[ NNSquad ] Warning re Microsoft "SpyNet" in "Security Essentials" pushing out now

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Warning re Microsoft "SpyNet" in "Security Essentials" pushing out now

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Warning re Microsoft "SpyNet" in "Security Essentials" pushing out now
From: Lauren Weinstein <lauren@vortex.com>
Date: Tue, 2 Nov 2010 13:22:30 -0700

Warning re Microsoft "SpyNet" in "Security Essentials" pushing out now

Microsoft is now in the process of pushing out an optional update -- 
"Security Essentials" -- as a free antivirus protection system
for Windows users (Update KB2267621).

While this appears to be a useful service, I must draw your attention
to a particularly problematic aspect of the Security Essentials
privacy policy:

http://bit.ly/97WB2j  (Microsoft)

Use of Security Essentials *requires* at least a "basic" membership in
"Microsoft SpyNet" (what a name!) that automatically collects various
data from your system and delivers it to Microsoft.

Microsoft asserts that for basic members: "Information that identifies
you personally (personally identification [sic] information or PII) is
*generally* not included in the information sent." [my emphasis]

However, elsewhere in the document, MS notes that for basic members or 
higher level members:

  "Microsoft SpyNet reports include information about the files or
   programs in question, such as file names, cryptographic hash, vendor,
   size, and date stamps. In addition, Microsoft SpyNet might collect
   *full URLs to indicate the origin of the file, which might occasionally
   contain personal information such as search terms or data entered in
   forms*." [again, my emphasis]

In particular, the transmission of full URLs (and possibly associated
form data) seems potentially very problematic, given the range of
personal, corporate, or other data that could be included in such
reports sent to Microsoft.

I would urge potential users of Security Essentials to carefully consider
whether they are comfortable with this arrangement, prior to any decision
to install Security Essentials.

--Lauren--
Lauren Weinstein (lauren@vortex.com)
http://www.vortex.com/lauren
Tel: +1 (818) 225-2800
Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org
Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org
Founder, GCTIP (Global Coalition for Transparent Internet Performance): 
   http://www.gctip.org
Founder, PRIVACY Forum: http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Google Buzz: http://bit.ly/lauren-buzz

Prev by Date: [ NNSquad ] Cisco's tongue-in-cheek "IPv4 Apocalypse video from the future"
Next by Date: [ NNSquad ] Slate: "Will Netflix Destroy the Internet?"
Previous by thread: [ NNSquad ] Cisco's tongue-in-cheek "IPv4 Apocalypse video from the future"
Next by thread: [ NNSquad ] Slate: "Will Netflix Destroy the Internet?"
Index(es):
- Date
- Thread