Recently, we cited the concerns of security researcher Nadim Kobeissi towards the SmartScreen feature in Windows 8. The feature essentially tells Microsoft about every single app that is to be installed on a Windows 8 machine. Kobeissi said that this may be a violation of a user’s privacy rights. Microsoft has denied the charge now.
Kobeissi cited two main concerns towards the Windows SmartScreen feature. One was that the feature collected app information as well as IP address of the user and sent this data to Microsoft servers. He said that the company can, in turn, hand over such information to governments which can be fairly dangerous in countries with suppressive regimes. The other concern was that the information collected from the user’s machine was not being sent securely to Microsoft servers. And that a hacker can intercept the communications and discover user information on the way.
However, Microsoft has responded to this criticism stating, “We can confirm that we are not building a historical database of program and user IP data. Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs. As our privacy statements indicate, we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties.”
Kobeissi, on the other hand, claims that within hours of his criticism, Microsoft improved the data gathering method by securing it further. Whether or not his criticisms were qualified, it is good of Microsoft to come out in the clear by giving an adequate response.
Source: The Register