Windows 8 SmartScreen does not breach privacy

/ 4 years ago

After some digging around in Microsoft’s new OS, Windows 8, a few people came to the conclusion the SmartScreen filter was breaching user privacy by keeping a very close eye on all installed programs and downloaded files. Microsoft has responded to these criticisms.

“Windows SmartScreen Application Reputation is a file-reputation service that helps users make safer decisions about the programs they download and run. In order to deliver file reputation, information about the files is sent to our reputation services,” a Microsoft spokesperson told Softpedia via email.

“This feature has been extremely successful in helping users make better trust decisions and protect their privacy by helping to prevent inadvertent installation of malware. We are committed to protecting users’ privacy while also helping protect them from online threats, Although Windows SmartScreen is part of the Windows 8 Express Settings during the first-run experience and we recommend it be enabled, if users are concerned about sending this data to Microsoft, they can choose to not enable the feature.”

Microsoft’s representative stated explicitly that even though information on installed applications and programs is sent to Microsoft servers, this information is only used to help SmartScreen make a sensible decision. No information is kept to built a database on what users have been downloading and installing.

“Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs. As our privacy statements indicate, we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact or target advertising to our users, and we don’t share it with third parties,” the spokesperson explained.

Another issue with Microsoft’s SmartScreen filter for Windows 8 was that it might use SSL 2.0 as its primary protocol. A protocol known to be vulnerable. Microsoft confirmed that SSL 2.0 will not be used in the SmartScreen.

“With respect to the claims of SSL security and data interception risk posed by the SSL2.0 protocol, by default Windows 8 will not use this protocol with our service. Windows SmartScreen does not support the SSL2.0 protocol.”