Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Microsoft WGA Phones Home Even When Told No

Posted by CmdrTaco on Wed Mar 07, 2007 11:51 AM
from the huge-shocker-here dept.
Aviran writes "When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft's servers."
This discussion has been archived. No new comments can be posted.
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • Gibberish (Score:2, Insightful)

    by AmateurCruzer (982736) on Wednesday March 07 2007, @11:55AM (#18263386)
    Anyone have any insight what exactly they're sending back?
    • Re:Gibberish by NinjaTariq (Score:3) Wednesday March 07 2007, @11:59AM
      • Re:Gibberish by Anonymous Coward (Score:2) Wednesday March 07 2007, @12:10PM
      • Re:Gibberish by Anonymous Coward (Score:2) Wednesday March 07 2007, @01:20PM
        • Re:Gibberish (Score:5, Informative)

          by Ciggy (692030) on Wednesday March 07 2007, @03:28PM (#18266762)
          In the UK, at least, it would appear to be in breach of Section 1 of the Computer Misuse Act 1990:

          1 -- (1) A person is guilty of an offence if--
          (a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
          (b)the access he intends to secure is unauthorised; and
          (c)he knows at the time he causes the computer to perform the function that that is the case.

          The data sent home is noted by (a). As the user has expressly not agreed to the WGA EULA, unauthorised access is noted by (b) and (c) - in particular (c) as there was no agreemnt to the EULA; assuming of course that the data sent home is that that would be sent home IFF the EULA had been agreed and WGA installed.

          As an aside, the Sony rootkit that installed something even when the EULA or whatever was decined was probably in breach of Section 3 of the same Act - doing "...any act which causes an unauthorised modification of the contents of any computer..." - those discs weren't sold in the UK?

          The question is who is the responsible entity for a company: they have programmers that have written the code that does the unauthorised access (are they responsible), or is it their managers (who defined the specs) or the company as a whole (the directors)?
          [ Parent ]
          • Re:Gibberish by davester666 (Score:1) Wednesday March 07 2007, @04:13PM
            • Re:Gibberish by rtb61 (Score:2) Wednesday March 07 2007, @11:44PM
          • Re:Gibberish by h2g2bob (Score:2) Wednesday March 07 2007, @04:33PM
      • 1 reply beneath your current threshold.
    • Re:Gibberish by xzvf (Score:1) Wednesday March 07 2007, @12:02PM
      • Re:Gibberish (Score:5, Funny)

        by Anonymous Coward on Wednesday March 07 2007, @03:17PM (#18266612)

        The only home software on my computers should have is my home

        Sounds like someone set you up the bomb.

        [ Parent ]
        • Re:Gibberish by Samah (Score:1) Wednesday March 07 2007, @09:05PM
        • Re:Gibberish by elmedico27 (Score:1) Wednesday March 07 2007, @09:43PM
      • Re:Gibberish by Anonymous Coward (Score:1) Wednesday March 07 2007, @05:17PM
    • Re:Gibberish (Score:5, Insightful)

      by Rogerborg (306625) on Wednesday March 07 2007, @12:29PM (#18263916)
      (http://slashdot.org/)

      We're not sending anything. Trust us.

      Oh, you checked, did you?

      Then what we meant to say was... it's nothing to worry about.

      Trust us.

      [ Parent ]
      • Re:Gibberish by Opportunist (Score:2) Wednesday March 07 2007, @12:41PM
        • Re:Gibberish by Cro Magnon (Score:3) Wednesday March 07 2007, @04:11PM
        • Re:Gibberish by rvw (Score:2) Wednesday March 07 2007, @04:29PM
      • Re:Gibberish by Headcase88 (Score:1) Wednesday March 07 2007, @01:24PM
      • Re:Gibberish by mgiuca (Score:2) Thursday March 08 2007, @08:01AM
    • Re:Gibberish (Score:5, Informative)

      by gigne (990887) on Wednesday March 07 2007, @12:31PM (#18263946)
      (http://www.headfuzz.co.uk/ | Last Journal: Sunday November 26 2006, @08:49PM)
      I have no idea, but it looks like some sort of unique id.

      an image from the now slashdotted page is here, it shows what gets sent to MS

      http://img266.imageshack.us/my.php?image=wgahp5.pn g [imageshack.us]
      [ Parent ]
    • Re:Gibberish by TubeSteak (Score:3) Wednesday March 07 2007, @12:36PM
      • Re:Gibberish by h2g2bob (Score:2) Wednesday March 07 2007, @04:45PM
    • In the end, it does not matter. (Score:5, Insightful)

      by WindBourne (631190) on Wednesday March 07 2007, @03:44PM (#18266930)
      (Last Journal: Friday December 01 2006, @10:51AM)
      MS owns the software, you do not. It is what you agreed to. MS has always done this and will continue to do more. If they stop in one place it will pop up again. The simple fact is, there is truth in saying that you are owned. Whether it is is by MS or by a cracker (from any number of avenues on the windows platform), you are till owned.
      [ Parent ]
    • Re:Gibberish by Samah (Score:2) Wednesday March 07 2007, @09:08PM
  • by swschrad (312009) on Wednesday March 07 2007, @11:57AM (#18263422)
    (http://slashdot.org/ | Last Journal: Monday April 16 2007, @01:18PM)
    probably all the apps information. naysayer, meet the Business Software Association, also known down around the docks as "the muscle."

    can't RTFA because they're slashdotted already.
    • by DarthChris (960471) on Wednesday March 07 2007, @12:11PM (#18263646)
      Interesting you say it's slashdotted because I can read it fine.

      It's very light on details, however. There is a screenshot from wordpad of the data sent; it's an XML-type document which appears to have pulled a couple of id/hash numbers out of the system registry, e.g. OS version, but no personal info. They can't really get any personal info anyway, since data protection laws here in the UK and other countries would land them in shite, and also I suspect that they have more important things to do than snoop random people's names.

      Personally, I think that they're just trying to get an idea of the number of people who won't install it. These people either have pirate copies and know they'll fail validation, or simply are opposed to the idea of their OS phoning home. From a cynical viewpoint, it's important for MS to gauge the reaction to this early so they know how far they can push these sorts of thing without there being a massive backlash.
      [ Parent ]
      • by lazlo (15906) on Wednesday March 07 2007, @12:25PM (#18263862)
        (http://www.hppc.com/)
        So, how hard might it be to generate random but valid data to fill out this XML? And then have a little daemon that does nothing but post it over and over 24/7? "Wow. Looks like a NAT/proxy server with millions of users behind it who really don't like WGA."

        Petty, I know, but fun.

        [ Parent ]
      • why I said TFA was slashdotted by swschrad (Score:2) Wednesday March 07 2007, @12:53PM
      • by rben (542324) on Wednesday March 07 2007, @01:22PM (#18264834)
        (http://www.raybenjamin.com/)
        I refused to install WGA for a long time for several reasons, not the least was the fact that it was marked in the EULA as BETA software. Why should I be forced to install software that MS admits hasn't been fully tested yet? I have enough problems with MS bugs. Also, I resent the implication that I have to constantly prove that my software was purchased legally. I've always paid for the software I use, even when I was a poor college student.

        Most copies of Windows in the U.S. are paid for, because Windows comes installed, by default, on almost every retail machine sold. That alone makes piracy a non-issue in the U.S. However, WGA does give Microsoft a way to shut down every Windows computer connected to the Internet. What a scam. Once they've got everyone using WGA, they can start dictating terms to governments instead of dealing with irritating lawsuits.

        Lets say that the kind souls at MS never even think of using WGA as leverage on say, Europe. I still think it's possible for a clever hacker to use WGA to do some real damage. The hacker would have to do some DNS spoofing and probably crack some encryption, but then, that's what these guys do. Whose to say someone might not use WGA to pull off the biggest Denial of Service extortion in history? Perhaps I'm a bit paranoid, but my caution has kept me from ever having one of my computers compromised.

        Piracy is a problem, but not nearly as big a problem as MS would have us believe. If people are stealing you blind, you don't make billions of dollars in profits, you lose money. If MS is feeling a pinch lately, it's due to their own foolish policies and assumptions that they would be able to dictate terms to the world forever. Google Apps and Open Source software will, hopefully, eliminate the need to put our computers at risk simply because a company is greedy.

        Microsoft seems to believe that if there were no piracy, everyone in the third world who is now stealing their software would pay for it instead. Yeah right. One of the reasons they steal it is because there is no way they could possibly pay for it. If MS ever finds a way to shut down piracy, it will merely hasten the move to Linux in 3rd world countries. Ironically, that will speed the demise of Windows.
        [ Parent ]
        • Re:the route your kids take to school, of course by walt-sjc (Score:2) Wednesday March 07 2007, @02:14PM
        • Re:the route your kids take to school, of course by glesga_kiss (Score:2) Wednesday March 07 2007, @02:39PM
        • by HermMunster (972336) on Wednesday March 07 2007, @04:29PM (#18267466)
          Foolish is what Ballmer is made of. He claimed to financial analysts that the caution on Vista sales is for at least 2 reasons: 1) corporate pricing was too low, and 2) piracy.

          This was stated by him in the past couple days, if not today.

          Both are flawed. on item 1. Windows Vista is very expensive. Giving forecasts on certain pricing to corporate is what companies do. They forecast on those prices so that is really a moot point unless corporate just isn't purchasing. Then the low cost would make a difference, as they feel they should have made it higher so that the lack of corporate sales didn't affect the bottom line so much.

          On item 2. According to Microsoft pirating is impossible under Vista. Well, even if that is about 3 months outdated it still is an issue that needs to be addressed. What is the average number of pirated installs vs. legit installs of Vista. Are people choosing to pirate instead of purchasing? Is it easy for the average person to pirate Vista and is the future potential of loosing activation worth it to the average user?

          The answer to those is unknown so Microsoft can't be using that as a legitimate reason why their forecasts are so far off. Even if it was EASY to pirate Vista (which Microsoft said 3 months ago was impossible) it would have to be much easier than to pirate XP, which although is semi-easy to pirate if you can get the corporate product key or you can snatch a key from some unsuspecting person it is possible to get locked out by virtue of the WGA/WGN spyware programs.

          So, essentially it isn't possible to claim that corporate pricing and pirating is the cause of Ballmer's and Microsoft's woes. It has to be something else. That something else, at least to me, is pretty obvious. It is the restrictions on use, the violation of privacy (constantly claiming you are a thief -- incessant checking of your workstation using spyware programs (WGA/WGN)), the high cost to the consumer (parts as well as purchase price of Vista).

          When I talk to people, and I do so every day as I own a computer repair shop, I hear that they want nothing to do with Vista. I even have people that bring in the computers they bought with Vista on them to have them wiped and to have XP installed instead. The reasons they give are the same I read about day in and day out on the web. Microsoft accuses them of being a thief, Microsoft is spying on them, the technology in it will interfere, the costs to upgrade are too high, the cost of the OS is excessive, there's no compelling reason to upgrade. Vista is just a pretty interface on top of a massive spyware program.

          I'd have to say that Ballmer is very foolish and to try to pawn off on the financial community two very flawed reasons for Vistas lack of success is just pathetic. Microsoft is on a downhill slide. The fact that Linux and OSX just might be made valid viable attractive has to be affecting every thing they do. On top of that they have known for a couple years that Microsoft would not see growth anywhere near what it has seen in the past. I think one could forecast some very serious financial problems with Microsoft in the next couple years and that they need to get people switched over to Vista so they can better control your computer and purchases so that the major stock holders have time to divest themselves and reinvest in other arenas.

          Bill Gates and Steve Ballmer are killing Microsoft. Every DRM/CRM implementation makes Windows a lot less attractive to everyone. Every attempt to monitor our use is looked upon as a violation of our privacy (which it is) and is an accusation that we are a thief or will be a thief sometime down the road. When they don't care that they are invading our homes we realize they are too far gone to even consider giving a second chance. When they can use their monopoly power to extort business, other countries, and private citizens then that's the time everyone must look up and say "no". They know they have you by the short ones because they know that i
          [ Parent ]
        • Re:the route your kids take to school, of course by FreakWent (Score:1) Wednesday March 07 2007, @04:40PM
      • Re:the route your kids take to school, of course by PhxBlue (Score:2) Wednesday March 07 2007, @01:27PM
      • Re:the route your kids take to school, of course by bl8n8r (Score:2) Wednesday March 07 2007, @01:37PM
      • Re:the route your kids take to school, of course by tambo (Score:2) Wednesday March 07 2007, @02:02PM
      • 3 replies beneath your current threshold.
    • 1 reply beneath your current threshold.
  • time to modify the hosts file (Score:4, Insightful)

    by GuyverDH (232921) on Wednesday March 07 2007, @11:59AM (#18263460)
    notepad %windir%\system32\drivers\etc\hosts

    127.0.0.1 genuine.microsoft.com
  • Spyware? (Score:1)

    by Quaz and Wally (1015357) * on Wednesday March 07 2007, @12:00PM (#18263476)
    Doesn't that make it spyware? I'm sure there's something about it in the license agreement to make it legal. Boy that does suck.
    • Re:Spyware? by Opportunist (Score:2) Wednesday March 07 2007, @12:44PM
      • Re:Spyware? by Quaz and Wally (Score:1) Wednesday March 07 2007, @01:07PM
        • Re:Spyware? by jb_02_98 (Score:1) Wednesday March 07 2007, @03:24PM
    • Re:Spyware? by Quaz and Wally (Score:1) Wednesday March 07 2007, @12:58PM
    • 2 replies beneath your current threshold.
  • What it really does... (Score:1, Funny)

    by Iphtashu Fitz (263795) on Wednesday March 07 2007, @12:01PM (#18263486)
    It actually uploads an entire bit-for-bit copy of your hard drive so that MS investigators can perform a forensic analysis on it and determine exactly what MS software you have installed illegally since not installing WGA is an implicit admission of guilt. You can expect to be arrested by the MS Police within a few days of declining to install WGA if you have any pirated MS software on your machine.
  • by Peter Simpson (112887) on Wednesday March 07 2007, @12:02PM (#18263498)
  • Interesting (Score:4, Insightful)

    by jesusphish (1072854) on Wednesday March 07 2007, @12:03PM (#18263516)
    Yay, I believe RMS's essay on treacherous computing may apply here. Not to start an argument over RMS and his stance with open source and free software. But i believe we should all have the right if you use windows to know what they are sending. I use gnu/linux so i really don't affect me much.
  • Great... (Score:2, Funny)

    by pchoppin (864344) on Wednesday March 07 2007, @12:04PM (#18263546)
    ... Now you're going to tell me that all Microsoft is in business for is to make money. You're ruining a perfectly good fantasy. Thanks a lot!
    • Re:Great... (Score:5, Insightful)

      by Catbeller (118204) on Wednesday March 07 2007, @12:15PM (#18263706)
      (http://slashdot.org/)
      That Free Markets religion again. Businesses cannot do anything they like; they are corporations, fictional entities created by license of the people of the country through their government. They are granted super-powers as non-existent individuals, exempting real operators from liablity for their own actions. In return, they hew the line we set for them. They have more responsibilty to the nation that created them other than pleasing shareholders, no matter what propoganda they pump to the contrary. They are not gods. And Microsoft is a monopoly, ruled so by the courts, and is under even more stringent strictures, because they have constantly abused their power in the past to invade and hold new markets.

      So, no, making money is not all they have to worry about. Deceit and chicanery should have consequences other than making them more money. And if they need to cheat to win, it might be time to think about a new concept: revoking the corporate license, and reinstituting personal responsibility for their underhanded actions, with civil and criminal penalties.
      [ Parent ]
  • wall of fire (Score:2)

    by mastershake_phd (1050150) on Wednesday March 07 2007, @12:05PM (#18263548)
    (http://freedomsforums.com/)
    Use Zone Alarm or other free firewall, problem solved.
  • Easy enough to deal with (Score:3, Informative)

    by KC7GR (473279) on Wednesday March 07 2007, @12:06PM (#18263568)
    (http://www.bluefeathertech.com/ | Last Journal: Friday November 04 2005, @11:51AM)
    From the image in TFA, it looks like they're sending back the Windows version code, and the installation-unique CSID, along with some other stuff that I didn't recognize.

    There didn't appear to be any identification of the specific user in there.

    It seems to me that it would be easy enough to determine what port WGA is using to send this stuff, and lock down said port at one's firewall. That's the method I'd choose to deal with it (if I were even running anything with WGA installed -- which, thankfully, I'm not).

  • Resistance if Futile (Score:1, Insightful)

    by Anonymous Coward on Wednesday March 07 2007, @12:07PM (#18263582)
    It matters because it could give them justification to pursue an investigation along the lines of "Well, if they are innocent, why not prove it? So, they must be hiding something. knock knock knock - Microsoft Police."

  • This is good (Score:5, Interesting)

    by Devir (671031) on Wednesday March 07 2007, @12:09PM (#18263618)
    (http://www.teamgiannelli.com/)
    While many think this is bad and invasion of privacy, think of it as this:

    when we normally click "I DONT Agree" the software does nothing. But if it sends the message back home with statistics of how many dont agree, it tells the software company some people dont agree.

    We can argue EULA's till our fingers are raw and bloody, but it doesnt matter if the company in question doesnt read the conversations.

    In short, by clicking the Dont agree button and having it sent home to MS we're telling them we dont want that crap on our machines. Maybe (deity willing) MS will start to listen. More companies may adopt that approach and we'll get less and less one sided (retarded) EULA's.

    anyone Remember Borland's |"like a book" EULA? Great stuff.

    • Re:This is good by MaggieL (Score:2) Wednesday March 07 2007, @12:45PM
    • Re:This is good by ccvqc (Score:2) Wednesday March 07 2007, @12:57PM
    • Re:This is good (Score:5, Interesting)

      by Lumpy (12016) on Wednesday March 07 2007, @01:04PM (#18264528)
      (http://timgray.blogspot.com/)
      So let's have fun.

      anyone got a way to dissect it completely so we can write a little app to send maybe 20-30 fake entries a day? now spread that across 100-300 people and microsoft thinks that there is a mass rejection of WGA starting to brew.
      [ Parent ]
      • Re:This is good by codepunk (Score:2) Wednesday March 07 2007, @07:49PM
      • 1 reply beneath your current threshold.
    • Re:This is good by db32 (Score:2) Wednesday March 07 2007, @01:06PM
    • This is not good by jifl (Score:2) Wednesday March 07 2007, @01:16PM
    • Re:This is good by stmfreak (Score:1) Wednesday March 07 2007, @03:59PM
    • Re:This is good by psaunders (Score:1) Wednesday March 07 2007, @11:42PM
    • 1 reply beneath your current threshold.
  • on a related note (Score:5, Interesting)

    by jjeffries (17675) on Wednesday March 07 2007, @12:12PM (#18263666)
    This is kinda old, but some years ago my neighbor got a new Win ME (!!!) machine, and I helped him put in a NIC and put it on our little neighborhood network. I was curious if it was going to phone home, so I had a sniffer running on my router...

    The damn thing picked/guessed a valid (NATted) IP address, netmask, and gateway without using DHCP (arp tricks?), and sent a load of mystery packets to an address in a Microsoft IP block. Only then did the computer do the "new device detected" routine, but could not find a driver for the NIC and I had to go fetch one on another machine.

    W T F ?

    Unfortunately I have since lost the pcap dump.

    Moderation: -1, no proof
    • Re:on a related note (Score:4, Insightful)

      by Slashcrap (869349) on Wednesday March 07 2007, @12:40PM (#18264118)
      The damn thing picked/guessed a valid (NATted) IP address, netmask, and gateway without using DHCP (arp tricks?)

      Did that IP resemble 169.254.x.x by any chance?

      But really there's no point trying to find technical explanations when the obvious one is at hand - you can't read a sniffer trace for shit.

      Having the ability to install Ethereal does not magically confer on you the ability to interpret the results correctly.
      [ Parent ]
      • Re:on a related note by electrosoccertux (Score:2) Wednesday March 07 2007, @01:48PM
        • Re:on a related note (Score:5, Informative)

          by AK Marc (707885) on Wednesday March 07 2007, @03:22PM (#18266686)
          So, you're saying Microsoft has some secret way for it's OS to phone home without a driver for the ethernet card?

          Yeah, it's called NE2000. Almost all cards support it. If you don't have the drivers for a card, you can usually force Windows to use generic NE2000 drivers and the card will work. But if it can't identify the card, or identifies it and doesn't have drivers, then it will tell you that it can't install it, even when it knows it can use it just fine with the generic drivers. So yes, I do think it quite plausable that Windows can use a NIC it does not have drivers for. But I wouldn't call NE2000 a secret.
          [ Parent ]
          • 1 reply beneath your current threshold.
        • 1 reply beneath your current threshold.
      • Re:on a related note by jjeffries (Score:3) Wednesday March 07 2007, @07:11PM
        • 1 reply beneath your current threshold.
      • 2 replies beneath your current threshold.
  • by 8127972 (73495) on Wednesday March 07 2007, @12:13PM (#18263682)
    .... is it as simple as going to add and remove programs to uninstall the two components for WGA or does it "break" something when you try to uninstall it? Or worse, does it leave anything behind?
  • by Joe Random (777564) on Wednesday March 07 2007, @12:22PM (#18263814)
    Sounds like a perfect place to use MS speech recgonition:
    Computer: "Where do you want to go today?"
    You: "Nowhere."
    C: "I heard 'Microsoft Validation Site'. Is this correct?"
    Y: "No!"
    C: "I'm sorry. I heard 'Dear aunt, let's set so double the killer delete all'. Is this correct?"
    Y: "NO!!"
    C: "I understand. So 'Microsoft Validation Site' was correct. Redirecting now. Thank you for using My Microsoft Live Enterprise Genuine Advantage Ultimate. Have a nice day."
    • 1 reply beneath your current threshold.
  • by blind biker (1066130) on Wednesday March 07 2007, @12:26PM (#18263878)
    (Last Journal: Sunday September 02, @06:01PM)
    I am no lawyer, but this seems very similar if not the same as wiretapping. The user, quite explicitly, doesn't want to even have the software installed on his/her computer, let alone have his information (the information stored in the registry is private) sent to a company or individual.

    Maybe I am just not used to spyware (never had a piece of spyware installed on any of my computers) so I am still quite allergic to this stuff. But no matter how I look at this issue, I am outraged.
  • And they will get away with it. (Score:2, Insightful)

    by Caspian (99221) on Wednesday March 07 2007, @12:33PM (#18263988)
    Are you getting the picture yet? Powerful organisations (and politicians) really CAN and DO get away with anything they want. Microsoft is a prime example. I'll be very surprised if they ever get in any serious trouble for this (and no, for MS, a multi-million-dollar fine is not "serious trouble", it's a slap on the wrist. A $10,000,000 fine wouldn't hurt them. A $10,000,000,000 fine... maybe, yes.
  • I detect hypocrisy (Score:5, Insightful)

    by suv4x4 (956391) on Wednesday March 07 2007, @12:50PM (#18264300)
    I can understand people not wanting WGA on their PC-s as it can cause issues on legitimate installations as well, in certain situations.

    But sending back a little XML that you denied the EULA? Don't you detect hypocrisy here. You send your "identification" in the form of IP, browser user agent string and what not to virtually any site you visit, without "agreeing" to this every time. Why is nobody whining about this?

    Having privacy and right to deny something is cool. But I think some of the most vocal opposition is simply using pirated Windows and not being honest about it.

    I don't install WGA on existing (legit) computers as it doesn't help me with anything. I don't have any problem with Microsoft getting my "no" back though. In fact, I *want* them to hear my no.
    • Re:I detect hypocrisy by Stumbles (Score:2) Wednesday March 07 2007, @01:05PM
    • Re:I detect hypocrisy by *weasel (Score:2) Wednesday March 07 2007, @01:18PM
    • Re:I detect hypocrisy (Score:5, Insightful)

      by mwillems (266506) on Wednesday March 07 2007, @01:30PM (#18265004)
      (http://www.mvw.net/)
      I disagree. When I send my IP to a web site, it is because I have chosen to browse there.

      In the WGA example, on the other hand, one chooses NOT to do something, and yet data is sent. That is very different to browsing voluntarily to a web site.

      [ Parent ]
      • Re:I detect hypocrisy by deehoc (Score:1) Wednesday March 07 2007, @01:38PM
        • Re:I detect hypocrisy (Score:5, Insightful)

          by Todd Knarr (15451) on Wednesday March 07 2007, @02:03PM (#18265596)
          (http://www.silverglass.org/)

          Not quite. The Windows Update protocol should be:

          1. I connect to Windows Update. They get some identifiable information.
          2. Windows Update sends me a list of what's available.
          3. I select what I want to install.
          4. Windows sends Windows Update a list of what I want to install.
          5. Windows Update sends me what I've asked for.
          Note that nowhere in there should my computer be sending Windows Update anything about what I haven't asked for. It doesn't need to know that to send me what I did ask for, it's got no business sending that information without telling me it is or giving me the opportunity to say "No.". If Microsoft chooses to collect information it doesn't need, that's it's prerogative but that doesn't give it a "get out of jail free" card to avoid the consequences of that choice.
          [ Parent ]
      • But you DID choose to run windows by cybrthng (Score:2) Wednesday March 07 2007, @02:24PM
      • Re:I detect hypocrisy by suv4x4 (Score:2) Wednesday March 07 2007, @03:03PM
      • 1 reply beneath your current threshold.
    • Re:I detect hypocrisy by whitehatlurker (Score:2) Wednesday March 07 2007, @01:39PM
    • Re:I detect hypocrisy by Pantero Blanco (Score:2) Wednesday March 07 2007, @04:13PM
    • Re:I detect hypocrisy by nurb432 (Score:2) Wednesday March 07 2007, @04:58PM
    • Re:I detect hypocrisy by Hucko (Score:1) Wednesday March 07 2007, @06:37PM
    • Re:I detect hypocrisy by Jeremy_Bee (Score:1) Wednesday March 07 2007, @09:52PM
    • 2 replies beneath your current threshold.
  • Report this to "StopBadware.org" (Score:5, Informative)

    by Animats (122034) on Wednesday March 07 2007, @12:58PM (#18264442)
    (http://www.animats.com)

    This should be reported to "StopBadware.org". StopBadware.org's definition of badware [stopbadware.org] requires prior consent to send personally identifiable information to a site. This should be enough to put WGA on the Badware list.

    Google is now flagging sites that have been identified by StopBadware.

    StopBadware is run by law professors from Harvard and Oxford, with assistance from Consumer Reports. StopBadware is effective. They complained about the Jessica Simpson screensaver, which installed spyware in May 2006. The makers of that didn't listen. In October of 2006, a US federal judge shut that outfit down.

    • Re:Report this to "StopBadware.org" by Blakey Rat (Score:2) Wednesday March 07 2007, @01:34PM
      • Re:Report this to "StopBadware.org" (Score:4, Insightful)

        by Todd Knarr (15451) on Wednesday March 07 2007, @01:57PM (#18265502)
        (http://www.silverglass.org/)

        I'd argue you're incorrect. As far as IP address goes, my ISP assigns them long-term enough to consider them permanent (typical is 2-3 years between changes) and ties that address directly to my billing information. It's personal information in the same sense my bank account and credit-card account numbers are: they don't in themselves reveal my identity but they're tied uniquely and directly to it and can be used to get it without my knowledge and consent. The computer information is the same: part of what's sent is the GUID assigned to the computer, which is intended to be unique to that computer and which is tied directly to information like my name embedded in word-processing documents and other information available to the same entity receiving the computer information. This is sufficient to let them tie that WGA data directly to my personal identity. At the very least it allows them to identify everything else they have that belongs to me, even if they don't know my name (yet). That's personal enough in my book.

        [ Parent ]
      • Re:Report this to "StopBadware.org" by taustin (Score:2) Wednesday March 07 2007, @02:15PM
  • not surprised (Score:1)

    by botkiller (181386) on Wednesday March 07 2007, @12:59PM (#18264456)
    (http://www.brianbotkiller.com/ | Last Journal: Saturday August 07 2004, @05:44AM)
    surpised? no. scared? not really. Laughing? A lot.
  • by david.emery (127135) on Wednesday March 07 2007, @01:03PM (#18264508)
    do you not understand (to be an oxymoron)?

          dave
  • firewall MS (Score:1)

    by vparkash (914055) on Wednesday March 07 2007, @01:04PM (#18264522)
    I'm no software guru but if you just firewall www.microsoft.com, wont it be a cure for all your problems?
    • Re:firewall MS by TheZax (Score:1) Wednesday March 07 2007, @01:37PM
      • Re:firewall MS by vparkash (Score:1) Wednesday March 07 2007, @06:51PM
    • 1 reply beneath your current threshold.
  • I deplore it! (Score:1)

    by Anna Merikin (529843) on Wednesday March 07 2007, @01:08PM (#18264586)
    (Last Journal: Thursday August 16, @01:33PM)
    What more can I say?
  • by jamiebecker (160558) on Wednesday March 07 2007, @01:18PM (#18264756)
    Well, they obviously get the sending IP address, so how about a reverse hostname lookup on the IP address to determine that it's a "Global 2000" company? Perhaps this information could be used as "evidence" to incite an invasion^H^H^H^H^H^H^H^H audit?
  • Well (Score:2, Informative)

    by Anonymous Coward on Wednesday March 07 2007, @01:42PM (#18265272)
    At least they send out the cpu ID. So they know how many copies you owned and how many you've installed. For example, I am sure lots of us already experienced when XP trys to reinstall on other machines, hardware configuration changes will lead to