Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases Mobile Data Collection Source Code

Posted by timothy on from the but-the-secret-room-isn't-in-the-blueprints dept.

mikejuk writes "To avoid the problems that Google and Apple have had with collecting WiFi data and privacy issues Microsoft has just released [some of] the source code used in its mobile data collection system. The code shows how the phones that it drives around don't collect any personal data — just WiFi and cell tower identification so that they can be used in geolocation. The source code is a great educational resouce but as to proving that Microsoft is doing the right thing it just doesn't work. First off, it isn't complete. Second, who is to say that it is the code used in the phones? That's the point of software — it's easy to change. Now if only we can provoke them to release large chunks of Windows or Windows Phone 7...."

18 of 69 comments (clear)

  1. Re:Partial release rings alarm bells by Normal+Dan · · Score: 4, Insightful

    Somehow I get the feeling a full release of the source code still wouldn't be enough to satiate the nerdy masses.

    --
    A unique way to learn a language: http://languageloom.com
  2. Re:Partial release rings alarm bells by Anonymous Coward · · Score: 2, Insightful

    Nothing ever will be. If we get full source they will whine that it's in the wrong license or it needs visual studio/windows to compile. Or they will call it useless and whine about that.

  3. How much proof do you need? by goldspider · · Score: 4, Insightful

    First off, it isn't complete. Second, who is to say that it is the code used in the phones? That's the point of software — it's easy to change.

    Blah blah blah. And where's the "REAL" birth certificate??

    No amount of proof is enough for some people.

    --
    "Ask not what your country can do for you." --John F. Kennedy
    1. Re:How much proof do you need? by iluvcapra · · Score: 2

      For any non-trivial function its basically impossible to prove exactly what a computer will do, and once the data leaves the phone to someone's server you can't prove anything. All you have is the company's good word.

      --
      Don't blame me, I voted for Baltar.
    2. Re:How much proof do you need? by Bacon+Bits · · Score: 3, Insightful

      For any non-trivial function its basically impossible to prove exactly what a computer will do

      Bullshit.

      If this were remotely true then closed-source applications couldn't be hacked. How exactly do you think you crack and application which requires a software key or has a DRM requirement? How do you think they jailbreak game consoles with saved games? The magic of coincidence? Of course not. The look at the binary code, see what it's doing, disassemble/decompile what they can, and trap all network I/O and file I/O. If you really want to know what WP7 is doing, you can reverse engineer it. If DRM -- which is specifically designed to be difficult to reverse engineer or circumvent -- if DRM can be understood with just binary access, the behavior of an OS on a phone which lacks this design focus should not be that difficult.

      Other than being a goodwill gesture (and arguably opening MS up to fraud lawsuits if they are found to be lying), this release doesn't do much at all. However, given what would happen to MS if the code they release here is found to be anything other than what is actually running, I don't believe that they would risk being so stupid as to release anything but the actual source code. MS is in no position in the mobile marketplace to suffer such a gaffe.

      --
      The road to tyranny has always been paved with claims of necessity.
    3. Re:How much proof do you need? by afabbro · · Score: 2

      You, sir or madam, are missing the point. Source code alone is meaningless if you can't actually *use* it.

      You made Donald Knuth cry, you big bully.

      --
      Advice: on VPS providers
  4. What a biased piece of garbage article. by spd_rcr · · Score: 5, Insightful

    I don't know how this one made it through the slashdot filters to be published. Mikejuk's posting sounds like conspiracy drivel. What Microsoft did was clearly a good effort to try and show the worry-warts what they're doing, but to expect them to give away the source code to their operating systems is just crazy.. their whole business model is based on traditional closed source software.

    --
    - tensions in our lives that are attacking our minds, unite themselves together to make our consciousness blind - op'ivy
    1. Re:What a biased piece of garbage article. by eln · · Score: 3, Funny

      I don't know how this one made it through the slashdot filters to be published.

      You must be new here.

    2. Re:What a biased piece of garbage article. by cavreader · · Score: 2

      "there will never be competition against Microsoft " Please tell me you are joking. On the off chance you are not trolling please consider this, at a bare minimum MS is up against strong competition in the OS space, Game systems, Database systems, Phone systems, Mail systems, and productivity applications.

  5. Re:Partial release rings alarm bells by gabebear · · Score: 3, Interesting

    It's very likely Microsoft will never release anything that will satiate people who understand licenses and value freedom. Microsoft likes you to sign crazy NDAs for access to specs and source and ties their own developers and evangelists hands. I was at a WP7 presentation a month ago given by MS's WP7 evangelist for my region. He couldn't hook the WP7 phone he had to the projector like he normally does because Microsoft's legal department took away the cable he had been using for presentations...

  6. The Point by BradleyUffner · · Score: 2

    "That's the point of software — it's easy to change."

    And here I thought it was about letting the user accomplish something they consider useful. I didn't realize the point of software was to allow you to change it. Silly me.

  7. Re:Partial release rings alarm bells by im_thatoneguy · · Score: 2

    You don't even have to use your "feelings", he says it in the next sentence:

    Second, who is to say that it is the code used in the phones? That's the point of software â" it's easy to change.

    "Please give us all your source code! And proof that it's exactly the source code on my phone! And that you didn't push an OTA update! And that you are verifying the MD5 checksum of the source code to the build on my phone! And a UN panel to supervise the foundry in which the hardware md5 check was being performed! And a background check on all the people supervising the foundry to make sure nobody changes the hardware to mis-report the checksum! And...."

    There is no way to please them. At least they were up front about it.

  8. I work for Microsoft... by beamsplitter · · Score: 5, Informative

    ... and while I don't work with this team, I can tell you that it will have been released in good faith, and that the code in the phones will not be any different. I've seen nothing but honesty and integrity in the two years that I've worked for the company.

  9. How DO you know? by Sasayaki · · Score: 4, Insightful

    Good question. Very insightful. But how far do you go?

    How would you know that if they released the code that this code is what's really running on your phone? How do you know there isn't a backdoor inserted post compilation?

    How do you know that Linux isn't just a shell around an obscenely stenographed copy of Windows? Do you inspect every single line of code that goes into your machine personally? How do you know the code's not kept in a tiny hardware ROM on all modern chipsets and injected into Linux during boot? Do to read them all, personally? Well you should!

    The sheeple must know! It's a plot by the Skull and Bones society, the Illuminati and the masons, IE9 has links to stuff they put in our water and Windows mobile uses fillings in your teeth as an antenna so the greys can track you from space. Soylent Windows 7 is people! Oh God in heaven it's PEOPLE! ...

    More seriously, yes, it is possible they wouldn't use that actual code in their phones... but Occom suggests they probably do, while Hanlon agrees but clarifies if they aren't it's probably a slightly different version due to that idiot new developer in section 8 that ran the wrong script.

    Eventually, at some point, you just have to either accept what someone's saying or accept there's no trust there and move on. Keep in mind it's practically impossible to avoid cell-tower based snooping and tracking, making this whole point useless because the NSA etc don't need your phone to cooperate for them to get what they want.

    --
    Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
  10. Re:Partial release rings alarm bells by Anonymous Coward · · Score: 2, Informative

    Not with comments like "Second, who is to say that it is the code used in the phones?" coming from the person who wrote the summary. You could ship that jackball straight to Redmond, sit him down in front of a workstation at Microsoft, let him review the code himself and press the build button himself, and he'd still think it was a clever ruse on Microsoft's part.

  11. Re:Partial release rings alarm bells by Gadget_Guy · · Score: 2

    IMHO, releasing only part of the source code is indeed, like GP said, more dangerous than no release at all. Just that he forgot to mention that it's potentially dangerous in both directions - both to the world at large ("oh look, stuff to test for exploits!"), and to Microsoft ("OAMG they're hiding something! You can't even test what's there without violating a license!").

    That is not correct in this case. The problem is that everyone believed the article when they said that this was the code from Windows Phone 7. This is actually the code from Microsoft's vans that collected geolocation data. (similar to Google's vans that logged everyone's WiFi packets that got them into strife). The fact that they didn't release the entire code is irrelevant because none of us have the binaries with which to compare the source code. Therefore there are also no security problems with them releasing this code either.

  12. Re:Partial release rings alarm bells by Aydsman · · Score: 2

    He couldn't hook the WP7 phone he had to the projector like he normally does because Microsoft's legal department took away the cable he had been using for presentations...

    Why? Was there an actual legal reason behind this, or did someone just pinch his cable? It seems pretty unlikely that the legal department would prevent them from advertising a released product.

    I believe Windows Phone uses a protected graphics path, similar to the one in Windows Vista & 7, in order to provide DRM so services like Netflix feel all warm & fuzzy that their video content can't be intercepted. Because of this, all phones which are used in demos require a special build of the OS to display on a projector and, no doubt, a special cable recognised by that OS build.

    Having said the above, I'm not sure what reason Microsoft would have to reclaim the cable apart from controlling the number of them that exist outside the company. This control would be part of keeping the integrity of the DRM path.

  13. Not really...no. by theBully · · Score: 2

    I work in an environment where super paranoid measures are imposed to avoid issues. Every piece of software is isolated on a network with a sniffer that will check the nature and content of any data going out or in, while the software is taken through all of it's use cases. Some of these tests are time consuming because the tested software is complex and involves running very many use cases. Compared to some of these, a phone is in fact very simplistic. In many cases we test closed-source appliances but I can guarantee we do know everything the device transmits. No need for code or much reverse engineering. In conclusion, if someone wanted to prove they are doing something mischievous one could have done it without any source code. Microsoft just showed good will here.
    It's funny how people react to news about Microsoft and their technology. Take UAC for example. Everyone started complaining that they have to click an OK button every time they performed a task that involved the system. The same people thought that writing your password in Linux every time you perform an administrative task was an excellent idea. I sense a contradiction here. (For the record, I think requesting specific permissions on administrative tasks is a must so I will be happy to have that feature in any OS).