Microsoft has been allowing surveillance through it's products. Allegedly, Microsoft made a secret agreement to allow surveillance by US government in exchange for USA allowing Microsoft's monopoly tactics to remain unchallenged. Windows crash reports is under surveillance by NSA
NSA KEY[edit | edit source]
_NSAKEY is the oldest known example of suspecting Microsoft to allow surveillance. _NSAKEY is a cryptographic key named after the NSA, and thus suggests that it allows the NSA to access any devices where this key is installed. Microsoft has denied that this key is part of key escrow, which was required by US Government. The key can be edited, and then be used to load self-signed cryptographic security modules.
UEFI Secure Boot[edit | edit source]
TPM UEFI Secure boot (when enabled) limits the choice of operating system to only those signed with a key that must be recognized by the UEFI. Every Windows 8 and 10 device ships with UEFI Secure Boot. This UEFI Secure Boot feature cannot be turned off in Windows 8 RT devices, and manufacturers may choose not to give users an option to turn it off in Windows 10 devices. The Free Software Foundation labels this feature as UEFI "Restricted Boot", since any operating system has to be signed (approved) by Microsoft before it can run on such devices. Hispalinux, led by lawyer José María Lancho, filed a complaint with the European Commission against Microsoft for this anti-competitive behavior:
Microsoft, as the sole owner of the private key, which matches up with the public key held in the memory of computers running Windows 8, is the only party that can authorise (sign) the software components in UEFI, the only party that can sign the boot of the operating system, and the only party that can sign the communications between the operating system and UEFI.
Due to bugs in the Intel UEFI, and Microsoft's implementation of those bugs in Secure Boot, it is possible to fully monitor the device from within the OS, and crash the system as desired. Secure boot's alledged surveillance backdoors can be used as vulnerabilities:
Windows 8 has introduced an API that allows accessing this UEFI interface from a privileged userland process. Vulnerabilities in this interface can potentially allow a privileged userland process to escalate its privileges from ring 3 all the way up to that of the platform firmware, which attains permanent control of the very-powerful System Management Mode.
Windows 10[edit | edit source]
Windows 10 is considered spyware by most privacy and open source enthusiasts. Windows 10 (installation file) sneaks into your computer, (after installation) uploads your private & confidential data to Microsoft and NSATC.net site, and uploads itself to other devices, all without your explicit permission or knowledge. Microsoft collects information through email clients, Internet Browsers, Skype, and a key logger on Windows 10. Windows 10 reports back to Microsoft and external sites, regardless of user choice. Modifying the Windows Registry can disable this communication to Microsoft, and applications are being developed by third parties to make this registry change easier.
Windows 10 reports back to Microsoft and NSATC.net site,
Windows 10 is watching - and logging and sharing - everything users do... and we mean everything.
we(Microsoft) will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.
NSA Prism & Online tracking[edit | edit source]
We(Microsoft) provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.
But, in line with PRISM, Microsoft's cloud software, like Hotmail, Outlook.com, Skydrive(OneDrive) and Skype are under surveillance by the NSA. In the case of Outlook.com, Microsoft reportedly worked with the FBI to help NSA get around Microsoft's own data-scrambling scheme, or as Microsoft has put it, "legal obligations" forced its hands.
Microsoft apparently indirectly informs the NSA of bugs in all Microsoft software before fixing them, and this information about 0-day backdoors gets forwarded to Private contractors working with the Government.
Windows crash reports are reported to have been intercepted by NSA, enabling the NSA to gain "passive access" to a machine without the user's or Microsoft's knowledge.
After PRISM disclosures Caspar Bowden, a former Microsoft chief privacy adviser, criticized PRISM, stating he had suspected the existence of the project during his time at Microsoft, although he had not known it by name. He also said "I don’t trust Microsoft now", and advocated the use of open source software where the source code can be examined.
Microsoft´s excuse for all this surveillance is that now you can spy on your children Even if you believe Microsoft, the next question is would you hire a stalker to spy on your children (for free) ?
References[edit | edit source]
- Free Yourself from Microsoft and the NSA by David Spring, ASIN: B00FDXSAS8
- Windows error messages let NSA spy on people: Crash reports are a 'neat way' of gaining access to machines
- Windows 'back door' security alert
- Gates, Gerstner helped NSA snoop –US Congressman
- Evolution of US Government restrictions on using and exporting Encryption Technologies
- How NSA access was built into Windows
- Microsoft tightens Windows 10's Secure Boot screws: Where does that leave Linux?
- Support the FSF: Help us stop Restricted Boot
- How to Boot and Install Linux on a UEFI PC With Secure Boot
- Microsoft to stop Linux, older Windows, from running on Windows 8 PCs
- Lawyer hopeful of success with secure boot complaint
- Windows 8 and Intel UEFI: the NSA front door
- Hacking Team's malware uses UEFI rootkit to survive OS reinstalls
- Presentation: Extreme Privilege Escalation On Windows 8/UEFI Systems
- Windows 10 is Spyware
- Windows 10 is possibly the worst spyware ever made
- The FSF's statement on Windows 10
- Microsoft is forcing Windows 10 on users’ machines without consent
- A Traffic Analysis of Windows 10
- How to stop Windows 10 from using your PC's bandwidth to update strangers' systems
- Windows 10 spies on emails, images, credit cards, more
- Even when told not to, Windows 10 just can’t stop talking to Microsoft
- Comparison of Windows 10 Privacy tools
- As encryption spreads, U.S. grapples with clash between privacy, security
- Vista 10 (Windows 10) Has NSA Back Doors and Front Doors
- The Surveillance State Goes Mainstream: Windows 10 Is Watching (& Logging) Everything
- Using Windows 10? Microsoft Is Watching
- Microsoft Wants to Block Pirated Content? Pirate Sites Ban Windows 10 Instead
- Windows 10 is spying on almost everything you do – here’s how to opt out
- YouTube Video: Windows 10 is a Tool to Spy on Everything You Do
- New Windows 7/8/8.1 updates spy on you just like Windows 10
- KB 2952664 triggers daily telemetry run in Windows 7 -- and may be snooping on users
- Microsoft Increases Secrecy; Expands Spyware to Windows 7 and 8
- A Traffic Analysis of Windows 10
- Microsoft denies Windows spy-hole allegations
- US, British intelligence mining data from nine US Internet companies in broad secret program
- NSA's access to Microsoft's services detailed
- Snowden leak: Microsoft added Outlook.com backdoor for Feds
- Statement from Microsoft about response to government demands for customer data
- Project Chess spied on you long before Microsoft acquired Skype
- US Patent 20110153809
- Will Microsoft's Changes To The Architecture Of Skype Make It Easier To Snoop?
- NSA leaks hint Microsoft may have lied about Skype security
- How Can Any Company Ever Trust Microsoft Again?
- U.S. Agencies Said to Swap Data With Thousands of Firms
- Ex-Microsoft privacy adviser: I don't trust company
- Outspoken privacy campaigner Caspar Bowden dies after battle with cancer
- Windows 10 automatically sends parents detailed dossier of their children's internet history and computer use