Windows 8 Tells Microsoft About Everything You Install
August 25th, 2012Via: Nadim Kobeissi:
Windows 8 has a new featured called Windows SmartScreen, which is turned on by default. Windows SmartScreen’s purpose is to “screen” every single application you try to install from the Internet in order to inform you whether it’s safe to proceed with installing it or not. Here’s how SmartScreen works:
You download any application from the Internet. Say, the Tor Browser Bundle.
You open the installer. Windows SmartScreen gathers some identifying information about your application, and sends the data to Microsoft.
If Microsoft replies saying that the application is not signed with a proper certificate, the user gets an error that looks something like this.
There are a few serious problems here. The big problem is that Windows 8 is configured to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations.
This problem can however get even more serious: It may be possible to intercept SmartScreen’s communications to Microsoft and thus learn about every single application downloaded and installed by a target.
