Microsoft Looked Through Reporter's Hotmail And MSN Chat Accounts To Identify Windows 8 Leaker

from the scroogled? dept

Apparently, Microsoft’s desire to track down someone who leaked screenshots of Windows 8 is so strong that it’s willing to violate its own privacy guidelines and promises to the public — even if it means undermining Microsoft’s main promotional campaign for email services.

A few weeks ago, Microsoft promoted Mark Penn to chief strategy officer. Penn is most famous as a PR man and political pollster who was the driving force behind Hillary Clinton’s failed campaign for President in 2008. He’s known for his negative attack ads and his claims to do everything based on data — though, people who have explored some of his techniques say it’s a lot more flimflam than actual statistical analysis. His main contribution to Microsoft over the past few years seems to be its ridiculous “Scroogled” campaign, in which Microsoft — a company not at all known for its privacy protections — attempts to portray Google as being bad on privacy. The campaign has been a colossal and expensive flop according to most.

Either way, you’d think that for a company who’s main marketing strategy these days is all about how it protects the privacy of your email account wouldn’t then break into a user’s email account. But that’s exactly what Microsoft apparently did in tracking down the guy who leaked Windows 8 to a reporter. Alex Kibkalo, a software architect for Microsoft, sent a French blogger some Windows 8 code and the way to get around its anti-piracy measures. The French blogger posted screenshots and also emailed Microsoft for comment — and that’s when Microsoft apparently decided to throw its privacy promises out the window:

The engineer was caught after the blogger emailed Microsoft to confirm the authenticity of the leaked Windows 8 code. Investigators at the firm then reportedly looked through the blogger’s hotmail account and instant messenger chats to identify the source of the leak, and found an email from Kibaklo.

Of course, Hotmail today has morphed into, and the current ad campaign about it states: “ prioritizes your privacy!” and “Your email is nobody else’s business.” Oh really? I guess Microsoft considers it their business. It’s kind of astounding, first, that Microsoft did this, and second that they appear to openly admit that you have no privacy at all in your email if Microsoft suddenly decides it wants to dig through and dig up something.

Update: And, from the criminal complaint we see, indeed, that Microsoft figured it was fine to violate this journalist’s privacy:

Filed Under: , , , , , , ,
Companies: microsoft

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Microsoft Looked Through Reporter's Hotmail And MSN Chat Accounts To Identify Windows 8 Leaker”

Subscribe: RSS Leave a comment
John Fendersonsays:


Oh, now, be fair. No third party can be trusted with your information (or at least, it’s literally impossible to know which ones can, which amounts to the same thing).

Stories like this have been around for as long as companies have been keeping records on their customers. Even things like those supermarket affinity cards are used against you: customers suing stores have found that the supermarkets aren’t above digging out their purchase history and using it to defame or embarrass them.



It isn’t just hotmail though

I’m certain Microsoft would have gladly began hiring contractors to install spyware if the journalists were insightful enough to have not done business on a microsoft service.

Microsoft knows it’s large enough to lie on every policy and take back every word they’ve ever said on agreements and be basically untouchable to those journalists.

All megacorps are the same.


I used to have a hotmail account. M$ in it’s infinite wisdom decided after 10 years of using the account that suddenly it was possibly hacked and needed personal identifying information to keep it open. In all the time prior to this, they never needed that. I said goodbye to them and never looked back. I think I read somewhere that NSA has an access allowance into email provided they have your name and account details without having to go through FISA.

No matter, M$ didn’t need personal info to open the account, didn’t need it for years and years and then suddenly decides it does. I call BS on that one.

This is one of the prime reasons I won’t use Google stuff either. You can no longer trust major companies anymore than you can the security agencies of this country. Call it Snowden fallout, though the bit about the email happened before his appearance on the public scene.


Re: Re: Re: Re:

Excepting for sites where I’m actually paying money for something, there isn’t a single site that I have ever given the correct information to, and the events over the past few years have only underlined the wisdom of this practice.

From now on I’m registering as “John Fenderson” everywhere.



as they say, if you have nothing to hide…

I do question why an employee at M$ would use an account operated by his own company to do such a thing. Did he want to get caught? Was this bait in order to inflict some other punishment to his employer? I wonder. Maybe he wanted to find out if M$ would do what they did and now he’ll out them on it. Who knows. We live in truly bizarre times.

B's Opinion Onlysays:

Employment Contract

I’m certainly no fan of Microsoft, but the key issue that seems to be overlooked here is that Microsoft looked at the emails of a Microsoft Employee.

It is exceptionally common for one’s Conditions of Employment to indicate very clearly that any and all emails sent and received through the employer’s facilities will be monitored.

There is no story here.


Re: Employment Contract

Investigators at the firm then reportedly looked through the blogger?s hotmail account and instant messenger chats

The Microsoft employee emailed a blogger who happened to use a hotmail account. When the blogger sought confirmation from Microsoft they searched the email account of the blogger.

I’ll repeat that. Microsoft did not search the emails of their employees, they searched the email account of a random blogger who happened to being using their email service.


Wow, anybody who didn’t click on that “flimflam” link should do so. That’s a pretty stunning article showing how Penn interprets numbers.

For example, they talk about his theory that left-handed people make great military thinkers because Colin Powell and Norman Schwartzkopf were both lefties. I’m not exaggerating, that really is in the article.



For example, they talk about his theory that left-handed people make great military thinkers because Colin Powell and Norman Schwartzkopf were both lefties. I’m not exaggerating, that really is in the article.

Everyone knows that’s 100% true. And I’m absolutely not saying that just because I’m left-handed.


United States v. Councilman

Other than just plain pissing people off, a key question is whether Microsoft’s snooping is a direct violation of the The Electronic Communications Privacy Act or the Wiretap Act. I suspect it might be. Let’s not forget the audacity of online bookseller Interloc (now Alibris) who claimed that there was absolutely nothing wrong -or illegal- about spying inside customer’s email accounts … and actually got a court to agree.



The “fruit of the poisonous tree” doctrine only applies to government (mis)behavior. Evidence obtained by private parties through violation of law is still admissible.

If I break into your house to get evidence that you killed someone, that evidence will be admissible against you in court. I might also be arrested and charged with breaking/entering and burglary, but my crime doesn’t change the admissibility of the evidence against you.

G Thompsonsays:

Re: Re:

Agreed, though I’d be very much also looking at the reliability of that evidence since a highly biased legally unauthorised party (and remember this also comes under EU privacy data laws since the blogger sent data from EU and is a EU resident) has entered and gathered ‘evidence’ that though damning until independently verified under criminal evidence rules could only be used as probable cause.

Either Way Microsoft have allegedly committed criminal acts here under EU statutes and have created an absolute PR nightmare (especially in the currently volatile privacy environment we re now in worldwide) and anyone in anyway who uses Microsoft’s email accounts for personal or business use should destroy them and go elsewhere.

It begs the question what other times have they allowed this to occur and have they used it for their own personal/business gain in other matters. ie:corporate espionage, unfair trading, legal privilege.. the list is huge

Dave Millersays:

Re: Re: Re:

We also may share or disclose personal information, including the content of your communications: … To protect the rights or property of Microsoft or our customers, including enforcing the terms governing your use of the services.

Reading your personal information is a given, sharing it is what they explicitly give themselves permission to do.


Wait… a blogger doing a story on a Microsoft product was using a Microsoft email account to ‘hide’ their covert dealings with said Microsoft leaker? BAHAHAHA

I don’t know which is worse.. The blogger’s stupidity for not using another email service or Microsoft’s predictable evil blatantly violating an expectation of consumer privacy before one can even use their service.


Re: Re: False sense of security

[quote]Go do the test either at the EFF’s panopticlick site [ ][/quote]

If you’re surfing like me with Javascript disabled (cookies enabled) for most sites, Firegloves actually makes you more identifiable – whether or not you “randomise” certain values like User Agent – it seems to default to FF 6.0. ­čśë

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ┬╗

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it