×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Releases Mobile Data Collection Source Code

timothy posted more than 2 years ago | from the but-the-secret-room-isn't-in-the-blueprints dept.

Microsoft 69

mikejuk writes "To avoid the problems that Google and Apple have had with collecting WiFi data and privacy issues Microsoft has just released [some of] the source code used in its mobile data collection system. The code shows how the phones that it drives around don't collect any personal data — just WiFi and cell tower identification so that they can be used in geolocation. The source code is a great educational resouce but as to proving that Microsoft is doing the right thing it just doesn't work. First off, it isn't complete. Second, who is to say that it is the code used in the phones? That's the point of software — it's easy to change. Now if only we can provoke them to release large chunks of Windows or Windows Phone 7...."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

69 comments

Microsoft? (-1)

Anonymous Coward | more than 2 years ago | (#36688170)

Releasing source code? Huh. That's odd. Do us Slashdotters still have good old fakepassword3? Sorry I came to the garbage of this place and realized it.

apple!=google (-1, Troll)

cheeks5965 (1682996) | more than 2 years ago | (#36688182)

just WiFi and cell tower identification so that they can be used in geolocation.

The iphone locationgate was way overblown. Apple's approach was way less intrusive than Google. All they were doing was storing the location of nearby cell towers on the phone, to speed up the phone's geolocation. the data was never sent back to apple. this is the difference between the phone tracking your location and apple tracking your location.

Google, on the other hand, monitors you like the optomicon. one database to rule them all.

Re:apple!=google (1)

errandum (2014454) | more than 2 years ago | (#36688286)

The problem with most people was never that it was gathering info, but that everyone could access it. If someone stole your phone they'd have a footprint of your life in their hands. They encrypt it now and it's fixed.

Google's data is only accessible if you root the phone... And it'll only send info back and forth if you consent (Basically, if you want to use the geolocation boost you are forced to share your info too).

The issue is not a non issue. there is nothing wrong, in my opinion, in gathering information (remember, we are using some pretty neat services for "free", like gps), but you have to do it right.

Partial release rings alarm bells (-1, Troll)

Chris Down (2350174) | more than 2 years ago | (#36688196)

Partial release is more dangerous than no release at all. Without the ability to compile the entire thing for yourself and check the checksums, there is no real way to know that this is the genuine source.

Just because you open the door a crack, doesn't mean the user can see the massive spike pit hiding behind the hinge.

Re:Partial release rings alarm bells (4, Insightful)

Normal Dan (1053064) | more than 2 years ago | (#36688226)

Somehow I get the feeling a full release of the source code still wouldn't be enough to satiate the nerdy masses.

Re:Partial release rings alarm bells (2, Insightful)

Anonymous Coward | more than 2 years ago | (#36688276)

Nothing ever will be. If we get full source they will whine that it's in the wrong license or it needs visual studio/windows to compile. Or they will call it useless and whine about that.

Re:Partial release rings alarm bells (3, Interesting)

gabebear (251933) | more than 2 years ago | (#36688346)

It's very likely Microsoft will never release anything that will satiate people who understand licenses and value freedom. Microsoft likes you to sign crazy NDAs for access to specs and source and ties their own developers and evangelists hands. I was at a WP7 presentation a month ago given by MS's WP7 evangelist for my region. He couldn't hook the WP7 phone he had to the projector like he normally does because Microsoft's legal department took away the cable he had been using for presentations...

Re:Partial release rings alarm bells (1)

Gadget_Guy (627405) | more than 2 years ago | (#36689696)

It's very likely Microsoft will never release anything that will satiate people who understand licenses and value freedom. Microsoft likes you to sign crazy NDAs for access to specs and source and ties their own developers and evangelists hands.

And yet here they are releasing the code without requiring crazy NDAs [microsoft.com] . That is not to say that they haven't required NDAs in the past (like when they have released the full code for Windows for specialised uses), but that doesn't mean that everytime they release some code that it get tied up in paperwork.

He couldn't hook the WP7 phone he had to the projector like he normally does because Microsoft's legal department took away the cable he had been using for presentations...

Why? Was there an actual legal reason behind this, or did someone just pinch his cable? It seems pretty unlikely that the legal department would prevent them from advertising a released product.

Re:Partial release rings alarm bells (2)

Aydsman (718016) | more than 2 years ago | (#36690552)

He couldn't hook the WP7 phone he had to the projector like he normally does because Microsoft's legal department took away the cable he had been using for presentations...

Why? Was there an actual legal reason behind this, or did someone just pinch his cable? It seems pretty unlikely that the legal department would prevent them from advertising a released product.

I believe Windows Phone uses a protected graphics path, similar to the one in Windows Vista & 7, in order to provide DRM so services like Netflix feel all warm & fuzzy that their video content can't be intercepted. Because of this, all phones which are used in demos require a special build of the OS to display on a projector and, no doubt, a special cable recognised by that OS build.

Having said the above, I'm not sure what reason Microsoft would have to reclaim the cable apart from controlling the number of them that exist outside the company. This control would be part of keeping the integrity of the DRM path.

Re:Partial release rings alarm bells (0)

Penguinisto (415985) | more than 2 years ago | (#36688384)

Somehow I get the feeling a full release of the source code still wouldn't be enough to satiate the nerdy masses.

I disagree. If it can be fully compiled and tested, then there would be no rational place for the "OAMG they have something they're hiding!" argument. OTOH, Microsoft is kind of notorious for only doing their PR stunts half-assed, and this latest one kind of proves it. Even SCO did a better job of convincing Joe Reporter that they truly showed off code/evidence (and let's face it - their attempts were hella laughable at best).

'course, you can still check things WP7-wise as it is now... that is, if you can capture every packet coming out, decrypt the payloads accurately, then assemble and analyze the results.

IMHO, releasing only part of the source code is indeed, like GP said, more dangerous than no release at all. Just that he forgot to mention that it's potentially dangerous in both directions - both to the world at large ("oh look, stuff to test for exploits!"), and to Microsoft ("OAMG they're hiding something! You can't even test what's there without violating a license!").

It'd be better off if they didn't even bother, considering that the bits they did release are worthless in and of themselves.

Re:Partial release rings alarm bells (2)

Gadget_Guy (627405) | more than 2 years ago | (#36690082)

IMHO, releasing only part of the source code is indeed, like GP said, more dangerous than no release at all. Just that he forgot to mention that it's potentially dangerous in both directions - both to the world at large ("oh look, stuff to test for exploits!"), and to Microsoft ("OAMG they're hiding something! You can't even test what's there without violating a license!").

That is not correct in this case. The problem is that everyone believed the article when they said that this was the code from Windows Phone 7. This is actually the code from Microsoft's vans that collected geolocation data. [engadget.com] (similar to Google's vans that logged everyone's WiFi packets that got them into strife). The fact that they didn't release the entire code is irrelevant because none of us have the binaries with which to compare the source code. Therefore there are also no security problems with them releasing this code either.

Oh please! I know the TRUTH! (0, Funny)

Anonymous Coward | more than 2 years ago | (#36688404)

Somehow I get the feeling a full release of the source code still wouldn't be enough to satiate the nerdy masses.

The source code is a great educational resouce but as to proving that Microsoft is doing the right thing it just doesn't work. First off, it isn't complete. Second, who is to say that it is the code used in the phones? That's the point of software — it's easy to change.

It explains it right there! You see Microsoft, with their history of deceit, lies and downright badliness are obviously hiding something. And I know what it is.

The real software gets passwords, IP, MAC addresses, of everyone connected and people's names and SSNs - that's how devious they are.

And on authority that I can't name right now, Microsoft has in fact bought the Illuminati and is planning on calling it "Microsoft Illuminati"! Really it's true.

But there's more and here's the really scary part: they bought the NSA. Yep! That's where they got the software from!

I can't go into more because the Microsoft Brain Scanner is running, but they also are behind Al-Qaeda!

Microsoft is spying on everyone and be careful!

Re:Partial release rings alarm bells (2)

im_thatoneguy (819432) | more than 2 years ago | (#36688576)

You don't even have to use your "feelings", he says it in the next sentence:

Second, who is to say that it is the code used in the phones? That's the point of software â" it's easy to change.

"Please give us all your source code! And proof that it's exactly the source code on my phone! And that you didn't push an OTA update! And that you are verifying the MD5 checksum of the source code to the build on my phone! And a UN panel to supervise the foundry in which the hardware md5 check was being performed! And a background check on all the people supervising the foundry to make sure nobody changes the hardware to mis-report the checksum! And...."

There is no way to please them. At least they were up front about it.

Re:Partial release rings alarm bells (1)

rbrausse (1319883) | more than 2 years ago | (#36691804)

And that you are verifying the MD5 checksum of the source code to the build on my phone! And a UN panel to supervise the foundry in which the hardware md5 check was being performed!

nah, not enough. md5 is COMPLETELY BROKEN [cert.org] !!!11!

Re:Partial release rings alarm bells (2, Informative)

Anonymous Coward | more than 2 years ago | (#36688924)

Not with comments like "Second, who is to say that it is the code used in the phones?" coming from the person who wrote the summary. You could ship that jackball straight to Redmond, sit him down in front of a workstation at Microsoft, let him review the code himself and press the build button himself, and he'd still think it was a clever ruse on Microsoft's part.

Re:Partial release rings alarm bells (0)

Anonymous Coward | more than 2 years ago | (#36690368)

Most likely, Microsoft would have a custom version of Visual Studio running that would simply inject nefarious bits at the right point.

Amusingly, the CAPTCHA for this is "merges."

Re:Partial release rings alarm bells (0)

Anonymous Coward | more than 2 years ago | (#36691358)

And showing you the compiler wouldn't help; what if they implemented ken's hack [bell-labs.com] ?

Re:Partial release rings alarm bells (1)

camperslo (704715) | more than 2 years ago | (#36690118)

Somehow I get the feeling a full release of the source code still wouldn't be enough to satiate the nerdy masses.

Satiate?? Really?? Does anything even suggest that we find the phone relevant enough to care? If one had to pick a group most likely to avoid the phone, wouldn't "the nerdy masses" be a good first pick? The phone seems to be targeted at people that perceive Apple and other offerings as too scary and complicated... That's the opposite of the "nerdy" demographic.

Re:Partial release rings alarm bells (0)

Anonymous Coward | more than 2 years ago | (#36688310)

Without the ability to compile the entire thing for yourself and check the checksums, there is no real way to know that this is the genuine source.

It's never enough for some people. "Check the checksums"??? Come on.

Who's to say that the phone isn't showing you a fake checksum, to lull you into a false sense of security? You'd say: I'd have to be able to compile it myself, of course.
But who's to say that the phone actually runs your compiled version, rather than its own?

Tell us what would satisfy you.

Re:Partial release rings alarm bells (1)

Altus (1034) | more than 2 years ago | (#36688372)

Never mind that you would have to use visual studio to compile it and we all know that secretly inserts backdoors in all software made with it.

Re:Partial release rings alarm bells (1)

godrik (1287354) | more than 2 years ago | (#36688366)

It's better than nothing but does not prove much. MS could release the compilation script that build that piece of the code to be able to verify that the binary version of these function is present in WP7

But once again, that code could not be activated at all. Once again, you could offer to recompile that part of the code to insert some profiling. But then, you would know the code is gone trough but maybe discarded.

Soon we will have the discussion about trusting trust again (if you don't know, what it is, it is the prolem of "how to trust your compiler")

Re:Partial release rings alarm bells (1)

larry bagina (561269) | more than 2 years ago | (#36688410)

The full source code should ring alarm bells, too. It runs on their phones, in their vans. You don't have access to the hardware to verify it's running the source code they provided (and only the source code they provided). You don't have access to their compilers to verify it's not inserting other code [otterbein.edu] .

Re:Partial release rings alarm bells (1)

Score Whore (32328) | more than 2 years ago | (#36688688)

Somehow I don't think you realize that this is about Microsoft's equivalent of the Google StreetView car and nothing at all to do with the phone. You're not intended to run this code, ever. It's for them to run. What they are doing is, is showing that they're doing it "right" as compared to Google's way of doing it "wrong."

And the funny thing is that in the Google threads there are tons of people who do all sorts of speculation in order to absolve Google, and in the summary of this story they go to all sorts of speculation to incriminate microsoft. Way to go people.

Re:Partial release rings alarm bells (1)

exomondo (1725132) | more than 2 years ago | (#36688980)

Without the ability to compile the entire thing for yourself and check the checksums, there is no real way to know that this is the genuine source.

Check the checksums against what?

How much proof do you need? (4, Insightful)

goldspider (445116) | more than 2 years ago | (#36688318)

First off, it isn't complete. Second, who is to say that it is the code used in the phones? That's the point of software — it's easy to change.

Blah blah blah. And where's the "REAL" birth certificate??

No amount of proof is enough for some people.

Re:How much proof do you need? (0)

h4rr4r (612664) | more than 2 years ago | (#36688434)

Those are quite different. Heck, just giving out source and let users compile it and place it on their own phones would solve this complaint. Sure you have to trust the compiler and the hardware, but that is pretty normal.

Re:How much proof do you need? (2)

iluvcapra (782887) | more than 2 years ago | (#36688526)

For any non-trivial function its basically impossible to prove exactly what a computer will do, and once the data leaves the phone to someone's server you can't prove anything. All you have is the company's good word.

Re:How much proof do you need? (3, Insightful)

Bacon Bits (926911) | more than 2 years ago | (#36688940)

For any non-trivial function its basically impossible to prove exactly what a computer will do

Bullshit.

If this were remotely true then closed-source applications couldn't be hacked. How exactly do you think you crack and application which requires a software key or has a DRM requirement? How do you think they jailbreak game consoles with saved games? The magic of coincidence? Of course not. The look at the binary code, see what it's doing, disassemble/decompile what they can, and trap all network I/O and file I/O. If you really want to know what WP7 is doing, you can reverse engineer it. If DRM -- which is specifically designed to be difficult to reverse engineer or circumvent -- if DRM can be understood with just binary access, the behavior of an OS on a phone which lacks this design focus should not be that difficult.

Other than being a goodwill gesture (and arguably opening MS up to fraud lawsuits if they are found to be lying), this release doesn't do much at all. However, given what would happen to MS if the code they release here is found to be anything other than what is actually running, I don't believe that they would risk being so stupid as to release anything but the actual source code. MS is in no position in the mobile marketplace to suffer such a gaffe.

Re:How much proof do you need? (0)

Rockoon (1252108) | more than 2 years ago | (#36689204)

In short, you are a complete idiot on this subject of proof, and you have just proven it.

Not really...no. (2)

theBully (1056930) | more than 2 years ago | (#36690908)

I work in an environment where super paranoid measures are imposed to avoid issues. Every piece of software is isolated on a network with a sniffer that will check the nature and content of any data going out or in, while the software is taken through all of it's use cases. Some of these tests are time consuming because the tested software is complex and involves running very many use cases. Compared to some of these, a phone is in fact very simplistic. In many cases we test closed-source appliances but I can guarantee we do know everything the device transmits. No need for code or much reverse engineering. In conclusion, if someone wanted to prove they are doing something mischievous one could have done it without any source code. Microsoft just showed good will here.
It's funny how people react to news about Microsoft and their technology. Take UAC for example. Everyone started complaining that they have to click an OK button every time they performed a task that involved the system. The same people thought that writing your password in Linux every time you perform an administrative task was an excellent idea. I sense a contradiction here. (For the record, I think requesting specific permissions on administrative tasks is a must so I will be happy to have that feature in any OS).

Re:How much proof do you need? (1)

rastoboy29 (807168) | more than 2 years ago | (#36689396)

You mean you can compile and run this code on your Windows phone?

You, sir or madam, are missing the point.  Source code alone is meaningless if you can't actually *use* it.

Re:How much proof do you need? (2)

afabbro (33948) | more than 2 years ago | (#36691222)

You, sir or madam, are missing the point. Source code alone is meaningless if you can't actually *use* it.

You made Donald Knuth cry, you big bully.

Re:How much proof do you need? (1, Offtopic)

weicco (645927) | more than 2 years ago | (#36691420)

I don't have time to compile fricking source codes! I have better things to do, like actually use the software. Besides, Microsoft already compiled it for me.

Re:How much proof do you need? (1)

The Moof (859402) | more than 2 years ago | (#36693654)

Source code alone is meaningless if you can't actually *use* it.

Assuming the code provided is exactly what's used, you can use the source code to do your own code audit. You can see where there might be security problems, see if there's any shady stuff going on, etc.

Of course, this usefulness relies on those first 8 words of my comment.

Re:Big difference. (1)

Anonymous Coward | more than 2 years ago | (#36690522)

Do you not see the difference between a potentially but very unlikely faked birth certificate, and a piece of meaningless code which won't compile, is by their own admission incomplete, and can't be tested on working hardware?

How is this insightful? The article was right on the money. This doesn't prove anything.

Re:How much proof do you need? (0)

Anonymous Coward | more than 2 years ago | (#36692242)

Reality check PROTIP: That's the damn basis of all science [tinypic.com] !

Do you realize that you're doing the exact same thing, those birthers you hate so much do?
Massive ignorance, prejudice, delusion and dumb generalizations.
Let me explain:

No amount of "proof" is ever enough. That's why it's called the relativity theory. Because we never ever can prove that something is like we think it is. All we can do, is prove that it isn't. (Through observation that conflicts with the theory.)
So if there is a absolute reality, we can never prove or see it. Ever. We can only rely on our (until now) experience, that the laws of physics will be the same in our current and future position in space-time.

And that's the real reason why birthers are idiots: Because they think it would be possible to get "proof" at all.
Which is, what you also think.
And that's why you're so much the same.

You're like those Wikipedia admins, who can't tell personally observed evidence from something they got told by a "source". Very dangerous behavior, because then that "source" can alter your perception of reality it will. Which is why social engineering works so well on such idiots.

Since I can not ever prove if Obama was born in Hawaii, I have to choose whose information to trust. And since I can also possibly not ever prove if that source code is the one really used, I also will have to trust Slashdot trusting MS.

That is a personal thing, based on experience on what choice of trust results in a better life. And while I trust Obama being born in Hawaii (Really, I don't give a fuck where he's born, as it doesn't mean shit to me. It changes nothing. But it feels more useful to do trust it, since the alternative feels "conflicty".), I have learned not to trust MS at all. They committed crimes so often, if they were a person, they would have tattoos from at least 3 different prisons, a ass so lose, it would make Goatse jealous, and even their mother wouldn't talk to them anymore.

And, sorry dude, that's just way too much.

What a biased piece of garbage article. (5, Insightful)

spd_rcr (537511) | more than 2 years ago | (#36688342)

I don't know how this one made it through the slashdot filters to be published. Mikejuk's posting sounds like conspiracy drivel. What Microsoft did was clearly a good effort to try and show the worry-warts what they're doing, but to expect them to give away the source code to their operating systems is just crazy.. their whole business model is based on traditional closed source software.

Re:What a biased piece of garbage article. (3, Funny)

eln (21727) | more than 2 years ago | (#36688378)

I don't know how this one made it through the slashdot filters to be published.

You must be new here.

Scumbag slashdot (0)

Anonymous Coward | more than 2 years ago | (#36688480)

Likes open source, goes ballistic when MS throws them a bone.

Re:What a biased piece of garbage article. (1)

girlintraining (1395911) | more than 2 years ago | (#36688604)

their whole business model is based on traditional closed source software.

No, their business model is based on vendor lock-in and pricey support contracts. They could publish the source code and it would not harm their business model because the moment someone created a compatible product, they'd be sued for copying the "look and feel". Our patent and copyright system pretty much ensure there will never be competition against Microsoft (or any large business) from this country, european countries, australia, or most anywhere else they've managed to sucker the government into enacting intellectual property regulations. The only place Microsoft's source code could be useful would be in places like China that don't have restrictive IP laws, and in either event don't pay for software licensing anyway, so it's hardly a loss.

Re:What a biased piece of garbage article. (2)

cavreader (1903280) | more than 2 years ago | (#36690178)

"there will never be competition against Microsoft " Please tell me you are joking. On the off chance you are not trolling please consider this, at a bare minimum MS is up against strong competition in the OS space, Game systems, Database systems, Phone systems, Mail systems, and productivity applications.

Re:What a biased piece of garbage article. (0)

Pigskin-Referee (1389181) | more than 2 years ago | (#36688998)

I don't know how this one made it through the slashdot filters to be published.

Are you serious? If there is any way any article can be slanted against Microsoft, it will be heralded on Slashdot.

Re:What a biased piece of garbage article. (1)

rbrausse (1319883) | more than 2 years ago | (#36691842)

If there is any way any article can be slanted against Microsoft, it will be heralded on Slashdot.

some time ago it was proposed to move slashdot.org to microsoftsuck.com. So far this goal is only partly met [microsoftsucks.de] ...

The Point (2)

BradleyUffner (103496) | more than 2 years ago | (#36688498)

"That's the point of software — it's easy to change."

And here I thought it was about letting the user accomplish something they consider useful. I didn't realize the point of software was to allow you to change it. Silly me.

I work for Microsoft... (5, Informative)

beamsplitter (2352770) | more than 2 years ago | (#36688672)

... and while I don't work with this team, I can tell you that it will have been released in good faith, and that the code in the phones will not be any different. I've seen nothing but honesty and integrity in the two years that I've worked for the company.

Re:I work for Microsoft... (1)

Bacon Bits (926911) | more than 2 years ago | (#36689118)

Yeah, but you're probably a designer or an engineer. Generally, I trust what those people say. It's the executives, lawyers, and (to a somewhat lesser degree) sales and marketing reps I expect to lie through their teeth. That said, I expect the same of any corporate entity. Caveat emptor, indeed.

How DO you know? (4, Insightful)

Sasayaki (1096761) | more than 2 years ago | (#36688766)

Good question. Very insightful. But how far do you go?

How would you know that if they released the code that this code is what's really running on your phone? How do you know there isn't a backdoor inserted post compilation?

How do you know that Linux isn't just a shell around an obscenely stenographed copy of Windows? Do you inspect every single line of code that goes into your machine personally? How do you know the code's not kept in a tiny hardware ROM on all modern chipsets and injected into Linux during boot? Do to read them all, personally? Well you should!

The sheeple must know! It's a plot by the Skull and Bones society, the Illuminati and the masons, IE9 has links to stuff they put in our water and Windows mobile uses fillings in your teeth as an antenna so the greys can track you from space. Soylent Windows 7 is people! Oh God in heaven it's PEOPLE! ...

More seriously, yes, it is possible they wouldn't use that actual code in their phones... but Occom suggests they probably do, while Hanlon agrees but clarifies if they aren't it's probably a slightly different version due to that idiot new developer in section 8 that ran the wrong script.

Eventually, at some point, you just have to either accept what someone's saying or accept there's no trust there and move on. Keep in mind it's practically impossible to avoid cell-tower based snooping and tracking, making this whole point useless because the NSA etc don't need your phone to cooperate for them to get what they want.

Re:How DO you know? (1)

exomondo (1725132) | more than 2 years ago | (#36689166)

How would you know that if they released the code that this code is what's really running on your phone?

RTFA, it's code running on phones they are using for data collection.

who is to say that it is the code used in the phon (1)

microbee (682094) | more than 2 years ago | (#36688860)

When they are sued by privacy groups or federal regulators, they will be able to show to the court that this is the code being used in their phones.

Yeah, sorry, they are not going to prove it to some random joes on the slashdot.

so Microsoft releases source to show secure? (-1)

Anonymous Coward | more than 2 years ago | (#36688910)

isn't this an admission that their current method of security, security by obscurity(closed source), isn't as secure as opening up the source?

Wasn't Google's WiFi sniffing code already open source and it was the fact that too much data from open access points was getting stored so it turned out they caught all the email logins and other logins happening in the clear? Opening the source would not have prevented Google from inadvertently collecting that information and it won't do anything to help Microsoft not get caught in the same problem. IMO

LoB

Re:so Microsoft releases source to show secure? (1)

exomondo (1725132) | more than 2 years ago | (#36689154)

isn't this an admission that their current method of security, security by obscurity(closed source), isn't as secure as opening up the source?

No, this isn't even about security. It's about saying 'yes we are collecting data, this is the code we are using to collect that data' so people can see what data they are collecting. Had google done the same thing people would have seen that their code was collecting more information than they said it was.

Re:so Microsoft releases source to show secure? (1)

TemporalBeing (803363) | more than 2 years ago | (#36692154)

isn't this an admission that their current method of security, security by obscurity(closed source), isn't as secure as opening up the source?

No, this isn't even about security. It's about saying 'yes we are collecting data, this is the code we are using to collect that data' so people can see what data they are collecting. Had google done the same thing people would have seen that their code was collecting more information than they said it was.

So, then it's showing the Open Source has better PRIVACY provability than Closed Source, no?

Re:so Microsoft releases source to show secure? (1)

exomondo (1725132) | more than 2 years ago | (#36715162)

isn't this an admission that their current method of security, security by obscurity(closed source), isn't as secure as opening up the source?

No, this isn't even about security. It's about saying 'yes we are collecting data, this is the code we are using to collect that data' so people can see what data they are collecting. Had google done the same thing people would have seen that their code was collecting more information than they said it was.

So, then it's showing the Open Source has better PRIVACY provability than Closed Source, no?

Perhaps, but that's pointless anyway since you still have to trust that the code the company releases is indeed the code it is running.

Re:so Microsoft releases source to show secure? (1)

Gadget_Guy (627405) | more than 2 years ago | (#36690160)

Opening the source would not have prevented Google from inadvertently collecting that information and it won't do anything to help Microsoft not get caught in the same problem.

The difference is that Google used someone else's code whereas Microsoft wrote their own. Neither company actually wants to log everyone's WiFi packets, but it would be far easier for Google to accidentally click a checkbox in a third party app to enable this feature than for Microsoft to accidentally write code to do the same thing.

Both companies had access to their respective source code, and I would argue that in this case it was the closed source code that received more scrutiny. Microsoft would have actually looked closer at their source (because they wrote it themselves), while Google could easily use their package without giving the code a glance.

Re:so Microsoft releases source to show secure? (1)

spongman (182339) | more than 2 years ago | (#36691030)

here's the WiFi info the code captures:

ObservationGenerator.cs, line 795
- mac address
- signal strength
- infrastructure mode (ad-hoc/infrastructure, etc..)
- 802.11 network type (frequency-hopping/direct-sequencing, etc...)

wifidriverwrapper.cpp, line 339 would seem to imply that they're also only logging visible infrastructure APs.

they could easily have also captured:
- SSID (alphanumeric ID)
- encryption status (WEP/WPA2 enabled/keyed, etc...)
- frequency band/channel #

this is all high-level information from the driver via the Windows ZeroConfig API. there doesn't seem to be any support in the code for capturing raw packets from the radio.

Google Wifi (1)

Nerdfest (867930) | more than 2 years ago | (#36688928)

I was under the impression that the Wifi sniffing software that Google used was at least based on open source code as well. I'm not sure if that's the case, but I remember hearing something about it when it originally happened.

Re:Google Wifi (0)

Anonymous Coward | more than 2 years ago | (#36690426)

Indeed it was - but it was based on a configurable application which was designed to be able to capture all that data. It wasn't an issue with the Open Source software, it was the configuration used software not matching up to the task.

I haven't reviewed the Microsoft code, but if they're publishing it to dissuade doubts then one would assume that either the application has been purpose-built to avoid capturing that information or alternatively any pertinent configuration options will be visible in what they've published.

Conspiracies..... (0)

Anonymous Coward | more than 2 years ago | (#36689268)

Now ... if they give all the source code then ...Oh wait!... those hardware manufacturers are very suspicious too!!.... and I truly believe that "that" compiler is embedding fingerprints and call home code.

Now if we can provoke them to release the hardware specs, software (complete dev chain) and manufacture all the pieces of hardware in front of me... then I'd be sure that ... oh wait ... then I would have to use wifi with that shady router that is probably sniffing my very important personal information!!!

Yeah dude, the world is doomed with your point of view. We'd have to build everything from source after reviewing each file one by one.
Nonsensical article getting to front page by bashing microsoft. At least there are no ads in his page.
 

Binaries then? (0)

Anonymous Coward | more than 2 years ago | (#36689332)

I guess this guy repositories are only source and he has inspected each bit of code by himself ... after all you can trust no one.

Our spyware is open source loook! (0)

Anonymous Coward | more than 2 years ago | (#36689448)

who gives a shit if its open source, they shouldnt be using me and my resources to collect "my" data for them in the first place, shit like this stops me from ever getting a "smart phone" at least my s40 nokia aint logging every fucking thing i do with it and then selling it to any shitty business that comes along with a pile of cash

keep your open source spyware, until i can rip that shit out entirely or invoice you for my data, i aint interested.

Hyporcrisy (0)

Anonymous Coward | more than 2 years ago | (#36689504)

Wow. They finally open source something and the Slashdot can only post an article that is pure backlash?

Really teach them to open things up. How do you know the pieces of WebKit that Apple releases really is what runs under Safari? Stock, precompiled Android? Probably both filled with backdoors!

This is so stupid. This crap is killing Slashdot.

The voyeurs dilemma... (1)

mevets (322601) | more than 2 years ago | (#36689506)

Are you really sure you want to see more? It might harm you in ways you can't imagine.

Blah, blah, blah, windows on smartphones. (0)

Anonymous Coward | more than 2 years ago | (#36690554)

Dead topic,

Android rules, and Apple owns the elitists....

Microsoft and Research in Motion are on life support in the mobile market.

WAR (0)

Anonymous Coward | more than 2 years ago | (#36690630)

It is extrodinary that M$ would release such source code!

Apple on the other hand has released Mac OS 10.6.8 which has destroyed and Gimped 100s of millions of Mac Desktop and Laptop (Mac Book Pro) world wide!

Google's latest "update" to Chrome and Gmail Gimps both for Mac OS (any version)!

Given the apparent hatrad of Apple and Google toward their customers I MUST re-evaluate my thoughts toward Microsoft!

--

PS I live and breathe UNIX.

MS thinks open source is useful? (0)

Anonymous Coward | more than 2 years ago | (#36698126)

So MS thinks that open source is useful... Very interesting.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...