Analysts downplay Windows 8 privacy issues

The Windows 8 Consumer Preview build has a feature that one person fears is a major privacy concern. On Monday, Infoworld reported that when a Windows 8 PC connects with a number of social networking services like Facebook and Twitter, " ... it keeps a cache of contacts from all of those sources stored on the machine. The cache persists even when the user logs off or the machine is turned off."

In theory that means anyone who signs onto your Windows 8 PC could see a list of your contacts, although they must have the admin rights to do so. However, another report on ITWorld.com downplays this issue.

Michael Cherry is a lead analyst for Directions on Microsoft, (a third party independent company with no direct Microsoft ties). He states, "My sense is that Microsoft will take some steps to remedy any issues, but in the area of privacy, the remedy may simply be to tell people that their information is shared among the services.

Mark Baldwin, principal researcher and consultant at InfosecStuff, feels that Windows 8 needs to cache this kind of data in order to improve performance for the OS. He adds, "As the author noted, one must have admin rights to view this data for a user other than yourself."

Cherry also states that in the end, Microsoft might be best served to let people know upfront that their contact list could be shared, saying, "On many sites, you have to go through many pages and read long documents. At the end of the day, it's too hard to understand. Part of the fix would be to make it really clear."

Report a problem with article
Previous Story

Alan Wake's American Nightmare due for PC May 22nd

Next Story

DDR4 RAM will reach computers next year

17 Comments

Commenting is disabled on this article.

How is this any different to an admin having access to all of the files on someone else's Windows account in Windows 7?

Whatever the facts this is out there now and could be eroding confidence in the new OS. I wonder if the story makes the MSM.

Win8 has password protected accounts... It's same like if someone can open my browser he can see all my saved passwords etc ?

Other softare have this security hole.

Firefox,Chrome... Pretty much all computer systems with Browser and with a program that caches.

They could AT LEAST encrypt the cache when a user logs off (the same way their passwords are encrypted by the Credential Manager). This would (I think) mean that while admin users would have access to the cache, they would not be able to read the contents.

Problem solved?

Wait...so if I connect social networks to an OS the OS will keep track of the contacts from those social networks and store them in cache?

NO WAI

How the hell DID they think Windows 8 kept those contacts? Magic?

lordcanti86 said,
Wait...so if I connect social networks to an OS the OS will keep track of the contacts from those social networks and store them in cache?

NO WAI

How the hell DID they think Windows 8 kept those contacts? Magic?

That's how OS X would have done it =P

Not sure if this article is serious. It's also a privacy concern if someone else has admin access to my computer too. /rollseyes

chAos972 said,
Not sure if this article is serious. It's also a privacy concern if someone else has admin access to my computer too. /rollseyes

Indeed! LMAO

korupt_one said,
I think its just more idiots that just make mountains out of molehills just cause its MS

I agree. It really sounds like nothing once you read more about it. It's not like it's available for anyone to go through or anything...

This is already present in Windows 7 and other OSes as well... Are these people stupid or trying to create controversy where it doesn't exist?

The Microsoft Account login is what makes this different, but with it come protections you can use. Terminate your account on the computer, or encrypt it, then even an administrator can't ever see your stuff.

With most users running an administrator level account on personal and 'friends' computers, it is strange that people are so lack about security. Most of the time not even using a separate account, and leaving their data and even login information for facebook and other credentials stored on other people's computers.

The Microsoft Account Login is actually more secure than what people are doing today, as it helping people use their own 'login' on computers, instead of a shared account.

The type of data in comparison can be found in virtually any user's browser's cache on any OS.