It seems that there is a bit of a privacy concern coming up in the current preview version of Windows 8. Namely, the operating system stores contacts pulled from all sorts of communication networks, from Facebook to Hotmail, in an obscure but unencrypted cache located on the machine. More than that, this cache persists even when an account is logged out or the machine is powered down. This means that anybody with an Administrator level account on a given machine can gain access to any user’s contacts complete with name, email address, pictures, and other stored information. Naturally there has been some talk.
Obviously the most important thing to keep in mind when reading this is that the currently available version of Windows 8 is still the Beta. We are not playing with a finished product no matter how well it performs and how powerful it has proven to be. This means that there are likely to be security holes and bugs floating around that will be dealt with before release. Chances are very good that this will be one of those things that just never happened to be addressed prior to the Windows 8 Consumer Preview’s release.
That aside, let’s assume that this problem persists all the way through to the street release. It is realistically only going to be an issue in a situation where another person has administrator access to your personal computer. If this were to happen then either your physical machine has been compromised, in which case your contacts should be the least of your worries, or somebody has a way into your system from the outside, in which case your contacts should be the least of your worries.
Regardless of best practices, most users do not change their passwords regularly, have different passwords for each site, have any sort of secondary security beyond an alphanumeric password, or really take any real care with the security of their information unless forced to. That is where you will have the biggest breakdown. For somebody to gain access to an administrator account on a Windows 8 machine means that complaining about what they find cached when they are in there is overlooking the more pressing issues.
If users are genuinely concerned about this problem, there is the option to flush all caches on logging off from the system. This can decrease the usefulness of the Windows 8 Contact List since it takes time to rebuild that sort of thing, but the option is there. More importantly, if security is a concern, there are a number of services and tools available to help with encryption and information security. For the most part there is a bit of a learning curve, but it really does not take that much extra effort to stay safe.
Does Windows 8’s more recent preview build have a security hole? Yes, to some extent. Whether or not that hole is filled by the Win 8 Release Preview, this is already no greater a risk than you are running on any other system. It will only be a problem if you’re already compromised.