Posted on 07/02/2007 7:38:03 AM PDT by Salo
Forget about the WGA! 20+ Windows Vista Features and Services Harvest User Data for Microsoft - From your machine!
By: Marius Oiaga, Technology News Editor
Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.
Microsoft makes no secret about the fact that Windows Vista is gathering information. End users have little to say, and no real choice in the matter. The company does provide both a Windows Vista Privacy Statement and references within the End User License Agreement for the operating system. Combined, the resources paint the big picture over the extent of Microsoft's end user data harvest via Vista.
Reading Between the EULA Lines
Together with Windows Vista, Microsoft also provides a set of Internet-based services, for which it has reserved full control, including alteration and cancellation at any given time. The Internet-based services in Vista "coincidentally" connect to Microsoft and to "service provider computer systems." Depending on the specific service, users may or may not receive a separate notification of the fact that their data is being collected and shared. The only way to prevent this is to know the specific services and features involved and to either switch them off or not use them.
The alternative? Well, it's written in the Vista license agreement. "By using these features, you consent to the transmission of this information. Microsoft does not use the information to identify or contact you."
The Redmond company emphasized numerous times the fact that all information collected is not used to identify or contact users. But could it? Oh yes! All you have to know is that Microsoft could come knocking on your door as soon as you boot Windows Vista for the first time if you consider the system’s computer information harvested. Microsoft will get your "Internet protocol address, the type of operating system, browser and name and version of the software you are using, and the language code of the device where you installed the software." But all they really need is your IP address.
What's Covered in the Vista License?
Windows Update, Web Content, Digital Certificates, Auto Root Update, Windows Media Digital Rights Management, Windows Media Player, Malicious Software Removal/Clean On Upgrade, Network Connectivity Status Icon, Windows Time Service, and the IPv6 Network Address Translation (NAT) Traversal service (Teredo) are the features and services that collect and deliver data to Microsoft from Windows Vista. By using any of these items, you agree to share your information with the Redmond Company. Microsoft says that users have the possibility to disable or not use the features and services altogether. But at the same time Windows update is crucial to the security of Windows Vista, so turning it off is not really an option, is it?
Windows Vista will contact Microsoft to get the right hardware drivers, to provide web-based "clip art, templates, training, assistance and Appshelp," to access digital software certificates designed "confirm the identity of Internet users sending X.509 standard encrypted information" and to refresh the catalog with trusted certificate authorities. Of course that the Windows Vista Digital Rights Management could not miss from a list of services that contact Microsoft on a regular basis. If you want access to protected content, you will also have to let the Windows Media Digital Rights Management talk home. Windows Media Player in Vista for example, will look for codecs, new versions and local online music services.
The Malicious Software Removal tool will report straight to Microsoft with both the findings of your computer scan, but also any potential errors. Also, in an effort to enable the transition to IPv6 from IPv4, "by default standard Internet Protocol information will be sent to the Teredo service at Microsoft at regular intervals."
Had Enough? I Didn't Think So!
Microsoft has an additional collection of 47 Windows Vista features and services that collect user data. However, not all phone home and report to Microsoft. Although the data collection process is generalized across the list, user information is also processed and kept on the local machine, leaving just approximately 50% of the items to both harvest data and contact Microsoft. Still, Microsoft underlined the fact that the list provided under the Windows Vista Privacy Statement is by no means exhaustive, nor does it apply to all the company's websites, services and products.
Activation, Customer Experience Improvement Program (CEIP), Device Manager, Driver Protection, Dynamic Update, Event Viewer, File Association Web Service, Games Folder, Error Reporting for Handwriting Recognition, Input Method Editor (IME), Installation Improvement Program, Internet Printing, Internet Protocol version 6 Network Address Translation Traversal, Network Awareness (somewhat), Parental Controls, Peer Name Resolution Service, Plug and Play, Plug and Play Extensions, Program Compatibility Assistant, Program Properties—Compatibility Tab, Program Compatibility Wizard, Properties, Registration, Rights Management Services (RMS) Client, Update Root Certificates, Windows Control Panel, Windows Help, Windows Mail (only with Windows Live Mail, Hotmail, or MSN Mail) and Windows Problem Reporting are the main features and services in Windows Vista that collect and transmit user data to Microsoft.
This extensive enumeration is not a complete illustration of all the sources in Windows Vista that Microsoft uses to gather end user data. However, it is more than sufficient to raise serious issues regarding user privacy. The Redmond company has adopted a very transparent position when it comes to the information being collected from its users. But privacy, much in the same manner as virtualization, is not mature enough and not sufficiently enforced through legislation. Microsoft itself is one of the principal contributors to the creation of a universal user privacy model.
The activation process will give the company product key information together with a "hardware hash, which is a non-unique number generated from the computer's hardware configuration" but no personal information. The Customer Experience Improvement Program (CEIP) is optional, and designed to improve software quality. Via the Device Manager, Microsoft has access to all the information related to your system configuration in order to provide the adequate drivers. Similarly, Dynamic Update offers your computer's hardware info to Microsoft for compatible drivers.
Event Viewer data is collected every time the users access the Event Log Online Help link. By using the File Association Web Service, Microsoft will receive a list with the file name extensions. Metadata related to the games that you have installed in Vista also finds its way to Microsoft. The Error Reporting for Handwriting Recognition will only report to Microsoft if the user expressly desires it to. Through IME Word Registration, Microsoft will receive Word registration reports. Users have to choose to participate in the Installation Improvement Program before any data is sent over at Microsof.
Ever used a print server hosted by Microsoft? Then the company collected your data through Internet Printing. Network Awareness is in a league of its own. It does not premeditatedly store of send directly information to Microsoft, but it makes data available to other services involving network connectivity, and that do access the Redmond company. Via Parental Controls, not only you but also Microsoft will monitor all the visited URLs of your offspring.
Hashes of your Peer Name tied to your IP address are published and periodically refreshed on a Microsoft server, courtesy of the Peer Name Resolution Service. Every time you install a Plug and Play device, you tell Microsoft about it in order to get the necessary device drivers. The same is the case for PnP-X enabled device, only that Windows Update is more actively involved in this case.
The Program Compatibility Assistant is designed to work together with the Microsoft Error Reporting Service, to highlight to Microsoft potential incompatibility errors. For every example of compatibility settings via the Compatibility tab, Microsoft receives an error report. The Program Compatibility Wizard deals with similar issues related to application incompatibility. File properties are sent to Microsoft only with the item that they are associated with.
You can also volunteer your name, email address, country and even address to Microsoft through the registration process. A service such as the Rights Management Services (RMS) Client can only function in conjunction with your email address.
All the queries entered into the Search box included in the Windows Vista Control Panel will be sent to Microsoft with your consent. The Help Experience Improvement Program also collects and sends information to Microsoft. As does Windows Mail when the users access Windows Live Mail, Hotmail, or MSN Mail. And the Windows Problem Reporting is a service with a self explanatory name.
But is this all? Not even by a long shot. Windows Genuine Advantage, Windows Defender, Support Services, Windows Media Center and Internet Explorer 7 all collect and transmit user data to Microsoft. Don't want them to? Then simply turn them off, or use alternative programs when possible or stop using some services altogether. Otherwise, when your consent is demanded, you can opt for NO.
What Happens to My Data?
Only God and Microsoft know the answer to that. And I have a feeling that God is going right now "Hey, don't get me involved in this! I have enough trouble as it is trying to find out the release date for Windows Vista Service Pack 1 and Windows Seven!"
Generally speaking, Microsoft is indeed transparent – up to a point – about how it will handle the data collected from your Vista machine. "The personal information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to provide the service(s) or carry out the transaction(s) you have requested or authorized, and may also be used to request additional information on feedback that you provide about the product or service that you are using; to provide important notifications regarding the software; to improve the product or service, for example bug and survey form inquiries; or to provide you with advance notice of events or to tell you about new product releases," reads a fragment of the Windows Vista Privacy Statement.
But could Microsoft turn the data it has collected against you? Of course, what did you think? "Microsoft may disclose personal information about you if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights of Microsoft (including enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft software or services, or members of the public," reveals another excerpt.
And you thought that it was just you... and your Windows Vista. Looks like a love triangle to me... with Microsoft in the mix.
"So basically if I didn’t click “No” when I set up my Vista, then MSFT can pull any sort of data they want?"
Far as I know if you refuse the DLA it won't install.
I hate all that stuff too. Not that I’m doing anything a reasonable person would object to, but (1) it’s none of their business, reasonable or not, and (2) where is my ironclad guarantee that everyone that ever sees any of this information will be reasonable, by MY definition?
Oh, my. It’s Doctor in a Potty.
I’m at 127.0.0.1.
I hate you.
Dang! My firewall is configured to give you full access!
Adopting policies that routinely go shutting down users for no reason, or limiting people from doing what they want to do on their computer is contrary to that end. They'll lose customers.
Why start down that slippery slope now when we can avoid it altogether?
What is the slippery slope, in your opinion? Automatic updating? You can turn that off, but I think you'd be stupid to.
That's just the beginning! If you look, you'll see that I've even given one of your computers my IP address!!
Muahahahaha!
All your base are belong to us.
You are on your way to destruction.
You have no chance to survive make your time.
Hahahhahahaha.
I think there are many potential dangers in this age of computers and the Internet. It is good to be on guard at all times. I’m just not going to complain until I see a real threat.
You explained all that better than I did. ;-)
Gee, non routable.
Mine’s 10.1.1.256.
When did microsoft become interested in better software?
The files saved by the latest MS orifice are unreadable by earlier versions. Pages and pages of total gibberish.
If you 'save as' an earlier version, you can at least recover the text in an earlier version, too bad about the formatting, though.
Sounds like you failed to save it. Surely you wouldn't want MS "Saving" things you don't tell it to save... if they did you'd be ranting about THAT.
Oh, and MegaSuck Office Basic 2007 doesn't include PowerPoint. They did keep the malware LOOKOUT!, I mean, Outlook, though.
Powerpoint is a very specialized software most people don't need. If they included it in the BASIC version, people would bitch about THAT.
As for Outlook... I've used it for years without any problem. It's better than any other mail/calendar/contact manager I've seen.
Mine’s 10.1.1.256.
Yeah, that's another (Class A) one. We use that here at work, though the 192.168.x.x one would have sufficed.
Your home router assigns 10.x.x.x addresses? I haven't seen any myself that use it.
Do you mind saying what brand it is?
Oh, and MegaSuck Office Basic 2007 doesn't include PowerPoint. They did keep the malware LOOKOUT!, I mean, Outlook, though.
Powerpoint is a very specialized software most people don't need. If they included it in the BASIC version, people would bitch about THAT.
As for Outlook... I've used it for years without any problem. It's better than any other mail/calendar/contact manager I've seen.
I used to put a PC out there to see all the script kiddies go nuts. A machine named finance01 must be enticing;).
Behind my NATTED firewall, it (the fiewall) would log the attacks on the public side. Literally a 100 a day. I got so many I turned off the SNMP alerts I received for every one. Since I could modify the router's MAC address on the public side I used to change the public IP address I got and I still got hit with the kiddies. The plus side to a public address is I could set up a Citrix server for when my wife traveled.
Now that I have DSL, they stop outside access at the edge router and if you want to be able to get to your assigned IP address, guess what, it costs more!
That's always been the case. No software can read documents that were created on versions that did not exist when that software was written. And if you save it down, the only formatting that should be lost is formatting that was not possible in the earlier version.
It is a Netgear, I forget the model, it’s also wireless. The old Netgear came in a metal box, this one has a sleek plastic case and it only has one antenna.
If you turn off DHCP, you can assign probably any address you want of the non routable type although it would be pretty funny if it let you assign any address.
Did you not notice my funny in previous address?
They also thoughtfully totally changed the GUI interface, offering me an opportunity to re-learn how to use a familiar application.
I’m not bitching about that because it looks like once I do get the hang of it, it will actually be an improvement.
(Besides way back when, if you tried to close an application they would prompt you to save any documents, rather than assuming you didn’t want to save hours of work)...
localhost - WFM... ;)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.