WinRAR's New Update Boosts Privacy by Removing Windows Metadata

Introduction

WinRAR, one of the most widely used file archivers and compression tools for Windows, has just received a significant update with the release of version 7.10. This new update introduces several features aimed at improving performance, usability, and security. Among these, one of the most notable changes is the ability to strip sensitive metadata from the Mark-of-the-Web (MoTW) alternate data stream, increasing privacy for users who frequently download and share files.

This article explores the implications of this new feature, explains how MoTW works, and discusses the broader significance of this change in the context of online privacy and security.

Overview of WinRAR 7.10 Features

WinRAR 7.10, released by win.rar GmbH, brings a variety of enhancements that improve user experience and system performance. Some of the most notable features include:

Larger Memory Pages: This update optimizes memory usage for better performance, making file compression and extraction more efficient.

Reworked Settings Interface: The updated interface makes navigation and customization easier for users.

Dark Mode: A long-awaited feature, dark mode support improves visibility and reduces eye strain for users who prefer a darker UI.

Enhanced Mark-of-the-Web Handling: Users can now control how MoTW flags are propagated when extracting files, allowing them to remove sensitive metadata while retaining security.

While all these updates contribute to improving WinRAR’s functionality, the new MoTW setting is particularly relevant for privacy-conscious users.

Understanding Mark-of-the-Web (MoTW)

Mark-of-the-Web (MoTW) is a security feature in Windows that helps protect users from potentially malicious files downloaded from the internet. Whenever a file is downloaded from the web, an alternate data stream (ADS) named Zone.Identifier is added to it. This identifier informs Windows and certain applications about the origin of the file, triggering security warnings when the file is opened.

How MoTW Works

When a user attempts to open a downloaded file, Windows checks if the MoTW flag is present. If so, it may display a warning message asking the user to confirm whether they trust the file. Microsoft Office applications also use MoTW to decide whether to open documents in Protected View, restricting the execution of macros to prevent potential malware infections.

Users can manually check whether a file has a MoTW flag by right-clicking it, selecting “Properties,” and looking for a security warning at the bottom of the window stating:

"This file came from another computer and might be blocked to help protect this computer."

By default, when files within an archive contain a MoTW flag, that flag is inherited by the extracted files, ensuring that the Windows security system continues to warn users about potentially untrusted files.

Privacy Concerns with MoTW

Although MoTW enhances security, it also presents a potential privacy risk. The Zone.Identifier stream can store various pieces of information about the downloaded file, including:

• The Zone ID, indicating whether the file was downloaded from the Internet, a local intranet, or another source.
• The URL of the downloaded file, revealing its exact online location.
• The Referrer URL, showing which webpage linked to the file.
• The IP address of the host server from which the file was downloaded.

While these details can be useful for security and digital forensics, they can also expose sensitive information if a file is shared with others. For example, if a user downloads a confidential document from a private server and later shares it without realizing the metadata is still attached, they may inadvertently disclose the source of the file.

How WinRAR 7.10 Addresses MoTW Privacy Issues

Recognizing the potential privacy concerns associated with MoTW metadata, WinRAR 7.10 introduces a new setting called “Zone value only.” When enabled, this setting ensures that only the ZoneId is retained in extracted files, stripping out any additional identifying information, such as URLs and IP addresses.

How the New Setting Works

By default, the new setting is enabled in WinRAR 7.10. This means that when users extract files from an archive, the MoTW flag will still indicate that the files came from an external source, preserving security warnings. However, all other metadata will be removed, preventing unintended exposure of download locations and other identifying details.

• Users who wish to restore full MoTW metadata propagation can disable this feature by navigating to:
• WinRAR Settings > Security > Uncheck "Zone value only"
• This flexibility allows users to balance security and privacy according to their individual needs.

Implications for Digital Forensics and Security

While this change is a welcome privacy enhancement for end users, it may pose challenges for digital forensic investigations. In some cases, investigators rely on MoTW metadata to trace the origins of malicious files or identify the source of cyberattacks. By stripping out download URLs and IP addresses, WinRAR 7.10 makes it more difficult to determine the provenance of a file after it has been extracted from an archive.

At the same time, this update aligns with broader privacy-focused trends in software development. Many users and organizations prioritize protecting their digital footprints, and the ability to control MoTW metadata aligns with this growing emphasis on data security and anonymity.

Balancing Privacy and Security

The debate over privacy vs. security is an ongoing one, and the changes introduced in WinRAR 7.10 highlight the need to find a balance between the two.

Advantages of the New Feature

Enhanced Privacy: Prevents the unintentional disclosure of download sources when sharing extracted files.

User Control: Allows individuals to decide how much metadata is retained in their files.

Improved Trust in File Sharing: Reduces concerns over exposing sensitive data when distributing compressed archives.

Potential Drawbacks

Reduced Forensic Capabilities: May make it harder for cybersecurity professionals to trace the origins of malicious files.

Possible Security Trade-Offs: While MoTW security warnings remain intact, stripping metadata might remove contextual clues that could help users make informed decisions about file safety.

How to Update to WinRAR 7.10

For users who want to take advantage of these new features, updating to WinRAR 7.10 is a straightforward process:

Visit the Official WinRAR Website - Download the latest version from www.rarlab.com.

Run the Installer - Open the downloaded file and follow the installation instructions.

Customize Settings - Navigate to the settings menu to adjust security preferences, including MoTW handling.

Users who rely on WinRAR for compressing and extracting files should consider updating to take advantage of these performance, usability, and privacy improvements.

Conclusion

The release of WinRAR 7.10 introduces several valuable features, with the ability to strip sensitive metadata from MoTW being a particularly important privacy enhancement. By ensuring that only the ZoneId is retained while removing potentially identifying details, this update provides users with greater control over their file metadata.

While this change may impact digital forensic investigations, it ultimately aligns with a broader movement toward greater online privacy and security. Users who prioritize privacy will appreciate this update, while those needing full MoTW metadata can still enable it manually.

With over 500 million users worldwide, WinRAR remains a critical tool for file compression and management. The latest version reinforces its commitment to balancing security, performance, and user privacy in an increasingly digital world.