Vista - WGA 20+ Apps Harvesting the Users Data - Where is Privacy ?

Status
Not open for further replies.
R

rprotocol

Guest
Dear Friends,

What you people feel about this ? take a look at this article and please give your comments.

Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.

Microsoft makes no secret about the fact that Windows Vista is gathering information. End users have little to say, and no real choice in the matter. The company does provide both a Windows Vista Privacy Statement and references within the End User License Agreement for the operating system. Combined, the resources paint the big picture over the extent of Microsoft's end user data harvest via Vista.

Reading Between the EULA Lines

Together with Windows Vista, Microsoft also provides a set of Internet-based services, for which it has reserved full control, including alteration and cancellation at any given time. The Internet-based services in Vista "coincidentally" connect to Microsoft and to "service provider
computer systems." Depending on the specific service, users may or may not receive a separate notification of the fact that their data is being collected and shared. The only way to prevent this is to know the specific services and features involved and to either switch them off or not use them.

The alternative? Well, it's written in the Vista license agreement. "By using these features, you consent to the transmission of this information. Microsoft does not use the information to identify or contact you."

The Redmond company emphasized numerous times the fact that all information collected is not used to identify or contact users. But could it? Oh yes! All you have to know is that Microsoft could come knocking on your door as soon as you boot Windows Vista for the first time if you consider the system’s computer information harvested. Microsoft will get your "Internet protocol address, the type of operating system, browser and name and version of the software you are using, and the language code of the device where you installed the software." But all they really need is your IP address.

What's Covered in the Vista License?

Windows Update, Web
Content, Digital Certificates, Auto Root Update, Windows Media Digital Rights Management, Windows Media Player, Malicious Software Removal/Clean On Upgrade, Network Connectivity Status Icon, Windows Time Service, and the IPv6 Network Address Translation (NAT) Traversal service (Teredo) are the features and services that collect and deliver data to Microsoft from Windows Vista. By using any of these items, you agree to share your information with the Redmond Company. Microsoft says that users have the possibility to disable or not use the features and services altogether. But at the same time Windows update is crucial to the security of Windows Vista, so turning it off is not really an option, is it?

Windows Vista will contact Microsoft to get the right hardware drivers, to provide web-based "clip art, templates, training, assistance and Appshelp," to access digital software certificates designed "confirm
the identity of Internet users sending X.509 standard encrypted information" and to refresh the catalog with trusted certificate authorities. Of course that the Windows Vista Digital Rights Management could not miss from a list of services that contact Microsoft on a regular basis. If you want access to protected content, you will also have to let the Windows Media Digital Rights Management talk home. Windows Media Player in Vista for example, will look for codecs, new versions and local online music services.

The Malicious Software Removal tool will report straight to Microsoft with both the findings of your computer scan, but also any potential errors. Also, in an effort to enable the transition to IPv6 from IPv4, "by default standard Internet Protocol information will be sent to the Teredo service at
Microsoft at regular intervals."

Had Enough? I Didn't Think So!

Microsoft has an additional collection of 47 Windows Vista features and services that collect user data. However, not all phone home and report to Microsoft. Although the data collection process is generalized across the list, user information is also processed and kept on the local machine, leaving just approximately 50% of the items to both harvest data and contact Microsoft. Still, Microsoft underlined the fact that the list provided under the Windows Vista Privacy Statement is by no means exhaustive, nor does it apply to all the company's websites, services and products.

Activation, Customer Experience Improvement Program (CEIP), Device Manager, Driver Protection, Dynamic Update, Event Viewer, File Association Web Service, Games Folder, Error Reporting for Handwriting Recognition, Input Method Editor (IME), Installation Improvement Program, Internet Printing, Internet Protocol version 6 Network Address Translation Traversal, Network Awareness (somewhat), Parental Controls, Peer Name Resolution Service, Plug and Play, Plug and Play Extensions, Program Compatibility Assistant, Program Properties—Compatibility Tab, Program Compatibility Wizard, Properties, Registration, Rights Management Services (RMS) Client, Update Root Certificates, Windows Control Panel, Windows Help, Windows Mail (only with Windows Live Mail, Hotmail, or MSN Mail) and Windows Problem Reporting are the main features and services in Windows Vista that collect and transmit user data to Microsoft.

This extensive enumeration is not a complete illustration of all the sources in Windows Vista that Microsoft uses to gather end user data. However, it is more than sufficient to raise serious issues regarding user privacy. The Redmond company has adopted a very transparent position when it comes to the information being collected from its users. But privacy, much in the same manner as virtualization, is not mature enough and not sufficiently enforced through legislation. Microsoft itself is one of the principal contributors to the creation of a universal user privacy model.

The activation process will give the company product key information together with a "hardware hash, which is a non-unique number generated from the computer's hardware configuration" but no personal information. The Customer Experience Improvement Program (CEIP) is optional, and designed to improve software quality. Via the Device Manager, Microsoft has access to all the information related to your system configuration in order to provide the adequate drivers. Similarly, Dynamic Update offers your computer's hardware info to Microsoft for compatible drivers.

Event Viewer data is collected every time the users access the Event Log Online Help link. By using the File Association Web Service, Microsoft will receive a list with the file name extensions. Metadata related to the games that you have installed in Vista also finds its way to Microsoft. The Error Reporting for Handwriting Recognition will only report to Microsoft if the user expressly desires it to. Through IME Word Registration, Microsoft will receive Word registration reports. Users have to choose to participate in the Installation Improvement Program before any data is sent over at Microsof.

Ever used a print server hosted by Microsoft? Then the company collected your data through Internet Printing. Network Awareness is in a league of its own. It does not premeditatedly store of send directly information to Microsoft, but it makes data available to other services involving network connectivity, and that do access the Redmond company. Via Parental Controls, not only you but also Microsoft will monitor all the visited URLs of your offspring.

Hashes of your Peer Name tied to your IP address are published and periodically refreshed on a Microsoft server, courtesy of the Peer Name Resolution Service. Every time you install a Plug and Play device, you tell Microsoft about it in order to get the necessary device drivers. The same is the case for PnP-X enabled device, only that Windows Update is more actively involved in this case.

The Program Compatibility Assistant is designed to work together with the Microsoft Error Reporting Service, to highlight to Microsoft potential incompatibility errors. For every example of compatibility settings via the Compatibility tab, Microsoft receives an error report. The Program Compatibility Wizard deals with similar issues related to application incompatibility. File properties are sent to Microsoft only with the item that they are associated with.

You can also volunteer your name, email address, country and even address to Microsoft through the registration process. A service such as the Rights Management Services (RMS) Client can only function in conjunction with your email address.

All the queries entered into the Search box included in the Windows Vista Control Panel will be sent to Microsoft with your consent. The Help Experience Improvement Program also collects and sends information to Microsoft. As does Windows Mail when the users access Windows Live Mail, Hotmail, or MSN Mail. And the Windows Problem Reporting is a service with a self explanatory name.

But is this all? Not even by a long shot. Windows Genuine Advantage, Windows Defender, Support Services, Windows Media Center and Internet Explorer 7 all collect and transmit user data to Microsoft. Don't want them to? Then simply turn them off, or use alternative programs when possible or stop using some services altogether. Otherwise, when your consent is demanded, you can opt for NO.

What Happens to My Data?

Only God and Microsoft know the answer to that. And I have a feeling that God is going right now "Hey, don't get me involved in this! I have enough trouble as it is trying to find out the release date for Windows Vista Service Pack 1 and Windows Seven!"

Generally speaking, Microsoft is indeed transparent – up to a point – about how it will handle the data collected from your Vista machine. "The personal information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to provide the service(s) or carry out the transaction(s) you have requested or authorized, and may also be used to request additional information on feedback that you provide about the product or service that you are using; to provide important notifications regarding the software; to improve the product or service, for example bug and survey form inquiries; or to provide you with advance notice of events or to tell you about new product releases," reads a fragment of the Windows Vista Privacy Statement.

But could Microsoft turn the data it has collected against you? Of course, what did you think? "Microsoft may disclose personal information about you if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights of Microsoft (including enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft software or services, or members of the public," reveals another excerpt.

And you thought that it was just you... and your Windows Vista. Looks like a love triangle to me... with Microsoft in the mix.

Source:

Code:
*news.softpedia.com/news/Forget-about-the-WGA-20-Windows-Vista-Features-and-Services-Harvest-User-Data-for-Microsoft-58752.shtml
 
do you think any of my personal information would be accessed if I lock vista completely from my partitions containing critical and sensitive data by making them EXT3 ? :? And if I reserve vista purely for gaming ?
 

gxsaurav

You gave been GXified
---Message edited by Goobi: Stay on topic. If you have nothing to say about it, no need to post.---
 
Last edited by a moderator:
doesn't linux connects to internet automatically on first boot to provide updates? doesn't it periodically checks ubuntu or any other server to provide automatic driver or kernel in turn sending a hardware profile? ubuntu does the same so Y just blame MS?
ubuntu is NOT linux :p
and linux distros don't access the net unless you PERMIT them to.
my distro never connects to the internet unless I specifically ask it to.

Besides, ubuntu just ASKS for data regarding updates. It downloads .tgz packages from a server and views them. But windows actually SUBMITS personal data to its servers from PCs.
 

Faun

Wahahaha~!
Staff member
@gx
there are no rootkits to screw you in linux.
Even if u stop windows auto update it still uses some to get past the barrier of firewall.
 
@gx:
your comment also shows that you never really understood how linux works. you seem to think like "if ubuntu does it, everyone does the same".
 

infra_red_dude

Wire muncher!
The problem is that nobody gives a damn to read EULA!!! So when someone finally decides to go thru it, he/she finds so many thing which they'd never haf agreed to otherwise.

doesn't linux connects to internet automatically on first boot to provide updates? doesn't it periodically checks ubuntu or any other server to provide automatic driver or kernel in turn sending a hardware profile? ubuntu does the same so Y just blame MS?
FIRST QUESTION: Why did Linux come into this thread??!!! Where has anyone mentioned anything about Linux?

Such posts only lead to flame war. You are provoking the Linux fanboys to turn this thread into an OS War.

Post reported...
 

goobimama

 Macboy
Gx, I warn you. The flaming has subsided for now, and you seem to be poised to fan it back to life.

As for the original article, I must say I am shocked. Maybe there should be some kind of simplified EULA available for those who don't have time.
 

gxsaurav

You gave been GXified
it wasn't flaming, it was comparision. I compared cos Ubuntu & Google r doing same thing but nobody accuses them.

MS clearly tells what info they r gathering & what they will not. There is nothing to be scared of, if U can trust gmail to store your private pics on google servers then Y this different tune with MS?
 
it wasn't flaming, it was comparision. I compared cos Ubuntu & Google r doing same thing but nobody accuses them.

MS clearly tells what info they r gathering & what they will not. There is nothing to be scared of, if U can trust gmail to store your private pics on google servers then Y this different tune with MS?
As I said before, ubuntu is NOT doing the same thing. Please avoid comparing things you don't know about. Its dangerous and can provoke the target readers to counter attack you.

Gmail - well, their service IS a free email service. You NEED to store your data on their servers, because thats what the service IS all about.

You are trying to compare a service that downloads a few files from the internet and another service that just NEEDS to store your files, because you explictly intend to do that. These two are being compared to service from a company that takes your personal data and keeps it for no reason at all.

Please avoid bringing linux again and again into this.
 
Last edited:

The_Devil_Himself

die blizzard die! D3?
also depends upon trust levels,google is far more a trusted company known for innovating unique concepts and strategies unlike MS which is often accused of plagiarism.There is also difference between an OS and a free search engine\email service,people PAY hard cash to buy windows OS and so they have a right to know whats going on and an option to control or say no to any of this activity.This is kind of cheating IMO,its like 'Ok,I wanna hide something?I will write a small booklet kind of EULA in the most difficult of english which isn't gonna be read by most of the people for one reason or more." Transparency is of prime importance to everyone.

after installing Vista,you have a pop-up kind of things asking 'you want to make windows experience better by sending anonymous usage data to Microsoft'?I dont know for sure how anonymous that is or they still send and receive data without my knowledge even if I said NO(which I invariably do).
 

NucleusKore

TheSaint
1. Read the EULA or take it to your lawyer
2. Don't use products that you feel violate your privacy unless you ENJOY it.

PERIOD
 

amitava82

MMO Addict
Well, you don't BUY Windows. You get a license to use it. It's your problem if you do not read the license agreement. You don't agree with the agreement, don't use it.
 
Well, you don't BUY Windows. You get a license to use it. It's your problem if you do not read the license agreement. You don't agree with the agreement, don't use it.
strangely enough, these days I seem to care a LOT about EULAs.:D
it all started with me ditching windows and mirc.:cool:
 

iMav

The Devil's Advocate
A lot of people are talking about harvesting user data, do you guys know that the Govt/ of India has access to your call records, emails in some cases, sms messages?

@Metal: I am pretty sure you don't use these services, or do you?

Blackberry in India case anyone? And, that is just an example.
 
A lot of people are talking about harvesting user data, do you guys know that the Govt/ of India has access to your call records, emails in some cases, sms messages?

@Metal: I am pretty sure you don't use these services, or do you?

Blackberry in India case anyone? And, that is just an example.
you expect that people trust Microsoft MORE than the Indian Government, where a slight issue can cause havoc in the country due to which it needs to act responsible ? The government is an entity formed by we the people of India. Its basically existing and doing things the way it does because of us. Microsoft on the other hand is a monopolistic and unethical USA based software company.
 
OP
F

FilledVoid

Guest
I seriously don't understand whats the rant about. You have a choice. Either use Vista and accept the EULA which explicitly says.

"By using these features, you consent to the transmission of this information. Microsoft does not use the information to identify or contact you."

Sheesh if you are so paranoid about the CIA files on your computer then don't install it already.

Microsoft on the other hand is a monopolistic and unethical USA based software company.

I'm sorry , but is there a problem with companies being based in USA now?
 
I'm sorry , but is there a problem with companies being based in USA now?
Did I say that ?

I just mentioned more details. I guess I should have bolded the words monopolistic and unethical. :p

And yes, if the US government has any ties with microsoft, I better take back the above words. ;-)
 
Status
Not open for further replies.
Top Bottom