XP, Phone Home 299
Randomeyes writes: "The Register reports that Windows XP has functionality built-in to the Search Companion module that allows Microsoft to log users internet searches. Information collected includes user IP address, search term and related information. A cookie is also set. 'TrustUnWorthy Computing' anyone?" Tanveer1979 writes: though, that "the bright side is that it doesn't send anything to internet, it only downloads files, and compares the files on your computer with the files on server. And I guess a little effort is needed for the malicious to program it to send your data to web."
I didn't get why ... (Score:3, Insightful)
If it contacts the interent on a local file search, then that's bad. If it contacts microsoft when I search the net, that's bad.
This "we can't identify you" stuff is a lie that should be well known by now. What they mean is "they don't have your name in the file, we would have to look that up".
Maybe someone can explain why half the article is about mentioning this doesn't matter?
This is why I haven't upgraded in years (Score:2, Insightful)
XP=Xerox Personal_Info
When I dual boot its always to linux, at least I don't have to worry to much about them tracking me without my permision.
Next, please (Score:3, Insightful)
Doesn't sound so bad to me.
In places where Internet is still expensive (Score:5, Insightful)
In the USA, Internet access is usually a monthly subscription and that's it. No phone charges, no charge per minute, just a certain amount of bandwidth per dollar spent.
In Europe, some people have now got access to 2 types of "free" Internet (neither is free).
Which brings me to my point. If Internet connections are configured in such a way (as often they are) that the connection happens transparently because the username and password are stored, then people are going to pay call charges to search their local disk. If they don't realise this (especially in the case of ISDN connections) then they may run up quite a bill when they do an extensive search every time they lose a file.
I don't like this Internet-integration with the desktop in the OS. Sure, if I want it to happen, I can download some software helper. No doubt by hacking the registry or something equally scary for any novice user, you may be able to switch this off. But it reeks of abuse of my phone line.
It's interesting, no, that Microsoft do not necessarily take account of the European market when it comes to actual Internet access. Sure, they do multi language support but what about this particular Internet case?
I have clients who have been caught with huge bills due to shit like this before. Like transparent connections happening when they are not surfing when connected to an ISDN router which connects when any packet that is non-local causes a router to connect. I know that this can (and is) fixed on the router with better access lists, but the packets themselves come from crappy Microsoft things like MSN Messenger trying to auto-connect at boot and various SMB packets.
It's time that the Internet was a separate part of the desktop. Plenty of people embrace the Internet, but many others will not, especially in countries where it is still expensive just to stay online an hour costs me $2. That's right, a crappy 33.6K connection costs me $2 due solely to phone connection charges.
Re:Please explain (Score:3, Insightful)
There's your news.
Surprised? No. Opportunity? Yes. (Score:5, Insightful)
I do use XP, mostly as a gaming platform, but I use Mozilla, and when I'm not playing games often I am running Linux on the same box. This doesn't have me worried one bit. Some people are gonna get all in a twist about this, but this is just a small step towards the ultimate goal: human batteries.
This does make me wonder, however, since Microsoft is causing bandwidth to be used on my network for activities I have not expressly envoked, can I charge them for use of my connection?
I say, charge them for use of my bandwidth. They won't get it free out of me. I just wonder where do I send my bill..
Re:Please explain (Score:3, Insightful)
I am 99.999999999999% sure the makers of BASH don't intend to make money off of your BASH history nor did they have any evil intent when they wrote that feature.
I am about 90% sure MS DOES intend to make money and had evil intent when they wrote their feature.
In the end evil is as evil does. We'll see what MS does with it.
Re:Please explain (Score:2, Insightful)
I believe programs that perform such acts are commonly known as spyware
while its not supprising that microsoft is incorporating spyware, it is certainly newsworthy that the company who provides the majority of the worlds OS's is using it to spy on what they do (or potentially using it to do so - I have no idea what microsofts policy on the information harvested is)
I'm begining to think (Score:3, Insightful)
I fear that we risk spreading ourselfs thin in the upcoming onslaught of unreasonable software, privacy policies.
What a non story! A waste of space! (Score:4, Insightful)
I'm disappointed in any slashdot editor who thinks we need these stupid articles pointed out to us.
Nick...
Isolation and Culture (Score:5, Insightful)
To which I'd add, it also shows a problem with the culture in the organisation that makes the stuff. It's not so much arrogance, but something more akin to carelessness: an inability to appreciate that other people - including some of your customers - may have different criteria and preferences than yours. I personally doubt whether the people who developed this even thought to ask themselves whether this behaviour would be considered reasonable, nor that it was ever considered in any formal reviews that may have taken place. And it's far from the first time that I've got that impression about MS: their use of that reserved field in the Kerboros protocol feels similar: not so much malicious as just a failure to know and appreciate the etiquette that had grown up in an area that they were entering for the first time.
Solution: XP behind a firewall? (Score:3, Insightful)
There's a reason we keep 800lb gorillas in cages...
Re:I didn't get why ... (Score:2, Insightful)
As far as I can tall from the article, what it does during local searches is colossally stupid, but not actually "evil". The only information leakage is the fact that you did a local search, but nothing about it.
On the other hand, sending a full report back to microsoft about every internet search is nasty.
Maybe somebody can figure out some way to bill Microsoft for each piece of data you transmit this way
-
If you don't like it DONT USE WINDOWS! (Score:2, Insightful)
nothing new and to be honest everyone knows what
the answer is if you don't like it - don't use
a Windows OS. There is Linux and 3 versions of BSD
to choose from and for the fluffies who can't handle
them you can use MacOS (old or new).
MS will continue to do this because
A) Its not illegal and probably never will be
B) 99% of users are to computer illiterate to know
what their computer is doing or simply don't care
When MS makes Office an online subscription system
they'll be downloading far more than just your
IP address and search text so if you don't like
the MS vision of the future GET OUT NOW! You have
a parachute , its called Open Source.
RTFA (Score:5, Insightful)
It all boils down to the fact that when you use the file search tool, it connects you to the internet and downloads a privacy policy type of file.
That's it, the end. Period.
When you are on the internet and perform a web search through XP, they log what you searched for... Even google does this for purposes of finding the most popular sites, and creating a table of the most popular searches and all that. This subject is not only trivial, but misleading in the context of the article... They quickly switch from talking about an offline file search which downloads a single text file when you first use it, to a completely different subject of a search tool recording what you searched for.
Of course, the ironic thing being that this web search tracking is no worse than the Netscape 6 tracking discussed a short while ago.
And if you haven't heard it enough so far, local file searches download a single damn file when you first use it. May seem a stupid thing to do, but it's not phoning home, it's not tracking your habbits, etc.
Has been in their Privacy Statement for months.... (Score:2, Insightful)
...which you can read here [windows.com].
The interesting thing about this story is that it highlights the fact that nobody actually reads the MS EULA or Privacy Statements. Instead we need to wait for a journalist to make the "shock discovery" months later.
Re:I didn't get why ... (Score:2, Insightful)
Maybe because there are far more dangerous things going on, like this [theregister.co.uk], where mplayer "phones home" when playing a dvd, and uniquely identifies itself... now that's something that gives me the creeps.
Consider the source (Score:3, Insightful)
For those who don't know, Thomas C. Greene is the Register's equivelant of Jon Katz. His job is basically to find things to be angry about, and he does that very well indeed. He has just enough technical savvy to appear credible (think Steve!!! Gibson!!!!!), but that doesn't actually give him any deep cosmic insights.
that is trolling: (Score:2, Insightful)
-he says no more personal info is available with this, and how: some babling about script kiddies.
-He is against MS, but fails to tell why.
-What underlying security problem?
By not mentioning the security problems he follows the MS policy of not revealing bugs until a fix is available. 8-}
Re:RTFA (Score:3, Insightful)
I think it also downloads a few other files, but the privacy policy file is the one to worry about. How is the user supposed to stay informed when Microsoft's privacy policy can be changed every time you search for a file on your disk?
Me, I like to know what the policy is. I can decide whether I like it or not. I don't want a company changing it every day.
Start thinking (Score:4, Insightful)
Do the other downloaded files alter the system behaviour in any way? They're providing information connecting file-extensions to file-types at least, and that might have some impact on a windows system. And if they don't do anything at all, why download them? Maybe i'm using a special app with uncommon file-extensions and took some pains upon me to make the system recognize them. Will that work be undone with every search query?
Then "downloading" is not a onesided action. To download a file i have to establish an internet connection, and in that process all kind of information is transmitted, not just the ip. I don't think someone concerned with network security of some larger corporation would be too happy about all their desktop machines sending out packets announcing their ip, the number of hops to them and the type of their operating system beyond the firewall to a specific location without need. Also why should anyone trust Microsoft not to collect all that ip-addresses to compile a nice list of windows-XP installations, maybe to set up a BSA-raid?
And finally: Why do such a "stupid thing" as downloading a privacy statement for an action that can be performed locally? Just to get some load on Microsofts server? Microsoft is paying for that bandwith, so why put extra load on it? Well, maybe someday in the future Microsoft will quietly decide to change their privacy policy and start collecting information about your local/intranet searches. But there's no need for you to know that. Only your Operating System needs to know.
Re:Please explain (Score:3, Insightful)
Google logs my search terms when I search, along with my IP address!
The difference is, Google is a good company with a solid privacy policy, and they have never given me a reason not to trust them. Microsoft on the otherhand, is a convicted monopolist, has had way too many security problems(they can't protect thier own data, what makes me think they can or will protect mine ?) and has repeatedly shown that it can not be trusted.
Re:Getting tired of this.... (Score:3, Insightful)
Re:Solution: XP behind a firewall? (Score:3, Insightful)
The XP-compatible version of ZoneAlarm (v2.6.2, IIRC) defaults to allowing any "internet-enabled" application to access the net WITHOUT ASKING. The result is that on my shiny new XP install, two XP components tried to make a connexion without pestering me with one of those pesky "Do you want to allow App X to access the net?" boxes from ZoneAlarm.
Given that insanely insecure default, I'm not so sure I trust ZA all the way around. Especially where XP is involved.
Oddly enough, neither XP applet (and they were not "Activation" components -- one was some part of Dr.Watson, the other I haven't ID'd yet) tried to dial the modem. If I hadn't checked in ZA's "Programs" list, I'd have never known it happened.
Kinda like all the "invisible" application and component crashes I see in XP's DrWatson log.
Re:What a non story! A waste of space! (Score:3, Insightful)
Microsoft will occasionally update this Statement of Privacy to reflect company and customer feedback. Microsoft encourages you to periodically review this Statement to be informed of how Microsoft is protecting your information.
Basically, this policy is in effect until MS decides to change it. When (not if) they decide to change it, any information they have already collected will be subject to the _new_ privacy policy.
We've seen it happen already with Yahoo!, among others.
Re:Slashdot editors please read the article !!! (Score:3, Insightful)
Tanveer1979 writes: though, that "the bright side is that it doesn't send anything to internet, it only downloads files, and compares the files on your computer with the files on server. And I guess a little effort is needed for the malicious to program it to send your data to web."
The last line about a little effort needed for the malicious program is just pure speculation. With a little effort you can send the contents of