Slashdot Mirror
Microsoft WGA Phones Home Even When Told No
Aviran writes "When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft's servers."
Ethics. If you choose not to install something, it shouldn't do anything.
Seems you haven't read the past story about MS bypassing HOSTS file for microsoft sites.
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
While many think this is bad and invasion of privacy, think of it as this:
when we normally click "I DONT Agree" the software does nothing. But if it sends the message back home with statistics of how many dont agree, it tells the software company some people dont agree.
We can argue EULA's till our fingers are raw and bloody, but it doesnt matter if the company in question doesnt read the conversations.
In short, by clicking the Dont agree button and having it sent home to MS we're telling them we dont want that crap on our machines. Maybe (deity willing) MS will start to listen. More companies may adopt that approach and we'll get less and less one sided (retarded) EULA's.
anyone Remember Borland's |"like a book" EULA? Great stuff.
Interesting you say it's slashdotted because I can read it fine.
It's very light on details, however. There is a screenshot from wordpad of the data sent; it's an XML-type document which appears to have pulled a couple of id/hash numbers out of the system registry, e.g. OS version, but no personal info. They can't really get any personal info anyway, since data protection laws here in the UK and other countries would land them in shite, and also I suspect that they have more important things to do than snoop random people's names.
Personally, I think that they're just trying to get an idea of the number of people who won't install it. These people either have pirate copies and know they'll fail validation, or simply are opposed to the idea of their OS phoning home. From a cynical viewpoint, it's important for MS to gauge the reaction to this early so they know how far they can push these sorts of thing without there being a massive backlash.
Don't you just hate it when people reply to your signature?
Ya, that would fix it. Maybe, just maybe, some of us don't have an army of lawyers at our disposal to determine if what we're clicking on really means what we think it means. It seems to me that it is unethical to have a consumer product license that is unreadable/unparsable to an average consumer. The "madman" here would be anyone who thought that such nonsense was an enforceable contract.
I am not a crackpot.
That Free Markets religion again. Businesses cannot do anything they like; they are corporations, fictional entities created by license of the people of the country through their government. They are granted super-powers as non-existent individuals, exempting real operators from liablity for their own actions. In return, they hew the line we set for them. They have more responsibilty to the nation that created them other than pleasing shareholders, no matter what propoganda they pump to the contrary. They are not gods. And Microsoft is a monopoly, ruled so by the courts, and is under even more stringent strictures, because they have constantly abused their power in the past to invade and hold new markets.
So, no, making money is not all they have to worry about. Deceit and chicanery should have consequences other than making them more money. And if they need to cheat to win, it might be time to think about a new concept: revoking the corporate license, and reinstituting personal responsibility for their underhanded actions, with civil and criminal penalties.
So, how hard might it be to generate random but valid data to fill out this XML? And then have a little daemon that does nothing but post it over and over 24/7? "Wow. Looks like a NAT/proxy server with millions of users behind it who really don't like WGA."
Petty, I know, but fun.
Pound! Bang! Bin! Bash! is this a shell script or a Batman comic?
it is unethical to have a consumer product license that is unreadable/unparsable to an average consumer.
Oh my fucking god.
Have you ever tried to read the GPL?
The world's burning. Moped Jesus spotted on I50. Details at 11.
You chose to install the Windows Update ActiveX control, didn't you? And you clicked "I agree" when it told you it could send this info to Microsoft, didn't you? So why would you be angry when it does exactly that? Perhaps people need to read the licensing agreements they agree to before agreeing to them, instead of just clicking "yes, I agree" like a madman.
Okay, despite your trollish comments, I'll bite.
1. WGA != Windows Update. RTFA.
2. Has the validity of an EULA ever been tested? AFAIK, an EULA cannot violate your privacy rights, even if you sign those away. Argue as you like, statute always trumps contracts.
3. Microsoft releases an OS that's broken and tells you the only way they'll fix it is if you'll subject yourself to their privacy terms. Not freaking cool. My copy of Windows is paid for, but that doesn't mean I want them invading my privacy.
Ever installed XP without any service packs? Do you know how many minutes it takes before the machine is pwn3d? IMO that's not a functional OS any more.
Ever tried getting that refund from your hardware manufacturer for the part of your purchase that went to Microsoft? It's a freaking pain in the arse, and one where you have to usually drag a vendor to small claims court to get your money.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
This should be reported to "StopBadware.org". StopBadware.org's definition of badware requires prior consent to send personally identifiable information to a site. This should be enough to put WGA on the Badware list.
Google is now flagging sites that have been identified by StopBadware.
StopBadware is run by law professors from Harvard and Oxford, with assistance from Consumer Reports. StopBadware is effective. They complained about the Jessica Simpson screensaver, which installed spyware in May 2006. The makers of that didn't listen. In October of 2006, a US federal judge shut that outfit down.
The only home software on my computers should have is my home
Sounds like someone set you up the bomb.
In the UK, at least, it would appear to be in breach of Section 1 of the Computer Misuse Act 1990:
1 -- (1) A person is guilty of an offence if--
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b)the access he intends to secure is unauthorised; and
(c)he knows at the time he causes the computer to perform the function that that is the case.
The data sent home is noted by (a). As the user has expressly not agreed to the WGA EULA, unauthorised access is noted by (b) and (c) - in particular (c) as there was no agreemnt to the EULA; assuming of course that the data sent home is that that would be sent home IFF the EULA had been agreed and WGA installed.
As an aside, the Sony rootkit that installed something even when the EULA or whatever was decined was probably in breach of Section 3 of the same Act - doing "...any act which causes an unauthorised modification of the contents of any computer..." - those discs weren't sold in the UK?
The question is who is the responsible entity for a company: they have programmers that have written the code that does the unauthorised access (are they responsible), or is it their managers (who defined the specs) or the company as a whole (the directors)?
A rose by any other name would smell as sweet;
A chrysanthemum by any other name would be easier to spell