Forgot your password?
typodupeerror
Privacy Microsoft Windows Your Rights Online

Windows 8 Tells Microsoft About Everything You Install 489

Posted by Soulskill
from the they-know-about-your-third-party-minesweeper-clone dept.
musicon writes "According to Nadim Kobeissi, Windows 8 is configured by default (using a new featured called Windows SmartScreen) to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations." While SmartScreen is enabled by default, it's possible for users to turn it off. Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year. (Not that it exculpates this behavior.)
This discussion has been archived. No new comments can be posted.

Windows 8 Tells Microsoft About Everything You Install

Comments Filter:
  • by erikwestlund (1003368) on Friday August 24, 2012 @11:42AM (#41110393) Homepage

    At the rate Microsoft is going, they might as well add a "Windows 8 opt-out feature."

    • by Anonymous Coward on Friday August 24, 2012 @11:44AM (#41110429)

      At the rate Microsoft is going, they might as well add a "Windows 8 opt-out feature."

      I know this is a joke, but yes, they do, It's called "downgrade rights"

      • by Anonymous Coward on Friday August 24, 2012 @12:11PM (#41110877)

        "The Unofficial Windows 8 Developer FAQ

        Today, I’m going to attempt to dos something Microsoft staff should have done long ago or didn’t do correctly or simply were held back from doing so. I’m going to release the Unofficial FAQ on “What Just happened” in Microsoft for developer(s) worldwide."

        http://www.riagenic.com/archives/960?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MsMossyblog+(MS+MossyBlog) [riagenic.com]

      • Re: (Score:3, Funny)

        by cashman73 (855518)

        At the rate Microsoft is going, they might as well add a "Windows 8 opt-out feature."

        I know this is a joke, but yes, they do, It's called "downgrade rights"

        I thought it was called, "Mountain Lion".

        • by Teun (17872) on Friday August 24, 2012 @12:43PM (#41111413) Homepage
          Freedom Respectfully disagrees [kde.org]
      • by cpu6502 (1960974)

        >>> It's called "downgrade rights"

        Please tell me more. I have a Windows 7 PC but suppose it dies five years from now, and I need a replacement. I goto staples, but a Win8 PC, and then what? How do I downgrade it to Windows 7? It isn't on stores shelves anymore (and frankly I don't want to pay for Windows twice... once for 8 and again for 7).

        Please educate me and everybody else.
        thx

        • by Anonymous Coward on Friday August 24, 2012 @12:46PM (#41111457)

          Linux will be ready for the desktop in 5 years time.

          • by rrohbeck (944847) on Friday August 24, 2012 @01:16PM (#41111897)

            I hope so, but it's ready today and has been so for at least two or three years.

          • I know this is meant as a joke, but the reality is that Linux truly is ready for the desktop right this second.

            1. Xorg.conf nightmares ended years ago.
            2. A fresh Windows install means a lot of your hardware doesn't work and you have to hunt for drivers from third party websites. This is particularly fun if it is your wireless network card that isn't working. For the most part, hardware "just works" in Linux these days.
            3. Out of the box on a Linux install, you likely have most of the apps you already need. If you don't, then installing and managing your software is a breeze.
            4. Even as people praise Windows 7, it did retain a lot of usability regressions from Vista. It is somewhat a matter of opinion, but I'd contend that KDE is the most usable desktop out there currently. If you disagree, you can run Unity, Gnome 3, or whatever you want in Linux. You're not bound to one UI you don't like (such as the new Metro UI in Windows 8).
            5. Linux can pass the Grandma test. People often suggest you have to re-learn a new OS. I'd contend that it is easier to give Grandma a KDE desktop than a Windows 8 PC. I converted my 60 year old mother to openSUSE and KDE. She was reticent at first, but came to really like it.
            6. Linux is secure. You don't have to worry about viruses, spyware, etc. You spend your time using your computer as opposed to fixing your computer.
            7. Have a Windows app you can't leave behind? There is a decent chance it runs in Wine. And since we have shifted more to web-based apps, desktop apps are less important today than they were 10 years ago.

            No OS or desktop is perfect, but if you did an objective comparison today of what is the easiest and best OS to run on your desktop/laptop for most people today, I truly believe Linux would come out on top.

            • A fresh Windows install means a lot of your hardware doesn't work and you have to hunt for drivers from third party websites. This is particularly fun if it is your wireless network card that isn't working. For the most part, hardware "just works" in Linux these days.

              You seem to be comparing XP to Linux here. For Win7, chances are very good that your hardware will just work out of the box. If it doesn't, it'll use Windows Update to automatically find and download drivers, so the only thing that needs to be working out of the box is networking - and I've yet to see a Win7 install where that wasn't the case.

            • by Guy Harris (3803)

              I know this is meant as a joke, but the reality is that Linux truly is ready for the desktop right this second.

              ...

              6. Linux is secure. You don't have to worry about viruses, spyware, etc. You spend your time using your computer as opposed to fixing your computer.

              Better hope Linux isn't too desktop-ready then, so that it doesn't get a big enough market share to get the same big "pwn me" target on its back that OS X is getting....

              (And if you're going to argue that it's inherently secure, and will never get viruses, spyware, etc., better make sure you didn't miss something. Remember, in this context, "Linux" really means "a desktop Linux distribution", and includes not only the kernel but a ton of libraries and applications. Do you trust the desktop environments tha

            • A) There is no standard IDE and the SDK is nonexistent -- App developers generally don't feel welcome or like they can easily 'get their legs'.

              B) 'Developer' support sites are overwhelmingly oriented to system coders, and these sites pretend that all coders are the same.

              C) The GUI environment fluctuates greatly from distro to distro, and within each distro, and every 18-24 months.

              C1) The chaotic state of GUIs prevents the user experience from 'gelling', making the systems feel disjointed and even unidentifi

          • by drooling-dog (189103) on Friday August 24, 2012 @01:35PM (#41112141)

            Oh, please. I've been using Linux "on the desktop" for years, and I can tell you I wouldn't go back to Windows if it were just as free (as in beer). The subject of this article is only one more in a long series of reasons why.

            These "not ready for the desktop" commentaries pop up on queue with almost every mention of Linux. They remind me of the manufactured doubt that the fossil fuel industry spews to convince the ignorant and gullible that they should cling forever to their traditional energy sources. And why not, there are billions of dollars at stake there, too.

            Linux didn't come with your computer and it's not advertised on the tee vee, so I have no doubt that you'd cling to what you're running even if it punched you in the face and pissed on your shirt every time you boot up. Which is pretty much what it's coming to...

        • >>> It's called "downgrade rights"

          Please tell me more. I have a Windows 7 PC but suppose it dies five years from now, and I need a replacement. I goto staples, but a Win8 PC, and then what? How do I downgrade it to Windows 7? It isn't on stores shelves anymore (and frankly I don't want to pay for Windows twice... once for 8 and again for 7).

          Please educate me and everybody else.
          thx

          You should have a license key for Win7 and install media; use that to reinstall it in 5 years.

          At worst, you may have to burn a copy of the install DVD if you don't already have one. I had to do this with my Inspiron laptop, it has a key, but Dell didn't ship media but they include a method to burn it from a "recovery" partition.

        • by SScorpio (595836)

          At the rate of releases Windows 9 should be out then. It should fix the annoying things about Windows 8, while improving on the useful features. Just like Windows 7 was to Vista.

    • by Anonymous Coward on Friday August 24, 2012 @11:51AM (#41110555)

      Does Windows 8 have an opt-out feature?

      Yes [ubuntu.com], they [linuxmint.com] do [fedoraproject.org].

    • Yes, when you configure your privacy settings on first run you can turn it off.
    • by macbeth66 (204889) on Friday August 24, 2012 @12:22PM (#41111085)

      Heh

      My 77 year old mother has one on her laptop. Its called Ubuntu. She is still trying to say it right.

      And to think I was a little nervouse when she got internet access and started sending me puppy emails. Now she just complains about having to do a sudo and type in her password way too often.

    • by Anonymous Coward on Friday August 24, 2012 @12:29PM (#41111205)

      I'm extremely tempted to write a program called "Fuck you Microsoft, you worthless sacks of shit", which installs itself only long enough to send Microsoft the notification that this program was installed, before formatting the hard drive.

      Or maybe I should just make a program that essentially installs with that name, displays some text saying 'notification to Microsoft sent', then uninstalls itself. The user can install this as many times as they want to tell Microsoft they're worthless sacks of shit.

  • by Anonymous Coward on Friday August 24, 2012 @11:48AM (#41110505)

    Look, I'm just a regular user, albeit more technically capable than the vast majority, but not a developer, sys admin, etc., and it's starting to look more and more like it's time to consider making the move to Linux.

    This private company invasiveness seems to be growing in parallel with government invasiveness, and I'm not happy about either, but at least I can choose one, for now.

    • by LVSlushdat (854194) on Friday August 24, 2012 @12:29PM (#41111215)

      yup.. been that time for me for quite a while. Not only am I running Linux on all my machines, but have moved quite a few neighbors/friends over to Ubuntu from XP. In a few cases, the migration was sorta forced, in that machines were malware'ed up wazoo, and the owners of the systems did not have the recovery disks for a clean install. I showed them Ubuntu via LiveCD on their systems and asked them, could you live with that? Of course, my liveCD was a mashup with Gnome2 configured to look very close to XP. In all cases, the answer was "SURE!!"... Several of these users were always calling with problems when they were still on XP, but since going to Ubuntu, I get much less calls and absolutely NONE regarding malware.. One of the users is/was one of these people who clicked on EVERYTHING.. Told him numerous times, DON'T DO THAT.. but went in one ear/out the other. Because of this, he was always calling and saying "My machine is really slow..".. I'd tell him quit clicking on everything, and make a visit and clean what I could off the machine. After Ubuntu? no calls...

  • by Kenja (541830) on Friday August 24, 2012 @11:48AM (#41110507)
    If you are going to blame Microsoft for what third party software does on your computer, then you can't also blame them when they start to track and address such problems. With things like EAs Origin, Steam, etc, what you do on your computer is no longer just your business. At least Microsoft lets you turn it off.
  • Don't use IE (Score:3, Informative)

    by mshenrick (1874438) on Friday August 24, 2012 @11:49AM (#41110533) Homepage

    It seems from the MSDN link this can be avoided by simply not using Internet Explorer, as if you needed another reason not to

  • by Dyinobal (1427207) on Friday August 24, 2012 @11:50AM (#41110543)

    Dear Microsoft, don't try to be apple, we already have apple and you'd just be playing catch up and alienating your current customer base to try and get a customer base that already despises you more than your current one.

  • by macbeth66 (204889) on Friday August 24, 2012 @11:51AM (#41110563)

    ... to build an app that fakes the install of programs? In other words, overwhelm MS with hundreds of false install notices to them. As certain programs become 'of interest' to certain parties, we add that program to the list. Eventually, the information would become useless and would be abandoned.

    Or am I missing something?

  • Wait... (Score:2, Insightful)

    by Ryanrule (1657199)

    How do you people thing virus scanners work?

  • Poor comparison (Score:5, Insightful)

    by wvmarle (1070040) on Friday August 24, 2012 @11:53AM (#41110579)

    Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year. (Not that it exculpates this behavior.)

    Can't compare this. If I download something from the Play Store, I know Google knows I install that app. After all I have to log in using my Google account, and use their app to download from their store. Afaik they do not know what I install from third-party sources, like alternative app stores. Nor do they have any right knowing that.

    Apparently MS monitors what you install from third-party sources. Without telling you, and without asking explicit permission. That's simply evil. They have no business knowing what I install from third-party sources. The fact that this data is stored in some foreign country (the US is a foreign country to me, and some 95% of the world's overall population) with notoriously poor privacy protection only helps making it a lot worse.

  • by SuperKendall (25149) on Friday August 24, 2012 @11:53AM (#41110581)

    Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year.

    Come on. This is just excuse-making - sure in any given app store the store owner knows what you downloaded - by definition they had to for you to download it!

    But here aren't we talking about a more general notion that ANY application installed from anywhere is known by Microsoft? When you use the Amazon app store on Android, does Google know what you have? When I use Cydia on a iPhone, Apple doesn't know what applications I install from there... on the Mac I can use the app store but if I get applications from elsewhere Apple doesn't know about those either.

    Just because App Stores exist does not give Microsoft the right to track every app installed.

  • by 0racle (667029) on Friday August 24, 2012 @11:55AM (#41110603)
    App stores will know everything you download from them for the same reason any other retailer would, you bought it there so there is a transaction record. This is tracking and sending to Microsoft information about EVERY application you download outside of their eventual marketplace. Apple doesn't know that I downloaded Handbreak from their site but with this Microsoft would, or to put it in a way that could cause an issue, Apple doesn't know that I downloaded LOIC, but Microsoft would. That is why it becomes an issue over and above something like the Mac App Store.
    • There aren't several thousand app stores for windows 8, while there are several thousand retailers. Also, I can just pay cash and there's no record of who made the transaction at a retailer. Finally, freeware doesn't got through a retailer.

  • Opt-in vs opt-out (Score:4, Interesting)

    by bmo (77928) on Friday August 24, 2012 @11:55AM (#41110615)

    "While SmartScreen is enabled by default, it's possible for users to turn it off."

    And this is what's wrong with this setup. Debian has popcon, which is a survey of what you use and how often you use it, and you can participate by having a cronjob send off the file.

    http://popcon.debian.org/README [debian.org]

    But it's not a privacy concern because it's opt-in.

    If this equivalent of popcon on 8 was opt-in, this thread wouldn't be here.

    --
    BMO

    • opt-in vs opt-out is really a huge difference.
      Also, Debian's popcon has a different goal, to improve which packages are included in the installation CDs, etc. They're politely asking you to contribute information in exchange for a free product/service.

    • But it's not a privacy concern because it's opt-in.

      No, the privacy concern TFA raises is two-fold:

      1) Microsoft is centralizing the data collection and Governments could subpoena them for information about an individual.
      2) A malicious individual could intercept the data as its transferred and decrypt it.

      These are two very big problems for someone concerned about privacy. But that it's an opt-out feature means that it actually has a chance to protect the people who need this kind of protection most. The fact that you can turn if off on install means t

      • by bmo (77928)

        >1) Microsoft is centralizing the data collection and Governments could subpoena them for information about an individual.
        >2) A malicious individual could intercept the data as its transferred and decrypt it.

        So how is that any different than Debian's popcon? Hint: it isn't.

        You're wrong. The actual problem is that it's opt-out. And most people just don't even know the option to turn it off is even there.

        --
        BMO

  • by The MAZZTer (911996) <megazzt@@@gmail...com> on Friday August 24, 2012 @11:57AM (#41110647) Homepage

    IE has done something similar for a while now with every program you download. MS is just moving it from IE to Windows so that users of ALL browsers get the same technology. To be fair I don't know if IE sends the same data that Windows does.

    Regardless you can turn this off along with the other privacy-imparing features in Windows during the first run setup.

  • by Galaga88 (148206) on Friday August 24, 2012 @11:57AM (#41110657)

    There's no indication that Microsoft themselves keeps track of which individuals downloaded/installed which programs.

    The issue this article seems to propose is that somebody could sniff the network traffic between yourself and Microsoft to grab the SmartScreen data and see what you'd installed when Windows contacts MS to see if the file is marked as safe/unsafe/unknown.

    If they're in a position to do that, wouldn't they theoretically be in a position to have potentially snooped on the download of the software which is triggering the SmartScreen traffic? (Depending of course, on where in the network their sniffer is at.)

    The only valid complaint seems to be that Microsoft is using a known-insecure version of SSL for the website all this data is sent to. If they fix that, I'm not sure what reasonable issue would be there.

    I would argue that for the average user, SmartScreen is a useful feature and having it turned on by default (assuming MS is tracking individual user downloads of software for some nefarious purpose) is a good thing.

    • by Galaga88 (148206)

      That should be "assuming MS is not tracking individual"... Way to use the preview there, self.

    • by wiedzmin (1269816)

      Someone mod parent informative please. The only thing I could add, is we should probably wait and see what this will look like when it's actually released, but yeah, all excellent point.

    • by N0Man74 (1620447)

      I have to agree. I don't really like this on principal, but I don't think Microsoft is doing this to intrude on your privacy. I think they are motivated by trying to improve the quality of their own products.

      Face it, many of the criticisms that Microsoft and their products receive are really rooted in software (or malware) that comes from sources outside of themselves. It might be overstepping, and should not be opted in by default, but I don't think there are any diabolical intentions here.

      I may be critica

  • Cell phones and the like have been doing this for years. I may be wrong but I'm fairly certain Mac OS tells Apple about anything installed through the app store at a minimum. Frankly Microsoft will aggregate this information and use it to find out what causes thinks like crashes and system instability as well as malware and the like. For those kinds of uses I don't see a problem.

    Potential abuses come in terms of using it for marketing purposes and if it can be subponead or requested by law enforcement and u

  • by Anonymous Coward on Friday August 24, 2012 @12:04PM (#41110751)

    Um, check the date on that blog post. March 22nd, 2011.

    This was a feature added, by default, to Internet Explorer 9.0. It is a part of the browser. If you are running Windows 7 and have updated to Internet Explorer 9.0 then it is already doing this. All Windows 8 does is have Internet Explorer 10 installed by default.

    Olds for nerds?

    • by VGPowerlord (621254) on Friday August 24, 2012 @12:26PM (#41111149) Homepage

      Um, check the date on that blog post. March 22nd, 2011.

      This was a feature added, by default, to Internet Explorer 9.0. It is a part of the browser. If you are running Windows 7 and have updated to Internet Explorer 9.0 then it is already doing this. All Windows 8 does is have Internet Explorer 10 installed by default.

      Yes, this article [msdn.com] is the one they should have linked to.

      Scroll down to the part labeled "Microsoft SmartScreen for Internet Explorer and now for Windows too."

  • I'd like to point out that this is the first story in recent memory that points out the problem for US users directly. While having a company monitor your activity is certainly non-optimal, the bigger problem comes in light of recent US cases involving subpena by the US government. How a company will use one's information can be argued. We have direct, documented proof of how the US government has been using this information.
  • by budcub (92165) on Friday August 24, 2012 @12:22PM (#41111083) Homepage

    Does anyone remember the controversy (one of many) about Windows 95 when it would do the same thing? When you went to register it, it would supposedly tell Microsoft what programs you had installed. When I got my Win95 machine in December 1995 I watched carefully to see what it did. The phoning home and telling them what you had installed was voluntary, and the only program that Win95 could accurately detect was MS Office 95. It couldn't detect any of the DOS games I had installed, nor did it seem to recognize the 3rd party email apps, etc I had installed.

  • by ricky-road-flats (770129) on Friday August 24, 2012 @12:31PM (#41111233)
    The "Windows SmartScreen" referenced in TFA is nothing of the sort.

    This is an IE9 feature, which would not be a huge surprise to find is still there in IE10. TFS links to an 18-month-old article talking about it in IE9. Not Windows 8. There is nothing to back up the wording used in TFS or TFA. It's a good feature I have enabled on my parent's machines for their protection, as it's one more layer against malware downloads.

    The ONLY things this feature touches is executables which are downloaded from the Internet using IE. Install from a DVD? Download using Chrome/Firefox? USB drive? Copied from another disk? Compiled yourself? None of those things gets "sent to Microsoft".

    Just someone (successfully) using a combination of inflammatory wording and gullible/lazy /. editors to generate traffic to their blog.
  • by jbb999 (758019) on Friday August 24, 2012 @12:53PM (#41111563)

    It's a feature where where you download random programs from the internet and install them, windows checks if it's known malware.
    That actually seems a useful feature, one I wish my parents had on their machine!

Your fault -- core dumped

Working...