undefined | Better HN

0 pointsnivla12y ago0 comments

>Each time you visting a page, IE sends the URL over to be "checked" by Microsoft.

Huh? Are you talking about hashes being sent for malware check similar to the ones in Chrome or Firefox? If not its a serious privacy issue.

The ones you mentioned about Updates is also true for Chrome updates. [1]

>Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.

Any source on this?

>Microsoft word (and Outlook?) do also collect information.

With Office 365, this is more or less a reality.

>Then we have semi-native application such as massager or skype. Both has messages being "scanned".

Are you talking about URL scanning? So does FB, Gchat etc. Expect your messages to scanned or stored no matter what 3rd party service you use. Always use client-side encryption for secure communication.

The most important one you left out is SkyDrive. I remember installing it on my computer and then signing onto the web interface to find out I could even access files outside of my sync directory. Sure you can turn "off" the feature, but I promptly uninstalled it instead.

I don't trust Microsoft with privacy in the cloud but neither do I with any other 3rd party.

[1]https://www.google.com/intl/en-US/chrome/browser/privacy/

0 comments

belorn12y ago

(Sorry for the length, but its hard not to create very long question->answer replies in situations like this)

> Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates. - Any source on this?

https://windowssecrets.com/top-story/microsoft-updates-windo... (its old yes, and was disputed as a "bug" by Microsoft. At the same time, no security expects has said that Microsoft did fix it. As such, I default to once burned, twice shy.).

>Each time you visting a page, IE sends the URL over to be "checked" by Microsoft. - Huh? Are you talking about hashes being sent for malware check

SmartScreen Filter and Suggested Sites (http://windows.microsoft.com/en-ca/internet-explorer/ie10-wi...). Both can be turned off, and I don't know what is default. My default assumption is that both is on (or checked in wizard) by default.

>Then we have semi-native application such as massager or skype. Both has messages being "scanned". - Are you talking about URL scanning? So does FB, Gchat etc.

The OP talked about native MS apps as being risk free. Just because FB and Gchat also do bad thing, doesn't make someone else applications less risky to use.

marcosdumay12y ago

> Huh? Are you talking about hashes being sent for malware check similar to the ones in Chrome or Firefox? If not its a serious privacy issue.

Hashing the URLs won't give you any privacy, because the set of used URLs is public and relatively small. Also, I'm not aware of Firefox doing that, are you sure about it?

At IE and Chrome, sending that data is optional. It's neither opt-in nor opt-out. The browser makes a question at the first use, and you must select one option. IE's question is a bit biased toward a "opt-in or you'll get phished", but there is no reason to think that wording is malicious - one can even claim it's true.

Besides all that, MS sends all known vunerabilities of it's products to the NSA long before either publishing or fixing them. That's enough to give the NSA administrative priviledges on Windows machines.

CrazedGeek12y ago

To be fair to SkyDrive, it does quite clearly ask you about that during installation. (At least, it did when I installed it recently.)

nivlaOP12y ago

I might have clicked through it. I guess I am still paranoid since you can re-enable it on the web, its not a client controlled setting. Surely someone could take advantage, not just the NSA but even a hacker breaking into your Outlook.

j / k navigate · click thread line to collapse