Microsoft Denies Windows 8 App Spying Via SmartScreen

An anonymous reader writes "Microsoft has denied Windows 8 SmartScreen is spying after research by Nadim Kobeissi indicated otherwise." Whether it's "spying" or not, Microsoft is collecting certain information with SmartScreen — the key is what's done with it: The article quotes a Microsoft spokesperson: "We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties."

Disable it!

[zenlessyank]

There is a check box where you can disable this 'feature' before installation. Nothing to see here....

Re:Disable it!

[CrazyDuke]

Look in his history: His Karma is negative. The comment hasn't even been modded.

Re:Disable it!

There is a check box where you can disable this 'feature' before installation.
Nothing to see here....

Because at least 1% of Windows users are capable of installing the OS themselves.

Re:Disable it!

[bloodhawk]

FFS, where do these retards come from, read the damn article or better still read a non tin foil hat version from somewhere like Ars Technica. It is purely an anti malware prevention system that checks if the hash is a known malware when you go to install. There is a lot to hate windows 8 about, but this is actually one of the beneficial features that should help everyone, from the dumb users that install malware to the rest of us that get spammed by the botnets created by that malware.

Re:Disable it!

[fustakrakich]

The elevator has a "close door" button inside. Do you believe it actually functions?

Re:Disable it!

[king+neckbeard]

Most users do not install their own OS, and being on by default is problematic.

Re:Disable it!

[Shining+Celebi]

Just read the Ars Technica article. The Slashdot headline is ridiculously slanted, as was the previous story.

While I disagree with it in principle - I'd rather it be local, like how Firefox uses a local version of the bad-sites list, this is not in any way unusual or awful behavior, and it's mostly a good idea, and Microsoft has been completely open about how and why they're doing this and giving you an easy way to turn it off. It is not some privacy invading nightmare. Microsoft is not keeping track of what programs you download (unless, obviously, you get them through the Microsoft store.)

Slashdot stories are becoming more and more ridiculous. The summaries are never even worth reading anymore.

Re:Disable it!

[Missing.Matter]

Not only do they allow you to turn it off during install, they provide a detailed explanation of what the feature does, what data they collect, how they use the data, and how you can turn the feature off during install and after install. This seems to be just about all the information a user needs to make an informed decision about whether or not to leave smart screen on. if the user opts not to read this information and clicks right through the express settings without caring about the consequences, perhaps that's exactly the kind of user this smart screen filter aims to protect; odds are they have the same lackadaisical attitude when install Ing random software from the internet. Its self selecting really.

Here is a link to my comment from yesterday, which has the exact text relevant to smart screen you encounter on install: http://slashdot.org/comments.pl?sid=3070309&cid=41111521

Re:Disable it!

[rtfa-troll]

There are a whole load of "suddenly technically knowlagable" people dissembling here (I'd hate to say shills; but somewhere someone is feeding in disinformation).

• the application sends checksums to Microsoft
• those checksums correspond one to one to applications
• Microsoft will normally know which application is which
• that information will be discoverable by the Police / authorities etc.
• the application is no by default and does not ensure the user knows how it functions.

Now let's have a look at some of the language being used in the Ars Technica article.

This would allow the company to make some estimates of which IP addresses were running which software.

"some estimates" implies that there wold be uncertainty; that Microsoft wouldn't be able to say 100% that you were using a piece of software. Maybe it is Tor; maybe it's actually Tornado the game. The implication is a humal level of uncertainty which just doesn't apply.

"which IP addresses" implies that Microsoft would not know who you are. This shows an even greater level of deception. It's even trying to imply that your information may not be linked, if, for example, you change IP addresses. Microsoft has your software registration. Microsoft knows about your usage of Bing. Microsoft has your passport account. If any company other than Google can link your IP address to a particular person; that company is Microsoft.

Compared to this Ars Technica article, Slashdot is a haven of technical superiority and higher journalistic ethics and integrity. Maybe Anonymous Coward could set up a journalism course for the guys at Ars Technica.

Finally let's look at Microsoft's statement in the article (N.B. we don't get told what question this is an answer to; note that it might potentially be Microsoft answering to a question about their web sites in which case Ars Technica is again doing the deception; let's take it at face value however).

We can confirm that we are not building a historical database of program and user IP data. Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs.

The entire point of this service is to build up a "historical" database of executables. It works by identifying those downloads which are known and safe by how often they are downloaded and builds up a "reputation". Ars Technica describes this as "anonymised" without going into details. If you think that they don't at least have the IP network address then I have a bridge to sell you. Let me explain a simple exploit for you: before releasing your malware, repeatedly download it on each of your computers Microsoft will sign it as as having a good reputation. Microsoft's only possible defence against this is to ensure that it knows, at least to some level, which IP addresses used which software.

use of information doesn't matter

[sylvandb]

Collecting the information IS spying.

How the information is used after being collected does not matter for determining spying, only the motivation for spying.

Sensationalism

[Altanar]

I see /. is in for another round of anti-Windows 8 sensationalism. Please read the Ars Technica article talking about this before commentating.

Re:Sensationalism

[LateArthurDent]

I see /. is in for another round of anti-Windows 8 sensationalism. Please read the Ars Technica article talking about this before commentating.

Ah, sweet irony. Your Ars Technica article links to a wired article that argues cryptocat is no more secure than using no crypto at all, because it relies on host security, and then proceeds to defend Smart Screen using a host-security argument.

If you don't care Microsoft gets access to which programs you run / trust that they will keep the data anonymized and periodically delete the logs as you claim, by all means, don't turn off Smart Screen. That said, they have all the data they need to keep a record if every program you run, and I'd rather not take them at their word that they won't do anything bad with it.

Re:Could use it in the future

[Ultracrepidarian]

and if they collect it, our government will demand access to it.