By default, new functionality in Windows 8 called "SmartScreen" tracks apps and programs that users install, sending data to Microsoft. While the feature can be turned off, users may feel that the data monitoring is invasive. 

Follow us

When an app is installed on Windows 8, a warning may pop up, telling users to not run the app if a certificate is not signed, although users can click Run Anyway. This is possibly the first encounter with SmartScreen for less-informed Windows 8 users. Casual users may not know that a filename of the app is also sent to Microsoft along with a hash of the app installer and the user's IP address.  

Microsoft checks software using a three-step process: users download the app or program and open the installer, and then SmartScreen gathers information on the downloaded software and sends it to Microsoft.

Nadim Kobeissi, a hacker, published a blog post revealing the information. In it, he came to the conclusion that Microsoft is tracking users' information. Kobeissi notes that Microsoft enables the feature by default and SmartScreen itself warns users continually to re-enable the feature if disabled. 

Despite the ability to disable SmartScreen, users receive no warning about the functionality when setting up Windows 8. With Windows 8 now released to manufacturing, that is likely to persist for now. Whether Microsoft will clarify the issues and/or makechanges to the software is unknown. 

This may be a worrisome feature for users. If downloads are intercepted, app filenames and potentially personal data could be stolen. Combine that risk with the insecurity of most Wi-Fi connections, and serious issues may arise. The privacy violation is exacerbated "when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations".

The servers sending data to Microsoft support SSLv3 connections, meaning that the security concerns of SSLv2 are gone (a post-published update established this fact in the blog post). Fourteen hours after the blog post went live, the insecure SSLv2 connection references to Microsoft's servers were removed.

Windows 8 launches Oct. 26.

Join Our Conversation

Smartphones

Samsung Galaxy S4, Galaxy Note 8.0 Top Consumer Reports Rankings

Nokia Xpress Now Web App Announced For Asha Devices

Samsung Galaxy S4 'Google Edition' Will Be Available In U.S. Only?

Sony Xperia UL Reaches Japan With New Camera Features

Tablet / Laptop / PC

Samsung Galaxy S4, Galaxy Note 8.0 Top Consumer Reports Rankings

Samsung Galaxy Tab 3 8-Inch Specs, Photo Leak Online

Asus 1015E Ubuntu Notebook To Launch Soon With $215 Price Tag

New MacBook Air To Debut In June With Intel's New Haswell Processor?

Gadgets

Ouya Will Be At E3 2013, But Not Where You Think

Next Microsoft Xbox To Sport Dashboard UI Update And Tile Changes

Google Media Streamer Hits FCC To Replace Nexus Q

Google Glass Raises Lawmakers' Concerns: Congress Demands Answers About Privacy

OS / Software

Samsung Galaxy S4 'Google Edition' Will Be Available In U.S. Only?

Android 5.0 Key Lime Pie Mentioned In Google I/O 2013: Is Google Working On The Firmware Update?

Android 4.2.2 Jelly Bean Update For Samsung Galaxy S3 Leaked

Samsung Galaxy S4 Mega Confirmed By Samsung In WatchOn Change Log?

Internet / Social Media

AT&T Promises Cellular Video Calls, Mobile Video Chat For All Customers

Flickr Boasts 'Spectacular' Redesign, Offers A Whopping 1TB Of FREE Storage

Download 40 GB In A Second: Researchers Set Up World's Fastest Wi-Fi Network In Germany

YouTube Shoppable Videos - Will Google Hit A New Jackpot?

What's App

Nokia Xpress Now Web App Announced For Asha Devices

Samsung Galaxy S4 App Contest Boasts $800,000 Total Prizes For Talented Devs

Intellicam App Brings First Hands-Free Camera Feature To Windows Phone 8

Seven New Apps Coming To Google Glass: Facebook, Twitter, And Evernote Included