SkyDrive saves more about your Office documents than it first appears.
When you save a document to SkyDrive, Microsoft collects some more details than you’d expect but hasn’t bothered to tell its customers.
We’ve already told you about Jason Hale and his discovery that the ‘Welcome Back’ details when re-opening a document are not saved in the document itself. Instead they are saved, with the document name and path in the Windows registry. Microsoft should disclose that information to customers but it’s missing from their web site.
While checking out that discovery we noticed that there were no SkyDrive documents in the 50 Reading Locations saved. Yet if the same Microsoft account holder opens a Word document from SkyDrive on another computer they’ll get a ‘Welcome Back’ message.
Somehow the ‘Welcome Back’ information is being passed between computers and that isn’t disclosed by Microsoft.
Again, the obvious place for that information is in the document itself. However our look inside a .docx could not find anything (maybe someone with sharper eyes can find it?).
More likely is that the ‘Reading Location’ is being passed, unseen and undocumented to and from SkyDrive storage. We know some information is passed via SkyDrive to update the Open | Recent Documents list on copies of Office 2013 used by the same Microsoft Account. It seems that more than just the document name and location is being passed around.
What’s worrying is that these personal details are sent across the Internet without any disclosure from Microsoft. We’ve searched the Microsoft site but can’t find anything documenting the ‘Reading Locations’ registry entry let alone what they are saving to SkyDrive behind the scenes. Perhaps more details are being sent than just the ones we’ve uncovered?
Compared to the sharing of customers data with government agencies, a few document names and location are seemingly trivial. However from these small things, big privacy breaches can grow. Microsoft talks about privacy and disclosure, but this is an example of them not practicing what they preach.
- No password protection in Office apps
- Microsoft can read your Office documents, legally
- ‘Pickup where you left off’ isn’t working
- More hidden document traces
- Word 2013: document details not deleted from the registry
- More privacy exposure in Office 2013
- How do they know ‘Where you left off’?