Slashdot Mirror
Vista is Watching You
greengrass writes "Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company."
Vista's biggest enemy is not Linux -- it's Vista. Americans take their privacy too seriously to ignore this if this becomes public. Of course, one could argue that by now the 'war on terror' has taught us to just bend over when the government says so, but hopefully, the reaction will be a little bit more violent when Microsoft asks us to 'submit'....who knows.
Good grief, I hate Microsoft as much or more than the average Slashdotter, but most of TFA is just alarmist FUD.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Why don't they tell you? Every halfway serious program I use that has to report information home (or at least wants to, for statistical purposes) asks me first, or at least informs me that it is going to do that now. Some programs even tell you what exactly they're going to send (and, behold, checking source and the transfered data shows that they actually tell you the truth).
Usually I don't mind. They probably sell that information (not about me, but about their "user base") to someone to make some money that way, since I don't pay for the honor to use their program for free. No problems there.
A problem arises when said data is transmitted without my consent. Without me even knowing that it is being sent. Am I supposed to trust a company that it isn't going to do shady business with my data when they're sneaky about it?
Now, I'm not saying MS does. But, seriously, why the cloak-and-dagger approach? Just tell the user "Vista is now gonna send MS the following information about your system, anonymized so it can't be tracked, and we want it to see what hardware platforms our system should run best on. Thanks for your co-op."
What's wrong about that? If someone doesn't care, heck, one more click on "accept" isn't going to be even noticed in Vista. And if someone does care, the smell of fish is not gonna hit his nose when something like this is being exposed.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Well they say the information is anonymous, but it includes things like your IP address. So they can convert that it non-anonymous information quite easily.
So... some reasons why this is probably a bad idea:
1. If they discover that you are running non-legit software, they can track you down. (And considering that any such analysis will always make mistakes, even users of legitimate copies of software should be worried.)
2. If MS's servers get compromised (or a bug is found in the "secure transmission" protocol), third parties can obtain your data. Depending on exactly what is being sent, this could be a privacy breach, security breach, or both.
3. Having services constantly establishing these connections is a security risk. Malware or viruses may be able to exploit it as a point of infection. Or, they may be able to use it as a means of spreading copies of themselves, or secretly transmitting information back to a third party. Every unnecessary service (from a user perspective) is a security breach waiting to happen.
4. Having code running that doesn't explicitly benefit the user is a waste of resources. This means overhead on your computer and overhead on your internet connection.
5. The EULA seems to state that they can change the terms as it suits them. This means that they can push updates through Windows Update that increase the scope of the data obtained. Perhaps they eventually decide to drop the anonymous clause. I don't think signing over so much freedom and privacy is a good idea, regardless of how "well-intentioned" the recipient of your rights claims to be.
And finally, there is the general "bad vibes" I'm sure we're all getting about this. It would be one thing if it were an additional feature that you could turn on if you wanted to. Something like "Help MS improve the quality of service by sending reports on how your software is running. This voluntary service is under your control, and only human-readable summaries will be sent, which you can inspect before they are sent. Do you wish to participate? Cancel/Allow"
Instead we get something like: "MS reserves the right to monitor your computer and transmit information to MS HQ. We can change these terms at our leisure. By using any of these features, you implicitly agree to this monitoring."
This is not an act of charity on MS's part. This is part of a plan to obtain information that they want, without customers noticing it is happening. That can only be a bad thing.
The things that get transmitted are:r ary/28cd5e13-e955-4941-91d9-fec2525e96c71033.mspx? mfr=true
1. Activation info. Well, duh.
2. Windows Update. -do-
3. Auto Root Update. Updates the list of trusted certificate authorities. You know, Verisign etc.
4. Windows Media DRM. Not an issue if you don't use DRM files, and no, information isn't transmitted every time you play the song.
5. Windows Media Player. To download album art/track names. Again, no different from other players. Easy to disable completely.
6. Malicious Software Removal. What's the problem if info is transmitted to Microsoft that you had an infection and it was cleaned? Non-issue. You can choose not to use it at all.
7. Network Connectivity Status Icon. This doesn't TRANSMIT anything except the HTTP request. It just downloads a small page to check if the Internet connection is working. Easy to disable, no problem.
8. Windows Time Service. Syncs time. Again, what's the problem? It's easy to disable if you really have a problem.
9. Problem reports. It asks you very clearly if data is to be sent to Microsoft, and asks you again if you want to send personal data. And reporting problems is good.
10. Games. Come on, it downloads fucking info and covers.
11. Event Viewer. Data is sent only when you specifically REQUEST for more online help. http://technet2.microsoft.com/WindowsVista/en/lib
12. Customer Experience Improvement Program. Microsoft *SPECIFICALLY ASKS YOU* if you want to opt-in. Once you say no, it never asks you again.
- etc -
The paranoia claims are really ridiculous. The operating system uses Internet resources to improve your experience, like telling you when you are connected to the Internet. Please take your tinfoil hat off for a minute and look at this objectively.
>It appears that Microsoft is slowly trying to head towards a near-constant connection of the end-user to their system, for what purposes is a matter for conjecture.
/author/ of the software, not the user - more DRM, more restrictions on how I can use the software, instead of better software for /me/. It's seriously getting to where I don't trust commercial upgrades anymore. It seems like 90% of the time or better a commercial upgrade limits what I can do with the application instead of enhances it.
And it's not just Microsoft doing it.
This "phone home" crap is the single biggest thing that is driving me to consider open-source alternative operating systems and software.
The second biggest thing is that it seems more and more that with commercial software every time I install an "upgrade" it is really an upgrade for the
It's really all come down to games for me. If my games would all run on Linux I'd be there tomorrow.
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
Microsoft is stepping over some big lines here.
Either that, or they're just using their pool of hundreds of millions of users with tens of millions different hardware/software configurations in order to collect bug data.
That's really the most obvious and the most likely answer.
I don't respond to AC's.
Is it paranoia if the OS really *is* sending tons of data to Redmond?
Is it? I saw nothing in the article that actually tried to attempt to see what information, if any, was being sent. All I saw was a really paranoid reading of an EULA.
Is it slander if it's true?
Just because something is in a license agreement doesn't mean its happening. People said the same thing about Windows update. The truth of the matter is it sends what OS / service pack your running and you get a list of updates available, which then is parsed by your computer to see if it needs them or not. Also, what updates are needed but not installed is reported back. Not exactly terrifying data.
It's fully-disclosed and hardly sneaky. If you block it, it will still work fine, but you lose updates to Windows and its components, you won't get your DRM certificates for media it's introduced to, your IPv6 NAT service won't work as expected, and online help features stop working. Want to stop them? Firewall rules, or disable the services.
:)
Everything has to be considered a security risk from your position, otherwise you're not doing your job