Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Microsoft Privacy Windows Your Rights Online

Microsoft Denies Windows 8 App Spying Via SmartScreen 198

Posted by timothy from the wall-of-separation dept.
An anonymous reader writes "Microsoft has denied Windows 8 SmartScreen is spying after research by Nadim Kobeissi indicated otherwise." Whether it's "spying" or not, Microsoft is collecting certain information with SmartScreen — the key is what's done with it: The article quotes a Microsoft spokesperson: "We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties."
This discussion has been archived. No new comments can be posted.

Microsoft Denies Windows 8 App Spying Via SmartScreen More

Microsoft Denies Windows 8 App Spying Via SmartScreen

Comments Filter:

  • Is it possible to downmod an entire submission? (Score:3, Interesting)

    by 93 Escort Wagon ( 326346 ) on Saturday August 25, 2012 @07:44PM (#41125751)

    Because this particular story needs to be marked "-1, Flamebait".

  • Its My IP Microsoft, I'll send ya a bill! (Score:0, Interesting)

    by Anonymous Coward on Saturday August 25, 2012 @07:49PM (#41125773)

    I charge $10,000 USD for a 1 year subscription to my metrics. Where shall I send the bill?

  • Re:Disable it! (Score:5, Interesting)

    by Shining Celebi ( 853093 ) on Saturday August 25, 2012 @08:12PM (#41125879) Homepage

    Just read the Ars Technica article. [arstechnica.com] The Slashdot headline is ridiculously slanted, as was the previous story.

    While I disagree with it in principle - I'd rather it be local, like how Firefox uses a local version of the bad-sites list, this is not in any way unusual or awful behavior, and it's mostly a good idea, and Microsoft has been completely open about how and why they're doing this and giving you an easy way to turn it off. It is not some privacy invading nightmare. Microsoft is not keeping track of what programs you download (unless, obviously, you get them through the Microsoft store.)

    Slashdot stories are becoming more and more ridiculous. The summaries are never even worth reading anymore.

  • Re:Disable it! (Score:4, Interesting)

    by Ol Olsoc ( 1175323 ) on Saturday August 25, 2012 @08:54PM (#41126123)

    The check box appears on first account setup, so any use buying a new PC will see it too.

    The choice should be Opt-in, rather than Opt-out. This is just like their old "everything is enabled" features. It's not hard to have a screen pop up asking you if you want this info reported to Microsoft. Then you say "Yes or no. Then if you are okay, click on that yes, if not, nothing happens.

  • Re:Disable it! (Score:5, Interesting)

    by rtfa-troll ( 1340807 ) on Sunday August 26, 2012 @02:42AM (#41127663)

    There are a whole load of "suddenly technically knowlagable" people dissembling here (I'd hate to say shills; but somewhere someone is feeding in disinformation).

    • the application sends checksums to Microsoft
    • those checksums correspond one to one to applications
    • Microsoft will normally know which application is which
    • that information will be discoverable by the Police / authorities etc.
    • the application is no by default and does not ensure the user knows how it functions.

    Now let's have a look at some of the language being used in the Ars Technica article.

    This would allow the company to make some estimates of which IP addresses were running which software.

    "some estimates" implies that there wold be uncertainty; that Microsoft wouldn't be able to say 100% that you were using a piece of software. Maybe it is Tor; maybe it's actually Tornado the game. The implication is a humal level of uncertainty which just doesn't apply.

    "which IP addresses" implies that Microsoft would not know who you are. This shows an even greater level of deception. It's even trying to imply that your information may not be linked, if, for example, you change IP addresses. Microsoft has your software registration. Microsoft knows about your usage of Bing. Microsoft has your passport account. If any company other than Google can link your IP address to a particular person; that company is Microsoft.

    Compared to this Ars Technica article, Slashdot is a haven of technical superiority and higher journalistic ethics and integrity. Maybe Anonymous Coward could set up a journalism course for the guys at Ars Technica.

    Finally let's look at Microsoft's statement in the article (N.B. we don't get told what question this is an answer to; note that it might potentially be Microsoft answering to a question about their web sites in which case Ars Technica is again doing the deception; let's take it at face value however).

    We can confirm that we are not building a historical database of program and user IP data. Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs.

    The entire point of this service is to build up a "historical" database of executables. It works by identifying those downloads which are known and safe by how often they are downloaded and builds up a "reputation". Ars Technica describes this as "anonymised" without going into details. If you think that they don't at least have the IP network address then I have a bridge to sell you. Let me explain a simple exploit for you: before releasing your malware, repeatedly download it on each of your computers Microsoft will sign it as as having a good reputation. Microsoft's only possible defence against this is to ensure that it knows, at least to some level, which IP addresses used which software.

Slashdot Top Deals

Math is like love -- a simple idea but it can get complicated. -- R. Drabek

Close