Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MS Passport: "All Your Bits Are Belong To Us"

jamie posted about 13 years ago | from the no-other-way-to-say-it dept.

Microsoft 368

Apologies for the AYB title, but that's just what everyone is calling it. Passport is the central repository for your passwords and "personal information" I've looked over the Passport Terms of Use and tried to give them the benefit of the doubt. But I can't read it any other way than this. By "inputting data ... or engaging in any other form of communication with or through the Passport Web Site" -- or any of its "associated services" -- you grant Microsoft the rights to "use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication" and -- just when you were thinking it couldn't get any worse -- "exploit any proprietary rights in such communication, including but not limited to rights under copyright, trademark, service mark or patent laws." Am I wrong? Is that not what it means? And, is Hotmail affected by this?

One of the key questions is what Microsoft means by "associated services." The terms of use agreement applies to "the Microsoft Passport Web Site" which they redefine in the first sentence to mean "a Web site and its associated services."

Later in the terms, they explicitly say:

"The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group (collectively, 'Communication Services')..."

That doesn't sound like a simple site for password- and personal-data-storage to me.

The really big thing that everyone seems to be worried about is, how is Hotmail email affected by this? Here's the Hotmail Terms of Use. So is Hotmail an "associated service"? How would we know? Passport is listed as one of Hotmail's "additional Microsoft web sites and/or services"; what does that mean? If Hotmail is associated with Passport, does that mean Passport is associated with Hotmail? (Is "association" associative?)

And the fact that any access of www.hotmail.com redirects me to a machine at hotmail.passport.com worries me a lot. How could these sites not be considered "associated"?

Some more tidbits...

Don't forget that Passport is a TRUSTe licensee. TRUSTe stands 100% behind their privacy statement, so you can really, really trust that All Your Bits Are Belong To Us. (The joke is that TRUSTe doesn't actually guarantee you any privacy. It supposedly guarantees that, if you can wade through the legal mumbo-jumbo, you'll find yourself being screwed in precisely the way that the lawyers tell you you're being screwed.)

Here's a directory of the sites that use Passport for single-sign-in or purchasing.

You read it here first. Slashdot predicted this eight months ago. "Microsoft Passport And Your Privacy," July 29, 2000: "...I'm sure Microsoft uses it as a user-tracking system more than anything else." Go read Joel's article, from eight months ago, in which he explains how Passport "eliminates the last line of defense protecting your privacy" and how Microsoft will "create a massive consumer information database."

An article in the Daily Aardvark points out that Netscape users have a hard time reading Passport Q&A.

Bryan Smith has a thoughtful rant about what this would mean for open-source software. Dual copyright? Hmmmm. Here's your link, Bryan: "Dual-copyright/licensing" of your IP withOUT your permission.

A RISKS submitter calls it "highway robbery."

Don't forget that Passport is the website for which Microsoft forgot to pay its $35 domain registration fee, back around Christmas '99. This is the company you want to entrust your passwords to?

And finally, All Your Bits may be hard to retrieve once they Belong To Us. jasonjwwilliams writes "After reading about the new Hailstorm.net initiative by Microsoft, and how once integrated with Passport.com, any communcations sent in conjuction with the service in any manner becomes the property of Microsoft, I asked Passport.com to remove me. The response: we don't do that, wait 12 months to be auto-removed. After three e-mails here's the bottom line I received:

"Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account."

"I don't know about anyone else, but I think this is a completely lame response and as far as I understand against the law. Anyone know who to get a hold of? This is arrogance gone too far."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


This is outrageous (1)

Anonymous Coward | about 13 years ago | (#318630)

The T&C statement says that they can modify and publish anything you send through their system. So in other words, they can legally take a statement of yours and change it to be something wildly imflammatory or even illegal in some places, and publish it, attributed to you. Don't bother telling me this would be libel; imagine the pain they could cause people with this. Agreeing to these terms is handing a company with no morals whatsoever a very, VERY big stick.

comments owned by poster until Katz's next book... (1)

Anonymous Coward | about 13 years ago | (#318631)

You guys are so lame; you bitch about MS being able to "steal your ideas" via their TOS and sit by while a two-bit writer like Katz make $$ off of you.

You know, I used to look at the old "Fatbrain" book ads (you know the one, "When Your IQ is Bigger than your Weight..") and think, "who the hell would fall for that?". My reply to it was "When Your IQ is Big But You're Still Susceptible to Advertising". You're falling for the propaganda of the OpenSource movement with such zeal that you cannot see the faults that exist in the same way that during the Cold War everything Soviet was bad and everything American was good.

Well, you've totally gotten sucked into the "We're Always Right, They're Always Wrong" mentality in regards to MS vs OpenSource and that is a dangerous place to be because, for one, you stop asking questions and, two, you get paranoid. You are, in effect, falling victim to the FUD-machine of MS but looking for it in every crevice of a press-release or news article.

Anyhow, that's all I have to say. I would've posted this with my nick but I'd get mod'ed down so hard I'd not be able to post from this IP address for a week...

Passport Removal by phone works. (5)

strredwolf (532) | about 13 years ago | (#318636)

Call Microsoft by phone and ask for immediate removal. Tell them that information being transferred through the Hotmail/Passport portal is secure information and is covered by a third-party NDA. If they give you the "Wait 3 months" line, ask for a manager, you got a clueless frontline support idiot.

And yes, I did this a few years ago. It works.

WolfSkunks for a better Linux Kernel

Old News (5)

LoCoPuff (1019) | about 13 years ago | (#318646)

You know, I read the TOS too, and it's pretty clear that they're talking about forum posts and the like:

The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group collectively, ("Communication Services"), you agree to use the Communication Services only to post, send and receive messages and material that are proper and related to the particular Communication Service.
conspicuously absent from the list are communications between individuals.

One issue often overlooked in these things is the problem that plagues some publishers and causes them to reject unsolicited submissions: what the hell do you do when somebody hands you the outline for something very similar to a project you have under development? If you accept it, then you risk accusations later that you're a thief. ("Man, I said last year they oughta' put spellcheck into Explorer! Them bastards stole my idea!") Alternatively, if you simply state that you can use any ideas posted in the forum, then you've covered that possibility and maybe avoided a nuisance suit.

Now if the Reg had bothered to go to Hotmail itself, they might have found this:

It is Hotmail's policy to respect the privacy of its users. Therefore, Hotmail will not monitor, edit, or disclose the contents of a user's private communications unless required to do so by law or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal process served on Hotmail; (2) protect and defend the rights or property of Hotmail; or (3) act under exigent circumstances to protect the personal safety of its users or the public.
not ironclad, but probably as good as the ISP through whom they're being accessed.

Poison the data (1)

antv (1425) | about 13 years ago | (#318647)

You can't stop M$ from collecting your data on their servers - if it against trhe law they'll break the law, simple as that. This is not the first time M$ collects this kind of data - remember M$Office GUIDs, regwiz tricks, etc. Whatever is the reason they need this data is a mystery, but it seems like they are trying to do this repeatedly.

However, you could poison the data, i.e. make a lot of invalid entries - like creating new account on Hotmail each time you need to lookup something on MSDN, etc. As signal-to-noise ratio goes down M$ would end up with huge database, most of data in which is outdated and therefore useles for most Evil Purposes(TM).

As for secure trusted email the best I've seen is Lokmail [lokmail.net] - they support standart PGP.

Opinions are mine only and could change without notice.

Re:Old News (5)

Palin Majere (4000) | about 13 years ago | (#318654)

Now if the Reg had bothered to go to Hotmail itself, they might have found this:

And they might also have found _this_:
"Click on the link below for the terms and conditions which govern these additional Microsoft web sites and/or services:"

Guess what's in the list of links... You got it. "Microsoft Passport". This means that your spiffy Hotmail "account" isn't actually actually a Hotmail account. It's a Passport account that allows you access to the Hotmail "service". What's the impact here? That you are agreeing to the Passport TOS when you sign up for Hotmail.

Perhaps you should read your own quote when you say that they're "talking about forum posts and the like". "electronic mail postings" certainly aren't forum postings, and "other message or communication facilities designed to enable you to communicate with the public at large or with a group" sure as heck covers a _vast_ amount of territory. It's not "just" forums, folks.

And, you should look at the Hotmail TOS itself for evidence contrary to your claim that Hotmail prohibits that sort of behaviour:

Microsoft does not claim ownership of the materials you provide to Microsoft (including feedback and suggestions) or post, upload, input or submit to any MSN Site/Service or its associated services for review by the general public (each a "Submission" and collectively "Submissions"). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Microsoft, its affiliated companies and necessary sublicensees permission to use your Submission in connection with the operation of their Internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission."

Of course "Hotmail" _says_ it would never invade your privacy in those manners. The problem is, they're not. You're explicitly giving up your privacy to Microsoft as part of this agreement. There's no such thing as "a user's private communications" on Hotmail, because you've already agreed to give up your rights to that information twice. Once when you signed up for the Passport account, and again when you used the Hotmail service to send it out.

Oops. As the Privacy Nazi might say... "NO PRIVACY FOR YOU!"

The solution to getting removed... (1)

Bob McCown (8411) | about 13 years ago | (#318661)

"Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account."

Get your local Dewey, Cheetum and Howe to pen them a letter.

Dear Sirs, our client, Joe Leenooksyuhzur, has continually asked to be removed from your database, and, due to some 'rule' you say you are unable to. By this letter you are hereby instructed to remove all information reguarding Mr Leenooksyuhzur from your system by midnight on the 21st, or we intend to persue this in a court of law.

Dewey, Cheetum, and Howe, Attorneys at Law

Personal and non-commercial use only (4)

banky (9941) | about 13 years ago | (#318667)

While I do understand the implications of MS's move to own all our bases, the license everyone is so upset about specifically states, "personal and non-commerical use only". So, at worst, doesn't that mean MS will know I'm going to Cancun, my girlfriend's name is Sarah, and we aren't renting a car?

I guess my major disconnect here is I can't imagine anyone in their right mind trusting their company to an open service like this. It baffles me.

Re:Signing away copyright. (1)

CoolVibe (11466) | about 13 years ago | (#318674)

Hey come on! What better way to steal^H^H^H^H^Hinnovate ideas by letting the end user sign a waiver that relieves him of ownership. Miscrosoft is saving the end-user money that way by avoiding the need to sue the property away from said person. They already own it! Thank you microsoft, thank you. Ow bugger... my win2k is having that bug^H^H^Hinsect-like behaviour again... gotta reboot!
Slashdot didn't accept your submission? hackerheaven.org [hackerheaven.org] will!

Re:I hope everyone will boycott (1)

Zico (14255) | about 13 years ago | (#318680)

Which non-Microsoft online businesses require you to have a Passport account?


Re:IF we protest, they will change (2)

Royster (16042) | about 13 years ago | (#318688)

This adds fuel to the first of the Microsoft Antitrust appeal doesn't it?

No. The facts of the case are those presented at trial. It's very difficult to get an appeals court to consider new facts that didn't come out at trial. That is sometimes grounds for a new trial, but often it is not.

The appeal will be decided based on the facts in the court record.

Re:Old News (4)

Royster (16042) | about 13 years ago | (#318690)

The pertinant part being:
Hotmail will not monitor, edit, or disclose the contents of a user's private communications unless required to do so by law or in the good faith belief that such action is necessary to: ... (2) protect and defend the rights or property of Hotmail

If they think your patch is their property or a right they posess, they will defend that right as they see fit.

Concerns on LKML (5)

Royster (16042) | about 13 years ago | (#318691)

Someone posted a message [alaska.edu] to the Linux Kernel Mailing List telling people not to use Hotmail for patches to the kernel.

It may be an overreaction, but it's probably still a good idea. It would be a messy court fight if it ever came to that.

What shocks me... (2)

still cynical (17020) | about 13 years ago | (#318694)

...is that anyone is surprised by this. Why shouldn't they do this? It's not like they've ever been given a serious disincentive before. And the current administration gives every indication that they will ENCOURAGE behavior like this! How many press releases about the anti-trust lawsuit have you seen recently?

Expect more of the same in the future. We, and the government that is supposed to represent us, have given them no reason to stop.

Illegal Material (2)

Perlguy (17814) | about 13 years ago | (#318697)

So, does this also mean that if we send "illegal" material, such as the DeCSS code, through it that Microsoft then owns it - and would therefore be in violation of the law?

Re:This just in... (1)

cHiphead (17854) | about 13 years ago | (#318698)

And then we dropped a bomb on his head. All your incinerated ashes are belong to us!!!

And don't mess with Texas.


Re:This just in... (1)

Black Parrot (19622) | about 13 years ago | (#318703)

> All your top-secret spy plane are belong to us.

Who needs spy planes, when you have Cisco and Microsoft?


Re:And What are Slashdot's Terms of Service ? (2)

listen (20464) | about 13 years ago | (#318708)

Look down the bottom of the page:

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2001 OSDN.

Boilerplate? (1)

angelo (21182) | about 13 years ago | (#318709)

Sounds like the boilerplate used on about every website on earth. I don't think they'll "publicly perform" your password.

So with their NSA dealings... (3)

hardaker (32597) | about 13 years ago | (#318721)

Microsoft has been in the news a lot lately and in the past about whether the NSA has backdoors in windows code or not. They may not have a technical backdoor to your passwords, but it sure sounds like they have a legal one now.

All Your Reg Stories Are Belong To Slashdot (3)

albalbo (33890) | about 13 years ago | (#318723)

When will this bullshit anti-Register stuff quit? The Reg came out with this story ages ago (see http://www.theregister.co.uk/content/4/18002.html) , even with the "All Your..." lead. This is nothing but a re-hash.

It happens so frequently. Interesting story on Slashdot, frighteningly similar to recent Reg story, sans any quote of the Reg or link to their story. In fact, Slashdot seems to _never_ post Reg links any more, and seems to enjoy taking shots at them (witness them being described as 'scare mongerers' during the CPRM debacle).

S'not cos El Reg gets better stories and funnier content is it? And while we're on the subject, what's up with not linking to BeSpot?? Huh???

Re:Old News (1)

EasyTarget (43516) | about 13 years ago | (#318735)

The slashdot article doesn't even credit The Register [theregister.co.uk] for this, although they had it up hours ago.

Then again, slashdot barely seems to ever mention them, sour grapes? distrust? your guess is as good as mine since I read -both- religously.

But, you did mention them, you had this all pre-written and in your clipboard, didn't you.. (sorry, couldn't resist that, of course, I've never done the same myself! that was a lie by the way.)


Who Cares? (1)

Mike Monett (48534) | about 13 years ago | (#318742)

Who Cares?

Who in their right mind would expect reliability, security, and privacy from anything Microsoft does?

Since when has Microsoft demostrated the corporate ethics and programing capability needed to handle the responsibility? And who would place their personal files and other sensitive information on the net under the control of Microsoft?

I do archive sensitive stuff and save it in various web sites. It is encrypted with the highest level Blowfish allows, and there are no links or any indication of the contents.

So who needs what Microsoft has to offer?

Wrong Number (1)

Monte (48723) | about 13 years ago | (#318743)

It should be "All your bit are belong to us!"

It's the singular/plural thing that's part of the joke.

GPG (1)

tjackson (50499) | about 13 years ago | (#318745)

Just use GnuPG or PGP, your problems will be solved. They don't say that you can't encrypt stuff, I'm sure.

Or, better yet, they could offer to automagically decrypt stuff for you, using a web-stored private key!

Re:Arg! (4)

Wariac (56029) | about 13 years ago | (#318748)

Sir, I would like to give you "props" for such a poignant and thought provoking post. I am about to re-read it, at which time I shall retire to my study to mull over your musings and perhaps come back and add my thoughts to your statements.

Kudos sir!

Parental Controls (1)

DorianGre (61847) | about 13 years ago | (#318752)

When I try to login to Hotmail (which I never use, but have anyway) I get the following message [passport.com]:

"Our records show that you are under 13 years of age. As a result, a new law requires us to get your parent's permission before you can continue to use Hotmail. We use Kids Passport to get permission from your parent so you can start using Hotmail again right away! To get started, answer the question below.

Is your parent with you right now? Y N"

Though it is nice that they are following COPPA, I am 32 yrs old. Answering no to the question brings me to a screen where I enter my parents email address and they send off a note to get permission. Saying yes gets me a screen where I verify that I am the parent of myself, etc.

I don't want to falsify this information, for fear of breaking their agreement, nor do I want to get my mother involved (I am not sure if she would understand that she needs to OK me to access email, and I don't want to get her involved with Microsoft).

I cannot figure out how they know my age (erroneously), except I ruitinely skip that whenever asked.

So, how do I get my spam from my hotmail box without breaking Federal law or Microsoft's aagreement, and at the same time leave my parents out of this.

Ouch (1)

drteknikal (67280) | about 13 years ago | (#318759)

So if I use my Hotmail account to mail my manuscript to my publisher, I've granted Microsoft the copyright to my work?

End users should know MS is shafting them... (2)

Christopher Whitt (74084) | about 13 years ago | (#318765)

so why doesn't somebody write an exploit for the "massive security hole" in IE mentioned here [slashdot.org] earlier today that will put a textfile in some or all directories of a victim system with a little message like

Microsoft Windows has many security flaws, one of which allowed this file to be created here without your permission. Nothing else has been done, but other files could have been deleted or modified without your knowledge. Please contact Microsoft and demand that they replace your defective copy of Windows (at their expense).

Note that Microsoft posted a security update on 2001-03-29 addressing this flaw, but that update was also flawed. It only works for certain versions of Internet Explorer, and erroneously claims the update isn't needed when it actually is. To apply the update you are also forced to download a different version of Internet Explorer, since Microsoft has chosen not to fix this flaw in most versions of their products.

Don't be content with paying exorbitant prices for low quality software.

It could be even dandier if such a virus made the locations of such text notices somewhat random, and had a stock of several different messages to choose from.

A really nice one would be to stick a little executable with some scary splash screen in an obscure directory, and then add a shortcut to the Startup folder or the RunOne key in HKEY/Local Machine/Software/Microsoft/Windows/. The file could delete itself after it ran.

It's too bad that something like is probably illegal, since it's about the only way most people would ever have a chance to clue in to MS's mistakes.

Oh well...

Don't forget .NET is associated with Passport! (2)

retrosteve (77918) | about 13 years ago | (#318770)

If you think this is bad, just look at how dot-NET and Passport [cnet.com] are tied together.
If you use the new Windows XP, you are automatically a .NET (=Passport) customer!
...and therefore all your IP belong to us!

Wow, the Reg guys were right. (4)

Tridus (79566) | about 13 years ago | (#318772)

Slashdot really does hate linking to The Register [theregister.co.uk], even though they broke this story last week and have been credited in every other article about it I've seen. They even used the All your Base reference in their original story. There is no mention of any of that here at all.


Anti Trust (1)

davidfsmith (81296) | about 13 years ago | (#318776)

So maybe this would be a good reason to get M$ back in court, this is far more serious I would have thought than tieing a user into Windows and IE.....

Seems a shame when you consider the point of Hotmail in the first place


The plot has been lost if found return to the greenhouse...

I hope everyone will boycott (3)

stevens (84346) | about 13 years ago | (#318778)

I don't use passport, and now I won't. I don't care if it helps me achieve something I need; I'll find a different way.

This has come up before--I've given up some online business because they required me to have a passport account; I've written the vendor and told them why I will not threaten my own privacy for any reason.

The best we can do is not to use these services, and intelligently evangelize more privacy-friendly alternatives.


Re:All Your Plagiarism Are Belong To Jaimie (1)

graniteMonkey (87619) | about 13 years ago | (#318784)

Hey! Not everything on /. is plagierized. Take a look at what you might call Anti-Plagierism [slashdot.org], where the article says BeOS is "going down the toilet", while the linked Excite article [excite.com] says nothing of the sort.

Signing away copyright. (1)

jacobcaz (91509) | about 13 years ago | (#318792)

You don't lose the right to fight for what you have created. There is a reason works are automagically covered by a copyright.

I imagine that M$ could try to take ownership of something you create via the Passwort network, but if it came to brass tacks do you think that a judge would really tell you that M$ owns your work?

From my (very) limited copyright experience there isn't a very large chance of this happening!

what happen if (1)

rbreve (94225) | about 13 years ago | (#318794)

What happen if you send me the linux kernel to my hotmail account? Or you send me an MP3? will that belong to MS???

I wonder... (1)

Jerom (96338) | about 13 years ago | (#318796)

how inforacable these terms are in Belgium (and some other European countries) where your privacy is protected by law, and companies are forced to let you inspect, modify or delete any personal data (even your name is considered private data) from their database upon simple request.

Jeez,... thinking that corporate controlled US are trying to force their "self-regulating" bussiness privacy policy upon Europe, one starts to wonder if the US citizen really want this, and if they don't who gives a fuck about their opinions. Democracy,...? Nah, Corporacy!


Well... (3)

pongo000 (97357) | about 13 years ago | (#318797)

And, is Hotmail affected by this?

If anyone is using Hotmail for serious, private e-mail, they deserve to be exploited.

Re:Old News (1)

LotharHP (106080) | about 13 years ago | (#318805)

Hours? More like days. Their story is on the verge of being bumped of the bottom-end of the page and is dated "30 March 2001 3:07pm"

I have bad feeling that 1 year is not enough... (2)

tandr (108948) | about 13 years ago | (#318810)

I did not use more then a year, I think, and was logged on in msn without any big trouble. But, do not count on my memory, somebody else should confirm it.

BTW, I have 2 different passwords for same email address with them. do not know how. one I use with msn messenger, and second was send me back whne I wanted to register for Whistler and forgot it. wierd, really.

oh, and one more. AFAIK in Europe you have to provide ability to remove all data from database per customers request.


Uh oh, derivative works... (1)

Avumede (111087) | about 13 years ago | (#318811)

I'm not going to like it when Microsoft publishes "The Insider Guide to Avumede's Address Book".

Re:Personal and non-commercial use only (5)

rjamestaylor (117847) | about 13 years ago | (#318816)

So, at worst, doesn't that mean MS will know I'm going to Cancun, my girlfriend's name is Sarah, and we aren't renting a car?

Well, just explain that to your wife when she gets a little note from Passport Information Services...

Transfer of copyright (1)

CaseStudy (119864) | about 13 years ago | (#318820)

The Copyright Act requires a signed, written transfer of copyright. A click-through agreement or a posted "Terms of Use" doesn't cut it, no matter what Microsoft says. At best, they can claim that you're licensing them to use the work, but as Microsoft's lawyers have often pointed out, a license and a transfer are completely different creatures.

Re:Personal and non-commercial use only (1)

eli173 (125690) | about 13 years ago | (#318829)

And any source code for Open Source projects... They are after all, "non-commercial" by M$'s standards.

Re:Ouch (1)

pallex (126468) | about 13 years ago | (#318830)

Has anyone tried creating an account at hotmail and emailing stuff to it, but not sending it on to anyone else. Maybe illegal stuff (warez), microsoft source (or what looks like it), email addresses which havent ever been used etc etc, and see if the account mysteriously closes down, spam appears at the email addresses etc?

Re:Thanks for the warning (1)

pallex (126468) | about 13 years ago | (#318831)

I like Slashdot's rule: "Comments are owned by the Poster." Much better.

Sounds good, but didnt Katz use a bunch of them, without permission or payment?

Here's Microsoft's response (5)

legLess (127550) | about 13 years ago | (#318833)

First (gotta get this off my chest):
2001-03-30 22:34:02 Microsoft Passport: we 0wn j00 (yro,microsoft) (rejected)
Second, following is an email a friend and I both got after we complained:
Thank you for your message to Passport Privacy.

We appreciate your concerns related to the Microsoft Passport Terms of Use. This issue has recently come under review, and will be addressed soon with an updated Microsoft Passport Terms of Use. You will be able to view the updated Microsoft Passport Terms of Use at http://www.passport.com/Consumer/TermsOfUse.asp as soon as it is posted.

We apologize for any inconvenience that this may have caused you.


Passport Privacy
Christ, I've gotten used to M$ software being beta - but even their TOS are beta?? Bastards.

question: is control controlled by its need to control?
answer: yes

All Your Genetic Makeup Are Belong To Us (5)

StoryMan (130421) | about 13 years ago | (#318834)

Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account

LOL. I hadn't thought of this excuse.

Look, due to security reasons I must backwards engineer your code. I can't explain it, but it's a part of my private genetic makeup. I'll be glad to supply you with my public genetic key, but, as you know, the private key must stay with me.

I must backwards engineer CSS.

I must hack BlueMatter.

I must attempt to thwart the latest SDMI watermarking scheme.

Rest assured (and this means you, Hilary, and you too, Jack Valenti -- even though, yeah, you're getting up there in years) that if I do not release my version of your encryption schemes, they will be deleted from my hard and from my memory banks. But, as you know, for security reasons, there's no way I can delete them manually. Nor is there any way that you -- Hilary or Jack or you spooks at the NSA -- can compel me to delete them sooner.

I'm sorry, but that's just the way it is. It's for security. You understand. I know you do.

"All your gene makeup are belong to us."

Re:Well... (2)

DNAGuy (131264) | about 13 years ago | (#318835)

Anyone who uses unencrypted e-mail for serious private communications doesn't deserve to be exploited but shouldn't be that surprised when they are.

--- Brent Rockwood, Senior Software Developer

why does this not make sense? (2)

yzquxnet (133355) | about 13 years ago | (#318837)

"All Your Bits Are Belong To Us"

Tell me I'm not just freaking out...

but, I do have a serious question. Should I be able to own bits that are sent from my machine. I created them (in a sense), and I paid for them (electricty). Should I not be able to own those bits? If I don't own any bits of data, is it okay for others to tamper with bits that I don't own?

But then again, is there any real sense in owning something that doesn't really exist (so to speak).

This is surprising? (1)

HerrGlock (141750) | about 13 years ago | (#318842)

Maybe you would rather just allow someone else to hold onto your thesis for a few months while you finish it, but I doubt it. Now you believe that you can put all your intellectual property into the hands of someone else and they will hold it safe and secure for you? They're corporate, the bottom line is the bottom line. This is a great way to get new ideas into the stream without paying top dollar (not anymore but you know what I mean) to hire someone who may take their property somewhere else. And this surprises you?

Cav Pilot's Reference Page [cavalrypilot.com]

Re:Ouch (1)

pallotta (143747) | about 13 years ago | (#318845)

I haven't tried what you say, but having a HotMail account, I can tell you this:

I believe there are a lot of people who let their computer generate (almost) every conceivable email-adress@hotmail.com, and then spam all these addresses. I've recieved quite a few spam-mails where the "To:" field listed some hilarious addresses which resemble mine, then mine, then some more.

These addresses do not exist, AFAIK (even tried to email one of these other addresses that I found in the "To:" field, just got a mailer-daemon error message), and that tells me that someone has generated all the addresses they could and just sent an enormous number of emails to make sure they reach someone.

Therefore, getting spammed doesn't really prove Micro$oft's guilt or, for that matter, anything else than the fact that you're being spammed!

Why use Passport at all? (5)

don_carnage (145494) | about 13 years ago | (#318849)

I'm sorry if this sounds like a flame, but why would anyone want a website to hold on to all of your passwords? I mean, we all know that it's insecure to submit passwords in open text anyways.

I don't even trust IE to hold on to my /. password! You never know when Bill Gates may want to hi-jack my account and burn my karma away by posting anti-Linux hate speech!

Re:End users should know MS is shafting them... (1) (153985) | about 13 years ago | (#318852)

It's too bad that something like is probably illegal, since it's about the only way most people would ever have a chance to clue in to MS's mistakes.

Yeah, it is too bad, huh? What's worse-If somebody does do something like this, you'll probably get the blame!

Re:Old News (3)

PolyDwarf (156355) | about 13 years ago | (#318856)

2) protect and defend the rights or property of Hotmail

Yeah, but when what you post belongs to M$... Begs the question, what are the rights and property of Hotmail, and what rights and property can be construed through other services (for instance, PassPort).
If Hotmail has the "right" to cooperate with other M$ services, and Passport has the "right" to use/copy/rape/etc your data, then Hotmail may not necessarily have the right to use/copy/rape/etc your data, but their partners do, and since they're going to cooperate with their partners...

12-month roll-off (1)

davep_ub (160466) | about 13 years ago | (#318858)

A twelve-month inactivity period with no provision for deletion is bad, especially given how many time MS's systems have been hacked. If MS tells you they can't remove you from their service and your personal info will sit out there for a full year, contact your state's Attorney General. -Dave

Re:It should be... (1)

jargoone (166102) | about 13 years ago | (#318859)

And I'm officially declaring that moderators should have the permission to mod down stories that are not thoroughly researched and meant to get slashbots all wound up.

Oops. Guess I forgot where I was posting for a second.

Re:Why use Passport at all? (4)

/dev/urandom (167536) | about 13 years ago | (#318861)

> I'm sorry if this sounds like a flame, but why would anyone want a website to hold on to all of your passwords? I mean, we all know that it's insecure to submit passwords in open text anyways.

"We all know." *WE* do. We, the savvy users of the net know that. But does Joe Blow Internet User know? Nope. The average web surfer doesn't know one wit about security, not even the simplest idea like not giving out your passwords. Hell, these are the people that write their work login on a sticky note and put it on their monitor.

This is exactly how companies like Microsoft, AOL, etc. can get away with their predatory and irresponsible practices. They target the 90% of the computer world that is totally clueless about how to protect themselves and their data. All they see in things like Passport is a very nice, pretty service that makes their life a bit easier. They don't know or think about the (in)security side of it.

And another problem is, this sort of knowledge really only circulates among people like us, who hang out on Slashdot and other techie sites. This kind of information needs to be put in places where the average user will see it, like in PC Magazine and such. I'd say it also needs to be put on the front pages of the main portals (like Yahoo, and so forth). But then again, a lot of those portals are run by companies guilty of these practices, so...

Passport.com banks... (1)

HerringFlavoredFowl (170182) | about 13 years ago | (#318863)

Once Passport expands to protecting e-money and banks, then...

All your money belongs to them...

If microsoft was smart, it would scan all passport accounts that now belong to them and seize all the assets. Need to finance a new software product to take over the world, use the Passport users credit to take out the loan. For a down payment, use the money in the passport user's bank accounts...


Damn good reporting (2)

volume (172477) | about 13 years ago | (#318868)

How could someone write such a long rant without picking up a phone and trying to contact Microsoft's legal department for comment or calling a law professor somewhere for input?

Why not try to answer some of the questions you raised?


hartsock (177068) | about 13 years ago | (#318869)

I read an old compuserve EULA back in '96 that stated something to the effect that by using compuserve you give consent for them to scan all files on you hard disk or other permenant media.

--// Hartsock //

I am sure (4)

Alien54 (180860) | about 13 years ago | (#318870)

This has probably been submitted dozens of times since the Reg posted it week. Granted that this is probably the most elaborate of the submissions, with lots of supporting links, etc.

Microsoft should probably put in etraordinarily clear armor plated language that this does not license them to theft of corporate secrets, not that this has never stopped them before.

That said, If it wasn't news last week, why is it news now?

(People moan about news items around here being old if they saw it twelve hours ago, but the age on this seems a little extreme)

Heck, it could have made a wonderful story for April Fools day, the one legit story that would have looked like a fake.

Check out the Vinny the Vampire [eplugz.com] comic strip

So, Microsoft owns the spam? (1)

tommyq (183576) | about 13 years ago | (#318874)

If Microsoft claims ownership rights over everything emailed through Hotmail, does that mean I can sue them for all the unsolicited email that I can't stop getting?

Re:Ouch (1)

Kazymyr (190114) | about 13 years ago | (#318880)

I did once something very close. I opened a dummy hotmail account, never used it to send email or posted the address anywhere, plus I turned off all the "optional" services from hotmail, etc. 3 months later there were 214 messages in it, 99% spam (the rest were test messages sent by me).

Thanks for the warning (2)

sulli (195030) | about 13 years ago | (#318889)

I don't have a Passport account, and I plan to keep it that way.

By the way, TrustMe is garbage - always has been. They are a fig leaf for the whole "privacy policy" crap that the industry is pushing instead of consent, which is what should be required to share personal data.

I like Slashdot's rule: "Comments are owned by the Poster." Much better.

Re:Passport Removal by phone works. (1)

donutz (195717) | about 13 years ago | (#318891)

And yes, I did this a few years ago. It works.

A few years ago? don't you think all the clooless frontline support idiots got promoted to managerial positions in that time? No getting out of passport now, methinks...

. . .

Tax Refund? (1)

Ssolstice (198935) | about 13 years ago | (#318894)

Great! So if I send a copy of my tax refund through MSN for a friend to double-check, does that mean M$ gets my tax refund? For that matter, if I transmit my Social Security number, can they assume my identity?

Re:Can it be avioded (1)

ZzeusS (206483) | about 13 years ago | (#318900)

I heard a small blurb about this Passport thing on NPR somewhere. When I heard them say 'central repository for passwords and credit card information' I almost ran off the road laughing so hard. Why would anyone use this 'service'?

I'm curious (1)

BleemZ (219985) | about 13 years ago | (#318908)

How this could/is/will affect the on-going trial.

Its like, now their TOS basically say: You have no rights while using this service, and anything you passthru, becomes ours.

To me, thats all the evidence a judge should need.

Tip of the iceberg (2)

Verteiron (224042) | about 13 years ago | (#318912)

Microsoft is working on a new system, code-named Hailstorm, where they plan to tie in credit card information, plane reservations, e-purchases, and just about everything else into one giant account, stored on Microsoft's servers, and accessed via Passport. American Express and Ebay are already in on the deal along with several other large companies. Here's an URL [microsoft.com].

Re:Old News (1)

julesh (229690) | about 13 years ago | (#318913)

The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group collectively, ("Communication Services"), you agree to use the Communication Services only to post, send and receive messages and material that are proper and related to the particular Communication Service.
conspicuously absent from the list are communications between individuals.
So "electronic mail postings" are not communications between individuals?

What scares me is that they lay claim to any patent rights you might have. They definitely do not need that to disseminate any information you have entered (ie, information cannot be patented only methods and mechanisms), which is the normal reason for this sort of section on T&C.

And What are Slashdot's Terms of Service ? (2)

tmark (230091) | about 13 years ago | (#318914)

Offtopic, perhaps, but also maybe appropriate given all the hand-waving that goes on here about use of usage information. What exactly is Slashdot's policy on the same topic ? Is Slashdot selling its users' demographics ? Is Slashdot selling information about which posts are interesting/read most/etc ? And what is the policy here regarding ownership/copyright of posts ? Can Slashdot resell them later, say, in a compendium ?

I looked around and was startled to find that I *couldn't* find any such information in the "about" section, nor in the "faq". One would think that given the viewpoints so floridly and frequently espoused here that the policy would be front-and-center. Did I miss it somewhere ?

I didn't sign a paper so the contract is worthless (2)

C0vardeAn0nim0 (232451) | about 13 years ago | (#318916)

At least this is what the law says in my country. A server's log doesn't count as a proof that I agreed with the terms of the contract, so it's invalid an I can sue them for any unauthorised use of my copyrhighted material.

Other thing that I noticed is this paragraph in the "General" section:

"Use of the Passport Web Site and service is unauthorized in any jurisdiction that does not give effect to all provisions of these terms and conditions"

Since Brasilian law doesn't accept these terms, the use of hotmail in Brasil is ILEGAL acording with the term.

But again, the term is INVALID here, so I so want to see M$ trying to enforce it in Brasil...

elementry contract law (1)

LifesABeach (234436) | about 13 years ago | (#318920)

without a meeting of the minds, this garbage is worthless. and what can m$ possibly gain by creating an enviornment that will make future customers question the need for m$ purchases.

one should not under estimate inux, forte, vi, staroffice as a nice way to do business. i'm a software contractor, and it works for me verrrrrry well.

How about a little responsibility? (2)

jmpresto_78 (238308) | about 13 years ago | (#318926)

God forbid users don't remember their own passwords. Would you expect anything less from MS? Unfortunately, they don't get the benefit of the doubt that they probably didn't mean it in the way we are interpreting it. That's a sign of bad (or good) TOS writing by the suits.
Why would you entrust your passwords to anyone? If someone has that many important passwords, they should really come up with a better system than asking someone else to manage them. How irresponsible is that?
Save yourselves all the trouble. If you have that many passwords, buy a $10 lock box and write them all on paper and save them in there :)

--does anyone else's fingers get pruned from surfing the net?

Privacy? What privacy ... (3)

WillSeattle (239206) | about 13 years ago | (#318927)

Look, even the US Supreme Court avoids ruling on whether Americans have a right to privacy, so forget it - you have none on Hotmail.

In Canada, there's the Internet Privacy Act, which became law on 01/01/01, and which means that I, as a dual citizen of the US and Canada, have more rights by virtue of my Canadian citizenship than by my American birthright.

And in the EU they have more rights, but the EU won't sue the US companies that violate their citizens' rights to privacy.

All this shall pass ....

Re:Passwords are your own, don't give them out! (1)

thdexter (239625) | about 13 years ago | (#318928)

Um, Passport doesn't store passwords -- it's used for access to online retailers, et al. You're thinking of IE or maybe the OS.

So What..... (1)

stretch_jc (243794) | about 13 years ago | (#318930)

I guess M$ own's all my spam and junk email now.
Who uses Hotmail for anything other than that?

Re:Anti Trust (1)

LordArathres (244483) | about 13 years ago | (#318932)

I use my hot mail as a repository for spam and such. My first email is at hushmail. Web based, just need java and Netscape doesnt seem to mind it at all.

I say screw hotmail. Their severs get busy as hell. Anyone here have any issues with Hushmail? Let me know please.


IF we protest, they will change (4)

erroneus (253617) | about 13 years ago | (#318940)

This adds fuel to the first of the Microsoft Antitrust appeal doesn't it?

So yeah, let's all talk about it, raise awareness and show what we think of their heavy-handed and likely unlawful approach to being more than commoncarrier service.

I wonder though... if they were to buy a big chunk of the internet, could they do the same thing? "If your traffic passes through our routers, we will sniff it and steal anything we like!"??

These people need to be stopped.

Re:IF we protest, they will change (1)

ocbwilg (259828) | about 13 years ago | (#318944)

I wonder though... if they were to buy a big chunk of the internet, could they do the same thing? "If your traffic passes through our routers, we will sniff it and steal anything we like!"??

If they did, everyone and their mother would just route around their "chunk".

Re:All Your Genetic Makeup Are Belong To Us (5)

dlkf (261011) | about 13 years ago | (#318946)

I can just see MS using this more and more in the future.

"Due to security reasons we do not allow nor do we have a feature to delete Microsoft Windows from your system. Rest assured that if you do not access your computer within 12 months your hard drive will automatically be reformatted."

We need a test case. (1)

BVis (267028) | about 13 years ago | (#318948)

I've been following this case with appropriate concern for a while now. While I no longer use Hotmail for a variety of reasons (the most significant of which is performance issues) this seems to set a dangerous precedent.

What do you folks think about setting up a "honey pot" style information-gathering effort using Hotmail or $passportService? For example, send a PowerPoint presentation depicting a proposal for some potentially lucrative business plan that MS could co-opt?

Conversely, has anyone out there in /. land been able to determine if MS read their email?

There's a lot of chicken littling (is that a verb now?) going on here but not too many hard-and-fast facts. Even so much as a legal opinion from an IP lawyer would be useful.

Passwords are your own, don't give them out! (2)

cavemanf16 (303184) | about 13 years ago | (#318953)

I thought a cardinal rule of computer data security was to NEVER, under any circumstances, give your passwords out to people! This is precisely why I would never use a service like M$ Passport or any other similar 'password repository' to make my online experience just a little bit easier.

So you may ask why a service like Passport even exists. My answer: M$ is a marketing genius of a company, not a computer genius of a company. Not to say that really bright people do not work at M$, just that the company motto is not how best to serve the individual, but the masses. And the unfortunate truth is that the masses do not care, or think much about computer security, or even their daily physical security either. Most people take things for granted (I know I do far too many times!).

So it does not surprise me that M$ would throw this kind of thing into their EULA for Passport.com. It's not illegal to do so, and the general public really doesn't know, so why not do it? And not just M$, but other companies do this sort of thing as well. *cough* Credit Card companies *cough*. Our info is getting sold to everyone all the time now-a-days.

Your best bet is to protect what info you do have, listen more often rather than talk, and keep voting for those who will best protect your interest to remain responsible for your own actions, and therefore free from corporate and governmental dictatorship (or oligarchy, as the case may be).

GPL and MS (1)

poisoneleven (310634) | about 13 years ago | (#318962)

I'll bet that this is how they plan on getting around stealing code, now and in the future. "Oh, such and such sent it via our passport system, making it ours", "He also mentioned his shirt, which we are in the process of acquiring..."

This just in... (5)

slcdb (317433) | about 13 years ago | (#318971)

Chinese Prime Minister Jiang Zemin, avid Microsoft enthusiast and regular user of Microsoft Passport, was said to have been greatly angered by the recent uncovering of the oppressive Microsoft Passport license agreement. The official Xinhua news agency quoted him as saying, "All your top-secret spy plane are belong to us."

Irritating (3)

Keslin (319658) | about 13 years ago | (#318975)

Mod down my comment if you want, but I think that it's a legitimate concern that this story has such an irritating headline.

The story itself is really interesting, it is well-written, and it has a lot of interesting background information. It is thought-provoking, it provided me with information that actually does happen to be new to me (I missed the first story on this) and it should start some interesting discussion. Then it gets posted with the fifteen thousandth AYBABTU reference in the last week. That totally distracted me from the story itself by sheer irritation level alone.

The whole thing reminds me of the "WHAZZUP!!" commercials. It was funny once. Maybe even twice. Now I can't go into a sushi bar without a bunch of jerks getting drunk on sake and yelling "WASSSABI!!"

The AYBABTU thing is way past old. I almost expect to see it linger on in comments for the next six months, but it really doesn't need to keep coming up in the headlines. Especially not in the headlines of stories that are otherwise really interesting. That just makes it more irritating.

-Keslin [keslin.com], the naked nerd girl

Can it be avioded (2)

Some Wanker (398209) | about 13 years ago | (#318980)

The first thing I thought of was "remind me not to use this." Then I wondered if that is possible. What is passport linked into. I used to have a hotmail account, does that matter? What else will go through this? No patches to their products without using passport?

What if we turn this around? (1)

Guppy06 (410832) | about 13 years ago | (#318984)

If Microsoft owns all the rights to all the mail that goes through the Hotmail system, what does this say about the sex site spam I always seem to get from @hotmail.com? Could this be turned around to put any and all blame for that squarely on Microsoft?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account