Hotmail’s social networking busts your privacy

Woody leonhard By Woody Leonhard

In its rush to take on Facebook and Google Buzz, Microsoft is now collecting and displaying personal information on your Hotmail page — information you may never have wanted to broadcast.

Exactly how it’s mining this information is something of a mystery, but if you use Hotmail or Windows Live, it’s time to review your privacy settings — lest something you said or did comes back to haunt you.

One user signed in to her Hotmail account recently and was greeted with Microsoft’s new, improved social networking splash page, shown in Figure 1.

Subscribe to our Windows Secrets Newsletter - It's Free!

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

PC Drive Maintenance (Excerpt)

Subscribe and get our monthly bonuses - free!

Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!



Hotmail's new user home page
Figure 1. When you sign in to Hotmail, you now see the “Today” page with its new social networking format.

What’s wrong with this picture? All three What’s new with your network entries contain potentially embarrassing information that the authors never dreamed would appear on someone else’s Hotmail sign-in page. I speak with authority — I’m one of the contacts.

This looks like a heavy-handed attempt by Microsoft to expand its Windows Live Spaces social networking out to the zillions of people who use Hotmail. A controversial move in a confusing marketplace, it’s reminiscent of the Buzz privacy debacle that got Google into hot water with several governments (as reported in a Deutsche Welle story). In essence, Microsoft is signing you up for a Windows Live Spaces account without your consent.

The new format brings up some disturbing questions: How, for example, does Microsoft come up with a list of your network contacts, when you’ve never created one in the first place? How does Microsoft find the What’s new items — little tidbits of information about those in your network, the network that you didn’t know you had until just now?

Unfortunately, these questions remain unanswered.

Where the ‘what’s new’ list gets its faces

In an e-mail, I asked Microsoft two questions: Where do they get the list of your network contacts that appears on the Hotmail login page? And how do they harvest the content that appears next to each contact?

A Microsoft spokeswoman replied with an e-mail that simply stated:
  • “Hi Woody,

    Please see the Windows Live ‘What’s New’ feed permissions work to answer your questions.

    http://help.live.com/help.aspx?project=wl_spaces&market=en-us&querytype=topic&query=spaces_proc_setprofilepermissions.htm “
(Microsoft doesn’t allow its spokespersons to be identified by name.)

The link goes to instructions on how to set your Spaces profile permissions. Using a tedious procedure described at the end of this story, you can keep Microsoft from divulging some kinds of information. But what you see and what the world sees on your new Hotmail start-up page is the way it’s meant to be.

Even though I don’t know for sure where Microsoft gets its Hotmail content, I can make a few educated guesses.

If you subscribe to Microsoft’s Windows Live Spaces, you have a list of What’s new with your network contacts. Microsoft uses that list to come up with the names that appear on your Hotmail startup screen. If, however, you never signed up for Live Spaces, it looks like MS draws the What’s new information primarily from the people you’ve IM’d using Microsoft Live Messenger. (You can check this by instant-messaging someone new and seeing whether that person then shows up on your Hotmail page.)

It also looks like Microsoft draws the names in the Hotmail What’s new list from your Hotmail contacts. Microsoft has many different contact lists (Hotmail, Messenger, Live Mail, Outlook, Spaces, etc.), and it appears Microsoft’s scheme is to expand its social networking system by combining all these lists. Fortunately, it can’t do that unless you give your consent (and your contacts may have to give their consent as well).

Microsoft also lets you draw names from other social networks such as Facebook, MySpace, LinkedIn, AOL, and others.

How Microsoft finds other ‘what’s new’ content

The What’s new with your network list adds content from blog updates, favorites updates, photos, games, and more — but for the life of me, I have no idea from what specific sources Microsoft mines this material.

This is not a case of paranoia or that I’m anti-social — I have no problem with Facebook, for example. If you stick something on a Facebook wall, you expect the missive to be visible to anybody who wants to look at the wall. That’s part of the social-network deal. But the new Hotmail user home screen goes to another level.

For instance, if you have a Windows Live ID and you add John Smith to your What’s new network, you expect that others in your network will find information on Mr. Smith. That’s cool. But you’d probably be surprised when you discover that someone you casually IM’d six months ago now sees that you and John are buddies.

I’ll give two examples where the source of the new Hotmail content mystifies me. I made a comment on December 11, as shown in Figure 1, but I have no idea where Microsoft found that text. (You won’t find it searching on Google or Bing.) What’s new also says that I commented on Kim’s file — but I have no idea who Kim is. Clicking through on the linked PDF e-book turns up a dead link. By clicking on Kim, I discovered that she is or was a marketing manager at Microsoft Press. But I still have no idea how she ended up as a What’s new link with my name on it.

I’ll readily confess that I don’t recall every I agree button I’ve ever pushed. But I’m reasonably certain I’ve never given Microsoft permission to mash together information about a woman I’ve never heard of and stick it under my name on other people’s Hotmail pages.

Use the Permissions pages to protect yourself

As far as I can tell, a Windows Live ID is necessary for MS to spread potentially embarrassing information about you across the Hotmail sign-in pages of people you barely know. Windows Live IDs have gone by many different names over the years, including @hotmail.com or @live.com e-mail addresses, Windows Live Messenger, MSN Messenger or Windows Messenger ID, Xbox Online ID, Windows Passport or .NET Passport ID, and Microsoft Wallet or Passport or Passport Network ID.

If you have a Windows Live ID and you’re concerned about privacy — as you should be — you can use the permissions pages (and there are many of them) to control exactly what other Hotmail users will see about you. Here’s how:
  • Step 1. Go to the Windows Live sign-in page and sign in with the Windows Live ID that you want to protect.

  • Step 2. At the top of the page, above the masses of advertising, click the Profile link.

  • Step 3. On the Profile page, click the Permissions link. You’ll see a lengthy list of permission options, as shown in Figure 2. I counted 22 different main permissions options, and several of the options have multiple choices.

    Windows live permissions page
    Figure 2. A tiny subset of all of the permissions you’re allowed to tweak.

    One of the options — What’s New — includes 16 sub options (see Figure 3). These settings control the What’s new with your network items on the Hotmail login page, but they’re poorly defined — many of the links shown in Figure 3 didn’t lead anywhere.

    Whats new permissions page
    Figure 3. The many permissions options for the “What’s New” section of Hotmail have a daunting number of choices.

  • Step 4. Work through the permissions that concern you the most — for example, whether your last name should be displayed. It could take an hour to slog through it all. As far as I can tell, there’s no easy way to simply say, Keep Out.

  • Step 5. When you’re done, click the link in the upper-right corner of the window and sign out.
That’s what you have to go through to keep Microsoft from broadcasting your personal details to people you barely know.

Unless somebody in Redmond shows a little common sense and restraint, this foray into public — and potentially embarrassing — data mining could bring with it legal liabilities.

Given the murkiness of this new social networking scheme, I’d just as soon opt out — if I could only figure out how.

Have more info on this subject? Post your tip in the WS Columns forum.

Woody Leonhard‘s latest books — Windows 7 All-In-One For Dummies and Green Home Computing For Dummies — deliver the straight story in a way that won’t put you to sleep.
= Paid content

All Windows Secrets articles posted on 2010-04-22:

Woody Leonhard

About Woody Leonhard

Woody Leonhard is a Windows Secrets senior editor and a senior contributing editor at InfoWorld. His latest book, the comprehensive 1,080-page Windows 8 All-In-One For Dummies, delves into all the Win8 nooks and crannies. His many writings tell it like it is — whether Microsoft likes it or not.