Wednesday , September 28 2022

Serious privacy issues discovered in Microsoft Office


The privacy impact assessment commissioned by the Dutch government has revealed serious privacy issues in Microsoft Office ProPlus. As a result, productive phones call more often and more than ever.

The privacy and privacy experts of the privacy company have been invited by the Ministry of Defense and the Dutch law to conduct the Impact Assessment (DPIA) in Microsoft Office. DPIA handles Office ProPlus and demonstrates serious privacy troubleshooting. In addition to the standard diagnostic data, the Redmond software also transfers personal data to the server server in standard settings. In the Netherlands, the software employs 300 thousand employees of various government organizations, such as government ministries, law, police and others.

This data is collected by Microsoft

The report is freely available [PDF] Discusses systematically and extensive collection of data on the single use of Word, Excel, PowerPoint and Outlook – without providing transparent information about this practice. Additionally, Microsoft does not offer the option to restrict or disable data collection. Moreover, viewing the transmitted data is not possible.

Like Windows 10, Redmond integrated Office with a separate solution that regularly sends telemetry data to its US servers. For example, Microsoft collects event information in Word when users use the Backspace key multiple times in a row. This indicates that multiple corrections were made to a word that spelling is unknown. In addition, whole sentences are passed before and after individual words the user has looked at, for example, the online spelling checker or the translation service.

In addition, Microsoft not only stores usage data through the built-in telemetry client, but also captures and stores the personal use of Connected services. For example, if users access a connected service, such as the translation service, using the Office software, Microsoft may store personal information about this use of event logs created by the system.

While the privacy company recognizes in a blog post the impact assessment of privacy, Microsoft relies solely on technical data on certain data collection, such as mail headers or IP addresses, for its Internet services. However, these data should not be permanently secured except for legitimate security concerns.
Overall, Microsoft claims to have tracked 23,000 to 25,000 different software events and transferred them to the company's servers for investigation. The work is done by 20 to 30 engineering teams. Thus, data collection and data analysis Office ProPlus is much more common than in Windows 10 – and even where Microsoft had to improve the pressure of data protection agencies and authorities.

The privacy company's blog further states that Microsoft has already committed to adapt its software to privacy concerns. For example, they work on a tool for viewing telemetry data. In addition, one developed a setting (zero emission), which prevents data leakage.

Source link