ALL-INKL.COM - Webhosting Server Hosting Domain Provider

Microsoft and Privacy

Office, Microsoft, Cloud. Three words that are a
trigger when it comes to privacy and safety of your
private data. It seems as if Microsoft is going to
improve data protection… but not for all!

The data telemetry acquisition in Windows 10 and Office 365 is going to be a bit less agressive in the future as Microsoft itself has faced a lot of complaints from companies working with Windows 10 and Office 365. They stated that the amout of data that is acquired per client is containing not only data that is necessary for product improvements but also data is collected that permits Microsoft to create a complete usage picture of their products per user. The question about which sensitive data is acquired, was left unanswered by Microsoft in the past but the recent changes now make it clear that Microsoft has acquired more data than it was necessary for proper operation of their products.

Yet Microsoft sees itself in a position to weaken data telemetry only for Windows 10 and Office 365. Users that have Office 2016 and 2019 as a standalone product installed on their client, may still notice a higher data telemetry amount when using the products mentioned above. So it’s either using cloud-based products or you have to accept data telemetry. The choice is yours!

The main problem is that the data telemetry of Office and Windows has still Flaws. Wildcard certificates for 14 domains, transfer of private data where it isn’t necessary and worst of all: Passwords that are transferred clearly viewable as they’re not encrypted!

The problem with the wildcard certificates is that they don’t avoid MITM attacks when the Click-to-run function is downloading necessary DLL files to run programs afterwards via a proxy connection as the verification fails to check the DLL files for genuinity from Microsoft. This could allow hackers to compromise otherwise safe systems as they can inject their own DLLs into these systems.

All these points brought the EU authorites to put up the question if Windows 10 and Office can be run with DSGVO conformity and the verdict was clear: No, at the moment both products do not comply with the DSGVO. The department of Justice from the Netherlands also committed that Office Pro Plus 2016 violates a vast number of privacy rules that make an operation according to the DSGVO impossible.

Microsoft has been confronted with the results and they later divided the telemetry data into two categories: “necessary” and “optional”. Necessary means this is classified data that is mandatory for a seamless and flawless operation of Windows and Office. Data, Microsoft is still going to acquire from all clients running the software.

Maong this data are search requests and IP data as well as tyle and version of the device that made requests to Microsoft Bing for example.

Microsoft will set up a new info page for Office 365 to allow the customers set up their privacy settings better and will also inform on how Microsoft is processing acquired data herein. If that changes the point of view when it comes to privacy, is doubtful, however!

The future updates however can be a significant problem for administrators and Microsoft of course, to still break with the DSGVO compliance. Also Microsoft doesn’t clarify how the agreements of users are stored and what information users got to see when they confirmed that certain data is acquired via these products.

Interesting fact is that Microsoft classifies optional telemetry data as such: embedded pictures in documents and how long a powerpoint slide is being shown. While the first is already a thing of security breach (images can also contain sensitive information!), the second one is indeed “nice to have” data but not necessary. Especially the second one could help Microsoft to improve slide loadtimes in Powerpoint.

While Microsoft is still pointing to privacy.microsoft.com and the Enterprise Trust Center to inform about how collected data is being processed, all this leaves more questions than answers given. We think it’ll lead the EU Privacy advocates to come up with way more questions and how Microsoft is going to solve these problems.


May 7, 2019 Netspark - 1600 posts - Member since: May 9th, 2011 No Comments »

RATING :
Rockbottom!Very badBadAverageGoodVery goodAwesome! (1 votes, average: 7.00 out of 7)
Loading...
FILED UNDER :Computer , Curiosities , News , Technology , Thoughts
TAGGED WITH : , , , , , ,

Leave a comment