Microsoft's Guidelines for Customer Privacy

jcatcw writes "Microsoft has released its 'Privacy Guidelines for Developing Software Products and Services.' According to Peter Cullen, chief privacy strategist, Microsoft has learned about protecting user's data from such endeavors as Hailstorm and WGA. 'Certainly that and other things have contributed to us thinking deeply with how we provide security and privacy, as well as respect and control with how their information is used,' he said. 'We think others should join in this discussion.'"

Microsoft values privacy?

[davidwr]

First schools banning tag, and now the Evil Empire values privacy?

What is this, April Fools come early?

Re:Microsoft values privacy?

[Ided]

Next thing you know they're going to reduce the price of Vista!

Re:Microsoft values privacy?

The only way Microsoft can ever prove such a claim is by opening up their source code.

Re:Microsoft values privacy?

[LifesABeach]

A half a dozen years ago, I stated answering questions with the following:

Name: Moore Garbage
Company: From Pathetic Minds
Address: [my address/]
Occupation: P0rn Critic

When my wife found about this, she did not like it. But after looking at the junk mail, even she is laughing at the stuff we get.

Re:Microsoft values privacy?

[Merle+Darling]

If they don't want you looking at their code you should respect their right to privacy.

Re:Microsoft values privacy?

[gbjbaanb]

But the best part, is that you can put it back in the post marked "not known at this address", and the company that sent it can share the joke!

Re:Microsoft values privacy?

Then release it!

privavcy guidelines ...

[thrillseeker]

... don't collect (and keep and share and sell) crap just because you can - show some backbone and leadership and collect as little as is necessary to serve your customer.

Re:privavcy guidelines ...

[bashamer]

this limits your future scalability

you want to capture more rather than less so you can use this data as training for future functionality.

Re:privavcy guidelines ...

[thrillseeker]

this limits your future scalability

I guess they should really say, "we respect your privacy ... absolutely as little as possible."

Re:privavcy guidelines ...

[TheVelvetFlamebait]

don't collect (and keep and share and sell) crap just because you can - show some backbone and leadership and collect as little as is necessary to serve your customer.

You make it sound so easy.

How, exactly, would you define "serving their customers"? Microsoft (or any other company for that matter) may define "service" as providing a product and making sure that people are satisfied. By that reasoning, it's necessary for Microsoft to take surveys from their customers, and possibly log their names/IP addresses to make sure that no-one over-represents any one problem (OK, I'm stretching it here). They may also consider entertainment giants as their customers (remember this, or this?), and therefore feel that providing the private information of pirates to them, or something like that, is necessary to serve their customers.

I don't want to start a flamewar. I just wanted to say that things are more complicated than that.

Oh really?

[From+A+Far+Away+Land]

"WGA. "Certainly that and other things have contributed to us thinking deeply with how we provide security and privacy"

Is that why you have to sell your first born to Microsoft if you install Windows Media Player 11, and break the EULA? I bet you didn't know that was in there! It pays to read EULAs, unless you want rid of that kid.

And if they've learned from the WGA fiasco, why are they still requiring XP users to install it to get all updates?

Re:Oh really?

"And if they've learned from the WGA fiasco, why are they still requiring XP users to install it to get all updates?"

They've learned that they can do what they want, and the PR machine will spin it.

Hope you've lubed up, Vista is on its way.

Re:Oh really?

[dabraun]

How on earth is that an invasion of privacy? They want to verify that you have a legitimate product key that is not on a known piracy list before they give you free updates. They still don't know who you are, where you are, what you have installed, or anything else about you.

Ok, so in order to provide you with the list of available updates that are relevant to you the server needs to know what updates you already have ... though this has always been the case for windows update and has nothing to do with WGA. The alternative would be to download some huge list to the client and make the client perform the logic to determine which updates are relevant which is a rather painful thing to do just to satisfy some tin-foil hatters.

Re:Oh really?

[zcat_NZ]

How many updates does Microsoft actually need to keep track of? a few hundred? perhaps a thousand?

When I update here the update software grabs a list of all available software (about 18,000 packages) and compares versions locally. It takes only a few seconds and no information is sent to Canonical, Microsoft, or anywhere else.

Re:Oh really?

[radish]

And you do this over a 56k dialup line?

Lets see...18000 packages, we'll say 500 bytes per package to include name, description, version numbers, etc. So that's 9mb. We'll be optimistic and say that we can compress that 50%, so 4.5mb. Now we have to shove 4.5mb to every client every time they check for updates (once a day typically). No big deal for you and I with a nice connection, but that could take 15 minutes on a modem! Don't forget that MS are catering to a much greater diversity of users than most vendors.

Re:Oh really?

[Pofy]

>And you do this over a 56k dialup line?

Ehh, yes, why not? If you are going to actually download any of the updates to start with, that information will be negletible in ammount compared to the actual updates anyway. Of course, you only need to send info on NEW updates (or removed updates) when someone connects.

Re:Oh really?

You know that the client can ask what version of the file the server has and not download it if it's already got it? It's kind of a feature of HTTP. So, every client gets HTTP headers of like 500 bytes, unless there's an update.

It's perfectly manageable on a modem - I ran Debian unstable for years updating via a 56k modem. Updating the package lists isn't the problem, it's the new version of X11.

When you need to transfer the packages, if you're obsessed with minimising bandwidth, you can also transfer the differences rather than the complete file, so one package changes and you only need to send 500 bytes.

50% is also a poor compression ratio for text. Did you have a point?

Hailstorm?

[Slovenian6474]

Was it a good idea to name a program that stores people's names and credit card information after an egyptian plague?

That's a punch-line to a joke...

[lbmouse]

What's the smallest page on the web?

WGA

[MyNameIsEarl]

I thought WGA didn't keep any data on the user only the machine. I guess that "anonymous" data collection isn't so anonymous after all.

Re:WGA

[camperdave]

The "user" is that component of the machine that converts screen images and sounds into keypresses and mouse-clicks. The device has a complex behaviour, and collecting as much data as possible regarding that behaviour will assist in developing profitable protocols for interacting with the device.

Re:WGA

[maxwell+demon]

Well, if it would just translate screen images and sounds into keypresses and mouse clicks, I think Microsoft wouldn't be interested. However most of them also have an interface to the banking system, where they control a certain amount of money. Most companies are interested to find exploits which make them transfer some money to the company's bank account. Microsofrt is known to be particularly good at that.

Re:WGA

"anonymous" data collection

Oh that just means the entities/companies that are winding up with YOUR data are anonymous, not that YOU are.

Summary is Totally Misleading

[mpapet]

FTFA: "The document outlines recommendations for software developers that will help them protect customer privacy"

Bolded emphasis mine. MS and their legions of developers won't do anything differently.

"Discussion." Indeed. This is MS working their coordinated PR effort to make them seem serious about "security." Talk all you want, no one is listening.

Keep in mind, I have to babysit these things for a living. So I am quite happy they don't actually address the issue directly because there will be no shortage of work.

Re:Summary is Totally Misleading

[MECC]

Microsoft's negligent software practices doesn't create work - it just creates bad software. See the broken windows fallacy.

Re:Summary is Totally Misleading

Talk all you want, no one is listening.

Very sadly you are wrong. The privacy commissioner of Ontario got suckered into this. Here it is:

http://www.cbc.ca/technology/story/2006/10/18/priv acy-identity.html

Re:Summary is Totally Misleading

[cp.tar]

Even in the Broken Window Fallacy ("Broken Windows" is not a fallacy, BTW), one person is making money and profiting from the whole situation - the glazier.

The fallacy is in assuming that it is generally good if kids break windows.
Nothing wrong in assuming that the glazier will profit from it.

Microsoft's negligent software practices did create work; if they suddenly started producing secure operating systems (a hypohetical example), most businesses which rely on endless support calls would be wiped out.
Of course, some would adapt and re-orient themselves to a new niche, but some would not.

All in all, GP is not at all wrong when claiming Microsoft's crappy programming puts bread on his table; he's the glazier.

Re:Summary is Totally Misleading

[drew]

You know, I'll be the first to admit that Windows is far from perfect, but I think that "Broken" is probably a little too strong of an adjective. /duck

Re:Summary is Totally Misleading

[MECC]

"All in all, GP is not at all wrong when claiming Microsoft's crappy programming puts bread on his table; he's the glazier."

I see your point. I think, though, if MS suddenly produced good software, the people who now fix the same problems over and over again might find opportunities in more mentally stimulating venues.

The best way to protect customer information

... is not to collect it in the first place.

*you* are not their customer

you are the producer of the product they provide to their customer. What on earth gave you the idea that you were the customer?

Uh-oh!

[Rob+T+Firefly]

According to Peter Cullen, chief privacy strategist, Microsoft has learned about protecting user's data from such endeavors as Hailstorm and WGA.

Cripes, they've got Optimus Prime on their side! Nothing in the galaxy will stop them now!

Re:Uh-oh!

It would explain why an Xbox appears in the leaked 2007 movie script, but there's an iPod in it too, so I'm guessing Frank Welker works for Apple.

Re:Uh-oh!

[$RANDOMLUSER]

He was also the voice of KARR from Knight Rider; KARR was KITT's "evil prototype", which I always thought was a screamingly funny concept.

Re:Uh-oh!

[Rob+T+Firefly]

He was also the voice of KARR from Knight Rider; KARR was KITT's "evil prototype", which I always thought was a screamingly funny concept.

What, you mean you don't build an evil, megalomaniacal prototype of everything you invent? You know, just to work out the bugs and all?

Re:Uh-oh!

[laffer1]

I'd say Windows is the evil prototype to Mac OS, but well Microsoft is often behind so that doesn't pan out. I suppose you could say it about Linux. In some ways Linux (and KITT) are far superior, but who doesn't like the color scheme change in Windows (and KARR who was black/red and went gray/green later on).

I just scared myself and said something nice about linux. The other BSD developers are going to bitch slap me now.

Key Quote

[nigelo]

"We didn't spend enough time to make sure [the feature] met our standards," he said.

Or enough time to make sure their standards met their features?

Others...

[just_another_sean]

"We think others should join in this discussion."

Like Claria maybe?

In Other News...

[Admiral+Justin]

Symantec is offering guidelines to developers of antivirus solutions to use minimal resources.

Richard Stallman is offering guidelines for developers wanting to release proprietary code.

The Pope is offering guidelines on peaceful and friendly methods of talking about other religions.

Isn't this a good example of the blind leading the blind and dumb?

Re:In Other News...

The [CURRENT] Pope is offering guidelines on peaceful and friendly methods of talking about other religions.

Even as an atheist, I find that an important distinction to be made. Carry on.

no thanks

[FudRucker]

i would trust microsoft with my personal information about like i would trust a heroin addict to hold my wallet full of cash and credit cards...

I thought this was obvious...

[__aaclcg7560]

Spill and/or sell first, pretend it didn't happen, and apologize only when the media calls.

Titor Arkwright

7865 6689 1670
8265 6098 1847
5633 2979 2857
7284 8236 3827
1234 4478 2683
8817 7967 5024

And, in breaking news, the Big Bad Wolf...

[dpbsmith]

...has released a 49-page document entitled "The Big Bad Wolf's Guidelines for Protecting Little Red Riding Hood." In a prepared statement, the wolf said:

"We'd like others to join the conversation. A long, long time ago, several weeks ago in fact, we were a little insensitive about the way we implemented our last henhouse raid. Critics complained that wearing grandmother's clothing was deceptive, and that what we were doing posed a risk to Little Red Riding Hood. While we want to emphasize that Little Red Riding Hood was not harmed, that and other things have contributed to us thinking deeply with how we provide security and privacy, as well as respect for those we eat, for the use humane slaughtering practices. We also wish to assure the consumed that we target only henhouses, and that any collateral loss of innocent human life is accidental and deeply regretted."

"Our new guidelines protect the consumed by prohibiting the use of cloaks intended to resemble human beings. From now on, we will cloak ourselves only in the garb of sheep. We've devised technology in the form of a new chalk filter that guarantees that any traces of our individual voice identity will be erased, and that there is no possibility of causing psychological harm to our victims by the use of harsh vocalizations."

"We have asked our colleagues the Fox and the Coyote to join with us and to follow only best predatory practices."

"Because of this increased protection, we no longer recommend that home users build firewalls of brick. Instead, they should enjoy the economy, light, and airy comfort of porous straw walls, perforated by dozens of Windows."

Re:And, in breaking news, the Big Bad Wolf...

[rts008]

*APPLAUSE!*
Most excellant prose, sir!
I also thought along those lines.
"Acme's guide to Securing Your Roadrunner" by Wile E. Coyote S.G. (Super Genius)
Available in bookstores soon!

Bad provisions in Microsoft's concept of privacy

[Animats]

There are several bad provisions in that proposal.

• The proposal does not require that, when collecting data, the collecting organization specifically identify itself. EU data privacy laws generally require that. California law requires that web sites give "the actual name and address of the business" before accepting credit cards, and that's a good standard. If you can't identify who collected the data, you can't effectively exert your rights against them. "xyz.com" isn't enough; you need "XYZ, Inc. 1234 Wilshire Blvd, Los Angeles, CA".
• "Web sites: Visiting pages on a Web site implicitly means the customer consents to the site's privacy statement and terms of use." - that's very weak, and not supported by law.
• For some things, even explicit consent is not enough. See the standards at StopBadware.org, which prohibit automatic updating which modifies other programs changes the functionality of the one being updated without user consent. (Think Tivo, where automatic updates took away commercial-skipping. That's badware.)
• Personal data transfer to third parties and retention policies need not be specified. Not good. In particular, the owner of the data (the user) needs the right to know which third parties have the data. And the collector of the data must remain responsible for what "affiliates" do with it. This has been a serious problem, where the "good company" disclaims responsibility for what their "affiliate" did. Remember the "outsourced medical transcription" scandal.
• The "privacy" document doesn't address the privacy issues associated with digital rights management (DRM). "Who knows what's on your ebook?"

For a more user-side view of privacy from a technical standpoint, the National Association of Theater Owners Digital Cinema Requirements document is valuable. Digital cinema at the movie theater level has DRM, and the theater owners have organized to tell (not ask) the studios exactly how intrusive the DRM can be. Stuff like

• "The System shall not compromise the security of the theatre's in-house network, including the security of digital cinema systems, point-of-sale systems, and other data systems owned and/or operated by the exhibitor." (i.e. no Sony-type rootkits)
• "The system shall be designed to push data to outside business entities per the needs of the exhibitor, and shall not allow outside business entities to pull data from the exhibitor's equipment or from the premises without the express written permission of the exhibitor on a case-by-case basis. All such communications shall be recorded and shall be auditable by the Exhibitor." (i.e. no spyware; the user has to explicitly send the log data, and can look at it first)
• "System components (servers, projectors) shall be capable of being moved from auditorium to auditorium within the same facility in any combination without limitation and without requiring receipt of new decryption keys." (you can swap components around without DRM problems)
• "Systems shall allow the movement and playback of shows among all auditorium systems within a complex." (you can move the movie from one room to another without DRM problems)
• "New Security Keys shall be delivered within 15 minutes of the time of request." (no long downtime because the DRM people screwed up)
• "Systems shall employ the standard interchange method for security log reports .... Systems shall employ tools that allow the exhibitor to filter security log reports logs prior to sharing." (it's all in XML, and you can see what the DRM owner sees.)

Compare that with Windows Vista.

Re:MS Dev's

[mpapet]

MS and their legions of developers won't do anything differently.

Apologies to all MSDev's out there that -want- to design and implement more security. It is tough when requirements/management/resource restraints prevent it. I've seen it first hand.

I typed too quickly.

MOD PARENT UP

[dpbsmith]

What he said.

Cue verizon commerical...

[mgmatrix]

"That is a problem, and we are working on it!"

Protect privacy from what?

[boyfaceddog]

any time a company or country defines security or privacy, it isn't to ensure their customers/citizens have more but to put limits on how much they need ro provide.

In some ways, I want them to know a bout me.

[Deathlizard]

I though I would never say this, but in a sense, I want Microsoft to know who I am when it comes to WGA. That way, when WGA screws up, I can prove that I'm the owner.

Something like when I activate windows, I have the option to login to my passport to associate my windows ID with that Windows Serial Key. that way, if my key is stolen by some hacker and WGA decides to lock my computer down, I can contact MS and prove that I'm the original owner of that key and get it either unlocked or a new key resubmitted.

If I have to deal with WGA on windows, at least allow me to protect myself from being screwed out of my purchase by the next key stealing Trojan or eventual random keygen.

Kudos

[Guidii]

As an advocate of privacy, I applaud this document. Software developers have a duty and an obligation to consider the privacy of their users. This document helps to uncover some of the issues surrounding privacy, how to avoid risks to privacy, and how to mitigate those privacy risks that are unavoidable.

It's time for software professionals to start taking responsibility for their work.

Re:Kudos

That was so subtle a joke I almost didn't get it.

Err. It was a joke, right? I mean, you do realize that Microsoft is the trailing edge of this amazing wave of revelation, right?

Gosh. Now I'm going to have to post this anonymously. :)

Most telling line.

[UnknowingFool]

Most of it read like any PR release would read. They promise this time that they will guard data more carefully. They're sorry about all the other times that they didn't. If anything WGA showed that they didn't learn their lesson. Their excuse for WGA?

"We didn't spend enough time to make sure [the feature] met our standards," he said.

What standards? According the article, they didn't have any guidelines in place until recently, much less standards.

hold the phone

[llbbl]

They have guidelines?????

Did anyone else..

[Nonillion]

Did anyone else read this as.. 'Microsoft's Guidelines for Customer Piracy'

Re:Did anyone else..

[cp.tar]

Customers don't need that kind of guidelines.

Microsofts Guidelines for Consumer privacy,

[mjwx]

11,000 pages of:

This page is intentionally left blank.

Microsoft's interpretation of "customer"

[Mr+Europe]

Keep in mind that MS thinks that the customer is NOT only the computer user who buys the operating system. The "customer" refers mostly to the advertizer who pushes adds to the pc user !

Re: MS = Audio Surveillance and GPS Trackers

They should start by stopping the use of audio surveillance at large customer sites and not attaching GPS trackers to purchasing reps of customers.