Microsoft Looked Through Reporter's Hotmail And MSN Chat Accounts To Identify Windows 8 Leaker
from the scroogled? dept
Apparently, Microsoft's desire to track down someone who leaked screenshots of Windows 8 is so strong that it's willing to violate its own privacy guidelines and promises to the public -- even if it means undermining Microsoft's main promotional campaign for email services.A few weeks ago, Microsoft promoted Mark Penn to chief strategy officer. Penn is most famous as a PR man and political pollster who was the driving force behind Hillary Clinton's failed campaign for President in 2008. He's known for his negative attack ads and his claims to do everything based on data -- though, people who have explored some of his techniques say it's a lot more flimflam than actual statistical analysis. His main contribution to Microsoft over the past few years seems to be its ridiculous "Scroogled" campaign, in which Microsoft -- a company not at all known for its privacy protections -- attempts to portray Google as being bad on privacy. The campaign has been a colossal and expensive flop according to most.
Either way, you'd think that for a company who's main marketing strategy these days is all about how it protects the privacy of your email account wouldn't then break into a user's email account. But that's exactly what Microsoft apparently did in tracking down the guy who leaked Windows 8 to a reporter. Alex Kibkalo, a software architect for Microsoft, sent a French blogger some Windows 8 code and the way to get around its anti-piracy measures. The French blogger posted screenshots and also emailed Microsoft for comment -- and that's when Microsoft apparently decided to throw its privacy promises out the window:
The engineer was caught after the blogger emailed Microsoft to confirm the authenticity of the leaked Windows 8 code. Investigators at the firm then reportedly looked through the blogger’s hotmail account and instant messenger chats to identify the source of the leak, and found an email from Kibaklo.Of course, Hotmail today has morphed into Outlook.com, and the current ad campaign about it states: "Outlook.com prioritizes your privacy!" and "Your email is nobody else's business." Oh really? I guess Microsoft considers it their business. It's kind of astounding, first, that Microsoft did this, and second that they appear to openly admit that you have no privacy at all in your email if Microsoft suddenly decides it wants to dig through and dig up something.
Update: And, from the criminal complaint we see, indeed, that Microsoft figured it was fine to violate this journalist's privacy:
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: alex kibkalo, email, hotmail, leaker, mark penn, privacy, scroogled, windows 8
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Stories like this have been around for as long as companies have been keeping records on their customers. Even things like those supermarket affinity cards are used against you: customers suing stores have found that the supermarkets aren't above digging out their purchase history and using it to defame or embarrass them.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I am shocked
[ link to this | view in chronology ]
I haven't even signed into my hotmail account for 6+ years. And I haven't even installed MSN messenger in my last 2 computers.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Great for disposable forum sign-ups that require you to validate your address.
[ link to this | view in chronology ]
Re: Re: Re:
Some sites, however, do disallow using a mailinator address to register.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
I'm certain Microsoft would have gladly began hiring contractors to install spyware if the journalists were insightful enough to have not done business on a microsoft service.
Microsoft knows it's large enough to lie on every policy and take back every word they've ever said on agreements and be basically untouchable to those journalists.
All megacorps are the same.
[ link to this | view in chronology ]
No matter, M$ didn't need personal info to open the account, didn't need it for years and years and then suddenly decides it does. I call BS on that one.
This is one of the prime reasons I won't use Google stuff either. You can no longer trust major companies anymore than you can the security agencies of this country. Call it Snowden fallout, though the bit about the email happened before his appearance on the public scene.
[ link to this | view in chronology ]
Re:
My name is Jean-Luc Picard, I live at 1701 E enterprise lane, Beverly Hills California, 90210.
What else do they need?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
From now on I'm registering as "John Fenderson" everywhere.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
False sense of security
[ link to this | view in chronology ]
Re: False sense of security
[ link to this | view in chronology ]
Re: False sense of security
or better still here http://fingerprint.pet-portal.eu/ and then if running firefox grab there firegloves randomizer plugin (on top menu in yellow).. It works very well
[ link to this | view in chronology ]
Re: Re: False sense of security
If you're surfing like me with Javascript disabled (cookies enabled) for most sites, Firegloves actually makes you more identifiable - whether or not you "randomise" certain values like User Agent - it seems to default to FF 6.0. ;)
[ link to this | view in chronology ]
Trolling
I do question why an employee at M$ would use an account operated by his own company to do such a thing. Did he want to get caught? Was this bait in order to inflict some other punishment to his employer? I wonder. Maybe he wanted to find out if M$ would do what they did and now he'll out them on it. Who knows. We live in truly bizarre times.
[ link to this | view in chronology ]
Re: Trolling
[ link to this | view in chronology ]
Re: Trolling
It wasn't the employee's account they looked at (which might even be defensible). It was *the reporter's*
[ link to this | view in chronology ]
Employment Contract
It is exceptionally common for one's Conditions of Employment to indicate very clearly that any and all emails sent and received through the employer's facilities will be monitored.
There is no story here.
[ link to this | view in chronology ]
Re: Employment Contract
The Microsoft employee emailed a blogger who happened to use a hotmail account. When the blogger sought confirmation from Microsoft they searched the email account of the blogger.
I'll repeat that. Microsoft did not search the emails of their employees, they searched the email account of a random blogger who happened to being using their email service.
[ link to this | view in chronology ]
Re: Employment Contract
If you actually read the story you'll find there is...
[ link to this | view in chronology ]
Re: Employment Contract
[ link to this | view in chronology ]
Re: Employment Contract
[ link to this | view in chronology ]
For example, they talk about his theory that left-handed people make great military thinkers because Colin Powell and Norman Schwartzkopf were both lefties. I'm not exaggerating, that really is in the article.
[ link to this | view in chronology ]
Re:
Everyone knows that's 100% true. And I'm absolutely not saying that just because I'm left-handed.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
United States v. Councilman
http://epic.org/privacy/councilman/
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
If I break into your house to get evidence that you killed someone, that evidence will be admissible against you in court. I might *also* be arrested and charged with breaking/entering and burglary, but my crime doesn't change the admissibility of the evidence against you.
[ link to this | view in chronology ]
Re: Re:
Either Way Microsoft have allegedly committed criminal acts here under EU statutes and have created an absolute PR nightmare (especially in the currently volatile privacy environment we re now in worldwide) and anyone in anyway who uses Microsoft's email accounts for personal or business use should destroy them and go elsewhere.
It begs the question what other times have they allowed this to occur and have they used it for their own personal/business gain in other matters. ie:corporate espionage, unfair trading, legal privilege.. the list is huge
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Reading your personal information is a given, sharing it is what they explicitly give themselves permission to do.
[ link to this | view in chronology ]
Re: Re: Re: Re:
oh wait... it doesn't
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
I don't know which is worse.. The blogger's stupidity for not using another email service or Microsoft's predictable evil blatantly violating an expectation of consumer privacy before one can even use their service.
[ link to this | view in chronology ]
He was a 'French' blogger
[ link to this | view in chronology ]
Oh wutta surprise!!
When it comes to MS, I would expect absolutely no less.
If Microsloth says it honors client privacy, then its certain that Microsloth does not honor client privacy.
Like Government, if MS speaks, it lies.
[ link to this | view in chronology ]