Microsoft SmartScreen reports my Office 365 OneDrive as unsafe

Imagine my despair when my Microsoft 365 OneDrive account got flagged by Microsoft Defender SmartScreen for containing phishing threats. I guess you really either die a hero or live long enough to see yourself become the villain.

Microsoft Defender SmartScreen

SmartScreen seen blocking my OneDrive subscription on Edge.

I have bought the Microsoft 365 Personal subscription that provides me with 1 TB of storage on the Microsoft cloud. I use this storage to back up my personal data, but being paranoid privacy conscious, I always take some precautions before uploading my data to OneDrive.

What’s that you’re storing on our cloud?

I would never even consider uploading and storing my personal data with any cloud provider or service without first encrypting the data on the client side. I am a firm believer in not my keys, not my data. Therefore, I rely on BorgBackup, a program that provides an efficient and secure way to backup data.

Windows Explorer - OneDrive

Browsing through my encrypted data on OneDrive using Windows Explorer.

With that in mind, what could be the reason why Microsoft Defender SmartScreen is labeling my data as unsafe? I don’t have access to that information, but I can always speculate.

All your data are belong to US

Any U.S based cloud provider is required by law to make sure that their storage solutions are not used to store illegal content. Data uploaded to the U.S cloud must be analyzed by calculating file hashes to be compared against hashes of known illegal content.

It’s reasonable to believe that all our data is made available for extensive machine learning. Additionally, metadata is likely to be kept permanently. In my case, automatic content screening would have been insufficient:

The content of a Borg backup file

Of course, this could all be a case of the SmartScreen filter having a hiccup, or maybe it believed the encrypted files were a result of some ransomware infection on my Windows machine. Whatever the reason, the SmartScreen warning on my OneDrive was gone the following day.

On a side note

I respect the challenges we have in the tech industry when data privacy and security collide with criminal investigations. However, I am a believer in good old-fashioned police work, and not outsourcing law enforcement to tech companies.

The argument to ban or backdoor end-to-end encryption to protect children always rings a bit hollow to me when the end goal is to enable mass surveillance. The biggest threat against children is not technology, but poverty. According to UNICEF, 13,800 children under the age of 5 died every day in 2020.

All children are equal, but some children are more equal than others.

Roger Comply avatar
Roger Comply
Thank you for reading!
Feel free to waste more time by subscribing to my RSS feed.