October 18th, 2005, 02:14 PM
Windows Update sending private data to MS
"Windows Update sending private data to MS" quote:
Microsoft hasn't responded to this article yet.
As it turns out, packet analysis is useless, as the stream is encrypted via Secure Sockets Layer (SSL). However, using an undocumented Windows feature, tecChannel was able to get around this and view the raw data. The results were alarming. Embedded in the data stream were lists of what software you have installed on your PC--and not just Microsoft products. Apparently the folks in Redmond can find out just what you've got installed on your PC, all without you ever knowing about it or explicitly consenting to it.
Apparantly, your privacy is in danger here...
October 18th, 2005, 02:22 PM
That might not be as sinister as you think...............to apply selective updates you would need to know what you were supporting?
As long as there is no personal identification data involved, does it really matter?
October 18th, 2005, 02:24 PM
I wonder about that too. But if you installed Windows then you've probably registered your version too with Microsoft, providing name, address and email address to them. This information is related to the registration code of your Windows version and that code is most likely included too. So yes, it is possible that personal information is involved in this all.
October 18th, 2005, 02:32 PM
Katja I take your point, however I ask you this:
Given that a lot of machines are supplied by OEMs with the software pre-installed, I wonder just how many "Dell preferred customers" there are? not to mention stuff made by local computer shops.
I can assure you that there is no requirement to register with MS.
The same would apply to all the second user stuff out there, particularly ex-corporate.
October 18th, 2005, 02:49 PM
Well, I myself happen to own a Dell and I vaguely remember providing registration information when I started my computer the first time. Later on, I installed XP over the old W2000 that was on it and provided more information. I also used MSN Messenger on my system for which I subscribed to MS, again providing more personal information. And I installed MS Office on my system too, which liked to know some information about me. At least they know the static IP number that I have and even that could be used to get more information about me, as the RIAA has proven in their 'John Doe' cases against P2P traders.
You are right. I agree with you too. Of course you don't have to provide them your personal information but it does become pretty difficult to stay anonimous on your own system.
I myself am not too worried, though. All the software I use has been paid for. And neither is my computer part of some corporate system. I just feel uncomfortable by the thought of Microsoft spying upon the software that I have installed on my system. As if someone is peeking while I'm under the shower or whatever. I tend to like my privacy.
October 18th, 2005, 03:07 PM
Another thought, this is the way Windows has worked since Win95 at least?
The registry, file associations, access paths etc.................I guess the information could well be "dumped" rather than deliberately solicited?
Anyway, a lot would depend on how MS parsed the data. I cannot believe that in an organisation that size there would not be a "mole", disgruntled employee, ex-employee who would not have "blown the whistle" by now?
October 18th, 2005, 03:17 PM
bleh..if you think this is a new thing you're wrong. This is no revelation. Microsoft has been doing it for years. Redhat does it for RHN as well. BFD if you ask me.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
October 18th, 2005, 05:16 PM
For the Dells, at registration prompt, it tries to dial out on a modem, not the best way, so you select register later, and I have owned a few Dell's (lately not too proud of that now thanks to this stuff Spyware
But each time I have opted to register later,(everybody registers their software later right?) and to date (since 2002) I have yet to register my OEM's to Microsoft, the only way MS knows I have it's OS is through the validation tool it now employes to weed out the pirated copies.
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
October 18th, 2005, 07:42 PM
Didn't this kind of stuff come up with previous versions of windows? even before windows update? For some odd reason I think i remember something like MS Media Player (early early version) phoning home for no reason.
I wasn't able to quickly google what i'm thinking of, but here's one thing that popped up in a top 10:
Seems microsoft's been up to this stuff for awhile now. I know there's more, its just digging up 8 year old articles that are awashed in spyware this, spyware that, and stupid crap about retrieving DVD information. I'll see if I can dig up more, but Microsoft is big on the whole sending packets home concept. They've just gotten smarter about it.
October 19th, 2005, 01:08 AM
We were/are looking at deploying a WSUS staging server in our gateway environment that downloads patches from Windows/Microsoft Update and then our internal WSUS servers obtain patches from there.
When we were investigating this, we asked our Microsoft account manager exactly what information the Microsoft Update Server stored. The attached PDF shows the response received from Microsoft.
The Windows Update Privacy statement here says how they will use data they collect: