"There are a few serious problems here. The big problem is that Windows 8 is configured to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations."
Windows 8 Tells Microsoft About Everything You Install
(8 posts) (5 voices)-
mikiem2
ModeratorPosted 12 years ago # -
A silly question from a paranoiac with a holey tin foil cap:
Where is the difference to e.g. Steam?
Ever tried to "Add A Non-Steam Game To The Library..." ?
Steam will list all the programmes it can find on all of your connected drives.And what about the AV software? They see everything on your system.
Posted 12 years ago # -
mikiem2
ModeratorPurely FWIW I'm agnostic personally...
Are the shopper loyalty cards [used in the US to track purchasing habits & preferences] bad when it comes to privacy? Certainly. Do I use them? Certainly. :)
Being practical about it, MS added another scheme to Windows 8 intended to make your computing life more secure, or at least that's the gist of the marketing I've read. In theory if you only install software that has their new credentials you'll be OK -- it's something akin to a seal of approval, not that different from apps in Apple's, Google's, & now Windows' stores. And the whole thing works similar to the signed drivers & code [software] that's been around for years. MS has been building up to win8's Smartscreen stuff for a while -- you've seen it if you've downloaded something with ie9, only to be faced with a warning from ie9, once that download's complete, that it might harm your PC/laptop. MS likes to brag about stats on how well it works -- well yeah, if you discourage people from downloading/installing/running software, the amount of installed malware declines, *As Does The Total Amount Of Software Downloaded, Run, &/or Installed*. I've never seen a figure on malware as a percentage of all software downloads in their advertising stats, which would hint how right or wrong I may be.
To me it's like store employees checking the expiration date on all the milk, pulling it if/when it's out of date so no one buys it & gets sick. Only employees don't always do that so a wise shopper checks the date themselves, & even that only increases the odds in your favor, since you've no way of knowing if for example the cooler broke down overnight & everything in it has spoiled. It might be easier to rely on someone else, & things do work out positively that way more often than not, but it's very far from any sort of guarantee. Google's & Apple's app stores have hosted malware, the Windows' store probably will too, at least at some point, & some win8 systems with Smartscreen enabled will get infected with malware -- it's not putting any AV software companies out of biz any time soon.
Now Microsoft has to look at whatever software to determine if it *knows* it or not -- a local database of everything available would put a serious dent in your hardware's available storage space. :) Assuming MS is interested at all in users having a favorable experience with win8, they'll keep a database of what those users are installing, mining it for stats etc., recognizing some apps I suspect whether they've been MS credentialed or not, possibly detecting some exploits earlier on.
Microsoft has gone out of their way for years trying to assure people that data collected is anonymous -- if tying collected data to individual systems didn't concern some people [& governments, & government agencies] they wouldn't bother, since their PR effort alone has probably cost them millions. If the data SmartScreen collects is tied to individual systems or locations, some people [in & out of government] are likely going to be very concerned -- look at what Google's gone through with the data collected by their Camera Cars.
Posted 12 years ago # -
mikiem2
Moderator"http://www.withinwindows.com/2012/08/24/thoughts-on-the-windows-smartscreen-scare/"
"So a tinkerer by the name of Nadim Kobeissi wrote a scare piece today, proclaiming Windows SmartScreen was reporting back information about every application you download and install on your machine. "
http://www.theregister.co.uk/2012/08/25/windows8_smartscreen_spying/
"Lest you think that Kobeissi is some tinfoil-hat type, he is a respected security researcher in his field. Kobeissi, a Canadian of Lebanese extraction, invented the Cryptocat encrypted chat application and is a strong anti-censorship campaigner."
Unfortunately the on-line world tends to be a bit polarized, regardless the subject -- the extremes are the most vocal, shouting the loudest in the most places, while the majority in the middle is, well, though I hate to say or reference the infamous phrase, silent. The article at The Register I linked also included this:
"The thought of Microsoft getting a log of every application stored on a client system predictably got some in the IT community's hackles up. Stories like this elicit fears in some quarters that all the data is fed back to a secret room in Redmond, where it is examined by the FBI, RIAA, or the Rand Corporation, in conjunction with the saucer people, under the supervision of the reverse vampires."
While Thomson, writing for The Register, is more fair to Kobeissi, there's obviously some editorial perspective [opinion] added to his reporting as well. Whenever you get into more personal attacks or critiques, i.e. going after the messenger instead of the message, &/or once you start inflexibly putting people in boxes or categories, i.e. assuming everyone's alike on either side of what *you* feel is the middle, you run the risk of stating a [often less informed] opinion, & at least should leave readers questioning your credibility [the writer's -- not anyone here]. Sometimes an opinion's necessary for simplification & reduced length -- other times it's intellectual laziness &/or getting paid based on Words Per Minute. With Rivera's [withinwindows.com] history you might expect exactly what he wrote -- I've don't recall coming across Thomson so I've no idea there.
Posted 12 years ago # -
mikiem2
Moderator
"Where is the difference to e.g. Steam?Ever tried to "Add A Non-Steam Game To The Library..." ?
Steam will list all the programmes it can find on all of your connected drives.And what about the AV software? They see everything on your system."
Anything on your system can be spyware -- Steam is just more up front about it. :) As for AV software, good point -- because they should be in the biz fighting spyware, it never occurs to most people to think to ask. :o That fear BTW is what led to the original Zone Alarm, making users aware every time anything tried to access the Internet or otherwise phone home. I don't think most people bother with that function nowadays, even though it's standard with a lot of AV apps, but the AV software itself needs on-line access for updates, & it's part of Steam. The only real assurance we have is that it would very negatively impact their biz if it were known that they were spying -- OTOH if some gov said do it or get out of my country, well, how many bastions of freedom & privacy like Google or Rim have already buckled?
"A silly question from a paranoiac with a holey tin foil cap:"
Not a prob... now a real paranoid turns the monitor [without webcam] towards the wall at night, & sadly, from what I've read I'm not at all sure I'm joking. :) That, along with lubricating a disc drive with melted butter are 2 of my favorites.
That said, if it helps at all to understand perspectives in the US, I think [regarding this conversation] people in the US are different than elsewhere in 2 respects... we care much less about our privacy as long as we get something out of the deal, e.g. track my purchases all you want But Only if you give me discounts, & we can be Very aggressively independent, more concerned about being forced to do something than whatever it is we're being forced to do. Oh, and we can also be Very, illogically selective -- one person or company or agency can do something & lots of people get upset, yet someone else does the same or worse & we won't bat an eye(?). Probably the most obvious example would be what most Americans feel is appropriate dress for people whom are overweight, but our selectivity enters into really most everything else too, very often depending on what we think is the popular way to think &/or feel. That's part of the reason in my earlier post I said Rivera wrote what he could be expected to write, because it would be popular with his audience of Windows fans [the fact he received some stuff from Microsoft being another part]. OTOH San Francisco, where Thomson is based, likes to feel much more aligned with European thought & opinion, though the American blend of fascination/ridicule for conspiracy theorists also comes through. [Myself, I'm too much a cold, analytical German technician if you know what I mean, graylox.]
At any rate, long story short & all that, Microsoft by default is collecting some data. What they'll collect in the future, if it will be able to be tied to individuals or their ip address is unknown [what, MS can't change their mind or, well, tell an untruth?]. The CIA has published that they consider it possible to compromise, get into any system &/or network, & their working assumption is that every network has been compromised, even their own. From time to time there are new revelations of how governments have & can access data. Governments agencies, like governments themselves do good, bad, & incompetent stuff, employ good, bad, & incompetent people. If/when it's your data, you have to decide how much any of that matters, & weigh it against anything you might do to limit any effects, now or in the future.
Keep up with, read the news & obviously there are some people/organizations who would love to have as much info as possible on anyone downloading anything in case it's something they feel is illegal. 10 years ago I would have laughed if someone told me the U.S. would sponsor a quasi-invasion in another, friendly country, based on suspicions of illegal downloads... today that's past tense. It used to be you could provide links to anything as long as you didn't possess anything illegal yourself -- again, past tense. If MS has all that data sitting there, what are the odds that some day, some organization won't go to the courts &/or gov & try to get access to it? What are the odds of some court or gov saying that since you're already collecting that, collect this too, & inform us if/when whatever meets this criteria? Several countries are already trying to get ISPs to do just that -- some have succeeded, but where they haven't won the fight yet, is going to Microsoft another route to get the same thing?
I'm Not saying Yes or No -- just asking questions to present a bit of the other side of the argument -- remember I'm agnostic -- make up your own mind. :)
Posted 12 years ago #
Reply
You must log in to post.