Canadian security researcher Nadim Kobeissi detailed some potential privacy concerns with Microsoft's SmartScreen technology in Windows 8 recently. Designed to prevent users from downloading and installing malicious software, the technology sends data to Microsoft about each application that is installed in Windows 8. Kobeissi described the process as a "very serious privacy problem," questioning Microsoft's collection and retention policies and warning that hackers might be able to intercept communications between a Windows 8 client and Microsoft's SmartScreen servers using insecurities in the SSLv2 protocol.
"We can confirm that we are not building a historical database of program and user IP data."
"We can confirm that we are not building a historical database of program and user IP data," says a Microsoft spokesperson. "Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs. As our privacy statements indicate, we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties."
Responding to claims over SSL security and the data interception risk posted by the SSLv2 protocol, Microsoft says Windows 8 does not use this protocol with the service by default. "Windows SmartScreen does not use the SSL2.0 protocol," says a spokesperson. Microsoft's clarifications make the privacy concerns seem less than a "serious privacy concern," but if you're not happy with the SmartScreen service sending app data to the company you can disable the option during setup or afterwards in the Windows 8 settings.