Microsoft’s SmartScreen Technology is meant to protect users from downloading and installing malicious software. But, as per the researcher, it sends data to Microsoft about each and every application that the user has installed on his system. According to the researcher Windows 8, in its default configuration, sends download and installation information back to Microsoft – which is a “big problem.”
“This is a very serious privacy problem.” he wrote on this site.
Kobeissi believes that a hacker may intercept SSLv2 based communications between SmartScreen and Microsoft servers by exploiting the SSL protocol thus gaining a great deal of information in terms of software being used by a target.
If this feature is turned off, Windows 8 prompts the user to turn it back on through the Security Center application. The Windows 8 setup does ask users if they want to turn off the SmartScreen but, without actually informing them of the privacy implications if in case they chose not to.
“This puts Microsoft in a compromising, omniscient situation where they are capable of retaining information on the application usage of all Windows 8 users, thus posing a serious privacy concern.” he added.