Slashdot Mirror
All Microsoft Updates Phone Home
juct writes "In the wake of heise Security's report on the garrulous WGA Notification, Microsoft has now supplied additional details on the data sent. They have revealed to developers that apparently all updates relay information to the company in Redmond."
So I guess it might be a bit sneaky, but it has all been covered by WGA disclosures.
An example of the XML returned when a user cancels an installation is available here, "just to allay any fears that Microsoft is using any personal information".
So ya, I don't think this is a huge deal, nor particularly unexpected.
Yeah totally, because:
- Computer make and model
- Version information for all installed Microsoft software
- Plug&Play ID numbers of hardware devices
- Globally Unique Identifier (GUID)
- BIOS name, revision number, and revision date
are all necessary to download a single specific update not to mention maintain a session to the web-server.When information is power, privacy is freedom.
Seeing that Microsoft has done very poorly in correctly determining which installations of Windows are legitimate, how competently can they track legal software?
Funtime Candy Wow! - my plan for eventually conquering Japan.
Usually you will be forced to download WGA before you can get to other updates -and your new install of Windows XP or Vista will stop booting after about 45-60 days if it has not been validated online. Obviously there are OEM and corporate versions cracked versions which will install without online validation, but the requirement for WGA for software updates is probably still on.
My hope is that is all of these things make running pirated versions of Windows more difficult -particularly in the developing countries where internet connectivity is spotty such that OSS can gain in popularity and use. This could end up being a real win for Linux and other OSS.
cue stories of entire countries running off a single pirated copies of Windows and Office.....
-I'm just sayin'
I have a few friends that play in the stock market and have said for a long time that they bet Bill uses this information to buy/sell stocks and $$$. Think of the unbelievable wealth of information. Which hardware/software/etc... are folks buying and what are they not buying? etc... etc...
For example, if you are using the Visual Studio 2005 IDE and use the integrated access to the online MSDN documentation, you can copy the URL from the address bar in VS2005 and paste it into firefox. What you'll find, in many cases, is Firefox asking you if you would like to download "HiddenCheck.exe". Though I have not seen this for some time now, I have recently found that there are a few pages in the online MSDN docs that load fine with IE, yet say the "Resource is not available" in Firefox. Of course, while I'm sort-of whining a little, I may as well go on to complain about how several of the MSDN pages only render properly in IE. :-( I can't trust them enough to use their own browser without feeling like I'm being watched, and I can't use an alternative browser in an attempt to try to protect my privacy. Granted, I'm not doing anything wrong, but that feeling of always being watched is enough to make anybody feel uneasy.
So, I live in the EU. We have rather stronger laws regarding companies holding information on people than you Americans do. I object to this information being collected on me. Whilst I can't stop them collecting it, I CAN force Microsoft to reveal all information they hold about me, after I pay an admin fee of around £10 and it'll cost them far more than that to provide it. One person is nothing, but if a whole bunch of irate people were to start asking for this information - MS would be very unhappy. Now if only EFF Europe or some other organisation would organise a pro-forma, and encourage a mass "ask MS to reveal what they hold on you" - as many people as possible in as small a window as possible. Geurilla consumerism is great fun!
todo - The developer's equivalent of confession: "Forgive me Father, for I have sinned..."
What would be the difference? If you are downloading updates for a driver, one could reasonable infer that you have the hardware for that driver. Its just whether they are being told you have a piece of hardware or whether you can make a reasonable, educated guess, they are going to get the same results either way.
Clones are people two.
Mu.
HP and Dell don't do their own driver patches. They do roll up other people's drivers in their own packages, but they simply use the drivers of others.
There ARE non-driver patches for both, but they're related to special, custom software. For example HP has their own version of the software that goes with the Infineon TPM chip inside this HPQ laptop. But Microsoft isn't going to be delivering those patches to you.
Absolutely the only thing they need to provide updates are device and vendor IDs. For ISA and PCI cards that's provided by PnP. For USB devices, it's part of the initial conversation with the host, as well as for bluetooth. I don't know precisely what PCI-E does, but it's probably the same old PCI/PnP-style vendor and type.
The code is probably already able to distinguish between OS information and everything-else information. This can only be a deliberate decision. Wouldn't you want to retrieve as little data as possible to minimize the effects of bad network links and to avoid having unnecessary data complicating your life? Of course you would. Unless you wanted that data...
I've never seen one. I think they did deliver me a video bios update once though. Anyone know this for sure?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Don't get me wrong, I think it's a great idea. However, you'd be hard pressed to find any major software company that would willingly put such a label on their products. People definitely need guidance to stay focused on the important things, but it seems that the only play in most large American corporations' playbooks is the Kansas City Shuffle.