Top security expert for Plixer has discovered that Microsoft is secretly stealing data from its Windows 10 users.
Mike Patterson, founder and CEO of security analytics firm Plixer, uncovered some interesting findings regarding the Microsoft Windows 10 operating system and how it handles our data.
After disabling everything he could find that was transferring data to outside sources, he discovered that the OS was still sending some form of metadata to Microsoft every 5 minutes. Further research by Patterson concluded that the content being sent was encrypted in a way that makes it impossible to see what data was been sent to the Redmond electronics giant.
Justin Jett, Marketing Manager for Plixer, commented on the findings in a blog post on their website, saying “The company was retrieving information from the user, either with or without their consent.”
“Microsoft encrypted the data being transferred, but they sent the data over HTTP (port 80), which is an unencrypted channel”.
“This extra effort to encrypt indicates that Microsoft not only didn’t want non-authorized users of the machine from accessing the data’they also didn’t want the end-user knowing what was being sent.”
The data that Microsoft is secretly stealing appears to be information about ‘you and your device’, based on settings selected in your Windows 10 privacy settings. According to the report, there is a group policy feature called ‘Allow Telemetry’, which determines how many details are being sent back to Microsoft.
Patterson discovered that the only way to truly disable this feature was by purchasing a copy of Windows 10 Enterprise, meaning every home user will be affected by this possible data leak. A workaround to this includes blocking access to specific servers and/or blocking at DNS level, though it’s pretty tricky for the average user.
It’s not just Microsoft that appears to be doing this either, as Patterson also uncovered similar misdealing by top security firms such as McAfee and electronics manufacturers like Plantronics.
Most big technology companies now include some clause in their terms and conditions that allows the mining of our data, usually for product improvements and/or to improve the quality of our service. That said, it still puts into question exactly where our data is getting sent and who is seeing it.
Rahul Kashyap, EVP and chief security architect at security analytics firm Bromium, said “The impact of mining such user behaviour can lead to users getting targeted by ads, mails, phone calls etc and if it goes in the wrong hands – it could lead to targeted attacks.”
Plixer concluded the report by suggesting a ‘Call for Action’, saying that ‘the rush to collect big data to run analytics on customers is pushing the boundary on ethical information theft’.
They claimed that the consumer should have the ability to look inside the traffic leaving the company, while End User License Agreements (those pesky things we all click yes to without reading) must clearly disclose 100% of the information being taken from the consumer’s device.
For more news, visit What Mobile’s dedicated news page.
