Windows 8 Tells Microsoft About Everything You Install 489
musicon writes "According to Nadim Kobeissi, Windows 8 is configured by default (using a new featured called Windows SmartScreen) to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations."
While SmartScreen is enabled by default, it's possible for users to turn it off. Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year. (Not that it exculpates this behavior.)
Time for Linux, finally? (Score:4, Interesting)
Look, I'm just a regular user, albeit more technically capable than the vast majority, but not a developer, sys admin, etc., and it's starting to look more and more like it's time to consider making the move to Linux.
This private company invasiveness seems to be growing in parallel with government invasiveness, and I'm not happy about either, but at least I can choose one, for now.
Re:Wow... (Score:2, Interesting)
Honestly, if my Steam library ran on Linux I'd switch today...
Would it be possible... (Score:5, Interesting)
... to build an app that fakes the install of programs? In other words, overwhelm MS with hundreds of false install notices to them. As certain programs become 'of interest' to certain parties, we add that program to the list. Eventually, the information would become useless and would be abandoned.
Or am I missing something?
Opt-in vs opt-out (Score:4, Interesting)
"While SmartScreen is enabled by default, it's possible for users to turn it off."
And this is what's wrong with this setup. Debian has popcon, which is a survey of what you use and how often you use it, and you can participate by having a cronjob send off the file.
http://popcon.debian.org/README [debian.org]
But it's not a privacy concern because it's opt-in.
If this equivalent of popcon on 8 was opt-in, this thread wouldn't be here.
--
BMO
Re:Wow... (Score:5, Interesting)
You know, I've been resisting Linux all these years, but with the current direction of Windows development and greater Linux game support (Steam, etc.) I may make the switch yet...
You sound like me about 5 years ago, when Vista was supposed to be Microsoft's hot new OS. I figured the way that was going, I might as well go Linux now and get over the hassle of switching. Long story short I spent 3.5 years on Linux as my primary desktop before I gave up the fight and switched to Win7. If you want to try Linux go right ahead, but if you're just think Win8 is a dead end I suggest just buckling down with Win7 and see if Microsoft comes to their senses. There's plenty time and being 64 bit I think it's even more of a stayer than XP, that and SSD support were really the only two "must have" features of Win7 for me. I expect the coming decade to have even less such "must have" features.
Re:There is a better way... (Score:5, Interesting)
Right, use Chrome as the example of a privacy-conscious application... it's not like it sends not only every URL you type in the location bar, or knows and pre-fetches every possible combination of the URL while you're typing it, or anything. It doesn't take URL's you're typing and try to suggest search results for those words either, no sir! And it definitely, definitely doesn't let Google store and analyze all of that information against your account, should you happen to be logged in to Gmail or anything.
Not Windows 8, Internet Explorer 9+ (Score:4, Interesting)
Um, check the date on that blog post. March 22nd, 2011.
This was a feature added, by default, to Internet Explorer 9.0. It is a part of the browser. If you are running Windows 7 and have updated to Internet Explorer 9.0 then it is already doing this. All Windows 8 does is have Internet Explorer 10 installed by default.
Olds for nerds?
Re:Does Windows 8 have an opt-out feature? (Score:5, Interesting)
"The Unofficial Windows 8 Developer FAQ
Today, I’m going to attempt to dos something Microsoft staff should have done long ago or didn’t do correctly or simply were held back from doing so. I’m going to release the Unofficial FAQ on “What Just happened” in Microsoft for developer(s) worldwide."
http://www.riagenic.com/archives/960?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MsMossyblog+(MS+MossyBlog) [riagenic.com]
Re:Does Windows 8 have an opt-out feature? (Score:5, Interesting)
Heh
My 77 year old mother has one on her laptop. Its called Ubuntu. She is still trying to say it right.
And to think I was a little nervouse when she got internet access and started sending me puppy emails. Now she just complains about having to do a sudo and type in her password way too often.
Re:Time for Linux, finally? (Score:5, Interesting)
yup.. been that time for me for quite a while. Not only am I running Linux on all my machines, but have moved quite a few neighbors/friends over to Ubuntu from XP. In a few cases, the migration was sorta forced, in that machines were malware'ed up wazoo, and the owners of the systems did not have the recovery disks for a clean install. I showed them Ubuntu via LiveCD on their systems and asked them, could you live with that? Of course, my liveCD was a mashup with Gnome2 configured to look very close to XP. In all cases, the answer was "SURE!!"... Several of these users were always calling with problems when they were still on XP, but since going to Ubuntu, I get much less calls and absolutely NONE regarding malware.. One of the users is/was one of these people who clicked on EVERYTHING.. Told him numerous times, DON'T DO THAT.. but went in one ear/out the other. Because of this, he was always calling and saying "My machine is really slow..".. I'd tell him quit clicking on everything, and make a visit and clean what I could off the machine. After Ubuntu? no calls...
Re:Does Windows 8 have an opt-out feature? (Score:1, Interesting)
You mean the OS that, by default, blocks you from running content that isn't blessed by Apple? Yes, you can download apps from sources that aren't the App Store - but they still have to be signed, otherwise, it either will refuse to run or lie to you and say that the app is "damaged" and you should "drag it to the trash."
And if you try and disable this "feature" then it yells at you, warning you of dire consequences if you try and allow non-Apple-blessed apps to run.
Now I don't know if it sends Apple a list of every non-App Store app you run, but by default, it will send "diagnostic and usage data" to Apple and has for quite some time, so...
In any case, if your plan to avoid being spied on is "use Apple," you're an idiot.
Unless the joke was that Mac OS X is a downgrade from Windows 8, which is true, but it sounds like you're saying Mountain Lion is a way to opt out of being spied on by a giant corporation, and it isn't.
Re:Does Windows 8 have an opt-out feature? (Score:5, Interesting)
Well, AC, it all started when she wanted to use a spare USB wireless adapter ( old laptop ) I had. She needed to install the drivers via ndiswrapper but I had neglected to put it there first. I told her I would do the next time I came over. She told me to walk her through it. I'm gonna say no to my mother?
Re:Would it be possible... (Score:4, Interesting)
Or am I missing something?
How about the entire point of this feature, which is basically server side malware screening.
Re:Does Windows 8 have an opt-out feature? (Score:2, Interesting)
The simpel fact that you need to lie about all the presumed horrors that mountain lion brings tells more about your motivation than about mountain lion.
(To bypass the signature check, control-click the app, select open, and you'll hear no more from mountain lion about signatures.. The 'warnings' and 'lies' you describe have yet to be seen by me.. )
Re:Does Windows 8 have an opt-out feature? (Score:4, Interesting)
Congratulations on focusing on half the post. The other half is about the "usage and diagnostic data" that Mac OS X sends to Apple - which does contain information about what applications you have installed, and has since whenever they added that feature.
Exactly what data does Apple get? Well, according to Apple themselves, they collect "[u]sage information (for example, data about how you use Apple and third-party software, hardware, and services)." What does that mean? Who knows.
The bottom line is that if you don't want some company to know what third-party software you're using on "their" computer, you don't want to go Apple.
Re:Does Windows 8 have an opt-out feature? (Score:4, Interesting)
You mean the OS that, by default, blocks you from running content that isn't blessed by Apple?
Curious - how have they modified GCC to make this possible?
Or are you going to man up and say the same nonsense about Linux? Because, after all, you can't run anything RedHat hasn't blessed on RHEL. You can't run anything Canonical hasn't blessed, on Ubuntu. In precisely the manner that you can't run anything on OS X that isn't 'blessed' by Apple.
Except, of course, you can, for all three. Very easily.
Not that I'm defending the initial post, but your post contains many misconceptions which I'll clear up in case they're widespread:
1. Apple no longer uses GCC. Although it's possible for third parties to still compile things with it, they have to change all the default settings in XCode and are basically on their own. Apple is entirely Clang/LLVM now which uses no GCC code (and is BSD-licensed open source).
2. They are referring to code signing, which has nothing to do with the compiler. By default when a MacOS browser downloads an application it adds a flag that tells the MacOS Finder to warn the user about having downloaded it from the internet. Moreso, in Mountain Lion if the app with this flag is not digitally signed by a certificate which Apple issues to its developers, it will refuse to run it by default. You can change the default, you can use Command-O to run it, you can download it from an alternate browser, or you can clear the flag manually to bypass it, but for the typical user this helps with the "D00dz I gotz warez I'm sure they're not harmful let's run it!!11!" problem of trojans on the internet.
3. During this certificate process, MacOS may phone home to verify the OS-level certificate and check for blacklists, but it does not report back what app is being tested.
4. I don't believe RHEL or Ubuntu turn on code signature checking by default, or even have it as part of their core offering.
Re:Does Windows 8 have an opt-out feature? (Score:4, Interesting)