Microsoft Encrypts Error Reports But Your Personal Information is Still at Risk

I have been discouraging people from sending error reports to Microsoft for years. Microsoft’s own security experts agree that sending error reports to Microsoft is not a good idea for security reasons. One reason that I have been given was the fact that the information is sent to Microsoft unencrypted. Well, with Exchange Server 2010 Microsoft has announced that it is now using HTTPS to secure the transmission when the errors are reported to Microsoft. That’s good news. However, what is not good news is that your personal information may still be at risk. If you are okay with risking your personal information, then sending error reporting to Microsoft can be a noble cause. For those of you who are not okay with risking your private information, I suggest you do not enable error reporting.

Here’s the screen shot from Exchange Server 2010 installation wizard telling you that your transmission will be secured with HTTPS and at the same time warning you that your personal information may be at risk. However, Microsoft should be commended for making the default option to be NO, even though their recommended option is YES. I like it when vendors don’t intentionally try to trick consumers and let the consumers decide what they want after they have been given all the options. While in some other cases, such as certain Windows Vista and Windows 7 features and Microsoft Security Essentials, the exact opposite is true, in this case Microsoft and the Exchange team deserves a thank you and a pat on the back.