Slashdot Mirror
Vista is Watching You
greengrass writes "Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company."
Is this another example of Bill Gate's Microsoft micromanagement leaking out into the general public, or is this truly a way for Microsoft to help fool-proof Windows operations?
If this is nothing more than a way for Microsoft to ensure that Windows operates properly and to find potential issues, data collection should be an option. A lot of power users won't want it, and a lot of paranoid public won't either.
Of course, what choice do they have if they want/need to run Windows? If enough of the system monitors your usage and activity, not using those services pretty much makes your computer a brick.
Aside from privacy concerns, how much storage space and processing power is being used for this endeavor? Couldn't all that be put to much better use?
like Google does, maybe I wouldn't be microwaving genuine Vista Ultimate DVDs into petrol...
In the article, there's a Vista technology referred to as "Rights Management Services (RMS) Client" - I guess I'm not the only one who's midldy amused about the acronym used for that service ;-)
What's especially delicate about it is that the service's name uses the term "Rights", where many who are in favour of digital freedom would probably deem "Restrictions" a much better fit.
I bet if Richard Stallman were dead by now (please note that I'm glad and happy that he's alive and kickin'!), there'd be a chance he'd be rotating in his grave at high speeds because of this.
:%s/Open Source/Free Software/g
YTARY!
... and this kind of undisclosed(?) sneaky communication has to be considered a security risk from our side, and one which may very possibly invalidate the state of validation (in, again, the FDA-regulated sense) of numerous production-related systems that might eventually run on Vista platforms. We're testing Vista now, and as soon as I get my hands on a copy, I'm gonna poke arounnd and try to figure out what data is sent where, what happens if you cleverly block it, what options there are to just shut these features the f*** off, and many et ceteras,...
Seems like they would want to keep this data anonymous as much as possible too, or it would seem like they would have an endless barage of subpoenas for civil lawsuits like divorces, where one spouse wants evidence that the other was cheating.
The privacy concerns are obvious. I, for one, do not want to agree to having all kinds of (largely unspecified) information transmitted to Microsoft.
But even putting that aside for a moment. Assume that Microsoft is a friendly company and that you are confident they will never use this information "against you." Even in that case, this is a really bad idea. Why? Because security works best when you *minimize* the avenues of attack. By sending this information to Microsoft HQ, your OS opens itself to new attacks. On the one hand you have the possibility of MS's servers being hacked, and your information stolen (or the transmission being intercepted and copied). But much worse, this transmission functionality can be co-opted by malware or viruses.
Every functionality you include in the OS is a functionality that "the enemy" (malware, viruses, crackers, etc.) can (and will) use against you. In particular, every network-enabled program is a potential security breach. Hence, we should always be disabling as many services (especially network services) as possible. By having all kinds of code that is constantly communicating outside the machine (with no notification to the user), built into services that the user cannot sensibly disable, you are leaving a tempting target for "the enemy" to find vulnerabilities.
Add to this the fact that it makes it harder on network admins to pick out suspicious traffic. If all these Vista installs are constantly sending out packets of information, how can the sysadmin tell when one of those machines has been taken over, and that "phone MS HQ" service is now sending nefarious packets?
Isn't it ironic that the very company charging insane amounts for a "safe and secure" OS is essentially using spyware embedded in the system itself when the average user shells out a decent amount of money to prevent spyware programs?
If there wasn't enough of them already, add this to the stack of reasons not to use Vista.
Well, back to rejecting software patent applications.
I expect that the majority of people believe that they're buying a product when they purchase Vista, or when they purchase a PC with Vista pre-installed. That presumption may be entirely wrong though.
... or else nothing, that's the only option. In fact then, you haven't purchased a product at all, but a service without any agreed terms.
... although Microsoft probably wants you to continue purchasing without owning.
Certainly from Microsoft's point of view, and in view of their total focus on WGA, you've agreed to a single-payment licensing deal. EULAs may not be valid in some jurisdictions, but that doesn't seem to concern them. You live within their worldview, or else
Likewise, from the content providers' point of view, your PC and its software certainly doesn't belong to you, which implies that you haven't purchased Vista as a product. Instead, it's just a delivery vehicle for their content, and Microsoft is the guarantor of DRM safety to ensure that this is so. The fact that you've paid for your hardware and software as if it were yours seems to have escaped both content providers and Microsoft alike.
Perhaps in the future, people who are not technical will not own computers at all, but only rent content delivery vehicles?
That's where Vista seems to be heading
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
I remember back in the early 1990s, when the first network software for Microsoft systems started coming out, I read a report from some engineers who had been using it in their lab. They noticed that their modem's lights would flicker during times that the machine was "idle". So they hooked up a line monitor, and studied the activity.
It turned out that some software inside the machine was making connections to Microsoft sites, and passing information about the contents of the disk over the line.
So MS has been doing this for 15 years or so. Even back then, they knew how to make this "service" unobtrusive. It didn't show as a running program, and it apparently didn't run when other software was using the line. It was just a quiet, hidden, background task that continuously reported on your data to its master.
Nobody who has been paying attention should find it at all surprising that, in 2007, this is still happening. If you are running Microsoft software, you should assume that, unless you know otherwise, that Microsoft has full access to everything in your machine.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Sure. But Open Source software is not going to uphold your freedoms, only Free Software will. Any freedoms that Open Source software gives you is just incidental to the development methodology used. They will be the first to go when sacrificed for some technical merit.
Here's an amusing quote by RMS about Free Softare and Open Source from here,
Just about any HP camera/printer/scanner will install an update utility. Java has a updater that runs in the background. Real Player, Adobe Reader, Flash Player, Quicktime, and assorted Sonic software all have their own background updaters.
"Work is the curse of the drinking classes." -Oscar Wilde
I don't participate in beta testing programs without being compensated for my time and resources.
Wow. Snooty. What software do you use that's perfect?
I don't respond to AC's.
Don't say that the performance of Windows-based games takes a hit on Linux. I've run Linux on the desktop for 12 years. Every few months, I get the bug to "try it again." The last time I did so, I pirated -- yes, pirated -- I've bought it 3 times, and never gotten it to actually play the games I wanted to play -- Cedega, and took it for a drive. On both Counter Strike and Battlefield 2, the game played BETTER under Linux than it did under Windows. BF2 was appreciably better. However, two things kept me from switching. For CS:S, it was horribly long load times. I don't know what it was about Steam, but it would take several minutes to finally load up. BF2 was different. PunkBuster is NOT SUPPORTED under Cedega. What's so pathetic is that PunkBuster (and Valve's VAC) are apparently not preventing cheating. Our clan kicks people out of our servers all the time for hacking. Yet it keeps me from playing online under Linux. Other than that, Wine is letting the software actually run faster on the same hardware. YMMV.
;-)
Note that Crossover is promising select games will work under their new version, like Steam and WoW. I'm thinking about buying this again for Outlook functionality at work. (Evolution's Exchange plugin isn't working with meeting invitations, but I'm WAY off the subject now.) CodeWeavers is saying that their NEXT version will support PunkBuster. That would be cool, as it would remove the main barrier to playing games on Linux at this point.
Speaking of which, because of my older hardware not being able to play some of the new games, I just reinstalled Quake 3. I'm on Gentoo, and that was a simple process. I just put my discs in my drives, and did an ``emerge +cdinstall''. However, PunkBuster needed to update, and it wouldn't do it automatically. I found out how to force this, and did so in the main installation directory, but the game still wouldn't let me play online (it kept kicking me into observer mode). I finally figured out that I needed to run the update utility in my ~/.q3a/pb directory. So, I'm just leaving a googleable memory trail here.
Acts 17:28, "For in Him we live, and move, and have our being."
and I would say Linux would phone home a lot too...
Let's say Firefox:
It phone home and a) checks for update, b) checks for plugins update, c) checks for phishing.
Even apt-get would:
Contact and download the catalog, I didn't check but believe by only downloading the difference, the other peer could easily guess how old my catalog is.
And the list just go on with many other softwares.
The difference is, you can always verify the source with open source software, which I believe 0.1% user, at most, might actually do. You can always assume Microsoft is doing bad thing with its phone home feature, but if you are that paranoid, you better setup an independent machine for going online, or a proxy machine to route and only route those absolutely necessary traffic.
Looks like a lot more data than an IP address.