A Few Questions About Windows Live Security

Because a lot of people, myself included, are experiencing a dramatic increase in spam traffic of both email and friend requests, I decided to do some investigating. And, what I have found concerns me greatly. I am experiencing some serious issues with Windows Live security, and I have some questions that I hope someone can answer.

Maybe this has been brought up before, and maybe there are reasons for this, but I am confused about the settings I have in my Windows Live account. They do not appear to be doing what I think they should be doing.

I have a couple alternate Windows Live accounts. I use these for various reasons. Some of those reasons are for testing things like what I am about to describe.  This is necessary because there is no proxy setting available to view your profile as another user sees it. So you must create another user to fill this role and log in as that user to view your main profile.

Now, I have tested these things with alternate ID’s that are both on my network and not on my network. I thought that maybe linking these Live IDs might have something to do with this so I unlinked them. I thought it might have something to do with an issue that being Windows Live Messenger contact requires you to expose your email to the friend. So, I deleted the alternate ID from my Messenger contacts too. 

I have removed the Personal e-mail and Personal IM and set the contact information to be viewable by “Just me”  for my personal account and the alternate. I cannot think of anything else to change to remove the option to “send e-mail."

Regardless of these changes, no matter what I have done I cannot block my email from being obtained through the Windows Live website. No matter how I set this up, in every case my alternate ID was able to see my main profile email simply by clicking on my user tile/picture on my profile and selecting “send e-mail.” Now, the interesting thing is that the “Just me" permission does effectively block the email from showing on the left hand side in the contact information area because it blocks the whole section.

Yet, somehow, this can be done. I have found a few accounts that do not have the send e-mail option available when I click their user tile/picture. And I wonder to myself, what did they do to enjoy this privilege? I wonder if these people are using Messenger? Is it possible that if you use Messenger that you are required to expose you e-mail to the world? Is it possible that their accounts are housed on a different server or they are older profiles that haven’t been changed? Is it possible that their profile were established before they started using Messenger?

So, I tried other things. I managed to get the “send e-mail” option to go away on an alternate ID if I set the profile picture to be visible to “Just me.” But that’s clearly not what these other people are doing. I can see their profile picture when I click on it. And when I do there is no “send e-mail.” So I then changed the setting to “My network.” But then the “send e-mail returns.” This is maddening and very frustrating.

It seems the objective is to give the user a sense of control over what information they expose, and to do this in the simplest way. Yet, it is somehow so complicated or it is just not working, that it seems like why bother? And while you can get a “sort of” security report in the People area of Live which shows you what a person can see, my main profile is not showing that contact information is visible. Yet e-mail – which is in contact information is clearly visible from the user icon. And now the whole world has my e-mail, and I have boatloads of new spam.

Another issue is the Windows Live ID.  This is typically an e-mail address. Some people are able to hide their Live ID. But mine seems to be stuck in “show it to the world” mode regardless of my permission settings. Is this because I use Messenger and they do not? Is the setting for this somewhere else that I have missed? Is it perhaps something set in Messenger? Is this something only I am seeing? Does it have something to do with my IP address? Or does Live know that my alternate IDs are really me? I don’t think so because most other things work the way I would expect.

So, in conclusion, I am concerned that the influx of spam emails, that started when I became active on Windows Live, happened because my e-mail is exposed. Who can see it, and who cannot see it? For those who have their e-mail hidden, how are they doing this? Is this a design feature or a design flaw? I thought it was safe to assume that my e-mail address was hidden. I have set up special contact categories for those who can view my contact information and those who can view my profile. I am left wondering what else doesn’t work the way I expect? So, can someone who actually knows how this works, and what the complications are, and what you have to do to get this set up correctly please make a blog about it so the rest of us can be assured that we are not sharing things we don’t intend on sharing – in particular – our emails – which we have gone to lengths to protect? I am assuming, based on my testing, that mine is exposed to pretty much everyone, and I thought that was one thing I was keeping private.