Slashdot Mirror
MS Passport Privacy Policy Revised
nilstar writes: "Cnet has a story here about how Microsoft will revamp its "draconian" privacy policy. Better yet.... how about we get a warning on the bottom of the IE6 window saying that this site's privacy policy is unnacceptable every time someone logs on to a passport site." Looks like it has already been changed.
Update 10AM EST by J :
Make sure to check out the
Wired story
too. Jason Catlett of Junkbusters nails it: "if Microsoft doesn't know what's in its own terms of service regarding personal information, then what hope do its customers have for the privacy of their own information?"
It is nice to see that things were changed. It gives me hope that one day most software won't be sold "AS-IS" and that maybe the people upstairs (CEOs not the big guy) are actually listening.
Stability - if I'm in a legal agreement with some site, and they have a need to change the agreement that applies to me/my property, I see it as absolutely necessary that I sign off on the new terms or they don't take effect. It can be as simple as a clickthrough, and it's fine if most people don't read their TOSes, but for those of us that do, it's not acceptable to enter an agreement in which you have to monitor the other party because they get to do any changes they want to the agreement, and you tacitly consent BLINDLY to these changes and are bound by them unless you not only devote effort to checking up on them, but are willing to read, understand and act on a legal document in typically a very short time period, days.
Microsoft is still behaving entirely unacceptably in this regard, in that they have you agreeing in advance to any changes they make. That's a really awful situation that is begging to be abused.
Examples? I can cite examples from mp3.com of what _could_ happen. They started a program called 'back the band' in which you got to write derogatory things on other musician's web pages at mp3.com, which caused no small amount of upset and resentment. The TOS gives mp3.com complete control over their own pages so there was really no recourse, it was just a nasty surprise. You still had control of your tunes and DAM CDs, though you didn't keep full rights. Well, some time after mp3.com went to the 'auto-consent' form of contract, they slipped by a few changes, duly announced on the site as they said they would do. Notably, one change gives mp3.com unlimited powers to change, edit, alter etc. your _music_. What could this mean in practice? Three words: Back The Tune. The change clears the way for mp3.com to legally begin doing auctions for people to place their mp3ed advertisements IN your songs or ON your own CDs- or for that matter, to do auctions for people to make loud farting noises and proclaim you suck, IN your songs or ON your own CDs.
That's hypothetical- but legally, it would be totally within their rights under the new contract- and anyone still sticking around five days after the contract went up is subject to it, whether or not they've been made aware that there are new rules. Some seemingly minor wording can have very major effects: when Back The Band started, it's possible that mp3.com did _not_ expect it to become a lot of people posting nasty remarks and attacks on people's band pages, and yet that became a major problem, as well as ploys like "(artist name) loves (advertised other page name)!" which openly lie- it's like writing on someone else's page, "If you like my stuff you should go listen to (other act)!"- the assumption is going to be that the artist is speaking. And again, under the new rules, the way is open for _audio_ advertisements and/or abusive sound clips placed _in_ the victim's artworks. And the reason that situation exists is because under the mp3.com rules, they don't have to get you to sign off on legal changes- if you had to actively consent to such a change, many people would rightly balk at it.
And of course Microsoft is reserving the right for _it_ to come up with changes without its customers' active consent- and I think that it, too, should be avoided for that reason.
Do you really believe Microsoft _wasn't_ completely aware of every detail of the legalese for the anchor-point of their new services which are getting their full attention?
Very cute. Don't tell me- implemented by IE 6 checking against a special feature on IIS servers, so that only NT and W2K sites get the 'OK' and everything Apache is 'oh no, unknown, scary!'
Only for a brief period until the bug is fixed, of COURSE... it's just an OVERSIGHT...
any third party without prior negotiations with
said party on such terms as are transacted. We
will not use information provided or transmitted
by you other than for pecuniary purposes.
Translation:
We won't sell your information unless we are
paid. We won't use it ourselves except for
financial gain.
I was going to toss in a part about impregnationg
your cat and "all your kittens are belong to us,"
but I'm in a hurry . . .
hawk
Actually...doesn't TRUSTe only guarantee that a company is doing exactly what they SAY they're doing? So even if a certain company is "TRUSTe certified" it only means that they're screwing you over in exactly the way that they say they are (in legalese, of course, which is intentionally so mind-bogglingly convoluted that only laywers generally understand it - a sufficient vocabulary and a knack for substitution helps - but ask the average Joe what they're actually saying, and he won't be able to tell)
There are almost always better routes to take than to use the government. Boycotts, consumer organizations, etc., prove much less harmful than law. Law always gets twisted away from its original meaning, screwing over the people it was designed to protect. Consumer organizations take much longer to get things done, but without the negative side of having laws about such things.
Engineering and the Ultimate
I have a feeling that this is mostly hotmail/MSN people, which uses Passport for authentication.
Engineering and the Ultimate
A feature to allow this -- and other, similar customization -- is in the works for a future release of the slashcode. I can't say exactly when, but we hear ya and it's on our list.
Jamie McCarthy
Jamie McCarthy
jamie.mccarthy.vg
Don't be too sure about that. Anybody sign up for Blockbuster's special movie rental program? (I can't remember what funky marketroid name they gave it - basically, every month they send you a small advertisement with a coupon for a free rental in it for $5/year, and you get an extra free rental for every so many paid rentals you have, etc.). I recently noticed the ads now have a tiny form (~ 2" x 3.5" or so) next to the coupon. On it is a notice, in tiny print, that says (to paraphrase) "If you don't notice, fill out, clip out, stuff it in an envelope, buy a stamp for it, and mail it to our marketing department with the 'I don't want more junkmail' box checked we're going to sell your info to our 'affiliates' so they can put you in their databases, too, and send you junkmail, too." I wonder how many people even notice that tiny form, and how few of them will feel like going through the effort involved in filling it out and sending it in. Looks like Blockbuster's counting on that and is now in the "mailing list" business as well....
The thing that really bugs me about it is that it's obviously an "opt-out" rather than an "opt-in" program, and they've done their best to make "opting out" a hassle while still being able to say "Hey, we TOLD them they could be left off of the list, it's their own fault if they didn't let us know..."
---
"They have strategic air commands, nuclear submarines, and John Wayne. We have this"
Hacker Public Radio is our Friend
Microsoft basically shot themselves in the PR foot and they deserve to get tweaked on this.
It was only two weeks ago that they announced the "Hailstorm" subscription services, centered around Passport, and then had to dodge the obvious question "Why should I trust my data to you guys?". It would have been alot easier if they weren't already claiming IP rights to data flowing through their system.
Speaking of TRUSTe, apparently IE 6 will include a little status bar icon showing if the site has a privacy policy. Not if the policy is at all acceptable or not, just if it is there. Of course all MS sites will show "Thumbs Up OK!", where visiting any normal site will produce "Oh No! Unknown! Scary!"
Not that this really makes any difference, it's just a small example in the psychological warfare involved in making the next generation of hosting services acceptable to the public. (Netscape did a similar thing with SSL and the overly big broken/unbroken key icon in versions 1-3). And when you get things like this instead of a 'Disable JavaScript' toolbar button, it just shows how the users aren't really driving the specs.
--
Business. Numbers. Money. People. Computer World.
Much though we love to hate Microsoft, there was no way that this kind of land grab was what was intended.
I suspect that some lawyer got overzealous when setting up the original legalese, and that MS has now realised what was actually up there.
_____
My Journal
Or is it MS is just too big? One of MS biggest successes is its ability to present itself as a Borgian entity with a collective consciousness capable of delivering a united front across hundreds of business units encompassing tens of thousands of employees.
I suspect that MS is reaching the point where the Gates/Ballmer micromanagement of MS and its public image is reaching a point where it doesn't work as well, and internal understanding among line management of the "MS Party Line" may be weakening.
Or perhaps the opposite, MS line management has only accepted the "Everything we do is legit" attitude and has forgotten how to act properly..
The poor judge, baliff, jury (if applicable) etc for having to be in the courtroom for this one.
Prisoner within your own Mind ...
.Xdefaults, these represent a world that conforms. If the universe shifts (enw OS/window manager/etc) you can relocate. Pity the poor user who is not given a choice, either through ignorance, deliberate obscurity or forced "upgrades".
This is starting to get a little ridiculous. When they fenced off the public commons and called it capitalism, nobody in government objected. When they started gathering private consumption data and called it direct personal marketing, the mainstream press didn't raise a fuss. Now that they want to hold hostage our personal preferences and thoughts, the independent watchdogs are letting companies set the agenda without a comment. Is this how it is going to be, letting AOL/Time, Yahoo, MSNBC define the global rules of participation in a media rich economy? Is this going to be a world like the Prisoner when you wake up one day and find that you are no more than a number (<sarcasm> please take a ticket and join the queue for service rep but if you don't have any money/talent/influence forget about it as we'll deliberately ignore you til you go away</>). At least hackers have a choice, they have the talent and/or incentive to create their own little digital caves.
Why is this a fundamental concern? We are the sum of our thoughts, our desires, our memories. As we use electronic systems to craft our interactive environment, we define ourselves. Whever an EMACS macro set, custom shell resource scripts or personalised
So what should be the principles of allowing an external third party have some control over our personal space? I would suggest at the minimum:
Transparency - any alterations in policies should be signalled and terms explained clearly. If there is to be retroactive alterations, at least state that up front instead of after the fact!
Reflectance - feedback mechanisms must adequately reflect the needs and expectations of the users. What are the dispute channels and resolution processes.
Op-out - there must be an clear exit choice such that you can transfer all user data with no discrimination or data corruption.
It is strange how software has shifted in the space of a decade from an ownership of the functionality to the suffurance to conformance to terms at convenience of the provider. The Prisoner might ahve full service in a model village, but what a mental limitation on eir horizon.
LL
140 million of those accounts are multiple accounts by one or two spammers. They just keep creating accounts and creating accounts and either using to send spam or to fill their lists of people who want to receive spam and then selling the lists as no bounce back lists. Besides do you really believe that any of the information in Hotmail's accounts is actually correct. It is just a warehouse for the spam of the world.
In all seriousness - is there any way Slashdot could add an optional filter to remove "funny" content for those of us who don't think the 1,001th iteration of "Microsoft bad!", Slashdotting references, Beowulf clustering references and the likes are "funny?"
I hate to come across as a prick, but it's kind of annoying when this is the class of response heading most every story one reads.
---
My opinions are mine.
You are saying what he is. They chose their words carefully because MS reserves the right to sell or use your information any way they want.
War is necrophilia.
I believe it's called the DMCA... (at least in America!)
This really doesn't affect the issue at all. The point is when your data is edited and stored on someone else's computer, you already cede many rights. Fine, for now they're making the terms and conditions a little better - but we still have to face the fact that companies will be able to update such licences (as they inevitably will do), and whilst there will no doubt be screams of complaint if they try to do this retroactively, people /will/ end up having to abandon their usual tools because the policy for use has changed. This is absolutely why you want to /own/ the software (or at least the licence) to use it, so that it continues to work as it always has (c.f. the Tivo article a couple of days ago) that way the worst that can happen is you start to lag behind - you're never going to find things that used to work don't anymore. Unfortunately, for Americans, is seems that the DMCA gives publishers the right to retroactively change how things work, or the licence you have for it, retroactively, whether you 'own' it or not!
It might be too late for microsoft. Many people have already sworn to never use hotmail again, and this change in policy doesn't seem to be affecting them. Clearly microsoft realizes that these draconian licensing terms were affecting business.
It's clear that privacy is not their primary concern. Abusing users and maximizing profit regardless of morality seem to take the cake.
So if a company uses less strict privacy policies they are legally able to do that (if it's morally right is another thing).
--
Never underestimate the relief of true separation of Religion and State.
If they change to something perfectly nice and friendly, all it means is that they will be good for at least as long as it takes to change the policy again.
Even if the new agreement is only binding if you continue to use the service (I forget how Hotmail phrases their "subject to change" clause), it would just be another case of waiting for customers to become dependent on the service then changing the terms. Some could reject the new terms to stopping service, others couldn't afford to.
My mom is not a Karma whore!
"if Microsoft doesn't know what's in its own terms of service regarding personal information, then what hope do its customers have for the privacy of their own information?"
What about a news site that unabashedly admits it doesn't fact check its articles completely and instead relies on other people to find their errors?
NO CARRIER
Oh, in that case...let me see. RIAA, Microsoft, lawyers, RIAA, Microsoft, lawyers, RIAA, Microsoft, lawyers, RIAA, Microsoft, lawyers. It is a tought decision, they're soooo similar, but I'd have to say -- definately -- lawyers.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
That's simple. The lawyers.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Well you can always turn Anime off through the user options. But I can't understand sometimes why a perfectly URL'ed and documented submission won't be accepted, and then this FUD crap makes the front page.
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
Now look at privacy policies like Microsoft's. Sure they've "fixed" it. But I note that they haven't removed this piece.
In other words. They can always put it back to what it was before, and they won't tell you, and you will have "consented" if you continue to use it after they change it. (I see they at least got rid of the statement that using the web site at all constituted agreement--that would have meant that the act of reading the text was considered agreement.)Web services are nothing more than subscription software sites. And privacy agreements can be "upgraded" at anytime. Show me one site that promises that their privacy agreement will never become less restrictive. And if you can, promise me that the agreement will survive a bankruptcy proceeding or even a sale of the company.
You have no privacy guarantees, on the web or off. In fact, it's worse off the web - see this Red Rock Eater Digest analysis of the new medical privacy rules, and then consider going to Defend Your Privacy and filling out the petition there.
But don't worry. Your video rental records are secure.
Now they can only use your material if you give them a suggestion to improve the service (or tell them that they suck, or even that they rule). You see, they'll only take your stuff if you try to help them out. I'm still not satisfied.
I can't be karma whoring - I've already hit 50!
SIG: HUP
Here it is: bullshit. They just let you use their sticker to say you actually HAVE a privacy policy. It's misleading and (honestly) used by companies to lure people into the whole false sense of security thing. TRUSTe has never actually reviewed privacy policies...
I can't be karma whoring - I've already hit 50!
SIG: HUP
Which is scarier? MS is not being truthful about this situation or MS doesn't bother to check it's ToS agreements before it debut's new services?
Keeping
They must have read the article on Slashdot the other day and freaked out. OH SHIT, SLASHDOT'S ON TO US!!! Now if we could only get the same results with their other business practices...
MS even with its revised TOS still is making a land grap.
If you communate with MS, even if you are paying them (work for hire) you lose control of your source.
per artical:
The new, much stricter agreement clarifies that Microsoft's right to use customer communications is only in the case of an exchange with the company.
If this was in place when Stacker was looking it being bought by MS, then Stacker would not have won that court case and we would not have seen DOS6.21 and DOS.22
"Has no plans" is not the same as "will not". Microsoft will never stop angling for exploitive control over weak minds. Exploiting the weak is the soul of free market economics and Bill Gates is the Bugs Bunny of capitalism.
"if Microsoft doesn't know what's in its own terms of service regarding personal information, then what hope do its customers have for the privacy of their own information?"
That makes me feel much safer. If MS doesn't bother reading their own materials, then they certainly won't read my stuff. Clearly, their Passport system is the best place to hide my confidential data.
-----
D. Fischer
ShoutingMan.com
MICROSOFT'S RIGHT TO USE FEEDBACK OR SUGGESTIONS YOU SUBMIT
By submitting any feedback or suggestions to Microsoft concerning the Passport Web Site or the Passport Service, you warrant and represent that you own or otherwise control the rights necessary to do so and you are granting Microsoft and its affiliated companies permission to:
Use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such feedback or suggestions; and
Sublicense to third parties the unrestricted right to exercise any of the foregoing rights granted with respect to the feedback or suggestions.
The foregoing grants shall include the right to exploit any proprietary rights in such feedback or suggestions, including but not limited to rights under copyright, trademark, service mark or patent laws under any relevant jurisdiction. No compensation will be paid with respect to Microsoft's use of the materials contained within such feedback or suggestions.
Microsoft is under no obligation to post or use any materials you may provide and may remove such materials at any time in Microsoft's sole discretion.
p . This privacy statement is controlling and overrides any conflicting language contained in these Terms of Use concerning use of such information.
This section is inapplicable to any personally identifiable information that you provide in connection with your registration for the Passport Service(s). For terms and conditions governing use of such information and for more information on how the Passport Service works, please refer to the Passport Privacy Statement at http://www.passport.com/Consumer/PrivacyPolicy.as
This section also is inapplicable to any documents, information, or other data that you upload, transmit or otherwise submit to or through any Passport-Enabled Properties. Please refer to the terms and conditions for such Passport-Enabled Properties to determine the rights of the web site or service provider to such documents, information and/or data.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Natural != (nontoxic || beneficial)
Just imagine the truckloads of mail destined for Redmond every day....
Just imagine the innundated mailrooms.
Just imagine thousands of people strugling to even so much as skim every letter regarding technical details with Microsoft products.
Yep, I think they would listen.
LedgerSMB: Open source Accounting/ERP
A lawyer friend of mine believes their privacy policy, in a stretch (and lawyers are very good at stretching things), Microsoft who "owns" the commications of its users (hotmail etc), is therefore responsible for them and their content. Therefore they are leaving themselves open to lawsuits for content composed and transmitted by users.
Rien n'est plus beau que le creux du 0.
There goes my plan to keep forwarding RIAA trademarks through my Hotmail account until Microsoft started claiming "rights" to them and the RIAA sued Billy boy and friends.
Hmmmm....RIAA vs. Microsoft. Who the hell do you root for?
The Register have posted a similar story to this. This "new revamped policy" is apparently based on TRUSTe which does not guarantee the privacy of your messages, just data about you.