Slashdot Mirror
MS Wants To Identify All Web Surfers
Moochman writes "New Scientist reports on a technology Microsoft is developing to identify users based on their browsing habits. Quote: 'The software could get its raw information from a number of sources, including a new type of 'cookie' program that records the pages visited. Alternatively, it could use your PC's own cache of web pages, or proxy servers could maintain records of sites visited. So far it can only guess gender and age with any accuracy,' but the aim is to be able to identify name, occupation and location as well. On a related note, The Inquirer reports on Microsoft's plans to widen the use of its identity-verification technology CardSpace, which is built into Windows Vista and available as an add-on to XP. It's being envisioned as an identity solution for the entire internet: says Kim Cameron, pioneer of the technology, 'We feel it has to solve all use cases.' (Aha, so the anonymous use cases, too, eh?) One might ask, with all of this user-ID information on hand, how long will it be until the Feds come knocking on Microsoft's door asking for help? They already have."
The computing giant is developing software that could accurately guess your name, age, gender and potentially even your location, by analysing telltale patterns in your web browsing history.
Uh, wouldn't location be the easiest thing to figure out? Yes. The answer is yes.
That's always my first question when I see an article like this; who could ever think this was a good idea? Obviously not someone who reads Slashdot.
I don't know how much Microsoft is paying, but it must be alot if people are thinking that such a ridiculous idea makes sense.
I have no doubt that Google (do no evil?) already does this. I have some friends who have been banned from the AdSense network because they clicked their own ads (big no-no), but not from their own network. Laptops from other networks in the same region (say, Chicago). Google's ads definitely send back SOMETHING to Google -- maybe screen resolution + browser version + operation system + who knows what. No one really knows what it shared (someone should trace the traffic), but Google knows more than they're sharing. Heck, their Google search tells you how many times you recently visited a searched site (I log in via gmail, though).
It isn't that hard, and it won't be that hard to deflect if you're privacy crazy. I'd say this is mostly un-news, because privacy geeks will work around it, and those who don't work around it will get some benefit from targetted ads, better compensated search opportunities, and who knows what else.
I wonder how well this would work for someone like myself who frequently uses stumbleupon.com (or del.icio.us) to surf the net, or indeed anyone who tends to explore the net outside their own backyard.
To me this profiling technology seems like going through someone's garbage to find out what kind of person they are. Works great, unless they live in an RV or on a boat....I'm not sure that analogy works perfectly, but I think I'm going to start putting my trash in my neighbor's bin from here on.
Note: Stumbleupon is a firefox toolbar which will take you to a random site when you click the Stumble button.
Read my Very Short "Stories"
I wonder if they're trying to get all this information about the users to be able to identify what advertising to show them on those websites. If so google should be interested in stopping MS from doing this too.
It's suprising it hasn't been mentioned in the article. Its taking more of a privacy and anti-government stance. It looks to me like Microsoft are trying to take the lead in the advertising dollar in shifty ways also. As mentioned in the zdnet article too microsoft are already doing some of this through passport. The difference is that is opt-in whereas this is invisible to the vista user. While currently a download for XP, how long before it becomes part of the auto-updates?
If I share a computer with my family, won't their data get watered down? And when my friend comes over and checks his favorite web sites, the data will just get worse. I know MS could still find me 99%, I'm the guy who goes to /. and nytimes web site a dozen times a day, no chance there's another person with habits like that, but their database will be compromised by every user variable you can imagine. You have no privacy on the internet but you do have anonymity because your computer doesn't care who you are, just what kind of access you have.
We have found that 5% of Internet user are identifiable by there browsing habits, all the other 95% do is surf for porn making it hard to narrow down.
If you could reason with religious people, there would be no religious people
Don't worry, I'm sure this will be an opt-in feature. You won't need to enable it on your Windows machine (yes, there will be desktop component, why not), unless you want to upgrade to Vista SP1, or get IE8, or use Windows Update, Hotmail, or MSN messenger, or Word, or Outlook, or prevent WGA from deactivating your machine after a month.
Frankly, I'm surprised we haven't seen MS-TCP/IP yet (no, wait, marketing name "MS Live Connect"). A proprietary, "safe" networking protocol on top of the Internet as we know it that requires you to log-in and authenticate against their servers to use the Internet, uses their own DNS (by default, but you can change it if you're technically competent enough), and of course makes sure you're not doing anything that could interfere with MS DRM in any way.
Now it's your job, given the content and the topic of this post, to figure out if I'm being serious or sarcastic. Honestly, I am not sure which one it is.
Surely Google is doing this already?
MS is dropping the ball.
Does it go on forever?
Is that instead of using the systems they probably already have, the government is starting to utilize private companies to do their dirty work for them. Another layer of deniability to everything, I suppose. I forget; was North America part of Oceania or did it partially belong to Eastasia?
It looks like MS is now going to copy everything that Google does. You know, just to stay ahead of the herd.
You can't handle the truth.
And of course, there must be thousands of people in my ISP's /16 of the network, who, once a day, log onto Slashdot, hits Digg's homepage, checks stock quotes for MSFT, GOOG, AAPL, FOO, BAR, and BAZ (and only those six stocks, and always in that order), and then does some SSL with Quuxbank (and only Quuxbank), before going back to reading stories on Slashdot and Digg, predominantly in the "YRO" category.
What are these cookies of which you speak? Cookies only make tracking easier. NSA had to compromise the backbone routers to gain access to every user's clickstream. All Microsoft has to do is control the browser and embed the spyware in the OS... oh, wait.
with this story, that bill gates icon with the borg visor has never been more appropriate
"resistance is futile, you will be assimilated"
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
If I wanted to identify myself, I'd do myself, thank you very much!
- Anonymous Coward, and proud of it.
Finally! I had been wondering how Bill Gates was going to share his fortune! This sounds like the technology that can make it happen!
Slashdot's first reaction to VMware
it would take about 20 minutes to write a bot that would browse at random for you and render this useless. Sounds like a great way to look anonymous. Or really, really weird, depending on where your bot runs off to.....
This signature is a waste of 42 characters
Under corporate feudalism, the corporation has rights by default. Can they do it? Check. Will it make money for them and the shareholders? Check. There are no other questions.
"Only the small secrets need to be protected. The big ones are kept secret by public incredulity." - Marshall McLuhan
That's always my first question when I see an article like this; who could ever think this was a good idea? Obviously not someone who reads Slashdot. I don't know how much Microsoft is paying, but it must be alot if people are thinking that such a ridiculous idea makes sense.
This is precisely the sort of thing that Google is working on as well. It is all about targeted advertising, and Microsoft wants to be a provider of targeted advertising like Google. Q. Why did you think that Google offers you free email service? A. So they can build up their personal profile of you and provided better targeted advertising.
The following is a question I posted to another forum after reading this article. It's a genuine dilemma I've been pondering for a while now. I fully expect to get boiled alive for even asking the question, but any input will be appreciated.
-----
You may be aware that the UK leads the world with a billion CCTV cameras on every street corner. Various countries are pondering the adoption of mandatory ID cards. I've just been reading a Slashdot article about Microsoft's proposal to identify users from their browsing history. People have suggested a comprehensive crime-fighting fingerprint database.
I'm opposed to these things. The problem is that I'm having trouble explaining to myself why, precisely, it's a bad thing to have Big Brother watching me. And basing my opinion on a vague premonition of dread is pissing me off.
Whenever a measure such as those above is suggested, newspaper articles will invariably mention objections from civil liberties campaigners. I like civil liberties and am inclined to instinctively agree with those who campaign for them. But comments like "If you're not doing anything wrong, why do you care?" are simultaneously smug, irritating and difficult to torpedo convincingly. Three arguments spring to mind:
1) The government shouldn't know any more about you than it absolutely needs to. I agree with that. The problem is that it seems reasonable to assume that an extreme surveillance society which logs the activity of you, your car, your browsing, your shopping, your library borrowing, your finances and everything else would have an easier time of it in identifying criminals. Does that constitute a reasonable need, and why or why not? This argument is rather abstract and arbitrary for my comfort.
2) Unscrupulous government officials could abuse the information. Hard to argue with that one, and no doubt abuses would occur, but it seems paranoid to reject the whole deal on those grounds given the cost/benefit ratio.
3) It wouldn't work properly, would be insecure, and would be a colossal waste of money. I agree, given the UK's track record in large IT projects, but that's an implementation problem rather than a philosophical objection.
Can anyone give me any other specific, compelling argument against the surveillance society which doesn't rely on an axiom that it's an inherently bad thing? Because this is annoying the hell out of me.
MSFT is just amazing at the depths they will troll to invade a user's privacy. This article only highlights how deep MSFT has their hand up the proverbial *** of the end-user. Data-mining a user's browsing cache? Are you serious? If they can read from the browser cache, what ELSE can they do? And how far will they go? If Joe User has been surfing pr0n sites and accidently comes across something he should see, will MSFT know about it? Will they inform the authorities?
With Microsoft's recent advertising acquisition, will they use this technology to data-mine and serve up targeted advertisements? If they know Joe User is browsing car sites, will they serve up GM ads because GM is an MSFT partner? Will those ads overlay or replace existing ads from other companies? Don't believe it can't happen. We just had a link a day or so ago about spyware doing it.
I cringe everytime I see a computer running an MSFT operating system now. Seriously.
This almost sounds like a dying man gasping for air. Sales from Vista (despite tainted projections) aren't nearly as high as expected. Widespread adoption isn't happening (companies and Federal agencies are shunning Vista for now). MSFT has had to turn up the screws on piracy to recoup lost dollars. Cue the OSS FUD about patent infringement that allows MSFT to squeeze Fortune 100 companies for cash. Now this -- MSFT's attempt to be the identity manager of the Internet.
Not on my computers on my networks. Not now. Not ever.
So how will they identify me? By my work surfing profile, or my home surfing profile?
Yes, I surf at work, both to take a break, and to keep abreast of developments in I.T., specifically, the Java world.
At home, I'll probably surf the BBC, Slashdot, Apple sites, and my blog.
So which "me" does Microsoft hope to profile? Combine that with the fact that I use a Mac at home, and that my surfing habits will change when I change jobs.
Still, methinks this is the quid pro quo for Microsoft's deal with the Bushies to gets itself out of an enforced monopoly breakup....
This space left intentionally blank.
Firefox is all good and well, but you need to
be on a non-Microsoft client. Otherwise, the
Microsoft software under the browser still has
access to all of the data anyway.
Perhaps it is already doing what the article describes.
You are being MICROattacked, from various angles, in a SOFT manner.
Have they identified the goatse guy yet?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Exactly. And because they are dealing with a closed-source solution, there is no direct way of knowing. What's to say an ActiveX component isn't briefing scanning a user's browser cache and reporting that information to an MSFT server. Without a sniffer between the box and the 'net, most people wouldn't be the wiser.
This is why you use Firefox, to disable ActiveX. You also use a better firewall than that provided with XP; one that warns you when a program wants to "call home" and allows you to decide if you're going to let it.
Good, inexpensive web hosting
First, theres an article on slashdot yesterday about spyware that has been "approved" by truste and now vista comes with embedded spyware to tell MS (who are trying to break into advertising) where i am, what im looking at and what my name is?
The thing that worries me about all this is the rather lack-lustre response you'd expect from the general slashdot community about breaches of privacy, etc. Have the aliens invaded?
im scared... they only come out at night, mostly...
Seriously though for everything that sucks about vista atm (performance, etc), knowing it had embedded spyware (or what exactly is a "special cookie program"?) would stop me moving to it.
I like and use Firefox, but it seems awfully chummy with Google for my taste. I don't think it's the default, but Firefox 2.0 allows you to check with Google whether each site you visit is a "suspected forgery." Probably a sizable percentage of Firefox users takes Google up on its offer.
This essay takes the paranoia all the way, but, as it turns out, maybe not far enough...
The Ugly Truth About Online Anonymity
http://cryptogon.com/?p=624
All of the stuff that you do with your "normal" online persona, you know, online banking, checking email, discussion groups, etc: You can't do any of that. The second you associate a user profile on a server with your behavior, you're back to square one. The Matrix has you. You would have to create what the intelligence business calls a "legend" for your new anonymous online life. You may only access this persona using these extreme communications security protocols. Obviously, you can't create an agent X persona via your anonymous connection and then log into some site using that profile on your home cable modem connection. To borrow another bit of jargon from the people who do this for real, full time, you must practice "compartmentalization."
"This is why you use Firefox" with the trackmenot extension:
http://mrl.nyu.edu/~dhowe/trackmenot/
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
So you're saying they can see you when you're sleeping? And they know when you're awake??
If the masses can keep you down, you're not the Ubermensch.
When people are helped along, they tend to become productive much faster than when they're ridiculed and scorned. In this case, the help given to them may help them to become "real Mac users" much more quickly. If you simply explain that there is no such thing as a maximize button, they will probably listen, especially if you provide them with another way to achieve the desired result. If the name "Clarus" means nothing to you... "Clarus" (sic) hasn't done anything under that name since 1998, when they renamed to become FileMaker Inc. ClarisWorks was returned to Apple as AppleWorks, and the last product with Claris branding was discontinued in 2001. (Trust me, I looked.) If you still call it Claris, then buy new software.
It's people like you that contribute to the myth that all Mac users are elitist bastards. I don't know the name of the law that states something along the lines of "the smaller the minority, the more noise it makes", but I'm sure there's one like that, and it's relevant here. (If there isn't, there should be.) I'm a Mac user, and you are (AFAIK) in a very small minority. Unfortunately, since you and the rest of your cohorts prefer to post AC, we'll never know just how many of you there are. A shame, too... I'd like to know just how many people actually post this type of thing.
Change is certain; progress is not obligatory.
I'm getting really tired of seeing dada21's wannabe-libertarian garbage on Slashdot. Take your bullshit somewhere else, or keep it in one of your sleazy blogs.
I'll take one of dada21's rants about gold any day over your repressive fascist belligerence.
Hint: put him on your foes list and score down your foes in the preferences. That's what it's there for, so you can be happy without advocating oppression to satiate your minority opinions.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Clarus != Claris
Claris is the office software. Clarus is the dogcow.
TFA said they'll be making a list. who knows if they'll be checking it twice or not.
In response to the snarky aside in the summary, the Cardspace designers actually had anonymous use cases in mind when they designed it. You can generate a card at any time with any information on it. When you submit a card to a site, you get to choose what personal information (if any) gets sent along with it. And, there is a unique ID generated for each site/card combination. So, you could create 100 different cards named "Anonymous Coward" and use a different one each time you came to Slashdot to post as 100 different Anonymous Cowards from one machine.
Once you identify any weird or unwanted network connections, then it's relatively simple to stop them with a firewall rule or two, or to put a dummy entry in a hosts file somewhere.
Gentoo Linux - another day, another USE flag.
I neither abandon Microsoft software, nor do I leave myself open to tricks like Microsoft's latest dream of world conquest. I choose a middle ground.
I run the Windows software I cannot or will not replace in a virtual VMWare sandbox with no internet connection (just a local intranet connection). That way, I don't feel the urge to update Windows (I generally use Win2k sp4) or play the old "whack-a-mole" game with viruses and trojans. It's not perfect, and I still use Wine for the occasional Windows game (I don't stay up-to-date there, either, preferring older games), but I avoid a whole lot of pain and most of the risk in using Windows software.
There's an old saying in computer software (and yes, it's US centric. sorry about that): You can tell who the pioneers are, they're the ones with arrows in their backs. Avoid being a pioneer, and all sorts of viable solutions to Microsoft's schemes and dreams present themselves.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
1) legitimate reason: MS is a SW company providing solutions to customers. Big problem online is proving you are who you say you are to a 3rd party. How does a merchant verify I am who I say I am (and that they are not taking on a fraudulent transaction which they will be held responsible for)?
How does bank or stock broker verify it is you doing a money transfer or stock transaction?
How can I prove my age complies with laws regarding age? Are you "thirteen"? Are you "eighteen"? Are you "twenty-one"?
If the good senator from N/S. Carolina is determined to enact age-verification to adult websites, do you have to give a credit card with your age that maybe could be verified against a card-holder database? How can you verify age?
How do Ebay parties verify they aren't entering into a scam?
These are all "legitimate" areas where there is a need for some type of user identification/verification. It is a legitimate problem in doing commerce on the web. A software company has every "legitimate" right to attempt to create a solution. So your first statement and its conclusion regarding motive is flawed.
Regarding your second statement about this being a reason to use a different OS. That's also logically flawed, since we are identifying people from browsing habits -- something that would be OS neutral. People still browse with Linux and Mac-based computers. In fact, using an alternate browser and OS puts you in a minority of sorts -- providing additional identification factors. If you wanted to remain "anonymous", standing out from the crowd isn't a great way to do it.
That people agreed with you and marked you insightful only shows how many others on slashdot have similarly faulty logic.