Slashdot Mirror
All Microsoft Updates Phone Home
juct writes "In the wake of heise Security's report on the garrulous WGA Notification, Microsoft has now supplied additional details on the data sent. They have revealed to developers that apparently all updates relay information to the company in Redmond."
> By learning at what point in the install process some users decide to abandon, we can put more effort into the right places in the installation wizard. Remember our goal with the wizard is to give more information so customers will be better informed. We heard from customers that they wanted more information about what the software was and how it worked so we created the install wizard to provide that greater context. Knowing this kind of information about the install wizard installations is critical for us to continue to improve the customer experience of WGA. If we are not hitting that mark, we can use this method to improve.
By learning at what point in the install process some users decide to say "Fuck this, I didn't sign up for this!", we can put more effort into the right places in the installation wizard. Remember our goal with the wizard is to obfuscate and misdirect so customers will either not know how we're spying on them, or for those who figure it out, at least they won't be able to sue us over it. We heard from customers that they wanted to know what else were doing behind their backs so we created the install wizard to provide us with plausible deniability. Knowing this kind of information about the install wizard installations is critical for us to continue to propagate the viral meme of WGA and other notions, like software as a service, and ultimately the notion of an operating system as a subscription-based service, like we're doing with the Windows Vista self-destruct sequence. If we are not hitting that mark, we can use this method to slowly increase the amount of DRM we've crammed up your ass until you look like the Goatse Guy, and if we do it slowly enough, you'll not only pay us, you'll thank us for the privilege!.
My firewall detects the connections after doing manual installs. I know this because I've got production equipment we can't just let windows auto-update on. Based on my experience, WGA is just one of many apps/updates that phones home.
/.?
Again, it's been this way for quite a while, and the information does not "perfectly" identify you, but each install has it's own signature as far as I can tell so they can deduce who you are pretty quickly.
Why do you care now as opposed to all of the other Microsoft's-evil-OS stories on
Got Trader Joe's? friendwich.com RSS feeds work now!
So I guess it might be a bit sneaky, but it has all been covered by WGA disclosures.
An example of the XML returned when a user cancels an installation is available here, "just to allay any fears that Microsoft is using any personal information".
So ya, I don't think this is a huge deal, nor particularly unexpected.
Yeah totally, because:
- Computer make and model
- Version information for all installed Microsoft software
- Plug&Play ID numbers of hardware devices
- Globally Unique Identifier (GUID)
- BIOS name, revision number, and revision date
are all necessary to download a single specific update not to mention maintain a session to the web-server.When information is power, privacy is freedom.
TFA: "In the Privacy Statement of Windows Update Microsoft grants itself fairly far-reaching rights. Thus the information collected by the Redmond-based behemoth includes the computer make and model, version information for the operating system, browser, and any other Microsoft software for which updates might be available, Plug&Play ID numbers of hardware devices, region and language setting, Globally Unique Identifier (GUID), Product ID and Product Key, BIOS name, revision number, and revision date"
Kinda sad that we just assume letting vendors capture all this info is part of the game (i.e. necessary to make the update work right). Wrong. When I do "yum upgrade" -- as far as I know -- not a single piece of information about my system goes up the wire. Correct me if I'm wrong.
My turnips listen for the soft cry of your love
I'll bite:
Computer make and model -- needed for drivers for specific manufacturers and models. Do you really want to apply a HP patch on a Dell system?
Version information for all installed Microsoft software -- Needed to calculate whether or not updates are needed for Windows Media player, etc. Remember, Windows update does more than just Windows--it also updates all included bundled software with Windows.
Note: Sending information about non-bundled software is needed for Microsoft Update, but not Windows Update. Perhaps lazy coding there--wouldn't YOU want to share the hardware/software detection code for both update utilities?
Plug&Play ID numbers of hardware devices -- Well, it does update hardware drivers...
# Globally Unique Identifier (GUID) -- This seems completely unnecessary.
BIOS name, revision number, and revision date -- I'm not sure, but I believe they may also provide manufacturer-supplied BIOS updates for some manufacturers.
I'm no huge fan of Microsoft, and I'm not saying Microsoft isn't misusing the information, but in 4 out of 5 cases this seems necessary for the service they are providing. Remember, Windows Update updates drivers, hardware, and bundled software too. Microsoft Update services Microsoft software as well.
-=Lothsahn=-
So, I live in the EU. We have rather stronger laws regarding companies holding information on people than you Americans do. I object to this information being collected on me. Whilst I can't stop them collecting it, I CAN force Microsoft to reveal all information they hold about me, after I pay an admin fee of around £10 and it'll cost them far more than that to provide it. One person is nothing, but if a whole bunch of irate people were to start asking for this information - MS would be very unhappy. Now if only EFF Europe or some other organisation would organise a pro-forma, and encourage a mass "ask MS to reveal what they hold on you" - as many people as possible in as small a window as possible. Geurilla consumerism is great fun!
todo - The developer's equivalent of confession: "Forgive me Father, for I have sinned..."
I seem to remember Windows Update in Win2000 prominently displayed a message: "Checking your computer for installed updates...this is done without sending any information to Microsoft." And it only downloaded the updates I needed, not every one for every supported product.
Did something fundamental change as to why that system can't work anymore?
Momentarily, the need for the construction of new light will no longer exist.