1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Microsoft's Calling Home Problem: It's a Matter of Informed Consent

Discussion in 'Computer Security' started by ffreeloader, Jun 13, 2006.

  1. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    OK, people, here it is, a post on my rampage of "digs" at MS.... Actually the post from Groklaw is very informational. It's a long post, but well-written and something everyone ought to know about what is going on with their own computer.

    The rest of this post can be read at the hyper link I gave at the beginning of this post. All I can say is that if this stuff doesn't worry you, you are way too apathetic about what is happening in the world around you that is directly affecting you.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  2. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Thanks Freddy, that was indeed a good article and it goes to show just how devious M$oft can be. Add me to the list of unbelievers, I have lost faith in the integrity of that monopoly. That does not mean that I won't use their products, because to be honest they are hard to avoid but it does mean that I will be focusing my future attention far more acutely on the alternatives.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  3. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I agree, that they are hard to avoid, but I do my best to move as many people as I can away from them. I don't trust them with the power they already hold, let alone want them to have more. That is a truly frightening thought.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  4. wizard

    wizard Petabyte Poster

    5,763
    35
    174
    No not apathy on my part just got more important stuff on my mind than looking over my shoulder all the time because I think someone may be watching me. Nothing has happened to me yet, I haven't had Microsoft or someone else knocking on my door, when and if they do then I will worry.
     
    Certifications: SIA DS Licence
    WIP: A+ 2009
  5. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236
    Gosh, that's a heavy article for this early!

    But what can any person, or corporation DO with so much data?
    A report from EVERY Windows computer in the WORLD, EVERY time it boots?

    World gone mad.

    Everyone seems to be after demographic information etc. Every product you buy has some kind of registration/feedback option. Hotels and restraunts have a little card allowing you to supply them with your thoughts and you can't walk through town without a clipboard wielding maniac trying to find out your favorite toothpaste.

    And it's all about capturing details about who you are, where you are and what you like.

    Is it purley so that overpaid executives can put together nice graphs to show the boss? 'And we see here a 3% increase in the 30-40 age grouped males who like yellow, buying our product'.
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  6. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    First, that's a good description of apathy in action. Second, if you wait until people are knocking on your door, you've waited far too long. It will then be highly established law and you'll be stuck with it.

    Somebody who knew what it was like to not have freedom, Thomas Jefferson, wrote, The price of freedom is constant vigilance. He was absolutely correct.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  7. Gaz 45

    Gaz 45 Kilobyte Poster

    404
    4
    39
    I don't get what Microsoft were thinking with the way WGA has been done. Did they really think that no-one would figure out what it does or the information it collects; or did they just not care, thinking that there's nothing anyone can do about it?
    If I installed any other piece of software that does what WGA does, wouldn't that software be labelled Spyware?

    I also imagine the functionality of WGA will be built into Vista, but probably so integrated it won't even have a name by that point, just a small note in the EULA?

    I was all ready to go to Vista (eventually...) but right now I'm looking at MacBooks & Linux distros!

    NB: I should point out that I have WGA installed, oops!
    I'm still waiting to see what the 'Advantage' is.
     
    Certifications: MCP (70-229, 70-228), MBioch
    WIP: MCDBA (70-290)
  8. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Answer to your first question in a single word: arrogance.

    Answer to your second question in a single word: yes.

    If you haven't read it yet, read this thread for more on where MS is going with wga.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  9. fortch

    fortch Kilobyte Poster

    408
    21
    35
    Good night! WGA was the best way they could come up with keeping their software, an operating system, updated. Particularly for those of us with little PC experience. Imagine a n00b with Debian? Nope, neither can I -- it might run, and probably would *never* update (plus, this assumes they can get it in the first place!). If a person can't understand to 'single-click and wait..' to start an app, do you think they'll understand package interdependence conflict?

    WGA's advantage is the support you receive by *not* running a hacked copy of their software, which is prevalent in most areas. It's a marketing title, nothing more. The fact that the geek contingent of the world is against anything going on without their approval is minimal -- we are the minority. I'd like someone to give me *ONE* incident of WGA emptying their bank account or copying medical records. Beuller?

    How about someone coming up with a better idea addressing OS updates for the unenlightened? For M$, this is a means to an end for addressing the support of:

    1. millions of operating systems, run by complete n00bs
    2. guaranteeing their support is going to their paying customers, and not P2P hacks

    I'm all for watchdogging things like DRM, but there *is* a line. Once you concentrate on mistrust and deceipt, you tend to see it in everything. I'm just trying to keep my focus on the real red flags, and not the yellow ones I'm coloring in my head :rolleyes:
     
    Certifications: A+,Net+,Sec+,MCSA:Sec,MCSE:Sec,mASE
  10. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Ummm.... Where do you get the idea that WGA has anything to do with updates? It is nothing but piracy checking, plain and simple. The only thing that WGA has to do with updates is that is distributed by Windows Update....
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  11. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Whats wrong with that? Why give updates to people who dont pay for the OS?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  12. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Just who has said there is anything wrong with MS wanting to stop piracy? The problem is the way they go about things.

    Show me one time in history that black marketing of anything was stopped by assuming the entire population was active in black marketing. The idea itself is ludicrous, but yet that is what MS is doing.

    You, personally, are suspected of piracy just because you run a MS OS on your computer. If you weren't, MS would not be wanting to check your computer every day to see if the OS on your computer was a pirated copy of their OS. The idea is that you're so crooked, dishonest, and stupid, that even though you are running a legit copy of XP today, tomorrow you just migh replace it with a pirated copy.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  13. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    I agree that the whole idea is slightly aggressive in the way it has been pushed out to end users, the update is meant to be a ‘security update’ when this isn’t exactly true.

    Supposedly the following info is logged by WGA:
    • Product key
    • PC manufacturer
    • Windows version
    • PID/SID
    • BIOS information
    • BIOS MD5 Checksum
    • Language setting and version
    • Hard drive serial number

    If it stays that way then I can’t see too much of a problem.....
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  14. fortch

    fortch Kilobyte Poster

    408
    21
    35
    C'mon, really ....

    Validation is a form of authentication. Why the need to authenticate anywhere, then? By your estimation, I should just drive my '94 Chevy into the dealer and expect warranty repairs, right?

    Why support those of us *not* purchasing legit licenses? If there is no accountability to piracy, then people will continue to do it. Are you saying it's unfair that M$ is policing their *own* products? I disagree -- in an uncontrolled environment such as the 'net, nobody else is gonna do it for them. To me, this is just logical. Why is this so hard to understand? When all else fails, it still boils down to choice.

    *note to self -- why the %#$^ am I, an owner of no less than 2 linux machines, and one who is thoroughly tired of M$ licensing issues (not to mention the DRM crap that they helped to start!), defending Microsoft? Because I can rationalize this issue, and agree that *some things M$ does can be justified.
     
    Certifications: A+,Net+,Sec+,MCSA:Sec,MCSE:Sec,mASE
  15. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    If someone asks you if you stole your car how many times do you think they need to ask you the same question and have you answer it? 1? 10? 100? 1000? What is a reasonable number of times for you to have to prove you are not a car thief? Should you have to prove this every time you start your car? Every time you take it to the dealer or a repair shop? If you drive 24 hours straight should you have to prove that you didn't steal it in between the time you started driving and when the next calendar day started? Are you going to trade your legally purchased car for a stolen car after you have busy proving for the last 6 months you didn't steal it?

    Just what is reasonable to you?
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  16. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Is there a defined answer to that question? I don’t think so.

    I’ve been pulled over a few times by the police when I’m driving my car and been given a ‘producer’. What’s the crime? Driving a sports car! :cry:
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  17. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    That's part of the problem with thing. MS can change it any time it wants to, and you will never know it has changed or exactly what they are looking at.

    They have not been honest about what it all it records either as it records your IP address right along with everything else, and if that isn't personally identifiable I don't know what is. What do you think the RIAA and MPAA have been using to track people participating in file sharing? Their IP address, and that has been the legal proof of who is sharing files.... So, MS saying there is nothing in what the WGA/GAN tools record that is personally identifiable is simply not true.

    Taken directly from the Groklaw link at the beginning of this thread:

     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  18. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I don't know what a "producer" is, but the point is, Sparky, do you have to prove your car isn't stolen every time you start it? If the same officer pulls you over again will he ask you to prove your car isn't stolen again? Do you have to prove it isn't stolen every time you take it to the dealer?

    Were you speeding or breaking any traffic laws when you were pulled over? Were you driving erratically or agressively?
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  19. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    I don’t think an I.P address is a method in which someone can be personably identified. For example this week I have connected my laptop at a different client site each day therefore my I.P address would have been varied for each day of the week. If my MAC address was recorded then I would agree.

    Granted if somebody has their home PC connected in their home 24/7 downloading music it’s a different story.

    It looks like MS will be scaling back the amount of times the OS ‘calls home’, probably due to the backlash of the IT community. If the idea cuts piracy then I’m all for it but if *too* much personal info is logged then questions have to be asked.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  20. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Ummm.... In any network communication the IP address and MAC address are in the relevant portions of the IP packets, otherwise any network device that operates at level 2 would never be able to know where to direct traffic. Is that personally identifiable enough for you?

    Also, as your hard drive serial number is recorded there is very personally identifiable information availabe through it. Your username, your passwords, etc... are all stored there and it is easily provable from there who you are....

    MS's statements as to not data that is personally identifiable is very misleading. They may not take down your name, address, and telephone number, although I've seen some posts where people are saying they have verified with sniffers that WGA/GAN calls home at every logon and they tied that together with data such as usernames, computer dns name, and a few goodies that wgalogon.dll calls for, but with your hard drive serial number, the GUID of your computer, and your IP address they can tell exactly what computer was being used, and from the hard drive know exactly who used it.

    The RIAA and MPAA have been using this information as legal evidence for quite a while. You think you have enough money to get into a legal fight with MS to fight any bogus legal charge that could possibly come from a mistaken identification of your OS as being pirated? They would grind you into the ground and bankrupt you, or you would pay whatever fines and penalties rather than take on their legal department.

    Daily Tech sent away for the Windows Genuine Advantage Kit. At the link I provided there is a copy of a letter from MS that was included with their kit. Read both the article and letter.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1

Share This Page

Loading...