Vista is Watching You

greengrass writes "Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company."

Re:Tagged as paranoia?

[jonnythan]

It's a little OT, but truth is an absolute defense to slander. Slander is, by definition, untrue.

Re:Don't worry, it's not Vista...

[j.sanchez1]

It's just: Windows Update, Web Content, Digital Certificates, Auto Root Update, Windows Media Digital Rights Management, Windows Media Player, Malicious Software Removal/Clean On Upgrade, Network Connectivity Status Icon, Windows Time Service, and the IPv6 Network Address Translation (NAT) Traversal service (Teredo).

And Activation, Customer Experience Improvement Program (CEIP), Device Manager, Driver Protection, Dynamic Update, Event Viewer, File Association Web Service, Games Folder, Error Reporting for Handwriting Recognition, Input Method Editor (IME), Installation Improvement Program, Internet Printing, Internet Protocol version 6 Network Address Translation Traversal, Network Awareness (somewhat), Parental Controls, Peer Name Resolution Service, Plug and Play, Plug and Play Extensions, Program Compatibility Assistant, Program Properties--Compatibility Tab, Program Compatibility Wizard, Properties, Registration, Rights Management Services (RMS) Client, Update Root Certificates, Windows Control Panel, Windows Help, Windows Mail (only with Windows Live Mail, Hotmail, or MSN Mail) and Windows Problem Reporting are the main features and services in Windows Vista that collect and transmit user data to Microsoft.

Re:Don't worry, it's not Vista...

[Actually, I do RTFA]

Sorry, I left out: Activation, Customer Experience Improvement Program (CEIP), Device Manager, Driver Protection, Dynamic Update, Event Viewer, File Association Web Service, Games Folder, Error Reporting for Handwriting Recognition, Input Method Editor (IME), Installation Improvement Program, Internet Printing, Network Awareness (somewhat), Parental Controls, Peer Name Resolution Service, Plug and Play, Plug and Play Extensions, Program Compatibility Assistant, Program PropertiesCompatibility Tab, Program Compatibility Wizard, Properties, Registration, Windows Control Panel, Windows Help, Windows Mail (only with Windows Live Mail, Hotmail, or MSN Mail), Windows Problem Reporting, Windows Defender, Support Services, and Internet Explorer 7.

"This extensive enumeration is not a complete illustration of all the sources in Windows Vista that Microsoft uses to gather end user data"

Re:Egomanical monitoring of the populace?

[KenRH]

It should be interesting how this clashes with China's own obsessive need to control people's PCs.

Kina as many other Asian nations is moving towards Linux. They don't want to pay M$-tax and they espesialy don't want MS or NSA spying on them.

Re:Don't worry, it's not Vista...

[LordEd]

Sarcastic Microsoft bash aside, all of the listed services are those that require connection to an external source. The "windows time service" makes me a bit suspicious that the author just picked everything that made any form of network communication without regard to information sent/received.

On Windows time service [microsoft.com]:

The following list describes various aspects of Windows Time Service data that is sent to and from the Internet and how the exchange of information takes place:

  Port: NTP uses User Datagram Protocol (UDP) port 123 on time servers. If this port is not open to the Internet, you cannot synchronize your server to Internet NTP servers.

  Protocol: The service on Windows Vista implements NTP to communicate with other computers on the network.

The NTP Protocol is described here [wikipedia.org]. I can't verify that they haven't implemented the evil NTP protocol (not running Vista), but I don't see why i should trust the author after listing this one.

Re:This is my single biggest push to free software

[kryten_nl]

http://games.cedega.com/gamesdb/ [cedega.com] check it out, add it as a bookmark.

Re:doubt it

[SatanicPuppy]

They already do that with the "Report this bug to Microsoft?" screens that pop up in XP every time a program crashes...And frankly, I SHOULD be able to opt out if I choose to do so. Hell, they should want me to be able to opt out, so if I do something and crash a program, I don't send them weird data.

The OP is right; this is a precursor to a subscription based OS; that's microsoft's dream, where everyone just pays the OS tax on a monthly/yearly basis, and gets "free" upgrades on a once-a-decade cycle.

Re:This is my single biggest push to free software

[brunascle]

It's really all come down to games for me. If my games would all run on Linux I'd be there tomorrow.

this is the reason my desktop is still XP also. it's become not much more than a gaming console. but you'd be surprised how many good, native linux games there are. i was (recently). check out the linux gamers live cd [linux-gamers.net].

Re:Don't worry, it's not Vista...

[plague3106]

Exactly. Its a blanket catch all so that they have their asses covered. Each of those features sends certain amounts of data to performs its function.

For those wondering why the Games folder sends data, its to get the rating for the game and download additional information about the game (like the box art). There are many personalization features in Vista, and they're actually pretty cool.

Re:Egomanical monitoring of the populace?

[Dan Ost]

Such traffic can always be blocked at an external firewall. Even the most basic router will let you blacklist IPs/domains. Short of colluding with router makers, there is nothing Microsoft can do about this.

Re:Egomanical monitoring of the populace?

[lessermilton]

Rather than using DNS - put a *nix box between your XP and M$ - voila, instant access, and I'm sure there are plenty of packet sniffers out there...

Re:doubt it

[Jaknet]

If you want to remove the "report this to microsoft". Then right click My Computer > Properties, select the Advanced tab, select the Settings button (third one down under Startup and Recovery) and un-tick the send an Admin alert. Also on the "error reporting" button at the bottom of the Advanced tab, just select the "disable error reporting, but notify when critical errors occur"

Cannot remember off the top of my head which one stops the "report to Microsoft" pop-ups, but with both you can rest easy and not get the annoying pop-ups each time. Hope this helps

What people forget...

[Skiron]

... is that any Microsoft system is NOT owned by the 'buyer'- it is Microsofts' as they are licensing it to the 'users'. Microsoft can do what they wish as owners of said software. So I can't see what people get bothered about, really - what do you expect from something you do not and cannot ever, ever own, no matter how much you think you do (or even how much you spend on it too).

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Egomanical monitoring of the populace?

[Anonymous Brave Guy]

The point being made earlier in the thread was that this doesn't always work, because the IP addresses for certain services (Windows Update is one, IIRC) are hard-coded and the hosts file is never checked by Windows when resolving these addresses.

Re:Egomanical monitoring of the populace?

[Anonymous Coward]

> to be taxed for the data collection/transmit.

TRANSMIT is a verb. You were looking for the noun, TRANSMISSION.

Re:This is my single biggest push to free software

[Tony Hoyle]

HP drivers are pathetic. The printer driver for my printer is a 600mb minimum install (the 'enhanced' software is another 500mb). Every 3 or 4 minutes a console window flashes on the screen - their phone home software is a console app and they haven't even bothered to hide the window.

Oh and that's just for the printer.. the scanner part of the driver is nonfunctional on vista (despite the driver being the latest vista driver), and the whole thing won't install on OSX (a small (for them) 250mb driver) because they stopped supporting it after 10.4.2 and it's hardcoded to reject a version higher than that.

For a while now I've been telling people to avoid HP like the plague because their drivers are is spyware infested bug ridden crap.

If you read what he said, you'd see

[DigitalReverend]

He works in an FDA regulated environment, not works for the FDA. There are several companies that are heavily regulated by the FDA. I used to work for a pharmaceutical research company and almost every piece of software requires some kind of validation in order to protect no only the the pharmaceutical companies, but also the patients as well.

  While most IT environments can install Patches and Service Packs and Updates at will, this is not the case for FDA regulated companies. The update or patch will be installed on a system that has no access to any real data, each step of the installation is documented down to each mouse click complete with screen shots, then the installation is performed following that document by a person who didn't write the initial instructions, and they will then take screen shots of their installation. Then once it has passed the installation steps, then there are instructions written up for each thing that needs to be tested and validated, that is also complete with screen shots, and each mouse click and keyboard entry. Those instructions are sent to someone else who goes through each step, and takes screen shots along the way, and if that passes, it can then go on to production where the installation is performed, with screen shots, and a final series of tests, with screen shot is also done. All the documents are printed out as the FDA hasn't completely allowed electronic storage.

So where the normal IT guy clicks download/install and maybe makes a log of it. A simple windows update in an FDA regulated environment will produce a mountain of paperwork. If anything along the line has the potential of revealing any confidential information against FDA regulations, then the software will be rejected. Vista at this point has been rejected so far.

Re:The core question remains

[weicco]

But, seriously, why the cloak-and-dagger approach? Just tell the user "Vista is now gonna send MS the following information about your system, anonymized so it can't be tracked, and we want it to see what hardware platforms our system should run best on. Thanks for your co-op."

Well how about reading Windows Update Privacy Statement from here http://technet2.microsoft.com/windowsserver/en/lib rary/3998fef5-4e07-4128-881d-754375b679121033.mspx ?mfr=true [microsoft.com] or updated version from Windows Update site from here http://www.update.microsoft.com/microsoftupdate/v6 /default.aspx?ln=en-us [microsoft.com]. And if you are paranoid enough, just add TCP dump to somewhere on your network to see what's really submitted, don't know if it's encrypted though.

Here's an explaination of the Windows CEIP

[Dude McDude]

and what it sends back to Microsoft. It's opt-in. Windows Customer Experience Improvement Program and Resulting Internet Communication in Windows Vista [microsoft.com]

Detailed Service list

[Joe U]

Activation - Annoying anti-piracy check. This is the worst of the group, because it can't be turned off.
Customer Experience Improvement Program (CEIP) - Optional feedback program.
Device Manager & Driver Protection & Dynamic Update - Gives you an option to scan for updated drivers.
Event Viewer - Optional, If you click the 'get more information' it sends a query for, (get this) more information.
File Association Web Service - Same as above.
Games Folder - Downloads pictures and ratings for your games.
Error Reporting for Handwriting Recognition - Optional error reporting..
Input Method Editor (IME) - I assume it's looking for new language packs.
Installation Improvement Program - Optional error reporting.
Internet Printing - Not sure on this one, I assume it's a driver check. Unless they're talking about the Internet printing service that prints your photos. If so, then duh, grow up.
Internet Protocol version 6 Network Address Translation Traversal, Network Awareness (somewhat), Peer Name Resolution Service - Read how these servcices work, they require an Internet server.
Parental Controls - I believe it's tied to the phishing filter.
Plug and Play, Plug and Play Extensions, Program Compatibility Assistant,Program Properties--Compatibility Tab, Program Compatibility Wizard, Properties, - Driver updates, compatibility updates.
Registration - Marketing, optional
Rights Management Services (RMS) Client - DRM as bad as activation
Update Root Certificates - Automatic updates for SSL certs.
Windows Control Panel - Not sure which panel
Windows Help - Optional Online help
Windows Mail (only with Windows Live Mail, Hotmail, or MSN Mail) - Well duh, hotmail calls microsoft?
Windows Problem Reporting - Optional error reporting.

With the exception of Activation and the RMS client, both of which are useless, these are useful Internet services, feel free to turn them off or actually answer NO, when asked.

Stop making this into a 'oooh, they're spying on me'. They're spying the same way Slashdot is spying on you when you post a message.