Lawsuit Claims WGA Is Spyware 360
twitter writes "Windows Genuine Advantage (WGA), Microsoft's euphemistically named digital restrictions scheme, is the target of another spyware and false advertising lawsuit. 'Microsoft this week was sued in a Washington district court for allegedly violating privacy laws through Windows XP's Windows Genuine Advantage (WGA) copy protection scheme. Similar to cases filed in 2006, the new class action case accuses Microsoft of falsely representing what information WGA would send to verify the authenticity of Windows and that it would send back information [daily IP address and other details that could be used to trace information back to a home or user]. The complaint further argued that Microsoft portrayed WGA as a necessary security update rather than acknowledge its copy protection nature in the update. WGA's implementation also prevented users from purging the protection from their PCs without completely reformatting a computer's system drive.' There were at least two other lawsuits launched in 2006 over WGA. According to the Wikipedia article, none of them have been resolved. The system is built into Vista and Windows 7."
Amusing name (Score:5, Insightful)
The naming scheme of this add-on somehow reminds me of how certain countries like to add attributes such as "people's" and "democratic" to their official state designations...
What did you think it was, a fluffy bunny? (Score:3, Insightful)
It's not Spyware. You agreed to install it. "This agreement may be modified at any time without notice to you and you agree to be bound by its terms. Suck it. Sincerely, Your EULA." As to it phoning home every day, well duh. But what did you expect?
This is Microsoft's official position, afterall -- You're all a bunch of filthy criminals. You can't be trusted. That's why we hide everything in hidden dialog boxes and pop up a dozen warnings in order to delete Internet Explorer from the desktop. You're too stupid to even understand what "delete" means, so we're going to go out on a limb and guess you're pretty trusting of anything that says WARNING! CAUTION! ARE YOU SURE? REALLY? HONESTLY? We're not convinced. Action cancelled. Don't you want to buy an upgrade every year? We want to move to a licensing model that sends us cash yearly. Don't you want to support American business? I mean, what if the Iranians develop an operating system! When you don't install WGA, you're supporting terrorism.
To sign away your rights, click next.
Re:Amusing name (Score:4, Insightful)
Usually less amusing to those countries' citizens, though...
Remove WGA (Score:5, Insightful)
I was successfully able to remove WinXP's WGA from my system.... I installed Linux.
No more sales for Microsoft, and no more nagging from software thinking I've got a pirate copy of something just because I upgraded some hardware.
Re:Amusing name (Score:4, Insightful)
When I was in the military, the most prominent college available on base (stationed overseas) was called "The University of Maryland University College"
It's as much of a university as, say, the Democratic People's Republic of Korea is democratic.
Re:I've tried to tell people about this sort of th (Score:3, Insightful)
Tell them that terrorists and pedophiles are using the information gathered, or that your browsing habits will affect this season's X Factor outcome..
Those topics usually get some attention.
Re:What did you think it was, a fluffy bunny? (Score:5, Insightful)
Good luck getting that from microsoft.
Then you wanted support AFTER your contract expired. You got none. That's expected.
This is not the "whine about Red Hat when you don't want to pay for their service" topic.
It's "Microsoft WGA is spyware."
Hijack another topic please. Not on slashdot.
E
Re:wga has yet to be cracked (Score:3, Insightful)
So, the whole privacy thing to me is kinda mute (Score:2, Insightful)
Re:Nothing will happen (Score:2, Insightful)
And lets execute the corporation when it kills people. Just line up the employees and shoot them. After a proper trial.
Great, but there's a few unfortunate details. (Score:2, Insightful)
They need to be stopped from pulling this shit, permanently. With a legal solution. With a significant cash penalty. With actual consequences, and not aww-shucks US Justice Department antics.
Re:What did you think it was, a fluffy bunny? (Score:5, Insightful)
It's not Spyware. You agreed to install it.
And if you agree to install AntiVirus Pro 2009 it doesn't count as spyware either?
Re:Go free market! (Score:2, Insightful)
Abusive contracts are perfectly legal, just not always binding.
Re:What did you think it was, a fluffy bunny? (Score:1, Insightful)
uhm....i'm quite sure if you read the MS EULA you will find that you ALSO DO NOT own the software but are purchasing a license to use said software. stop perpetuating the FUD.
Obligatory car analogy (Score:5, Insightful)
I don't mind that my car has a license plate. I don't even mind having to register with the authorities or prove that the car is indeed my own. What really pisses me off is the cameras and systems that track where I'm going by using the information on that license plate, and tying it to my behaviour patterns.
I'm not a law breaker and I'm not paranoid*, I just don't want my behaviour modified by stealthy incursions into my privacy that could result in profiling and ultimately curtailing my choices in where I go, what I see and what I do. WGA is, I believe, just part of a trend that increasingly encourages powerful public institutions to think of people as objects, as statistics, and the effect of treating people as objects is the source of pretty much all I consider crime in the world.
(*I walked by a construction site the other day and the roofer told me that I wasn't paranoid - in morse code. Clever, aren't they?)
Re:So, the whole privacy thing to me is kinda mute (Score:5, Insightful)
I don't get why this is a problem (Score:2, Insightful)
The issue may be privacy. According to the WGA FAQ [microsoft.com] and an analysis by Groklaw [groklaw.net] (2006), the following information is sent to Microsoft every time WGA "phones home":
It may be a tad bit disturbing to have all that information being broadcast, but some of it makes sense. Windows Activation is tied to a computer and its hardware, and what WGA is supposed to do is verify that the activation is legit, they'd (presumably) need to broadcast the same information to the WGA servers to verify that activation (since we all know activation can be faked/bypassed).
Microsoft also needs to create a disincentive for people who pirate their software. WGA, besides nagging the user that they have an illegal copy, also prevents optional and recommended updates from being installed, prevents Office users from downloading templates, and prevents the download of certain products/services that would be free to paying customers.
So why is "phoning home" okay? Why not do it once and be done with it? Every day crackers find ways to get around Windows' copy protection. As a developer, Microsoft needs to stay ahead of that and tailor their systems to counter-act innovation on the crackers' part. The opposite is also true: falsely-flagged copies need to be unflagged, or customers will suffer due to them being marked as a false positive. Either way, Microsoft has not kept this a secret, and even promised to reduce checking to once every two weeks [zdnet.com] (and that was way back in 2006).
I know a lot (probably most) of you guys on here will disagree with me, but I see this as a necessary evil that Microsoft has to perform, and if I were in their shoes, I'd go about it similarly (perhaps be a bit less intrusive). The fact of the matter is, WGA only negatively affects people who either pirated software, or were the victims of software piracy. The privacy argument, in my opinion, is a strawman. If you buy a PC from Dell, it's most likely they already have all that information (save for BIOS MD5 checksum, probably) linked to your customer account. If you buy a PC from Best Buy with a credit card, that purchase information is already linked with the product serial number, which is probably linked with all the serial numbers of the hardware that went into the thing. I don't see how this can be any different than that, other than the fact that Microsoft has it instead of Dell or Best Buy.
Re:So, the whole privacy thing to me is kinda mute (Score:5, Insightful)
Look in your pocket... I'm betting you have a cell phone.
Nope, I just checked all my pockets, no phone there. You lose.
Your phone connects to a tower to "talk" - they know which numbers are connected to what towers at any time of the day.
A connection to a cell tower is required for a cell-phone to work. Sending random data back to Microsoft is not required for Windows to work. See the difference?
So? (Score:4, Insightful)
So if my accountant holds up a liquor store, can I keep him out of jail because I can't do my taxes without him?
If Microsoft is too big to fail, the answer is to cut it up until the pieces are small enough.
Re:I don't get why this is a problem (Score:5, Insightful)
Legit users, of course, don't have to worry because Windows will never stop working for them (there are some exceptions [msdn.com], but those are typically solved quickly)
I bet you also believe that 'if you have nothing to hide, you have nothing to fear', right?
I don't give a flying monkey crap about Microsoft's profits; I care about my software randomly not working because some crappy 'validation' software decides that I'm a criminal. More than that, I care about the whole concept of being treated as a criminal until proven innocent by a company that I've paid money to for the product I'm using.
You may be happy to bend over for big corporate profits, but I'm increasingly fed up with this crap -- not just from Microsoft but from other companies who decide to prevent software I've purchased from running until I beg them to fix their god-damn piece of crap 'validation'/'activation'/DRM bullshit -- to the extent that I'm now doing my best to completely eliminate Windows and commercial software which contains this kind of shit from my home.
Re:I've tried to tell people about this sort of th (Score:1, Insightful)
Bingo. And let's ad to that the fact that in the vast majority of cases it does what it's supposed to do. If you don't have a volume licensed copy of Windows that doesn't belong to you, you're unlikely to notice. If you got Windows from a less-than-reputable source or flat-out pirated it, then you deserve that black desktop.
I'm sure there are false positives, but I've never personally seen one. I'm sure the percentage is small, and if someone does become a false positive, it's (a) more of an annoyance than anything and (b) one that can be dealt with.
Which is not to say that I've never pirated Windows, but I'm not about to invent a new system of morality in order to deal with the cognitive dissonance. If you get caught, you get caught. Download another one.
I guess the real question is, why are people raising pitchforks over this at all when there's things like large-scale health care reform that needs to be worried about?
Re:Nothing will happen (Score:5, Insightful)
Corporations do not have the same rights as natural persons in the USA.
That is a deliberately misleading statement. Shame on you for using it.
Corporations have rights as persons. The distinction of "natural persons" is silly. It should be that persons are human beings. Period. Calling corporations "persons" (but not "natural persons") leads to a class system were some "persons" (corporations) have rights/indemnities that actual human persons do not.
That is [management going to jail for crimes the company commits] already the law in the USA.
Not really. There are situations where that happens, but tell me, how many Ford executives went to prison for the Pinto? Or that guy that owns the peanut factory that was responsible for killing people a year or so ago? Or Gates and Ballmer over MS's anti-trust conviction?
Sure, an executive might go to jail, but unless their crime involves financial misconduct, the odds of them going to jail is infinitesimal. And even in the case of financial misconduct, if their misconduct only ruins the lives of their human customers it's no big deal, only if they defrauded either the "market", the company itself, or rich people, do actual humans go to jail for the crimes of their company.
The fact is, corporations get to have their cake and eat it too. They get rights as persons, but they don't have the responsibilities and liabilities of persons. The notion that people are "natural persons" and corporations are just "persons" is absurd.
Re:I don't get why this is a problem (Score:2, Insightful)
I bet you also believe that 'if you have nothing to hide, you have nothing to fear', right?
No, I do not believe in that 100%. If Microsoft required me to provide my driver's license, SSN, and other such information to activate my copy of Windows, I'd be pissed off to no end.
This is different. They have your hardware serial numbers and your IP. They can't track you down without a court order anyway. In which case, *anyone* can track you down, given even just one of those: your IP.
You may be happy to bend over for big corporate profits, but I'm increasingly fed up with this crap -- not just from Microsoft but from other companies who decide to prevent software I've purchased from running until I beg them to fix their god-damn piece of crap 'validation'/'activation'/DRM bullshit
Fewer than 12,000 copies stopped working for less than 12 hours. And if you called for support, your problem was fixed.
More people are affected when EVE's servers go down because of an unforeseen problem. You're a paying customer there, too.
Shit happens. Stuff goes down. You know that, being in the computer industry.
One word: Oracle (Score:5, Insightful)
I know of great place to get the latest version of Oracle Enterprise addition for any platform, no license keys, no activation required, no trial periods, no protection at all. Just download it for your favorite platform and install it.
technet.oracle.com [oracle.com]
Last time I checked, Oracle is pretty profitable, even though they have no copy protection of any kind. Apparently, the ACTUALLY trust their customers somewhat which puts them in a pretty rare class these days.
Microsoft is only shooting themselves in the foot:
Re:Another idiotic lawsuit.... (Score:4, Insightful)
Re:Nothing will happen (Score:5, Insightful)
You're suggesting that they patch critical security flaws right away. The only difference here is the quality of their excuse.
Then maybe they shouldn't break the law. Or am I thinking too hard again?
Re:What did you think it was, a fluffy bunny? (Score:5, Insightful)
Really? You were unable to download new RPMs and install them because your support was cut off? That's horrible. That's a serious bug. And --
Oh, really? I see. That's not what you were talking about. You wanted RedHat to continue to monitor your system and provide you with instant fixes through their premium update channel, which you had paid for, even after you stopped paying for it. So now you're upset that you have to wait for official releases like the rest of the plebes.
You really might want to read thosee licenses you keep agreeing to some time. You're not _buying_ jack.
Re:Nothing will happen (Score:5, Insightful)
Microsoft has had monopolistic practices, but they are not (by definition) a monopoly.
Naturally that depends on what your definition of monopoly [wikipedia.org] is, but one common definition seems to be:
In economics, a monopoly exists when a specific individual or an enterprise has sufficient control over a particular product or service to determine significantly the terms on which other individuals shall have access to it.
Microsoft consistently fits this definition. Though Europe seems to be a bit more consistent in enforcing it, probably because MS's lobbying is far less effective across the pond.
Re:Another idiotic lawsuit.... (Score:3, Insightful)
That final line about how MacOS doesn't have copy protection.....ummm, you can ONLY put it on an Apple branded computer, and there is a price premium built into Apple branded computers already, so the copy protection is there, just not in the normal form.
The OSX EULA is quite clear.
Its got nothing to do with "Apple branded computer"
It very specifically refers to "Apple labeled computer". My emphasis.
The OSX install media comes with Apple labels for you to attach to the computer onto which you are installing OSX.
Re:Nothing will happen (Score:1, Insightful)
By that definition, Apple is a monopoly because they're the only ones who sell the iPhone. McDonalds is a monopoly because they're the only ones who sell a McChicken. That is one stupid definition.
Re:I don't get why this is a problem (Score:1, Insightful)
More people are affected when EVE's servers go down because of an unforeseen problem. You're a paying customer there, too.
Shit happens. Stuff goes down. You know that, being in the computer industry.
When EVE's servers go down, I expect EVE to go down - I'm playing on a network. I necessarily need to interact with other people via their server. Of course their server is unavailable if their server is unavailable.
When a WGA server goes down, Windows stops functioning as it should. It makes no sense at all that the functionality of Word should be dependent on the functionality of a network.
The difference is that EVE's is an outage affecting users of the service that went down. The fact that a WGA outage cripples computers is completely unnecessary - WGA validation is completely unrelated to my use of Word. And I don't buy the piracy argument either. Every other industry in the world has to deal with product shrinkage without violating the privacy of their consumers. My scanner doesn't OCR all the pages I scan and check them against a database of textbook contents, even though that might be how most textbook ebooks make it to the piratebay. Why does the software industry get a free pass?
Re:Nothing will happen (Score:5, Insightful)
If my interpretation is wrong, then yes, obviously that definition doesn't make any sense.
Comment removed (Score:2, Insightful)
Re:Nothing will happen (Score:4, Insightful)
I can't speak for the person to whom you were replying but I can give you my response to this. I'm rather indifferent to executives. There is one thing I really don't like about them, however. I really don't like that they can either get away with, or receive only a slap on the wrist, for doing things that would cause the average person to be locked up for a very long time if he/she did the same.
Some people are a bit petty, so they will call that jealousy or envy because that's the only way they can understand it, but really it's an issue of rule of law. If the concept of rule of law is tossed out, so that the law doesn't apply equally to everyone, then the society we know and many of the freedoms it protects get tossed out with it. It's a slow process of erosion that can take generations to happen, but I see something like that beginning to happen here and it really should be recognized for what it is.
Not sure about the GP, but my original post accounted for this and I don't believe there is a flaw in it (as in, if there is one I don't see it). Keep the limited liability nature of a corporation, that way if a venture fails or an accident happens then the members of the corporation are not personally liable. However, if they make decisions that they know will result in real harm to real people, and if it can be proven that they knew this would happen, then you remove the "corporate veil" and you personally prosecute every member of management who was a part of the decision-making.
I don't believe that prosecuting people who knowingly and intentionally cause harm to unwilling third parties threatens anyone's rights in any way. In fact, I believe it strengthens them, specifically it strengthens the rights of those third parties to not be harmed against their will. The only thing I am personally calling for is the removal of one technique for intentionally harming other people with impunity. Do you believe that your objection to the GP applies here? I don't think it does but if I am overlooking something I would be glad to have it pointed out.
Re:Nothing will happen (Score:5, Insightful)
"If Microsoft was in "jail," it would affect many parts of the economy"
Indeed, the economy would bloom, and the computer market would develop at unheard of speeds because the biggest obstacle to any new computer technology just got removed from the equation.
Re:I cannot wait until ReactOS goes 1.0 (Score:3, Insightful)
I doubt a majority of Windows users will migrate towards Vista or Windows 7 because of legacy software issues and legacy hardware that cannot run Vista or 7.
A majority of Windows users will simply buy new PCs, which will come with Win7. Most netbooks will start shipping with it as soon as it'll get released to the general public, as well.
Hardware compatibility issues were a big deal when Vista was released, but mostly because of that release hardware manufacturers were forced to deal with it, and did so. Virtually any hardware manufactured after Vista release will run Vista (and therefore Win7) well - and this means last 3 years or so.
Legacy software isn't an issue with Win7 because of Virtual XP Mode.
Re:One word: Oracle (Score:3, Insightful)
Copy protection doesn't work. It didn't work in the 1980's and it won't work now.
Let's just stop it here. Let the truth sink in.
That's the problem with the +5 Insightful FAQ poster up there. This would all be okay to bear if it was stopping piracy in the slightest. It isn't. You're foolish to think it would. And the whole "it stops casual piracy" nonsense has been overblown for years; most casuals will just ask a techie to do it for them, or if not, google around and crack the thing themselves. It's not that hard of a process, and you'd be surprised what some people can do when their Windows stops functioning.
Re:Nothing will happen (Score:3, Insightful)
Smaller corporations can be (and are) shut down if the majority of their business deals with breaking the law. However, larger corporations bring in other concerns.
Let's say that IBM overstepped their bounds, sufficient enough for your corporate death penalty. Then what? Wipe them out of existence? Fire all of their employees? That's tens of thousands of people, not to mention their subcontractors which suddenly have no income from their contracts with IBM.
How about Exxon-Mobil? Their crimes are surely more significant. But then what? Shut down their operations and fire everyone? Again, tens of thousands of employees would be out of a job. Subcontractors would have sudden problems. And oil prices would spike as never before because Exxon's operations produce some four million barrels of oil per day -- about 5% of the world's output.
If something went horribly awry with either of these two -- or even with an operation that has only a few hundred employees -- the better action is to prosecute the executives and those employees who knew or reasonably should have known that what they were doing was wrong. The corporate shield does not exist for those actions. Maybe it should be enforced more often, but the idea of a corporate death penalty will do more to stagnate development than to promote good corporate citizenship.
WGA must be spyware. (Score:2, Insightful)
WGA is by design SPYWARE. It wouldnt work otherwise.
Method of infection: running WindowsAutomaticUpdate.
I'm looking for some way to block WindowsUpdate from installing WGA...
I have a few ideas but no computer to sarifice yet... Perhaps we can
create locked dummy-files with WGA filenames?
Also, would be nice to be able to block various "Updates" that we dont want...
For now i just manually download updates.exe and run them from a batch file,
WindowsXP-KB938464-v2-x86-SVE.exe /n /norestart /passive
WindowsXP-KB951376-v2-x86-SVE.exe /n /norestart /passive
WindowsXP-KB950974-x86-SVE.exe /n /norestart /passive
WindowsXP-KB951748-x86-SVE.exe /n /norestart /passive
WindowsXP-KB954459-x86-SVE.exe /n /norestart /passive
WindowsXP-KB954600-x86-SVE.exe /n /norestart /passive
WindowsXP-KB956802-x86-SVE.exe /n /norestart /passive
WindowsXP-KB956803-x86-SVE.exe /n /norestart /passive
WindowsXP-KB957097-x86-SVE.exe /n /norestart /passive
WindowsXP-KB958644-x86-SVE.exe /n /norestart /passive
WindowsXP-KB958687-x86-SVE.exe /n /norestart /passive
WindowsXP-KB960803-x86-SVE.exe /n /norestart /passive
WindowsXP-KB961373-x86-SVE.exe /n /norestart /passive
WindowsXP-KB961501-x86-SVE.exe /n /norestart /passive
WindowsXP-KB968537-x86-SVE.exe /n /norestart /passive
WindowsXP-KB969897-x86-SVE.exe /n /norestart /passive
WindowsXP-KB970238-x86-SVE.exe /n /norestart /passive
Brings XP3 properly and safely to July 2009.
Re:Nothing will happen (Score:3, Insightful)
I hate to tell you this, but there are many more things other than corporations and natural persons that are considered persons under the law. In addition, there are many different types of corporations and they are not all giant multinational mega-conglomerates like IBM or Microsoft.
You mean there are legal entities other than mega-corporations and human beings? Thanks for clearing that up!?
Finally, there are responsibilities and liabilities that corporations have that people do not have and that most common penalty for corporations is the "death penalty" or disillusion and revoking of their articles of incorporation.
If you live in the late 18th century and early 19th century, yes, that is true. This is no longer the case. In the past, corporations had to be sanctioned by the state in which they operated, and had to be created for a specific purpose and limited duration. Once the supreme court decided that states were persons, then reciprocity came into play and if a corporation existed in one state, it had to be accepted by any other state. So the first state to decide corporations could exist indefinitely got all the business, and in order to compete, all other states had to follow suit.
Now, as to the "corporate death penalty", when was the last time any major corporation was "put to death" for having killed anyone? I suspect even small business don't get that treatment, and they mostly "die" due to financial failure from resulting lawsuits.
But even if small corporations are legally revoked as a punishment for criminal wrongdoing (other than financial, as I stated in my original post, the one true "crime" for which corporations can be harshly punished for is one of financial wrongdoing), the fact that major corporations are immune from such concerns is applicable to the discussion at hand.
Re:I cannot wait until ReactOS goes 1.0 (Score:1, Insightful)
> Some day (maybe in five years) [ReactOS] will reach the golden 1.0
> standard.
Should ReactOS ever achieve anything close to bug-for-bug
compatibility with Windows XP, it will be as legacy an OS as DOS is
today and will be irrelevant for the vast majority of users.
Re:Nothing will happen (Score:5, Insightful)
It shouldn't be limmited to upper management, it should be for ANYONE in the company.
Because clearly Suzy the receptionist, Bill the janitor and Jake the help-desk guy have not only in-depth knowledge of, but extensive influence over, the decision making process of executive management and therefore deserve to share their fate.
I suppose you think when people are executed any relatives they have closer than a second cousin should go down with them as well ?
Re:Nothing will happen (Score:3, Insightful)
I can't remember who said it, but the idea was that the system we've got encourages corporations to be perfect sociopaths. In many ways they're treated as persons but notably NOT in the way of expected behaviour or consequences. In fact, if a corporation does not do all it can to maximize it's value, the shareholders sue.
At some point we're going to have to do something to provide a built in incentive for corporations to act ethically. The solutions we've tried so far don't seem to be working very well.