Slashdot Mirror
Windows ID
Igor wrote in with a link to a San Jose
Mercury article about the discovery of the "Windows ID", and claims it "has been quietly used to create a
vast database of personal information about computer users." It seems Windows 98
and other programs, like Office, embed a unique ID based on a MAC address into every document created (Office), or
even submit an ID unique to a user during Windows Update (where it
specifically says Microsoft will not send any information like that). The Intel thing
never bothered me too much, but I'm not so sure about this...
This is the scariest thing I have heard so far
;-)
just because M$ Office is so widely used.
And by the way - am I really the first?
Transmitting to MS HQ is bad.
But creating the ID is just part of the normal Windows OLE/ActiveX/Registry process.
leave it up to good ol' microsoft to do something like this. I keep thinking that they should have just stuck to BASIC.
That OpenSource was used as reference for the start of this technique? I wonder if this is another Micro$oft FUD agenda scheme. Perhaps that is the whole point.
There's nothing wrong with MS finding out who creates what. They made the program. If you want to use it, then buy it and use it. If you don't want them to see who you are, and don't like what they do, then don't buy it. AND DON'T USE IT! It's that simple, warez d00dz
http://www.news.com/News/Item/0,4,33413,00.html
I agree with the sentiments expressed above, though. I believe the "mistake" was deliberate and Microsoft is only closing the hole because it can't afford any more bad publicity right now.
Lots of interesting stuff in there..
I started to DL RealAudio's plug-in and notices they now require a Full Name and e-mail address.
I started wondering if they would encode that info into the plug-in before it's downloaded and then monitor your usage of the plug-in; for market research only, of course. I wonder who will be the first to try that sort of thing.
One could of course enter phony info, but I suspect it is considered fraud to provide false information in return for a commercial product. In some sense, they are selling you the product for the price of info on you.
After reading how Micros~1's top executives are
willing to lie in the courts, steal technology
from other companies, etc. This is most likely
just the tip of the iceburg. Remember, what you
don't know, can't hurt you!
Calling all Micros~1 operating system,
developers, and application users:
ABANDON SHIP
Locutus
I wonder if Microsoft can gather enough information from a computer and use it against the onwer in court? Is it legal to get information this way?
AK.
*getting my encryption software to encrypt all sensitive data.
Ignorant?
Wasn't this done for the benefit of the customer?
NOT!
These guys know exactly what they are doing and
they have no problem hiding the truth. They've
done it in from of a judge many times in the
recent DOJ vs Micros~1 case.
The truth is out there but you have to be better
than a Fox Mulner to find it in Redmond.
Locutus
As the guy on Ally McSkinny would say:
"Say it with me...
Class. Action. Suit."
That's Mulder! Sheesh!
They should tell users when they do things like
this but we are talking about Micros~1. They
show falsified video in court and insist it is
correct. They have stolen $$ from users for over
10 years by not telling them the truth so you
think they would start now?
Abandon Ship to a Micros~1 free zone and
you'll be richer, safer, and happier.
Locutus
"If you don't want them to see who you are, and don't like what they do, then don't buy it. AND
DON'T USE IT! It's that simple,"
I dont...I dont...I dont..I dont...
The point is: What About the ppl do not know any better? Just because they "own" the software on your machine does not give them the right to invade your privacy and gather personal information about you. I know, I know Sun does this everyday with countless peices of software. But the entities using SPARCS are just that: organizations and large companies who do not enjoy the same rights to privacy as an individual.
BTW: Yes I do undestand that privacy in this day and age is an illusion. All the more reason we must fight tooth and nail to keep every shread of it we have left.
"warez d00dz"
Ill just forget I even heard that.
Yeah, maybe - but remember, they weren't too hot on BASIC either -
all the MS Basic dialects they produced, whether for the PC, C64 or anything else, were piss poor.
AmigaBASIC was their only amiga product ( and it sucked - even though it is scarily similar to a proto-VB, since to support the Amiga OS, it had to be pseudo-OOP before the term was even in common use)
Not really related, but Debian has a package called Popularity-Contest .. You must install it specifically, then it tells you what it does and asks if you agree. Here's the description:
When you install this package, it sets up a cron job that will anonymously
e-mail the Debian developers periodically with statistics about your most
used Debian packages.
This information helps us make decisions such as which packages should go
on the first Debian CD. Also, we can improve future versions of Debian so
that the most popular packages are the ones which are installed
automatically for new users.
I think it would be a cool idea to have distros ask the user if he or she would like to be counted.
think that it could be considered fraud to provide
;)
false information to one of those 'rape me' forms?
I use email like "Idont@thinkso.com" all the time.
They aren't entitled to my email address. Anyway,
what's to stop me from submitting a real email
that points back to a *@email.com address and
then cancel it or give it a valid address that just
isn't mine?
I can see now why they'd want to tag us with
unique idenifiers
uselinux@email.com
Come on, don't tell me you never had any hunches about this. Didn't they have code in Windows 3.1 or something that made DR DOS crash if you used it instead of MS-DOS?
great idea but I still think the user information
should be eliminated from the responses. A
customer support call may enable that for a one
time configuration diagnosis but that is it.
I would worry that Micros~1 might get this info
and be able to count the number of users for
marketing purposes. They are able to count every
copy of OS/2 sold because of license issues and
therefore knew how much PR for Windoz 95 was
required to keep market share. We don't want this
to happen to Linux or any other OS.
Locutus
OK, my question is who on Slashdot is stupid enough to have a PC running a Microsoft PC set up at home (at least) so it can access the Internet? I've felt for years this would be a very bad thing to do. Microsoft has shown for Years that they can not be trusted in this respect.
Let's consider this, this is at least the second thing such as this that they've been caught at in the last several years. How many other things do you think they have feeding their databases? Look at it this way, their idea of fixing this is probably to hid it better!
On the other hand I'm paranoid enough to wonder if Microsoft has Windows set up so it can find the Gateway even if you don't tell it where it is. I think it's safe to assume it doesn't need to know where your DNS servers are.
Of course it would be amusing to let MS know what runs on my Win95 box. Three Warhammer games, one Star Wars Game, and as soon as I find time to install it software for the DEX Drive for my Playstation. That is the only software I've gotten for Win95 since it came out! Yes, it's safe to assume from this that the reason I bought Windows 95 was to play a Warhammer game.
plans to fix!
They plan to!
Kent
Do you include your credit card number when sending email to a lover, or reporting fraud to the government?
Fucking idiot. It's a completely different issue.
WHY is the GUID included in documents????
There is no purpose! EXCEPT to track people.
``The software was not supposed to send this information unless the computer user checked a specific option.''
''The software was not supposed to get detected, and now that it has we're implementing our CYA policies.''
Uh, let me start off by saying: WRONG! Just because I decide to plunk down $100 or whatever for a copy of MS Office doesn't mean Microsoft has a right to know who I am, what I do, etc. Perhaps they can present you with the option of filling out a brief form, in return for limited tech support, along with several optional fields about your personal interests, but they definitely do NOT have the right to know who you are. I personally never register with MS because I really don't anticipate on having major problems with Outlook or Office, and because I doubt MS would be of any significant help anyway.
There's this little right we Americans have called "the right to privacy" -- perhaps you've heard of it? This applies to MS, as well...duh.
-=The Saiyan Vejita=-
Why is anyone suprised here? So they've found the first of the 50 little ways M$ is databasing your activities when you use their software. Will you be suprised again when they find the next one?
:P
Well.... see subject line.
Developpement tools for the hacker kings under the sky
Servers for the sysadmin-lords in their halls of stone
An Office suite for the end users, doomed to whine
One OS for the Dark Lord on his Dark Throne
In the land of Redmond where the shadows lie
One OS to sell them all, one OS to bundle them
One OS to run them all and in the blueness crash them
In the land of Redmond, where the shadows lie
when the first beta of IE4.0 came out I noticed that. My system is permanentally connected to the net, so it's easy to notice that a packet is sent upon boot up. those with dial up would never have noticed it. I just had my linux box capture the packet and I simulate a random nunber sequence every 6 seconds to the jerks. as for the word ID, this is interesting... I knew it embedded the software key into them but I didnt know it was a MAC address. Now we need someone to write a program to scramble that id to say BITE-ME-BILL. that would be really cool.
Windows eats a dick
"Bennett promised that Microsoft also will wipe any of those numbers from its internal databases that the company can determine may have been inadvertently collected."
How the hell do you inadvertently collect data. Is their Microsoft VC++ compile so crappy that printf("Hello World\n"); accidently generated a MS SQL database application that accepted registration requests and logged globally unique ids to their database? Computers are completely stupid things that do exactly what their programmers tell them! You don't have something like this accidently happen. It was completely intentional on their part and I hope the gov't uses this when the trial resumes again to put the final nail in the coffin.
Surprise, they didn't. Lots of hand-waving and a promise of an eventual opt-out tool, but only for new Win 98 customers.
What did Blizzard do?
You use technical squarmish to justify for what Microsoft PR may call "a bug" or a "new feature."
... how do they know?
Explain why the information is sent to Microsoft?
I noticed Microsoft is suing a lot of companies these days for pirating their software
In OSS you can recompile your kernel to get rid of anything that you don't like!
Kent
That's an AWESOME idea. Doesn't Caddilac already implement something like this? I would personally love to have a tracking device that uses GPS built into every single car built in the US. Then when you get into an accident or need roadside assistance and you have no idea what city you're in or where you even are, just hit the button, send the info to your car maker's central help center and they can dispatch a tow truck or whatever to come out and help. Personally I couldn't care less if Dodge knows everywhere I drive my car. I would gladly give up that privacy issue in exchange for the safety and convenience. When my car was disabled a few weeks ago I sat on the side of the road on the phone with their roadside assistance people trying to explain where the hell I was so they could send a tow truck. NOT fun if I wasn't near a major exit on the freeway.
It's one thing to claim office documents and Windows Updates transmissions are logged with a user ID. Now, I respectfully ask those who're doing the claims to do one small thing: prove it.
What byte offset in a word document produced by Office'97 is this id? What bytes in the packets sent to Windows Update can this id be found? Cmon folks, get out the packet sniffers and hex editors to *prove* such things. And then write a small program to pull these bits out of a word file for the brain-damaged media to see.
To be very short, put up or shut up about ids.
I should have known that since I've watched the
show from day one. (The Night Stalker fan)
Thanks for the correction.
Locutus
What do you care about privacy? What's the point in privacy unless you're doing something embarassing or illegal that you wouldn't want people you know to find out about? I suppose you're paranoid and pay for everything with cash too huh? Well don't you know they trace all that money by fingerprints!? They keep a huge database of everyone touching that money and they KNOW! As for using software, perhaps they do because they HAVE TO? I get word documents all the time at work and need to use Word to read them and write new ones. It is a company standard and I MUST use it.
you never read the OOLAH (EULA)did you... anything generated by their program is theirs... your manuscript? it was generated into a pripetory file format that is owned by Microsloth. they can do with it whatever they want... in fact they can claim ownership of your manuscript. You write in visual basic? the program really is a microsoft product with your script telling it what to do. use visual C++? your program contains microsoft copyrighted code, they just interpeted your commands.. if they wanted to they can snag ownership of whatever they wanted.. It dont say anywhere in the EULA that what you create is your own sole property and microsoft will not try to own it.
What happens when Bill Gates takes VIAGRA?
-- He gets taller.
Seriously, though, how does this bug play into Mac versions of MSOffice, etc. Doesn't the Mac version have some sort of file which fakes a system registry (where this number is supposedly stored)?
And any fool who would actually put his real name into one of those M$ reg forms deserves whatever he gets...
Your credit card number is on your system: it's called Microsoft Wallet or cookie form (One-click shopping).
Now if Microsoft have all the credit card # of over 250 mil users. $5,000 for average users credit card. Let's do some multiplication: 250,000,000 * $5,000 = $1,250,000,000,000.
I want a hold of that database!
everyone I know has been testing this idea. we all use the same software key. yes we all purchaesed our software, but we decided to share the same key for everything that Msloth sold. I know of 20 machines that have every piece of software on it with the exact same key.. but if someone bitched we have the actual certs to back it up :-)) I'm sure it pisses off someone, even if it doesnt I'm pretty happy. anyways.. this is a joke, I've had software to generate any type of MS key I wanted.. catch the warez duds... that's a joke.
... is GUID embedded in every word/excel document?
What about the recently enacted Euro privacy laws that supposedly prevents sending any private information?
If you're right, Micros~1 is criminally negligent in allowing this privacy bug to slip out the door. What's this you say? One hundred MILLION dollars in revenues PER PRODUCT and a 50% profit margin doesn't leave them enough money to do basic quality assurance? Bullshit!
An explanation of the type you gave is expected, coming from an arrogant computer geek. Coming from an insanely wealthy company like Micros~1 that is supposed to be "focused on the customer" and constantly "innovating", there is just no excuse.
This article makes an excellent point as to why *FREEDOM* in software is important (not price).
actually, in Microsoft realm, programmers are just stupid things that do what their computer tells them
If you use the IBM GN dialer for NT (v.4.16 and 4.20 at least) check out arlog.txt, found in the IBM GN directory.
For those of you not crazy enough to trust IBM, it sends: your MAC address(es?), your current IP address, the names of your network nodes and shares, drive capacity, user status (e.g. admin/user/poweruser), and some other trivia to two IP addresses in the IBM GN assigned block.
Those of us not running Linux eventually wake up and find out that lack of control over the outgoing bitstream is a Bad Thing. I'll start using Linux when X stops making me scream in frustration....
Wow, I really hope most people don't agree with your
position...
Or when things really do get bad thanks to your 'who gives
a damn' attitude, it'll be too late.
Ever since '95 I've always used bogus information whenever I registered software. A pack of lies goes into every web form. Why? You just never know how the information is going to be used. Furthermore, it may help decrease the value of the databases used to track you. Collecting demographic info is fine, that can be useful to a business. The line gets crossed when you single people out. When a company thinks that it is OK to take this info without permission, and imbed it in every document you create, they need to be punished. If the government trying to do this, you couldnt throw a stick in Washington without hitting an ACLU lawyer.
Where do you want to go today?
We already know where you were yesterday...
They actually referenced the Open Software Foundation. This is the company behind Motif(tm) and should in no way be confused with either the Free Software Foundation or OpenSource. I found a web page that seems to relate to what MS is talking about here at http://www.jxml.com/papers/wwc/index.html .
Now. did you get a clue ?
I used to scream about X too. Mostly because the default RH setup looked enough like Win95 to confuse me.
Then I decided to run CLI only for a while. That got me used to finding files and so forth. Then when I moved back to X I was OK.
If what you are screaming about is X configuration...well, I agree.
MS has every right? Bah, you are an idiot.
Next you will say that my cell phone has every right to broadcast my location everytime I make/receive a phone call. What privacy rights should citizens be entitled? Perhaps privacy applies only to cases of illicite oral sex received while one in President of the United States... or when intercepting cell calls originated by the Speaker of the House.
It seems that no single organization can be trusted with privacy issues. Until Microsoft makes the source code available for review by people I trust (mainly me), I must rely on FreeBSD, Linux, and their open source cousins.
Hmm... I wonder how long it will be before some idiot tries to make the case the private face to face conversation is conspiracy (after all, reasonable people would use cell phones, they are so much more convenient).
I'm actually not one bit supprised. Bill Gates is anal retentive like that. Is this MS ID supposed to reduce software piracy? Man that pisses me off so bad =)
Illigally acquired evident is inadmissible in the court of law.
The last time I had windows on my PC was in 1996. The year when I went all Linux all the way.
He wants to exterminate all competing software.
I just want to make sure that everyone is very clear that the Open Software Foundation is a company that has nothing to do with either the Free Software Foundation or OpenSource(TM). They're the company behind Motif(TM) among other things. There's a web page that seems to relate a little to what MS is talking about at http://www.jxml.com/papers/wwc/index.html .
Not that I don't think MS is just trying to pass the buck, of course. It's kind of like saying: "other people have cheated on their taxes and gotten away with it, so why shouldn't I be able to get away with it?"
yes yes! =)
I think the artical is right about invention of UUID, but it is never intended to be used in this way -- associating user information with UUID or MAC. The scenario is like accussing peoples who invented fusion murderrers. Both inventions are intend for good purpose, only greedy abuse them.
Is there anyone stupid ot naive enough to
believe that they did it for tech support
purposes? How about a real mainstream boycott
of M$ products, by which I mean an effort by
Windows users to assert their rights?
BTW, M$ promised to expunge collected records
from their databases. But the key here is that
they did not name an independent audit company
to oversee the proceedings. Thus I conclude it
is only a trick and a lie. Anyone disagree?
And any fool who would actually put his real name into one of those M$ reg forms deserves whatever he gets...
I've been "Program User" working for "Company Name" for at least 10 years now.
Boy, I wish Company Name had a better retirement plan. And the medical benefits suck, too!
We're getting a lot of good ones today. ;)
Way better than MeePT!
Microsoft are CUNTS.
I, too, would like to see the bits. =)
Get it straight... from this day forward the correct spelling of the company formerly known as Microsoft is "Micros~1"
http://www.junkbusters.com/ht/en/microsoft.html
Happy?
Better yet, don't use improperly written software!
Abandon Microsoft (named after Bill Gates' penis).
Next, the phone company will keep records of our phone calls.
He likes having three distinct, yet wonderfully blended flavours.
You need one stuck up your nose, in case you
fall down and can't get up. If people abuse
your trackability, it for the good of humanity
right? If the world turns oppressive in the
near future, it'll be becasue of sheep like you.
Thanks alot.
Which explains why M$ is being so agreeable about providing a solution 'right away'. They know there are already "backups" in place.
Well, yes, those are some of the main reasons for wanting privacy. I'll start with the part about doing something illegal. Simply put, there are a lot of really stupid laws out there. If everything you did was fully disclosed, and all the laws on the books were obeyed to the letter, I can almost gaurantee you that you'd be in jail right now. Along with just about everyone else. Well, of course, you say, but no-one enforces the stupid laws, so only real criminals would go to jail. Maybe, but the problem is that it doesn't even matter if the laws are perfectly just and balanced today, they may not be tomorrow. So, if privacy is banned, and then an unjust law is passed, we're in hot water. Human beings aren't machines.
Now, as for embarrassing things. People do lots of things that aren't wrong in any way that they might not want other people to watch or know about. Ever pick your nose? Ever masturbate? Ever have kinky sex? Ever talk to yourself when no-one else is around? Ever just make some kind of mistake that you learned from, that would still be embarrassing to recount to others? There are plenty of good reasons for privacy.
Read the Isaac Asimov story: "The Dead Past". I think it has a really good angle on privacy. It even has a government using oppressive tactics to try and _ensure_ peoples privacy (well, probably just to ensure the privacy of the government itself).
Since I am stuck with M$ Win98 and M$ Office I tried making a simple Word document and deleting the GUID. I did so and Word would not open the file. I think that if it was a bug, this would not happen. I hope that the "utility" alllows your documents to still be usable.
Microsoft are CUNTS
Close... Microsoft are DICKS. And the user is the ASS.
And the constitution doesn't actually have anything to say on the subject, and you don't really have many laws protecting privacy. But, it's still de facto understood that the right does exist, it's just poorly defined. It's certainly not exclusively American though. Countries like Germany have explicit laws to gaurantee privacy, though.
Well, this settles it... I'm sending out my resume tonight and getting the hell out of Windoze app development. Tired of spending all my time fighting the damn tools instead of analyzing the problem anyway.
In the meanwhile, let's all march on Micros~1 in a raging mob and completely destroy them.
Baahaha. Sheep. You realize, that you pasted
as an AC don't you? What's your name, address,
phone#, credit history. We want all this info
and we want it *now*. You have nothing to hide
so you will tell us all, correct? I find
attitiudes like your to be very common and is
disturbing to see people so passive regarding
issues as critically important as these.
Your are right, Microsoft does have the right to do this but:
I'm betting that other companies don't feel this way. Eventually other corporations will see that Microsoft presents a security risk to them.
I think Microsoft just peaked in popularity or is just about to peak. You want control? Use software that has code availible. You want to be controlled, go with a shrink wrapped binary. Microsoft is killing the industry pulling this kind of crap. It's just a matter of time before the stop shooting themselves in the foot and shoot themselves in the head.
My sister works for MS as a marketeer for MSN.
She said that it is routine for MSN users
online sessions to be monitored and recorded
for later "clickthrough analysis",
(of course without their knowledge)
visits to porn sites and all.
I told her that this is an invasion of privacy.
She said that "users don't mind" (even though
they are not told).
Why would you want to run Photoshop when GIMP can do all that photoshop can? Hell, it can even use Photoshop plug-ins!
Same goes for MS-Turd... plenty of free workprocessors that'll read Turd files. And they're easier to use.
Hey!
.doc, xls, ;-)
Anyone but me ever noticed that any OLE doc
has a LOT of info except what would you normally
expect? I mean pieces of the files that've been
on your HD somewhen, then deleted.
That is, I mean why Windows 9x' after lseek after
EOF doesn't wipe that space? (That's the reason,
obviously).
Try this out -- when you got some
.whatever next time -- see in hex editor
(I do it quite often, and sometimes (rarely)
having some fun
I think they count only legal copy by estimating sale volume. Anyhow, the number is definitly inflated. Consider a person bought a copy of Win95 and never intend to upgrade to full Win98 but force to buy a copy when I get a new machine (brand name one, because that what I want). I doubt it is fair, even to its fairful customers.
Default RH setup is vile. Do yourself a favor and install KDE... it still looks a bit Windows-ish :(, but it's a pretty nice environment with easy menu based configuration.
Your Hitler reference offended me, irrespective
of M$.
Hitler was initially a brave soldier, who gave
rousing speeches during WWI. It did not make
any difference in the war though, so it is not
clear that this was in any noticeable way good
for Germany. Everything Hitler did after WWI,
was pretty much pure evil and I think Germans
today would be the first to wish they didn't
have that stain on their history.
What am I supposed to do if PPP doesn't work
under Linux?
Well, nobody expected Microsoft to have invented it. Just what has Microsoft invented anyhow?
Isn't this already a crime under existing US and state laws?
If they tell me that they are not collecting such information and then turn around and collect it, isn't that computer fraud?
If they access a unique identifier on my computer without my permission, isn't that unauthorized access, the same thing that got Randall Schwartz into deep drek?
Why doesn't law enforcement go after the successful criminals, the ones with the high market values?
Word documents typically come with their creators full name anyway, plus the path on their harddrives, plus previous version of the same document (thought that depends on the version of Word you're using, I have been told).
Especially those previous version can get you into some trouble when you edit an old letter to send it to someone else.
Photoshop : GIMP
Word : Star Office
BOTH FREE !
Most new federal government computers are registered Windows 98 machines running Microsoft Office. This is because the end-users want the "latest and greatest" and our agencies have discretionary spending authority. Now Microsoft can tell who created any document on those machines. Helluva of a good way to get dirt on just about anyone. Is this an accident?? The Feds should now have every right to enter MS offices and remove those machines in the name of government security. But whoever gets that data now has a LOT of dirt...
Sidenote: It appears Iraq was not much of an opponent to the U.S. Military and the Soviet Union has crumbled. Microsoft Corp. might just be another story, though.
Bill Gates wrote DOS!! -- whoops, wrong.
Microsoft invented the GUI!!! --err, Xerox did.
MS SQL Server!---oops, bought from Sybase.
Spreadsheets...no...
"Jet" database engine....no, bought with FoxPro...
Internet Explo...no...Mosaic.
Wait!! I've got it:
MICROSOFT BOB!
See, I told you they're great innovators!
And what about that Dancing Paperclip in the NT kernel?!!
PPP works fine for me and about 10 million other people. If you have difficulty configuring it, try linuxconf or get WvDial which doesn't need scripting at all (it uses heuristics to recognize your ISP login sequence, the same way Macroshit does.
This is the best example ever I heard that shows the value and importance of Free and Open Source Software. Everybody having a little self respect should erase all MS products from their harddisk and switch to an open source OS.
Do not change your privacy in return of some fancy icons and poping menus! Long live RMS!
....and is there a program that randomly changes it?
Try nailing your cock to a plank of wood. You won't like that either.
And at least with some versions of Word they'll be able to look at all your previous saved versions of the file as well.
Hi Bill, this poem is for you...
C:\My Documents\You are so special.doc
Hi Linus, this poem is for you...
hehe
KDE is an evil piece of rotten and destructive trash. If we wanted Windows we would run Windows! KDE and Gnome can both burn in hell!!!
You don't have to submit your name/gender/income to use a CORBA object, besides, they are not MAC associated, although most generator does use MAC to help generate the ID, but you could change it if you know what you are doing. ...
Besides, you own the interface database, not MS
While I consider this to be an outrage, it would be interesting to know whether the fine print in the Usage Terms (to which MSN customers must agree) actually permit this crap.
If it does, we have a corporation with a criminal mentality exploiting people who don't care about their privacy the way they ought.
Ektanoor has a point.
If there's a slashdotter out there with a valid email address in NSA, CIA, DIA, etc. you should send a message referencing the junkbusters URL and the note that they should consider that any computer that
(1) contains a Microsoft product
(2) has ever been connected to the Internet
is completely comprimised, with all the data on it accessible to the folks in Redmond.
Be interesting to see what comes of it.
I like the idea of going after MicroSloth for computer thieft. They did in fact steal information from your computer without your permission.
:)
Unfortunately the government probably worked with MS to place a secret value into these documents for law enforcement.
So we probably won't be able to get any goverment lawyer to work with us.
I knew their was a reason that I have been running Linux as my primary desktop and using html was my document format of choice for the last 7 years.
hahahah!! That's good.
I read in a the alt.fan.billgates newsgroup (which is now the same as alt.destroy.microsoft)that windows98 has this feature by 1 or 2 dlls. The dlls or dll's have 2 dns server entries that are connected to microsoft and every Time you send connect to the net all your desktop information and user information is sent to microsoft. I heard windows 95 has this feature as but its only with office and it only works if ms office is running when you connect to the net. IS this really true? If it is, then is this what the article was talking about. Hmm their might be a way to disable it.
Did it ever occur to anyone that the DOJ Hearings may be just a sham driven by paranoia and guilty consciences that Gates association with their longtime bedfellows the US Government may be found out. Why the reluctance to fix simple security breaches? (They are the gateways to an elaborate security system.)Why has no one ever questioned the use of DirectX and it's obvious security problems.(The original component in this technology.) Why have they not been challanged by anyone? (In any other industry they would have been broken up years ago.) The reason? Protection. I would not doubt it if the source of the protection is not rooted in technological blackmail, threats, and outright ignorance and arrogance. If you thought the DOD, FBI, CIA, and Secret Service had power. That is nothing to what's involved here. or was this an X-Files episode?
From the article at www.news.com
;)
Microsoft admits privacy problem,
plans fix
"Bennett promised that Microsoft also will wipe
any of those numbers from its internal
databases that the company can determine may have
been inadvertently collected. "
Come on people, data just happens to come
streaming into your database an it is INADVERENT?
I think I know a good use for some of those old
outdated NUKEs the gov has stockpiled....
Go Linux! Wither Windoz!
Locutus
it'll have to be the russian's who bomb redmond b/c the U.S. military is already bought and paid for by bill. there's no other explanation for switching to NT...
I have been programming since I built my first Z80 computer in 1978. I've written stuff from a Pascal compiler, LA(1) YACC replacement, real-time medical equipment, X/Motif, client-server networking apps..
I like the challenge to come from the software I'm building, not the software I'm using to build it.
Use KDE and shut up, bunghole.
Amen to that.
"Those who desire to give up Freedom in order to gain Security, will not have, nor do they deserve, either one." - Thomas Jefferson
You're exactly right. This is Bill Gates Grand Plan for the Future. A better world where Microsoft knows everything about you, to better serve your needs (or you theirs). They have done this for years, and they'll go on doing it. Next time they'll be even more careful, but they'll just go on. This Isnt News.
Come on people, just realize that a computer running anything from Microsoft is NOT YOUR FRIEND. It will report anything Microsoft wants to know about you to it's master. Microsoft is in control of the computer and they do whatever they feel like. And frankly, anyone stupid enough to run their products deserve what they get. You have to be absolutely mindbogglingly naive, blind and deaf not to have noticed this pervasive trait in Microsoft.
Yes, I'm sure you all have to use Microsoft products to communicate or whatever. Well, just *RETURN* those documents, hell, claim they cant be read by your version of Word and could you please do a save-as html (probably true anyway), or read them with 'strings' or 'catdoc'. The rest of the crap in a document is usually immaterial anyway. Dont just *whine* about it, you'll never get MS to stop this crap, unless nobody is using their products anymore.
I work for a company that has 10,000+ machines
with MS on every one of them..I will everyone
about this. I will scream it from the rooftops!
I will tell our *massive* legal department about
this...I will find out if this is legal!!
People are going to be *very* unhappy!!!!
The software was not supposed to send this information unless the computer user checked a specific option.
Translation: We claim negligence. The reason we're invading your privacy is similar to the reason your computer crashes twice daily.
And did you see the last paragraph!? It said cookies are used to track your adventures on the web. It's like they got a dedicated fud machine to write the last paragraph.
WINE wont help you with this. As long as you use any Microsoft product they can embed whatever information they feel like in their document formats or whatever.
Tracking devices on cars are for your benefit, this cr*p if soley for M$ evil purposes. jump ship everyone and... Destroy the evil empire of M$!!!
The mac version includes a bunch of visited url's in each word doc. I would imagine that everything else is included, as well.
>"So, nerdboys, if you are using a pirated copy of Windows 98 or MS Office, just don't register it and don't use Windows Update, and certainly don't call
technical support. If you would do something that stupid, you deserve to get tracked down. "
Actually, my boss did this by accident one day - the support guys didn't pick up on it. They may have the means, but they don't use them.
EEEEVIL! MS *and* Intel are now EEEVIL!!!!
"The price of freedom is eternal vigilance."
Ah, and it doesnt matter to your small office if Microsoft gets the documents anyway, right. Of course, the buisness might not be important anyway, so I'm sure you dont have any confidential stuff that your competitors might want to buy from Microsoft.
And, in the case that it isnt true yet, it will be in a few years. But that's hardly important compared to the devastating result if a chart or graph is slightly misplaced (Hell, dont tell them you're running Star Office. Just say that Word seems to have messed up your documents a bit. I dont go to a meeting where the guy who has documented something makes apologies for the weird printouts due to incompatibilities between Word and Word. In the Microsoft world people expect documents to look like crap and they expect computers to mess things up.).
Hate to make you paranoid, but when you use a cell phone, anyone can find your location
It takes two doppler antennas and a computer..
But I don't think thats actually done outside of emergency uses (when you call 911)
and its not intentional either..
$.02
bugg
Well, I'm sure Microsoft has the adresses. You should probably mail them real mail tho. They may be using Exchange, in which case your email might not even reach them.
If you're refering to the Bruce Perens' piece, you obviously don't know that he is extremely *pro-OSS* and was stating a concern that many of us share. Far too many people are far too trusting that the source code they download (or binary package they install) hasn't been modified on a cracked ftp site.
That said, let's compare incidents. Someone uploaded a compromised TCP-wrappers package and maybe 50 people were stung. MS made a truly braindead change (gee, there are no governments, and have never been any, that will EXECUTE people for writing the "wrong thing") and spread it to a few hundred million people. Which incident caused more damage?!
According to c't magazine (german computer magazine) they found the GIUD in eMails, too: http://www.heise.de/newsticker/data/ps-07.03.99-00 0/
Actually macroshit doesnt use heuristics it uses chap. Dont need to recognize logn sequences cause it sends magic numbers.
Since Micro$oft can get all of this info on people, why wouldn't they use this info to spy on competitiors. Wouldn't it be just wonderful for M$ if they could see who is working on what at Netscape or Oracle or Sun. Even competitiors of M$ must be using versions of Windoze for testing. The DOJ should take a look at this...
-An Anonymous Coward who is too lazy to register
Yes, you can use triangulation to find the position of a cell phone during a call, but there's a difference between using this and having the cellphone itself (embedded with a GPS system) transmit it's coordinates.
Furthermore, there's even a difference between doing that and letting the cell phone owner KNOW about it. It's not a half bad idea, if you can turn the feature off and if it is publicized.
funny you should mention that... Microsoft plans to institute annual fees for the next version of its operating system, and possibly applications too.
I lock the door when I go to the toilet but that isn't because I don't want people I know to find out I'm having a crap...
So people will not see what kind of software you use before you flush?
I lock the door when I use the bathroom, because some people just get funny when they walk in when another is doing business.
> I have every right to report your unauthorized software to the SPA and Microsoft.
> They have every right to prosecute violations to the maximum extent of the law.
> If you cannot pay the price, you will be doing the time.
> If electricity comes from electrons, does morality come from morons?
Wow, I guess morality DOES come from morons! Who would have known?
What's the difference? I'll tell you.
You are aware that records are being kept of the calls
you make.
You are unaware that your software is sending your
personal information to Redmond, Washington.
uselinux@email.com
Note that the M$ data collecton is an intentional tort: invasion of privacy. Can you say 'Class Action Lawsuit.' Since there isn't any question as to whether or not M$ did this, there is only the amount of damages to be determined. Let us just say that M$ will probably not survive these lawsuits, as the damages and punative damages will likely exceed M$'s gross worth by an order of magnititude.
Also, no semi-sane person will install M$ software, as they cannot be believed when they say 'we're being good, we aren't collecting data anymore.' If you believe this, I'd like to sell you the Washington bridge - cheap.
As others have pointed out, illegally gathered information can't be used in court...
... but that (generally) refers to information gathered by the police in criminal cases. The situation is *far* murkier in civil cases and information gathered by one plantiff.
My guess is that MS *could* use the evidence in court. You see, part of the installation process required you to accept the terms of the license, and *way* down in the fine print you consented to a search of your hard disk by MS corporation and its agents. You were not forced to accept the terms of the license.
This clause may not stand up to scrutiny by a court, but by that point you would have already experienced the Joy and Wonder that is our judicial system.
You know the system that will allow all your
devices to be network aware. The stuff MS is
throwing together to compete with Sun Jini.
Tie this violation of users rights with that
Network Plug and Pray and what you will get
is a sour taste when/if it ships.
Come on press, love to see someone connect
THESE dots.
Locutus
MS free with Linux and OS/2(mostly MS free:)
It still looks extremely bad to have such features, and that they haven't been exposed until now.
If Microsoft were to ever used this in court, they would have tipped their hand...it doesn't make any sense to use this kind of evidence in court, because it would have instantly produced bad publicity in court. The argument that Microsoft is using this for piracy matters is invalid. Why not add features to disable an OS for using pirated software? Think about it.
>Microsoft already admitted it, you idiot, so
>there's no need to prove it.
>This sort of knee jerk defense of Microsoft is
>almost as nauseating as Microsoft's own evil
>actions.
I didn't know/see that MS had admitted it. Thank God you weren't at the DOJ/MS trial, where the Judge asked both sides to prove their claims-- a response like the above would have lost the trial and the PR battle.
Honest requests for information and proof are not kneejerk defenses; if there is a problem with something, you should be able to PROVE IT. Always be ready to give to everyone an honest and polite answer to your claims about MS. You'll be treated far better in the long run if you do that.
Politeness: don't let MS have a monopoly on this also. Beat them at their own game...
Hmm... I wonder how long it will be before some idiot tries to make the case the private face to face conversation is conspiracy (after all, reasonable people would use cell phones, they are so much more convenient).
Man, whatever you do, don't read the 1995 Crime Act or the latest federal drug laws - you won't sleep well at night. This really isn't that far away at all and it's damn scary how few realize it.
I spent a month trying to configure it
using everything from minicom to wvdial
to ezpp to kppp to scripts.
A friend of mine (a longtime Slackware user)
came over and spent a day trying to get it
to work. I asked in newsgroups for help
and tried every suggestion in HOWTOs.
PPP still doesn't work telling me that my 8-bit
stream is not clean. All HOWTO explanations
don't apply.
If I could get PPP working, there'd be Win95
on my machine, but as it is I am stuck.
To me ironically, Win95 is the ultimate service
pack for Linux.
>The DOJ should take a look at this...
Bah. Joe Consumer should take a look at this.
The power of DOJ is insignificant compared to the power of a pissed market.
That implies that every ISP out there supports chap... if that is true, then what Linux PPP dialers support chap?
I agree! in fact, Microsoft should be commended for this bold statement against Those Who Don't Play Fair(tm). after all, the Ministry of Information Retrieval's budget is coming out of all our pockets, and automated electronic surveillance is a great way to make it cheaper. rock on MS!
I seem to recall from sometime back, 60s maybe, there were some ideas as to using unique personal identifying numbers. NO WAY! My civics and Pol Sci are very rusty, but the whole point of the constitution was to make a police state as close to impossible as the founding fathers could make it. I think Microsoft has messed up badly. A congressional inquiry will make the DOJ case look like a walk in the park. I wonder. Is this the right time to short MSFT (I think that's the NASDAQ symbol).
My credit card number isn't on *MY* system since I'm not stupid enough to purchase anything via the internet. All this stunt by Mircosoft does is confirm that e-commerce is untrustworthy and should be avoided at all costs.
should be adequate cause.
how can they, when warez people use OEM serial #'s
112111111
if hundreds of oems use that serial and all warez people too, then how can you distinguish between the two? you cant.
If you don't want it to go off and kill you,
then simply DON'T open the parcel.
I made the bomb, and therefore have every right
to put anything that I want in it, and need not
place any kind of informing message or warning
on the package -- since its MY package...
This is just another proof that we cannot
...
use MS software to write confidential/classified
documents and store classified data...
If they include hidden Flight-Simulator inside
their software, what else are they hidding ?
Probably they will also include a lot of
"back-door" security holes inside other products!
This way, they will be able to get any information
they wish...
Think about a native NT/95" BackOriffice" in
every Windows PC
There is only one solution if you want to have
security: get the source code (and inspect it)...
it pays to use 100% ascii! the secure way!
but even that can have encrypted hidden data in the format of spaces/tabs combos which could contain the data, so the best bet, is always, cut/paste the text and the run it thru a filter to make sure it only has propper spaces/tabs.
does this have anything to do with the registry key named "DigitalProductId" found in HKLM/Software/Microsoft/Windows/CurrentVersion? Or how about the "ProductKey"?
If this is part of their scheme, I'd say we make a website dedicated to trading the value of that key, in a way similar to websites with cookie collections. I will occasionally modify values found in those two keys (usually right before I hit the windows98 update site). Funny thing is that if the "DigitalProductId" key is changed in certain ways windows will refuse to boot completey (with no error message, of course) if not in safe mode, and will power down machines that use APM. Nice feature!
When I first heard about the IR-cam helicopters a few years back, I thought it might be cool to mount some high-intensity IR LEDs in a big "FU*K YOU" pattern on my roof (I'm in the suburbs of a major city in a high-drug-usage zone). Now I'm wondering if a few of those flexable electric water-pipe-heater cables would work better.
I was wondering: what if the whole world did an 'invasion of privacy' lawsuit on them: would they kinda go broke after all the out of court settlements maybe?
I can understand Microsoft's problem with
piracy. I'm sure a large number of people don't
bother to pay for any of their winblows software.
There are the courts to go after thiefs and
no one should go to someone's home without a
search warrant.
What bothers me about this is the violation of
our constitution rights. In the constitution
it clearly says that we're innocent until
proven guilty and that we can't be force to
testity against ourselves. Entrapment is also
a violation of our constitution rights. The use
of this ID make a mockery of those rights.
Yes, it could have been some "idiot programmers" who put the INITIAL function in.
But then there were other "idiot programmers" who collected the information.
Don't forget about the other "idiot programmers" who maintained the database with this information.
Seem like a whole lot of people made a whole lot of mistakes that just happened to perform a single task, tracking people by their names and their machine's NIC and what documents they produced.
Now that seems like a HIGHLY unlikely circumstance to just happen with a few "idiot programmers".
I wonder if they built this into MS Money? Now THAT would make a lot of people feel very uncomfortable.
Interesting! I found a cure by accident.
After removing all the entries for the activeX and
scheduler shit from the registry I found out that
the system worked much faster and better, on the
other hand I am unable to get any update from
Microsoft's site. And it's not possible under
Linux where it tells me that they don't have a
service pack for NT 5.0 yet. (?*??&??&?)
Trying to insist on gettin the winblows 95 or 98
service pak get you to go into an infinite circle.
... I use Debian.
hehehehe.
I AM going to try that new OS though - what's
it called? Oh yeah. "Slink".
hehehehe.
Yes! It's true! KDE and the underlying QT libraries collect information about your computer (and network if named is running) and send it to a secret database stored beneath the Kremlin in Moscow.
.ru domain. That's when the spooks pulled the plug on us.
The secret ID was discovered by programmers of the hackers group "CSG" (Cult of the Stuffed Gerbil) who are believed to be meeting beneath a whorehouse only blocks from Bill Gate's mansion in Redmond WA.
Although the CSG wasn't prepared to release the information, they were forced to publish after realizing they had been infiltrated by CIA operatives at the behest of the Pentagon.
One programmer, who gave his name only as "Salad Tongs", told reporters that the Pentagon had learned of their organization after a General (who was "taking a break" from negotiations over "Smart Ship" payoffs with Microsoft) suggested the CIA begin monitoring the building.
"Yeah", said Tongs, "we knew there was a whorehouse upstairs, I mean, all the skanks walking over from the bus stops or getting dropped off in the afternoons, and then the parade of limos all night.
"AFAIK, one of the girls was saying how this General was enjoying his break from negotiations with Gates, Mhyrvold and Balmer when he noticed the tick of keyboards between the squeeks of the bedsprings. The girl mentioned a number of "...really weird looking geeks..." leaving entering and leaving the basement at all hours of the day, as well as numerous pizza deliveries. I guess that's why he sent the spooks in.
"Anyway..", continued Tongs, "we had this Gnome hack who was always grepping through BSD code and yanking copyrights, then uploading the stuff anonymously to the FSF. He was all wacky about a GUI he found that was some kind of AI/fuzzy logic code mixed with some code from tripwire and tcp-wrappers, and he installed it on all the machines.
Tongs continued; "...well, another dude, who uses KDE, had the thing running, and it kept whining at him whenever he saved or copied files. He started getting really paranoid about the whole thing, especially when it told him some packets were getting routed to the
TrollTech and KDE have had no comment on these reports as of this date.
If I am a corporation (or gov't agency) sitting be3hind a firewall/proxy either made by M$ or living on an M$ OS, and I use Office 97 apps on Win98 boxes, with Plato as my strategic OLAP tool in the boardroom/Cabinet chambers, and M$SQL as my database, using software developed with M$ tools (which INTRODUCED this "feature") to develop M$ DCOM and MQ/CORBA objects, programs (SAP, PeopleSoft, Oracle APLTOP, BAAN), and I use M$ tools and OS's to develop the software necessary to generate my "pseudorandom" number to encrypt my most sensitive files, AND all my hardware uses M$-tool developed RT programs, and firmware/brightware AND my routers have M$ tool-developed software AND my HASH GENERATOR WAS DEVELOPED TO BE M$ -compliant!!!!!...how big does my keyspace need to be to ensure a "reasonable expectation of confidentiality/privacy?"
Maybe the Indian government was right?
Am I the only one here who feels bent over the bar, with my shorts around my ankles?
I posted this a bit higher, but apparently
you did not read.
I spent a month trying to configure it
using everything from minicom to wvdial
to ezpp to kppp to scripts.
A friend of mine (a longtime Slackware user)
came over and spent a day trying to get it
to work. I asked in newsgroups for help
and tried every suggestion in HOWTOs.
PPP still doesn't work telling me that my 8-bit
stream is not clean. All HOWTO explanations
don't apply.
If I could get PPP working, there'd be no Win95
on my machine, but as it is I am stuck.
To me ironically, Win95 is the ultimate service
pack for Linux.
Hmmmm...
and maybe the US/UK/ANZ insistence on Key Escrow is just a smokescreen, because they already have a back door (just as the NSA did for DES/Clipper/FIREFLY/etc.?)
I grant you the serialized COM objects, I'm sure that's how they do it and I'm sure a GUID gets put in the archive. The point is that the GUID represents the executable module (DLL or EXE) that implements the COM object so that next time the document is opened the archive handle can be passed to an appropriate module. Since this might be on a different machine that has its software installed differently, you can't just store "C:\myActiveXObjects\foo.DLL" persistently, you have to store a GUID that represents the object. The OLE libraries can take this GUID, look it up in the local registry and find out which DLL to load (or executable to start in the case of automation). There is no reason for them to be putting a GUID that somehow identifies the user who installed the OS. That's not what a GUID is for so it can't even really be called a GUID.
I retract my claims on knowing MS's intentions here, if they have any clearly though out. The FUD in the article made me a bit snappish, sorry. Its like swimming in molasses, reading something attributed to a MS spokesperson. They spew a bunch of crap and then suddenly its implied that its somebody else's fault?
When will you GIMPers get a clue. If all GIMP and PS did was make pretty images, then they would be equal. Problem is PS does about a zillion other things that people who like making money need to do and many of these things are the reason they do PS on Macs. If you can't think of at least three things that PS does which are essential in the DP market, then exit stage left and come back when you have a clue.
the courts have decided over and over you have no fundamental right to privacy.
why? because if you did, it would be impossible to bust you for torturing gerbils in your bedroom, like bill gates and steve ballmer do, since it was a "private matter".
But since torturing animals is illegal, you can get popped for it.
I don't actually think they are doing anything illegal, but as you can imagine, it is pretty annoying to find out that all your docs and spreadsheets contain information about you and your computer that is unauthorized.
broadcasting the keys to a database in the bowels of redmond is even worse. this is really a public relations problem at a (thankfully) bad time.
way to go pharlap! now start supporting linux.
"There is no reason for them to be putting a GUID that somehow identifies the user who installed the OS. That's not what a GUID is for so it can't even really be called a GUID. "
*shakes head*
It's generated from your MAC number if it's generated ON YOUR MACHINE, AND IF YOU HAVE AN ETHERNET CARD.
A GUID is inserted into Office documents to make them unique; this is so that at some point in the future, you could have a biiiiig database full of office docs and use the GUID in the doc as a key for lookup purposes.
Everytime you need a unique ID for something, most people go for a GUID - why? because it's built into the OS as a guaranteed way of generating a unique number that is GLOBALLY UNIQUE.
Come up with a better way of marking a document as unique, and I'll use it. But if your choice is between MD5 hashing algorithms and a 128-bit number, I'll take the 128 bit number, thankyouverymuch.
"I really hope that the WINE project will reach maturity so that we can junk this ID shackle, and the Microshift ball and chain."
Well, you'd better make sure you don't use CORBA then, because it does the SAME FUCKING THING.
I've recently heard that RedHat is using crash happy Gnome to funnel IDs to its own database.
The problem is they have been literally flooded with these IDs. They are considering turning this feature off.
Bullshit. The whole point is that we didn't KNOW what the program was doing, and some (naive) people thought that MS wouldn't keep tabs on them.
It's not as if the box said "MS Word! Dumb-as-dirt WYSIWYG word processing and big-brother tracking package in one program!".
I would gladly trade my freedom and privacy for convenience. Imagine how much better the world would be if the government would hold your dick while you pee.
Here's to the new world order.
BB BB BB BB BB
What you use is what you get! I take a cynical point of view when it comes to software, so there.
Instead of just posting a lot of anti-Microsoft shit ignore that product and use what you are not.
http://www.abisource.com/dev_faq.phtml
http://www.nllgg.nl/Ted/
http://www.eeyore-mule.demon.co.uk/
http://www.ping.be/bertin/abs.shtml
As the article states, M$ has been collecting info
:-)
on users of its software for some time. Since this was done without the knowledge of the user or
their explicit permission, is it legally possible for all users of M$ software to make requests for what info has been collected on them? What I'm
wondering about is something along the lines of FOIA that applies to corporations.
An enquiring mind wants to know!
Yet another good reason to never use MS products. IE probably secretly sends off information about every web page you visit to some MS database, and then MS can turn around and sell this information. NEVER EVER EVER input any personal information (name, email address, etc...) into any piece of software that you don't have the source for and can compile yourself. Nowadays, since we are so dependent on the Internet, it is just too easy and tempting to build this kind of crap into an application.
Actually, "cut and paste" will NOT get rid of the embedded "extra data". Cut and paste are OLE-smart, and whatever the OLE extensions in an app choose to do will be what gets done.
The only way to know what's there is to print it
out on paper and type it back in or OCR it back in.
Several months ago right when Windows 98 first came out I heard through the grapevine via my b/f about this. He even told me where it was in the registry, so it was a simple matter to change it from a "0" (Send in the info!) to a "1" (Already been sent).. I just figured since *I* heard about it (I usually seem to be on the tail end of the grapevine) that *everyone* had heard about it, and never mentioned anything.
Gee, and I could have been in the papers and everything.. Heather the Computer Expert (:
I could've been famous!
Don't I feel silly now?
when installing Windows95 Final Beta and deciding to register by internet with register.exe .. register.exe scans the harddisk for non Win95 programs installed in registry and path, serial numbers, e.g. data not submitted in the visible part of program. -> Microsoft via internet. TruE!!!!
Do a search for articles a while back..
maybe :) ..not everyone uses Windows 98
We'd like to know a little bit about you for our files,
...
We'd like to help you learn to help yourself,
Look around, all you see are sympathetic eyes,
Mouse around the desktop until you feel at home
and here's to you, Mrs. Microsoft,
BillG loves you more than you will know,
Wo wo wo
- with apologies to Paul Simon
If the microsoft win98 update computer is willing to accept connections from anywhere, provided that it got the invasive information that it was looking for. In particular, suppose that someone wrote a program that randomly created these "ID" numbers, as well as other random information regarding whatever information MS is collecting, and then distributed the software. In particular, MS would be so bombarded with inaccurate information, that they would not be able to act on the valid information that they have.
Any volunteers?
Yeah, look in your cookies file if you want to learn a lesson.
Any site can drop a cookie, and pull it back on any http request you make to that domain.
MSN, etc. can't access cookies from other sites, but places like doubleclick get around that by embedding images on pages for multiple sites - the img request to doubleclick allows them to log the page you're loading, plus your ID number in the doubleclick cookie. That's why big web ad companies can compile huge portfolios of user activity across all of their client sites.
MS bought Link exchange a few months ago.
If you want to use cookies (for convenience etc.) do a few things to keep your identity secret: encrypt your cookie file, if possible, so that no one can get your cookies and look you up in big brother's db's. Also, steal cookies from other people, or share them with friends, so that all their activity will be mixed with yours, and the marketing radar will be confused.
You're missing the point. There can be retrievable ID's all over your computer - in this case, MS are using the unique ID on any Ethernet card in the machine(other people do this as well, and Linux based s/w could use this; software can be ID'd, so could the processor (the PIII thing) or a serial number built into ANY OTHER COMPONENT that can be retrieved.
What's on your m/b or the HDD controller?
But waiting period! There could somewhere be hidden code on English in the document. Instead Gebrauchbabelfish for again translating the document into German and then back into English! Voilà!
other than the fact that my computer never crashes, I have yet another reason to not ever want to run redmond crap ever! Its funny because there "were" people out there who were claiming that we were all fringers and that microsuck is just a good company who makes a better product (its good to see that were making them see that were right down the middle) and that microsoft is the money grubbing, monopolisitic beast that it is.
What dll's and what software will watch them? The rumor I heard from somebody who works for MS said that Office97, maybe 95, sends copies of your FAT to MS and watches what features you use and reports it for marketing research.
Actually, for civil offenses the Bill of Rights doesn't apply. You are only protected against testifying against yourself in _criminal_ proceedings. That's why people/companies are forced to provide evidence when they are being sued. You don't think Microsoft would have had its CEO deposed in the Antitrust suit if they could have plead the fifth.
Er, no.
The Constitution of the United States applies only to the government (federal, state and local). No private corporation is required to abide by the Constitution. Corporations are only required to abide by the law of the land--which so far doesn't say much about "collecting demographic data," or whatever Microsoft's excuse du jour is.
Therefore, it is perfectly legal for Microsoft to do this. Never mind that it's dishonest, rude, worrying and outrageous--that's SOP for the Redmondites.
I don't know about you, but I take the position that if I want someone to know something, I'll tell them. Sure I do things that might be embarrassing if you found out about them; I probably do some illegal things as well. But the point is that it doesn't matter if what I'm doing is embarrassing or illegal or completely innocuous: it's none of your business. Re company standards: I understand that as well. Just try not to do anything, ah, self-incriminating at work.
My take on such things is that such information could be used in court. Nobody's forcing you to use Microsoft (insert Linux plug), after all. Private citizens, after all, do not need search warrants to procure evidence from someone's home or workplace (there's the matter of breaking laws while in the process of acquiring the evidence, and the fact that it's just plain rude, but those are other matters). Weasel words: I'm not sure if a similar principle would apply to a corporation; the law seems to view corps differently than private citizens.
I'm not sure; there doesn't seem to be a law yet saying that companies can't indulge in rude behavior.
Never mind the legal aspects, people. Hit Microsoft where it counts: in the wallet.
The only other people I know who do this are paranoid schizophrenics.
Many autistics do it as well. But Gates doesn't strike me as being autistic. Hell, I wouldn't put it entirely beyond the realm of possibility that it's a sham behavior to generate sympathy. The man's not stupid, just ruthless.
Heh, on that topic...
I was looking at the actual ASCII of a lab report I wrote in M$ Word. Much to my suprise hidden in the ASCII at the bottom of the file was pieces of e-mails and e-mail addresses out of messages that I downloaded into eudora pro. If that doesnt freak people out, I dont know what will.
Hobie
Slackware installs with a /var/spool/mail/root that has a couple of messages in it. It doesn't *really* send you an email; you can verify by installing off a network. Email is still there.
-- Erich
Slashdot reader since 1997
Why does /. post this irelavant article? Am I to believe that Justin is implying people actually still use Microsoft products? If so, poor suckers.
-Brett.
What's wrong with using StarOffice?
Bram@grmbl.com
--
People using html in email should be shot.
You know, it'd be interesting to have the setup
programs for the different distros have an option
to "phone home" -- give us some idea of a census
of the Linux comminuty. I wouldn't dream of it
being this sneaky and underhanded, but I can't
imagine why I *wouldn't* want to be counted in
such a way.
At the end of the install process, just say
something like "We are trying to get a reasonable
count of how many people use Linux. To be counted,
say "Yes" here. We won't keep any other info than
which IP you're at and what distro you're using."
I don't see anything wrong with that, so long as
the terms weren't violated.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
However, if they're selling these products and collecting this information in Europe, then they're in violation of several countries' privacy laws. People really need to get over thinking that just because Microsoft (or any other company) sells you some software that they have the right to tell you what to do with your computer or collect all the information about you that they want.
It's a weak mind indeed that falls for their "it's just good business" BS.
I always like to draw a parallel between Bill Gates and Steve Jobs. They both want to be in control. They both want to be on top. But Steve Jobs wants to do it to prove he's better than everyone else. If he doesn't do it by being better, it doesn't count. Gates, on the other hand, just wants to be on top and doesn't care how he gets there, as long as he gets there.
The company said it will alter the way the registration process works in the next maintenance release of Windows 98
;)
What about '95, NT, and existing '98 customers?
Moot point: they will alter it by sending the ID _twice_ instead of once. That constitutes altering it.
the company will create a software tool to let customers clear the ID number from the Registry
So it's an opt-out. Chances they'll publicize this "tool"?
Again, you're thinking small: says they will create it, nowhere does it say they will _distribute_ it, does it?
"If it is, it's just a bug," Bennett said. "If it is indeed happening, and we have testers working this weekend, we'll absolutely fix that."
It's a "bug" that information is included in the documents?
"Just" a bug. Also, I deduce that MS testers don't work weekends
Bennett promised that Microsoft also will wipe any of those numbers from its internal databases that the company can determine may have been inadvertently collected.
"can determine"? "inadvertently"? This is probably sufficient qualification to avoid doing anything.
You got it! Since they collected all these numbers on purpose (their war on piracy seems like the most logical explanation for this behavior) clearly no numbers at all need be wiped. None were inadvertent: they meant every one. Maybe it's helping them sue copiers of MS software.
I know this: I'm warning my workplace about this. We'd best not take any chances, and if that means doing without, maybe we'd better do without. It's actually pretty funny- I'm the guy who's been swearing up and down that Intel PIDs are not for individual tracking, but for asserting that the chip is not a Celeron or AMD (I am PIII! 'You may pass'). And suddenly, here MS is, actively doing the very thing Intel was only suspected of trying to set up to do (and far less effectively, to boot).
_This_ is what people were flipping out about, and it's bizarre that they originally saw this behavior in a CPU ID which is only good for intentionally limiting compatibility and forcing monopoly of Intel chips in the long run.
This slashdot poster has four various Macs at home (only one is serious, the others are bitty boxes) one of which dualboots linuxppc... but!
I do tech support at a computer repair place, and though I am a Mac tech, we totally depend on two Windows boxes. One's out front as a financial records keeper and answering machine, and nothing is ever done to it- the one out back has drives and stuff constantly thrown at it in the course of repair work, and consequently gets reinstalled a lot. Both are connected to the net...
It doesn't matter that we can't trust MS. We still have to use it to fix other broken MS stuff: maybe the front box could be a Mac or Linux machine (answering machine software with caller ID anyone? on either platf... wait, you can get 'YoYo' for the Mac. But who's paying?) but the back machine needs to run a Microsoft PC setup just to be able to deal in case somebody brings in a winprinter to be fixed or some such thing... so we're vulnerable.
We had better do without, and keep an eye on our windows tech- guy is one of those crotchety griping jovial characters who clearly does not _respect_ the MS license agreements if he thinks he can get away with ignoring him- and he could be putting us in danger by pirating stuff internally. I will have to ask about that, ask whether he's been doing that for anything.
Interesting world we live in, no? Wonder if we got sued, would they let us off with a slap on the wrist and a legal contract to get rid of our Mac, never do Mac repair again, never make a Linux box and in general become an exclusively MS shop?
As a final note- they must have repeated copies of our information, because W98 hates most hardware, and we've installed it on hardware it hates _many_ times... *install install install* the 'doze guys get real grouchy and aggravated at the way the quality went downhill so much...
"Why would you want to run Photoshop when GIMP can do all that photoshop can?"
;)
Bollocks
...for their own use, telling folks they aren't there. If people buy 'em, it's their responsability. Right?
Making software that sends information without permission is every bit as morally wrong.
Note that I specified that they deny the existance of the aforementioned devices; It can thus be assumed that they're not used in providing services.
Excellent argument.
Been a while since I read "The Dead Past". The point of gov't intervention, as I understood it, was stability of society -- as such a complete removal of personal privacy would completely destroy it.
At the moment, we're under an acceptable government.
Not everyone always is. There've been folks who've needed to use the strong crypto you anti-privacy types attack to hide lists of folks participating in human-rights protests or other Good Things. There are times when privacy and crypto are good and neccesary, and just because we have it good right now and don't need them doesn't need that we won't 10, 25, 50 or 100 years down the line.
On principal, the empowerment of the individual is not to be questioned. Privacy is an important part of that empowerment.
And anyhow, "they" can't trace all cash by fingerprints; It's logistically impossible (where do they do this? Banks? Where do they get fingerprints of folks who don't get arrested?). I'm not advocating unreasonable paranoia.
And does Microsoft HAVE TO keep track of who made each document? I sure as hell think not. You can use RTF or something of the like on all docs you save (and read Word docs just fine). All your word-using friends will be just fine.
...are best handled by LaTeX. Really -- its formatting is just beautiful, and LyX makes creating 'em simple.
And a postscript document can hardly be messed up at all on the other end; Your docs are safer that way than as word docs (where the right fonts may not exist on the other end or they may have an incompatible version of Word).
Btw, what is it you folks do using NT at work? Development? You could try developing your Windows apps with winelib (unless they make you use VB... ugh!) and be able to ensure that your company's product'll run under linux while getting your work done. Or word docs? Save in RTF (or in Word format without QuickSave) and StarOffice/WordPerfect/Whatever should do fine.
...at least they don't deny this. And there are alternatives which are far less incompatible.
I CAN have privacy in my transactions with Average Joe Vendor if I want to. I can't have it with Average Joe Word User if he insists I create my docs with his app.
Word (or WordView) will run in Wine well enough to do any test views.
Anyhow, I don't advocate this; In the case of docs that are just going to be turned in with no furter editing, PostScript's better.
I'm a poor student. I don't have two computers. I can't afford Photoshop and don't need anything so professional. And I'm very, very happy with the apps I use (PINE, gtkICQ, Netscape -- though I don't need to do any stylesheet stuff, LyX WP or SO depending on the job). And I run three servers in the background. If I get one Windows app, no way in hell I'm buying a copy of Windows, repartitioning, etc to be able to use it. So finding ways to work in a 100% linux environment works for me. If it doesn't work for you, fine.
So where do I lose time? I DON'T. But that's not to say that there may not be situations where it's elsewhere; I work w/ plenty of folks who run Windows and don't advocate that they switch unless they do development or server work.
Sorry 'bout the rambling form... I'm somewhat tired.
And, as I pointed out earlier, there are ways around this (WP8/SO's conversion w/ WordView to verify, for instance).
Anyhow, I didn't go saying "Using NT? Evil! Switch to a pure linux system!". I simply pointed out ways one could do equivalent work with a pure linux system, opening new options in his decisions regarding which OS to use for what jobs; I didn't say any other options were invalid.
I can understand/appreciate the rant, though. I would be rather annoyed by someone advocating that I use FreeBSD for my word processing, even if they were right about it being better for my servers.
Posted by Mr. Assembly:
A wise person (somebody tell me who please) once said that people have a good reason for dong things, then they have the REAL reson.
Why do I feel like I been fed the good reason here?
I really hope that the WINE project will reach maturity so that we can junk this ID shackle, and the Microshift ball and chain.
You know it's not one reson why I am moving to Linux, it's about a dozen now and counting....
Posted by Mr. Assembly:
A wise person (somebody tell me who please) once said that people have a good reason for dong things, then they have the REAL reason.
Why do I feel like I been fed the good reason here?
I really hope that the WINE project will reach maturity so that we can junk this ID shackle, and the Microshift ball and chain.
You know it's not one reason why I am moving to Linux, it's about a dozen now and counting....
Posted by Stephen "The Carp" Carpenter:
About a year and a half ago I got a
computer problem call set on my desk with
the words "Grant Pending" written on it.
I rushed out to the site to find a Doctor
had been saving his entire grant proposal
paper on 1 floppy disk in a word file and been
using fast save (as it is enabled by default)
The file was corrupted. Word refused to open it.
I grabbed notepad and opened it and said 'Voila'
He was so happy to see his document back...then he
realized that it was 2 weeks old! he had been
working 10 hour days for 2 weeks and all his
changes were gone!
The man then proceded to practically break into
tears. Ever since I have turned off fast save
on ever computer I see.
Sure this guy was stupid for saving all his work
on 1 floppy with no backups but...if it wasn't
for fast save...I may have been able to recover
most of it.
Posted by Mephie:
Ask your ISP really nicely to burn it on cd for you, ALOT of ISP's have burners and most local ISP's are pretty keen to your needs. And if that fails, buy one of the midnight techs a six pack. =)
--Mephie
This kind of assumption might be defensible if MS were to finally come out and admit that its Windows crap isn't really multiuser at all. It's assumptions like this on their part that run contrary to their claim to be 'mutli-user'. (With Intel's PIII ID it's even more annoying than the Windows ID, because putting the ID the CPU starts to affect real multiuser systems like Linux too.)
Don't let them spread the myth that workstations must be single-user. Letting that myth take root will kill one of the things that makes Unix better than the rest.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
Since I first installed Slackware, it's always sent mail to root imediately after completion of installation. What was the message? Please head to the Linux counter and add this machine.
That's what is so cool about Open Source, everyone gets to see what da hell is going on in the code under the hood . . . When we were developing Cytlok and working with VxD (Virtual Device Drivers) and wrapping around the File System and the TCP/IP stack . . . NOTHING is documented, you can't get it from Microsoft either!
.dlls ? Delete all Word docs ? Transmit all excel files to ftp.microsoft.com ?
.is it possible YES !
That's what is so scary, and let's talk about Easter eggs, when you have a Flight Simulator in Excel, and a Pinball game in Word, when triggered by a sequence of keystrokes (which in definition is called a Trigger Virus technically), no telling what else there is !
Who knows what else is in there, a key sequence to delete all
Is it probable, NO .
This is definately NOT FUNNY, but at least NOW we are talking about CLIENT/WORKSTATION security that has been LONG over looked.
(This is the inspiration for why me and Protocol created Cytlok)
I suppose you naturally wouldn't mind registering your ballpoint pen and having microtags suspended in the ink? Perhaps you would also like to have an id system built into your pants? After all, they made the pants, they have a right to know where you wear them.
They have a right to know who bought what from them, and that's it. What you do with it (as long as it isn't piracy) is none of their business.
O.K. let's put it this way. You are sitting in your living room reading a book. A book which is widely recognised as a good book. It is not the least bit controversial. Absolutely nothing wrong here.
Now, someone you don't know pulls a chair up to your window and proceeds to stare in at you while you read your safe book. Do you mind?
If not, you are in a minority.
Then, there are cases where your activity is legal, perhaps even legally mandated (such as blowing the whistle on government corruption). Unfortunatly, if the document is connected back to you before the corruption is halted by authorities (consider that the corruption may be in local authorities) there could be serious negative consequences. I'll bet you'd like some privacy then.
It isn't hard to create an ID which is opaque, says nothing about who created the object, and is still guarenteed to be unique.
For example, $id = MD5(Date,Time,Pid,MAC,AppID,Salt):
It won't be repeated for a very long time, yet because of the one way hash, it says nothing about you.
Anything that can't be edited with a texteditor :-)
should be banned!
COM/DCOM is based open the OSF's DCE RPC when calling remote objects. Objects are identified using a Globally Unique Identifier (GUID), which usually is a fudging of your MAC address + a timestamp + some randomness.
CORBA does this too, though in a slightly different way, (plus it usually hides its unique identifiers from the end-programmer through a persistent name that's called through a COSNaming service, which is why its a lot less clunky to use than COM).
MS did not do this intentionally to 'track' people, it's a way of insuring uniqueness in a theoretical "universal distributed object" namespace.
For a bunch of technical people, I'm surprised you guys don't see the logic of this. Did you even read the whole article? It was pure FUD - the quotes in the article were totally uninformed about the real use of these GUIDs.
Sure, it's kind of annoying, and I'm in favor of a better uniqueness algorithm that DOESN'T use my MAC addy, but this isn't something to get totally worked up over - MS will fix it (they have to, or it'll be a PR nightmare. Try explaining a GUID to a cluebie.)
-Stu
Office documents use the COM structured storage API to save info, from my inderstanding, so essentially, a doc is a serialized com object.
Of course, if this is wrong (which I doubt), you have a point.
-Stu
"no technically valid reason"?
Again, it depends how they store the document. I think it's done through a COM-oriented API, which would explain the GUID. Microsoft likes COM-everything for some reason, even if COM is ugly.
I agree there probably is a suitable alternative, but you're making a very large, illogical leap from "bad technical choice" to "tracking piracy".
-Stu
you're quite right, and it probably would be a better solution, but as I said, GUIDs are 'historical baggage' from DCE RPC...
-Stu
'technical squarmish' ?
clue: http://msdn.microsoft.com
read "Structured Storage" in the Platform SDK
then come back when you have a real argument.
info is sent to MS during the Win98 registration. CLUE: a GUID is a unique identifier - WHY NOT USE IT to identify a person who has registered, as in a DATABASE PRIMARY KEY? Gee.
The concern is that it may not have been the wisest privacy choice as it's tied to the MAC address, but my point is that it was a technical decision. If MS were "really" using it, why would they say "oh we'll just purge the info out of our database".. Gee, sounds like it was a relational database ROW identifier to me....
Oh wait, don't tell me you don't understand relational databases, either?
;sigh;
I *DO NOT* like Microsoft, but I dislike bullshit FUD a lot more.
-Stu
oh, I give an answer that you don't understand and I'm billed an arrogant computer geek. how wonderfully childish.
what arrogance? i said I could be wrong. I seriously don't know if office docs use com structured storage - I think they do, otherwise you couldn't save compound documents.
i'm speaking in the language of the facts & if you can't deal with it, stop spreading your bullshit fud.
-Stu
Btw, what is it you folks do using NT at work? Development? You could try developing your Windows apps with winelib (unless they make you use VB... ugh!) and be able to ensure that your company's product'll run under linux while getting your work done.
This "everyone MUST use Linux for EVERYTHING" attitude is really starting to bug me. If I'm developing projects that are meant to be deployed on NT systems, you'd better damn well bet I'm going to be developing and testing these things on NT. It's significantly easier and more productive for me if I use existing established tools under NT to do this task than to resort to using experimental, support-less OSS tools under Linux.
And despite what you may think, SO's RTF/Word format is not always perfect. I've come across quite a few inaccuracies when viewing a document cross-platform. This means he will be required to write his document in SO, reboot to Windows, "test view" it in Word to be sure it's right, make any corrections, and only then send it.
Or, you can reduce this time-consuming document creation steps to just two: Write it in Word for Windows, and then send it.
Let's face it, folks: Linux is useful for a myriad of tasks, but when you're working in a Windows environment or need Windowscentric documents, it's a WHOLE LOT more convenient and efficient to just do it in Windows. I myself have two computers at home, one Linux and one Win98. Since I do a great deal of stylesheet work on an Intranet, I use IE as my web browser (since Netscape's handling of stylesheets is far inferior, and ngLayout is not ready for real use), Word as my word processor, and Photoshop5 as my graphics app. I run an X server under Windows where my Linux apps appear, and occasionally I'll move my graphics over to the GIMP since the GIMP is easier to use for a few types of effects. I use IRC in an rxvt window, Windows ICQ, mutt for my e-mail, Outlook Express for newsgroups, etc.
All in all, I think I have it easy. I get to use the real productivity workhorses from Linux alongside the good Windows apps. Yes, I effectively have to reboot once a week or so, but I think that more than makes up for the amount of time I've saved.
Using a 100% Linux environment in many cases can be JUST as time-draining and inefficient as working in a 100% Windows environment. Educated people know to use the best tools for the job, and don't get involved in all of these stupid "everything MS is bad, everything linux is superior" arguments.
I noticed Microsoft is suing a lot of companies these days for pirating their software ... how do they know?
Because someone tipped them off, they did some investigation, and then filed a lawsuit.
Anyone that thinks that Microsoft somehow used this GUID information to determine who has registered software and who doesn't, and who to go suing is just an easily-frightened, paranoid sheep. What about those organizations that buy 10 copies of Windows but only use one CD/key to install on their workstations? To my knowledge there's nothing really wrong with this, yet your alleged GUID abuse would point to these guys as being evil, yes?
Think about it. The ID was only sent as part of the online Win98 registration process. The odds that you are even affected by this are remote.
Stop believing everything you read in the media (or on Slashdot) and learn to think for yourself. Get educated about the facts behind this matter before you go off spouting nonsense.
If you're right, Micros~1 is criminally negligent in allowing this privacy bug to slip out the door.
They broke no laws here. Your entire argument is flawed. I really feel like a dirty bastard having to defend Microsoft here. I don't care for them any more than most of you do, but when people don't seem to care that they don't know SQUAT about the issues at hand, and only want to jump on the "Microsoft is evil" bandwagon and start badmouthing them, I feel I need to step up.
The GUID is only sent to Microsoft as part of the online Win98 registration. If this applies to you, then you've ALREADY given MS your name, address, etc. along with your IP address. The addition of a GUID perhaps allowing identification of your MAC address (which is all but useless to MS) and generally just being a unique ID doesn't necessarily degrade your privacy any way.
Yes, it does seem suspicious and odd that this information would be required and stored in Word documents among others, but you should at least open yourself up to the possibility that there IS a logical explanation for why it's there, and I sincerely doubt that explanation has anything to do with violating your privacy or tracking you down.
Stop being an uneducated paranoid slashdot sheep and think about this for a while.
Do you have ANY idea what you're talking about here?
The only reason for this is so that Microsoft has hard evidence of piracy of their software.
How in the WORLD can this be used as evidence of piracy? Do you have any idea how many people and organizations buy 3 or 5 or 50 copies of software and just use the same CD/key to install it on every machine? To my knowledge this is perfectly kosher. What about someone installing Win98 on their PC, selling that copy of Win98 to someone else, and having that person install it on *their* PC? There are a million examples like this that totally shoot down the idea of this GUID being able to identify software pirates. If Microsoft were really tracking this information in some sort of piracy database, they would have to spend a LOT more time investigating the discrepancy than you'd think, and in most cases, it simply wouldn't be worth it.
Your argument is basically the same as the one dealing with Intel's CPU ID mechanism and software piracy. The whole idea is totally absurd and impractical.
They don't have to follow up on it (or even track it for that matter). Just knowing that the capability is there cows corporate customers into diligently keeping their licenses current.
And this is bad?
Firstly, I don't know about the types of places you work, but the corporation I work for has valid licences for every piece of software on every system. If unfounded fear (paranoid stupidity) in the minds of managers and administrators is really a factor here, while I'm laughing my asses off at these people, I don't see it as a bad thing at all.
Secondly, saying this whole PR mess is a plot by Microsoft to instill fear in the big corporations who are allegedly pirating thousands of dollars in Microsoft products is just silly. It really disturbs me that so many people actually think along these lines. I guess maybe when you end up with a real job in the real world and deal with real companies and real tactics and real technologies to solve real problems, you'll start seeing what's really going on.
This is all paranoid silliness.
Anyhow, I don't advocate this; In the case of docs that are just going to be turned in with no furter editing, PostScript's better.
This isn't always acceptable. If they're asking for it in Word format, they probably have a reason. Chances are, they're using a Word file viewer to browse through each document. When they come up to your Postscript file they're going to toss it in the trash can and give you an F for not following directions.
I'm not saying my specific (2 PC's) is appropriate or even desirable for everyone. I'm just saying you should let people use what they need to use. I don't recall hearing the original poster say he wished he could do all of his work under Linux, yet it was implied that he was foolish for doing his NT development under NT and experimental Linux alternatives were supplied.
Now, granted, my rant was more generic and was more or less against "everyone" that has this "Use Linux for Everything" attitude... Your post was just the one I broke down and chose to reply to. Nothing personal.
Because when you then need to throw something into Premiere, it's a lot easier not to reboot.
If you use smail on a Debian system, the configuration script already does this. After smail is configured, it asks the user if he would like to send a test message to the Linux Counter project. If you answer yes, Linux Counter++.
whoa. careful there, you might start a panic. (Or throw another stick on the ignorance fire.)
Slackware sends an email from Patrick Volkerding to root when installed, and asks very nicely for the newly-rooted to visit the Linux Counter and register.
It does not "phone home" all by itself.
Here is something even more scary...
There are these wonderful things that you can use to purchase things without money, I believe they're called credit cards. Anyway, you can buy stuff over the internet, or from the local store, or even of TV Informercials. But then they keep track of where you bought stuff! Good GOD! And for about 7 cents a piece companies can buy 4000 pieces of information about from places like Experian. You have no privacy. Deal with it, okay?
My Slashdot account is old enough to drink...
Its not that much of a different issue. They both are used to track what you have done. Using a credit card I can track your movements around the country and personal habits. Using the windows thing I can track what you have written. If anything, the credit card thing should scare you more because its easier to get access to.
Also, I was not reffering to storage of credit card numbers. Thats a completely different thing.
My Slashdot account is old enough to drink...
and Caldera hit them with a big lawsuit over it.
Blizzard got in big trouble for doing this.
:-)
Class-action suit anyone?
Just wiped out my last Windows box
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Aside from the legal issues, how many people do you know that really like their movements tracked?
How many folks would stop using MS stuff RIGHT NOW if they knew? 30% More?
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Yes. Let's all take some soma, and get over it.
Leave the thinking to the Alphas, they are so frightfully clever!
I am glad I am an Epsilon-minus semi-moron. Operating elevators is where true joy lies!
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Ever see his deposition?
Gates has a strange habit of curling into a fetal position and rocking back and forth when he gets nervous. They say Scott McNealy always has this effect on him.
The only other people I know who do this are paranoid schizophrenics.
Then of course there's the story about the $.50 coupon.
Bill was buying a carton of ice cream, and held up the line for a solid 15 minutes while he searched for this coupon. A guy behind him in line gave him $.50 to move him along, and Bill took it. This would be unremarkable, except Bill was already worth several billion at the time.
He took the money. Who does this. Small children, that's who.
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
All true. More recent versions do not have this "feature"
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Robert X. Cringely relates this story in his book "Accidental Empires". If its a UL, it's a good one.
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
I bet they look for Warez d00ds with it.
It would be nice if they hunted them down and prosecuted them; however, I think it is much worse. Does the typical company use Microsoft software? Is it all properly licensed? Shareware registered? They can build a database and calculate the top violators for the so called Microsoft/SPA raids. Ever wonder why so many companies so easily fall for a Total Microsoft Solution after a raid?
Do not use improperly licensed software. It gets expensive if you are caught and coerced into a "settlement."
However, will say that I have been used many illegal copies of Windows for some time.
I have every right to report your unauthorized software to the SPA and Microsoft. They have every right to prosecute violations to the maximum extent of the law. If you cannot pay the price, you will be doing the time.
... is GUID embedded in every word/excel document?
I'd love to see the memorandum or directive that specified the code for these programs to put the such information in documents. This was most likely a coordinated effort that required planning that came from a person. I wish this would be brought to trial and have the documents subpoenaed. Microsoft set a precident for getting documents to subpoena the bad-attitude list from Netscape and this should be no exception.
According to the article, the ID can only be generated when your name and a few other serial numbers are combined together.
Well yeah, what's the sense of transmitting the database before any apps are installed. It waits for a few serial numbers are entered, then the missile is fired.
For M$ to have your name, you have to have registered,
The whole point of putting personal information in all those little boxes. Suppose you do not put your personal information and something else in those boxes. They may get an IP address with your name on it anyway! Surprise!
Are these IDs being sent to Redmond? Is there any information where Redmond people may read "General X., commander SuperTaskForce "Kamikadze", Room 0, The Hexagon, MAC XXXXXXXXXX". Can anyone else read this?
I wonder what happened when that navel destroyer got a bad entry in its database and the whole ship was rendered dead in the water. Was there any final IP packets delivered to an evil software company that declared: "US DESTROYER DISABLED, LOCATION: xxxx.xxxx"
I wonder if Microsoft can gather enough information from a computer and use it against the onwer in court? Is it legal to get information this way?
No, it is not legal and not usable in court. That will not stop them from launching a legal investigation from which they may get enough information for a search warrant. Perhaps then they will request to visit your site. If you refuse, you might get a paper signed by a judge forced in your face as they enter your door escorted by the police. Everything from then on is fair game.
When you violate a license agreement, the software companies ARE the police.
After that is reconciliation if your credit is worth the time. Otherwise you will be fed to the dogs.
I seem to recall that he is a huge fan of Napoleon.
Which just begs the question: which disaster will be his Waterloo?
Consider the behavior of an anorexic, that person is driven by a thought "I need to be thin" that overrides everything - they may look in the mirror and see a bag of bones but "I need to be thin" continues to be their driving goal, they may step on the scale and see 70 pounds but "I need to be thin" pushes them onward. I think for bill gates that thought is "I need to demonstrate that I am a success". Think about it, the guy became exceedingly rich and powerful *years* ago but is still fixated on the thought that somehow, someway someone might come along and take him down a peg. I suppose he feels like without his accomplishments he'd be left with just himself and that is apparently a terrifying thought. You know, MS might well have been able to beat out Netscape by just making a better product but because of Gates' paranoia they had to stack the deck - coerce all the AOL users into using IE, bundle IE with the OS - Gates couldn't leave any possibility that he might not come out the victor. You know, thinking about it there are some scary parallels with Hitler's behavior. Initially he did a great deal for Germany but in the end it was ultimately his neurotic nature that caused his country's downfall. I suppose it goes without saying that history has an annoying tendency to repeat itself.
there are two kinds of people in this world - those who divide people into two groups and those who don't
This sort of knee jerk defense of Microsoft is almost as nauseating as Microsoft's own evil actions.
Professional Wild-Eyed Visionary
That's all very true. But there's nothing at stake here, unlike the courtroom, and your tone was very annoying, as was the fact that you didn't bother to read the article before taking a (sharply worded) position.
Professional Wild-Eyed Visionary
I lock the door when I go to the toilet but that isn't because I don't want people I know to find out I'm having a crap...
-- Arm yourself when the Frog God smiles.
Looks like it might be time to drag out this old chestnut again...
-- Arm yourself when the Frog God smiles.
A friend of mine told me that when you run a copy of any of their games in Windows and then use any internet gaming features, the game copies information from your registry and sends it to Blizzard. This is just what I was told second hand so it might not be totally accurate.
If this was for piracy, it would be in MicroSoft's interest to advertise the fact that they can catch pirates using this. Prevention of piracy is far more useful than persecution after the fact.
Since they have not advertised this it would indicate the purpose of the ID is something else.
IMHO, this is just idiot programmers making a mess, not some great plot by the evil Redmond geniuses. In fact I fear the idiot programmers more than the evil monopoly!
Sanity.html - Error 404 not found
I used to be one of the few around here (it seems) that didn't think using Microsoft software was one of the worst things a human being could do. I've changed my mind since reading that article.
This database -- which seems to already exist -- could have plenty of information about anybody out there who has ever used a recent Windows product. Me being one of those people, unfortunately, this news shocks me to no end. I will not tolerate these "bugs" any more.
I also find it interesting that they try to point the finger at the Open Software Foundation, saying that it was some sort of standard at the time. That is nothing but bull and a pathetic attempt to save face.
This could become a very clear argument in favor for using free software. GNU&Linux forever!
I was very much suprised to find that it sent a number of packets to Microsoft on startup, the oddest of which was a broken IP packet. I felt that this was probably just a debugging feature in the development version. Well it looks like I was wrong!
Personally, I feel that we should be outraged by this action. The Microsoft Corperation is clearly violating our rights in a way that not even the US government is allowed. Aquiring personal information under the guise of innocent support requirements, is little more that an unauthorized search and seizure of personal property. Should not corperations be held to the same 4th ammendment requirements that our government is? (Last I checked purchasing a Microsoft program was not a warrent to search my hard drive.)
--Karl
I find that really difficult to believe. It sounds like the usual paranoid nonsense I remember from reading alt.fan.bill-gates.
> In OSS you can recompile your kernel to get rid of anything that you don't like!
WorldGroup Manager BBS software. And WWIV as well. Both have/had source code available (with restricted licensing on the modified source, if I remember correctly). I work with a WorldGroup system about once a week - if you make a configuration change, it recompiles the files that are modified by your changes.
Pretty amazing stuff.
But I can't give you my WGMAN directory, source included. I can't give you my WWIV source code distribution, however old it may be.
Back to Windows (3.3.3.1 can't run an S3 ViRGE GX chipset #385, oops).
LightFusion
You don't get the whole point behind privacy, don't you? Try educating youself on the subject, it will make come accross as a far more intelligent person when posting on subjects such as these.
There's another little dollop of code over in Cambridge that can help with this matter:
ftp://net-dist.mit.edu/pub/PGP/
I spose the bright side to all this is...um, well...I guess there isn't one after all.
--Rick
from
http://www.microsoft.com/asf/spec3/c.htm
C.5 Node IDs when no IEEE 802 network card is available
If a system wants to generate GUIDs but has no IEE 802-compliant network card or other source of IEEE 802 addresses, then this section describes how to generate one.
The ideal solution is to obtain a 47-bit cryptographic quality random number, and use it as the low 47 bits of the node ID, with the high-order bit of the node ID set to 1. (The high-order bit is the unicast/multicast bit, which will never be set in IEEE 802 addresses obtained from network cards.)
Let's see, how to obtain a random number, hmmm, a random number generator in the c.p.u. maybe? Where have I heard of that sort of thing lately?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
For freeware that demands your name and e-mail address, why not use Lucent Personal Web Assistant?
http://www.lpwa.com/
Or better yet, use LPWA in conjunction with a web-based e-mail forwarding service or throwaway e-mail account.
I have not done this with some (I thought) reputable companies, and lived to regret it.
right on.
granted I use windows at work, but at home its a linux only shop.
---
I don't know what the hell you are doing to your documents, but I have tables, graphs, and bitmaps from my scope in all of my lab reports, and star office handles them fine. If teachers are complaining about any type of formmating errors, then use ghostscript to convert the output to a PDF, and then everyone is happy.
---
Frankly, I don't care. They can track me all they want. I also think that, assuming that the article is true, what Microsoft is doing is very underhanded, nasty and reprehensible. It's akin to spying. They should be brought up on this.
However, will say that I have been used many illegal copies of Windows for some time. Also, their number of users has got rather inflated as I ususally use a different name every time I have to install it - which is _very_ often.
Maybe it's just to inflate their egos - "The more installs we have, the better our OS is!"
Remember some guy writing a scary article making scary predictions how someone would stick a trojan into a program or a patch and then distribute it to others? Remember how most Slashdot readers responded by saying that it's more likely to happen in proprietory software, since noone but the developers sees the source? Here's proof.
---
It doesn't surprise me one bit. I always suspected M$ would do such a thing. Next thing you know they'll patent oxygen and respiration. You'll have to pay them an annual fee to breath.
...Linux!
"I've got to run some errands. I need to stop my the M$-Bank to get some M$-Money so I can go to the M$-Grocery Store and pick up some M$-Pork Chops."
Joe Bob, 2003
I think it's about time someone bomb Redmond.
Andrew
--
"You never know when some crazed rodent with cold feet might be running loose in your pants."
-Calvin
Of course there's a way to disable it... a hex editor comes to mind. Assuming the IP addy is stored as a string, one could change it to a different address as long as it had the same number of digits... Now, which dll's are those?
.
Think about this, the smartupdate HAS to connect to Microsoft.com to do the Update... Duh.. that doesn't prove anything... What would prove something would be to do a sniffer capture and look at the traffic that the dammed thing sends.
I don't have 98 installed anywhere, but I'm trying to talk a friend of mine into letting me capture his...
Short, Sweet, and to the point. I LIKE IT!
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
I can put up with your crashes. I can put up with your bloated programming. I can put up with your slow performance. But I cannot, and will not put up with wrongful and illegal invasions of my privacy. This is not something that you can fix with a patch or a program, Microsoft. This is not something you can cover with FUD. Violating my rights is the fastest way to your inevitable destruction and collapse.
I am in the process of downloading Red Hat Linux 5.2, and will no longer use Windows on any active internet connections. Good bye, and good riddance, Microsoft.
I had DRDOS 5.0 installed and it worked
beautifully. I needed to run PALASM. It would
crash if I used extended memory. I was told
that the program was using some Microsoft
libraries which were responsible for the crashes
and I should install DOS 4.0 if I wanted it to
run without crashing. I kept DRDOS but had to
disable that feature in PALASM.
I never used winblows at the time so I wouldn't
know about any crashes on DRDOS.
If PPP doesn't work under Linux you read some
of the misc HOWTOS and find out which file
you take of the CD to fix the problem when
it's not your hardware that's shot.
With winblows you have to hide the shotgun
as it would be a bit too tempting. Make sure
your winblows CD is close by for the reinstall.
Don't lose the codes. On Win 95 I had lost
my codes and managed to get a clean install with
bogus numbers. I don't know if that would still
work on Win 98.
I did read what you wrote but I don't think
you went thru all the possibilities. I used
to run Slackware on a 486 and had similar
problems. I managed to get PPP to work a program
that generates the script for me. None of the
ones you stipulate works. I would have to look
for it and I would remember by the name.
My modem needed a particular initialization
string and with \ replaced by \\
Also my ISP uses pap.
It took me a long time to get it to work so
I was using only OS/2 for connecting to the
net.
When I upgraded to RedHat it worked right
out of the box with a few clicks.
Michel Catudal
bbcat@netonecom.net
http://www.netonecom.net/~bbcat
So many things I could say, but I just have to shake my head at this. Just hope WordPerfect for Linux doesn't preserve this ID.
Any enterprising h4xx0r want to make a patch to corrupt/obscure/wipe this ID?
And, seeing the number of scans & attacks hammering my machines on this cable modem network makes me wonder if there's a possible bit of nastiness that could be done by submitting a flood of bogus ID's to MS Windows Update?
All academic ponderings, I assure you...
> At the moment, we're under an acceptable government.
When you have your car and your house siezed and your children taken away from you because you've been ACCUSED (not convicted) of a crime, you come tell me we have an acceptable government. How about police choppers with infrared units looking for growrooms in attics? How's it feel to live in the land of the free now?
I've finally had it: until slashdot gets article moderation, I am not coming back.
Program ... Data ... You say these are different, bwana? How is this? In this land of ours, program is data, document object is data, data use methods to manipulate. data must attach handlers or have name that lists handlers in big hut we call registry.
Tell me of this strange world where all your data has no name?
I've finally had it: until slashdot gets article moderation, I am not coming back.
I've got a thought here.
What if the slothlike responses we've seen to various security bugs were intentional?
Wouldn't it be possible that some of these bugs weren't much of a surprise to them, in light of this latest outrage?
Makes the old 'They're just arrogant & unresponsive to customer needs' seem a poor piece of reasoning.
Enh, just food for (slighty paranoid) thought.
~Grell
My definition of an expert in any field is a person who knows enough
about what's really going to be scared. --P.J. Plauger, Computer Language,
Programming on Purpose, p.29, March 1983
...when it gets down to fundamentals, do what you have to do and shed no tears. Dr. Matson in Tunnel in the Sky
Ok, you, me, my brother's comp and my neighbor's one...
Besides they are trying to control the Government also.
Yesterday I read an article on NT crap security and how the governement institutions are violating rules by installing NT 4 in their comps. The problem was that on one side they wanted to use Office97 and IE on their work. NT 3.5 is the only certified system to go under federal security rules and we all know under what conditions can be set. However in places where Orange Book is law they are using 4.0 _networked_.
The article had also a reference on the tribulations of a security expert trying to warn about the danger these institutions were falling in. However he was unsucessful.
The article echoed a suggestion that the US government "was taken hostage by Microsoft".
Well is this ID stuff a sign of it? Do governmental systems send Microsoft _their_ information? Are people at critical sectors aware of this?
We may not stop here. Let's think about any other government of any country (ally, foe, whatever). Let's think about such guys like CityCorp or CMB. Let's think about the UN and its branches. About NATO, Pentagon or even the Russian Army. Let's think even about the American Navy and _that_ ship with NT ruling on it... Or let's think about some critical industrial complex like a Oil rig.
Are these IDs being sent to Redmond? Is there any information where Redmond people may read "General X., commander SuperTaskForce "Kamikadze", Room 0, The Hexagon, MAC XXXXXXXXXX". Can anyone else read this?
If you don't wanna think so high then let's think about your insurance company.
It looks like a nightmare coming right from a SF cheap story. It looks like the "Shadow World Government".
I wonder the worse. In a future not far away:
"Welcome to Windows2xxx. Where do you wanna go today?" Uh, well Persian Gulf. Coordinates XXE XXN. "Ok grab a cup of coffee and wait a moment while we are proceeding your request..."
Meanwhile, somewhere in lost corner of the world, some crazy mojaheddin runs into his colleagues hut and says "Ok Abdullah I just got that damn M$ crap out!!! Let's take that scapegoat of Satan. There's a russian destroyer, also with Win2xxx server ruling it, around in the Red Sea. According to MSWeatherSat, conditions are foggy. Do that and that and let's send USS Yorktown into the deeps of Hell!"
Like Bond's stories. It may look childish and quite fantastic, but I'm really afraid if something near this may happen somewhere in the future.
PS: Microsoft's Official reaction:
It was not a bug. It was a feature. However who cares after IIIWW?
But also about privacy & piracy and most worse about confidentiality. Sometime ago I was told of a very scaring episode that happened to one friend of mine. He grabbed a very hot document to be sent to another company. He took Excel and ripped off every highly confidential information which should not, by any way, be seen by their partners-to-be.
Somehow he decided to look at the size of the document. And the thing look bigger than it should have been. Looked through a simple file manager (not from crappy M$ stuff) and OH WONDER! Everything was still there... Together with his name and a lot of more stuff that pointed to him, his office, E-mail and company.
This is a well known feature on M$ Oriffice documents. They have produced several patches and SPs that seem to "solve" it. But I have heard of situations when even SPed systems seem to "revive" these features.
Now add the above story to it, add some imagination, and think:
Their partners-to-be are a little smart. They get the doc. And they see what they should not know. So they grab the info, _the_ ID and try to dump into this poor guy's comp. Considering that all is run under M$ crap they may have a chance. A trojan through Outlook for example.
I wonder if in court this doc could have such explosive consequences as to set the whole guilty part over my friend. Maybe he was "offering" his services. Maybe he wanted to put down his company. Considering that some courts hardly understand what's going on here, my friend could have fallen in very big trouble. Just by sending such doc would have given him enough trouble to his sleep. Fortunately a little wondering about sizes, managed him to avoid the possibility of a huge mistake from his part.
Why is the press so damned nimsy-toed?
Say, you don't remember that quote by R.A.H.
about feeding inconsistant data to surveys
,questionairs etc ? The idea was to make the data
collected on you so incoherent that it was useless. Of course that won't work with what
M$ is doing, but is fun nonetheless.
It is a known fact that Bill politely waits in lines all over the Seattle area. In living around here for 20 years in Bill G "central" I never ever heard the story about the .50 cent coupon. Sounds to me that you got caught by an urban legend. ;-)
The only people that think GIMP can do everything Photoshop can are people who don't know thing one about Photoshop. Get a book. Get a clue. Come back tommorrow. Thanks.
I bet they look for Warez d00ds with it.
xm@GeekMafia.dynip.com [http://GeekMafia.dynip.com/]
I bet they look for Warez d00ds with it. 1st POST!
xm@GeekMafia.dynip.com [http://GeekMafia.dynip.com/]
Read the article, they use MAC addresses not the windoze serial number.
http://www.microsoft.com/asf/spec3/c.htm
I used the MSDN CD to install 98 on her system. It inserted it's own serial number during the install. I wonder if they can track that number to a specific subscription? I wonder if she'll start getting invites to M$ events? I wonder what mom would do at an Exchange seminar?
This "feature" was widely publicized when Windows 95 was released, and is somewhat widely known. For those of you who don't use MS software, here's how it works:
(1) When you install Windows, Office, or any other MS software, the setup program has a screen which tells you the GUID. You can also see it from a Help dialog. So, it's existance is no secret.
(If it didn't occur to you that this could be used for tracking, you just never thought about it. Strange because everyone is so MS-paranoid.)
(2) When you use the "Register" program with 95 or NT, or you use an ActiveX thingy on the Win98 "Windows Update", it scans your registry and Windows subdirectory for various competitive products, like WordPerfect or Lotus Notes. (I've heard that it does not upload a list of all installed software - but I have not checked myself.) It also uploads all of your MS GUIDs.
You can actually use the Windows Update site by just refusing to let the Survey ActiveX run. Set your IE security preferences properly.
(3) If you call MS technical support, you will also need to turn over a "Registration Number".
(4) If you attempt to use Microsoft's web support stuff, like the Knowledge Base or downloads, you will need to fill out a standard marketing survey (Do you make computer buying decisions? What industry do you work for?) All of this information is stored in a user profile (cookie-based) which can presumably be associated with your GUID info.
So, nerdboys, if you are using a pirated copy of Windows 98 or MS Office, just don't register it and don't use Windows Update, and certainly don't call technical support. If you would do something that stupid, you deserve to get tracked down.
On the other hand, if you are legit, this all seems like the standard marketing information that every company is trying to get. Kinda cheezy that they don't tell you what's going on, but certainly not a police state tactic, because it is all optional.
As for GUIDs in your Word and Excel documents - just how many of the gazillion Word and Excel documents in existance does Microsoft see?
--
Business. Numbers. Money. People. Computer World.
MS probably only uses this info for individuals and very small businesses. Big companies (with site licenceses) have their software so hap-hazardly installed that it's impossible for MS to track. Microsoft doesn't really care, if you are paying for it.
--
Business. Numbers. Money. People. Computer World.
Premiere: ???
Quark: ???
AfterEffects: ???
$$$!
--
Business. Numbers. Money. People. Computer World.
Ralph Nader wrote President Clinton about this
e s/msg00151.html
very subject not long ago.
http://lists.essential.org/1995/info-policy-not
Microsoft is only changing their mind to the idea because they cannot stand the bad PR hits that they will take if they don't immediately recant.
Score another hit for why OSS is ultimately going to win this war.
Ralph Nader wrote President Clinton about this very subject not long ago. http://lists.essential.org/1995/info-policy-notes/ msg00151.html Microsoft is only changing their mind to the idea because they cannot stand the bad PR hits that they will take if they don't immediately recant. Score another hit for why OSS is ultimately going to win this war.
I have personally known that MS sticks your registration info in every document you create for a rather long time. What is news to me is the fact that MS also sticks your MAC addy in there. I think the potential for abuse in this case is rather small, but none the less I don't think they should be doing it. This ironically might prove to be yet another hacking tool. Imagine this scenario. A windows user has their netbios partially open, sharing certain selected documents with network. And those documents contain that users MAC addy, and maybe other machines.... There are some tricks that can be played on DHCP and bootp, amongst other things, that are made much easier when provided with the MAC address. I don't think this attack ever be trivial enough to reduce to a single exploit/warez program, but I do think it might end up being used by some hacker type. Never mind the fact that netbios already has a hundred other bugs.....
This has absolutely nothing to do with the OLE2 object registration process, though the MS fud and misdirection and half-truths would have you believe that.
Executables and DLLs that implement COM objects are registered with GUIDs, not users or documents.
This is a well thought-out feature from M$ that has their software create hard evidence of piracy by corporations. With this in place, corporate users that are using multiple installations of software from the same CD not only broadcast this fact to M$ as part of the update process, they also create a papertrail in the form of Word documents and Excel spreadsheets that can be used in court to demonstrate that:
a) User A and user B have different workstations (i.e. different ethernet adaptor IDs)
b) User A and user B have the same software license numbers.
therefore:
c) Illegal copies of the software have been made.
As with most things from Redmond, its not about marketing or privacy or anything except money.
Left shift 1 for e-mail...
So what? The OLE DLLs use the GUID of the embedded or linked object to look up the implementing executable or DLL, start it up and hand it the archive handle.
There is no technically valid reason why anyone that is not developing COM components should be generating GUIDs.
The only reason for this is so that Microsoft has hard evidence of piracy of their software. If people are really stupid they will send this information to M$ using the Winders update. If they don't fall for this very obvious trap the incriminating evidence will infect every piece of persistent information created by the company.
Left shift 1 for e-mail...
> If Microsoft were really tracking this > information in some sort of piracy database, > they would have to spend a LOT more time > investigating the discrepancy than you'd think, > and in most cases, it simply wouldn't be worth > it.
They don't have to follow up on it (or even track it for that matter). Just knowing that the capability is there cows corporate customers into diligently keeping their licenses current. Fear is a great motivator. And the fact that this information is embedded in all the company's documents (the lifeblood of many companies) makes this an additional imperative. Its quite brilliant really.
Left shift 1 for e-mail...
No, No, No. Yes, transmitting the GUID to MS is bad, but the storage of the number in documents is just as troubling, as is the use in creating cookies as implied in the article. It's just the bad design of OLE if this is "required." I can see a session based UUID, but one that is stored in the documents themselves is just ignorant.
Did you read the freekin article? What's your response to the possibility of a company finding out who a whistleblower is because thier "ID" is stored in a document they create and send to authorities?
Why are you an AC if you don't mind everyone knowing every single document that you authored and being able to tie them back to you?
The ONLY time I give out correct information is when I'm presented with a privacy policy that says (something to the effect) "...we only collect aggregate data... you can't be individually identified..."
So for MP3Spy, I entered my real age and some other stuff.
I think it's fun supply email addresses like support@micorosoft.com to registration wizards :)
Especially when there's language about "newsletters" and "product announcements"
Here are some log files to show you exactly what happens during the *first two HTTP requests* of a Windows Update session. I didn't submit any form, just went to the URL. What is that CLSID? I don't know. I searched to registry, to no avail.
--- CUT ---
*** Received Client Request ***
GET http://windowsupdate.microsoft.com/ HTTP/1.0
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 19 Feb 1999 19:41:09 GMT
If-None-Match: "80781bcc3f5cbe1:d6a"
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)
Host: windowsupdate.microsoft.com
Proxy-Connection: Keep-Alive
Cookie: MC1=GUID=ca530262d4bb11d298830008c7d9e3db; page=ProductUpdates
*******
*** Received Server Data ***
HTTP/1.1 304 Not Modified
Server: Microsoft-IIS/4.0
Date: Sun, 07 Mar 1999 19:20:15 GMT
Content-Location: http://windowsupdate.microsoft.com/Default.htm
ETag: "80781bcc3f5cbe1:c4a"
Content-Length: 0
*******
*** Received Client Request ***
POST http://activex.microsoft.com/objects/ocget.dll HTTP/1.0
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)
Host: activex.microsoft.com
Content-Length: 44
Proxy-Connection: Keep-Alive
Pragma: No-Cache
Cookie: MC1=GUID=ca530262d4bb11d298830008c7d9e3db
CLSID={2DE96BE6-FD91-11D1-AA0B-00C04FB16F9E}
*******
æeee!
Perhaps that was a piece of FUD on my part. I looked at the first redirecter page and found the CLSID right there. As for what this object is, I'm not sure. I think it's probably harmless though. Sorry for the FUD. :)
æeee!
Can you give a URL for the story of the $.50 coupon? Thanks.
They laughed at Einstein. They laughed at the Wright Brothers. But they also laughed at Bozo the Clown. -- C. Sagan
Man, even those aggregate people are just going to have to be annoyed by me. I even enter contests with bogus info. Someday, someone's going to win something they didn't enter to win. I wonder if Uncle Samantha can still collect taxes on such winnings.
Digital Wokan, Tribal mage of the electronics age
Yeah, I did that on a word file I made under windows once, and found a list of urls I was looking at about half an hour before making the word file. And they think an id number is a privacy problem? How about everyone you send a word file to knowing what you were looking at on the web?
I believe, if it is within our right, we can sue! MS over this.
Is there a site yet dedicated to this fact?
-Michael J. Lu
-Michael J. Lu
"The little secret that haunts Corporate America...a techonology that won't go away."
Isn't that what Scott McNealy said?
Get the feeling they know something you don't?
> What's wrong with using StarOffice?
The fact that it doesn't too a very good job reading word documents other than text with rather simple formating. Tables, especially are crap, and I work with a lot of tables.
My company is slowing moving from Wordperfect to Word, and I've already had to boot windows once rather than Linux to do work at home. Not a good trend.
I understand there's an update to SO5 with better filters, but you have to d/l hte whole freaking ~65 MB or so again. Arg!
But Wait! There could be hidden code somewhere in the English in the document. Instead, use babelfish to translate the document into German and then back into English again! Voilà!
Photos of bits of the past hiding in the present: afiler.com
According to the article, the ID can only be generated when your name and a few other serial numbers are combined together. For M$ to have your name, you have to have registered, and although there's a zillion poor slobs out there who registered Office and Windows in order to get M$ tech support (which you and i both know is an oxymoron)... US SMART PEOPLE NEVER REGISTERED THEIR M$ PRODUCTS!!!
Slakware 3.4 (at least) already does this
Yes, they do have a right to do whatever they want with the software they develop. *But* if they are collecting and sending this type of information out over the net, they have a responsibility to tell everyone about it *before* they make it available for purchase. How long has thing kind of crap been going on with MS products?
A history of the Evergreen Point floating bridge
Is the broken-down 520 bridge on last its legs?
Old span, new urgency
520 bridge reopens after costly shutdown
520 bridge may close more often as lower wind threshold considered
One step closer to 520 solution
Don't think that Microsoft is the only one that has this problem. It's created by people simply not clearing memory before they use it.
I've seen cases of unused segments in Macintosh Resource forks having extraneous data that most people probably wouldn't want getting sent out.
So this isn't something that is unique to Microsoft. If anything the lack of programmers doing memset is probably one of biggest privacy issues around now. Thing is nobody has really said anything about it.
I think :-)
Word has the "fast save" function, and what this essentially does is append a "diff" style thingy to the main document. (wow, I'm verbose today I don't think!). Anyway, the fast save function is buggy, so it picks up some memory and dumps it in as well. If you disable the fast save function, this problem will go away (at least, it has for me).
cheers!
--Remove SPAM from my address to mail me
Given this information, how can any company processing confidential personal or financial information use Microsoft products?
:v)
Documents can be traced; Microsoft might know more about your files than you do; Now you can find out who wrote that damning report by comparing it with sample documents.
What Microsoft have done is probably an illegal practice in many countries.
So who is now going to trust MS software unless MS go Open Source and we can check it for ourselves?
I for one am going to be asking my bank to make my downloadable banking files accessable in a non-MS compatible format for security reasons.
Vik
Not all of us are the sole users of every computer in the house. My mom has no interest in Linux, and I wouldn't want to teach her anyway (she's so irritating!). We have dual-boot on 2 of 3 computers, and win98 only on the third. Linux is ready for primetime in the server market, but it can't run Photoshop, Word (for my mom), or any of my games. So back off.
Mike
--
Mike
--
"Wi nøt trei a høliday in Sweden this yër?"
Actually, I think the Hitler reference was fairly right on. What Hitler did for Germany immediately after WWI was tremendous. He gave Germans a sense of national pride back, and unified them to be the best damn Germans they could be. Hence the "Man of the Year" award.
It's just that somewhere in there what was best for Germany was obviously killing non-aryans and taking over the rest of the world. That is not good, and no one in their right mind would ever argue that it is. That's the aforementioned "point" that he was good up to.
True, you can argue that Hitler himself never was truly "good," and that all his reforms in Germany between WWI and WWII were just to achieve his twisted goals, but regardless of why he did it, he made a lot of good changes in Germany after WWI. Then erased it, of course, by being a raging psychopath...or whatever.
(yeah, that last statement is weak, but I just _can't_ end the argument making it sound like I'm sticking up for Hitler. Gives me the willies.)
--
Okay, I got Linux installed. So where's the free beer everyone keeps talking about??
It didn't really make it CRASH. It just came up with some _completely_ bogus error message that was more than enough to scare people away from DR DOS.
It had no bearing on the functionality of Windows. It was just FUD
----
Okay, I got Linux installed. So where's the free beer everyone keeps talking about??
You can read a print of the article on News.com at:
http://www.news.com/News/Item/0,4,33413,00.html
-----
http://www.Windows2Linux.org (Submit your Links)
http://www.Windows2Linux.org (Submit your Links)
Everything y
Actually that is wrong. The constitution grants Americans several specific rights to privacy - unreasonable search and seizure, no self incrimination, etc. and in fact many of the most important Supreme Court rulings have been based on a right to privacy - for example Roe v. Wade making abortion legal in the US was based on a right to privacy.
The problem with this cyber stuff is that it's too now for much case law to be built up, so abusive companies like Microsoft think that they have free reign. Well, they don't, and soon they will find that their abuses will result in legislation or legal action that will make them wish they had been more careful.
Still can't run my games, which is the only reason I still have Windows 95.
I believe he was saying that such an explanation would be ok coming from a single arrogant computer geek WHO HAD WRITTEN THE SOFTWARE, WITH LIMITED RESOURCES but Microsoft has a large amount of resources to use to ensure that this type of "bug" doesn't occurr.
- Free tabletop fantasy gaming! Grey Lotus
My freshman year roommate's computer actually did order a pizza once. At least, there was nobody in the dorm named George that had ordered one, and his computer went by George. That's just one of the strange things it's done.
- Free tabletop fantasy gaming! Grey Lotus
Micro$haft Doesn't Deserve Sympathy This time. Not even about warez or any other thing, no one has any right to say they HAVE the right to see what you are doing. The EULA, does in no way say you will be monitored or subject to. As well it says in no way that any personal information or property will be tagged, tracked, etc. Micosoft has no right to do that, whether you want to buy their software or not.
"How the hell do you inadvertently collect data. Is their Microsoft VC++ compile so crappy that printf("Hello World\n"); accidently generated a MS SQL database application that accepted registration requests and logged globally unique ids to their database?"
Yes, it is that crappy. It wouldn't suprise me if I compiled "hello world" on VC++ and 20 minutes later a pizza was delivered to my house.
-"I talked to God and here's the deal/ He said to floss between each meal" -- Uninvited
Awfully tough words against privacy issues for someone who hides behind an "Anonymous Coward" label... But, regardless, if you invite someone over for dinner, they have no right to start taking an inventory of what you have and setting up eavesdropping equipment to keep track of that after their stay is over...
.This is just another reason to use open source
software where you can see for your self
what the app or kernel does and change it
if need be