless sacks of shit.
6. Re:Does Windows 8 have an opt-out feature? by 1s44c · 2012-08-24 04:41 · Score: 4, Insightful
  
  Does Windows 8 have an opt-out feature?
  Yes, they do.
  But even if you use those opt outs on your new computer you still pay the Microsoft tax.
7. Re:Does Windows 8 have an opt-out feature? by Anonymous Coward · 2012-08-24 04:46 · Score: 5, Funny
  
  Linux will be ready for the desktop in 5 years time.
8. Re:Does Windows 8 have an opt-out feature? by macbeth66 · 2012-08-24 04:49 · Score: 4, Interesting
  
  Well, AC, it all started when she wanted to use a spare USB wireless adapter ( old laptop ) I had. She needed to install the drivers via ndiswrapper but I had neglected to put it there first. I told her I would do the next time I came over. She told me to walk her through it. I'm gonna say no to my mother?
9. Re:Does Windows 8 have an opt-out feature? by atlasdropperofworlds · 2012-08-24 05:16 · Score: 4, Informative
  
  I don't see why you don't just get a system built by newegg, or ncix, or whoever. Choose some quality components (or have them choose some for you), and don't buy and OS. It's not like it's hard.
10. Re:Does Windows 8 have an opt-out feature? by Enderandrew · 2012-08-24 05:18 · Score: 4, Insightful
  
  I know this is meant as a joke, but the reality is that Linux truly is ready for the desktop right this second.
  1. Xorg.conf nightmares ended years ago.
  2. A fresh Windows install means a lot of your hardware doesn't work and you have to hunt for drivers from third party websites. This is particularly fun if it is your wireless network card that isn't working. For the most part, hardware "just works" in Linux these days.
  3. Out of the box on a Linux install, you likely have most of the apps you already need. If you don't, then installing and managing your software is a breeze.
  4. Even as people praise Windows 7, it did retain a lot of usability regressions from Vista. It is somewhat a matter of opinion, but I'd contend that KDE is the most usable desktop out there currently. If you disagree, you can run Unity, Gnome 3, or whatever you want in Linux. You're not bound to one UI you don't like (such as the new Metro UI in Windows 8).
  5. Linux can pass the Grandma test. People often suggest you have to re-learn a new OS. I'd contend that it is easier to give Grandma a KDE desktop than a Windows 8 PC. I converted my 60 year old mother to openSUSE and KDE. She was reticent at first, but came to really like it.
  6. Linux is secure. You don't have to worry about viruses, spyware, etc. You spend your time using your computer as opposed to fixing your computer.
  7. Have a Windows app you can't leave behind? There is a decent chance it runs in Wine. And since we have shifted more to web-based apps, desktop apps are less important today than they were 10 years ago.
  No OS or desktop is perfect, but if you did an objective comparison today of what is the easiest and best OS to run on your desktop/laptop for most people today, I truly believe Linux would come out on top.
  
  --
  http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
11. Re:Does Windows 8 have an opt-out feature? by TheSpoom · 2012-08-24 05:23 · Score: 5, Funny
  
  Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
  
  --
  It's better to vote for what you want and not get it than to vote for what you don't want and get it.
  - E. Debs
12. Re:Does Windows 8 have an opt-out feature? by _xeno_ · 2012-08-24 05:25 · Score: 4, Informative
  
  The 'warnings' and 'lies' you describe have yet to be seen by me..
  Here, let me Google that for you. Amusingly Google autocompleted that for me from "app is d," so it's not exactly an uncommon error. Generally speaking, the app is not damaged when you get that error - it just isn't Apple-blessed. If you try and run it through the command line, it'll run just fine.
  Which kind of disproves the idea that Gatekeeper is about security, if all it takes to bypass it is fork() and exec().
  
  --
  You are in a maze of twisty little relative jumps, all alike.
13. Re:Does Windows 8 have an opt-out feature? by Penguinisto · 2012-08-24 05:31 · Score: 5, Funny
  
  Even better - write a small app that generates random app names/specs from a huge DB of legitimate applications, and randomly sends notification of installs and uninstalls whenever the user's machine goes idle. Bonus points if it generates random GUIDs and computer profiles.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
14. Re:Does Windows 8 have an opt-out feature? by _xeno_ · 2012-08-24 05:36 · Score: 4, Interesting
  
  Congratulations on focusing on half the post. The other half is about the "usage and diagnostic data" that Mac OS X sends to Apple - which does contain information about what applications you have installed, and has since whenever they added that feature.
  Exactly what data does Apple get? Well, according to Apple themselves, they collect "[u]sage information (for example, data about how you use Apple and third-party software, hardware, and services)." What does that mean? Who knows.
  The bottom line is that if you don't want some company to know what third-party software you're using on "their" computer, you don't want to go Apple.
  
  --
  You are in a maze of twisty little relative jumps, all alike.
15. Re:Does Windows 8 have an opt-out feature? by snadrus · 2012-08-24 05:45 · Score: 5, Informative
  
  I took my shiny, still-wrapped laptop box to an Acer service center to return Windows 7. They swapped my hard drive for a blank one & I was mailed $65. Not bad for a laptop I bought $300.
  
  --
  Science & open-source build trust from peer review. Learn systems you can trust.
16. Re:Does Windows 8 have an opt-out feature? by nschubach · 2012-08-24 05:50 · Score: 4, Insightful
  
  Technically, Ubuntu offers an option to collect download and installation data from the software center. I believe it prompts you though and clearly explains that's it's anonymous.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
17. Re:Does Windows 8 have an opt-out feature? by arkane1234 · 2012-08-24 06:04 · Score: 4, Insightful
  
  Try holding down ctrl as you run it the first time, then select to run it. It won't ask you again.
  Also, it actually asks you if you will allow data to be sent to Apple. While I don't agree with it, at least it asks and you have a choice. Then again, even Debian has data returning home, by choice.
  Thanks for playing.
  
  --
  -- This space for lease, low setup fee, inquire within!
18. Re:Does Windows 8 have an opt-out feature? by coinreturn · 2012-08-24 07:06 · Score: 4, Informative
  
  Congratulations on focusing on half the post. The other half is about the "usage and diagnostic data" that Mac OS X sends to Apple - which does contain information about what applications you have installed, and has since whenever they added that feature.
  Exactly what data does Apple get? Well, according to Apple themselves, they collect "[u]sage information (for example, data about how you use Apple and third-party software, hardware, and services)." What does that mean? Who knows.
  The bottom line is that if you don't want some company to know what third-party software you're using on "their" computer, you don't want to go Apple.
  And congratulations to you for ignoring the summary. Windows 8 has this on BY DEFAULT and you have to turn it off. Mac OS asks you if you want usage data sent before it ever does it.
Re:So? by erikwestlund · 2012-08-24 03:46 · Score: 5, Insightful

I like your vision of a privacy-invasion free world.
Don't want to be videotaped? Don't go outside.
Don't want to be wiretapped? Don't use a phone.
Don't want medical records in the wild? Don't go to a doctor.
Visionary indeed.
Re:Wow... by Anonymous Coward · 2012-08-24 03:46 · Score: 5, Insightful

No you won't. Quit trolling for +5.
Time for Linux, finally? by Anonymous Coward · 2012-08-24 03:48 · Score: 4, Interesting

Look, I'm just a regular user, albeit more technically capable than the vast majority, but not a developer, sys admin, etc., and it's starting to look more and more like it's time to consider making the move to Linux.
This private company invasiveness seems to be growing in parallel with government invasiveness, and I'm not happy about either, but at least I can choose one, for now.
1. Re:Time for Linux, finally? by LVSlushdat · 2012-08-24 04:29 · Score: 5, Interesting
  
  yup.. been that time for me for quite a while. Not only am I running Linux on all my machines, but have moved quite a few neighbors/friends over to Ubuntu from XP. In a few cases, the migration was sorta forced, in that machines were malware'ed up wazoo, and the owners of the systems did not have the recovery disks for a clean install. I showed them Ubuntu via LiveCD on their systems and asked them, could you live with that? Of course, my liveCD was a mashup with Gnome2 configured to look very close to XP. In all cases, the answer was "SURE!!"... Several of these users were always calling with problems when they were still on XP, but since going to Ubuntu, I get much less calls and absolutely NONE regarding malware.. One of the users is/was one of these people who clicked on EVERYTHING.. Told him numerous times, DON'T DO THAT.. but went in one ear/out the other. Because of this, he was always calling and saying "My machine is really slow..".. I'd tell him quit clicking on everything, and make a visit and clean what I could off the machine. After Ubuntu? no calls...
  
  --
  THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
Not unexpected. Cant have it both ways. by Kenja · 2012-08-24 03:48 · Score: 4, Insightful

If you are going to blame Microsoft for what third party software does on your computer, then you can't also blame them when they start to track and address such problems. With things like EAs Origin, Steam, etc, what you do on your computer is no longer just your business. At least Microsoft lets you turn it off.

--

"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Would it be possible... by macbeth66 · 2012-08-24 03:51 · Score: 4, Interesting

... to build an app that fakes the install of programs? In other words, overwhelm MS with hundreds of false install notices to them. As certain programs become 'of interest' to certain parties, we add that program to the list. Eventually, the information would become useless and would be abandoned.
Or am I missing something?
Poor comparison by wvmarle · 2012-08-24 03:53 · Score: 4, Insightful

Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year. (Not that it exculpates this behavior.)
Can't compare this. If I download something from the Play Store, I know Google knows I install that app. After all I have to log in using my Google account, and use their app to download from their store. Afaik they do not know what I install from third-party sources, like alternative app stores. Nor do they have any right knowing that.
Apparently MS monitors what you install from third-party sources. Without telling you, and without asking explicit permission. That's simply evil. They have no business knowing what I install from third-party sources. The fact that this data is stored in some foreign country (the US is a foreign country to me, and some 95% of the world's overall population) with notoriously poor privacy protection only helps making it a lot worse.
How is it not alone? by SuperKendall · 2012-08-24 03:53 · Score: 5, Insightful

Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year.
Come on. This is just excuse-making - sure in any given app store the store owner knows what you downloaded - by definition they had to for you to download it!
But here aren't we talking about a more general notion that ANY application installed from anywhere is known by Microsoft? When you use the Amazon app store on Android, does Google know what you have? When I use Cydia on a iPhone, Apple doesn't know what applications I install from there... on the Mac I can use the app store but if I get applications from elsewhere Apple doesn't know about those either.
Just because App Stores exist does not give Microsoft the right to track every app installed.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Re:Wow... by SJHillman · 2012-08-24 03:53 · Score: 5, Insightful

What's wrong with sticking with Windows 7 for now?
It's not like Windows 7 is automatically obsolete as soon as 8 hits the market.
Slight difference between app stores by 0racle · 2012-08-24 03:55 · Score: 4, Insightful

App stores will know everything you download from them for the same reason any other retailer would, you bought it there so there is a transaction record. This is tracking and sending to Microsoft information about EVERY application you download outside of their eventual marketplace. Apple doesn't know that I downloaded Handbreak from their site but with this Microsoft would, or to put it in a way that could cause an issue, Apple doesn't know that I downloaded LOIC, but Microsoft would. That is why it becomes an issue over and above something like the Mac App Store.

--
"I use a Mac because I'm just better than you are."
The actual tracking... by Galaga88 · 2012-08-24 03:57 · Score: 4, Informative

There's no indication that Microsoft themselves keeps track of which individuals downloaded/installed which programs.
The issue this article seems to propose is that somebody could sniff the network traffic between yourself and Microsoft to grab the SmartScreen data and see what you'd installed when Windows contacts MS to see if the file is marked as safe/unsafe/unknown.
If they're in a position to do that, wouldn't they theoretically be in a position to have potentially snooped on the download of the software which is triggering the SmartScreen traffic? (Depending of course, on where in the network their sniffer is at.)
The only valid complaint seems to be that Microsoft is using a known-insecure version of SSL for the website all this data is sent to. If they fix that, I'm not sure what reasonable issue would be there.
I would argue that for the average user, SmartScreen is a useful feature and having it turned on by default (assuming MS is tracking individual user downloads of software for some nefarious purpose) is a good thing.
Re:Wow... by hobarrera · 2012-08-24 03:58 · Score: 4, Informative

Did you check if it doesn't run with wine? You'd be surprised how much it has improved recently.
Re:Wow... by Kjella · 2012-08-24 04:04 · Score: 5, Interesting

You know, I've been resisting Linux all these years, but with the current direction of Windows development and greater Linux game support (Steam, etc.) I may make the switch yet...
You sound like me about 5 years ago, when Vista was supposed to be Microsoft's hot new OS. I figured the way that was going, I might as well go Linux now and get over the hassle of switching. Long story short I spent 3.5 years on Linux as my primary desktop before I gave up the fight and switched to Win7. If you want to try Linux go right ahead, but if you're just think Win8 is a dead end I suggest just buckling down with Win7 and see if Microsoft comes to their senses. There's plenty time and being 64 bit I think it's even more of a stayer than XP, that and SSD support were really the only two "must have" features of Win7 for me. I expect the coming decade to have even less such "must have" features.

--
Live today, because you never know what tomorrow brings
Re:There is a better way... by wiedzmin · 2012-08-24 04:04 · Score: 4, Interesting

Right, use Chrome as the example of a privacy-conscious application... it's not like it sends not only every URL you type in the location bar, or knows and pre-fetches every possible combination of the URL while you're typing it, or anything. It doesn't take URL's you're typing and try to suggest search results for those words either, no sir! And it definitely, definitely doesn't let Google store and analyze all of that information against your account, should you happen to be logged in to Gmail or anything.

--
Bow before me, for I am root.
Not Windows 8, Internet Explorer 9+ by Anonymous Coward · 2012-08-24 04:04 · Score: 4, Interesting

Um, check the date on that blog post. March 22nd, 2011.
This was a feature added, by default, to Internet Explorer 9.0. It is a part of the browser. If you are running Windows 7 and have updated to Internet Explorer 9.0 then it is already doing this. All Windows 8 does is have Internet Explorer 10 installed by default.
Olds for nerds?
Re:Wow... by OldSport · 2012-08-24 04:05 · Score: 4, Insightful

Is Windows 7 really that bad? I spent about 10 minutes customizing it and find it to be a much better experience than XP. The only thing that chews my balls is the lack of an included utility to password-protect .zip files, but aside from that, I can't think of anything I really dislike about it.
Re:Wait... by wiedzmin · 2012-08-24 04:08 · Score: 4, Informative

How do you people thing virus scanners work?
Erm, by checking against a local signature database of known viruses or running local heuristic checks?

--
Bow before me, for I am root.
Re:Don't try to be apple by UnknowingFool · 2012-08-24 04:28 · Score: 4, Insightful

You mean don't try to be Apple badly. Even though Lion and Mountain Lion added iOS features, they didn't force iOS as the default UI onto their desktop/laptop OS users.

--
Well, there's spam egg sausage and spam, that's not got much spam in it.
Re:Wow... by desertfool · 2012-08-24 04:32 · Score: 4, Insightful

Where do we find companies that have respect for user/consumer rights, because I would be happy to use their products and services.

--
Just a dude. Stuck in IT.
Re:There is a better way... by Twanfox · 2012-08-24 04:41 · Score: 4, Insightful

Isn't that equivalent to the answer of 'If you don't want Windows SmartScreen to tell Microsoft about your installed apps, go into Privacy and turn it off.'?
It would seem to me that the point the parent was making is that Chrome's data reporting habits and this new one in Windows 8 are effectively the same. Both are enabled by default, and both report data back to their 'owners'. That both have an 'opt out' to turn them off really doesn't differentiate or describe either one as awesome with regards to privacy.
Re:Opt-in vs opt-out by Missing.Matter · 2012-08-24 04:45 · Score: 4, Informative

No, it's that it's opt-out and they don't tell you what they're sending.
I take this back. I just checked the windows install process, and on the page where you choose "Use Express Settings" or "Customize" there are two options to "Learn more about express settings" and "Privacy Statement" where Microsoft details each feature, what data they collect, and how they use that data.

For Smartscreen the text reads:

What this feature does

Windows SmartScreen helps keep your PC safe by checking files and apps with Microsoft to help protect you from potentially unsafe files and apps. Windows will ask you what you want to do if the file or app is unknown or potentially unsafe before it's opened"

Information collected, processed, or transmitted

If you choose to use this feature, information about some of the apps you use and some of hte files you download from the Internet will be sent to Microsoft. This information may include a file name, file ID ("hash"), and digital certificate information along with standard PC information and the Windows SmartScreen filter version number. To help protect your privacy, the information sent to Microsoft is encrypted.

Windows SmartScreen randomly generates a number called a GUID that is sent to Microsoft with your SmartScreen usage data. The GUID lets us determine which data is sent from a particular PC over time. The GUID does not contain any personal information.

Use of Information

Microsoft uses the information described above to provide warnings to you about potentially unsafe files and apps. We also use the information to analyze performance of the feature to improve the quality of our products and services. We use the GUID to determine how widespread the feedback we receive is and how to prioritize it. For example, the GUID allows Microsoft to distinguish between one computer experiencing a problem one hundred times and one hundred customers experiencing the same problem once. Microsoft doesn't use the information to identify, contact, or target advertising to you.

Choice and control

If you choose express settings while setting up Windows, you can turn on Windows SmartScreen. If you choose to customize settings, you can control Windows SmartScreen by selecting Use Windows Smartscreen Filter to Check Files and Apps with Microsoft under Help protect your privacy and your PC. After setting up windows, you can change this setting in Action Center in the Control Panel.