Slashdot Mirror
EPIC Urges State AGs to Pursue Microsoft Passport
An anonymous submitter sent: "The Electronic Privacy Information Center has sent a letter to all state attorneys general urging them to pursue Microsoft Passport under state consumer protection laws."
From the letter: "Microsoft's failure to make public known security risks in Windows XP and Passport and provide a reasonable degree of control of personal information violates state law that prohibits unfair deceptive trade practices. In light of the FTC's reluctance to address this clear violation of Section 5 of the FTC Act even after the widely disclosed security flaws, we urge you to investigate the privacy and security risks of Microsoft Passport."
If that's deceptive, how about those ads claiming that Windows servers run unattended?
In addition to the unwarranted collection of consumer data, Microsoft offers no method to delete a Passport registration. Microsoft claims
that Passport gives users control of their personal information. However, the most basic aspect of control--the right to take back one's
personal information--is not accommodated by the Passport system.
Note that one can't delete his Slashdot account either. which could actually be the source of some trouble as if he suddenly changes his mind about whichever opinion or way to express it he has, there'd be a way to track his former behaviour if the account he opened was named like him and we know for sure how much we change over the time (maybe from the pro-patent to anti-patent or from the extremist to the moderate).
Though I dislike to add such disclaimer in my Slashdot post, I'd like to point out that I don't want this comment to be considered as a troll neither it is off-topic.
This is just a way to point out that we should ensure that noone may reproach us with the sam ethings that are being reproached to Microsoft or whoever else.
Back to the article, now: what sort of effect does such a letter have?
Trolling using another account since 2005.
Now I'd like to get out of the system, because I don't trust it to be secure, but because I've forgotten my password, I can't.
Go to the Passport site (http://www.passport.com) and look; there's no FAQ or other document that tells you how to cancel your account. Nor is there any e-mail address of anyone who might be able to help you do it manually.
So, when you hear Passport adoption statistics, subtract at least one. I've never used my Passport a second time, but can't get rid of it, after trying for weeks.
Let us now put this into the context of the passport scheme - the EPIC letter states "Microsoft has indicated that the company's goal is to have every Internet user possess a Passport account", which I deem a fair summary of the situation (although, ideally, everybody would also use a Hotmail account too). Trundle along to, say, http://www.passport.com and look! See how you can sign up with ease! Get it now! Calooh! Callay!
Now let us try to pull the same trick that was pulled on me, and that I have fortunately not seen on any well-organised mailing list outside of Redmond. Enter an e-mail address, any e-mail address (excepting MS-specific ones such as Hotmail) - even make one up that obviosuly doesn't exist, and then... Carry On! Yes! There's still no security! At least, I guess, an e-mail gets sent to the e-mail address asking you to verify it, but this seems to be purely for service embellishment:
Using the new obviously-fake account, I can save settings, edit my MSN etc etc much as I may or may not want to. That is not the issue. What we have here is clearly a case of theft of privacy - without even trying, anyone is able to sign up anybody else's e-mail account for a passport. Who knows what havoc this could/will cause! Not being particularly au fait with MSN, I have only circumspection, but Microsoft have an epic journey to go before they reach "Trustworthy Computing [tm]" if they fail to understand the basics of privacy and intrusion, as highlighted here.
To conclude, I say get out there, fight it from the other end - the end that consumers will understand. Sign up as many fake and real accounts as you like to demonstrate just how fallible the system is. I'm off to see if they prevent scripting...
You are born in 1998, your zip code is 82312, your gender is none of their buisness (and if they instist use a coin to decide). Nor is your race, religion, or the type of car you drive their buisness.
Reasons for the above: In the US only minors have privacy protection, so by putting down a birthdate of 1998 you are under those laws as far as they know. Your physical address is none of their buisness, unless you are buying something from them. (and so far I've never had a problem with the venders who I buy from though there are bad apples out there). Your gender, race, religion, etc is none of their buiseness, on the net nobody knows you are a dog! Refuse to answer, or anser randomly. Randomly means sometimes you give the right answer, because if you always gave the wrong answer that in itself would be a clue.
Remember invalid data that they have is less valiuable then not having data at all in many cases.
Regardless of whether Microsoft has been proven to abuse the power, there are laws which make it illegal to posess the ability to abuse the power. The idea comes from a legal term: "conflict of interest."
When a person offers a service to another person in the financial/legal/medical world they are acting as an agent on behalf of the customer. Legally, that arragement has an implied "fiduciary responsibility" to the customer. That means if someone gives you the key to their account and you do something they wouldn't have agreed to, you are wrong and subject to criminal and civil liability. In the case of finances, there are EXTRA laws that say you are not even allowed to ofer such services to people if you have an interest in ripping them off (like other competing customers).
Bill Gates comes from a long line of lawyers: his family is a lawyer family. He knows he can flout the law wherever there is grey area because he has the money to risk. If he manages to win some small legal challenge, he has stretched the law to allow more exploitation and the windfall revenue that goes with.
When you (the US) have a big dog, you put a pinch (or shock) collar on him, and you jerk it hard (or shock him) when he *starts* to get out of line. You can let up a little, but only when he has a compelling fear of disproportionate retribution. Corporations are less like people who deserve rights, and more like dangerous, powerful animals that must be attended to with preemptive stewardship. Emotions, values, and ethics are not present in the brains of reptiles or boardrooms.
--- Nothing clever here: move along now...
I bet that fellow who paid M$'s lapsed domain registration a few years ago on Passport.com is really kicking himself now!
(Spudley Strikes Again!)
It can be done. I managed to get my Passport Account cancelled. It was not easy, but here's how I did it.
Send e-mail to the following address requesting the removal of the passport account and the information associated with it:
passport@css.one.microsoft.com
Be sure to word it strongly or you may not get a response. I ended up getting to the point where I was using curse words and basically spamming this address. I also reported this incident to my local news media (who did nothing. surprise surprise) and informed Microsoft of this.
My big beef on this whole Passport thing was that I was signed up because I am Microsoft Certified. I NEVER requested it, I never checked a box saying I wanted information or anything else from them. So I paid $100 to take a test that allowed MS to harass me.
BTW once you have a response from the above e-mail you will get a number. Be sure to include it in every e-mail you send. Go to the MS support site and start spamming them as well. Eventually they will listen. At least they did for me.
A last note. It did take me a couple weeks to rid myself of the PASSPORT, so be patient and persistent.
Good luck!!!
If Darwin was right, you'd be dead by now.
The reason why no-one is going after AOL/TimeWarner is because they don't own 90+% of the desktop which they could use to leverage their other products.. this is all about not having a choice.. MSN is tightly integrated in XP. The browser is prominently on the desktop as is the MSN messenger software. Opening Outlook Express starts a signup session with Hotmail, etc. etc. etc... Creating a Passport account is almost done automatically if you do not know better then to use what MS prescribes.
Now, í'm not a MS basher in the way most people do.. i am however VERY concerned about their growing stranglehold on consumer choice. Ever so slightly people are lured into a total MS dominance...
Ah well.. i'll keep on dreaming of the old days...