May 08, 2012, 3:16 PM — It sounds like a privacy hole big enough for a truckload of your personal information to be leaked to the world, but experts say a recently disclosed Windows 8 privacy issue is really a non-issue.
Microsoft's Windows 8, which connects its users with networks including Facebook, Flickr, Twitter, LinkedIn, Hotmail, Gmail, Exchange leaves a "lingering cache of automatically collected contacts [that] are stored unencrypted on a Windows 8 client," InfoWorld's Woody Leonhard reports this week.
"[Windows 8] doesn't build its Contacts list dynamically," Leonhard reports. "Instead, it keeps a cache of contacts from all of those sources stored on the machine. The cache persists even when the user logs off or the machine is turned off."
"That means anyone who can sign on to your PC with an administrator account can see all of your contacts and all of their data -- names, email addresses, pictures, telephone numbers, addresses," he writes.
Leonhard said he found out about this from a white paper by George Washington University grad student Amanda C.F. Thomson, at a blog called PropellerHeadForensics. He said while the contact information is "stored away in an appropriately obscure format, the text is in the clear and the pictures can be resurrected fairly easily. Nothing's encrypted."
Michael Cherry, lead analyst, operating systems at the analysis firm Directions on Microsoft, says he has no reason to doubt Thomson's findings. But, he says this is far from a meltdown in Microsoft's decade-long effort to improve its security and privacy.
First and most important, he says, is that this is a beta version of Windows 8 -- a release preview. While it is in wide use, "the point is that this is the kind of thing they are looking for."
"My sense is that Microsoft will take some steps to remedy any issues, but in the area of privacy, the remedy may simply be to tell people that their information is shared among the services," he told CSO Online.
Cherry says it is not just Microsoft, but all Internet services -- from e-mail services to social networking sites -- that are "standing on the dividing line of what people want -- communicating with people about who they are, but at the same time wanting to be aware when they do it."