The Windows 8.1 preview introduced the “Search Charm”, that includes searching the Internet via Bing:
Any of the options can be selected that causes the search results to be displayed in the chosen area only.
As the search term(s) entered, highlights of the result are displayed:
The priority is given to local search over the Web search results, that are hyper-linked. Clicking on any of the results brings up the application handling the file type. In this example, the “DDR3 memory.docx” file opens in MS Word in the the desktop; the web link of “ddr3 memory” opens up a Wikipedia in IE11, also within the desktop.
Continuing the search displays the results in full screen, with local search results on the left and the web search results on the right:
The web search results are the same as the Bing’s search results in an actual browser, with one difference. The browser lists the “bing.com/shopping” as the first link.
The order of the web links is influenced by advertisement for the smart search, the same way as it influences the browser search results. Integrated paid advertisement into the Operating System (OS) isn’t new either, arguably, Apple and Google are ahead of Microsoft from this perspective. Right or wrong, it is a business decision by Microsoft that prioritized advertisement revenue, as evidenced by the statements in the search settings:
Integrating advertisement driven search results in the OS does present a privacy risk to the end user. Making the web search integration the default option, while understandable from business perspective, should not be for the end users. Fortunately, Microsoft allows opting out from Bing searches in the OS:
The question is, does the opt-out really disable Bing web search? The short answer is seemingly yes. Doing a search with the “Everywhere” option selected results in displaying local system search results only.
The long answer is that while web searches are not displayed, the “smart search” continues tracking the end user’s search activities. Anytime the user opens up the “Search Charm”, the OS will:
- Establish a TLS 1.2 encrypted connection to a destination server
- Once the search term(s) entered, it is sent to Microsoft
- The search result of the local system may, or may not being sent to Microsoft
- The web search results are not displayed
Microsoft should state that disabling Bing searches does not stop “smart search” from tracking end user activities.
The “smart search” poses a privacy risk to the end user and in addition, it could become a security risk as well. Especially when hackers “re-engineer” Microsoft’s smart search and use it for their malicious purposes. The smart search is nothing else, but a combination of APIs that can be called by malicious software to collect information about the end users.The Bing search results could also be changed on the fly to redirect the browser to a site that hosts the malicious software, prior to connecting the end user to the legitimate website.
In some ways, Microsoft had made it easier for the hackers to exploit the end users. Smart, real smart Microsoft…