MS Wants To Identify All Web Surfers

Moochman writes "New Scientist reports on a technology Microsoft is developing to identify users based on their browsing habits. Quote: 'The software could get its raw information from a number of sources, including a new type of 'cookie' program that records the pages visited. Alternatively, it could use your PC's own cache of web pages, or proxy servers could maintain records of sites visited. So far it can only guess gender and age with any accuracy,' but the aim is to be able to identify name, occupation and location as well. On a related note, The Inquirer reports on Microsoft's plans to widen the use of its identity-verification technology CardSpace, which is built into Windows Vista and available as an add-on to XP. It's being envisioned as an identity solution for the entire internet: says Kim Cameron, pioneer of the technology, 'We feel it has to solve all use cases.' (Aha, so the anonymous use cases, too, eh?) One might ask, with all of this user-ID information on hand, how long will it be until the Feds come knocking on Microsoft's door asking for help? They already have."

Google already does it...

[dada21]

I have no doubt that Google (do no evil?) already does this. I have some friends who have been banned from the AdSense network because they clicked their own ads (big no-no), but not from their own network. Laptops from other networks in the same region (say, Chicago). Google's ads definitely send back SOMETHING to Google -- maybe screen resolution + browser version + operation system + who knows what. No one really knows what it shared (someone should trace the traffic), but Google knows more than they're sharing. Heck, their Google search tells you how many times you recently visited a searched site (I log in via gmail, though).

It isn't that hard, and it won't be that hard to deflect if you're privacy crazy. I'd say this is mostly un-news, because privacy geeks will work around it, and those who don't work around it will get some benefit from targetted ads, better compensated search opportunities, and who knows what else.

Most geeks are random surfers, are we not?

[TheLazySci-FiAuthor]

I wonder how well this would work for someone like myself who frequently uses stumbleupon.com (or del.icio.us) to surf the net, or indeed anyone who tends to explore the net outside their own backyard.

To me this profiling technology seems like going through someone's garbage to find out what kind of person they are. Works great, unless they live in an RV or on a boat....I'm not sure that analogy works perfectly, but I think I'm going to start putting my trash in my neighbor's bin from here on.

Note: Stumbleupon is a firefox toolbar which will take you to a random site when you click the Stumble button.

Advertising?

[SmellsLike]

I wonder if they're trying to get all this information about the users to be able to identify what advertising to show them on those websites. If so google should be interested in stopping MS from doing this too.

It's suprising it hasn't been mentioned in the article. Its taking more of a privacy and anti-government stance. It looks to me like Microsoft are trying to take the lead in the advertising dollar in shifty ways also. As mentioned in the zdnet article too microsoft are already doing some of this through passport. The difference is that is opt-in whereas this is invisible to the vista user. While currently a download for XP, how long before it becomes part of the auto-updates?

What about multiple users?

[MorpheousMarty]

If I share a computer with my family, won't their data get watered down? And when my friend comes over and checks his favorite web sites, the data will just get worse. I know MS could still find me 99%, I'm the guy who goes to /. and nytimes web site a dozen times a day, no chance there's another person with habits like that, but their database will be compromised by every user variable you can imagine. You have no privacy on the internet but you do have anonymity because your computer doesn't care who you are, just what kind of access you have.

Re:Umm

[ThePromenader]

Right, and just why does Microsoft thinks it has a 'right' to glean our page-viewing habits (an act akin to rummaging our underwear and sock drawers) - perhaps because that those using their software gave it to them? They assume much, but no doubt, once again, the ignorant will fall for it. MS owes its fortune to the latter aspect of their user base, so I don't see how this move is anything new.

Re:no chance with read-only cookies

[Tackhead]

> My cookies files and folders are read-only. Every time I shut down the browser (at least daily), all cookies are gone. Works great with cookies-required sites, since they're still enabled, but leaves no trail beyond the session.

And of course, there must be thousands of people in my ISP's /16 of the network, who, once a day, log onto Slashdot, hits Digg's homepage, checks stock quotes for MSFT, GOOG, AAPL, FOO, BAR, and BAZ (and only those six stocks, and always in that order), and then does some SSL with Quuxbank (and only Quuxbank), before going back to reading stories on Slashdot and Digg, predominantly in the "YRO" category.

What are these cookies of which you speak? Cookies only make tracking easier. NSA had to compromise the backbone routers to gain access to every user's clickstream. All Microsoft has to do is control the browser and embed the spyware in the OS... oh, wait.

random browsing bot

[eclectus]

it would take about 20 minutes to write a bot that would browse at random for you and render this useless. Sounds like a great way to look anonymous. Or really, really weird, depending on where your bot runs off to.....