Windows 8 has a new featured called Windows SmartScreen, which is turned on by default. Windows SmartScreen's purpose is to "screen" every single application you try to install from the Internet in order to inform you whether it's safe to proceed with installing it or not.
There are a few serious problems here. The big problem is that Windows 8 is configured to immediately tell Microsoft about every app you download and install.
This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters
intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations.
This problem can however get even more serious: It may be possible to intercept SmartScreen's communications to Microsoft and thus learn about every single application downloaded and installed by a target.
Update: According to Microsoft, SmartScreen sends a hash of the app installer and its digital signature, if any. A combination of the hash and the user's IP address is still enough to identify that IP address x attempted to install software y.
Update 2: Another researcher has discovered that a filename of the app you're trying to install is indeed sent to Microsoft. This severely strengthens privacy concerns.
Update 3: Approximately 14 hours after this article was published, another scan of Microsoft's SmartScreen servers reveals that they have been reconfigured to no longer support SSLv2. The servers now only support SSLv3 connections.
Furthermore, SmartScreen is not easy to disable, and Windows will periodically warn users to re-enable it should they attempt to disable it.