MS Wants To Identify All Web Surfers

Moochman writes "New Scientist reports on a technology Microsoft is developing to identify users based on their browsing habits. Quote: 'The software could get its raw information from a number of sources, including a new type of 'cookie' program that records the pages visited. Alternatively, it could use your PC's own cache of web pages, or proxy servers could maintain records of sites visited. So far it can only guess gender and age with any accuracy,' but the aim is to be able to identify name, occupation and location as well. On a related note, The Inquirer reports on Microsoft's plans to widen the use of its identity-verification technology CardSpace, which is built into Windows Vista and available as an add-on to XP. It's being envisioned as an identity solution for the entire internet: says Kim Cameron, pioneer of the technology, 'We feel it has to solve all use cases.' (Aha, so the anonymous use cases, too, eh?) One might ask, with all of this user-ID information on hand, how long will it be until the Feds come knocking on Microsoft's door asking for help? They already have."

Who thinks of these ideas?

[solevita (967690)]

That's always my first question when I see an article like this; who could ever think this was a good idea? Obviously not someone who reads Slashdot.

I don't know how much Microsoft is paying, but it must be alot if people are thinking that such a ridiculous idea makes sense.

Re:Who thinks of these ideas?

[VirusEqualsVeryYes (981719)]

They're the same people who think REAL ID is a good thing, the people who think that the trade of some rights to privacy for a little convenience is a good one.

These people exist, just not on Slashdot.

Re:

[Sam Ritchie (842532)]

I don't know how much Microsoft is paying...

Bill Gates is going to give everyone who participates a trip to Disneyland at his own expense.

Q: Who thinks of these ideas? A: Google and MS

[AHumbleOpinion (546848)]

That's always my first question when I see an article like this; who could ever think this was a good idea? Obviously not someone who reads Slashdot. I don't know how much Microsoft is paying, but it must be alot if people are thinking that such a ridiculous idea makes sense.

This is precisely the sort of thing that Google is working on as well. It is all about targeted advertising, and Microsoft wants to be a provider of targeted advertising like Google. Q. Why did you think that Google offers you free

Re:Who thinks of these ideas?

[QCompson (675963)]

who could ever think this was a good idea?

I know this is probably a tired response, but you can instantly make 98% of Americans think this is a good idea if you claim it (A) helps to fight the terrorists, and/or, (B) protects the innocent children from scary online predators.

Re:Who thinks of these ideas?

[by Anonymous Coward]

One of there goals is to have any computer, any where, know you and load all your preferences on demand.

That is ridiculous reasoning! Thumb drives hold Gigabytes of data today. Even more tomorrow. A thumb drive with heavy duty encryption to protect the contents is the best way to take your preferences, files, data, etc. with you.

Personal data devices are more secure, private, load faster (oh boy down load my desktop over the Internet...riiight), can be written to faster, don't go down like the Internet, etc., etc. If you want you can have a backup image on a server, but the image would be encrypted and access would be owned by you.

Kids these days and their centralized computing!

Re:

[amRadioHed (463061)]

Not to mention that fact that in order to load your preferences and settings in a random new computer I will need to surf the web for a few hours while MS ID's my web habits. No thanks, I think I'll stick to the few seconds it takes to type in a password.

Re:Who thinks of these ideas?

[RobertM1968 (951074)]

There are a plethora of other methods to allow such functionality. Where I used to work, we had a nationwide network, and amazingly, all I had to do was log in to the nationwide network and voila! My home drive, preferences and all available!!! On XP and 2000 based clients!!! Wow!!! Amazing!!!! And that doesnt even cover the semi-thin network clients that did all the same as well...

So, in what way does MS now need to spy on and collect personal information about a user's viewing habits to determine who they are, where they live, and possibly tons of other even more sensitive information to enable a feature that already exists and works?

Explain that to me if you would...

Re:

[cedricfox (228565)]

*ROFL* Who marketed the first beige computer?

Google already does it...

[dada21 (163177)]

I have no doubt that Google (do no evil?) already does this. I have some friends who have been banned from the AdSense network because they clicked their own ads (big no-no), but not from their own network. Laptops from other networks in the same region (say, Chicago). Google's ads definitely send back SOMETHING to Google -- maybe screen resolution + browser version + operation system + who knows what. No one really knows what it shared (someone should trace the traffic), but Google knows more than they're sharing. Heck, their Google search tells you how many times you recently visited a searched site (I log in via gmail, though).

It isn't that hard, and it won't be that hard to deflect if you're privacy crazy. I'd say this is mostly un-news, because privacy geeks will work around it, and those who don't work around it will get some benefit from targetted ads, better compensated search opportunities, and who knows what else.

Re:Google already does it...

[zappepcs (820751)]

Yes, and they aren't the only ones that do or will. The problems, as will be pointed out are many due to the nature of HTTP. All I can think of is DAMN, this sure is another good reason to not buy, pirate, copy, or even borrow Windows Vista.... Perhaps this will help push more people toward a better OS?

Not trying to be a troll. It just struck me as this is another reason to just say no to MS.

Re:

[Organic Brain Damage (863655)]

http://www.google.com/analytics/ [google.com]

Google Analytics has been re-designed to help you learn even more about where your visitors come from and how they interact with your site.

Re:

[garcia (6573)]

Especially when you are using Google Analytics on the site! Someone searched *my* site for a strange keyword (misspelling of entertainment as intertainment) and within seconds Googlebot hit my site with the same search URL.

That made me realize just how fucked up Google's abilities are.

Re:

[ScentCone (795499)]

Well, if you want to know what Google's up to, just see what its two founders are currently talking about [ft.com]. They want to tell you the sort of job you'd be best suited to, and what they think you should do tomorrow. No sir, can't do THAT without Google. Point is, they're actually saying something far creepier than anything MS is saying, if you ask me.

Re:Google already does it...

[MickDownUnder (627418)]

View source.... search for Urchin.... Every page on slashdot has a google analytics script that sends a cookie to Google uniquely people visiting the page (unless you have blocked it as I have done).

I'd say pretty much 90% of the web currently has Google javascript embedded in it. They know who you are, how often you surf the web, what pages you visit, how often you visit them etc etc etc.

The unbelieveable irony of people on Slashdot bitching about an imaginary technology that Microsoft doesn't have, whilst Google is collecting info about every person reading this article is quite incredible.

Most geeks are random surfers, are we not?

[TheLazySci-FiAuthor (1089561)]

I wonder how well this would work for someone like myself who frequently uses stumbleupon.com (or del.icio.us) to surf the net, or indeed anyone who tends to explore the net outside their own backyard.

To me this profiling technology seems like going through someone's garbage to find out what kind of person they are. Works great, unless they live in an RV or on a boat....I'm not sure that analogy works perfectly, but I think I'm going to start putting my trash in my neighbor's bin from here on.

Note: Stumbleupon is a firefox toolbar which will take you to a random site when you click the Stumble button.

Advertising?

[SmellsLike (911771)]

I wonder if they're trying to get all this information about the users to be able to identify what advertising to show them on those websites. If so google should be interested in stopping MS from doing this too.

It's suprising it hasn't been mentioned in the article. Its taking more of a privacy and anti-government stance. It looks to me like Microsoft are trying to take the lead in the advertising dollar in shifty ways also. As mentioned in the zdnet article too microsoft are already doing some of this through passport. The difference is that is opt-in whereas this is invisible to the vista user. While currently a download for XP, how long before it becomes part of the auto-updates?

What about multiple users?

[MorpheousMarty (1094907)]

If I share a computer with my family, won't their data get watered down? And when my friend comes over and checks his favorite web sites, the data will just get worse. I know MS could still find me 99%, I'm the guy who goes to /. and nytimes web site a dozen times a day, no chance there's another person with habits like that, but their database will be compromised by every user variable you can imagine. You have no privacy on the internet but you do have anonymity because your computer doesn't care who you are, just what kind of access you have.

Re:What about multiple users?

[Pofy (471469)]

>pfft no they don't. i paid for a license to use windows,

Great for you, personally I actually bought a copy. Even though it doesn't mean I hold any copyrights to it, the laws of my country allows me to use the copy without the need of any license, contract or permission at all (regardless of if I would actually own it or not, so borrowing it would be quite OK too for example). Of course, just like with you, I have similary not given any permissions to MS.

Problem with identifying by browser habits

[Brad1138 (590148)]

We have found that 5% of Internet user are identifiable by there browsing habits, all the other 95% do is surf for porn making it hard to narrow down.

Re:

[Shados (741919)]

Well, they DID say it could semi-accurately identify genders. I think that would make it easy to identify within that 95%

Re:Problem with identifying by browser habits

[Tribbin (565963)]

OMG, you might be identified by your fetish!

Hyperventilating overraction

[joe_bruin (266648)]

Don't worry, I'm sure this will be an opt-in feature. You won't need to enable it on your Windows machine (yes, there will be desktop component, why not), unless you want to upgrade to Vista SP1, or get IE8, or use Windows Update, Hotmail, or MSN messenger, or Word, or Outlook, or prevent WGA from deactivating your machine after a month.

Frankly, I'm surprised we haven't seen MS-TCP/IP yet (no, wait, marketing name "MS Live Connect"). A proprietary, "safe" networking protocol on top of the Internet as we know it that requires you to log-in and authenticate against their servers to use the Internet, uses their own DNS (by default, but you can change it if you're technically competent enough), and of course makes sure you're not doing anything that could interfere with MS DRM in any way.

Now it's your job, given the content and the topic of this post, to figure out if I'm being serious or sarcastic. Honestly, I am not sure which one it is.

Re:

[b0s0z0ku (752509)]

Frankly, I'm surprised we haven't seen MS-TCP/IP yet

If IPv6 becomes more popular and people route through Teredo servers owned by MS, this could actually be around 50% of what you're worried about. MS will be able to see a lot of the traffic between the IPv4 and IPv6 parts of the Internet. Scary.

-b.

Google

[scum-e-bag (211846)]

Surely Google is doing this already?

MS is dropping the ball.

Oh, please, this is reactionary

[roman_mir (125474)]

It looks like MS is now going to copy everything that Google does. [ft.com] You know, just to stay ahead of the herd.

all i know is

[circletimessquare (444983)]

with this story, that bill gates icon with the borg visor has never been more appropriate

"resistance is futile, you will be assimilated"

Bill Gates and his fortune

[Jon Abbott (723)]

Finally! I had been wondering how Bill Gates was going to share his fortune [about.com]! This sounds like the technology that can make it happen!

random browsing bot

[eclectus (209883)]

it would take about 20 minutes to write a bot that would browse at random for you and render this useless. Sounds like a great way to look anonymous. Or really, really weird, depending on where your bot runs off to.....

Why is this a bad thing? Not a troll!

[WombatDeath (681651)]

The following is a question I posted to another forum after reading this article. It's a genuine dilemma I've been pondering for a while now. I fully expect to get boiled alive for even asking the question, but any input will be appreciated.

-----

You may be aware that the UK leads the world with a billion CCTV cameras on every street corner. Various countries are pondering the adoption of mandatory ID cards. I've just been reading a Slashdot article about Microsoft's proposal to identify users from their browsing history. People have suggested a comprehensive crime-fighting fingerprint database.

I'm opposed to these things. The problem is that I'm having trouble explaining to myself why, precisely, it's a bad thing to have Big Brother watching me. And basing my opinion on a vague premonition of dread is pissing me off.

Whenever a measure such as those above is suggested, newspaper articles will invariably mention objections from civil liberties campaigners. I like civil liberties and am inclined to instinctively agree with those who campaign for them. But comments like "If you're not doing anything wrong, why do you care?" are simultaneously smug, irritating and difficult to torpedo convincingly. Three arguments spring to mind:

1) The government shouldn't know any more about you than it absolutely needs to. I agree with that. The problem is that it seems reasonable to assume that an extreme surveillance society which logs the activity of you, your car, your browsing, your shopping, your library borrowing, your finances and everything else would have an easier time of it in identifying criminals. Does that constitute a reasonable need, and why or why not? This argument is rather abstract and arbitrary for my comfort.

2) Unscrupulous government officials could abuse the information. Hard to argue with that one, and no doubt abuses would occur, but it seems paranoid to reject the whole deal on those grounds given the cost/benefit ratio.

3) It wouldn't work properly, would be insecure, and would be a colossal waste of money. I agree, given the UK's track record in large IT projects, but that's an implementation problem rather than a philosophical objection.

Can anyone give me any other specific, compelling argument against the surveillance society which doesn't rely on an axiom that it's an inherently bad thing? Because this is annoying the hell out of me.

Re:Why is this a bad thing? Not a troll!

[surrealestate (993302)]

Here's an example: The 1930 US Census asked citizens to provide information about their ethnicity, information which of course could be used to better target governement services, but outside the original constitutional scope of the Census to determine how many voters were in each Congressional district for purposes of reapportionment. This seemingly innocuous information, however, was not so harmless once WWII kicked in, as it was used to identify American-born citizens of Japanese (and to a lesser extent, German) descent for internment camps. No matter how harmless the information, a Government agency acting in bad faith and ignoring the Constitution can use it for harmful purposes. Since our Government consists of the same sort of people it's watching, if all people are good, they don't need this personal information; if some segment of people are rotten, the government shouldn't have it, because they too will have a percentage of rotten people who will misuse it. The privacy implicit in the original Constitution is there for a reason, because even the most innocent information can be either misinterpreted or misused.

Re:Why is this a bad thing? Not a troll!

[Jah-Wren Ryel (80510)]

how would you respond to the argument that (recently) naturalized Japanese during WWII would not feel some sort of loyalty towards their old home country and plot/execute attacks against the American war industry (factories, infrastructure) or simply gather intelligence and perform covert operations?

Perhaps I would respond that if they are recently naturalized they must be so for a reason. The vast majority because they prefer the US to their home country? We are a nation of immigrants seeking opportunity and freedom, why would the issei be any different from recent german or italian immigrants? Surely there must be a more efficient method to narrow down the group of people who might pose a danger than to lock up each and every one of them and confiscate(steal) their property?

Would it be worth to risk losing soldiers, battles or possibly even the pacific war?

Do these soldiers not fight for American principles - life, liberty and the pursuit of happiness? Is winning a battle worth losing the war?

Re:Why is this a bad thing? Not a troll!

[jrumney (197329)]

These people were in America with access to American news sources. Most of the control the Japanese military had over the general population's opinion of the war effort stemmed from their control of the media. Japanese Americans would have heard about the atrocities in Manchuria and the expansion by force of the Japanese empire throughout Asia. They may not have been in complete support of the American side of the war if they saw through the American propaganda and realised that they were getting very biased reports themselves, but they probably wouldn't have violently opposed it either.

Re:

[azenpunk (1080949)]

if you're not doing anything wrong, why do they need to watch you constantly?

a criminal code of law is there to settle issues when something is wrong. if two grown men get in a fight and are both willing participants, is that battery? it is illegal in many jurisdictions, but they are both consenting adults, know the risks involved and well, probably just wont call the authorities on each other, no ones arrested an illegal act goes unnoticed and everything is A-OK.

now if everyone was monitored 24/7 both me

Ethereal/Wireshark is your friend

[pandrijeczko (588093)]

If you're that worried about software you run "phoning home" or collecting stats on you, then get hold of one of the myriad of free network sniffers (like Ethereal or Wireshark) and spend some time learning how to interpret what it sniffs.

Once you identify any weird or unwanted network connections, then it's relatively simple to stop them with a firewall rule or two, or to put a dummy entry in a hosts file somewhere.

Re:Umm

[Timesprout (579035)]

Yes but it appears that 95% of all male web users are located at www.bigtits.com which obviously of limited use.

Re:Umm

[digitig (1056110)]

Dang, I like small tits so I'm going to be a cinch to identify :-(

Re:Umm

[ThePromenader (878501)]

Right, and just why does Microsoft thinks it has a 'right' to glean our page-viewing habits (an act akin to rummaging our underwear and sock drawers) - perhaps because that those using their software gave it to them? They assume much, but no doubt, once again, the ignorant will fall for it. MS owes its fortune to the latter aspect of their user base, so I don't see how this move is anything new.

If I wanted to identify myself

[by Anonymous Coward]

If I wanted to identify myself, I'd do myself, thank you very much!

- Anonymous Coward, and proud of it.

Re:If I wanted to identify myself

[BrokenHalo (565198)]

If I wanted to identify myself, I'd do myself, thank you very much!

Well, I would have modded this as insightful rather than funny, but never mind. Microsoft has absolutely no legitimate reason to identify users, so we can only assume the motive to be evil. Yet another good reason (as if we needed one) to run Linux or a Mac...

[sigh...]

Re:If I wanted to identify myself

[MoreDruid (584251)]

lookup of Anonymous Coward:
network statistics
IP address: 127.0.0.1
subnet mask: 255.0.0.0
hostname: linuxboxen
MAC address: BE:EF:BA:BE
gender: mostly male
location: parents' basement
surfing profile: looking for free pr0n

It's clled corporate feudalism

[cicho (45472)]

Under corporate feudalism, the corporation has rights by default. Can they do it? Check. Will it make money for them and the shareholders? Check. There are no other questions.

Re:Umm

[HermMunster (972336)]

This is probably them fulfilling their obligation for the code they allowed the NSA to incorporate into XP and Vista.

Microsoft can take their ideas and shove them up their asses. What do you think we want Microsoft making these decisions and bringing up these ideas. It is none of their freaking business nor anyone else's if I choose to use the internet.

These people are getting freaking spooky. We really need to shut them down and fast. Stop frigging buying Microsoft products. Protect your security and your privacy by using Linux.

Re:Umm

[RobertM1968 (951074)]

It's interesting that parent was modded troll, when what he posted was for the most part accurate.

If it is illegal for (spam) companies to glean such information, why would it be legal for Microsoft to gather such info for their own marketing purposes - or those of their affiliates (which broadly covers everyone using Windows Live Search)?

Spam, above is in parenthesis because I am indicating companies, who through similar actions have been considered spam companies.

Though the Linux point may make parent seem like a troll, it too is accurate - and one of the few PC based alternatives... so perhaps to make parent not considered by the over-sensitive on /. a troll, the last paragraph should have read...

These people are getting freaking spooky. We really need to shut them down and fast. Stop frigging buying Microsoft products. Protect your security and your privacy by using Linux, eComStation, MacOSX, or any other OS not from Redmond

.

Though perhaps that too seems like a troll... but the fact is, if MS has it's way, the only other alternative is to not use the Internet - which isnt going to happen... the truth is not a troll post. The only part of his post that may be inaccurate is the part about the NSA - though the government did request such code be installed in Windows, I dont know if anyone actually ever proved such an occurrence happened, and though MS claimed they would not do such a thing (which we've learned means nothing in the real world), there oddly are enough back doors in Windows to make one wonder.

Mod parent up... just my opinion. You dont have to like what someone posts to realize the validity of it.

Re:Umm

[ozmanjusri (601766)]

The only part of his post that may be inaccurate is the part about the NSA

It's probably accurate.

From a report back in January;

The National Security Agency has provided assistance to Microsoft and Apple in securing their Windows and Mac OS X operating systems, according to a report published Tuesday.
http://www.homelandstupidity.us/2007/01/09/nsa-pro vided-security-help-for-windows-mac-os-x/ [homelandstupidity.us]

For what it's worth, the SELinux extensions came from the NSA, so they've had a hand in improving security for all the major platforms. Linux is the only one where the code's visible for the paranoid though.

Re:Umm

[TheNetAvenger (624455)]

I tend to think this is all overhype, because even if true it isn't something new for tons of companies.

I also find it amazing that the same people that are being so hard on the allegations of what MS is doing are the same ones that for the past year have defended companies like Google for DOING THE EXACT SAME THING, except the Google twist is they have been using FireFox and GMail in addition to searches for tracking people and marketing data. (FireFox users, if you don't already know this, you are stupid.)

Again, tell me why this is a big deal when they accuse MS of doing it, but something to shrug off when Google is doing it, has admitted to doing it, has ties with Firefox to specifically gather data on ALL platforms, and even goes through people's GMail and anyone that sends something to someone using GMail?

This is not to even mention the 1000s of advertising companies that ALREADY do this for every freaking AD on the internet, even here on SlashDot, you are being monitored based on the ADs you click on.

For the GP post, the NSA and Windows Myths are crazy, part of the reason Uncle Sam was pissed at Vista is MS wouldn't make a backdoor for BitLocker, so if you think MS is cooperating with the NSA beyond the standard obligations that OSX and even Linux has complied, you are high.

Besides if the NSA wants information, having a hook inside an OS would be the LEAST effective way of getting it. They could gleam 10 of 1000s of times the data from just monitoring network traffic, which they already do and have done since the 1980s.

And thanks to ignore the Law Bush and Gonzo, the NSA has been doing this with all domestic traffic and voice communications now too without any warrants. If people want to bitch about Big Brother, they should look to Washinton DC, not Washington State.

Re:No

[pluther (647209)]

So you're saying they can see you when you're sleeping? And they know when you're awake??

Re:no chance with read-only cookies

[Tackhead (54550)]

> My cookies files and folders are read-only. Every time I shut down the browser (at least daily), all cookies are gone. Works great with cookies-required sites, since they're still enabled, but leaves no trail beyond the session.

And of course, there must be thousands of people in my ISP's /16 of the network, who, once a day, log onto Slashdot, hits Digg's homepage, checks stock quotes for MSFT, GOOG, AAPL, FOO, BAR, and BAZ (and only those six stocks, and always in that order), and then does some SSL with Quuxbank (and only Quuxbank), before going back to reading stories on Slashdot and Digg, predominantly in the "YRO" category.

What are these cookies of which you speak? Cookies only make tracking easier. NSA had to compromise the backbone routers to gain access to every user's clickstream. All Microsoft has to do is control the browser and embed the spyware in the OS... oh, wait.

Re:Combining client side info with what server see

[SpaceLifeForm (228190)]

Firefox is all good and well, but you need to
be on a non-Microsoft client. Otherwise, the
Microsoft software under the browser still has
access to all of the data anyway.

Perhaps it is already doing what the article describes.

Re:Combining client side info with what server see

[techno-vampire (666512)]

This is why you use Firefox, to disable ActiveX. You also use a better firewall than that provided with XP; one that warns you when a program wants to "call home" and allows you to decide if you're going to let it.