Slashdot Mirror

I think you mean the memo from 2002, and so others can find it, here's a link to it.

And finding old revisions could be as simple as scrubbing back through a history bar like watching a video.

It appears you're talking about permanent storage of arbitrarily detailed revision history of every document. However, this may create a bit of confusion as to the nature of "the document". If you e-mail "a document" to someone else, are you e-mailing a specific revision or the entire revision history? If you copy "a document" to an external drive, are you copying a specific revision or the entire revision history? If both operations are available, how do you communicate the difference between these to the user through the GUI? I seem to remember international news stories about information being leaked through Word documents that come with some of their revision history.

This is a reference to the Google.com vs. Google.cn side-by-side image search, requires Javascript. Mods are on crack, working for google.cn, or both.

Is this any different from Microsoft's Windows Media Player database that phones home or used to phone home? http://www.computerbytesman.com/privacy/wmp8dvd.ht m

Yes, it's different.

First of all, the article you link to is very old (2002, and talking about WMP8). Since then the public outlook on privacy has changed, issues and expectation have been clarified, things like opt-out have become less acceptable, and so on. Current versions of WMP not only don't enable phoning hoome by default, but also open a window during installation asking you about the privacy options you want. Apple seems to have missed on some of those developments.

Is this any different from Microsoft's Windows Media Player database that phones home or used to phone home?
http://www.computerbytesman.com/privacy/wmp8dvd.ht m

For example, several years ago Microsoft reportedly posted its annual report as a Word document, which contained evidence that it was composed on a Macintosh.

That example is good for a chuckle (OK, maybe a belly laugh for us Mac fanboys), but suppose someone sent a document to a customer that showed it was filed in a folder named "Correspondence with Idiot Customers" without the sender realizing it...

> If you have something that you don't want to share, you don't have to submit it. :-)

Sure, I know that. But .doc is notorious for including all sorts of metadata. I understand what Reuter's goals are. I just think that in the general case, it's irresponsible of him to advocate just submitting .doc files without advising users to at least wipe metadata...

These days I imagine one could publish a nice PDF file and have it accessible on the register it self.

Of course you could do the less rich, IE only (what isn't?) Notepad Pop-Up

Spyware like watching which DVDs you watch

The UK government was famously caught out by Word document history.

And you think Windows Media Player is not a malware.

If anything Media Player is the WORSE of the two since it doesn't tell you anything...

I didn't realize that Missouri and Indiana were in New England.

No spyware in Windows Media Player? Think again!

here you go

The point is that you've had to jump through hoops to secure your IE. With Mozilla Firebird, I had to do absolutely nothing. Which do you think Joe User should be using, knowing that they aren't going to have the faintest clue of how to set IE up to be "safe"?

• WMP allows Microsoft to individually track what DVD movies are watched
• Supercookies bypass all of the new privacy and P3P protections
• EULA (End User License Agreement) for a security defect fix gives Microsoft complete control over your computer
• Users have no choice but to send Microsoft information about their computer configuration

• WMP allows Microsoft to individually track what DVD movies are watched
• Supercookies bypass all of the new privacy and P3P protections
• EULA (End User License Agreement) for a security defect fix gives Microsoft complete control over your computer
• Users have no choice but to send Microsoft information about their computer configuration

Maybe Joe should take the time to find out, if he doesn't appreciate getting spied upon. WMP keeps track of everything you play, and phones home frequently to let Microsoft know.

They'll still be able to make Notepad Popups

Oops. Unless an entity with monopoly power forces people through the "minor" inconveniences of DRM (with centralized "registration" - read monitoring) in order to use products that we have no choice but to both use, and keep current on upgrades.

Unless you are saying we can just optionally all switch away from Windows, Office, etc. right now. LOL. Not quite yet, anyway. Not unless you want to pay for the world-wide migration and personally assume the risks.

And then every other company jumps on the DRM bandwagon, because it's already there.

Then not installing your optional DRM makes not optionally giving your social security number quite easy by comparison.

This may not be the particular piece that does it, but this is coming.

This is the company that bugged Windows Media Player, so that it reports back what you watch, along with your GUID. Oh yeah, it's not personally identifiable. Until you register your product, and it can be cross-referenced, that is. "Oh yeah, uh, we need to check your DVD 'title and chapter information'. And your GUID. Huhuhuh." MS is bad news on privacy.

The Word version of this document has now been removed from government websites but copies of it are still available elsewhere on the net.


Here's a copy of the document. Should save anyone else the trouble of googling for it </karmawhore>.

This has happened to the UK government several times. The latter link shows whose sticky fingers were on the infamous "dodgy dossier".

Gareth

Have to post a link to this famous example, the dodgy dossier. There was a writeup here. If you're thinking of making the case for war, don't release Word documents to the press - unless they're very very docile.

http://www.computerbytesman.com/tia/

(Link for creepy logo only! Well, the cached pages are kind of interesting too.)

What new ground is broken here?

None.

The simple fact remains that Micro$oft produces products that are riddled with the most egregious of security lapses, and that Micro$oft has an unrivaled history of dragging it's feet/passing the buck, even when billg is hit over the head repeatedly with the fact that his minions have unleashed yet another f*ckup on the unsuspecting public.

So, it's possible to contrive html that, when viewed on a remote web site, reformats the local hard drive of the box IE is running on?

Are you kidding me?

billg and every single idiot who was anywhere close to being involved with this f*ckup should be sued for every last penny they have.

As for full disclosure, let 'er rip.

It's the only way Micro$oft will ever be held in the least bit accountable for their crap.

t_t_b

Also for folks using Windows IE (the majority) ATT&T offers up their free eternally-beta AT&T Privacy Bird which gives folks visual and auditory feedback (both controlled/turned off in Prefs) on site's P3P settings. Quite informative actually, I discovered just how awful Yahoo's policies are when I used their headline aggregator (just who are they selling my newsreading habits to?) [rhetorical question]

The P3P folks have put together a great website at P3P Public Overview which is chock-full of useful information. On the other hand here is an interesting critique and here another, suprisingly both by lawyers. Security guru Richard Smith also has an important (though hopefully now fixed?) page on supercookies and how MS IE 6's touted protections can be got around.

Mozilla of course supports P3P and it's useful to understand just how MS IE 6 suppports and applies P3P and cookies.

The one thing I like the look of is P3P support. A little shocking that IE got this long before anybody else.

But it's not terribly shocking that Microsoft's P3P implementation wasn't (isn't?) entirely up to snuff (see: SuperCookies). This is somewhat humorous, given that support for P3P in IE 6.0 solely concerns cookie use, and not much (if anything else) in the W3C Recommendation (see: P3P: Privacy Primer).

Some support (IE 6.x) is probably better than no support (NN 7.x), but there is no P3P implementation for either the Mac or *nix versions of Internet Explorer. So, while I'm willing to admit that Microsoft is trying, I'd continue to ask that they try a bit harder in the future.

I didn't see in the article or anywere here one ofthe main motives to make Linux more widespread. The fact that it is free. Speech free, that is.
No, I do not expect my mother to write plugins for her mail client. But we do stick with free software, or we will be left out. Left ou of the "misterious inner workings of computers and prograns", and that will be very soon.
Mr. Villanueva may have a better written document on why we should stick with free software than I could ever write.
But if we are talking just of being better or worse than windows, in this or that aspect, of being cheaper, we are kissing our freedon goodbye. And I am not saying freedom to write or modify prograns. I am saying freedom to use and produce culture, read books, using computers as typewritters without the one maker of the one "trusted computing word processor knowing of everything we write.
If you think I am over worried about this, remember that Microsoft media player does send information on what you are watching or hearing to microsoft. Do you think that when a non Palladium computer able to run Linux or other "untrusted" software sells for about 5 times the price of a "mainstrean computer appliance", due to industry mass production prices constraints.

I'm sorry to be a party-pooper, but where's the evidence that they take money from Microsoft? The ZDNet article says nothing about that, and the talkback comments (at least the few dozen that I read) provide no evidence along those lines, either. The Register says that Richard Smith says that they take money from Microsoft, though they present no evidence along those lines. Smith's a cool guy and all, and he's got a good track record, but I'm going to need a little more than a second-hand non-credited reference to believe this.

I did a little poking around and a little Googling, but was unable to come up with any evidence on my own.

So, please, could somebody enlighten me?

-Waldo Jaquith

It builds a media cache, it don't spy. Read the source article that started the mess rather than the distorted version written up there.

Microsoft's response to the issue, mentioned above, lets it slip that Windows Media Player tries to connect to windowsmedia.com:

When consumers first insert a new DVD (this does not apply to subsequent insertions), Windows Media Player goes up to Windowsmedia.com (WMC) and gets the chapter information....

When the player contacts WMC, it sends a cookie that includes no personal identifying information. This allows WMC to personalize the radio tuner and measure--in general terms--how many users are connecting to it.

So it appears that completely disabling cookies is not the only way to stop Windows Media Player from phoning home. You could also add windowsmedia.com to your HOSTS file or to ad-blocking software like Internet Junkbuster.

The reason your entire viewing habits are available to MS is because every time you insert a DVD, WMP8 contacts an MS website with your GUID and the DVD's TOC. This is in addition to keeping a log of DVD's on your computer. The ostensible purpose for the request is to get the DVD's "title and chapter information."

This begs the question: what is a DVD's "title and chapter information," anyway?

What possible purpose does having it serve?

We all know that CD player programs call up CDDB because there's no track and album titles handy on the disc. That's fine and good: perfectly legitimate use of network callback. Note: there's no need at all for any personally identifying information (GUID, cookie, or whatever) in that transaction... but that's not my main point.

Unlike a CD, a DVD has every piece of information you already need included, along with a custom interface, etc etc. And in all the coverage I've seen of this issue, no one seems to be catching on to the fact that, as far as anyone can tell:

DVDs are not CDs. There is no justifiable need for any user to have a DVD's "title and chapter" info at all, let alone for them to give a unique identifier to MS while requesting it.

So why go to all the trouble of building a scalable web application to service a non-feature?

Sure, MS is rich, but I guess conservatively that this functionality was a low six figure outlay to start, and it creates a neverending and not inconsiderable ongoing support cost to maintain a database and a server farm. It has to be big: they're servicing every XP/WMP8 user in the world, after all.

On a final note, let's consider the infamous Windows GUID. It's generated from a variety of sources: your PIII Processor Serial Number, if available, your ethernet MAC address, and I believe several other pieces of optional identifiable hardware are potentially tapped.

Microsoft is the same company that silently attached GUID's to every Word document you produce, by the way.

GUIDs don't contain your name or email themselves, but wait...

http://www.computerbytesman.com/privacy/wmp8dvd.ht m

"However, if a person signs up for the Windows Media newsletter, their email address will be associated with their WindowsMedia.com cookie."

It gets better.

"Also when subscribing to the Windows Media newsletter, I was encouraged by an email message from the Microsoft newsletter department to create a Passport account based on my email address. In theory, yet more personal information from Passport could be matched with what DVD movies I have watched."

If you are curious, the other shoe dropping will sound like this:

MS "Passport" registration (which is required for customer support) also collects GUIDs directly.

-David

Check out Windows Media Player's Super Cookie. They already have a GUID, although you can change that if you wish. My theory is many people won't.

Could you defeat this whole scheme by putting an entry in your hosts file to direct windowsmedia.com to 127.0.0.1? Wouldn't that prevent WMP from ever sending that data?

True, it'd disable the site and cddb ability alltogether, but is that so bad?

Curse this Moz build... damn testing only binaries... :)

The links:
Here's his page on the topic;

Bugtraq post

Microsoft's response.

Curse this Moz build... damn testing only binaries... :)

The links:
Here's his page on the topic;

Bugtraq post

Microsoft's response.

The AP is reporting that there is spyware within Windows Media Player 8(which ships with XP)

In reply to those people saying "this is just the same as CDDB, what's the big deal?": this IS a bad thing, for the following reasons:

• As with most of the rest of XP's phone home functionality, there's nothing to tell the end user what's happening here. As with previous incidents of unexpected traffic seen from XP machines, Smith had to break out a packet sniffer to discover what the traffic was and where it was going.
  
• You trust Microsoft NOT to start correlating this info to make some use of it further down the line? You trust them NOT to sell it to the MPAA so help them track evil pirates playing non-MPAA titles? As they don't even tell you they're doing it, there's no privacy policy involved - they give no categorical assurance that they won't give the info the CIA or the BSA, for that matter.
  
• Why the hell should Microsoft get to run CDDB as well as everything else? It's just another example of their greed and desire to own all your media.
  

Microsoft have yet to learn that in privacy and security matters, the correct default is to trsut no-one and nothing. If you prove to your customers or users that you're worthy of trust, you'll get it. Take it for granted, and assume that the user won't MIND if your software starts sending your personal data back to the vendor (or a thrid party) without telling you, and you start getting into people's shitlists. When you're Microsoft, you have to bend over backwards to ensure that not only are you doing the right thing, but that you're SEEN to be doing the right thing. If you give a flying one, that is; if you really are Microsoft, then you couldn't care less, because your Windows monopoly means 99% of users and customers haven't got any choice in the matter.

And what if you're a network security person and spot unauthorised traffic (which is what this is) on your network? You could spend a lot of time & energy investigating. For all I know, this could be a DDoS agent that some kiddie's planted on a cracked XP box, and is now starting to flood windowsmedia.com .

If you really think this is "just like CDDB", ask yourself: why are Microsoft going to the trouble and expense of providing this "service" - given that they don't even tell people they're doing it? What do they hope to gain from it? How does this increase their marketshare or mindshare? Follow the money...

De only way to disable it, requires you to disable cookies completly. Check Microsoft response to the autor. This can be good in some sites, but you will lose some features on other sites.
You can always disable cookies on IE and use them on mozila

In their response, Microsoft says it is not using the information for marketing purposes. They also say they are in the process of updating the MPXP privacy statement to state that "No personally identifying information is ever transferred to Microsoft as a result of DVD playback, and any information that is transferred cannot be combined with any other sources of information to identify users."

If you really have a problem with Ids, why are you on the Internet? Your IP is an identifier, as is your hostname, etc. Microsoft is trying to implement DVD chapter navigation outisde of the DVD. Are you going to blame them for trying to add features to their products?

The bulletin I saw on bugtraq said nothing about tracking songs. On top of that, Microsoft disputes the bulletin and issues in it, but the author is blantently ignoring their direct responses to all of his points. this is an extreme exaggeration that seems to be driven by the "fear big old Microosft" camp. It is a feature, not spyware.

The bulletin I saw on bugtraq said nothing about tracking songs. On top of that, Microsoft disputes the bulletin and issues in it, but the author is blantently ignoring their direct responses to all of his points. this is an extreme exaggeration that seems to be driven by the "fear big old Microosft" camp. It is a feature, not spyware.

To block SuperCookies requires changing an obscure option in WMP which is barely documented.