Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Wants To Identify All Web Surfers

Posted by kdawson on from the time-to-visit-more-health-sites dept.

Moochman writes "New Scientist reports on a technology Microsoft is developing to identify users based on their browsing habits. Quote: 'The software could get its raw information from a number of sources, including a new type of 'cookie' program that records the pages visited. Alternatively, it could use your PC's own cache of web pages, or proxy servers could maintain records of sites visited. So far it can only guess gender and age with any accuracy,' but the aim is to be able to identify name, occupation and location as well. On a related note, The Inquirer reports on Microsoft's plans to widen the use of its identity-verification technology CardSpace, which is built into Windows Vista and available as an add-on to XP. It's being envisioned as an identity solution for the entire internet: says Kim Cameron, pioneer of the technology, 'We feel it has to solve all use cases.' (Aha, so the anonymous use cases, too, eh?) One might ask, with all of this user-ID information on hand, how long will it be until the Feds come knocking on Microsoft's door asking for help? They already have."

15 of 281 comments (clear)

  1. So does Slashdot's favorite: by Anonymous Coward · · Score: 1, Informative

    http://www.ft.com/cms/s/c3e49548-088e-11dc-b11e-00 0b5df10621.html

    Of course, they will only use it for good.

  2. Oh, please, this is reactionary by roman_mir · · Score: 3, Informative

    It looks like MS is now going to copy everything that Google does. You know, just to stay ahead of the herd.

    --
    You can't handle the truth.
  3. Re:Hyperventilating overraction by Anonymous Coward · · Score: 2, Informative

    (yes, there will be desktop component, why not) Yes, there is, and it's pretty astonishing. CardSpace launches what appears to be a separate desktop session (I think it's done through some variant of Remote Desktop) where you select which card you wish to use to identify yourself, or at least confirm the use of the only relevant card (unless you choose to have that card used automatically.) Been testing this stuff. It's amusing when the CardSpace desktop jumps up and Norton AV decides you should have to authorize it to use the network; you're stuck unable to confirm one because the other took over your desktop.

    This is supposed to amount to Single Sign-On for the end user. At least that's how it's billed. Ultimately it will be the advertisers that push it onto content providers; they want you identified.

    Anyhow, there is a lot of work going on in standards bodies around identity federation and Single Sign-On. Look here and here.

  4. Re:Hyperventilating overraction by b0s0z0ku · · Score: 2, Informative
    Frankly, I'm surprised we haven't seen MS-TCP/IP yet

    If IPv6 becomes more popular and people route through Teredo servers owned by MS, this could actually be around 50% of what you're worried about. MS will be able to see a lot of the traffic between the IPv4 and IPv6 parts of the Internet. Scary.

    -b.

  5. Re:Umm Counter-Measures? by Anonymous Coward · · Score: 1, Informative

    Well I read through the stuff, so now what? They're gonna do it cause it's profitable. What are we/you gonna do about it?

    How about counter-measures and solutions? How about those anonymizing proxy services? Firefox extensions: Ad Block, CookieSafe, Flashblock, NoScript... I suppose if I wasn't so lazy I'd hot link all of those. There's also a google scraper that will give you google search results without directly using google. I'm thinking maybe there should be more encrypted tunneling proxy services which let you route through different proxies on different parts of the world like TriLightZone. Now I heard e-gold is having some trouble, some people like Cotse mentioning it's been difficult to cash back out and find an exchange. But where I'm going is a reputable online cash service so that the transaction can't be traced back to you/your CC/Paypal accounts... in order to completely separate direct ties between you and your bank acct and your anonymizing service.

  6. Re:Google already does it... by tajmorton · · Score: 2, Informative

    Google Analytics has been re-designed to help you learn

    And them too. Whenever you access a site that uses Analytics, Google now "knows" you've been there, how you got there, how often you go there... (and can link it to your google account through your google cookie).

    Just saying...

    --
    Tell the truth and you won't have so much to remember.
  7. The Ugly Truth About Online Anonymity by irishkev · · Score: 2, Informative

    This essay takes the paranoia all the way, but, as it turns out, maybe not far enough...

    The Ugly Truth About Online Anonymity

    http://cryptogon.com/?p=624

    All of the stuff that you do with your "normal" online persona, you know, online banking, checking email, discussion groups, etc: You can't do any of that. The second you associate a user profile on a server with your behavior, you're back to square one. The Matrix has you. You would have to create what the intelligence business calls a "legend" for your new anonymous online life. You may only access this persona using these extreme communications security protocols. Obviously, you can't create an agent X persona via your anonymous connection and then log into some site using that profile on your home cable modem connection. To borrow another bit of jargon from the people who do this for real, full time, you must practice "compartmentalization."

  8. Re:Umm by ozmanjusri · · Score: 3, Informative
    The only part of his post that may be inaccurate is the part about the NSA

    It's probably accurate.

    From a report back in January;

    The National Security Agency has provided assistance to Microsoft and Apple in securing their Windows and Mac OS X operating systems, according to a report published Tuesday.
    http://www.homelandstupidity.us/2007/01/09/nsa-pro vided-security-help-for-windows-mac-os-x/

    For what it's worth, the SELinux extensions came from the NSA, so they've had a hand in improving security for all the major platforms. Linux is the only one where the code's visible for the paranoid though.

    --
    "I've got more toys than Teruhisa Kitahara."
  9. Re:Quick Question by Ash-Fox · · Score: 2, Informative

    What's the difference between this and microsoft passport?
    Microsoft Passport identifies you with .net passport login credentials.
    --
    Change is certain; progress is not obligatory.
  10. Libertarianism vs. Fascism by bill_mcgonigle · · Score: 2, Informative

    I'm getting really tired of seeing dada21's wannabe-libertarian garbage on Slashdot. Take your bullshit somewhere else, or keep it in one of your sleazy blogs.

    I'll take one of dada21's rants about gold any day over your repressive fascist belligerence.

    Hint: put him on your foes list and score down your foes in the preferences. That's what it's there for, so you can be happy without advocating oppression to satiate your minority opinions.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  11. Privacy Matters by Anonymous Coward · · Score: 1, Informative
    The short answer: It's dehumanizing.


    Earlier this month there was a sobering article on Groklaw "3 CNET Reporters Will Sue HP Seeking Punitive Damages - What's That?" wherein PJ discussed privacy. She had this to say:

    There's an interesting essay that I read as part of a course Berkman Center ran on privacy in cyberspace that said that our humanness actually depends on that kind of privacy. It's how we renew and are our true selves. The essay is still available in the readings for the course which are laudably still made available to the world, "Privacy Matters: In Defense of the Personal Life," by Janna Malamud Smith. One of the worst punishments is total surveillance, the essay points out, where you can't even go to the bathroom in privacy:

    One way of beginning to understand privacy is by looking at what happens to people in extreme situations where it is absent. Recalling his time in Auschwitz, Primo Levi observed that "solitude in a Camp is more precious and rare than bread." Solitude is one state of privacy, and even amidst the overwhelming death, starvation, and horror of the camps, Levi knew he missed it.... Levi spent much of his life finding words for his camp experience. How, he wonders aloud in Survival in Auschwitz, do you describe "the demolition of a man," an offense for which "our language lacks words."...


    Our function of privacy is to provide a safe space away from terror or other assaultive experiences. When you remove a person's ability to sequester herself, or intimate information about herself, you make her extremely vulnerable....

    The totalitarian state watches everyone, but keeps its own plans secret. Privacy is seen as dangerous because it enhances resistance. Constantly spying and then confronting people with what are often petty transgressions is a way of maintaining social control and unnerving and disempowering opposition.... And even when one shakes real pursuers, it is often hard to rid oneself of the feeling of being watched -- which is why surveillance is an extremely powerful way to control people. The mind's tendency to still feel observed when alone... can be inhibiting. ... Feeling watched, but not knowing for sure, nor knowing if, when, or how the hostile surveyor may strike, people often become fearful, constricted, and distracted.


    Does that help answer your questions? Oh, by the way, GODWIN!
  12. Re:Umm by RobertM1968 · · Score: 2, Informative

    Because what MS is claiming on planning to do means they are defining "browser history" as browser history, cache, cached form data, form data and more in order to accumulate the data they are going for. That is a far cry from what Google is doing. In addition, MS has proven they are far less trustworthy than Google and many other companies out there (see numerous lawsuits and anti-trust cases in this and other countries). Also, people opt in to allow Google to have access to their data. MS is making no such claim... they are claiming "This is what we are going to do" which is far different. And yes, other companies have tried similar things and been sued in court and lost and/or fined for their actions. So, there's the difference.

    If people want to bitch about Big Brother, they should look to Washinton DC, not Washington State.

    I think people here are bitching about the invasion of privacy this would add up to. For that, it doesnt matter if it's Washington DC, Washington State, or the guy who lives down the block who is illegally obtaining your personal information - just because they decided they wanted to for whatever twisted reasons they claim.

    --
    StarTrekPhase2 - The Five Year Mission Continues!
  13. Re:Hyperventilating overraction by louarnkoz · · Score: 2, Informative

    Actually, Teredo was specifically designed so that the Microsoft servers DO NOT SEE any of the data exchanged by the hosts. They only see the initial exchange of packets requested to set-up a tunnel through the NAT.

    -- Louarnkoz

  14. Re:What about multiple users? by maxwell+demon · · Score: 2, Informative

    "MS owns the desktop and OS, so technical they can do what every they want without asking or telling you"

    pfft no they don't. i paid for a license to use windows, i gave no such permission that ms may alter my desktop or gather data WITHOUT my permission.

    (Emphasis added by me).

    The license/permission is a legal issue, not a technical one. Your argument is like "I don't need a firewall, because breaking into computers is forbidden." There's a difference between what you can do (the technical side) and what you are allowed to do (the legal side). And on the technical side, usually it would be damn easy for MS to get the information without asking or telling you.
    --
    The Tao of math: The numbers you can count are not the real numbers.
  15. Re:Google already does it... by MickDownUnder · · Score: 3, Informative

    View source.... search for Urchin.... Every page on slashdot has a google analytics script that sends a cookie to Google uniquely people visiting the page (unless you have blocked it as I have done).

    I'd say pretty much 90% of the web currently has Google javascript embedded in it. They know who you are, how often you surf the web, what pages you visit, how often you visit them etc etc etc.

    The unbelieveable irony of people on Slashdot bitching about an imaginary technology that Microsoft doesn't have, whilst Google is collecting info about every person reading this article is quite incredible.