Friday, June 14, 2013

New disclosures reveals Microsoft deliberately compromises user security

Just when you thought the NSA spying scandal couldn't get any worse, Bloomberg News reports that Microsoft Corp openly shares vulnerabilities it finds in its software with spy agencies before it issues patches for them. That's right, not only do you have to worry about hackers and the government discovering vulnerabilities that compromise your computer, Microsoft is giving spy agencies an open invitation to anything that's on it!

While Microsoft is specifically named, it's probably safe to assume that many other companies we trust are doing the same thing because the risk of them ever being caught is so slim. But the particularly worrisome thing about the Microsoft revelation is the sheer reach that the company has through it's products. Microsoft currently controls 97% of the desktop market and has a significant presence in both the mobile device and server market. Additionally, the company has a deepening reach into consumers living rooms through its XBOX entertainment system and its Kinect device which can track voice, facial gestures, and even see in the dark with its always on, always connected to the Internet camera.

This makes Microsoft one very dangerous company cooperating with the government

How they got away with it

The underlying computer code that makes up Microsoft software is a closely guarded secret with anyone stealing that code facing decades in prison. Microsoft, and other companies who don't share their source code, day they don't share because the code is valuable to their business and would lower their competitive advantage if everyone know exactly how their software worked.

But not sharing source code also has a more sinister side as well: it allows the companies to hide anything they want to in their programs and it's virtually impossible for users to find out what those programs are really doing or what data thy may be sharing with whom.  Companies will often argue that, because of their reputations, users can trust them to do the right thing and not deliberately do anything malicious or compromise their security.

Obviously, Microsoft didn't get the memo because today's revelation about them informing the NSA of problems before they're fixed does both.

Users of Microsoft software like Windows should ask two critical questions right now: how long died the company wait after telling the NSA about a problem before they fix it and, more importantly, what happens if the agency asks them not to fix a particular problem?

Those are two questions neither Microsoft or the government can be trusted to honestly answer, leaving users in the uncomfortable position of trusting the word of a company who has just betrayed them.

What can you do about it?

Thankfully, the answer to this revelation us pretty simple: stop using software from Microsoft and any other company that refuses to allow users to look at the underlying computer code of the programs they run on their computers. Yes the companies will make a million excuses why they can't show you their source code. You need just one reason not to accept any of those reasons: your privacy.  If the source isn't available, you have no way to verify that your software isn't spying on you or being deliberately left vulnerable so you can be spied on.

Taking this route means change. It means often walking away from software and platforms you may have used for decades. But the good news is that there has never been a better or easier time for you to walk away and it's getting easier every daub operating systems like Linux are amazingly user friendly, software like LibreOffice is fully compatible with Microsoft Office, and there are open alternatives to almost every closed program you're running now. From Windows down to calculator, everything is covered.

Punishment as well as Security

Moving away from closed software will help you protect your privacy. But more than that, it will punish the companies who've violated your privacy by denying them that which they value most: money. It will send a clear message that this kind of behavior is not OK and that you won't tolerate it.

Stand up today and take your privacy back. Tell these companies and these spies that you won't tolerate being spied on and lied to. Enough is enough!

No comments: