How to find the unique ID that Microsoft has assigned to you

[LetsWindows10]

Why I worry so much about the Microsoft Account/Windows10 tie-in. (or, a morose "told you so" moment)

 

Cross-site scripting vulnerability found in Microsoft Account login site, disclosed after it was patched fortunately - as recently as September 22 of this year.

 

 

If MS can't secure the central component of their business plan and can't audit for simple, old vulnerabilities, should you trust them with your data?

Sure the members of this forum have (hopefully) either used Windows 10 with a local account only, or created their own "anti-social" Windows 10 install because we're all savvy enough to use the advice and research shared by the good folks here.  But the number of friends, family and coworkers who have willingly or unwillingly upgraded scares me.  Most of them have more to lose than I do.

 

It's not a matter of "Evil M$ wants to spy on me!" that concerns me.  It's the naive, irresponsible attitude that MS thinks they can anonymize your data and it will never leak.

 

The tweet posted above is just the tip of the iceberg - a benevolent security researcher who alerted MS.  A bigger vulnerabilty that leads to a massive leak will happen eventually.  It won't be from the "Chinese hackers" or "Russian hackers"  It will be one of the following vectors:

• A simple vulnerability in the realm of XSS
• An MS employee with elevated access to the "cloud data" will be comprimised by trojan/keylogger
• The data that MS now has to share with the gov't (thanks to CISA and UN agreement) will not be properly sanitized and an entry level IT specialist who doesn't get paid enough to care, does something careless with the data.
• The CDN account at one of the many providers Win10 is chatty with will be compromised and captured.

At some point, with thousands of customer accounts reported compromised by various vendors each day, is it possible this leak will cause your credit and the money you have in any financial institution to come into question and the financial system will collapse?  Have a nice day!

 

/goes off grid with hatchet, flint & steel, and a new tinfoil hat  (outgrown the old one)

 

[NoelC]

...should you trust them with your data?

 

 

What's that old line in Jurassic Park, uttered by John Hammond to Dennis Nedry?  Seems appropriate...

 

...our lives are in your hands and you have butterfingers?

 

-Noel

 

[jmonroe0914]

I tried one time with MS and it changed my user and all so I had to image back

 

 

If you're referring to Windows setting your user name, specifically your user folder, to the first few digits of your email, the way to avoid this is to first create a local account with the user name you want, then once logged into it, choose to convert it to an email login.  User folder name stays the same, and your user name for permissions can either be entered as the original local user name or the email address.

Edited December 6, 2015 by jmonroe0914