Slashdot Mirror
Microsoft WGA Phones Home Even When Told No
Aviran writes "When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft's servers."
Or use a firewall that checks egress, too. I use one, and find that RealPlayer and Adobe Reader also phone home even when you tell them not to.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Seems you haven't read the past story about MS bypassing HOSTS file for microsoft sites.
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
Interesting you say it's slashdotted because I can read it fine.
It's very light on details, however. There is a screenshot from wordpad of the data sent; it's an XML-type document which appears to have pulled a couple of id/hash numbers out of the system registry, e.g. OS version, but no personal info. They can't really get any personal info anyway, since data protection laws here in the UK and other countries would land them in shite, and also I suspect that they have more important things to do than snoop random people's names.
Personally, I think that they're just trying to get an idea of the number of people who won't install it. These people either have pirate copies and know they'll fail validation, or simply are opposed to the idea of their OS phoning home. From a cynical viewpoint, it's important for MS to gauge the reaction to this early so they know how far they can push these sorts of thing without there being a massive backlash.
Don't you just hate it when people reply to your signature?
I have no idea, but it looks like some sort of unique id.
n g
an image from the now slashdotted page is here, it shows what gets sent to MS
http://img266.imageshack.us/my.php?image=wgahp5.p
Signature v3.0, now with 42% less memory usage.
AC said: "Have you ever tried to read the GPL?"
The GPL is not a consumer product license. In order to use the software you don't even have to agree to the GPL. Only if you distribute are you bound by its terms, and software distribution is a complicated topic.
Even so, when you compare it to proprietary EULAs, the GPL is entirely readable in its main parts. Furthermore, the GPL is not written in caps as most EULAs are (IMHO this obvious attempt at obfuscation alone should make EULAs unenforceable).
"When I first heard Daydream Nation it quite frankly scared the living shit out of me." -- Matthew Stearns
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
This should be reported to "StopBadware.org". StopBadware.org's definition of badware requires prior consent to send personally identifiable information to a site. This should be enough to put WGA on the Badware list.
Google is now flagging sites that have been identified by StopBadware.
StopBadware is run by law professors from Harvard and Oxford, with assistance from Consumer Reports. StopBadware is effective. They complained about the Jessica Simpson screensaver, which installed spyware in May 2006. The makers of that didn't listen. In October of 2006, a US federal judge shut that outfit down.
Um... No. The GPL doesn't to take away your rights to distribute a closed source program. You can distribute them all the time. But if you link against a GPL program/lib THEN distribute your program/lib, you would have to follow the GPL. If you don't accept the GPL you have to follow normal copyright law which means you can't distribute it REGARDLESS of your license if you link against it.
The GPL is NOT limiting anyones rights beyond copyright law, you might say its more limiting than the LGPL or modified BSD, but you can't say its more restrictive than no license at all.
Also an EULA is an agreement the end user is supposed to agree to to be able to use the software, the GPL is a copyright license that a distributor must agree to to be legally able to distribute any program that includes/links against GPL code.
You could look at it that way, but I think that's kinda a warped view of the GPL.
BSD license is all well and good, but if it wasn't for the GPL there wouldn't be so many people involved in development of GPL software. Your view does have some merit, but not because of selfishness. Novell doesn't want Microsoft to take their code, put it in Windows, and blast Novell away again. Red Hat doesn't want IBM to secretly switch AIX to all Linux code, and sell it for a mint, and never give anything back. So, that's understood, and everyone can feel free to develop the code base without worrying about it. Your payment for being able to use everyone else's work (and saving a lot of money by doing so) is to also release your improvements to everyone else. So your PROFIT is the improvements you get back on the code you wrote.
It should be noted that the big companies pushing Linux actually do turn a bit of a profit, in terms of cash.
The GPL *is* about supporting the community. If a piece of software is community developed, that same community (as well as anyone that uses it) really wants the software to improve. If ACME Corporation wants to use the software in their product, because it would be a LOT cheaper then developing in-house, they'll take it, improve it, and package it with their product. In the meantime, they'll also make their improvements available to everyone else. That's their payment for saving millions in licensing or development. How is this selfish?
If you don't want to release your code under the GPL, then simply don't. If you don't LIKE the GPL, then don't use GPL code, it's as simple as that. Or, are you pissed that you can't just do whatever you want with someone else's work?
The GPL, in fact, does allow a lot more freedom for the code you write then general copyright laws allow for. It's obviously a lot more open then closed-source. Why must you compare it to the BSD license? (Extra Points: If the BSD License worked so well, why did it take the GPL to bring open source software to the forefront? Explain and cite references.)
- It's not the Macs I hate. It's Digg users. -
So, you're saying Microsoft has some secret way for it's OS to phone home without a driver for the ethernet card?
Yeah, it's called NE2000. Almost all cards support it. If you don't have the drivers for a card, you can usually force Windows to use generic NE2000 drivers and the card will work. But if it can't identify the card, or identifies it and doesn't have drivers, then it will tell you that it can't install it, even when it knows it can use it just fine with the generic drivers. So yes, I do think it quite plausable that Windows can use a NIC it does not have drivers for. But I wouldn't call NE2000 a secret.
Learn to love Alaska
In the UK, at least, it would appear to be in breach of Section 1 of the Computer Misuse Act 1990:
1 -- (1) A person is guilty of an offence if--
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b)the access he intends to secure is unauthorised; and
(c)he knows at the time he causes the computer to perform the function that that is the case.
The data sent home is noted by (a). As the user has expressly not agreed to the WGA EULA, unauthorised access is noted by (b) and (c) - in particular (c) as there was no agreemnt to the EULA; assuming of course that the data sent home is that that would be sent home IFF the EULA had been agreed and WGA installed.
As an aside, the Sony rootkit that installed something even when the EULA or whatever was decined was probably in breach of Section 3 of the same Act - doing "...any act which causes an unauthorised modification of the contents of any computer..." - those discs weren't sold in the UK?
The question is who is the responsible entity for a company: they have programmers that have written the code that does the unauthorised access (are they responsible), or is it their managers (who defined the specs) or the company as a whole (the directors)?
A rose by any other name would smell as sweet;
A chrysanthemum by any other name would be easier to spell