Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Wants To Identify All Web Surfers

Posted by kdawson on from the time-to-visit-more-health-sites dept.

Moochman writes "New Scientist reports on a technology Microsoft is developing to identify users based on their browsing habits. Quote: 'The software could get its raw information from a number of sources, including a new type of 'cookie' program that records the pages visited. Alternatively, it could use your PC's own cache of web pages, or proxy servers could maintain records of sites visited. So far it can only guess gender and age with any accuracy,' but the aim is to be able to identify name, occupation and location as well. On a related note, The Inquirer reports on Microsoft's plans to widen the use of its identity-verification technology CardSpace, which is built into Windows Vista and available as an add-on to XP. It's being envisioned as an identity solution for the entire internet: says Kim Cameron, pioneer of the technology, 'We feel it has to solve all use cases.' (Aha, so the anonymous use cases, too, eh?) One might ask, with all of this user-ID information on hand, how long will it be until the Feds come knocking on Microsoft's door asking for help? They already have."

20 of 281 comments (clear)

  1. Who thinks of these ideas? by solevita · · Score: 2, Interesting

    That's always my first question when I see an article like this; who could ever think this was a good idea? Obviously not someone who reads Slashdot.

    I don't know how much Microsoft is paying, but it must be alot if people are thinking that such a ridiculous idea makes sense.

    1. Re:Who thinks of these ideas? by Anonymous Coward · · Score: 1, Interesting

      Firefox + TorButton + TrackMeNot (sends a few random queries a minute to search engines, pollutes their results!)

  2. Google already does it... by dada21 · · Score: 5, Interesting

    I have no doubt that Google (do no evil?) already does this. I have some friends who have been banned from the AdSense network because they clicked their own ads (big no-no), but not from their own network. Laptops from other networks in the same region (say, Chicago). Google's ads definitely send back SOMETHING to Google -- maybe screen resolution + browser version + operation system + who knows what. No one really knows what it shared (someone should trace the traffic), but Google knows more than they're sharing. Heck, their Google search tells you how many times you recently visited a searched site (I log in via gmail, though).

    It isn't that hard, and it won't be that hard to deflect if you're privacy crazy. I'd say this is mostly un-news, because privacy geeks will work around it, and those who don't work around it will get some benefit from targetted ads, better compensated search opportunities, and who knows what else.

    1. Re:Google already does it... by Organic+Brain+Damage · · Score: 2, Interesting

      http://www.google.com/analytics/

      Google Analytics has been re-designed to help you learn even more about where your visitors come from and how they interact with your site.

    2. Re:Google already does it... by garcia · · Score: 2, Interesting

      Especially when you are using Google Analytics on the site! Someone searched *my* site for a strange keyword (misspelling of entertainment as intertainment) and within seconds Googlebot hit my site with the same search URL.

      That made me realize just how fucked up Google's abilities are.

    3. Re:Google already does it... by ScentCone · · Score: 2, Interesting

      Well, if you want to know what Google's up to, just see what its two founders are currently talking about . They want to tell you the sort of job you'd be best suited to, and what they think you should do tomorrow. No sir, can't do THAT without Google. Point is, they're actually saying something far creepier than anything MS is saying, if you ask me.

      --
      Don't disappoint your bird dog. Go to the range.
  3. Most geeks are random surfers, are we not? by TheLazySci-FiAuthor · · Score: 4, Interesting

    I wonder how well this would work for someone like myself who frequently uses stumbleupon.com (or del.icio.us) to surf the net, or indeed anyone who tends to explore the net outside their own backyard.

    To me this profiling technology seems like going through someone's garbage to find out what kind of person they are. Works great, unless they live in an RV or on a boat....I'm not sure that analogy works perfectly, but I think I'm going to start putting my trash in my neighbor's bin from here on.

    Note: Stumbleupon is a firefox toolbar which will take you to a random site when you click the Stumble button.

    --
    Read my Very Short "Stories"
  4. Advertising? by SmellsLike · · Score: 4, Interesting

    I wonder if they're trying to get all this information about the users to be able to identify what advertising to show them on those websites. If so google should be interested in stopping MS from doing this too.

    It's suprising it hasn't been mentioned in the article. Its taking more of a privacy and anti-government stance. It looks to me like Microsoft are trying to take the lead in the advertising dollar in shifty ways also. As mentioned in the zdnet article too microsoft are already doing some of this through passport. The difference is that is opt-in whereas this is invisible to the vista user. While currently a download for XP, how long before it becomes part of the auto-updates?

  5. What about multiple users? by MorpheousMarty · · Score: 4, Interesting

    If I share a computer with my family, won't their data get watered down? And when my friend comes over and checks his favorite web sites, the data will just get worse. I know MS could still find me 99%, I'm the guy who goes to /. and nytimes web site a dozen times a day, no chance there's another person with habits like that, but their database will be compromised by every user variable you can imagine. You have no privacy on the internet but you do have anonymity because your computer doesn't care who you are, just what kind of access you have.

  6. Re:Umm by ThePromenader · · Score: 5, Interesting

    Right, and just why does Microsoft thinks it has a 'right' to glean our page-viewing habits (an act akin to rummaging our underwear and sock drawers) - perhaps because that those using their software gave it to them? They assume much, but no doubt, once again, the ignorant will fall for it. MS owes its fortune to the latter aspect of their user base, so I don't see how this move is anything new.

    --

    No, no sig. Really.

    ThePromenader
  7. Re:Problem with identifying by browser habits by Shados · · Score: 2, Interesting

    Well, they DID say it could semi-accurately identify genders. I think that would make it easy to identify within that 95%

  8. Re:no chance with read-only cookies by Tackhead · · Score: 4, Interesting
    > My cookies files and folders are read-only. Every time I shut down the browser (at least daily), all cookies are gone. Works great with cookies-required sites, since they're still enabled, but leaves no trail beyond the session.

    And of course, there must be thousands of people in my ISP's /16 of the network, who, once a day, log onto Slashdot, hits Digg's homepage, checks stock quotes for MSFT, GOOG, AAPL, FOO, BAR, and BAZ (and only those six stocks, and always in that order), and then does some SSL with Quuxbank (and only Quuxbank), before going back to reading stories on Slashdot and Digg, predominantly in the "YRO" category.

    What are these cookies of which you speak? Cookies only make tracking easier. NSA had to compromise the backbone routers to gain access to every user's clickstream. All Microsoft has to do is control the browser and embed the spyware in the OS... oh, wait.

  9. random browsing bot by eclectus · · Score: 5, Interesting

    it would take about 20 minutes to write a bot that would browse at random for you and render this useless. Sounds like a great way to look anonymous. Or really, really weird, depending on where your bot runs off to.....

    --
    This signature is a waste of 42 characters
  10. Re:Why is this a bad thing? Not a troll! by himurabattousai · · Score: 2, Interesting
    Personally, I think it's quite telling that you can't debate this topic without resorting to old, cliched arguments against this kind of behavior--not because you're lacking in the intelligence department, but because it's just that difficult to argue against the whole "National Security/Think of the Children" crowd that constantly asks for more and more, when it can only provide less and less. Every time a story like this comes up, I see countless quotes along the lines of "Those who trade freedom for security...." and "The more you tighten your grasp...." If that is the best that we, as people who value freedom, can come up with, we've already lost. Fear (or greed) is a hard motivator to counter because it takes something that everyone has and turns it against them. Using cliches to fight against fear is like trying to cut concrete with a butter knife; neither will be successful, ever.

    Having said all that, I put this out there:

    The three arguments you've stated are the most often used, but they are entirely correct. I think the best way to look at why all this surveillance is bad is quite simple. Our elected government officials are supposed to be public servants, and it is we, as citizens, who are supposed to be the masters. Their jobs and salaries are drawn directly from the people for whom they are supposed to work. Corporations are much the same--their jobs and salaries are supposed to be dependent on actually satisfying the needs of their customers. We submit ourselves to governments and corporations because we can not do everything that a proper, free society needs to have to survive. Not everyone can farm, build cars, or use language (or violence, if necessary) to promote his needs and defend his rights.

    This surveillance society that Western Civilization is moving towards has it backwards. Instead of remembering that they are granted the privilege of working for us, corporations like Microsoft and the government view it as their birthright to have perpetual power over the very people who allowed them to exist in the first place. They see us as resources to be exploited, much the same attitude as was held by slave owners back before the civil war. They are all hypocrites, pretending to be acting in the best interests of their customers while really undermining everything they say they stand for. To them, all that matters is power--political, military, or financial. They wish to rule over us when they really should only operate with our permission. Somewhere along the line, we forgot that, and we're too afraid to go back and reclaim what belongs to us.

    --
    "osake no hou ga, biiru yori ii" to omotteiru.
  11. Re:Combining client side info with what server see by xdc · · Score: 2, Interesting

    I like and use Firefox, but it seems awfully chummy with Google for my taste. I don't think it's the default, but Firefox 2.0 allows you to check with Google whether each site you visit is a "suspected forgery." Probably a sizable percentage of Firefox users takes Google up on its offer.

  12. How would Microsoft collect this information? by Anonymous Coward · · Score: 1, Interesting

    I'm confused how Microsoft might plan to collect this information?

    I can imagine using ad network to plant cookies and track IP addresses as I'm sure is already done, but many browsers (although not Firefox by default any longer to the best of my knowledge) block third party cookies, and IP addresses can change or be the front ends to NAT networks so they don't uniquely identify visitors, and definitely don't generally do so over spans of weeks or months. I'm not sure conventional ad networks are adequate alone.

    TFA mentions the web page cache from the local computer or data from proxy servers, but those data aren't going to beam themselves to Microsoft. Something has to do the beaming for them. Does Microsoft have some plan, as the parent suggests, to install software on our computers to beam this information back to MS or control huge numbers of proxy servers? How would this work??

    TFA also mentions some new kind of "cookie program." Regular cookies are probably inadequate since many people clean them out frequently. Flash local shared objects last longer since most people still don't know about them, but they're not exactly new. So what could MS be referring to? Maybe Silverlight could do it, but I'm not sure that would endear people to the technology. Maybe some funky IE proprietary Javascript that beams back private information about your computer, or some other plugin?

    This seems likely to work for MS Windows users, but I don't use Windows, certainly don't trust Microsoft enough to install Silverlight, have disabled Flash local shared objects, don't generally allow Flash and other plugins to run, don't use a proxy (let alone one controlled by MS), and browse with JavaScript disabled. Does Microsoft think they'll be able to identify me, and if so, how?

    Are they going to try to make deals with big ISPs or backbone providers to glean this data directly off the wire? (Maybe the NSA would be kind enough to share. I mean, there's no sense in duplicating all that effort...)

    It's scary that a company like Microsoft would be so nonchalant about collecting this sort of information; it could reflect Microsoft's arrogance and yet unbridled Monopoly power. Or maybe Microsoft just believes it can get away with anything thanks to the success of Windows Genuine Advantage. To see what I mean, substitute "Microsoft" in this story with "Zango."

  13. Re:Combining client side info with what server see by couchslug · · Score: 2, Interesting

    "This is why you use Firefox" with the trackmenot extension:

    http://mrl.nyu.edu/~dhowe/trackmenot/

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  14. Anonymous Use Case by IL-CSIXTY4 · · Score: 2, Interesting

    In response to the snarky aside in the summary, the Cardspace designers actually had anonymous use cases in mind when they designed it. You can generate a card at any time with any information on it. When you submit a card to a site, you get to choose what personal information (if any) gets sent along with it. And, there is a unique ID generated for each site/card combination. So, you could create 100 different cards named "Anonymous Coward" and use a different one each time you came to Slashdot to post as 100 different Anonymous Cowards from one machine.

  15. Re:Umm by technicalandsocial · · Score: 2, Interesting

    While Kim Cameron's talk on CardSpace is the best talk I've ever seen out of Microsoft, I've seen it more than once, which includes the same jokes. Like the one about his wife crying because the login prompt had her name several times. Hey Mrs.(too liberated to be Cameron), try an open source, free, multi-user operating system. Believe it or not, you don't have to put your real name there either, regardless of what Kim tells you. Using a pseudonym is more than adequate...

  16. Ethereal/Wireshark is your friend by pandrijeczko · · Score: 3, Interesting
    If you're that worried about software you run "phoning home" or collecting stats on you, then get hold of one of the myriad of free network sniffers (like Ethereal or Wireshark) and spend some time learning how to interpret what it sniffs.

    Once you identify any weird or unwanted network connections, then it's relatively simple to stop them with a firewall rule or two, or to put a dummy entry in a hosts file somewhere.

    --
    Gentoo Linux - another day, another USE flag.