Microsoft® Refuses Windows® 8 Spying Data through SmartScreen Filter
Nadim Kobeissi, the security researcher, has warned us of a privacy filter in Windows 8 SmartScreen app earlier this week. Later on August 25, Microsoft has denied his claims. According to Kobeissi, Windows 8 SmartScreen app can see any application user installed and the tech giant is amassing information on its user in a large database. The Windows 8 SmartScreen app is using a protocol is potent to allow third-parties to intercept users’ data. Kobeissi has revealed that Windows 8 SmartScreen app feature was found to give Microsoft data on every attempt of user to install software. He has identified following two privacy issues with the SmartScreen –
- SmartScreen will inform Microsoft about every program a user attempts to download and install on Windows 8.
- Â Communications sent by SmartScreen about a client PC to the Microsoft server can also be exposed to hackers who can grab and exploit information for advertisements.
According to Nadim, the communication is sent via a web server that is found to support insecure SSLv2 connections.
He added that users can disable the SmartScreen filter if they select ‘Customize’ during installation. Users who want to avoid such privacy concerns need to be careful about their options such as ‘Use Internet Explorer SmartScreen Filter to check URLs and downloads with Microsoft’ and ‘Use Windows SmartScreen Filter to check files and apps with Microsoft’ under ‘Help protect your PC from unsafe content, files and websites’.
Microsoft calls Kobeissi is accurate
In response, Microsoft has rebuffed the allegation of data collection via Windows 8 SmartScreen app and claimed that the researcher’s data is inaccurate.
The spokesperson of Microsoft has stated that –
“We can confirm that we are not building a historical database of program and user IP data. Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs. As our privacy statements indicate, we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties.”
Microsoft has further added that it does not use SSLv2.0 connections and Kobeissi has responded to this update stating that Microsoft has changed to SSLv3 protocol. Still concerned over privacy of Windows 8 users, Kobeissi has updated his Tweets saying –
"Dear Microsoft: If you don't want someone to seriously, seriously exploit your SmartScreen security, please contact me right now."
Do you agree with Kobeissi and find this information useful? Write us your comment.