News Stay informed about the latest enterprise technology news and product updates.

Dang! Windows 8.1 Smart Search Has a Dark Side

I’d noticed the stories last week about how the Bing Ads platform is integrated into the new Windows 8.1 Smart Search capability, but I didn’t really understand what this means until I ran across a very interesting InfoWorld story from long-time Windows maven Woody Leonhard this morning. It’s entitled “A look at the black underbelly of Windows 8.1 ‘Blue’” and it walks through a whole list of potentially questionable things that MS is doing with the upcoming release to its flagship desktop OS. And despite my own blog post from last week (“Smart Search Provides Big Boost to Win8.1“) I simply had no freakin’ idea that using Smart Search for a purely local survey of what’s on your own PC would lead to sharing of the search strings used with Bing, Google, or whomever you designate as your default search engine, and be followed by a stream of ads to match.


Searching for the latest PDF file for your American Express card statement (*amex*.pdf) will also set you up for a barrage of advertisements.
(Image source: David Pann Bing Ad blog post, with a hypothetical change to the search string)

For the Microsoft take on what’s going on here before Woody started digging into the so-called “black underbelly” parts, see David Pann’s Bing Ads blog post from July 2 “New Search Ad Experiences within Windows 8.1.” In light of Woody’s disclosures some of the language in this innocuous seeming rah-rah marketing post take on a more sinister meaning (all bulleted items that follow are verbatim quotes from the afore-cited blog post):

  • “…a number of new ad products, driving significantly higher click volume for our advertisers…”
  • “…this journey is our pursuit of making search ever more relevant and engaging for customers…”
  • “With one search, consumers can look for information across the web, device, apps, and cloud.”
  • “Bing Ads will be an integral part of this new Windows 8.1 Smart Search experience.”
  • “…advertisers can connect with consumers across Bing, Yahoo!, and the new Windows search with highly relevant ads for their search queries.”

In retrospect, MS isn’t hiding anything at all, but the complete implications of the preceding statements don’t really register until you stop to think that this means targeted ads follow in the wake of any search, including those conducted purely to locate a document or file on your PC, even if it’s not related to any desire to shop whatsoever. Very interesting, and a potent reminder that every action in the digital world leaves traces that others can collect, analyze, and respond to — whether you want them to or not.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I had started a lengthy comment to your previous post before giving up. It had begun to feel like my personal paranoid rant as it kept getting longer, so I gave up and dropped it. Now I think it should have been posted.

However, it wasn't about "ads" but rather about any random search terms over my own library of documents.

I've been heavily involved with platform and network security for IBM midrange business systems for 20 years. My library of collected documents is extensive and searches are frequent. A different blog post recently referenced one document I have, a .PDF of a study: Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices. The blog post got me thinking of another older .PDF that I have: Experimental Security Analysis of a Modern Automobile. Bluetooth has always seemed full of problem potential to me, and it's a category that I track.

I ran a couple local searches to see what I had that might indicate potential cross-overs between the two areas. Later, I read your blog post; and while reading it, I thought of recent revelations of how the NSA (and who knows who else) is collecting who knows what data. Broadcasting all (or any) of my personal search terms seemed troublesome. Some of the searches I do over my own stuff might look suspicious out of context.

What if some suspicious car accidents happen along I-5 between Seattle and Tacoma over the coming weeks? If one of them involves a public official, are red flags raised over my search terms?


This is troubling, if it occurs without user control. There should be an option to enable it, which is not the default. Ideally, expanding the search beyond your computer should be allowed on a case by case basis. Maybe an "ask" option. Haven't seen the actual implementation yet so I don't know what the details are.A little paranoid, maybe. "It isn't paranoid, if they are really out to get you." :-) I was hearing from this fellow named Snowden and he was saying...
If it is enabled by request on each search, I'd be much more comfortable. Technically, for me, it's not a big deal. I'm more concerned about users who have less experience with computers and don't grasp the power inherent in 'big data' of any kind. Even just metadata. That much data being available is a threat to everyone. Tom