Coffeehouse Thread

23 posts

Is there any way to prevent Windows 8 from updating Live Tiles on public networks?

Back to Forum: Coffeehouse
  • User profile image
    IDWMaster

    I've been testing Windows 8 on my netbook recently, but have realized that Windows 8 will log into Hotmail and Windows Live to update its Live Tiles and background information regardless of whether the network I'm connecting to is public or private. I am therefore concerned about the privacy implications here. Is there any way to disable Live Tile updating and Background updates of Windows Live Mail on public WiFi networks?

  • User profile image
    magicalclick

    You can right click on the tile and turn off updates. But, it is done manually, no automatic switch when you are in a public network.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    IDWMaster

    , magicalclick wrote

    You can right click on the tile and turn off updates. But, it is done manually, no automatic switch when you are in a public network.

    Disabling the tiles still fails to disable the background updates performed by Windows for the mail. I still am seeing TCP connections to Windows Live when tile updates are disabled, which contain personally identifiable information that I would not want to send over a public network, as well as a CLEARTEXT view of all my contact's e-mail addresses!

  • User profile image
    magicalclick

    @IDWMaster:

    that's not really live tile, since you will face the same problem with WL:Mail on desktop. Can you verify if this is still the case if you close the app by swiping it down?

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    DCMonkey

    How does Windows 8 know you have mail on the lock screen? Perhaps that mechanism is making the connections independent of tiles or a running instance of Mail.

  • User profile image
    AndyC

    @DCMonkey: You can set what applications are allowed to appear on the lock screen, which I believe also controls their ability to do background processing. Presumably Mail is one of those.

    Shouldn't Hotmail all be done over HTTPS these days anyway?

  • User profile image
    Charles

    I assume you are first connecting to the public network, manually.... Right? Windows 8 doesn't have the magical capability of automatically connecting to any network that exists around you without your knowledge. Once you establish a connection, it's up to you to make sure you don't send important info over insecure networks...

    Yes, the Mail app connects to Live Mail via a secure protocol...

    I have to assume that if you connect to your favorite Cafe's public network with your iPad and you have the iMail app running that you have the same concerns...

    C

  • User profile image
    DeathBy​VisualStudio

    @Charles:

    Awesome! Blame the customer rather than try and out perform your competition. I'll have to remember that for my products.

    W7 currently lets you turn off certain things (i.e. "file sharing") depending on the type of network you connect to (i.e. "public"). It sure would be nice if W8 would extend that model to the new Metro apps.

    If we all believed in unicorns and fairies the world would be a better place.
    Last modified
  • User profile image
    Charles

    @DeathByVisualStudio: Not blaming anybody... Stating the obvious.
    C

  • User profile image
    DeathBy​VisualStudio

    @Charles: Oh Charles... That's so disappointing.

    If we all believed in unicorns and fairies the world would be a better place.
    Last modified
  • User profile image
    Charles

    t@DeathByVisualStudio: I guess I don't understand the problem. Is the issue that you can't control how live tiles communicate via the network you've connected to? You want the ability to be able disable an app's ability to use the network?

    C

  • User profile image
    Charles

    @IDWMaster: So, when you disable the Mail live tile, you are still seeing the Mail app check for mail?
    C

  • User profile image
    DeathBy​VisualStudio

    , Charles wrote

    t@DeathByVisualStudio: I guess I don't understand the problem. Is the issue that you can't control how live tiles communicate via the network you've connected to? You want the ability to be able disable an app's ability to use the network?

    C

    Exactly. Just add to the model in W7 under "Control Panel\Network and Internet\HomeGroup" and "Control Panel\Network and Internet\Network and Sharing Center\Advanced sharing settings" or invert that and expose the network profile concept to the apps for them to present it in their settings (under charms).

    The OP's issue was primarily about security but you could also make the argument that every app that uses the network should be configurable to be network enabled/disabled based on the type of network (i.e. WiFi/Lan vs. 3G).

    Combining the two you'd have pretty granular control of when stuff worked for both a security and data cost standpoint. For example for contact's social updates you could configure it only to download data when on a Home/Work - WiFi/LAN network.

    Even more powerful that neutered IE... Wait a minute... Just a thought: have we just traded the IE ActiveX attack vector for a cloud connected Metro app attack vector?

    If we all believed in unicorns and fairies the world would be a better place.
    Last modified
  • User profile image
    blowdart

    , DeathByVisualStudio wrote

    The OP's issue was primarily about security but you could also make the argument that every app that uses the network should be configurable to be network enabled/disabled based on the type of network (i.e. WiFi/Lan vs. 3G).

    Interesting, but only geeks would ever configure it correctly. Far better to ensure everything is over an encrypted channel anyway.

     

  • User profile image
    Sven Groot

    @DeathByVisualStudio: But the current public/private split isn't a good way to control that. My computer connects directly to the Internet with a public IP address, hence I'm on a public network (sharing off, firewall on). But I still want to check my e-mail on that network.

    What IDWMaster is talking about isn't so much a public network as an untrusted network: an unencrypted wireless network, or a connection going through a NAT router where you can't be sure that traffic isn't being logged.

    So to support something like this you'd need a new network category to represent these untrusted networks, that when selected would alert apps and tiles not to transmit or request unencrypted sensitive data (passwords, e-mail addresses, messages). Applying that restriction to public networks would simply be too broad.

    It'd be a nice feature for sure, and since as far as I'm aware no other OS has this, it would be something to set Win8 apart. On the other hand, it's asking users to make a fairly complicated decision that they probably don't understand (for example, at a conference last year someone didn't want to check his e-mail on the unencrypted wireless network, but it turned out he was talking about gmail which uses TLS/SSL across the board so he would've been entirely safe; and this was someone with a degree in computer science!)

  • User profile image
    KMWoley

    @IDWMaster - one quick point of clarification about Windows Push Notification Service (WNS). The connection between the Windows client and the WNS cloud service is on a secured, encrypted channel over TLS. If there is cleartext information being sent, it's not via push notifications. Tile and Notification updates sent via push notifications are not in the clear between the client and WNS service.

    Also note that there are group policies as well as live tile on/off buttons that can be used to turn off live tile updates per app - if an app is using polling or push notifications to update the tile, these on/off buttons per tile will stop the network usage to update the app tile. To stop all push and poll network usage, the app has to be both off the lock screen as well as have it's tile setting set to 'off'. 

    @DCMonkey is right that apps get the right to run in the background if they are on the lock screen - these apps can use other means to update the tile (i.e. local notification APIs) that don't involve Windows doing the network traffic directly. To shut them down and keep them from using your network, you have to unpin those apps from your lock screen so they stop running in the background. This setting is under PC Settings > Personalize > Lock screen apps.

    HTH.
    Kevin

  • User profile image
    DeathBy​VisualStudio

    , blowdart wrote

    *snip*

    Interesting, but only geeks would ever configure it correctly. Far better to ensure everything is over an encrypted channel anyway.

     

    That's funny because when I installed a podcast app on my Android phone it asked in very simple terms if I only wanted to download podcasts when I was connected via WiFi or when using 3G and warned me the 3G connection may incure additional usgae fees. Even my girlfriend who hates computers understood what it ment.

    @Sven Groot: Per the original OP's request that's true but from a datage usage standpoint it sure would be nice to be able to limit usage on a per app basis. Thanks for the great break down of detail.

    @KMWoley: Great explanation! Thanks.

     

  • User profile image
    blowdart

    , DeathByVisualStudio wrote

    *snip*

    That's funny because when I installed a podcast app on my Android phone it asked in very simple terms if I only wanted to download podcasts when I was connected via WiFi or when using 3G and warned me the 3G connection may incure additional usgae fees. Even my girlfriend who hates computers understood what it ment.

    Because there's a cost.

    Now

    Do you want to update live tiles when you're on

    • Work Network
    • Home Network
    • Public Network
    • Wireless device
    • Public Network with encryption

    And so on.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.