Jump to content

Features and Services Harvest User Data for Microsoft - From your mach


Rudi1

Recommended Posts

Something about Vista:

Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.

Microsoft makes no secret about the fact that Windows Vista is gathering information. End users have little to say, and no real choice in the matter. The company does provide both a Windows Vista Privacy Statement and references within the End User License Agreement for the operating system. Combined, the resources paint the big picture over the extent of Microsoft's end user data harvest via Vista.

Reading Between the EULA Lines

Together with Windows Vista, Microsoft also provides a set of Internet-based services, for which it has reserved full control, including alteration and cancellation at any given time. The Internet-based services in Vista "coincidentally" connect to Microsoft and to "service provider computer systems." Depending on the specific service, users may or may not receive a separate notification of the fact that their data is being collected and shared. The only way to prevent this is to know the specific services and features involved and to either switch them off or not use them.

The alternative? Well, it's written in the Vista license agreement. "By using these features, you consent to the transmission of this information. Microsoft does not use the information to identify or contact you."

The Redmond company emphasized numerous times the fact that all information collected is not used to identify or contact users. But could it? Oh yes! All you have to know is that Microsoft could come knocking on your door as soon as you boot Windows Vista for the first time if you consider the system’s computer information harvested. Microsoft will get your "Internet protocol address, the type of operating system, browser and name and version of the software you are using, and the language code of the device where you installed the software." But all they really need is your IP address.

What's Covered in the Vista License?

Windows Update, Web Content, Digital Certificates, Auto Root Update, Windows Media Digital Rights Management, Windows Media Player, Malicious Software Removal/Clean On Upgrade, Network Connectivity Status Icon, Windows Time Service, and the IPv6 Network Address Translation (NAT) Traversal service (Teredo) are the features and services that collect and deliver data to Microsoft from Windows Vista. By using any of these items, you agree to share your information with the Redmond Company. Microsoft says that users have the possibility to disable or not use the features and services altogether. But at the same time Windows update is crucial to the security of Windows Vista, so turning it off is not really an option, is it?

Windows Vista will contact Microsoft to get the right hardware drivers, to provide web-based "clip art, templates, training, assistance and Appshelp," to access digital software certificates designed "confirm the identity of Internet users sending X.509 standard encrypted information" and to refresh the catalog with trusted certificate authorities. Of course that the Windows Vista Digital Rights Management could not miss from a list of services that contact Microsoft on a regular basis. If you want access to protected content, you will also have to let the Windows Media Digital Rights Management talk home. Windows Media Player in Vista for example, will look for codecs, new versions and local online music services.

The Malicious Software Removal tool will report straight to Microsoft with both the findings of your computer scan, but also any potential errors. Also, in an effort to enable the transition to IPv6 from IPv4, "by default standard Internet Protocol information will be sent to the Teredo service at Microsoft at regular intervals."

Had Enough? I Didn't Think So!

Microsoft has an additional collection of 47 Windows Vista features and services that collect user data. However, not all phone home and report to Microsoft. Although the data collection process is generalized across the list, user information is also processed and kept on the local machine, leaving just approximately 50% of the items to both harvest data and contact Microsoft. Still, Microsoft underlined the fact that the list provided under the Windows Vista Privacy Statement is by no means exhaustive, nor does it apply to all the company's websites, services and products.

Activation, Customer Experience Improvement Program (CEIP), Device Manager, Driver Protection, Dynamic Update, Event Viewer, File Association Web Service, Games Folder, Error Reporting for Handwriting Recognition, Input Method Editor (IME), Installation Improvement Program, Internet Printing, Internet Protocol version 6 Network Address Translation Traversal, Network Awareness (somewhat), Parental Controls, Peer Name Resolution Service, Plug and Play, Plug and Play Extensions, Program Compatibility Assistant, Program Properties—Compatibility Tab, Program Compatibility Wizard, Properties, Registration, Rights Management Services (RMS) Client, Update Root Certificates, Windows Control Panel, Windows Help, Windows Mail (only with Windows Live Mail, Hotmail, or MSN Mail) and Windows Problem Reporting are the main features and services in Windows Vista that collect and transmit user data to Microsoft.

This extensive enumeration is not a complete illustration of all the sources in Windows Vista that Microsoft uses to gather end user data. However, it is more than sufficient to raise serious issues regarding user privacy. The Redmond company has adopted a very transparent position when it comes to the information being collected from its users. But privacy, much in the same manner as virtualization, is not mature enough and not sufficiently enforced through legislation. Microsoft itself is one of the principal contributors to the creation of a universal user privacy model.

The activation process will give the company product key information together with a "hardware hash, which is a non-unique number generated from the computer's hardware configuration" but no personal information. The Customer Experience Improvement Program (CEIP) is optional, and designed to improve software quality. Via the Device Manager, Microsoft has access to all the information related to your system configuration in order to provide the adequate drivers. Similarly, Dynamic Update offers your computer's hardware info to Microsoft for compatible drivers.

What Happens to My Data?

Only God and Microsoft know the answer to that. And I have a feeling that God is going right now "Hey, don't get me involved in this! I have enough trouble as it is trying to find out the release date for Windows Vista Service Pack 1 and Windows Seven!"

Generally speaking, Microsoft is indeed transparent – up to a point – about how it will handle the data collected from your Vista machine. "The personal information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to provide the service(s) or carry out the transaction(s) you have requested or authorized, and may also be used to request additional information on feedback that you provide about the product or service that you are using; to provide important notifications regarding the software; to improve the product or service, for example bug and survey form inquiries; or to provide you with advance notice of events or to tell you about new product releases," reads a fragment of the Windows Vista Privacy Statement.

But could Microsoft turn the data it has collected against you? Of course, what did you think? "Microsoft may disclose personal information about you if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with the law or legal process served on Microsoft; (B) protect and defend the rights of Microsoft (including enforcement of our agreements); or © act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft software or services, or members of the public," reveals another excerpt.

And you thought that it was just you... and your Windows Vista. Looks like a love triangle to me... with Microsoft in the mix.

Link to comment
Share on other sites


@Rudi1

It would be nice when you want to post an article, to only post the title and one or a few sentences, and post a link to the source and cite the author, the text you posted is integrally taken by this article:

Forget about the WGA! 20+ Windows Vista Features and Services Harvest User Data for Microsoft - From your machine!

By: Marius Oiaga

which can be found here:

http://news.softpedia.com/news/Forget-abou...oft-58752.shtml

At least this is the idea of Copyright.....

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

Nothing to fear....unless you are a kiddie predator, or just plain vanilla variety, or a thief who loves those cracked software programs, and the yummy free music tracks of the latest wacko artist and those hot movies.

Then again perhaps you had a flair for math at an early age, and discovered what you could do with a good algorithm's, a hex editor, C++ and some re-engineering software and decided that someones privacy and self respect was some liberal or Conservative plot to thwart your F...U mentality. So you wander at night poking your tool into anyones business you can crack for amusement, happy finger destruction, email confetti delivery, or those great "others" accounts or CC numbers. Besides you need a new an bigger HD...or that ultimate game machine.

Of course you could also be a plotting terrorist and you watched too many Pinky and the Brain cartoons, learned all his mistakes, and think you're smarter than a cartoon. Besides there is always someone nifty and current you can hate to justify your plot of taking over the world at any given time.

OK, so maybe your a good guy doll, and not into any of those fun things, but you're not real bright either, so you save your backups, and data on some server run by some company on the net so you don't lose all that precious material besides you have to trust someone else's mind sometime...don't you?? Your own is just not up to the task!!

9/11 and previous attacks elsewhere not on American soil changed the world, and most especially the world of the Internet and it's access. Pinky and the Brain became less of a cartoon, and more a reality, and there was a good reason Microsoft was not dismantled, and Vista was born (how long was it under developement..think back...think towers..) and that article only covers a small percent of what it's capable of. But your a good guy doll, and you play it straight, and have nothing to fear and 1984 was just a good read!! Oh...don't forget your tinfoil hat...I think the pyramid style is back in vogue.

Edited by Galt
Link to comment
Share on other sites

Here's your tinfoil hat. ^

I wouldn't go that far but there are privacy concerns. Just because the EULA says they don't do anything with the info doesn't mean they don't and if they didn't they would have no reason to collect any information at all.

Microsoft told the public that WGA doesn't phone home or transmit any info at all but when it was found out that it actually did MS was quick to back-pedal on the subject. It's the same with the error reports they want you to send to them that aren't supposed to collect any identifiable info. Go through the steps of letting it gather the error info next time but leave the the confirmation box open and then go look at what "non-identifiable" info is actually put in that report.

Link to comment
Share on other sites

I'd be much more concerned of this kind of "privacy invasion" coming from a new linux distro then coming from Microsoft. Microsoft wouldn't use any information they collect for anything other then new marketing schemes or product improvements. What's to say that some kid doesn't decide to recompile some of the linux source files while adding a password sniffer to the code and re-release as a brand new linux distro? At least Microsoft I trust.

And let's face it, you're giving out a hell of a lot more information (and risker information too) every time you use a bank card, a debit card or a credit card then whatever it is Microsoft would be collecting from Vista.

Link to comment
Share on other sites

At least Microsoft I trust.

And let's face it, you're giving out a hell of a lot more information (and risker information too) every time you use a bank card, a debit card or a credit card then whatever it is Microsoft would be collecting from Vista.

The difference is you know the risk, using your personal information on the net and trusting anyone that gathers data on you is a fools game. As the article stated:

"But could Microsoft turn the data it has collected against you? Of course, what did you think? "Microsoft may disclose personal information about you if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with the law or legal process served on Microsoft; ( B) protect and defend the rights of Microsoft (including enforcement of our agreements); or © act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft software or services, or members of the public," reveals another excerpt."

And my own quote: "Pinky and the Brain became less of a cartoon, and more a reality, and there was a good reason Microsoft was not dismantled, and Vista was born (how long was it under developement..think back...think towers..) and that article only covers a small percent of what it's capable of."

There are others that belong in the list, Google, Yahoo, and on-line data storage company's, and don't think Homeland Security is a joke, it's been at the heart of it since inception.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...