Slashdot Mirror
XP, Phone Home
Randomeyes writes: "The Register reports that Windows XP has functionality built-in to the Search Companion module that allows Microsoft to log users internet searches. Information collected includes user IP address, search term and related information. A cookie is also set. 'TrustUnWorthy Computing' anyone?" Tanveer1979 writes: though, that "the bright side is that it doesn't send anything to internet, it only downloads files, and compares the files on your computer with the files on server. And I guess a little effort is needed for the malicious to program it to send your data to web."
I just saw it on my Microsoft Baseline Security Analyzer ©®(TM):
.NET ©®(TM).
View Security Report
Sort Order: Score (worst first)
Computer name: MYADSDOMAIN \WindozePeeCee
IP address: 225.-1.65535.1
Security Report Name: MYADSDOMAIN - WindozePeeCee (04-12-2002)
Scan date: 12/04/2002 12:00AM
Hotfix database version: v2.0.10^23+[1/(planks constant)]
Security assessment: Sever Risk (As usual)
Windows Scan Results
Vulnerabilities
Windows Hotfixes
1. Local Account Passwords are simple or Weak. Please change them to something overtly convoluted and difficult to remember. It wont matter anyway because the Active Directory Server©®(TM) you authenticate against is probably not patched.
2. IIS©®(TM) Installed. Please update to Apache 1.3.24 or 2.0.35
3. JRE 1.4 is installed. Wow. That's even more bloated than the first revision of
4. Auto-login is enabled. This is inherently dangerous because this OS has no inkling as to what multi-user means, for whatever reason, everyone is a su-doer.
5. Passwords are too short. This is weak because the domain controller isn't patched. If you are running Samba 2.2, please disregard this. We can't tell the difference.
6. File systems. They all appear to be running NTFS. Good (you should have two UPS for this. If its get corrupted, snicker.........)
7. Your Cell Phone, Palm Device, monitor, printer, hub, DSL router, joystick, speakers, KVM, other PCs, scanner and filing cabinet do not have Client Access Licenses.
8. Sent all info to Microsoft.
© 1999 - 2009 (We paid of the US DOJ until then, they only take kick in decade increments), All your rights are belong to us.
xenon baxter meowmix purina
they were so forgiving! It's sounded bad to me... but maybe I'm getting out of touch with what it's really doing.
If it contacts the interent on a local file search, then that's bad. If it contacts microsoft when I search the net, that's bad.
This "we can't identify you" stuff is a lie that should be well known by now. What they mean is "they don't have your name in the file, we would have to look that up".
Maybe someone can explain why half the article is about mentioning this doesn't matter?
-pyrrho
Isn't this just a cache
I mean, netscape keeps track of my bwrowsing history. MS Find keeps track of my last searches.
BASH keeps track of my last typed command.
Usually this comes in handy. Hell, I can probably code something that will post my BASH command history and my netscape browsing archive onto the net.
What's the news here?
If an experiment works, something has gone wrong.
I don't know, but every time I read yet another story about MS storing our behaviour patterns, I wonder...
Why do they want to know what we're doing???
Is my life particularly interesting? God help the poor lad who has to search through my personal searches...
+UT +MOHAA +GAMEBOY +ADVANCE +DREAMCAST +GTA3 +N64 +SUPERMARIO +GAMECUBE
(Note: no +XBOX)
Not a cookie!!! When will the injustices end???
When I use windows I run win98se(even though I still think it moniters you a little bit in IE) as I don't have to be paraniod about the ways it connects to the i-net, with XP there is time syncing, media player, and a whole load, so much somebody actauly created a program to disable as uch as that person could detect.
XP=Xerox Personal_Info
When I dual boot its always to linux, at least I don't have to worry to much about them tracking me without my permision.
Insert Witty Remark Here ===>____________________________
the bright side is that it doesn't send anything to internet
Doesn't sound so bad to me.
Donate background CPU time to fight cancer.
Maybe tweakui will be updated to make this behavior optional.
(Here is another link, because the MS page is down right now.)
In the USA, Internet access is usually a monthly subscription and that's it. No phone charges, no charge per minute, just a certain amount of bandwidth per dollar spent.
In Europe, some people have now got access to 2 types of "free" Internet (neither is free).
Which brings me to my point. If Internet connections are configured in such a way (as often they are) that the connection happens transparently because the username and password are stored, then people are going to pay call charges to search their local disk. If they don't realise this (especially in the case of ISDN connections) then they may run up quite a bill when they do an extensive search every time they lose a file.
I don't like this Internet-integration with the desktop in the OS. Sure, if I want it to happen, I can download some software helper. No doubt by hacking the registry or something equally scary for any novice user, you may be able to switch this off. But it reeks of abuse of my phone line.
It's interesting, no, that Microsoft do not necessarily take account of the European market when it comes to actual Internet access. Sure, they do multi language support but what about this particular Internet case?
I have clients who have been caught with huge bills due to shit like this before. Like transparent connections happening when they are not surfing when connected to an ISDN router which connects when any packet that is non-local causes a router to connect. I know that this can (and is) fixed on the router with better access lists, but the packets themselves come from crappy Microsoft things like MSN Messenger trying to auto-connect at boot and various SMB packets.
It's time that the Internet was a separate part of the desktop. Plenty of people embrace the Internet, but many others will not, especially in countries where it is still expensive just to stay online an hour costs me $2. That's right, a crappy 33.6K connection costs me $2 due solely to phone connection charges.
Conversion Rate Optimisation French / English consultant
...I run Windows 2000 Professional. XP is too flowery for me...
Obviously this isn't surprising. You have information Microsoft could possibly sell, and it is certainly information they can use. Of course they're gonna try to get it, and try to keep it quiet. This is happening more and more often, and it's everyone, not just Microsoft.
:)
I do use XP, mostly as a gaming platform, but I use Mozilla, and when I'm not playing games often I am running Linux on the same box. This doesn't have me worried one bit. Some people are gonna get all in a twist about this, but this is just a small step towards the ultimate goal: human batteries.
This does make me wonder, however, since Microsoft is causing bandwidth to be used on my network for activities I have not expressly envoked, can I charge them for use of my connection?
I say, charge them for use of my bandwidth. They won't get it free out of me. I just wonder where do I send my bill..
The individual search engines have been able to collect this data for years, of course. But this covers all the search engines toge. And most of us don't trust Microsoft as much as we trust Google.
wouldn't it look and read so much better if that was changed to: 'UnTrustWorthy Computing'
just a suggestion. i'm not sure that 'TrustUnWorthy Computing' means anything like what Randomeyes thinks it means.
Ever heard the idea that if you throw enough "crap" at a wall something is going to stick. With all these companies suddenly forgetting how to treat their customers, it takes a lot of action by informed people to oppose things like this.
I fear that we risk spreading ourselfs thin in the upcoming onslaught of unreasonable software, privacy policies.
Chicago2600.net more than a lifestyle, its a survival trait.
I wonder when we'll se the first spyware to take advantage of this "feature" by intercepting the calls it makes and transmitting the search terms to some ad company.
:(
These days it seems like spyware can do anything they wish without breaking any privacy laws.
You might say that a search on filenames aren't too useful, but it could reveal a lot by judging from full length document names, game names, etc, etc to reveal one's interests.
But I guess I shouldn't complain, since these transmissions probably give you a "richer searching eXPerience"...
Bah.. I'll just continue using Windows Commander's search.
Beware: In C++, your friends can see your privates!
This is stupid. Why are people being so paranoid? Of course a search engine needs to know what you're searching on! You reckon Google doesn't log what you searched on? Or your IP? Of course it does... Stats are valuable - even if you don't sell them to anyone. The Register is known for spamming it's own front page with poorly written "non-event" news stories written by poorly informed editors feasting on hype from other news sites.
I'm disappointed in any slashdot editor who thinks we need these stupid articles pointed out to us.
Nick...
It states very clearly that it only attempts to download certain files when searching on the local machine / LAN / ... and DOES send information to a *.microsoft.com server when searching on the internet through the utility.
----
--
[insert witty one-liner here for your own pleasure]
If you've deluded yourself into thinking that changing the behaviour of their search feature would make a difference, consider this: Microsoft is just as capable of being the aforementioned script kiddy as anyone else is.
Until MS fixes the underlying security problems in their OS, anyone who uses it is implicity acknowledging that they don't care about their privacy. If someone really wants to protect their privacy, they'll put in the small amount of additional effort required to run on a system which doesn't leak their data like a sieve.
-----
I tried an internal modem, but it hurt when I walked.
Did anyone here stop to think that maybe the following is true:
;)
There is a malicious group of programmers inside Microsoft that add code to the things like search-assistant(or whatever its called since i don't use it) and other products that explicitly do things that are BAD .
Microsoft probably doesn't even know the group exists! Come on Would microsoft really want anyone's personal information or surfing habits? This is obvioulsy the work of some malicious koders!!!
Well that or collusion with the DOJ in exchange for dropping the lawsuit they put this feature and send IP's to the DOJ of anyone searching for kiddie porn
Burn my karma!! haha i thought it was funny!!
To which I'd add, it also shows a problem with the culture in the organisation that makes the stuff. It's not so much arrogance, but something more akin to carelessness: an inability to appreciate that other people - including some of your customers - may have different criteria and preferences than yours. I personally doubt whether the people who developed this even thought to ask themselves whether this behaviour would be considered reasonable, nor that it was ever considered in any formal reviews that may have taken place. And it's far from the first time that I've got that impression about MS: their use of that reserved field in the Kerboros protocol feels similar: not so much malicious as just a failure to know and appreciate the etiquette that had grown up in an area that they were entering for the first time.
There's a reason we keep 800lb gorillas in cages...
True, but the difference here is that it a local search cause info to be sent/received to Microsoft.
/. confusing, since it made it sound like it was an Internet search that caused the info to be sent. According to the register, it's a local search that transmits info and attempt to connect if you aren't already connected.
You can't compare an Internet Search with a local hard drive search here...
I also found the news post on
Beware: In C++, your friends can see your privates!
I don't have an XP box handy, but I'd like to see what happens if you change add sa.windows.com to the host file and make it point to 127.0.0.1. Or to some other server. It would be nice to be able to send other files then the ones MS wants you to get...
irony? as i read this the banner ad the top is for OSDN's GEOTARGETING (targeted advertising)
;)
*cough*
i wonder where they get/got the info
*cough*
** The preceding was not a troll, all opinions expressed are the authors which may contain forward looking statements and all of which is entirely speculation
whoose stupid ? the guy was doing local file searches and not on the internet. so why should his search data go to M$ ?
My mom never taught me to sign.
No sorry, you're not quite right here; The Register says that a local search only results in the search agent doing a quick version check on some XSL files - it doesn't send your search terms. Hardly an invasion of privacy.
It's only when you do an internet search that it sends your search terms.
It even says "For now it appears that there's nothing here for users to worry about." - and this is The Register talking!
When you do an internet search, it sends your search terms (so it can do the search!). This is hardly an invasion of privacy... If you really want privacy - don't connect your computer to a public network.
Nick...
Its high time something is done about this bullshit. Well I rang up my local microsoft office and abused them left right and cent. That gave me a lt of satisfaction and happiness :-). And I" guess all the people who use XP are also going to do the same :-)
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
> whoose stupid ? the guy was doing local file
> searches and not on the internet. so why
> should his search data go to M$ ?
The article specifically says that local searches *do not* send your search terms to microsoft and that "there's nothing here for users to worry about".
You can't just make stuff up!
Read the fucking article. A local search doesn't transmit any info about the search, it only checks to make sure that the XSL files that the Search Assistant uses are up to date.
It doesn't. Read the fucking article, you twat.
Somehow I don't believe Microsoft is not logging IPs any more. Why didn't they change the privacy statement and why didn't they update the program after beta testing???
Doesn't sound so bad to me.
Then, read on. It does not send anything back for local searches. But it sure does for searches on the Internet.
Say no to software patents.
How exactly? Any time you do anything over HTTP, you can pretty much assume that it's going to be logged.
autopr0n is like, down and stuff.
These sorts of "MS is spying on us" articles are
nothing new and to be honest everyone knows what
the answer is if you don't like it - don't use
a Windows OS. There is Linux and 3 versions of BSD
to choose from and for the fluffies who can't handle
them you can use MacOS (old or new).
MS will continue to do this because
A) Its not illegal and probably never will be
B) 99% of users are to computer illiterate to know
what their computer is doing or simply don't care
When MS makes Office an online subscription system
they'll be downloading far more than just your
IP address and search text so if you don't like
the MS vision of the future GET OUT NOW! You have
a parachute , its called Open Source.
Ah Microsoft stop the secrecy.
The actual act of aggregating search engine data itself it not particularly bad, its just the way the have to keep all this stuff secret, even if they're doing something innocent, they make it look sinister and because of their history it looks pretty bad, whatever the real reason for doing this.
For marketing reasons, I can see it being useful information to a lot of companies, if they are strictly aggregating data as they say.
Is this for use on MSN etal, as obviously to sell keywords they need to know generally what words are the most popular, and they can't do that without aggregating data about people search preferances.
Is this any different to say googles toolbar, Ok before I get flamed I know google do it right and gather info on an opt-in basis, but all search engines want to know information about our browsing habits, thy've got to make money some how.
Microsoft don't seem to be doing anything really bad here, its just like their software the problem is with the implementation, if they only made it absolutely explict they were doing this it would not be a problem.
Microsoft you build in cookie management to IE and then build in 'freatures' like this without any opt-out, you're just asking for bad publicity here. Guess it must be the pointy haired marketdroids at work.
At what point do intrusions of privacy like this become illegal? Granted, this was probably in the EULA.
Just because some clueless git is bound to answer autopr0n's question with, "Yeah, but you don't assume that your *local* searches will be logged," please allow me to say:
Read the fucking article. No information about local searches is transmitted.
This is a very dubious action of Microsoft. They presume there is a difference between the internet and the LAN, and for starters I am not so sure whether that difference actually exists in all cases. Furthermore, I doubt whether they can actually make that difference even if it exists. Take for example how I search the intranet at Uni. /16 networks exclusively for our Uni. I search the network of my University using an internet search engine which has some affiliate program to work for our Uni.
I usually just hook up to the intranet at Uni with my laptop. But the intranet consists of an indisquishable part of internet, 3 separate
Can anybody enlighten me as to whether the search in Windows XP would phone home my search strings? I am quite happy not using XP at the moment, and news like this makes me think that not upgrading was the right decision.
When I first saw the title I thought
"Ok it will phone home, that means that soon we will get rid of it"
1 Microsoft Way
Redmond, WA
-- -- Warning. Do not stare directly at the sun.
Would you all kindly read the damn article before you start your ranting.
It all boils down to the fact that when you use the file search tool, it connects you to the internet and downloads a privacy policy type of file.
That's it, the end. Period.
When you are on the internet and perform a web search through XP, they log what you searched for... Even google does this for purposes of finding the most popular sites, and creating a table of the most popular searches and all that. This subject is not only trivial, but misleading in the context of the article... They quickly switch from talking about an offline file search which downloads a single text file when you first use it, to a completely different subject of a search tool recording what you searched for.
Of course, the ironic thing being that this web search tracking is no worse than the Netscape 6 tracking discussed a short while ago.
And if you haven't heard it enough so far, local file searches download a single damn file when you first use it. May seem a stupid thing to do, but it's not phoning home, it's not tracking your habbits, etc.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Ha! Trade one spyware for another? Can't you see that Opera slows down your net connection to download intrusive ads, allows Cydoor to collect profiles of you (albeit voluntarily), and doesn't even release the source? I'll stay with Mozilla, one browser that has nearly all the features Opera has, and is more configurable.
why won't microsoft die?! please make it go away! nobody needs microsoft and the sight of Mr. B makes me want to puke! FOR THE LOVE OF GOD, DIE MICROSOFT! DIE!!
The EULA probably has something about this, in legalese. For you to get any money out of Microsoft like this, you'd have to challenge the EULA in courts first.
Can I get an eye poke?
Dog House Forum
Those are some VERY nice searches. Kudos to you!
You bought their software (Windows XP) and you accepted their EULA. I dont think you have much money to collect from Microsoft, sorry.
my 2 cents
Probable impossibilities are to be preferred to improbable possibilities.
Aristotele
Why do people persist in buying Microsoft products?
A leopard doesn't change its spots.
Just say NO to Microsoft. Just walk away.
Use Linux, buy a Mac, whatever.
Imo anyone who continues to use Microsoft products
has no reason to whine about what MS does.
Bunch of friggin spoiled gamers, is all you are.
So you can't play all the latest games? So what?
Grow up and get a life. Dweebs!
Moto Man
Sadly the two posters above me haven't read the article properly.
8 359 for a good comment on that subject.
True, when searching local files and intranet, nothing about that search is sent to Microsoft.
Now, I haven't used XP, so I don't know how the Search Assistant works, but apparently you can tell it NOT to use MSN for searches, but something like Google. I don't mind Google collecting info about my searches, but I do mind when Microsoft collects info about my searches on Google - that's simply none of their business.
As a poster above me mentioned, many people in Europe have to pay for the call-time they use when surfing. Why should they have to pay a minimum of 5 cents to their ISP, just to search their own harddrive? I can't think of a single good reason for that.
Read this post: http://slashdot.org/comments.pl?sid=30967&cid=332
The privacy statement for Search Assistant has the following provisions, which is what I base some of my arguments on:
http://sa.windows.com/privacy/
"No information is ever collected by Search Companion when you search your local system, LAN, or intranet for any reason."
"When you search the Internet using the Search Companion, the following information is collected regarding your use of the service: your IP address, the text of your Internet search query, grammatical information about the query, the list of tasks which the Search Companion Web service recommends, and any tasks you select from the recommendation list."
"Search Companion does not record your choice of Internet search engine, and does not collect or request any personal or demographic information. Information collected by the Search Companion cannot be used to identify you individually, and is never used in conjunction with other data sources that may contain personal data."
Now, like I said, I don't use XP, I don't know how Search Assistant works, and I probably wouldn't even use it, but it's still a bad thing to do for two reasons:
1) Making people pay their ISP/phone company to search their local harddrives.
2) IF I can make Search Assistant use another search engine (like Google), it's none of Microsofts business what I search for. If I can't use another search engine, then obviously Microsoft has to know what I'm searching for.
We do not live in the 21st century. We live in the 20 second century.
A lot of websites use a feedback system where users report whether they're satisfied with the results of a specific search. Couldn't this be the case?
The only objectives in this case I could think of, would be the fact that the action is not performed by a user his/herself and the fact that this could be the first step to incorporation of worse 'feedback'-systems.
You do not exist. Go away.
...which you can read here.
The interesting thing about this story is that it highlights the fact that nobody actually reads the MS EULA or Privacy Statements. Instead we need to wait for a journalist to make the "shock discovery" months later.
Ok, does this mean if we write a script that searches for over-255-character-filenames and leave it running over night, we can crash some MS servers?
Shame on you! If are really consistent with your views, and you are not a simple Microsoft basher, bring up real issues which worths to discuss.
Microsoft is logging your internet, but it doesn't send anything to internet, but some malicious program may send it, but that malicious program may not send your Bookmarks, or somethingelse, maybe there is no such a malicious program at all, but maybe there is. What's this? Are you basing your claims against a company based on assumptions, future predictions without any logical base?
actually googles toolbar is classified as spyware by the latest Adaware
why ? probably because its doing one thing while telling you its doing something else
YOU are the product
I personally will try to find out what is the file's name where it saves the search information. :P :P
Then i will open that File and put there something big like 2 gigs of information
University connection is free so there are no costs for me
Wouldn't a good personal firewall, configured properly, stop any app contacting their mothership?
Patriotism is a virtue of the vicious
If you were doing a search on the Internet you would be connecting to your ISP anyway, and seeing as data is only sent when performing an Internet search, this point is redundant.
The Data Protection Act (in the European Union) regulates how organisations who have data about me can use it i.e. they can't unless I say so.
Does accepting the XP EULA (in the EU) now include signing my data away to Microsoft under the Data Protection Act (something US citizens should be jealous of)?
1: Such info gathering would make it a lot easier for MS to know what people search for and possibly deploy their own 'Google' style search engine. -- A possible revenue stream if the whole .NET panacea doesn't work out financially.
2: Who's to say that once this 'blows over' as a privacy/security issue in the press, the process is re-incarnated as a more invasive version (e.g.: pass back LAN and local filesystem searches, flag users searching for 'warez', send passport account IDs with each transaction, etc.) Such a change could be effectively hidden in a 'security patch' with some vague legalese hidden 19 pages into the supplementary EULA to make it officially 'legal'.
Just my $.02
"But actually trying to use m4 as a general-purpose langage would be deeply perverse" --ESR
Does it really take much of a stretch of imagination to come up with a better mockery than "TrustUnWorthy"? It's not even a word! :-)
How many times have we heard this.
Microsoft product X sends information Y uniquely identifying you. But its only a little piece of information of no significance.
Then Microsoft product Z sends information W uniquely identifying you. But its only a little piece of information of no significance.
All of these pieces fit together. They're all pieces of a jigsaw.
You can indeed configure it to send your search to Google or whatever.
However it still sends your search query to Microsoft regardless of who you choose to do the actual search.
It also sends a unique ID used to match that search to the person doing it.
Tanveer1979 said it doesn't send anything to M$ server. Yeap, it doesn't do that immediately, but once you do a search on the internet, it sends the data it has collected. A bit more patience and studying would be nice before you make statements about something you have absolutely no clue about.
Bah, it's just more idiots burning money on a slightly refined version of the .com business plan:
Who is it that keeps telling us that demographics information is valuable? Marketeers. Nuff said.
If you were blocking sigs, you wouldn't have to read this.
haha you mean Opera the profiling software with a built in browser ?
Right here
and you thought you where being clever ?
stupidity knows no bounds
hahahaha
Well, duh, butthead...
That is the whole point: all those linux advocates, open source crusaders that moan about the page widening are (l)using Internet Explorer.
Netscape 4.7x and 6.2, Mozilla don't widen.
I "loose" egh ?
try paying attention in english classes dickwad
its "lose" , now iam going to loosen my bowels over your face
loser
I'm tired of repeating again and again the same answer, but here it is.
*** Don't use Microsoft products. ***
Or, better, don't use closed source at all.
Since there's no way to keep hidden spyware routines in open source programs, why the hell people continue using untrusted software from untrusted companies when security is an issue?
Probably.
But what happens, if it Search Assistant can't connect to Microsoft? Does it refuse to work, like many of Microsoft's other apps does in XP, if you remove Internet Explorer?
We do not live in the 21st century. We live in the 20 second century.
It doesn't send any information about you.
Instead, it only tries to download a harmless text file named "ThisUserIsLookingFor_Warez_MP3s_Porn_Etc.xml"
For those who don't know, Thomas C. Greene is the Register's equivelant of Jon Katz. His job is basically to find things to be angry about, and he does that very well indeed. He has just enough technical savvy to appear credible (think Steve!!! Gibson!!!!!), but that doesn't actually give him any deep cosmic insights.
If you were blocking sigs, you wouldn't have to read this.
Im a UK citizen, and under the Data Protection Act (1984) any company, PLC, sole trader or otherwise is required to comply with the DPA.
Part of this act entitles me to phone Microsoft and ask then to enumerate every byte of information they hold on me within a reasonable time period for a fee of no more than £10.
They are also required to have my explicit permission to store any data about me.
Intersting to note they would be breaking various laws by storing data of any form on minors.
Faggots.
This post does not add anything:
-he says no more personal info is available with this, and how: some babling about script kiddies.
-He is against MS, but fails to tell why.
-What underlying security problem?
By not mentioning the security problems he follows the MS policy of not revealing bugs until a fix is available. 8-}
Interesting article ... just installed XP on a computer at home. I've looked around for any way to disable that Search Assistant's behaviour with no luck.
I guess the quickest way in dealing this, is to block the domain on your firewall. It's probably the fifth or sixth domain I've had to add to the FW at home due to some app wanting to phone home.
At work we discovered that the Inktomi search engine was trying to e-mail itself some info about our company searches. Inktomi claims that that the program only sends information about the top-level domain queries? Has anyone else seen this?
POKE 53281,1 POKE 53280,0
... CIA / FBI etc ? Sounds like it to me.
> You can't just make stuff up!
Hi there. Welcome to Slashdot...
If you set up Outlook Express to access a Hotmail account, it checks for messages, even when you're not logged in. The login screen shows the number of waiting messages. I don't really use my Hotmail account (just use it for spam bait when I need to give an e-mail address). So, when I boot up my system, the login screen shows the number of waiting messages.
Pretty spooky to have your system checking mail for you even before you've asked it to, and displaying the results ON THE LOGIN SCREEN for the whole world to see. It's a pretty minimal information leak, but still, it shouldn't be happening. I've found no way to turn it off, at least none that actually work.
Win XP is basically Win2000 with an AOL interface. At my next 6-month reinstall, I'm going back.
Don't get paranoid d00d! Agencies have nothing to do with this. This is not an anti-terrorist act.
Hey, it only downloads a file, so let's stop thinking now. There are some things bothering me here though, but maybe you can help me with it, so i can soon embrace blissfull ignorance again:
Do the other downloaded files alter the system behaviour in any way? They're providing information connecting file-extensions to file-types at least, and that might have some impact on a windows system. And if they don't do anything at all, why download them? Maybe i'm using a special app with uncommon file-extensions and took some pains upon me to make the system recognize them. Will that work be undone with every search query?
Then "downloading" is not a onesided action. To download a file i have to establish an internet connection, and in that process all kind of information is transmitted, not just the ip. I don't think someone concerned with network security of some larger corporation would be too happy about all their desktop machines sending out packets announcing their ip, the number of hops to them and the type of their operating system beyond the firewall to a specific location without need. Also why should anyone trust Microsoft not to collect all that ip-addresses to compile a nice list of windows-XP installations, maybe to set up a BSA-raid?
And finally: Why do such a "stupid thing" as downloading a privacy statement for an action that can be performed locally? Just to get some load on Microsofts server? Microsoft is paying for that bandwith, so why put extra load on it? Well, maybe someday in the future Microsoft will quietly decide to change their privacy policy and start collecting information about your local/intranet searches. But there's no need for you to know that. Only your Operating System needs to know.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
I read the whole thread and I was between being afraid and going "booo-haahaha". I am glad that I totally abandoned MSWin years ago, except for gaming unconnectedly. But to see consumers discussing, how irrelevant their CV, homework, private info and their porn is to a software firm that's evolving to a multiple services and content provider, that's ridiculous. If I were MS, I would collect everything about anyone, process and sell it. I think this is MS's future, since I heard they will be giving up the OS business soon. (Must have been dreaming...)
I always wondered what that System Volume Information folder is with windows 2000...
By default you cannot access it, but if you take ownership of it, you will see inside it, a file called tracking.txt or similar. It has werido data in it, but some of the data is clear text, like your computer's name, for example.
i would love to see some marketing budgets at a few large corporations. sure they're a fruty mac using department, but they get lots of $$ from the company, and somehow they're able to prove their worth. demographic type information shows it's worth.
sales and marketing are number games. the more numbers you have the better you play the game.
for instance , you're not supposed to connect to the remote assistance feature using VNC. M$ also reserve the right to inspect the contents of your hard drive and disable unlicensed software (also on behalf of other firms). There is a whole host of this in the EULA which is why I won't use XP for home use and limit what I'm prepared to use XP and .NET for at work.
Netstat your machine every once in a while and check out what state various ports are in (i do it habitually)
perl -MIO::Socket -e 'IO::Socket::INET-new(PeerAddr="some.windoze.box:1
Everytime some little, isty bitsy, not even fully investigated thing about Microsoft comes out, the Slashdot community immeadeately bashes it. Sure Microsft has done some bad things, but this hardly qualifies as something to worry about. If they want to know I do searches on their stuff, Linux, Digital Cameras and things like that then so what! It's not like I am handing them my credit card! Also, this probably qualifies as something for those slippery slope folks to panic about too. Yeah, it's interesting, but who said you have to use the search button in thier browser?? Can't you just use google?
Gorkman
You bought their software (Windows XP) and you accepted their EULA. I dont think you have much money to collect from Microsoft, sorry.
Has anyone challenged the EULA as an adhesion contract?
I explicitly authorised google when i installed the google toolbar. I don't have XP, yet i wouldn't authorise it if i did have it. Big difference.
Of course an Internet search would be sent over the internet, duh....
The question is, why if I search with Google, or Yahoo, is Microsoft getting a record of who I am and what I'm searching for?
(And for those of you out there that think all microsoft is doing is dling files when you do a LOCAL search, isn't that what WEB BUGS in html email do????)
Just my $0.02 (Canadian, before taxes)
IANAL, however this probably illegal under UK (& EU) Law.
In the UK we have the Data Protection Act, which states that a Company may not share personal data with others, without the Data Subjects permission. They may not send Personal Data abroad, unless the data is equally protected 'abroad'.
http://www.hmso.gov.uk/acts/acts1998/19980029.h
The Data Protection Act comes from EU treaty obligations so similar laws exist throughout the EU.
http://europa.eu.int/comm/internal_market/en/me
We need a UK XP licensee to complain the the Data Protection Registra, I not a XP user so I'm not in a position to complain.
http://www.dataprotection.gov.uk/
Do like the advice always is in the "restrictive employment contract" /. articles - print out the EULA, cross out bits, add your own bits, initial, sign, and date, and mail off to Microsoft (maybe also get it notarized, and use registered mail with a return receipt). Their original EULA (contract) didn't leave you room to negotiate, so I don't think it's unreasonable for you to send them something similar in return.
This would be a fun experiment for someone with some time on their hands and some sheer bloody-mindedness to try :)
Your right to not believe: Americans United for Separation of Church and
Sending your search terms to a third party is clearly a security violation. For instance, Microsoft may be gathering information on which terms the Justice department is searching on. Given that the packets are not secure a third party could also gather information on which terms any government agency is searching on with a packet sniffer. Then with this information the return packets can be selected. Homeland security needs to be notified about this. The Justice department needs to be notified about this. DOD, State department. Heck, windows XP should be banned from any department with a security level higher than FOUO. Which as far as I am concerned is every part of Government.
Regardless of whether it's done in the OS or in their search engine or whatnot, the very idea of associating searches with particular individuals (or even particular computers) is a dangerous one. For example, what would happen if you decided to search for "metallica mp3" ? Don't you think it's entirely possible for Lars to demand access to those logs, and use entries like that as "probable cause" to raid your home or business for pirated music?
Scary indeed.
Tired of FB/Google censorship? Visit UNCENSORED!
what is the problem? google does the same thing? MS does not collect any personally identifiable information, unless your name and your ip address just happen to be the same.
Does anybody make a list of all the domains and/or server addresses I need to block, and the reason why for each, to keep Windows 2000 or XP from "phoning home"?
> 2) IF I can make Search Assistant
> use another search engine (like Google),
If you want to search google, just go to www.google.com, PERIOD
> it's none of Microsofts business what
> I search for.
Of course it is, how the search script is going to redirect your search to google? All searches are redirected to Microsoft website so any changes in the search engines list (like google changing file paths) will not require patches or modifications on your Windows installation.
Pish tosh. Established companies spend a fixed proportion of their revenues on marketing. There's no justification required, it's simply one of those things that you do if you want to attract corporate investors. Too much or too little, and you look different and are a bad risk. I know this for a bare naked fact, as my own company is about to lay off half of the marketing department due to a sales slump. The ironic part is that we've just completed a kick ass product, and we actually need marketing droid to pimp it to customers, but we also need short term investment, and we are simply spending too much on marketing to attract any.
There's no logic to it, no connection between marketing and sales: our sales drop was because we had a crap product, not bad marketing, and now we have a great product but a bad reputation and a desparate need of marketing. There's no rhyme or reason to marketing, just complying with industry standards.
If you were blocking sigs, you wouldn't have to read this.
All I wanted was a spinning cube.
I think you mean:
'AntiTrustWorthy Computing'
Don't get me wrong!
...of course I wasn't the first with that one... what was I thinking?
Don't get me wrong!
...with all the 'CowboyNeal' search terms? Open up a website with that name which redirects all visitors to here ?
Use The Source, Luke!
EULA's aren't legal contracts in the United States. They never have been. The only attempt to enforce a EULA in court in the U.S. ended with the provisions of the EULA being struck down.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Excuse me, but how does it improve my searching ability by sending the details of my search to Microsoft???
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
I quote:
"When you search the Internet using the Search Companion, the following information is collected regarding your use of the service: your IP address, the text of your Internet search query, grammatical information about the query, the list of tasks which the Search Companion Web service recommends, and any tasks you select from the recommendation list."
"Search Companion does not record your choice of Internet search engine, and does not collect or request any personal or demographic information. Information collected by the Search Companion cannot be used to identify you individually, and is never used in conjunction with other data sources that may contain personal data."
This is absolutely no different than sherlock. IF you hit the tab that says "Search Internet" it passes the search terms along, and identifies you so it knows who to pass the item back to! I'd love it if someone could figure out any other way to execute a search, but this seems like the bare minimum.
You left out a small part of the Privacy Policy:
Microsoft will occasionally update this Statement of Privacy to reflect company and customer feedback. Microsoft encourages you to periodically review this Statement to be informed of how Microsoft is protecting your information.
Basically, this policy is in effect until MS decides to change it. When (not if) they decide to change it, any information they have already collected will be subject to the _new_ privacy policy.
We've seen it happen already with Yahoo!, among others.
Let us say that you are running Windows XP and store your bank account information on your computer. Let us imagine Microsoft then using that information to transfer the balance of your account into their coffers without expressly asking for permission to do so.
If we were to say that by accepting the Windows XP EULA you have given tacit permission for Microsoft's operating system to perform whatever operations/communications functions Microsoft cares for, then this transfer of your money from their account to yours would be entirely legal. (We can think of other similar situations that will illustrate this same point.)
The fact of the matter is that in purchasing this software as an operating system, you have certain expectations of what that software will do. Furthermore, as you have purchased an operating system, although there are expected costs associated with electricity and hardware, there is no reason for it to consume other resources unless such a directive is given explicitly by the user. A reasonable user would not expect the software to attempt an internet connection during a local search. They may not be taking money from your account outright, but this is tantamount to such an action, and surely can not be covered by such a broad and vague "agreement" such as their EULA.
hehehe arguing on the internet is like running in the special olympics. even if you win your still retarded
If yes.... then consider this...
.gov hosts?
Give me what you've searched for on the net for a year and I will tell you exactly who you are. You will be surprized about the accuracy of the profile.
Good old content analysis comes handy here. Just to refresh your memory, it was introduced by British liguistic professors during WW2 in order to figure out whether the new invention, called RADAR was useful or not against German submarines.
I really wonder, that how does MS dare to collect such information practically on all high profile American and foreign politicians, businessmen, etc. Does President Bush use Windows XP?
Can you imagine the value of the search logs for all
For this alone MS should be prosecuted on charges of attempted spying. If the American government does not have the gut to stand up for it, I am really curious that which foreign government will do it first.
Okay, you may say that Whitehouse security will cut off all calls back to MS - still it does not change the fact that MS made an attempt to spy on President Bush.
what? where does this all go?
M$ checking to see if you paid your royalties on any music/video/etc you want to download/record/play???
"Anytime a Navigator user performs a search by typing terms into the browser's URL bar and pressing the adjacent Search button, or by using the Search tab on the browser's My Sidebar feature, the user data is sent to a server at info.netscape.com using a uniform resource locator (URL) forwarding system."
As long as you go directly to the search engine and search from there, you're safe. I have Google in my personal toolbars in NS & Opera, so it's just a single click and I'm there.
The moment you connect your computer to the online world, your computer starts firing packets off on all directions, to be picked up by the Great Firewall. If your location or IP raise a red flag, you hear a knock at your door...
Or in other legal issues, how soon before someone supoena's some companys log file in order to prove that an individual was online at a certain time and place, and was performing certain actions?
Now I can run scripts to open up 11 WinXP sessions through VPC on Mac OS X, sending back all sorts of nice searches back to the Mother$hip about "MS SUCKS!" and "BILL GATES BUTTF*KKED BY A RAGING RABID BULL." I figure 11 instances of XP, 1 query each per second, running 24 hours a day, that's 950,400 disgusting and immoral and hopefull personally offensive searches that the schmucks at M$ will have to wade through EACH AND EVERY DAY.
....
Now if only I could get others to join my unholy mission
Viva la Resistance!
____________________
I have found a program called SAB. It can block requests to ip addresses in its blacklist.
It is used to block web advertisements but can be used to block any ip you wish.
It seams to block the XP internet search all together when I addesd the ip to the blacklist. Hard drive searching still works though, but it probably just fails on the phone home and than proceeds with the file search.
The program is simple and free.
you can get it here http://www.morpheussoftware.net/sab/
When you get it, you will need to add the ip address to sa.windows.com to the blacklist.
I hate to say it, but there is a huge relationship between marketing and sales. Our economy is driven, to a large extent, by marketing. When you spend more on advertising, sales almost always go up. Large companies spend outrageous amounts of money on marketing and advertising. Any sociology or marketing class will tell you that.
You're a right bastard for posting this extra long line in every freakin' message board! For Shaaaaaame!
geeks are cats who dig a certain kind of cool
That makes Linux EXCELLENT!
Fourteen days, no firewall? With an open invitation to crack, and a reward? I'd like to see XP survive fourteen minutes with a heap of services up... invitation or no.
Got time? Spend some of it coding or testing
Our economy is driven by people making exchanges that create mutual benefit.
99% of the purchases I make at home and for work are due to a need, and seeking out the solution to that need at a price that was reasonable for that need. When I go to a site that is "marketing based" with little actual technical info, I usually try to find another vendor, one that posts full technical specs, not marketing bullshit.
I'm sure I'm not alone.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
You're misusing the term marketing. You are defining it to be vapid and misleading. Marketing is more general than that and includes useful things such as product technical specifications and price comparisons.
The rest of the site is about transformers. TRANS-formers. Are you sure that's your sister? And not your confused brother?
Where, oh where is the goth os? That when given a command will moan about the evils of the world instead of executing the command? That will give priority access to the marily manson website? Azrael, I call on thee, deliver unto me the goth OS!