Slashdot Mirror
Microsoft WGA Phones Home Even When Told No
Aviran writes "When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft's servers."
Anyone have any insight what exactly they're sending back?
probably all the apps information. naysayer, meet the Business Software Association, also known down around the docks as "the muscle."
can't RTFA because they're slashdotted already.
if this is supposed to be a new economy, how come they still want my old fashioned money?
notepad %windir%\system32\drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
Who is general failure, and why is he reading my hard drive?
Doesn't that make it spyware? I'm sure there's something about it in the license agreement to make it legal. Boy that does suck.
Ethics. If you choose not to install something, it shouldn't do anything.
It actually uploads an entire bit-for-bit copy of your hard drive so that MS investigators can perform a forensic analysis on it and determine exactly what MS software you have installed illegally since not installing WGA is an implicit admission of guilt. You can expect to be arrested by the MS Police within a few days of declining to install WGA if you have any pirated MS software on your machine.
The English version of the Heise article is at:d e%7Cen&u=http://www.heise-security.co.uk/news/8629 4
http://64.233.179.104/translate_c?hl=en&langpair=
Yay, I believe RMS's essay on treacherous computing may apply here. Not to start an argument over RMS and his stance with open source and free software. But i believe we should all have the right if you use windows to know what they are sending. I use gnu/linux so i really don't affect me much.
Why was I marked redundant? That's not redundant at all..
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
... Now you're going to tell me that all Microsoft is in business for is to make money. You're ruining a perfectly good fantasy. Thanks a lot!
Take your mod and shove it!
Use Zone Alarm or other free firewall, problem solved.
Libertarian Leaning Political Discussion Forum.
You chose to install the Windows Update ActiveX control, didn't you? And you clicked "I agree" when it told you it could send this info to Microsoft, didn't you? So why would you be angry when it does exactly that? Perhaps people need to read the licensing agreements they agree to before agreeing to them, instead of just clicking "yes, I agree" like a madman.
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
From the image in TFA, it looks like they're sending back the Windows version code, and the installation-unique CSID, along with some other stuff that I didn't recognize.
There didn't appear to be any identification of the specific user in there.
It seems to me that it would be easy enough to determine what port WGA is using to send this stuff, and lock down said port at one's firewall. That's the method I'd choose to deal with it (if I were even running anything with WGA installed -- which, thankfully, I'm not).
Bruce Lane, KC7GR,
Blue Feather Technologies
It matters because it could give them justification to pursue an investigation along the lines of "Well, if they are innocent, why not prove it? So, they must be hiding something. knock knock knock - Microsoft Police."
Seems you haven't read the past story about MS bypassing HOSTS file for microsoft sites.
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
While many think this is bad and invasion of privacy, think of it as this:
when we normally click "I DONT Agree" the software does nothing. But if it sends the message back home with statistics of how many dont agree, it tells the software company some people dont agree.
We can argue EULA's till our fingers are raw and bloody, but it doesnt matter if the company in question doesnt read the conversations.
In short, by clicking the Dont agree button and having it sent home to MS we're telling them we dont want that crap on our machines. Maybe (deity willing) MS will start to listen. More companies may adopt that approach and we'll get less and less one sided (retarded) EULA's.
anyone Remember Borland's |"like a book" EULA? Great stuff.
This is kinda old, but some years ago my neighbor got a new Win ME (!!!) machine, and I helped him put in a NIC and put it on our little neighborhood network. I was curious if it was going to phone home, so I had a sniffer running on my router...
The damn thing picked/guessed a valid (NATted) IP address, netmask, and gateway without using DHCP (arp tricks?), and sent a load of mystery packets to an address in a Microsoft IP block. Only then did the computer do the "new device detected" routine, but could not find a driver for the NIC and I had to go fetch one on another machine.
W T F ?
Unfortunately I have since lost the pcap dump.
Moderation: -1, no proof
.... is it as simple as going to add and remove programs to uninstall the two components for WGA or does it "break" something when you try to uninstall it? Or worse, does it leave anything behind?
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
Ya, that would fix it. Maybe, just maybe, some of us don't have an army of lawyers at our disposal to determine if what we're clicking on really means what we think it means. It seems to me that it is unethical to have a consumer product license that is unreadable/unparsable to an average consumer. The "madman" here would be anyone who thought that such nonsense was an enforceable contract.
I am not a crackpot.
Sounds like a perfect place to use MS speech recgonition:
Computer: "Where do you want to go today?"
You: "Nowhere."
C: "I heard 'Microsoft Validation Site'. Is this correct?"
Y: "No!"
C: "I'm sorry. I heard 'Dear aunt, let's set so double the killer delete all'. Is this correct?"
Y: "NO!!"
C: "I understand. So 'Microsoft Validation Site' was correct. Redirecting now. Thank you for using My Microsoft Live Enterprise Genuine Advantage Ultimate. Have a nice day."
You posted a short, one word post with no information content and an inane question in order to get first post. Mods love to bitchslap anyone who does this.
The question "So?" is redundant because it doesn't need to be asked. If you feel this isn't an important issue, explain why you think it isn't important.
Software that sends personal information about you back to its master when you say you don't want to install it is generally considered spyware.
I see your "So?" and raise you a "Because!"
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
I am no lawyer, but this seems very similar if not the same as wiretapping. The user, quite explicitly, doesn't want to even have the software installed on his/her computer, let alone have his information (the information stored in the registry is private) sent to a company or individual.
Maybe I am just not used to spyware (never had a piece of spyware installed on any of my computers) so I am still quite allergic to this stuff. But no matter how I look at this issue, I am outraged.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
it is unethical to have a consumer product license that is unreadable/unparsable to an average consumer.
Oh my fucking god.
Have you ever tried to read the GPL?
You chose to install the Windows Update ActiveX control, didn't you? And you clicked "I agree" when it told you it could send this info to Microsoft, didn't you?
Why yes, I did. And yes, I did agree.
So now, explain what that has to do with me telling WGA to not install, and not agreeing to allow it to send this information, and it sending it anyway. You are aware that contracts do have limits and only apply to the particular transaction, right? If I buy two cars from a dealership and agree to pay $300/mo for one and $200/mo for the other, the dealership cannot bill me $600/mo while claiming that my agreement to pay $300/mo covers both cars, as you seem to claim that my agreement to allow WU to send information to microsoft overrides my disagreement for WGA to do the same.
Yeah, and?
Are you getting the picture yet? Powerful organisations (and politicians) really CAN and DO get away with anything they want. Microsoft is a prime example. I'll be very surprised if they ever get in any serious trouble for this (and no, for MS, a multi-million-dollar fine is not "serious trouble", it's a slap on the wrist. A $10,000,000 fine wouldn't hurt them. A $10,000,000,000 fine... maybe, yes.
With spending like this, exactly what are "conservatives" conserving?
Or use a firewall that checks egress, too.
How does a firewall check female herons?
That is what an egress is, right?
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
You chose to install the Windows Update ActiveX control, didn't you? And you clicked "I agree" when it told you it could send this info to Microsoft, didn't you? So why would you be angry when it does exactly that? Perhaps people need to read the licensing agreements they agree to before agreeing to them, instead of just clicking "yes, I agree" like a madman.
Okay, despite your trollish comments, I'll bite.
1. WGA != Windows Update. RTFA.
2. Has the validity of an EULA ever been tested? AFAIK, an EULA cannot violate your privacy rights, even if you sign those away. Argue as you like, statute always trumps contracts.
3. Microsoft releases an OS that's broken and tells you the only way they'll fix it is if you'll subject yourself to their privacy terms. Not freaking cool. My copy of Windows is paid for, but that doesn't mean I want them invading my privacy.
Ever installed XP without any service packs? Do you know how many minutes it takes before the machine is pwn3d? IMO that's not a functional OS any more.
Ever tried getting that refund from your hardware manufacturer for the part of your purchase that went to Microsoft? It's a freaking pain in the arse, and one where you have to usually drag a vendor to small claims court to get your money.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
The masses are not concerned with threachery, privacy, liberty and other high-browed virtues. Give them a full belly and a reality TV show and they are happy. Take away XP and substitute Vista and they will buy Vista.
Engineering is the art of compromise.
I have an older version of Kerio's firewall and most recent "phone home" applications do so on port 80. Older apps use custom ports. Kerio's product is very good in this way.
I'm not sure why this is an issue _now_. It's been this way for years starting with Microsoft's MSI installers that phone home to certificate servers and certificate revocation list servers. I have screenshots to prove it should there be any doubt. It should be obvious by now they are slowly paving the way to a PC with their OS that is mostly like an Xbox.
Given the Microsoft fan boys/astroturfers typically don't post on stories where there is no opportunity to spin the story in a manner that enhances their image, I'm probably preaching to the choir when I state this is another reason users should choose another OS. Today.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Nice response....
Plus, on this occasion I thought "So?" was a reasonable response too.
It's not sending personal information, so I'm assuming it's tracking pirated keys stats or something, for which you can't really blame Them (ooh no, not Them!).
But it's good to bash MS anyway...
Nope, I tried reading the agreement, and even that doesn't disable the WGA phone-homing. Back to the drawing board! I'm guessing I'll have to set up a rule on my firewall if I really want to stop this traffic...
You see? You see? Your stupid minds! Stupid! Stupid!
The "madman" here would be anyone who thought that such nonsense was an enforceable contract.
Ca-ching! $50 million plus. Such madness! The solution is to block Microsoft until you find an alternative. To keep it really safe, run a live cd.
What?
I can understand people not wanting WGA on their PC-s as it can cause issues on legitimate installations as well, in certain situations.
But sending back a little XML that you denied the EULA? Don't you detect hypocrisy here. You send your "identification" in the form of IP, browser user agent string and what not to virtually any site you visit, without "agreeing" to this every time. Why is nobody whining about this?
Having privacy and right to deny something is cool. But I think some of the most vocal opposition is simply using pirated Windows and not being honest about it.
I don't install WGA on existing (legit) computers as it doesn't help me with anything. I don't have any problem with Microsoft getting my "no" back though. In fact, I *want* them to hear my no.
CGI overload message. this means server fart under load.
if this is supposed to be a new economy, how come they still want my old fashioned money?
This should be reported to "StopBadware.org". StopBadware.org's definition of badware requires prior consent to send personally identifiable information to a site. This should be enough to put WGA on the Badware list.
Google is now flagging sites that have been identified by StopBadware.
StopBadware is run by law professors from Harvard and Oxford, with assistance from Consumer Reports. StopBadware is effective. They complained about the Jessica Simpson screensaver, which installed spyware in May 2006. The makers of that didn't listen. In October of 2006, a US federal judge shut that outfit down.
surpised? no. scared? not really. Laughing? A lot.
brian botkiller "Condensing fact from the vapor of nuance" - Neal Stephenson, Snow Crash
I see your "So?" and raise you a "Because!"
...
LOL. Sounds like conversations I had with my daughter when she was just short of kindergarten.
Why?
Because.
Because why?
Because
She usually wins the round.
Software that sends personal information about you back to its master when you say you don't want to install it is generally considered spyware.
The interesting bit. One generally associates the term spyware with smaller shady companies out for a quick buck. In this case, we're discussing a multibillion dollar corporation respected by business-types, so I imagine many would consider the term inappropriate.
On the other hand, given the incremental nature of the changes Microsoft has put into effect since WinXP was released, those who do object to the term spyware might very well be like frogs in a pot of slowly heated water. The choice of words has a tendency to define the terms of the conversation, so while you say spyware, the folks in Microsoft's marketing department are using words like genuine and advantage. No one wants spyware, but we all want the advantages of things genuine, don't we?
"It is trivial for any malware to finagle with the HOSTS file on a Windows system, which is hidden in such a dumb obscure place (C:\winnt\system32\drivers\etc), a far cry from the self-explanatory /etc/hosts of every other goddamned OS on the planet."
/etc/hosts self-explanatory? It only makes sense to people who already know *nix. Everybody else would have to look it up, just like they'd have to look up the windows one.
Exactly why is this something that bothers you? If you're savvy enough to know what the HOSTS file is, then you'll know how to go about finding it. Like, say, a search on google or wikipedia. Or bringing up the XP help and support centre and typing "hosts file" in the search box. Name resolution comes up as the second of two topics, right after "glossary".
Why is
With the wonderful array of problems that Microsoft presents you have many opportunities to nitpick about valid issues. This complaint is silly.
do you not understand (to be an oxymoron)?
dave
I'm no software guru but if you just firewall www.microsoft.com, wont it be a cure for all your problems?
Tough times don't last... Tought People last forever....
What more can I say?
Quidnam Latine loqui modo coepi?
(1) Yes, EULAs are generally enforceable. All you need is the chance to say 'No' before being bound. Heck, check http://yro.slashdot.org/article.pl?sid=05/01/20/13 34256/
(2) To what statute are you referring? To my knowledge, there's no general reason you can't sign away privacy rights. (There are contexts where you can't, but in general, you can. Heck, check your employment agreement -- you may have signed them away there!)
(3) Statute does not always trump contract. People often waive statutory rights in a contract.
That would be true if it was just a message saying "Someone said no". But it doesn't. It includes a variety of information to uniquely identify the machine.
"That's ok, it's not personally identifiable" you say? Well, indeed it does not contain your name, address, phone number, bank account details and gender preferences directly in the message, no. But all it takes is for the user at some point to provide their personal details to Microsoft or any affiliates of Microsoft, or vendors with suitably worded contracts with Microsoft, using some program that also sends the machine's unique ID, and now you can match someone to the computer. Not just in future, but with all anonymous (or so you thought) dealings with Microsoft in the past.
Sign up for MS Passport? Register for an IE beta? Your personal details could easily have been sent along with your machine's unique ID, and now any other information stored by MS for that unique ID can be matched up with your personal information.
I see your "So?" and raise you a "Because!"
I don't know. He's on third. And I don't give a darn!
Delist them from the market.
If you really want to punish them, revoke their corporate status.
Is it just my observation, or are there way too many stupid people in the world?
Well, they obviously get the sending IP address, so how about a reverse hostname lookup on the IP address to determine that it's a "Global 2000" company? Perhaps this information could be used as "evidence" to incite an invasion^H^H^H^H^H^H^H^H audit?
https://jamiesonbecker.com
The difference is that you can directly install a new, fully patched version of Apache. You can't directly install a fully patched version of Windows. Instead, you have to install what you have on CD, which will at best be the most recent service pack not including patches released since then but is more typically an older service pack or the original version of the OS, and then patch it while it is running. When I install, for instance, Debian's 'stable' distribution, I have the option of doing so using packages from the internet, which means that there is never a point at which my system is running an old or known-insecure version of any piece of software.
Apache is not an operating system. And you are about the last person to be calling somebody else a troll.
The simple fact is that for most of the time it has been on sale, Windows XP has been too insecure to install out of the box. How long did it take before SP2 was included by default in the retail copies? If the average time to rootkit installation is less than the time it takes to download the necessary updates, then the OS is insecure.
Ever looked at the length of some of these EULAs? For instance, Claria Corporations GATOR, in one version of its EULA, did disclose that the software was "advertising supported". This EULA was six times than the United States Constitution. Most people I know don't even know the main ideas of the Constitution, but the average consumer is expected to fully understand each and every EULA on software they install?
It seems to me that it is unethical to have a consumer product license that is unreadable/unparsable to an average consumer. The "madman" here would be anyone who thought that such nonsense was an enforceable contract.
;)
The problem here is that courts have ruled on this in the past... At least in Canada, if you have the ability to read you can read the terms of the contract yourself or pay a lawyer to explain it to you.
Not being able to understand a contract is not grounds to get a contract thrown out...
Although like someone else has pointed out, the EULA in Canada is untested yet. I'd tell microsoft to lick my balls if they ever waved an EULA in my face. Hell they can lick my balls anyway
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Microsoft releases an OS that's broken and tells you the only way they'll fix it is if you'll subject yourself to their privacy terms. Not freaking cool. My copy of Windows is paid for, but that doesn't mean I want them invading my privacy.
Ever installed XP without any service packs? Do you know how many minutes it takes before the machine is pwn3d? IMO that's not a functional OS any more.
Damn straight. What if Dell started telling people they had to sign a new contract before they could get a replacement on their defective batteries. What if Ford told you that you had to sign an EULA before you could get a fix to a factory-recall vehicle defect.
I can understand EULA for things like newer versions of components (upgrades for media player, etc), but not for bugfixes.
Any software that phones home is unacceptable.
"The Federal Reserve is a fraudulent system."--Lew Rockwell
End The FED. -
Apache is not an operating system. And you are about the last person to be calling somebody else a troll.
Are you responding to me or the post above you?
My post never mentions Apache and the post above you never uses the word Troll. I'm so confused!
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
At least they send out the cpu ID. So they know how many copies you owned and how many you've installed. For example, I am sure lots of us already experienced when XP trys to reinstall on other machines, hardware configuration changes will lead to re-enter the 20 digits serial. If it fails (WGA), you just have to call in Microsoft to get a new code. I did that several times already. It seens like WGA did keep track on serial and your CPU ID that hardcoded into your cpu. That way they know how many copies of windows you have. which machine you've installed, and which you've tried to reinstalled.
surprised me!
this is an applet that photo guys care about. it lets you set up color profiling (color managed workflow) on 2 diff monitors on a single video card (assuming dual LUT engines). this is the only way to get 2 color profiles installed, one per display.
damned thing tried to connect to M$ when I booted and had komodo firewall installed.
I added 'never allow' to the list - but still - this is going WAY too far.
(similarly, I'm building a home theater pc and there is a lot of software that seems to 'want' a net connection even if it makes no real sense in that application. sigh.)
--
"It is now safe to switch off your computer."
But in all honesty, RealPlayer is just your fault for letting that shit on your system. My Windows-loving, open-source-mocking friends actually discovered VLC before I did, and one of the reasons they tell me is "RealPlayer behaves like a virus."
Don't thank God, thank a doctor!
i've noticed that whenever i try to upgrade to SP2/etc on a new install of XP, it will fail if any other PC using the same CD key is online at that moment. but once i unplug the other PCs, the upgrade works fine.
assuming this isnt a fluke, that really frightmens me, the fact that MS knows when any of my PCs are online.
This deserves a "duh" I reckon.
I always pull the ethernet plug and disable wi-fi if I know there's activation built in. Can't trust these buggers.
I haven't watched "The Corporation", but nevertheless I too think that "they're out to make money" should _not_ be a wildcard excuse for everything. Making money is good and fine, but ultimately it's just the incentive we give some people to make them work better for the benefit of society as a whole. Briefly it's a means, not an end.
Turning that on its head and making the means sacrosanct, even at the expense of acting against the very purpose it was supposed to serve... well, is as stupid as forgetting which is means and which is end in the army's using weapons. We let them use weapons to defend us all, not as a means in and by itself. If any army started shooting random people on the street just because they think the whole purpose is to use their guns, you'd probably have no problem understanding why that's contrary to the whole purpose of that army. But when a corporation does the same swapping of means and ends, half the population seems to just assume that, sure, if it's for the purpose of making money _of_ _course_ it's normal to cheat, lie and worse.
A polar bear is a cartesian bear after a coordinate transform.
IANAL first off, but I have had disputes in the past with employers that made me sign bogus agreements - stuff like signing away accrued vacation days in order to continue employment. I took those up with a lawyer who laughed off the agreement and told me to go ahead and sign it because it's unenforceable anyway and you can sue their asses off plus interest and court costs.
(1) Yes, EULAs are generally enforceable.
It's still not tested yet here in Canada where I'm at. From what I've understood, Canada and the UK share similar common law, and a contract only exists where the money has changed hands. Under contract law the Ginger Beer case would have failed because there was no contractual relationship between the manufacturer and the purchaser of the soda. EULA != Contract as far as English Common law is concerned.
(2) To what statute are you referring? To my knowledge, there's no general reason you can't sign away privacy rights.
See my point below about statutes trumping contract. Again, I'm not certain about privacy rights in the US, but in Canada there's Privacy legislation that prevents that.
(3) Statute does not always trump contract. People often waive statutory rights in a contract.
This article from Yale would suggest otherwise:
This article from Yale Law seems to refute your assertion
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
P.C. Phone Home
This is really the kicker.
Why the hell would Microsoft want the Hard Drive Serial Number just to indicate that someone didn't want to install WGA?
What possible use could that information have in connection with why someone refused WGA - except to be able to IDENTIFY that machine in the future for some OTHER nefarious reason? Obviously Microsoft expects ANYONE who refuses WGA to be intending to use a fake Windows key in the future, if not now.
In other words, Microsoft is TAGGING EVERYONE who refuses WGA as a potential pirate well in advance of their being so - or their being so at all.
I mean, how much more obvious does it get?
They may not be identifying YOU personally - but they are definitely identifying your MACHINE individually.
Which is pretty much the same thing depending on what ELSE they have done or may do in the future.
People need to realize what utter ASSHOLES the management who runs Microsoft ARE. These guys make the jerks at Enron look like Orphan Annie.
And STUPID to boot! I mean, no matter WHAT they've done over the years, they STILL have millions of pirate copies running around. So they spend all this effort dreaming up new activation and detection methods - for what? It's all been an utter waste of everybody's time! Windows Vista has had its activation cracked within a few months despite all their efforts.
Way to go, Bill, you paranoid, greed-sucking moron!
Why not try concentrating on producing an OS that doesn't FUCKING SUCK rather than worrying about nailing down every goddamn dime from everybody's pockets?
If the goddamn OS didn't cost $500 - and wasn't an illegal monopoly to boot - there wouldn't BE that many pirates out there. Not that it matters. Bill doesn't care about "pirates" - he just wants control of everybody's money regardless. He's not trying to prevent "pirates" - he's trying to nail down control of each and every individual customer so as to make sure that customer pays him every single dime HE thinks he's OWED by the world.
"You hobbyists steal your software."
That's Bill's defining mantra.
Get this asshole out of business. Now, please.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
You could look at it that way, but I think that's kinda a warped view of the GPL.
BSD license is all well and good, but if it wasn't for the GPL there wouldn't be so many people involved in development of GPL software. Your view does have some merit, but not because of selfishness. Novell doesn't want Microsoft to take their code, put it in Windows, and blast Novell away again. Red Hat doesn't want IBM to secretly switch AIX to all Linux code, and sell it for a mint, and never give anything back. So, that's understood, and everyone can feel free to develop the code base without worrying about it. Your payment for being able to use everyone else's work (and saving a lot of money by doing so) is to also release your improvements to everyone else. So your PROFIT is the improvements you get back on the code you wrote.
It should be noted that the big companies pushing Linux actually do turn a bit of a profit, in terms of cash.
The GPL *is* about supporting the community. If a piece of software is community developed, that same community (as well as anyone that uses it) really wants the software to improve. If ACME Corporation wants to use the software in their product, because it would be a LOT cheaper then developing in-house, they'll take it, improve it, and package it with their product. In the meantime, they'll also make their improvements available to everyone else. That's their payment for saving millions in licensing or development. How is this selfish?
If you don't want to release your code under the GPL, then simply don't. If you don't LIKE the GPL, then don't use GPL code, it's as simple as that. Or, are you pissed that you can't just do whatever you want with someone else's work?
The GPL, in fact, does allow a lot more freedom for the code you write then general copyright laws allow for. It's obviously a lot more open then closed-source. Why must you compare it to the BSD license? (Extra Points: If the BSD License worked so well, why did it take the GPL to bring open source software to the forefront? Explain and cite references.)
- It's not the Macs I hate. It's Digg users. -
Its not like someone tied you up and said "run windows you stupid fucker" and held you at knife point and made you bleed yourself to death if you didn't authorize WGA to run.
Oh, that's our shortstop.
Now, if you would please tell me, who's on first?
Haec merda tauri est. Ceterum censeo Carthaginem esse delendam.
Isn't WGA validation required to download non-security updates off of the Microsoft website? Meaning if you refuse to run WGA you are not allowed to download non-security updates? Shouldn't your refusal to run WGA send a "user refuses to run WGA" notification to the website so that it does not allow you to download those non-security updates (you have 4 states that need to be tracked: "new" machine [send user to download WGA stuff], user refuses WGA [tell user they can't download xyz because WGA was refused], user passed WGA [let user download stuff], user failed WGA [send user to priracy reporting site])?
Where's the fire here?
First of all, a 1941 law review article is awfully slim authority for the proposition that people cannot waive statutory rights. Here's a counter-point: the contractual waiver to a jury trial or even to a trial at all (in the US, a contractual provision specifying arbitration is legal.) In a corporate context, stockholders can waive their statutory right to notice. Heck, many liability releases are just waivers of statutory rights. There are also a variety of rights which cannot be waived--the minimum wage, for example.
Sorry for the US-centric post. I don't know anything about how Canada deals with EULA enforceability or privacy law. I do suggest that the US EULA rule is sound: if you are given notice that the manufacturer only wants to deal with you on certain terms and you are given the chance to reject those terms, then you ought to be bound when you accept them.
I have also seen overreaching employment agreements which contain unenforceable clauses. But, some are enforceable -- I was thinking of clauses that allow, for example, the employer to go through your email.
You might want to read the original article WGA notification just doesn't stop by heise Security instead of the gibberish google translation of the german version ;-).
A rose by any other name would smell as sweet;
A chrysanthemum by any other name would be easier to spell
MS owns the software, you do not. It is what you agreed to. MS has always done this and will continue to do more. If they stop in one place it will pop up again. The simple fact is, there is truth in saying that you are owned. Whether it is is by MS or by a cracker (from any number of avenues on the windows platform), you are till owned.
I prefer the "u" in honour as it seems to be missing these days.
Their active x control installation has nothing to do with the WGN installation and the cancellation of it. The "activex" control is just the tool that allows them to invoke the WGA process. Even if you agreed to install it, you didn't agree to let Microsoft (via the cancellation of the installation of a different program) send information about your computer back to their location. When you choose to cancel you choose to NOT allow them to collect and redirect that info to their location. That's the purpose of cancellation.
The use of WGA/WGN is a violation of your privacy and it is similar to a police action. Your computer is an extension of your home and to allow Microsoft to put WGN on your computer is akin to allowing them to put a camera into your home to monitor you. Just because they don't get any physical pictures doesn't mean the process isn't the same.
This is a non-governmental private entity taking a police action against you, even tho you are a legal owner of the product, by monitoring your computer (hence your home). The purpose of the WGA/WGN is to collect information in order for Microsoft to update their database. Everyone knows this deep down. The more of these records they have the easier it is for them to identify pirates. It is unethical to collect that when tell them that you do not want them to make you a participant.
If they collect information without you giving them permission in advance then they are in violation of several state's laws. Microsoft has been sued in both WA and CA over this being spyware. When they collect information even if you so no, it is doing the same thing as a spyware program is doing--sending information about you without your knowledge.
You people need to get it through your heads that your computer is an extension of your HOME. Period. No ifs, ands, or buts. That's what your computer is. Microsoft is not entitled to do anything that is not explicitly permissible under law just because they are the OS. Keep in mind that Microsoft is the type of organization that will continue to do this sort of thing until they are told to stop. You tell them to stop by asking your Congressman and Senators to put and end to this sort of behavior. Write letters to them and let them know you are unhappy. They'll get the message.
Microsoft is the kind of company that knows they have all kinds of cash to throw at lawsuits, etc., and they even have money for fines. But when there are laws enacted that send these people to jail then it will stop.
They are invading your home. Do you really want to allow them to do this? Even the police can't enter your home and monitor your activities without a warrant from a court of law signed by a judge.
You can lead a man with reason but you can't make him think.
Re-reading my comment, I am fairly certain that I allowed for installing SP2 directly. What about the security updates since then? Let's even assume that you can slipstream the most recent security updates into the WinXP install process. You still need (1) another machine with (2) a CD burner and (3) Windows installed on it. I need none of these three things to do a direct install of the most up-to-date Debian system. Am I wrong?
If you don't agree with M$ WGA, why choose to install the WGA update(s)?
I understand some may have auto updates configured to install automatically and are choosing 'no' to the EULA as a way to abort the install.
However, updates can be configured so that an end user can choose which updates are installed during the update process.
All this is conjecture, but this is what I'm guessing the elements in the ID block are.
UGD: Not sure. Looks like a UUID.
HDSLN: Hard disk serial
USID: User security identifier (id of logged in user, Microsoft can tell if you're any of the default SIDs like Administrator)
CSID: Computer security identifier
So Microsoft can tell whether you're an admin or not, they know the unique ID of the computer (CSID), your account if you aren't "Administrator" and - perhaps - the hard disk. If UGD turns out to be something that is unique to each individual copy of Windows, then all the people who've ripped it off could find life inconvenient in the future. I'm not sure what the tracking implications are, it depends how many Microsoft products report the HD serial or USID to them.
I AM a mod, you insensitive clod!
Screw the rules, I have green hair!
I believe that doesn't actually work. The addresses for Microsoft's update servers are hard coded elsewhere in the system. See this story for a brief overview.
Don't tailgate - the end is near!
Why do you people bother talking about how evil the WGA is? It's been known for a while now that Microsoft is reaching far beyond its moral limits to prevent piracy, so why even bother to whine. Switch to some other systems (pick your own poison) and forget that MS even exists. Don't like their attitude, don't like their spyware, then don't take it. Sitting around and complaining how much they suck does no good because it encourages them. You talk about WGA and they know people are paying attention, they know that their product is impacting you, and since you've already been branded a thief in their eyes, they now see you as whining about a product that locks you our of your PC. Sure, for most geeks, this is a blatant lie but remember that Windows was not made solely for the technically-savvy. Pick up the pieces and move on, choose your own path, your own operating system. Don't just let MS win!
"When did I realize I was God? Well, I was praying and I suddenly realized I was talking to myself." ~ Jack Gurney
Online Genuine Advantage checks do not appear to be related to the WGAnotify app (yet) that is being pushed as an automatic critical app. I know my organisation pcs are valid, as they're running the VLK assigned to my organisation, and they pass genuine advantage checks on the MS website despite refusing the latest WGANotify update. I see no need to install an application which sole purpose is to popup nag screens on those computers that are determined to be invalid by microsoft's super-secret formulae. I've had several perfectly valid installs fail the old wganotify check (OEM installs only ever used on their original PC), including one on the same VLK, so frankly I'm not letting it near anything I control if I can help it.
They better make damn sure people are copyright infringers before accusing them of it, because WGA so far has done a pretty piss poor job of it with false-negatives all over the shop.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
Comment removed based on user account deletion
I bought a used laptop at a computer show and was promised that even though the restore disc was a copy the S/N was good. So first thing I did was update to SP2 and no dice due to WGA. Called the store which is in queens NY and was told to deal with it, no refund, the windows is fine and I'll get all updates via automatic updates. WGA even told me the serial used was a coporate serial that is no longer valid. You can't get IE7 or media 10 without passing WGA either.
Instead of the MS police knocking down the door it gave me a form to fill out and sent it to them with a copy of the recipt - gave the guy one more chance to make good before sending it in and after a colorful exchange mailed it.
sure enough I got a new serial to activate. Funny but if I wanted an actual disc I have to pay, the copy will work fine I hope.
Funny thing is I just really wanted a discount for not having windows since I'll probably run Fedora or pref. FreeBSD but haven't heard how it works on a laptop hadwarewise yet? This weekend I'll be playing.
I wonder if this would fall into the realm of NOT protecting privacy, similar to the prono guy who tried to wipe out his browser cache. You've said NO you don't want it GA installed, and it STILL sends stuff home.
The other aspect is that having a machine CPUID and even a disk drive ID, and perhaps a NIC card, your account name, etc it would be a PERFECT cache of data for law enforcement to want for the purpose of determine whether or not you WERE on the net grabbing RIAA sensitive data or pron.
Can you imagine surfing on someone's wireless connection, and it's calling home with info all the time? It would seem to be to be a sure fire way to determine whether someone is really downloading copyrighted stuff or can use the "someone else used my wireless connection" defense.
But if it wasn't under the GPL then they wouldn't have the right to use it anyway. It doesn't take away any rights! It adds certain conditional rights, yes, but it doesn't remove any rights that you otherwise would have had. And also it isn't if you "in any way use" something written under GPL, otherwise for example the NVIDIA binary blobs would be breaking the GPL (go ahead and tell me that it isn't using GPL'd 'products' when I install the NVIDIA driver on my debian-based system!).
And honestly, what developer worth his or her salt doesn't understand the GPL enough to make an informed decision on this?
I remember sigs. Oh, a simpler time!
So, as long as the contract is available at some place, through some media, somewere in the world, with or without your knowledge, it is considered as "available"? I suppose every single shop in UK also has a bunch of computers for people to line up at before they shop to search for a possible "EULA" for each and everything they want to buy, no? Last I was in UK I did not see those computers but perhaps I did not look carefully enough.
I have always felt, that since MS includes the terms "Microsoft reserves the right to change the terms at any time without prior warning" it also gave me implicit grounds to change the EULA at any time according to my wishes.
/sarcasm off
"***** hereby informs MS that pursuant to changes made to the license that upon termination of said license, all such rights and ownership shall revert to the user ******, any further communication by the former MS products shall be considered an invasive intrusion, and considered to be a criminal computer misuse"
Their active x control installation has nothing to do with the WGN installation and the cancellation of it.
Guess which one sends info to Microsoft when you cancel the installation? HINT: It's the activeX control. So just to be clear, lets get the order of things straight;
1. You browse to Windows Update website
2. You install activeX control
3. You install WGA USING activeX control
4. You cancel WGA installation
5. Windows Update activeX control sends information to microsoft on your installation statistics
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
On Fedora Core 5&6, for reasons I cannot determine, bonobo phones google.
You mean like Synaptic on Ubuntu, right?