Slashdot Mirror
Microsoft WGA Phones Home Even When Told No
Aviran writes "When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft's servers."
Anyone have any insight what exactly they're sending back?
notepad %windir%\system32\drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
Who is general failure, and why is he reading my hard drive?
Ethics. If you choose not to install something, it shouldn't do anything.
Yay, I believe RMS's essay on treacherous computing may apply here. Not to start an argument over RMS and his stance with open source and free software. But i believe we should all have the right if you use windows to know what they are sending. I use gnu/linux so i really don't affect me much.
You chose to install the Windows Update ActiveX control, didn't you? And you clicked "I agree" when it told you it could send this info to Microsoft, didn't you? So why would you be angry when it does exactly that? Perhaps people need to read the licensing agreements they agree to before agreeing to them, instead of just clicking "yes, I agree" like a madman.
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
It matters because it could give them justification to pursue an investigation along the lines of "Well, if they are innocent, why not prove it? So, they must be hiding something. knock knock knock - Microsoft Police."
Ya, that would fix it. Maybe, just maybe, some of us don't have an army of lawyers at our disposal to determine if what we're clicking on really means what we think it means. It seems to me that it is unethical to have a consumer product license that is unreadable/unparsable to an average consumer. The "madman" here would be anyone who thought that such nonsense was an enforceable contract.
I am not a crackpot.
That Free Markets religion again. Businesses cannot do anything they like; they are corporations, fictional entities created by license of the people of the country through their government. They are granted super-powers as non-existent individuals, exempting real operators from liablity for their own actions. In return, they hew the line we set for them. They have more responsibilty to the nation that created them other than pleasing shareholders, no matter what propoganda they pump to the contrary. They are not gods. And Microsoft is a monopoly, ruled so by the courts, and is under even more stringent strictures, because they have constantly abused their power in the past to invade and hold new markets.
So, no, making money is not all they have to worry about. Deceit and chicanery should have consequences other than making them more money. And if they need to cheat to win, it might be time to think about a new concept: revoking the corporate license, and reinstituting personal responsibility for their underhanded actions, with civil and criminal penalties.
In MSFT's defense it is a smart move. That way a virus can't modify update.microsoft.com .
The last time i had to set apt-get's update I used the IP address as well.
i thought once I was found, but it was only a dream.
Do you really think the people who wrote the kernel can't get around all that ZoneAlarm silliness if they want to? They already ignore the hosts file and such for *.microsoft.com.
it is unethical to have a consumer product license that is unreadable/unparsable to an average consumer.
Oh my fucking god.
Have you ever tried to read the GPL?
It seems to me that it would be easy enough to determine what port WGA is using to send this stuff, and lock down said port at one's firewall.
Great idea. Except that obviously you can't filter by the source port because that will be almost random. And then you find that they're using Port 80 as the destination port anyway because it's about the only port guaranteed to pass through most firewalls/proxies.
So you filter it by IP address instead, but then find that they're using a huge range of probably Akamized IPs. Eventually you give up and just put an entry in your Hosts file. Which is bypassed for MS sites.
You could just filter it based on the name of the executable. I'm sure they wouldn't dream of changing or randomising that just to piss you off.
Are you getting the picture yet? Powerful organisations (and politicians) really CAN and DO get away with anything they want. Microsoft is a prime example. I'll be very surprised if they ever get in any serious trouble for this (and no, for MS, a multi-million-dollar fine is not "serious trouble", it's a slap on the wrist. A $10,000,000 fine wouldn't hurt them. A $10,000,000,000 fine... maybe, yes.
With spending like this, exactly what are "conservatives" conserving?
You chose to install the Windows Update ActiveX control, didn't you? And you clicked "I agree" when it told you it could send this info to Microsoft, didn't you? So why would you be angry when it does exactly that? Perhaps people need to read the licensing agreements they agree to before agreeing to them, instead of just clicking "yes, I agree" like a madman.
Okay, despite your trollish comments, I'll bite.
1. WGA != Windows Update. RTFA.
2. Has the validity of an EULA ever been tested? AFAIK, an EULA cannot violate your privacy rights, even if you sign those away. Argue as you like, statute always trumps contracts.
3. Microsoft releases an OS that's broken and tells you the only way they'll fix it is if you'll subject yourself to their privacy terms. Not freaking cool. My copy of Windows is paid for, but that doesn't mean I want them invading my privacy.
Ever installed XP without any service packs? Do you know how many minutes it takes before the machine is pwn3d? IMO that's not a functional OS any more.
Ever tried getting that refund from your hardware manufacturer for the part of your purchase that went to Microsoft? It's a freaking pain in the arse, and one where you have to usually drag a vendor to small claims court to get your money.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
The damn thing picked/guessed a valid (NATted) IP address, netmask, and gateway without using DHCP (arp tricks?)
Did that IP resemble 169.254.x.x by any chance?
But really there's no point trying to find technical explanations when the obvious one is at hand - you can't read a sniffer trace for shit.
Having the ability to install Ethereal does not magically confer on you the ability to interpret the results correctly.
Nice response....
Plus, on this occasion I thought "So?" was a reasonable response too.
It's not sending personal information, so I'm assuming it's tracking pirated keys stats or something, for which you can't really blame Them (ooh no, not Them!).
But it's good to bash MS anyway...
I can understand people not wanting WGA on their PC-s as it can cause issues on legitimate installations as well, in certain situations.
But sending back a little XML that you denied the EULA? Don't you detect hypocrisy here. You send your "identification" in the form of IP, browser user agent string and what not to virtually any site you visit, without "agreeing" to this every time. Why is nobody whining about this?
Having privacy and right to deny something is cool. But I think some of the most vocal opposition is simply using pirated Windows and not being honest about it.
I don't install WGA on existing (legit) computers as it doesn't help me with anything. I don't have any problem with Microsoft getting my "no" back though. In fact, I *want* them to hear my no.
It is remotely conceivable that the company in question knows how many copies of WGA it has pushed, can count how many acceptances it receives, and could possibly perform the calculation that would tell it how many copies were not accepted by users, without the need to receive direct confirmation of the latter.
That would be true if it was just a message saying "Someone said no". But it doesn't. It includes a variety of information to uniquely identify the machine.
"That's ok, it's not personally identifiable" you say? Well, indeed it does not contain your name, address, phone number, bank account details and gender preferences directly in the message, no. But all it takes is for the user at some point to provide their personal details to Microsoft or any affiliates of Microsoft, or vendors with suitably worded contracts with Microsoft, using some program that also sends the machine's unique ID, and now you can match someone to the computer. Not just in future, but with all anonymous (or so you thought) dealings with Microsoft in the past.
Sign up for MS Passport? Register for an IE beta? Your personal details could easily have been sent along with your machine's unique ID, and now any other information stored by MS for that unique ID can be matched up with your personal information.
Delist them from the market.
If you really want to punish them, revoke their corporate status.
Is it just my observation, or are there way too many stupid people in the world?
I refused to install WGA for a long time for several reasons, not the least was the fact that it was marked in the EULA as BETA software. Why should I be forced to install software that MS admits hasn't been fully tested yet? I have enough problems with MS bugs. Also, I resent the implication that I have to constantly prove that my software was purchased legally. I've always paid for the software I use, even when I was a poor college student.
Most copies of Windows in the U.S. are paid for, because Windows comes installed, by default, on almost every retail machine sold. That alone makes piracy a non-issue in the U.S. However, WGA does give Microsoft a way to shut down every Windows computer connected to the Internet. What a scam. Once they've got everyone using WGA, they can start dictating terms to governments instead of dealing with irritating lawsuits.
Lets say that the kind souls at MS never even think of using WGA as leverage on say, Europe. I still think it's possible for a clever hacker to use WGA to do some real damage. The hacker would have to do some DNS spoofing and probably crack some encryption, but then, that's what these guys do. Whose to say someone might not use WGA to pull off the biggest Denial of Service extortion in history? Perhaps I'm a bit paranoid, but my caution has kept me from ever having one of my computers compromised.
Piracy is a problem, but not nearly as big a problem as MS would have us believe. If people are stealing you blind, you don't make billions of dollars in profits, you lose money. If MS is feeling a pinch lately, it's due to their own foolish policies and assumptions that they would be able to dictate terms to the world forever. Google Apps and Open Source software will, hopefully, eliminate the need to put our computers at risk simply because a company is greedy.
Microsoft seems to believe that if there were no piracy, everyone in the third world who is now stealing their software would pay for it instead. Yeah right. One of the reasons they steal it is because there is no way they could possibly pay for it. If MS ever finds a way to shut down piracy, it will merely hasten the move to Linux in 3rd world countries. Ironically, that will speed the demise of Windows.
-All that is gold does not glitter - Tolkien
www.ra
I'd argue you're incorrect. As far as IP address goes, my ISP assigns them long-term enough to consider them permanent (typical is 2-3 years between changes) and ties that address directly to my billing information. It's personal information in the same sense my bank account and credit-card account numbers are: they don't in themselves reveal my identity but they're tied uniquely and directly to it and can be used to get it without my knowledge and consent. The computer information is the same: part of what's sent is the GUID assigned to the computer, which is intended to be unique to that computer and which is tied directly to information like my name embedded in word-processing documents and other information available to the same entity receiving the computer information. This is sufficient to let them tie that WGA data directly to my personal identity. At the very least it allows them to identify everything else they have that belongs to me, even if they don't know my name (yet). That's personal enough in my book.
This deserves a "duh" I reckon.
I always pull the ethernet plug and disable wi-fi if I know there's activation built in. Can't trust these buggers.
This is really the kicker.
Why the hell would Microsoft want the Hard Drive Serial Number just to indicate that someone didn't want to install WGA?
What possible use could that information have in connection with why someone refused WGA - except to be able to IDENTIFY that machine in the future for some OTHER nefarious reason? Obviously Microsoft expects ANYONE who refuses WGA to be intending to use a fake Windows key in the future, if not now.
In other words, Microsoft is TAGGING EVERYONE who refuses WGA as a potential pirate well in advance of their being so - or their being so at all.
I mean, how much more obvious does it get?
They may not be identifying YOU personally - but they are definitely identifying your MACHINE individually.
Which is pretty much the same thing depending on what ELSE they have done or may do in the future.
People need to realize what utter ASSHOLES the management who runs Microsoft ARE. These guys make the jerks at Enron look like Orphan Annie.
And STUPID to boot! I mean, no matter WHAT they've done over the years, they STILL have millions of pirate copies running around. So they spend all this effort dreaming up new activation and detection methods - for what? It's all been an utter waste of everybody's time! Windows Vista has had its activation cracked within a few months despite all their efforts.
Way to go, Bill, you paranoid, greed-sucking moron!
Why not try concentrating on producing an OS that doesn't FUCKING SUCK rather than worrying about nailing down every goddamn dime from everybody's pockets?
If the goddamn OS didn't cost $500 - and wasn't an illegal monopoly to boot - there wouldn't BE that many pirates out there. Not that it matters. Bill doesn't care about "pirates" - he just wants control of everybody's money regardless. He's not trying to prevent "pirates" - he's trying to nail down control of each and every individual customer so as to make sure that customer pays him every single dime HE thinks he's OWED by the world.
"You hobbyists steal your software."
That's Bill's defining mantra.
Get this asshole out of business. Now, please.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
MS owns the software, you do not. It is what you agreed to. MS has always done this and will continue to do more. If they stop in one place it will pop up again. The simple fact is, there is truth in saying that you are owned. Whether it is is by MS or by a cracker (from any number of avenues on the windows platform), you are till owned.
I prefer the "u" in honour as it seems to be missing these days.
Their active x control installation has nothing to do with the WGN installation and the cancellation of it. The "activex" control is just the tool that allows them to invoke the WGA process. Even if you agreed to install it, you didn't agree to let Microsoft (via the cancellation of the installation of a different program) send information about your computer back to their location. When you choose to cancel you choose to NOT allow them to collect and redirect that info to their location. That's the purpose of cancellation.
The use of WGA/WGN is a violation of your privacy and it is similar to a police action. Your computer is an extension of your home and to allow Microsoft to put WGN on your computer is akin to allowing them to put a camera into your home to monitor you. Just because they don't get any physical pictures doesn't mean the process isn't the same.
This is a non-governmental private entity taking a police action against you, even tho you are a legal owner of the product, by monitoring your computer (hence your home). The purpose of the WGA/WGN is to collect information in order for Microsoft to update their database. Everyone knows this deep down. The more of these records they have the easier it is for them to identify pirates. It is unethical to collect that when tell them that you do not want them to make you a participant.
If they collect information without you giving them permission in advance then they are in violation of several state's laws. Microsoft has been sued in both WA and CA over this being spyware. When they collect information even if you so no, it is doing the same thing as a spyware program is doing--sending information about you without your knowledge.
You people need to get it through your heads that your computer is an extension of your HOME. Period. No ifs, ands, or buts. That's what your computer is. Microsoft is not entitled to do anything that is not explicitly permissible under law just because they are the OS. Keep in mind that Microsoft is the type of organization that will continue to do this sort of thing until they are told to stop. You tell them to stop by asking your Congressman and Senators to put and end to this sort of behavior. Write letters to them and let them know you are unhappy. They'll get the message.
Microsoft is the kind of company that knows they have all kinds of cash to throw at lawsuits, etc., and they even have money for fines. But when there are laws enacted that send these people to jail then it will stop.
They are invading your home. Do you really want to allow them to do this? Even the police can't enter your home and monitor your activities without a warrant from a court of law signed by a judge.
You can lead a man with reason but you can't make him think.
Foolish is what Ballmer is made of. He claimed to financial analysts that the caution on Vista sales is for at least 2 reasons: 1) corporate pricing was too low, and 2) piracy.
This was stated by him in the past couple days, if not today.
Both are flawed. on item 1. Windows Vista is very expensive. Giving forecasts on certain pricing to corporate is what companies do. They forecast on those prices so that is really a moot point unless corporate just isn't purchasing. Then the low cost would make a difference, as they feel they should have made it higher so that the lack of corporate sales didn't affect the bottom line so much.
On item 2. According to Microsoft pirating is impossible under Vista. Well, even if that is about 3 months outdated it still is an issue that needs to be addressed. What is the average number of pirated installs vs. legit installs of Vista. Are people choosing to pirate instead of purchasing? Is it easy for the average person to pirate Vista and is the future potential of loosing activation worth it to the average user?
The answer to those is unknown so Microsoft can't be using that as a legitimate reason why their forecasts are so far off. Even if it was EASY to pirate Vista (which Microsoft said 3 months ago was impossible) it would have to be much easier than to pirate XP, which although is semi-easy to pirate if you can get the corporate product key or you can snatch a key from some unsuspecting person it is possible to get locked out by virtue of the WGA/WGN spyware programs.
So, essentially it isn't possible to claim that corporate pricing and pirating is the cause of Ballmer's and Microsoft's woes. It has to be something else. That something else, at least to me, is pretty obvious. It is the restrictions on use, the violation of privacy (constantly claiming you are a thief -- incessant checking of your workstation using spyware programs (WGA/WGN)), the high cost to the consumer (parts as well as purchase price of Vista).
When I talk to people, and I do so every day as I own a computer repair shop, I hear that they want nothing to do with Vista. I even have people that bring in the computers they bought with Vista on them to have them wiped and to have XP installed instead. The reasons they give are the same I read about day in and day out on the web. Microsoft accuses them of being a thief, Microsoft is spying on them, the technology in it will interfere, the costs to upgrade are too high, the cost of the OS is excessive, there's no compelling reason to upgrade. Vista is just a pretty interface on top of a massive spyware program.
I'd have to say that Ballmer is very foolish and to try to pawn off on the financial community two very flawed reasons for Vistas lack of success is just pathetic. Microsoft is on a downhill slide. The fact that Linux and OSX just might be made valid viable attractive has to be affecting every thing they do. On top of that they have known for a couple years that Microsoft would not see growth anywhere near what it has seen in the past. I think one could forecast some very serious financial problems with Microsoft in the next couple years and that they need to get people switched over to Vista so they can better control your computer and purchases so that the major stock holders have time to divest themselves and reinvest in other arenas.
Bill Gates and Steve Ballmer are killing Microsoft. Every DRM/CRM implementation makes Windows a lot less attractive to everyone. Every attempt to monitor our use is looked upon as a violation of our privacy (which it is) and is an accusation that we are a thief or will be a thief sometime down the road. When they don't care that they are invading our homes we realize they are too far gone to even consider giving a second chance. When they can use their monopoly power to extort business, other countries, and private citizens then that's the time everyone must look up and say "no". They know they have you by the short ones because they know that i
You can lead a man with reason but you can't make him think.
Why do you people bother talking about how evil the WGA is? It's been known for a while now that Microsoft is reaching far beyond its moral limits to prevent piracy, so why even bother to whine. Switch to some other systems (pick your own poison) and forget that MS even exists. Don't like their attitude, don't like their spyware, then don't take it. Sitting around and complaining how much they suck does no good because it encourages them. You talk about WGA and they know people are paying attention, they know that their product is impacting you, and since you've already been branded a thief in their eyes, they now see you as whining about a product that locks you our of your PC. Sure, for most geeks, this is a blatant lie but remember that Windows was not made solely for the technically-savvy. Pick up the pieces and move on, choose your own path, your own operating system. Don't just let MS win!
"When did I realize I was God? Well, I was praying and I suddenly realized I was talking to myself." ~ Jack Gurney