Slashdot Mirror
MS Passport: "All Your Bits Are Belong To Us"
One of the key questions is what Microsoft means by "associated services." The terms of use agreement applies to "the Microsoft Passport Web Site" which they redefine in the first sentence to mean "a Web site and its associated services."
Later in the terms, they explicitly say:
"The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group (collectively, 'Communication Services')..."
That doesn't sound like a simple site for password- and personal-data-storage to me.
The really big thing that everyone seems to be worried about is, how is Hotmail email affected by this? Here's the Hotmail Terms of Use. So is Hotmail an "associated service"? How would we know? Passport is listed as one of Hotmail's "additional Microsoft web sites and/or services"; what does that mean? If Hotmail is associated with Passport, does that mean Passport is associated with Hotmail? (Is "association" associative?)
And the fact that any access of www.hotmail.com redirects me to a machine at hotmail.passport.com worries me a lot. How could these sites not be considered "associated"?
Some more tidbits...
Don't forget that Passport is a TRUSTe licensee. TRUSTe stands 100% behind their privacy statement, so you can really, really trust that All Your Bits Are Belong To Us. (The joke is that TRUSTe doesn't actually guarantee you any privacy. It supposedly guarantees that, if you can wade through the legal mumbo-jumbo, you'll find yourself being screwed in precisely the way that the lawyers tell you you're being screwed.)
Here's a directory of the sites that use Passport for single-sign-in or purchasing.
You read it here first. Slashdot predicted this eight months ago. "Microsoft Passport And Your Privacy," July 29, 2000: "...I'm sure Microsoft uses it as a user-tracking system more than anything else." Go read Joel's article, from eight months ago, in which he explains how Passport "eliminates the last line of defense protecting your privacy" and how Microsoft will "create a massive consumer information database."
An article in the Daily Aardvark points out that Netscape users have a hard time reading Passport Q&A.
Bryan Smith has a thoughtful rant about what this would mean for open-source software. Dual copyright? Hmmmm. Here's your link, Bryan: "Dual-copyright/licensing" of your IP withOUT your permission.
A RISKS submitter calls it "highway robbery."
Don't forget that Passport is the website for which Microsoft forgot to pay its $35 domain registration fee, back around Christmas '99. This is the company you want to entrust your passwords to?
And finally, All Your Bits may be hard to retrieve once they Belong To Us. jasonjwwilliams writes "After reading about the new Hailstorm.net initiative by Microsoft, and how once integrated with Passport.com, any communcations sent in conjuction with the service in any manner becomes the property of Microsoft, I asked Passport.com to remove me. The response: we don't do that, wait 12 months to be auto-removed. After three e-mails here's the bottom line I received:
"Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account."
"I don't know about anyone else, but I think this is a completely lame response and as far as I understand against the law. Anyone know who to get a hold of? This is arrogance gone too far."
Details here.
And yes, I did this a few years ago. It works.
--
WolfSkunks for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.keenspace.com";
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
So- you're finally suing Microsoft. You found they used GPLed code in something- or you're not GPL but they used your code anyway- or for that matter you're an ambulance chaser and you're just suing them because you think you can get a jury to think they stole your code. Whatever. Your argument is, "This == my code, that == Microsoft's product, thus == pay me lots of money for stealing my IP."
Here is the Microsoft defense's response:
"PROVE you did not ever transmit this code over a Passport property!"
Chew on that one for a while. And remember, these are the people who forged evidence in Jackson's court despite a blaze of publicity and sharp government lawyers! Now, what would they need to buttress their case that you had at some point sent the code/art/property through Passport? A server log, a user name, a password. Now, attend closely: WHOSE servers are these that they would need to find this evidence on? Of course they are.
This is a _damned_ impressive potential legal roadblock to suing Microsoft over IP, and it emphatically addresses the open source problem: basically, no matter who you are, Microsoft can use your code in proprietary software and _if_ you figure it out and sue them, it becomes your problem to prove that you have never used Passport and sent the code over it: and who owns the servers that would contain the evidence you'd done just that? One guess. The Microsoft lawyers now have a terrific defense against any such charges: they'll make you the defendant. If you insist you never used Passport- "Well, then, do these server logs imply that you used our service CRIMINALLY, violating our terms of service?".
The possibilities here are so evil and cunning that even I am impressed, and they don't usually impress me- but then they don't usually manage anything with this degree of subtlety either.
Just be warned. The "You must have used Passport" defense needs to be taken into consideration.
You know, I read the TOS too, and it's pretty clear that they're talking about forum posts and the like:
The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group collectively, ("Communication Services"), you agree to use the Communication Services only to post, send and receive messages and material that are proper and related to the particular Communication Service.
conspicuously absent from the list are communications between individuals.
One issue often overlooked in these things is the problem that plagues some publishers and causes them to reject unsolicited submissions: what the hell do you do when somebody hands you the outline for something very similar to a project you have under development? If you accept it, then you risk accusations later that you're a thief. ("Man, I said last year they oughta' put spellcheck into Explorer! Them bastards stole my idea!") Alternatively, if you simply state that you can use any ideas posted in the forum, then you've covered that possibility and maybe avoided a nuisance suit.
Now if the Reg had bothered to go to Hotmail itself, they might have found this:
It is Hotmail's policy to respect the privacy of its users. Therefore, Hotmail will not monitor, edit, or disclose the contents of a user's private communications unless required to do so by law or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal process served on Hotmail; (2) protect and defend the rights or property of Hotmail; or (3) act under exigent circumstances to protect the personal safety of its users or the public.
not ironclad, but probably as good as the ISP through whom they're being accessed.
Not true. The Hotmail user who recieved the mail is the one who agreed to the Hotmail TOS. The Linux developers never made any agreement with Hotmail. Thus, MS would have no grounds to appropriate IP belonging to the kernel developers. Even if the TOS gave them that right, the person who agreed to the TOS had no authority to grant them that right, anymore than I can sign a paper authorizing you to give away free copies of Windows.
Similarly, if a kernel-dev mail came from a Hotmail account, even under the craziest readings of the Hotmail TOS, the only IP which MS could appropriate is that belonging to person who sent it through Hotmail, not the entire kernel, because the sender doesn't own the rights to the entire kernel. Still, unraveling a mess like that could be ugly.
"Never let your sense of morals prevent you from doing what is right" -Salvor Hardin
While I do understand the implications of MS's move to own all our bases, the license everyone is so upset about specifically states, "personal and non-commerical use only". So, at worst, doesn't that mean MS will know I'm going to Cancun, my girlfriend's name is Sarah, and we aren't renting a car?
I guess my major disconnect here is I can't imagine anyone in their right mind trusting their company to an open service like this. It baffles me.
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
Anyone reading the plane English of this license cannot help but see that, very clearly, the end user is required to grant Microsoft any and every right to their ideas, their work, even their patents, just by processing their information through a piece of software which happens to use Passport as an authentication mechanism. This could, in the future, include any document written by Micosoft Word (using passport to authenticate the author or encrypt the file as a new feature, etc.), sent through a Microsoft mail server, or served from a Microsoft Web server.
Microsoft has a well documented history of stealing other peoples work (and getting sued for it, and being required by the court to make appropriate reparations to the aggrieved parties). This isnt about avoiding frivolous lawsuits, this is about legalizing a reprehensible tactic they already engage in: theft from their customers, their competitors, and anyone else whose idea they like.
There is, however, a silver lining to this dark cloud. Two states have already, very foolishly, passed UCITA legislation, giving this sort of EULA the force of law. One would hope the courts would overturn such an onerous condition, particularly in light of the fact that nearly every party to this agreement has no idea what theyve agreed to, but one cannot assume reason will always prevail.
If it doesnt, it wouldnt be too terribly difficult for the authors of Apache, sendmail, various USENET and chat servers, and so forth, to add a clause to their respective licenses reading something like this:
This would be a potent weapon indeed for the Free Software community to strike a possibly leathal blow to copyright and patent law, once and for all (until such a time as another court rethinks this kind of thing, or a law is passed making such onerous and unreasonable property grabs illegal). Much of the very infrastructure of the Internet is powered by free software of one sort or another. If the courts should uphold this kind of behavior, we as a Community are in a position to use it in liberating far more knowledge and intellectual property, doing the Copyright and Patent Barons far more damage (and correspondingly far more good for free science and free software) than they could ever do to us. We arent compelled to use their software, but if they are using the internet at all, they are almost certainly using ours.
The Future of Human Evolution: Autonomy
"All your top-secret spy plane are belong to us."
For great justice, take off every 'MiG'.
C-X C-S
Someone posted a message to the Linux Kernel Mailing List telling people not to use Hotmail for patches to the kernel.
It may be an overreaction, but it's probably still a good idea. It would be a messy court fight if it ever came to that.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
Well.. the original phrase is 'All your base are belong to us'... but of course, base was supposed to be plurall.. it should mean 'we have conquered all your bases!' or some such thing.
o rm statement, it should read 'all your bit are belong to us!'
SO in order for the title to fit with this mis-translated-yet-somehow-taking-the-world-by-st
I clicked on your URL. And actually, I was thankfully surprised. It didn't require that you already have a Microsoft Passport account in order to read the Terms of Use. Isn't that downright friendly of them?
Microsoft has been in the news a lot lately and in the past about whether the NSA has backdoors in windows code or not. They may not have a technical backdoor to your passwords, but it sure sounds like they have a legal one now.
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
When will this bullshit anti-Register stuff quit? The Reg came out with this story ages ago (see http://www.theregister.co.uk/content/4/18002.html) , even with the "All Your..." lead. This is nothing but a re-hash.
It happens so frequently. Interesting story on Slashdot, frighteningly similar to recent Reg story, sans any quote of the Reg or link to their story. In fact, Slashdot seems to _never_ post Reg links any more, and seems to enjoy taking shots at them (witness them being described as 'scare mongerers' during the CPRM debacle).
S'not cos El Reg gets better stories and funnier content is it? And while we're on the subject, what's up with not linking to BeSpot?? Huh???
"Elmo knows where you live!" - The Simpsons
Here's the most constructive way to deal with it.
Here is the way to protest this.
.Net initative is all about I will be watching very closely to see where it goes. I had thought that SOAP might be something very useful which would help to open them up a bit but after reading this license it's clear to me that all that .Net and Hailstorm are going to be is just another sad example of "embrace and extend".
1 04.htm#_new_copyright http://www.troubleshooters.com/tpromag/200104/2001 04.htm#_three_articles
A pril/011248.html
Copied below (because black text on black background doesn't work - at least in Konqueror)....
Microsoft should be feared and despised!
After taking the time to read the Microsoft Passport Web Site Terms of Use and Notices I have had a belly full of them. The potential damage they can do with this license is staggering. I encourage everyone to take the time to read it, particularly the section entitled "LICENSE TO MICROSOFT". If you've ever had any doubts about the nature of that company reading that section should put them to rest for good and all!
I don't know how many times I've heard Microsoft described as "evil" by Linux zealots and open source supporters (which I am both) and thought, "They're losing it... Microsoft is just a company!" but now I'm forced to agree with them. This license is heinous, and more, it's frightening because I know that some people won't read it and will lose the rights to their own data/content without knowing. Add that to the fact that the license is clearly attempting to gain the rights to *ALL CONTENT WHICH PASSES OVER ANY SERVICE THEY PROVIDE*. For example... this article could be copied by someone and sent to someone else who uses the hotmail email service. According to the license Microsoft would then own the rights to this article! Unbelieveable you say? Go read it and see for yourself.
Most of the time when confronted with things like this I may rage for a while but I usually conclude that there is little that I can do to cause the policy to change so why bother doing anything at all but not this time!
Effective with this posting the following blocks are in place against email inbound to MoonGroup.com or any of it's domains. If you truly understand what their license means you will do the same on your mail server.
msn.com 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
msn.net 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
microsoft.com 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
microsoft.net 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
hotmail.com 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
hotmail.net 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
As this is clearly a pre-cursor of what Microsoft's
I fear them for what they are doing! I despise them for doing it!
Good luck to all of us... we're going to need it!
Here are some related links:
The Register.COM article: http://www.theregister.co.uk/content/4/18002.html
Troubleshooters.COM new copyright and other articles: http://www.troubleshooters.com/cpyright.htm http://www.troubleshooters.com/tpromag/200104/200
LEAP Thread (first article in thread): http://lists.leap-cf.org/pipermail/leaplist/2001-
By Chuck Mead on Monday April 02 2001 @ 11:55PM EDT
Linux - Because Mommy taught me to Share.
All your base are belong to Slash!!!
Check out the TOS from the Open Source Development Network, the Slashdot parent owned by VA Linux. The TOS is available at http://www.osdn.com/terms.shtml.
Of particular interest would be the clause in Section 4 of the OSDN Terms of Service: "the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed"!
Slashdot owns my intellectual property! Oh, the horror!!
Sigh.
So what should we learn from this? We should learn to put our paranoia in check and consult a lawyer before we open our mouths.
This clause is in virtually every TOS for any web service and is designed to protect service providers from litigious jerks who do things like sue service providers because their web page appeared in a marketing brochure for the service provider or (even worse) litigious twits who do dumb things like claim "They've infringed upon my copyright because they're keeping a 'copy' of my work on their servers!!"
These standard clauses are NOT designed (nor would they legally allow) the service provider to claim legal ownership of the content in question.
This same old tired shit hit the fan a year ago when Yahoo bought Geocities and someone noticed a clause in the TOS (that had been probably been there before but just not gotten any press). See the Wired story, the Wired follow-up, and the obligatory Slashdot reference from last year.
Yahoo caved to the PR blitz and rampant public ignorance and slightly modified their TOS to make it more clear. Microsoft probably won't . . . simply because they're Microsoft and they don't need to.
Maybe the angry hordes ought to jump down OSDN/Slashdot's throat now, eh? I bet they could get OSDN to cave and change their TOS, right?
Or maybe they should just take a deep breath, get a grip, and wise up.
Sir, I would like to give you "props" for such a poignant and thought provoking post. I am about to re-read it, at which time I shall retire to my study to mull over your musings and perhaps come back and add my thoughts to your statements.
Kudos sir!
Remember it, write it down, take a picture, I dont give a fsck!
Boycott XP or be assimilated...
You don't have to use Hotmail or Passport to have MS own EVERYTHING you do. You just have to use Windows XP, which is claiming to be Microsoft's next "gotta have it" OS.
From the Microsoft White Paper on Hailstorm
So talk all you want about using other mail and password services, Micro$oft plans to own all XP users too!
Slashdot really does hate linking to The Register, even though they broke this story last week and have been credited in every other article about it I've seen. They even used the All your Base reference in their original story. There is no mention of any of that here at all.
Geez.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Not that I'd ever accuse a slashdot editor of plagiarism.
I don't use passport, and now I won't. I don't care if it helps me achieve something I need; I'll find a different way.
This has come up before--I've given up some online business because they required me to have a passport account; I've written the vendor and told them why I will not threaten my own privacy for any reason.
The best we can do is not to use these services, and intelligently evangelize more privacy-friendly alternatives.
SteveDirectly from Yahoo Mail's Terms of Service
With respect to Content you submit or make available for inclusion on publicly accessible areas of Yahoo! Clubs and Yahoo! Groups, the license to use, distribute, reproduce, modify, adapt, publicly perform and publicly display such Content on the Service solely for the purposes of providing and promoting the specific Yahoo! Club or Yahoo! Group to which such Content was submitted or made available. This license exists only for as long as you elect to continue to include such Content on the Service and will terminate at the time you remove or Yahoo removes such Content from the Service.
With respect to photos, graphics, audio or video you submit or make available for inclusion on publicly accessible area of the Service other than Yahoo! Clubs or Yahoo! Groups, the license to use, distribute, reproduce, modify, adapt, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available. This license exists only for as long as you elect to continue to include such Content on the Service and will terminate at the time you remove or Yahoo removes such Content from the Service.
With respect to Content other than photos, graphics, audio or video you submit or make available for inclusion on publicly accessible areas of the Service other than Yahoo! Clubs or Yahoo! Groups, the perpetual, irrevocable and fully sublicensable license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content (in whole or in part) and to incorporate such Content into other works in any format or medium now known or later developed.
- passion
If anyone is using Hotmail for serious, private e-mail, they deserve to be exploited.
question: is control controlled by its need to control?
answer: yes
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account
LOL. I hadn't thought of this excuse.
Look, due to security reasons I must backwards engineer your code. I can't explain it, but it's a part of my private genetic makeup. I'll be glad to supply you with my public genetic key, but, as you know, the private key must stay with me.
I must backwards engineer CSS.
I must hack BlueMatter.
I must attempt to thwart the latest SDMI watermarking scheme.
Rest assured (and this means you, Hilary, and you too, Jack Valenti -- even though, yeah, you're getting up there in years) that if I do not release my version of your encryption schemes, they will be deleted from my hard and from my memory banks. But, as you know, for security reasons, there's no way I can delete them manually. Nor is there any way that you -- Hilary or Jack or you spooks at the NSA -- can compel me to delete them sooner.
I'm sorry, but that's just the way it is. It's for security. You understand. I know you do.
"All your gene makeup are belong to us."
I don't even trust IE to hold on to my /. password! You never know when Bill Gates may want to hi-jack my account and burn my karma away by posting anti-Linux hate speech!
--
Wooden armaments to battle your imaginary foes!
Microsoft should probably put in etraordinarily clear armor plated language that this does not license them to theft of corporate secrets, not that this has never stopped them before.
That said, If it wasn't news last week, why is it news now?
(People moan about news items around here being old if they saw it twelve hours ago, but the age on this seems a little extreme)
Heck, it could have made a wonderful story for April Fools day, the one legit story that would have looked like a fake.
Check out the Vinny the Vampire comic strip
"It is a greater offense to steal men's labor, than their clothes"
This raising an interesting issue: What happens if a web browser fails to properly display a disclaimer (or other legal document)? For example, suppose the main site uses javascript to pop up the legalese. Further suppose that I browse the web with javascript disabled. So when I click on the link that says, "Click here to view limitations of the offer", am I able to interpret the lack of any limitations appearing on my screen as a complete lack of any limitations on the offer? What if I do have javascript enabled, but the text isn't displayed (or is displayed blank) due to an error in the web browser's interpretation of javascript?
Look, even the US Supreme Court avoids ruling on whether Americans have a right to privacy, so forget it - you have none on Hotmail.
....
In Canada, there's the Internet Privacy Act, which became law on 01/01/01, and which means that I, as a dual citizen of the US and Canada, have more rights by virtue of my Canadian citizenship than by my American birthright.
And in the EU they have more rights, but the EU won't sue the US companies that violate their citizens' rights to privacy.
All this shall pass
--- Will in Seattle - What are you doing to fight the War?
This adds fuel to the first of the Microsoft Antitrust appeal doesn't it?
So yeah, let's all talk about it, raise awareness and show what we think of their heavy-handed and likely unlawful approach to being more than commoncarrier service.
I wonder though... if they were to buy a big chunk of the internet, could they do the same thing? "If your traffic passes through our routers, we will sniff it and steal anything we like!"??
These people need to be stopped.
Chinese Prime Minister Jiang Zemin, avid Microsoft enthusiast and regular user of Microsoft Passport, was said to have been greatly angered by the recent uncovering of the oppressive Microsoft Passport license agreement. The official Xinhua news agency quoted him as saying, "All your top-secret spy plane are belong to us."
Despite what EULAs say, most software is sold, not licensed.
The story itself is really interesting, it is well-written, and it has a lot of interesting background information. It is thought-provoking, it provided me with information that actually does happen to be new to me (I missed the first story on this) and it should start some interesting discussion. Then it gets posted with the fifteen thousandth AYBABTU reference in the last week. That totally distracted me from the story itself by sheer irritation level alone.
The whole thing reminds me of the "WHAZZUP!!" commercials. It was funny once. Maybe even twice. Now I can't go into a sushi bar without a bunch of jerks getting drunk on sake and yelling "WASSSABI!!"
The AYBABTU thing is way past old. I almost expect to see it linger on in comments for the next six months, but it really doesn't need to keep coming up in the headlines. Especially not in the headlines of stories that are otherwise really interesting. That just makes it more irritating.
-Keslin, the naked nerd girl
-Keslin, the naked nerd girl