dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
15

howardfine
join:2002-08-09
Saint Louis, MO

howardfine to markofmayhem

Member

to markofmayhem

Re: Windows8 tells Microsoft everything you install

said by markofmayhem:

said by howardfine:

blah blah blah...

You completely misinterpreted the intention of my post, the factual data you paraphrased as well as the article's intention to hype known HTTPS short-comings should be communicated alongside the privacy concern of data collection and retention without specific authorization.

I believe he does just that in the article I link to. What you link to essentially says "No, Microsoft would never do that." As if Microsoft is to be trusted to do nothing with what they are collecting for some reason.

The point is, what you download/install and your IP are sent to Microsoft and collected/stored insecurely.

markofmayhem
Why not now?
Premium Member
join:2004-04-08
Pittsburgh, PA

markofmayhem

Premium Member

said by howardfine:

said by markofmayhem:

said by howardfine:

blah blah blah...

You completely misinterpreted the intention of my post, the factual data you paraphrased as well as the article's intention to hype known HTTPS short-comings should be communicated alongside the privacy concern of data collection and retention without specific authorization.

I believe he does just that in the article I link to. What you link to essentially says "No, Microsoft would never do that." As if Microsoft is to be trusted to do nothing with what they are collecting for some reason.

The point is, what you download/install and your IP are sent to Microsoft and collected/stored insecurely.

There is no evidence that IP's are captured or stored. The only sent information is file name and SHA256 checksum of the installation file itself.

There is no evidence the data is collected/stored insecurely (Socket Layer's don't protect stores, it is similar to saying that carbon fiber is stronger than iron, so do NOT take your kids to the zoo because the lions will eat them).

The privacy concern is that the file name and hash is sent to Microsoft in any program you install on Windows 8. That's it. The rest is FUD and technical naivety over servers, clients, and how the internet communicates between them; greatly misunderstood by Nadim Kobeissi and those paraphrasing him to further exaggerate.

Woody79_00
I run Linux am I still a PC?
Premium Member
join:2004-07-08
united state

Woody79_00

Premium Member

»www.withinwindows.com/20 ··· n-scare/

just by taking a quick glance at the file above, These fields stand out to me:

ID 0F98AD9C-D498-42B3-B421-E6C97A8E61E7
GB68802CA-B396-4773-8FD9-EEECA4DE65D9
LZW4tVVM=
OS6.2.9200.0.0
IOS4xMC45MjAwLjE2Mzg0
C10.00.9200.16384


Now a few of those fields look like "hardware hashes" to me. (Incase you don't know, Windows takes hashes of your motherboard, hard drive, etc when installing and activating Windows)

So if those are indeed hardware hashes (i figure they are) then that means Microsoft can identify the hardware of the computer that installed the app which means the computer itself can be identified. This means the owner of the PC can be uniquely identified because they have the ID's of the hardware and can match them to the Windows Activation Database.

Yup i doubt i'll be getting Windows 8 at home, and i will be purchasing a bunch of Windows 7 licenses before Windows 8 releases because i'll just take a pass on this one. If folks want to buy/use this please by all means go for it. I just choose not too. I will wait for Win 9

digitalfutur
Sees More Than Shown
Premium Member
join:2000-07-15
GTA

digitalfutur

Premium Member

Even if the owner is "unique", it's no more personal now than it was before; but I know that won't stop you from believing it is, as a reason not to get Windows 8.

markofmayhem
Why not now?
Premium Member
join:2004-04-08
Pittsburgh, PA

markofmayhem to Woody79_00

Premium Member

to Woody79_00
said by Woody79_00:

»www.withinwindows.com/20 ··· n-scare/

just by taking a quick glance at the file above, These fields stand out to me:

ID 0F98AD9C-D498-42B3-B421-E6C97A8E61E7
GB68802CA-B396-4773-8FD9-EEECA4DE65D9
LZW4tVVM=
OS6.2.9200.0.0
IOS4xMC45MjAwLjE2Mzg0
C10.00.9200.16384


Now a few of those fields look like "hardware hashes" to me. (Incase you don't know, Windows takes hashes of your motherboard, hard drive, etc when installing and activating Windows)

So if those are indeed hardware hashes (i figure they are) then that means Microsoft can identify the hardware of the computer that installed the app which means the computer itself can be identified. This means the owner of the PC can be uniquely identified because they have the ID's of the hardware and can match them to the Windows Activation Database.

Yup i doubt i'll be getting Windows 8 at home, and i will be purchasing a bunch of Windows 7 licenses before Windows 8 releases because i'll just take a pass on this one. If folks want to buy/use this please by all means go for it. I just choose not too. I will wait for Win 9

Using Base64 decoder and common sense:

ID and G are public CA keys, way too small for "hardware hashes"
L is locale (this decodes to "en-US" for Base64)
OS is the OS version
I and C are versions of installer and C, D, etc. are secondary versions (I in Base64 decodes to "9.10.9200.16384"

»gist.github.com/3448961

Here's a request and response. The more information the installer has attached to it, the more is sent in the request. You will notice that "ID" is missing here. The request is to get the response. Notice the "Rep", Y and "Rep level", 100, in the response. Nefarious things may be done with the data sent, but the goal is to get the reputation and malware "index" of the installer, not collect information. Though, we know information will be collected, which brings us back to the privacy concerns.

howardfine
join:2002-08-09
Saint Louis, MO

howardfine to markofmayhem

Member

to markofmayhem
said by markofmayhem:

There is no evidence that IP's are captured or stored.

Yet the IP can be known and associated with what you install. One of the points of the article. It CAN be done.
quote:
There is no evidence the data is collected/stored insecurely
So Microsoft is being sent the data for what reason? Only to discard it?
quote:
The privacy concern is that the file name and hash is sent to Microsoft in any program you install on Windows 8. That's it.

And that's the whole point. Why are you fighting it?

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ

Premium Member

said by howardfine:

quote:
There is no evidence the data is collected/stored insecurely
So Microsoft is being sent the data for what reason? Only to discard it?

The data is being sent to check against a list of known bad software, which is then used to send back a "uh, did you mean to install this spyware" prompt, ONLY if the option is enabled.

If you don't like it, turn off the feature. Problem solved.

Hey, did you know Google knows EVERY APP you install on your android phone? And Apple knows EVERY APP you install on your iOS phone, and EVERY APP you install on you Mac through the App store?

Sheesh.

markofmayhem
Why not now?
Premium Member
join:2004-04-08
Pittsburgh, PA

markofmayhem to howardfine

Premium Member

to howardfine
said by howardfine:

said by markofmayhem:

There is no evidence that IP's are captured or stored.

Yet the IP can be known and associated with what you install. One of the points of the article. It CAN be done.
quote:
There is no evidence the data is collected/stored insecurely
So Microsoft is being sent the data for what reason? Only to discard it?
quote:
The privacy concern is that the file name and hash is sent to Microsoft in any program you install on Windows 8. That's it.

And that's the whole point. Why are you fighting it?

I'm not fighting the privacy concern, just the cow feces surrounding it with misinformation, naivity, lies, and exaggerations. The IP can be recorded on every external call, if this is of concern, the internet should not be something you use.

What is the intent? The response!

»gist.github.com/3448961

Sent:
<RepLookup v="4">
  <G>7A7E08C8-3FF5-45F2-873D-A84D669DC82F</G>
  <O>DC54AF8F-4219-4BDD-9EFA-DE9C6E10A34C</O>
  <D>10.0.8110.6</D>
  <C>10.00.9200.16384</C>
  <OS>6.2.9200.0.0</OS>
  <I>9.10.9200.16384</I>
  <L>en-US</L>  <RU>aHR0cDovL3d3dy5kcml2ZXNuYXBzaG90LmRlL2VuL2lkb3duLmh0bQ==</RU>
  <RI>0.0.0.0</RI>
  <R>
    <Rq>
      <URL>aHR0cDovL3d3dy5kcml2ZXNuYXBzaG90LmRlL2Rvd25sb2FkL3NuYXBzaG90LmV4ZQ==</URL>
      <O>PRE</O>
      <T>DOWNLOAD</T>
      <HIP>0.0.0.0</HIP>
    </Rq>
  </R>
  <WA/>
</RepLookup>
 

Response:
RepLookupResponse>
  <RepLookupResult>
    <Rs>
      <M>www.drivesnapshot.de/download/snapshot.exe</M>
      <C>UNKN:100:1:1</C>
      <R>1:1</R>
      <L>10080</L>
      <S>0</S>
    </Rs>
  </RepLookupResult>
  <Y>100</Y>
  <T>DC54AF8F-4219-4BDD-9EFA-DE9C6E10A34C</T>
  <E>0</E>
</RepLookupResponse>
 

Knowledge helps determine level of concern. The response is a reputation level to help fight installation of malware/virus. Many would not mind sending the hash and name of the installation file for this response, others would. Without knowing the what, whom, and how of SmartScreen's collection, it is absolutely useless information to make an informed decision to use it or not, as the option exists.