Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

233 comments

Sorry! There are no comments related to the filter you selected.

Surprised? (-1, Troll)

BadERA (107121) | more than 7 years ago | (#18280184)

Not especially. *awaits the flood of M$ is evil replies*

Not really... (0, Redundant)

alexandreracine (859693) | more than 7 years ago | (#18280288)


They have revealed to developers that apparently all updates relay information to the company in Redmond.


You think you can flee?? You can run, but you can't hide [from M$!]

Re:Surprised? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18280570)

Not especially. *awaits the flood of M$ is evil replies*

 
Where I come from we call individuals like you "punk bitches".

Re:Surprised? (1)

BadERA (107121) | more than 7 years ago | (#18281530)

Oh yeah, where's that, cell block F? F, for "full of yourself"? or perhaps F, for "F yourself"?

Perhaps.... (3, Funny)

EmbeddedJanitor (597831) | more than 7 years ago | (#18280798)

MS is really running a P2P network through all its zombies (er, I mean, installs).

What if. . . (3, Insightful)

smooth wombat (796938) | more than 7 years ago | (#18280192)

you don't go through Microsoft Updates but instead go to their Security Search and manually download each patch?

Since you've never activated WGA, does that mean you're invisible to Microsoft?

Re:What if. . . (2, Insightful)

HateBreeder (656491) | more than 7 years ago | (#18280248)

Some apps, require "validating" your copy of windows before installation.

Windows Defender for instance, comes as local executable - but obviously, the WGA authentication is remote.

probably a non-issue anyway.

Re:No (5, Informative)

asphaltjesus (978804) | more than 7 years ago | (#18280426)

My firewall detects the connections after doing manual installs. I know this because I've got production equipment we can't just let windows auto-update on. Based on my experience, WGA is just one of many apps/updates that phones home.

Again, it's been this way for quite a while, and the information does not "perfectly" identify you, but each install has it's own signature as far as I can tell so they can deduce who you are pretty quickly.

Why do you care now as opposed to all of the other Microsoft's-evil-OS stories on /.?

Re:No (1)

smooth wombat (796938) | more than 7 years ago | (#18280552)

It was a combination legitimate question as well as snarky question.

Besides, since I'm on dial-up at home, whatever information is sent must take forever to get to them.

Re:Quick and Dirty (1)

asphaltjesus (978804) | more than 7 years ago | (#18280684)

We're talking about a few thousand bytes of info tops, so you wouldn't really recognize the slowdown.

Re:What if. . .piracy were more difficult? (3, Interesting)

hguorbray (967940) | more than 7 years ago | (#18280682)

Usually you will be forced to download WGA before you can get to other updates -and your new install of Windows XP or Vista will stop booting after about 45-60 days if it has not been validated online. Obviously there are OEM and corporate versions cracked versions which will install without online validation, but the requirement for WGA for software updates is probably still on.

My hope is that is all of these things make running pirated versions of Windows more difficult -particularly in the developing countries where internet connectivity is spotty such that OSS can gain in popularity and use. This could end up being a real win for Linux and other OSS.

cue stories of entire countries running off a single pirated copies of Windows and Office.....

-I'm just sayin'

first post? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18280196)

lol

Right and wrong (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18280200)

loosechange911.com

Re:Right and wrong (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18281150)

Thanks, I've been looking for a good indie comedy.

All updates relay Information... (2, Insightful)

HateBreeder (656491) | more than 7 years ago | (#18280218)

That's hardly surprising.
Considering that most of these applications are installed via the windows-update site...
I doubt you could even maintain a session without sending information back to the web-server.

I say: nothing to see here, move along.

Re:All updates relay Information... (0)

Anonymous Coward | more than 7 years ago | (#18280234)

Agreed ...

This is news ... why ???

Nothing to see (3, Insightful)

HomelessInLaJolla (1026842) | more than 7 years ago | (#18280256)

There really is nothing to see for those who are technically literate to the operation of modern systems. This sort of thing, however, should be included as a sticker on the front of all MS products as the majority of the population probably does not think about the consequences of callbacks. Most consumers, whom I've met, actively avoid products which obviously track their movements unless the product is highly desirable (eg. cellular telephones). Making the reality of callbacks more popularly known would have a definite impact on the decisions which consumers make.

Re:Nothing to see (1)

Raistlin77 (754120) | more than 7 years ago | (#18280658)

Making the reality of callbacks more popularly known would have a definite impact on the decisions which consumers make.

Good job killing your own suggestion there.

If it will keep people from buying their products, why would Microsoft do such a thing? Would you shoot yourself in the foot knowing that it will cause you immense pain?

Killing suggestions (2)

HomelessInLaJolla (1026842) | more than 7 years ago | (#18280958)

I'm not suggesting that it will keep people from buying MS products (though that would be nice, in the long run). What is more important is to encourage a frame of mind in the American consumers that such things can and do happen, on a regular basis, and the people who are making use of those systems may have some very severe ulterior motives.

With respect to "ulterior motives" most American consumers are nearly completely compromised by their consumerism mindset. People, in general, need careful guidance to stay focused on things which are important but which may be hidden from plain sight.

Re:Killing suggestions (3, Interesting)

Raistlin77 (754120) | more than 7 years ago | (#18281604)

Don't get me wrong, I think it's a great idea. However, you'd be hard pressed to find any major software company that would willingly put such a label on their products. People definitely need guidance to stay focused on the important things, but it seems that the only play in most large American corporations' playbooks is the Kansas City Shuffle [urbandictionary.com] .

Kansas City Shuffle (1)

HomelessInLaJolla (1026842) | more than 7 years ago | (#18281652)

I've never heard that one before... running interference, the pointing game, distract the farmer while stealing his chickens... the Kansas City Shuffle. Heh. :)

Re:Nothing to see (1)

Ash-Fox (726320) | more than 7 years ago | (#18280922)

This sort of thing, however, should be included as a sticker on the front of all MS products as the majority of the population probably does not think about the consequences of callbacks.
"Now sends information on failed/successful updates so we can improve upon our future updates."

Re:Nothing to see (4, Insightful)

Mr2cents (323101) | more than 7 years ago | (#18281156)

First the say:

With some updates such as the WGA Notification, the installer transmits data that Microsoft says it merely requires for quality control purposes and to improve the installer itself.
and in the next paragraph:

When the product IDs and product keys found belong to legal software, Microsoft will delete the data right away; only in cases of suspected software piracy will it store the data,
So when you are a legit user, they don't care about the quality of your software. They're only interested in the quality of pirated software.

Re:All updates relay Information... (1)

ditoa (952847) | more than 7 years ago | (#18280258)

Agreed. While I dislike WGA it is hardly surprising they collect success/failure data. The blog post was detailed and answered several questions I had. However I wouldn't say no to an option to disable it calling home, they have enough command line parameters one more won't hurt :)

Success/Failure/______/etc./ (Profit?) (5, Insightful)

Mateo_LeFou (859634) | more than 7 years ago | (#18280674)

TFA: "In the Privacy Statement of Windows Update Microsoft grants itself fairly far-reaching rights. Thus the information collected by the Redmond-based behemoth includes the computer make and model, version information for the operating system, browser, and any other Microsoft software for which updates might be available, Plug&Play ID numbers of hardware devices, region and language setting, Globally Unique Identifier (GUID), Product ID and Product Key, BIOS name, revision number, and revision date"

Kinda sad that we just assume letting vendors capture all this info is part of the game (i.e. necessary to make the update work right). Wrong. When I do "yum upgrade" -- as far as I know -- not a single piece of information about my system goes up the wire. Correct me if I'm wrong.

Re:Success/Failure/______/etc./ (Profit?) (1)

trianglman (1024223) | more than 7 years ago | (#18281012)

I don't know for sure, but I would expect that yum, at the very least, sends what base architecture and OS you are running, along with IP, etc. or that you can get that information based on what is requested. Not enough info to pick out one computer from a large install base, but enough to pick out most home users. Microsoft does collect a lot more, much of it they don't have any visible need to collect, but if you are getting your updates over the internet, you are already identified.

Re:Success/Failure/______/etc./ (Profit?) (2, Informative)

PitaBred (632671) | more than 7 years ago | (#18281638)

The difference is that yum can only infer that from data you voluntarily send to them every time you query for updates. Yum says "Send me the package list for FC6 on the x86 architecture", and that's it. The server gets your IP address as a side effect, and your system version. That's a far cry from that list of crap that Microsoft gets, and never says they're sending. I'm really not comfortable with sending all that info, especially since they don't explicitly state that it's happening. What other info can be asked for through their API? What about limits on info in the EULA? What other info might they send for "research" purposes?

YIKES! SQLServer, DB2, Oracle, or TeraData? (4, Insightful)

mosel-saar-ruwer (732341) | more than 7 years ago | (#18281322)


"In the Privacy Statement of Windows Update Microsoft grants itself fairly far-reaching rights. Thus the information collected by the Redmond-based behemoth includes the computer make and model, version information for the operating system, browser, and any other Microsoft software for which updates might be available, Plug&Play ID numbers of hardware devices, region and language setting, Globally Unique Identifier (GUID), Product ID and Product Key, BIOS name, revision number, and revision date"

There are what - like a billion or so computers in the world running an M$FT operating system?

And e.g. Windows 2000 is now up to something like 125 or 150 Critical Updates since SP4?

And they're keeping track of all of that data?

That's a database that would make the NSA green with envy.

Can SQLServer handle a load like that?

Or would you be looking at something specialized, like what National Cash Register built for Wal-Mart?

Re:Success/Failure/______/etc./ (Profit?) (3, Insightful)

HangingChad (677530) | more than 7 years ago | (#18281602)

Kinda sad that we just assume letting vendors capture all this info is part of the game

It's a gradual process. Ever been stopped on the way out the door at Costco? You're basically proving to the door lackey that you're not stealing anything. Since when is proving you didn't steal anything between the check stand and the door become part of the game? Because people let them get away with it.

Companies will keep doing whatever until customers push back. MSFT will keep being the invasive, WGA promoting rat bastards they can be until people extend their middle finger toward Redmond and learn a different operating system.

The door lackey at Wal-Mart tried stopping me the other day and I refused to prove I didn't steal anything, especially considering she had just watched me walk away from the check stand. I told her that if she thought I stole something to call the cops and walked out.

Re:All updates relay Information... (0)

Anonymous Coward | more than 7 years ago | (#18280398)

I doubt you could even maintain a session without sending information back to the web-server.

I'll take that as a challenge... ; )

Re:Next privacy policy change (1)

TheMeuge (645043) | more than 7 years ago | (#18280496)

The next change is Microsoft's privacy policy will allow them to view, copy, alter, or delete any and all data located on a computer running any Microsoft software.

I just wonder why Windows doesn't just phone home the entire contents of the user's drive... and then realize that the only reason that hasn't happened yet, is because storage of this data would be expensive for Microsoft.

Re:Next privacy policy change (1)

Abreu (173023) | more than 7 years ago | (#18281286)

The next change is Microsoft's privacy policy will allow them to view, copy, alter, or delete any and all data located on a computer running any Microsoft software.

Ok, I'll bite: Do you have any hard proof to these allegations?

I really think there's a big difference between "tracking down users" for marketing purposes, or to track down cracked software users... That kind of thing will be mostly transparent to a non-knowledgeable user. ...but if Windows update starts deleting mp3 collections, 3rd party apps or utilities, etc. from users computers, people are bound to notice!

And this can easily turn into a major backlash.

Re:All updates relay Information... (1, Flamebait)

rucs_hack (784150) | more than 7 years ago | (#18280510)

and what exactly can microsoft do with tens of millions of windows installs calling home constantly.

Such a volume of information almost automatically prohibits targetting individuals, no strategy to target individuals could work. The most that could be hoped for is statistics from which new strategies to combat piracy could be developed.

I think people take an ego centric view of this and don't like to see that theirs is just an insignificant particle of data in an ocean of information.

Re:All updates relay Information... (0)

Anonymous Coward | more than 7 years ago | (#18281074)

I suppose the same can be said for the FBI's wide scale data collections, or the CIA's version of that. Or the RIAA's version.

None of these are in of themselves damning..and I am sure much of this doesn't mean anything to you specifically UNLESS they are looking for something that they consider "illegal", "unethical", "immoral" or "un-patriotic"..

And I can bet you that your interests and concerns are VASTLY different than theirs are. And since its their product, (or rules), they can (and have) change the rulebook without informing you. (effectively turning you into those groups I listed above).

Egocentric it may be.. but history does not leave one with a warm and fuzzy about such things.

Re:All updates relay Information... (5, Interesting)

Jah-Wren Ryel (80510) | more than 7 years ago | (#18280514)

That's hardly surprising.
Considering that most of these applications are installed via the windows-update site...
I doubt you could even maintain a session without sending information back to the web-server.

Yeah totally, because:
  • Computer make and model
  • Version information for all installed Microsoft software
  • Plug&Play ID numbers of hardware devices
  • Globally Unique Identifier (GUID)
  • BIOS name, revision number, and revision date
are all necessary to download a single specific update not to mention maintain a session to the web-server.

Re:All updates relay Information... (5, Insightful)

Lothsahn (221388) | more than 7 years ago | (#18280742)

I'll bite:
Computer make and model -- needed for drivers for specific manufacturers and models. Do you really want to apply a HP patch on a Dell system?

Version information for all installed Microsoft software -- Needed to calculate whether or not updates are needed for Windows Media player, etc. Remember, Windows update does more than just Windows--it also updates all included bundled software with Windows.

Note: Sending information about non-bundled software is needed for Microsoft Update, but not Windows Update. Perhaps lazy coding there--wouldn't YOU want to share the hardware/software detection code for both update utilities?

Plug&Play ID numbers of hardware devices -- Well, it does update hardware drivers...

# Globally Unique Identifier (GUID) -- This seems completely unnecessary.

BIOS name, revision number, and revision date -- I'm not sure, but I believe they may also provide manufacturer-supplied BIOS updates for some manufacturers.

I'm no huge fan of Microsoft, and I'm not saying Microsoft isn't misusing the information, but in 4 out of 5 cases this seems necessary for the service they are providing. Remember, Windows Update updates drivers, hardware, and bundled software too. Microsoft Update services Microsoft software as well.

Re:All updates relay Information... (3, Insightful)

ValentineMSmith (670074) | more than 7 years ago | (#18280944)

Um, no. None of this needs to be sent back to Microsoft to determine which updates need to be downloaded. The local Windows Update control should download a list of all available patches, make the comparisons locally, and then download only the needed patches. They have no need to know what my computer make, model, shoe (and/or bra) size is. Which is one of the reasons that this is being written on a brand spanking new MacBook Pro

Re:All updates relay Information... (0)

Anonymous Coward | more than 7 years ago | (#18281040)

Which is one of the reasons that this is being written on a brand spanking new MacBook Pro
You think that OS X updates don't communicate to Apple what system you are using to make the data retrieved smaller rather than downloading the > 4MB document that simply lists update names from Apple, yet alone what they are/do?

Re:All updates relay Information... (2, Insightful)

W2k (540424) | more than 7 years ago | (#18281042)

You realize that the complete list of patches and optional downloads, for all supported versions of all supported products, is likely to be freaking huge? You wouldn't want it downloading that every time you run Windows Update - especially not dial-up users.

Re:All updates relay Information... (2, Insightful)

ValentineMSmith (670074) | more than 7 years ago | (#18281132)

Define "freakin' huge". Depending on how they wished to encode it, I'd put a guess in at a document around 150-200k or so. I'll go so far as to say 500k tops. That may be an extra 10 seconds on my DSL line. Compared how long it took that stinkin' ActiveX control to initialize in IE, even an extra minute or two would get lost in the underflow.

Re:All updates relay Information... (1)

W2k (540424) | more than 7 years ago | (#18281254)

I could easily imagine it as being in the range of tens of megabytes. You know how many different versions of Windows there are, right? Add to that SQL Server, Office, Visual Studio and lots of other software which Microsoft Update handles. Add to that all the hardware components (likely tens of thousands) that MU carries updates for. Unfortunately, I don't have any hard numbers to back this up.

I also don't see what the big deal is. Microsoft is getting some information about the hardware and software configuration of my PC - so? When I open my computer in a busy lecture hall, ten people behind me can get mostly the same information (and possibly something actually sensitive) by peering at my screen for ten minutes. Also, considering the intense scrutiny Microsoft is constantly being put under by this and other websites, I believe word would spread quite quickly if they actually used this data for sinister purposes.

Re:All updates relay Information... (1)

ValentineMSmith (670074) | more than 7 years ago | (#18281596)

I did some quick browsing through Microsoft's web site, but unfortunately, they seem to have some... issues with my non-use of IE. :) Anyway, if I'm not too mistaken, there are only two (or at the most three) major versions of windows that are supported. Vista and XP are supported, and I vaguely remember that 2K has been sunsetted already. So, if we consider 2K, there are three major versions of Windows to support. For SQL server, there is SQL Server 2K and 2K5. Same with Exchange Server.

The question would be with Office: I have no idea how far back their support of Office goes on the Microsoft update site.

And, again, my original point is that the parent was wrong: updates of this nature CAN be performed without sending any info to Microsoft's web site. One of your siblings noted that device driver updates weren't particularly linkable to a person. To be honest, neither are computer make and model. It is when they start tying that all to a GUID that I start to see ulterior motives. And, whether they store that GUID locally or on their servers makes no difference.

Re:All updates relay Information... (1)

trianglman (1024223) | more than 7 years ago | (#18281142)

Yum and Apt both handle this very well. Its just a matter of design. All your computer needs to know is which packages (downloads) it has, and then request current version numbers for these packages from the update server. If the update server has a new version - download it. It does put a bit more load on your local system, and it requires a log of current versions saved, but the difference is negligible.

Re:All updates relay Information... (1)

HateBreeder (656491) | more than 7 years ago | (#18281280)

Yum and apt maintain versions for packages. not specific patches for specific bugs and specific hardware.

Big Difference.

Re:All updates relay Information... (5, Insightful)

QRDeNameland (873957) | more than 7 years ago | (#18281338)

You realize that the complete list of patches and optional downloads, for all supported versions of all supported products, is likely to be freaking huge? You wouldn't want it downloading that every time you run Windows Update - especially not dial-up users.

I seem to remember Windows Update in Win2000 prominently displayed a message: "Checking your computer for installed updates...this is done without sending any information to Microsoft." And it only downloaded the updates I needed, not every one for every supported product.

Did something fundamental change as to why that system can't work anymore?

Re:All updates relay Information... (2, Informative)

W2k (540424) | more than 7 years ago | (#18281488)

Apparently. That message is not there anymore. Instead, Microsoft Update displays this:

Concerned about privacy? When you check for updates, basic information about your computer, not you, is used to determine which updates your programs need. To learn more, see our privacy statement [microsoft.com] .
Surprisingly, the linked statement is not written in lawyerspeak.

Re:All updates relay Information... (0, Redundant)

QRDeNameland (873957) | more than 7 years ago | (#18281574)

Changing their website privacy statement is not a fundamental change which explains why they can't do updates without phoning home, as they did previously.

Re:All updates relay Information... (1)

emor8t (1033068) | more than 7 years ago | (#18281070)

Do you like 6 gigs of updates? I don't.

Re:All updates relay Information... (2, Interesting)

trianglman (1024223) | more than 7 years ago | (#18281080)

What would be the difference? If you are downloading updates for a driver, one could reasonable infer that you have the hardware for that driver. Its just whether they are being told you have a piece of hardware or whether you can make a reasonable, educated guess, they are going to get the same results either way.

Re:All updates relay Information... (1)

ValentineMSmith (670074) | more than 7 years ago | (#18281184)

True. But, generally, having an individual piece of hardware is nowhere near as personally identifiable as a combination of machine make, model, GUID and so forth. Anyway, you're missing the point. I was merely refuting parent's comment that this information was required for the service, and it isn't.

Re:All updates relay Information... (1)

skoaldipper (752281) | more than 7 years ago | (#18281272)

Um, no. None of this needs to be sent back to Microsoft to determine which updates need to be downloaded.
I agree. Take any linux distro and their package manager for updates. I really do not see the need for WGA at all - especially since it worked quite well without it for all their other window releases. I remember Ubuntu catching some flack a while back when they had some process that transmitted back "most popular downloads" (when most users weren't even aware of it doing so). I believe currently you have to manually re-enable this.

Either way, I really don't mind that I'm exposing my navel to Bill or Ballmer. When I downloaded Visual Studio C# express a while back, I'm pretty sure I had to accept the WGA at the time. I'm not sure on that, so somebody correct me if I'm wrong. When I'm on win, I kick back into the click and forget mode, so I really don't remember at what point I accepted the WGA. Either way, I just wanted to check in and say "Hi Bill! How ya doing? I'm still here." (since I'm running linux right now and my normal WGA howdys won't be getting through).

Re:All updates relay Information... (2, Interesting)

drinkypoo (153816) | more than 7 years ago | (#18281220)

Computer make and model -- needed for drivers for specific manufacturers and models. Do you really want to apply a HP patch on a Dell system?

Mu.

HP and Dell don't do their own driver patches. They do roll up other people's drivers in their own packages, but they simply use the drivers of others.

There ARE non-driver patches for both, but they're related to special, custom software. For example HP has their own version of the software that goes with the Infineon TPM chip inside this HPQ laptop. But Microsoft isn't going to be delivering those patches to you.

Absolutely the only thing they need to provide updates are device and vendor IDs. For ISA and PCI cards that's provided by PnP. For USB devices, it's part of the initial conversation with the host, as well as for bluetooth. I don't know precisely what PCI-E does, but it's probably the same old PCI/PnP-style vendor and type.

Note: Sending information about non-bundled software is needed for Microsoft Update, but not Windows Update. Perhaps lazy coding there--wouldn't YOU want to share the hardware/software detection code for both update utilities?

The code is probably already able to distinguish between OS information and everything-else information. This can only be a deliberate decision. Wouldn't you want to retrieve as little data as possible to minimize the effects of bad network links and to avoid having unnecessary data complicating your life? Of course you would. Unless you wanted that data...

BIOS name, revision number, and revision date -- I'm not sure, but I believe they may also provide manufacturer-supplied BIOS updates for some manufacturers.

I've never seen one. I think they did deliver me a video bios update once though. Anyone know this for sure?

Re:All updates relay Information... (1)

hurfy (735314) | more than 7 years ago | (#18281502)

Umm, isn't that EXACTLY what the activeX control says it is doing WITHOUT sending any 'personally identifiable data' so it knows which updates to show ?!?

I take 'personally identifiable data' is still able to identify my machine, my ISP, my IP, my location, my programs, my browser, etc. but it doesn't know my name. Not altogether sure my name is actually in the computer for it to get in fact.

So, i guess it doesn't send any data back but each update you download using it will...pretty sleazy definitions :(

Invisible? (0, Redundant)

Y-Studios (988661) | more than 7 years ago | (#18280232)

You will never be invisible to Microsoft. MS is all about controlling you and your pc. Is time for Linux.

Reverse double-speak? (4, Insightful)

blakmac (987934) | more than 7 years ago | (#18280252)

"When the product IDs and product keys found belong to legal software, Microsoft will delete the data right away; only in cases of suspected software piracy will it store the data, the company has said. In the blog, the company once again explicitly states that it does not use the information gathered to identify or contact users." ...so we are expected to believe (by this wording) that they WILL keep the information relating to illegal installations, but not use it to identify the person using it. Why does that sound like a lie?

Re:Reverse double-speak? (1, Funny)

Anonymous Coward | more than 7 years ago | (#18280458)

Well, they could use it to disallow access to downloads using this particular installation of Windows.
Then they don't need to identify the person, but they want to store those hashes that identify the particular installation.

Re:Reverse double-speak? (1)

Applekid (993327) | more than 7 years ago | (#18280770)

...so we are expected to believe (by this wording) that they WILL keep the information relating to illegal installations, but not use it to identify the person using it. Why does that sound like a lie?

Of course THEY won't use the information to identify the person using it, just use the information to identify the computer. The generated signatures could argue that a computer could not have sent that data to Microsoft unless it ran whatever version of Windows.

The suspicious tone in this is because data they store in the packet doesn't relate to you, the activity of getting that data revealed your IP address which they could, like the RIAA, match YOU to the IP address. No, the data the installation called back home with won't identify you, the data about that transfer of that data will identify you. Then all they gotta prove is that you physically possessed the computer and did not possess a license to run Windows.

As I've said to people I'm setting up machines for: If you're going to resign yourself to using Windows, you should pay for it.

Re:Reverse double-speak? (2, Informative)

AJWM (19027) | more than 7 years ago | (#18281504)

Well, see, they don't use the illegal IDs and product keys "to identify or contact users". But they do also grab the IP number that those came from. Now, they may not use that IP info either, but if a list of IP numbers and illegal product tags were to be passed along to, oh, say, the BSA (Business Software Alliance, not the Boy Scouts of America, aka the enforcers), and the BSA were to ask ISPs for a name and address corresponding to that IP...

So Microsoft isn't using that info (and certainly not that specific item of info) to contact users, but they might be passing it on to someone who is.

Typical Microsoft statement; parsed carefully and in the right context, it might well be literally true, and it sounds good, but it could well be misleading.

Make Microsoft Pay (-1, Troll)

Nom du Keyboard (633989) | more than 7 years ago | (#18280254)

Microsoft should be made to pay, and I don't mean some slap on the wrist, over this one. Where are the people who are supposed to be protecting us???

Re:Make Microsoft Pay (0)

Anonymous Coward | more than 7 years ago | (#18280268)

At the bank cashing their checks.

Re:Make Microsoft Pay (0)

Anonymous Coward | more than 7 years ago | (#18280314)

Help me.. somebody please protect me. I'm helpless. Big government.. protect me please

Re:Make Microsoft Pay (0)

Anonymous Coward | more than 7 years ago | (#18280382)

Oh noes! MS is using teh regis tree infos!

I've said it before, and I'll say it again... (4, Funny)

Arceliar (895609) | more than 7 years ago | (#18280306)

*In his best E.T. voice*
P.C. Phone Home

*ahem* I mean.. uhh.. I can understand wanting some information about the machines running one's software, as it helps understand the market and improve upon current design. But SOME of this information seems a bit excessive. Unless one plans to start banning specific pieces of hardware, but that's just evil.

Re:I've said it before, and I'll say it again... (2, Insightful)

punxking (721508) | more than 7 years ago | (#18280440)

I can understand wanting some information about the machines running one's software, as it helps understand the market and improve upon current design.

Agreed, but they could tell users they are collecting up front, or even *gasp* ask for it first!

Re:I've said it before, and I'll say it again... (2, Insightful)

dannannan (470647) | more than 7 years ago | (#18280502)

Without telling Windows Update which software and hardware you have, and which patches you have installed in the past, your only option would be to download every patch for every application and device ever released. This would quickly become unworkable.

D

No. (1)

warrax_666 (144623) | more than 7 years ago | (#18281134)

You would not have to download every patch. Patches could have separate metadata saying "Only install if a device with such and such device is installed" (and similarly for other stuff). The client software could then decide whether to download the full patch based on metadata. Yes, one would have to download all the metadata, but at, say, ~1k bytes per update that would not be prohibitive at all.

Re:I've said it before, and I'll say it again... (1)

QRDeNameland (873957) | more than 7 years ago | (#18281490)

Without telling Windows Update which software and hardware you have, and which patches you have installed in the past, your only option would be to download every patch for every application and device ever released. This would quickly become unworkable.

As I posted upthread, Windows Update in Win2000 prominently displayed a message: "Checking your computer for installed updates...this is done without sending any information to Microsoft." And it only downloaded the updates I needed, not every one for every supported product.

Were they lying then? Otherwise, why couldn't they still do it that way, other than to collect information on you?

Re:I've said it before, and I'll say it again... (2, Insightful)

Rob the Bold (788862) | more than 7 years ago | (#18280644)

I can understand wanting some information about the machines running one's software, as it helps understand the market and improve upon current design.

True. They want the information. Maybe even for a reasonable purpose. So what's wrong with asking for it? I want 100 Billion Dollars. But if I just take it without asking, it makes people upset. I have a good reason: it would make me happy. It takes more than just a "want" to justify taking something, even for corporations.

But SOME of this information seems a bit excessive. Unless one plans to start banning specific pieces of hardware, but that's just evil.
I hadn't even thought of that angle. That is evil.

Re:I've said it before, and I'll say it again... (2, Interesting)

deep_creek (1001191) | more than 7 years ago | (#18280730)

"But SOME of this information seems a bit excessive. Unless one plans to start banning specific pieces of hardware, but that's just evil."

I have a few friends that play in the stock market and have said for a long time that they bet Bill uses this information to buy/sell stocks and $$$. Think of the unbelievable wealth of information. Which hardware/software/etc... are folks buying and what are they not buying? etc... etc...

Re:I've said it before, and I'll say it again... (1)

gyrogeerloose (849181) | more than 7 years ago | (#18281066)

SOME of this information seems a bit excessive. Unless one plans to start banning specific pieces of hardware

Such as Macs running Windows under Parallels or Boot Camp, perhaps? As I recall, the EULA for Vista prohibits this.

This is News Now? (1)

asphaltjesus (978804) | more than 7 years ago | (#18280360)

It's been this way for some time. For example, I regularly get outgoing connections when using .msi packaged apps. For an app that has no real reason as it is free for nokia owners this makes no sense to me. They go to a verisign certificate server and then a certificate revocation list.

Older apps used custom ports, nearly all apps I've installed recently do it on port 80. Denying the connection doesn't seem to change anything.

I've got recent screenshots in case anyone is interested. BTW I'm running Kerio personal firewall, which is excellent for this kind of thing.

Re:This is News Now? (1)

sqlrob (173498) | more than 7 years ago | (#18280432)

A cert server and CRL server is reasonable. It needs to verify the signature before opening it.

Re:This is News Now? (3, Insightful)

cdrguru (88047) | more than 7 years ago | (#18280512)

Is the executable digitally signed?

Has the certificate covering the signer been revoked?

Are you installing some Nokia application or are you installing a disguisted copy of Claria adware? If I get my hands on the private key for the company Nokia is using to build their application, I can sign anything I want as that company. It is up to them to revoke the certificate. Wouldn't you like to know?

I know, if you had the source code you wouldn't need a digital certificate because you could compile it yourself and then you would know. After downloading the libraries it uses. And after checking through all of the source code and comparing MD5 signatures to make sure you have the correct version of all of the libraries, not some spyware-infected trojan.

Sounds sort of like a digital signature to me.

Re:Indeed it is a digital signature (1)

asphaltjesus (978804) | more than 7 years ago | (#18280786)

And the next logical step is to control what you can install. But before that, Microsoft will most likely force a developer to buy a microsoft approved cert to "protect their users" and raise income. This of course will be a huge chilling effect for developing new things on a Microsoft OS. Given their monopoly status, it only makes Windows PC's and the apps running on them more expensive to consumers.

It's not spyware. Kerio personal firwall would alert me. It has in the past anyway....

it's the price you pay, alas (2, Informative)

swschrad (312009) | more than 7 years ago | (#18280370)

software vendors are firmly locked into the attitude that you, LICENSOR, have no rights other than to buy new stuff when we drop support for the old stuff and design the new stuff to only superficially work with the old stuff.

like, for instance, all of the "cool features" use new runtimes and new features, and none of it is backwards compatible.

so is anybody really surprised here? if the user hash code field they recover is all over the warez circuit, no matter what the EULA says, someday the number of hits on you is going to run over some trigger number in update. at that point, you will run into a block.

had to reinstall windows ME legally on a machine last weekend. got all the critical updates pulled off on IE, and from that point on, update kept returning "thank you, you have a Mac, you can't update here." everything worked fine the next day, and I got the rest of the criticals done.

I can only assume they have all sorts of wonderful blocks and trigger numbers over there, and since they own the software and you own only a cancelled check, it's just tough damn luck.

Re:it's the price you pay, alas (1)

thegameiam (671961) | more than 7 years ago | (#18280420)

you re-installed Windows ME? on what, your enemy's computer?

Re:it's the price you pay, alas (0)

Anonymous Coward | more than 7 years ago | (#18280716)

you re-installed Windows ME? on what, your enemy's computer?
That's exactly what I thought. Methinks GP is lying.

Blog Translation (5, Funny)

Tackhead (54550) | more than 7 years ago | (#18280384)

From the blog [msdn.com] :
> By learning at what point in the install process some users decide to abandon, we can put more effort into the right places in the installation wizard. Remember our goal with the wizard is to give more information so customers will be better informed. We heard from customers that they wanted more information about what the software was and how it worked so we created the install wizard to provide that greater context. Knowing this kind of information about the install wizard installations is critical for us to continue to improve the customer experience of WGA. If we are not hitting that mark, we can use this method to improve.

By learning at what point in the install process some users decide to say "Fuck this, I didn't sign up for this!", we can put more effort into the right places in the installation wizard. Remember our goal with the wizard is to obfuscate and misdirect so customers will either not know how we're spying on them, or for those who figure it out, at least they won't be able to sue us over it. We heard from customers that they wanted to know what else were doing behind their backs so we created the install wizard to provide us with plausible deniability. Knowing this kind of information about the install wizard installations is critical for us to continue to propagate the viral meme of WGA and other notions, like software as a service, and ultimately the notion of an operating system as a subscription-based service, like we're doing with the Windows Vista self-destruct sequence. If we are not hitting that mark, we can use this method to slowly increase the amount of DRM we've crammed up your ass until you look like the Goatse Guy, and if we do it slowly enough, you'll not only pay us, you'll thank us for the privilege!.

Re:Blog Translation (1)

$RANDOMLUSER (804576) | more than 7 years ago | (#18280508)

John Dvorak, is that you?

Re:Blog Translation (1)

TacNuke (890744) | more than 7 years ago | (#18280918)

More like, Lewis Black, is that you?

Re:Blog Translation (1)

Var1abl3 (1021413) | more than 7 years ago | (#18280542)

"When the product IDs and product keys found belong to legal software, Microsoft will delete the data right away; only in cases of suspected software piracy will it store the data, the company has said. In the blog, the company once again explicitly states that it does not use the information gathered to identify or contact users."

So let me get this straight... If it is a legal install they delete the info they receive but if it is not a legal install they retain that data but do not use the information gathered to identify or contact users.... so why keep the info if you are not going to use it to 'identify or contact users'

Does not seem right to me but does not supprise me either... AAAHHHH Windblows XPee

Re:Blog Translation (1)

Maxo-Texas (864189) | more than 7 years ago | (#18281344)

Well actually going slowly is the key to it being fun vs painful.

Re:Blog Translation (1)

dr_labrat (15478) | more than 7 years ago | (#18281650)

Wow and yet despite this, more and more people are switching to Linux and OS X :-)

Very nice post, by the way.

know what? (0)

Anonymous Coward | more than 7 years ago | (#18280390)

Don't give a shit. Seriously. Do not give a shit. Who has the time anymore to care.

Re:know what? (0)

Anonymous Coward | more than 7 years ago | (#18280464)

And yet you have time to compose such an insightful comment.

EULA (5, Interesting)

Zapraki (737378) | more than 7 years ago | (#18280492)

Like the article says:

"In the Privacy Statement [microsoft.com] of Windows Update Microsoft grants itself fairly far-reaching rights... By way of justifying Microsoft's approach, alexkoc writes that the EULA, likewise presented by the WGA installer, also covered the relaying of such information."

So I guess it might be a bit sneaky, but it has all been covered by WGA disclosures.

An example of the XML returned when a user cancels an installation is available here [msdn.com] , "just to allay any fears that Microsoft is using any personal information".

So ya, I don't think this is a huge deal, nor particularly unexpected.

Re:EULA (1)

ACMENEWSLLC (940904) | more than 7 years ago | (#18280976)

We have a firewall that blocks ALL Internet access to numerous machines. NT 4.0 days, we didn't see this. But as of XP and 2003, and SUS/automatic updates - we see these blocked machines attempt to hit Microsoft often.

Our antivirus does the same thing to ensure the license isn't expired. Adobe does this as well. So does Apple and many other products. Even our IBM servers do this.

I'd say Novell is the best at not doing this, imo.

Add Nero to the list (1)

denis-The-menace (471988) | more than 7 years ago | (#18281636)

Everytime I fire it up, my cablemodem gets busy.

Maybe if MS made this a good thing for the user... (0)

Anonymous Coward | more than 7 years ago | (#18280550)

I can see MS making WGA a good thing, with some significant changes:

1: Redefine "genuine" to mean a clean copy, with no modifications or tampering. For example, a PGP signature on ISO images.
2: Have WGA do a periodic, fast check for the obvious malware in the process table or RAM.
3: Check for obvious rootkitting while being run. For example, if an unsigned program has hooked the keyboard interrupt. If its a signed program, no biggie. Otherwise, post a dialog, and have an option to ignore the issue in the future.
4: Offer functionality to "vet" install media, so a CD/DVD of a VLK install can be scanned to check if it has not been modified to install malware. This is important, because a lot of install media comes from downloaded images, not physical CD or DVDs.

I don't think anyone would mind a lightweight process that checks for the following (and can be of course be easily turned off.)

Pirates? (2, Interesting)

Sean0michael (923458) | more than 7 years ago | (#18280566)

From the article:

When the product IDs and product keys found belong to legal software, Microsoft will delete the data right away; only in cases of suspected software piracy will it store the data, the company has said. In the blog, the company once again explicitly states that it does not use the information gathered to identify or contact users.

Seeing that Microsoft has done very poorly in correctly determining which installations of Windows are legitimate, how competently can they track legal software?

its a "no brainer" (1)

proudhawk (124895) | more than 7 years ago | (#18280574)

I wouldn't be surprised at all that M$ has done this. its been in their "security model" for a better part of the last 5 years or so.

what surprises me is that all the folks who haven't realized this are making such a stink (and its been rather public for some time).

anyway, the assumption here is this:
a little paranoia with regards to windows is a good thing. never assume they aren't "watching".

- TMH

Castration (1)

linvir (970218) | more than 7 years ago | (#18280590)

This kind of thing is much less of a concern after removing Windows' network drivers, unplugging the network cable, and configuring the router to lock the MAC address out of the internet completely.

Unfortunately, I've gotten myself into a bit of online gaming lately, so I can't do any of that any more.

NO PROBLEM (2, Funny)

AnalogDiehard (199128) | more than 7 years ago | (#18280696)

When I installed Windows I used PENFOLD JACKSON when it asked for my name.

I doubt M$ will want to retain THAT information...

In other news... (0, Offtopic)

tsmit (222375) | more than 7 years ago | (#18280700)

Apparently tom brady got his girlfriend knocked up... No, the NEW one. Oh, and OJ Simpson is the father of Anna Nicole Smith's baby... Must be a slow news day.

...and they go further than that! (3, Interesting)

blindd0t (855876) | more than 7 years ago | (#18280836)

For example, if you are using the Visual Studio 2005 IDE and use the integrated access to the online MSDN documentation, you can copy the URL from the address bar in VS2005 and paste it into firefox. What you'll find, in many cases, is Firefox asking you if you would like to download "HiddenCheck.exe". Though I have not seen this for some time now, I have recently found that there are a few pages in the online MSDN docs that load fine with IE, yet say the "Resource is not available" in Firefox. Of course, while I'm sort-of whining a little, I may as well go on to complain about how several of the MSDN pages only render properly in IE. :-( I can't trust them enough to use their own browser without feeling like I'm being watched, and I can't use an alternative browser in an attempt to try to protect my privacy. Granted, I'm not doing anything wrong, but that feeling of always being watched is enough to make anybody feel uneasy.

all of them do? (1)

mastershake_phd (1050150) | more than 7 years ago | (#18280856)

The bandwidth costs must be huge.

UK/EU - Data Protection Act (5, Interesting)

stevedcc (1000313) | more than 7 years ago | (#18280938)

So, I live in the EU. We have rather stronger laws regarding companies holding information on people than you Americans do. I object to this information being collected on me. Whilst I can't stop them collecting it, I CAN force Microsoft to reveal all information they hold about me, after I pay an admin fee of around £10 and it'll cost them far more than that to provide it. One person is nothing, but if a whole bunch of irate people were to start asking for this information - MS would be very unhappy. Now if only EFF Europe or some other organisation would organise a pro-forma, and encourage a mass "ask MS to reveal what they hold on you" - as many people as possible in as small a window as possible. Geurilla consumerism is great fun!

my windows pc isn't on the network (1)

cats-paw (34890) | more than 7 years ago | (#18281086)

I'm currently trying to figure out how to COMPLETELY block my new PC with XP from going out of the local network. Until I'm sure I have it right, I don't even have an ethernet cable connected to it.

So believe it or not, I'm simply transferring files via usb drive.

I use a Mac most of the time, and given all the hoopla about evil Micro$oft, I wonder if evil Apple is doing a bit of the same thing and maybe they are just not getting the press ?

So? Don't use Windows Update. (1)

Runefox (905204) | more than 7 years ago | (#18281178)

Use Windiz Update [windizupdate.com] !

List of data sent back (4, Informative)

trianglman (1024223) | more than 7 years ago | (#18281382)

From the WGA Blog [msdn.com]

  • Source ID (which product is requesting an update) - necessary to get the right patches
  • Event Code - Not sure what sort of events this is tracking, curious, but not necessarily evil
  • Version - I assume this means version of the updater, but could mean version of the base software, either way see #1
  • Hash of the event - good security check
  • Custom Data - completely unexplained, this is what worries me the most in the list
  • Return Code - ok from a usability standpoint (most websites track when users leave, so I put this in the same class as that)
  • Part of a domain? - no reason for this to be sent, as far as I can see
  • Partial binary product key - piracy reasons? Can't think of any other good reason for this
  • WPA hash - also unexplained, but probably related to the above
  • OS version - see #1
  • User locale ID (langauge) - reasonable if they are presenting nationalized dialogs, removes a prompt from the user
  • System locale ID (computer default language) - don't see much of a reason for this except as a backup for the first, odd
  • Diagnostic code - reasonable for debugging
  • Client Id - i.e. GUID - why do they get this if they aren't using it for user tracking
  • HD volume serial - no reason for this, except user identification
  • Computer security hash - see above
Other than those last identifiers, most of the information I see requested make sense.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>