Technobabbles I try to sound like I know what I'm talking about. Don't be fooled.

Microsoft and Privacy

Microsoft reportedly released results of a three-month phishing study conducted through an add-on to their Windows Live toolbar, the Phishing Detective. The software compared passwords used on various websites and reported URLs to Microsoft if the passwords for two sites matched. Admittedly, it is an interesting approach, and legitimate matches are easily weeded out, but it raises issues about how much Microsoft knows about you.

Microsoft could theoretically profile all its toolbar users and keep track of what sites they have accounts at by what sites generate hits to the password-comparing program. Other companies like Google also collect the URLs their toolbar users visit, but the features are clearly marked as having privacy implications and they promise not to log your traffic. Microsoft was definitely logging, though the degree of user specificity is unclear.

This wouldn't be so much of a bother if it was going to be limited to the Windows Live Toolbar add-on; rumors are afoot that Microsoft might add the technology to Internet Explorer, which already has an anti-phishing system similar to the one in Mozilla Firefox. Whether or not that version would send logs back to the company or just alert users if it detects suspicious password similarity, I can't tell, but it still makes my skin crawl a bit. I think I'll continue doing what I've been doing: sticking with Firefox and, for the occasional Explorer site, IE6.

Microsoft reportedly released results of a three-month phishing study conducted through an add-on to their Windows Live toolbar, the Phishing Detective. The software compared passwords used on various websites and reported URLs to Microsoft if the passwords for two sites matched. Admittedly, it is an interesting approach, and legitimate matches are easily weeded out, but it raises issues about how much Microsoft knows about you. Microsoft could theoretically profile all its toolbar users and keep track of what sites they have accounts at by what sites generate hits to the password-comparing program. Other companies like Google also collect the URLs their toolbar users visit, but the features are clearly marked as having privacy implications and they promise not to log your traffic. Microsoft was definitely logging, though the degree of user specificity is unclear. This wouldn't be so much of a bother if it was going to be limited to the Windows Live Toolbar add-on; rumors are afoot that Microsoft might add the technology to Internet Explorer, which already has an anti-phishing system similar to the one in Mozilla Firefox. Whether or not that version would send logs back to the company or just alert users if it detects suspicious password similarity, I can't tell, but it still makes my skin crawl a bit. I think I'll continue doing what I've been doing: sticking with Firefox and, for the occasional Explorer site, IE6.