Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Update v5 Gathering Too Much Information?

Posted by Cliff on from the don't-look-so-surprised dept.

LucasR asks: "I was testing out Microsoft's Windows Update v5 and read their latest privacy statement from April 15th of this year, and it appears they are collecting and storing more information than ever. Here is only some of what they are now collecting: computer make and model, version information for the operating system, browser, and any other Microsoft software for which updates might be available, Plug and Play ID numbers of hardware devices, and IP address (though only for aggregate statistics so they claim). Some of what they are collecting is really disturbing. I use Microsoft's products but I don't recall wanting them to know everything about my computer and what competing applications I might use. Check it out for yourself. Isn't this amount of collected information a bit much?"

8 of 65 comments (clear)

  1. From the article... by meta-monkey · · Score: 2, Insightful
    Windows Update evaluates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID does not contain any information that can be used to identify you.
    So, the Unique Identifier cannot be used to identify. Sounds really useful :)
    --
    We don't have a state-run media we have a media-run state.
  2. Scary Language by digitalvengeance · · Score: 3, Insightful

    From the article:

    The Product ID and Product Key collected are not retained after you are finished using Windows Update, unless the Product ID is not valid.

    Though my workplace has all validly licensed copies, there have been occassions where I've just grabbed the closest Product Key during a reinstall rather than pull up the database of which keys go with which machines. They WILL keep a product ID if they deem it to be invalid? How long before we are all getting audited for not memorizing 30 different Product Keys for the 30 different windows licenses we have?

    --
    How many roads must a man walk down? 42.
    1. Re:Scary Language by Phillup · · Score: 2, Insightful

      Use a corporate licence key.

      The computers will most likely have a non-routable IP address assigned, and all of them will show up w/ the IP address of the firewall.

      Even if they note the number of individual computers connecting w/ that license... there are so many "spares" and "rebuilds" in the corporate environment to make tracking a fruitless proposition.

      --

      --Phillip

      Can you say BIRTH TAX
  3. EULAs are more interesting... by MrHim · · Score: 4, Insightful
    I like the MS Visual Studio EULA better (C:\Program Files\Microsoft Visual Studio\MSDN98\98VSa\1033\Setup\EULA.txt, if you happen to own it). Section 4.1.2:
    Performance or Benchmark Testing. You may not disclose the results of any benchmark test of either the [Server Software] or [Client Software] for Microsoft Message Queue Server, Microsoft Transaction Server or Microsoft Internet Information Server to any third party without Microsoft's prior written approval.
    And if you get the Microsoft SDK from windowsupdate, the same restriction is placed on releasing .NET benchmarks.
  4. Let's have a peek: by NanoGator · · Score: 5, Insightful

    "Computer make and model": In order to figure out if particular motherboards need a fix applied. The AGP problem with Athlons immediately comes to mind.

    "Version information for the operating system, browser, and any other Microsoft software for which updates might be available": For security updates to IE, Outlook, Word, etc...

    "Plug and Play ID numbers of hardware devices": In case there is a fix for a particular bit of hardware. Maybe a DirectX update or something.

    "Region and language setting": What, you don't want your driver interfaces to be in Bulgarian?

    "Globally Unique Identifier (GUID)": Eh, not terribly interested in defending this one unless it's to count how many times a particular machine gets updated. I can't say I'm terribly concerned about this one either.

    "Product ID and Product Key": Filed under D for DUH.

    "BIOS name, revision number, and revision date": Again, may be related to fixes for a particular computer.

    This stuff is far less scary when you read through some of the MSDN articles for quick fixes etc. It's pretty obvious that they attain this info for the Automatic Update to actually work. Damn them for creating this free service!

    --
    "Derp de derp."
  5. Re:Don't they need all of that information? by Tablespork · · Score: 4, Insightful

    They shouldn't need any information. They just need a list of all available updates, and the client can check to see if any are needed. Microsoft shouldn't need to collect any data whatsoever. I'm not picking on Microsoft, I think any company would/does/has every right to collect this information. It's free usage statistics.

  6. They might be gathering it for Intel by Gary+Destruction · · Score: 2, Insightful

    Intel has the power to shape the hardware industry. If they want the floppy to disappear, they can make it happen. The information gathered can be used to give an idea of how much legacy hardware is still in use and it could be used to predict future demands in hardware. Take that as opposed to old motherboards and expansion cards sitting at the dump. If the user visits Windows Update, then it's know that the hardware is still in use.

  7. What competing products? by belchingjester · · Score: 2, Insightful
    I use Microsoft's products but I don't recall wanting them to know everything about my computer and what competing applications I might use.
    I don't see anywhere in their disclosure statement where products other than MS products are tracked, so I'm not sure why you're being alarmist about "competing products". Perhaps they are collecting more info than they say they are, but that's not the issue you raised.