Even though it won’t be released for another month and a half, Microsoft’s (MSFT) upcoming Windows 8 operating system has already found itself at the center of a number of controversies. After being criticized for its Metro interface and lack of a Start button, Microsoft is now facing its most troubling accusation yet. According to programmer Nadim Kobeissi, Windows 8 automatically and immediately, through a new feature called SmartScreen, informs Microsoft about every app that is downloaded and installed on the operating system.
UPDATE: Microsoft’s response follows below.
Windows SmartScreen is supposedly meant to protect users from malicious programs by screening applications installed from the Internet and sending the information to Microsoft to ensure its safety. According to Kobeissi, however, “it may be possible to intercept SmartScreen’s communications to Microsoft and thus learn about every single application downloaded and installed by a target.”
The SmartScreen feature is turned on by default and when disabled, Windows will periodically pester users to re-enable it.
“We can confirm that we are not building a historical database of program and user IP data,” a Microsoft spokesperson said. “Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs. As our privacy statements indicate, we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties.”
The company spokesperson added, “With respect to the claims of SSL security and data interception risk posed by the SSL2.0 protocol, by default Windows 8 will not use this protocol with our service. Windows SmartScreen does not use the SSL2.0 protocol”