MS Passport: "All Your Bits Are Belong To Us"

Apologies for the AYB title, but that's just what everyone is calling it. Passport is the central repository for your passwords and "personal information" I've looked over the Passport Terms of Use and tried to give them the benefit of the doubt. But I can't read it any other way than this. By "inputting data ... or engaging in any other form of communication with or through the Passport Web Site" -- or any of its "associated services" -- you grant Microsoft the rights to "use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication" and -- just when you were thinking it couldn't get any worse -- "exploit any proprietary rights in such communication, including but not limited to rights under copyright, trademark, service mark or patent laws." Am I wrong? Is that not what it means? And, is Hotmail affected by this?

One of the key questions is what Microsoft means by "associated services." The terms of use agreement applies to "the Microsoft Passport Web Site" which they redefine in the first sentence to mean "a Web site and its associated services."

Later in the terms, they explicitly say:

"The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group (collectively, 'Communication Services')..."

That doesn't sound like a simple site for password- and personal-data-storage to me.

The really big thing that everyone seems to be worried about is, how is Hotmail email affected by this? Here's the Hotmail Terms of Use. So is Hotmail an "associated service"? How would we know? Passport is listed as one of Hotmail's "additional Microsoft web sites and/or services"; what does that mean? If Hotmail is associated with Passport, does that mean Passport is associated with Hotmail? (Is "association" associative?)

And the fact that any access of www.hotmail.com redirects me to a machine at hotmail.passport.com worries me a lot. How could these sites not be considered "associated"?

Some more tidbits...

Don't forget that Passport is a TRUSTe licensee. TRUSTe stands 100% behind their privacy statement, so you can really, really trust that All Your Bits Are Belong To Us. (The joke is that TRUSTe doesn't actually guarantee you any privacy. It supposedly guarantees that, if you can wade through the legal mumbo-jumbo, you'll find yourself being screwed in precisely the way that the lawyers tell you you're being screwed.)

Here's a directory of the sites that use Passport for single-sign-in or purchasing.

You read it here first. Slashdot predicted this eight months ago. "Microsoft Passport And Your Privacy," July 29, 2000: "...I'm sure Microsoft uses it as a user-tracking system more than anything else." Go read Joel's article, from eight months ago, in which he explains how Passport "eliminates the last line of defense protecting your privacy" and how Microsoft will "create a massive consumer information database."

An article in the Daily Aardvark points out that Netscape users have a hard time reading Passport Q&A.

Bryan Smith has a thoughtful rant about what this would mean for open-source software. Dual copyright? Hmmmm. Here's your link, Bryan: "Dual-copyright/licensing" of your IP withOUT your permission.

A RISKS submitter calls it "highway robbery."

Don't forget that Passport is the website for which Microsoft forgot to pay its $35 domain registration fee, back around Christmas '99. This is the company you want to entrust your passwords to?

And finally, All Your Bits may be hard to retrieve once they Belong To Us. jasonjwwilliams writes "After reading about the new Hailstorm.net initiative by Microsoft, and how once integrated with Passport.com, any communcations sent in conjuction with the service in any manner becomes the property of Microsoft, I asked Passport.com to remove me. The response: we don't do that, wait 12 months to be auto-removed. After three e-mails here's the bottom line I received:

"Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account."

"I don't know about anyone else, but I think this is a completely lame response and as far as I understand against the law. Anyone know who to get a hold of? This is arrogance gone too far."

Saving on comment space

[Anonymous Coward]

In the interest of saving valuable server space lets just summarize all the M$ zealot posts

Sure it's slimy, illegal as hell and completely self-serving but pure marketing genius!

You should know better than to send important shit through hotmail

Sure it says all our bit belong to them but we can trust Bill not to actually try it.

God I'm tired of you Linux zealots constantly bashing Microsoft, this doesn't really mean what it says. We can trust them.

Oh god yes, yes, give it to me Bill. No not THERE. OUCH, that HURTS. FUCKIN ASSHOLE, where's my vaseline?

Is there one honest M$ zealot out there who can admit this is pure umitigated bullshit? Didn't think so...

The last AYB

[Anonymous Coward]

Details here [nudehackers.com].

Extra: Slashdot editor researches story

[Tony Shepps]

I haven't seen anyone else say it so I'll say it. Jamie, it appears that you took this submission and fully researched it, then documenting the results of your research, including adding links where appropriate. And it wasn't just speculative research, but documenting the background on the story.

To top it all off, you checked for earlier /. stories, determined this to be a different story than the one eight months ago, but posted that story's link for those who wanted the original /. take on things.

You could have stopped at the first paragraph, and just posted the story as it stood, but you didn't. Applause all around, it's good work by you and my hat's off!

(...and to the usual crew, if yer gonna bitch when they mess up, give 'em a pat on the back and a round when they do well. It's just right.)

Passport Removal by phone works.

[strredwolf]

Call Microsoft by phone and ask for immediate removal. Tell them that information being transferred through the Hotmail/Passport portal is secure information and is covered by a third-party NDA. If they give you the "Wait 3 months" line, ask for a manager, you got a clueless frontline support idiot.

And yes, I did this a few years ago. It works.

--
WolfSkunks for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.keenspace.com";

Re:Copyright cannot be transferred accidentally

[Chris Johnson]

Balls. Better go tell mp3.com and indeed every single site on the web that _publishes_ copyrighted information.

What is confusing you is this: 'transfer'. There is no transfer, because you are not _giving_ _up_ your own copyrights. You still keep them and have full rights to them. This is not that difficult to understand. It'd be very much another story if MS were trying to _take_ your own rights away from you so you can't have them. They are shrewd enough not to attempt this. Instead, your rights become nonexclusive because MS gets total permission to do whatever it likes with the copyrighted materials- anything that is not actually a _transfer_. There is no transfer because you keep rights too. It's an assignment of rights, a licensing. There is loads and loads of precedent that you can do this in a nonexclusive way on the web with only a click-through- or not even that, in the case of mp3.com's new terms, when the previous terms included securing your automatic agreement to new terms after a time period, with or without your knowledge or consent.

I Am Not A Lawyer either- but I am more of a not-lawyer than you ;) honestly, where does 'transfer' even enter into it? You get a grip yourself- this is perfectly real.

*tadah* enter Not A Lawyer Man!

[Chris Johnson]

Unless you are a signatory to a Passport Participant License and Service agreement...you may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, or sell any information, software, products or services obtained from through the Passport Web Site and service.

The main thrust of this is, if you are doing business with anyone using Passport, _you_ must also sign up, or be prohibited from using the materials. Basically it's leverage on people using it in a business setting: if you get sent materials or business stuff through Passport and make use of it without yourself being a member (this would include email, and certainly would cover anything like free web hosting space), you are a criminal and can be prosecuted even if the person sending the information intended for you to use it. They retain a copyright of their own on the material so you're not 'infringing on the copyright' but you never consented to Microsoft's terms for use of materials transferred via Passport, so you'd be sued basically for abuse of the service (taking advantage of it without signing up). This will hold up a lot better in the case of a web hosting service- it'd be a little insane applied to e-mail.

You agree that no joint venture, partnership, employment, or agency relationship exists between you and Microsoft as a result of this agreement or use of the Passport Web Site or service.

This one's easy: if not for this clause it could be argued that Microsoft, for being legally allowed to entirely control communications between people, may be acting as an 'agent' or employer. Basically, it's not so unusual for an entity to provide the communications channels between someone and someone else, even including the ability to harshly control the sort of communications permitted. If you were an author and needed someone to be the communications between you and book publishers, you'd get an agent, who would be the go-between and may have other protections like restricting your ability to simultaneously do other submissions (I'm not up on that part really). Microsoft is taking a role of a communications middleman and asserting controls and limits on the means of communicating, asserting exclusivity, so they are an agent. The reason the clause specifically says you agree that they're NOT an agent is because presumably agents have rules they have to follow, and Microsoft wishes to be able to assert the rights of an agent without suffering any of the limitations.

King County, Washington, U.S.A.

Conspiracy theories are all very fun but I suspect this is simply the nearest court to Microsoft HQ. So, if you sue, then _you_ have to travel, and the Microsoft lawyers only have to stroll down the street a few blocks. Perhaps they'll build a little bunker right by the court for comfort and convenience! :)

Re:Collision with GPL?

[Chris Johnson]

Ow... the kicker here is that dual licensing _is_ legitimate. As a software author I am allowed to do that- I GPL stuff and that code then is completely bound by the terms of the GPL, but if I'm not mistaken, I and only I am allowed to also release the same thing under other different licenses. None of this can un-GPL the GPL license- but for instance if I am the sole author I could simultaneously do GPL and also release the code to a proprietary person. They would have no access to GPLed modifications as they did not agree to _that_ license, but they would be able to place whatever stupid restrictions they wanted on their own little version of the code.

With me so far? Good, here's the kicker. Under the Passport Terms of Service, if you are the sole author of something that's open source and you're contributing it to someone else under the GPL or any other license... well, MS can deny that the person has a right to use the 'means of transmission' (Passport) without signing up. They cannot 'un-GPL' something you GPLed, or take away people's rights under that license...

BUT! If you are the sole author, and thus legally able to assign licenses and dual-license your stuff, YOU are giving Microsoft their own special license to that GPLed code, which is subject to NONE of the restrictions you intended to place upon it. They don't get access to further development- but the other development does not get access to whatever MS does to it, because effectively YOU gave them a special license with no restrictions or obligations. This exists alongside the GPL license you originally intended.

If I'm not mistaken, this can only take place if you're the sole author and legally able to do such sublicensing- if I download all of Debian, I don't become the original copyright holder, and though the licensing allows me carte blanche it doesn't let me do special sublicenses for stuff that's not mine. But if you are the sole author, you do have the capacity to simultaneously use different licenses and that is the sort of person who would be hosed completely by this trick.

So- just by using Passport it doesn't give you the power to give Microsoft stuff that is not yours to dual-license, and that emphatically includes GPL stuff that _cannot_ be dual-licensed except by the original author (once it's out there it stays GPL, that fork remains uncorruptable). But if _you_ introduce stuff that you are the original copyright holder, and use Passport- you cannot enforce that the code is GPL, because you're simultaneously giving MS its own distinct license, which they have total freedom to do anything they want with it AND to license the result as restrictively as they want. Your use of GPL _does_ _not_ affect MS's license of the stuff sent through Passport.

The question on my mind is: can a router be made to be part of Passport? If my ISP ended up forced to run stuff through Passport and signed something that said 'all your users are belong to us', would this end up binding me even though I didn't willingly sign up?

Re:Wow.

[Chris Johnson]

It's not a _sensible_ argument. It's a potential _lawyer_ argument. As such, I think it's intentional, and they do plan to be able to obfuscate things in that way, so it'd be well to be ready for it.

Wow.

[Chris Johnson]

One of the implications here just hit me- and I am _seriously_ impressed. GPL people and potential license infringement policers, listen up.

So- you're finally suing Microsoft. You found they used GPLed code in something- or you're not GPL but they used your code anyway- or for that matter you're an ambulance chaser and you're just suing them because you think you can get a jury to think they stole your code. Whatever. Your argument is, "This == my code, that == Microsoft's product, thus == pay me lots of money for stealing my IP."

Here is the Microsoft defense's response:

"PROVE you did not ever transmit this code over a Passport property!"

Chew on that one for a while. And remember, these are the people who forged evidence in Jackson's court despite a blaze of publicity and sharp government lawyers! Now, what would they need to buttress their case that you had at some point sent the code/art/property through Passport? A server log, a user name, a password. Now, attend closely: WHOSE servers are these that they would need to find this evidence on? Of course they are.

This is a _damned_ impressive potential legal roadblock to suing Microsoft over IP, and it emphatically addresses the open source problem: basically, no matter who you are, Microsoft can use your code in proprietary software and _if_ you figure it out and sue them, it becomes your problem to prove that you have never used Passport and sent the code over it: and who owns the servers that would contain the evidence you'd done just that? One guess. The Microsoft lawyers now have a terrific defense against any such charges: they'll make you the defendant. If you insist you never used Passport- "Well, then, do these server logs imply that you used our service CRIMINALLY, violating our terms of service?".

The possibilities here are so evil and cunning that even I am impressed, and they don't usually impress me- but then they don't usually manage anything with this degree of subtlety either.

Just be warned. The "You must have used Passport" defense needs to be taken into consideration.

From ICQ's TOS

[DCMonkey]

Note the exclusion of user to user communications in this snippet from ICQ's TOS [icq.com]:

Please note, that ICQ Inc. does not want to receive any confidential, secret or proprietary information and material from you through the ICQ Web site, ICQ Inc.'s mail and e-mail addresses, the ICQ Services and Information or in any other way. Any information or material submitted or sent to ICQ Inc., excluding private communications between a user and other users that are not subsequently made available to ICQ Inc., will be deemed not to be confidential or secret. By submitting or sending documents, information or other material ("Material") to ICQ Inc. or by posting information entered on the various ICQ directories, tools and messages on the ICQ message boards you (1) warrant that you have no rights of any kind to the Material; that to the best of your knowledge no other party has any rights to the Material; (2) grant ICQ Inc. an unrestricted, irrevocable license to use, reproduce, display, perform, modify, transmit and distribute the Material, and you further agree that ICQ Inc. is free to use any ideas, know-how, concepts or techniques you send us for any purpose.

Re:Yahoo!, anyone?

[phil reed]

Their excuse was that they needed those terms to be able to deliver the user's content on their hardware as it existed or might exist in the future, plus do things like back it up. Somehow, when the uproar got too loud, they figured out a way to change it.


...phil

Re:All Your Genetic Makeup Are Belong To Us

[DunbarTheInept]

But oddly, you don't compain about not being able to delete your slashdot account.

That's because Slashdot doesn't have the hubris to claim it owns everything we post. If they did, then it might become an issue.

Old News

[LoCoPuff]

You know, I read the TOS too, and it's pretty clear that they're talking about forum posts and the like:

The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group collectively, ("Communication Services"), you agree to use the Communication Services only to post, send and receive messages and material that are proper and related to the particular Communication Service.
conspicuously absent from the list are communications between individuals.

One issue often overlooked in these things is the problem that plagues some publishers and causes them to reject unsolicited submissions: what the hell do you do when somebody hands you the outline for something very similar to a project you have under development? If you accept it, then you risk accusations later that you're a thief. ("Man, I said last year they oughta' put spellcheck into Explorer! Them bastards stole my idea!") Alternatively, if you simply state that you can use any ideas posted in the forum, then you've covered that possibility and maybe avoided a nuisance suit.

Now if the Reg had bothered to go to Hotmail itself, they might have found this:

It is Hotmail's policy to respect the privacy of its users. Therefore, Hotmail will not monitor, edit, or disclose the contents of a user's private communications unless required to do so by law or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal process served on Hotmail; (2) protect and defend the rights or property of Hotmail; or (3) act under exigent circumstances to protect the personal safety of its users or the public.
not ironclad, but probably as good as the ISP through whom they're being accessed.

Who deserves privacy for free services?

[mikl]

If I recall correctly, both Hotmail and Passport are free services provided by Microsoft. Therefore, Microsoft owns the service(s), and is not "selling" the user anything. Last time I checked, when you own something, you can pretty much do what you want with it.

Why should a user expect any privacy from Hotmail or Passport? I don't see why its a big deal. You don't HAVE to use their services! I've been on the Internet for 5 years now, and I'm yet to be compelled to sign up for a @hotmail.com email address or use Passport. It isn't like this is some cornerstone of the Internet.

The only people that use Hotmail are spammers, kids, and AOL-type users. Anyone with a legitimate business, or anyone transmitting private information, should be using a real mail service, and not passing around important information on a free account.

As for Passport, the whole idea of the system is flawed, and anyone who is stupid enough to trust a single web site with all your passwords and credit cards DESERVES to get exploited and taken blatant advantage of.

Just my two cents worth,

Michael Merritt
michael@miklm.com

Not if you use their stuff...

[Svartalf]

For some things from them, you have to have a Passport account before they'll let you download.

Re:Old News

[Palin Majere]

Now if the Reg had bothered to go to Hotmail itself, they might have found this:

And they might also have found _this_:

"Click on the link below for the terms and conditions which govern these additional Microsoft web sites and/or services:"

Guess what's in the list of links... You got it. "Microsoft Passport". This means that your spiffy Hotmail "account" isn't actually actually a Hotmail account. It's a Passport account that allows you access to the Hotmail "service". What's the impact here? That you are agreeing to the Passport TOS when you sign up for Hotmail.

Perhaps you should read your own quote when you say that they're "talking about forum posts and the like". "electronic mail postings" certainly aren't forum postings, and "other message or communication facilities designed to enable you to communicate with the public at large or with a group" sure as heck covers a _vast_ amount of territory. It's not "just" forums, folks.

And, you should look at the Hotmail TOS itself for evidence contrary to your claim that Hotmail prohibits that sort of behaviour:

Microsoft does not claim ownership of the materials you provide to Microsoft (including feedback and suggestions) or post, upload, input or submit to any MSN Site/Service or its associated services for review by the general public (each a "Submission" and collectively "Submissions"). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Microsoft, its affiliated companies and necessary sublicensees permission to use your Submission in connection with the operation of their Internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission."

Of course "Hotmail" _says_ it would never invade your privacy in those manners. The problem is, they're not. You're explicitly giving up your privacy to Microsoft as part of this agreement. There's no such thing as "a user's private communications" on Hotmail, because you've already agreed to give up your rights to that information twice. Once when you signed up for the Passport account, and again when you used the Hotmail service to send it out.

Oops. As the Privacy Nazi might say... "NO PRIVACY FOR YOU!"

How they will get out of it

[leonbrooks]

So maybe this would be a good reason to get M$ back in court

It seems that Bill or his lawyers read history. If time were in a position to honour anything, we would be considering a time-honoured practice here.

The exact same method was used to acquire enormous power by the Medievel Church. They worked very hard to become confessors to important people [tripod.com], then used or sold the information confessed [mtc.org] for even further political entrenchment. Of course, if someone became too much of an obstacle, they could always be bumped off their perch [aol.com].

So... Microsoft are taken to court, and then one day a judge finds an email in his inbox with copies of emails to and from his son's Hotmail account - concerning specific indiscretions - attached; or copies of an email conversation between him and a particular woman; or whatever. I'm sure you get the idea.

Suddenly, having Microsoft lose a case seems an exceptionally bad idea to the judge. Meanwhile, the other judges are seeing rising pressure from friends and relatives (many of whom, it seems, also have Hotmail/Passport accounts), which combined with another astroturf movement [computerworld.com] might be enough to throw the case.

Automatic reformat after a year of constant use

[leonbrooks]

Due to security reasons we do not allow nor do we have a feature to delete Microsoft Windows from your system. Rest assured that if you do not access your computer within 12 months your hard drive will automatically be reformatted.

It's been my experience that the likelihood of your hard drive being reformatted without warning increased with sustained use of Microsoft products.

Microsoft haven't actually explained how they intend to implement remote software disabling.

PLEASE WAIT WHILE YOUR HARD DISK REFORMATS

[ OK ] [ TOUGH ] [ SO SUE US ]

Send to allyourbitsarebelongtous@hotmail.com

[leonbrooks]

Co$ material, DeCSS, Halloween Letters, anything else dangerous, feel free to send it this hotmail account [mailto] and it'll be sent to itself just to be sure. (-:

As I read it, you don't lose copyright on material sent though Passport-related sites, but The Borg gets copyright (and other things) on it as well.

Re:Concerns on LKML

[Gromer]

Not true. The Hotmail user who recieved the mail is the one who agreed to the Hotmail TOS. The Linux developers never made any agreement with Hotmail. Thus, MS would have no grounds to appropriate IP belonging to the kernel developers. Even if the TOS gave them that right, the person who agreed to the TOS had no authority to grant them that right, anymore than I can sign a paper authorizing you to give away free copies of Windows.

Similarly, if a kernel-dev mail came from a Hotmail account, even under the craziest readings of the Hotmail TOS, the only IP which MS could appropriate is that belonging to person who sent it through Hotmail, not the entire kernel, because the sender doesn't own the rights to the entire kernel. Still, unraveling a mess like that could be ugly.

Personal and non-commercial use only

[banky]

While I do understand the implications of MS's move to own all our bases, the license everyone is so upset about specifically states, "personal and non-commerical use only". So, at worst, doesn't that mean MS will know I'm going to Cancun, my girlfriend's name is Sarah, and we aren't renting a car?

I guess my major disconnect here is I can't imagine anyone in their right mind trusting their company to an open service like this. It baffles me.

A reminder

[Ektanoor]

Ok people. You have been warned. You are being warned. And you will be being warned for a while.

However I doubt that 80% of you will care for this. Because Passport eases your lives. Because you don't have to remember, write on your hand or repeatedly type lots and lots of info about you, your family and something else. Of course you think that you can pass over it, that your freedoms will never be endangered. And maybe you think your children can pass through it too. Maybe even your nephews, grandsons and grand-grandsons may also pass it through... But that day may happen when some John Doe Jr Jr Jr will realise that he has nothing more than his body as ownership. And maybe he will not even have the right to own it.

You may think that these small underminings of civil rights are an easy price to pay. In late Roman Empire there was also a similar process that lasted nearly 200 years. It was the formation of what became known as latifunds, large pieces of land belonging to one person. That was also the base for the creation of feudalism and the beginning of the Middle Age. People offered by little their freedom for the protection of their belongings. There are several examples of this early process of feudalisation in letters from what is now Romania, France, Spain and Austria. Besides the protectors basically were not our "analphabet, rough, barbars" of History books but usually proeminent figures of the Empire, usually military ones. It were they who laid the foundation for the New Order. It were they who destroyed the last remains of Rome and wiped completely the cultural basis of that time. There is a certain Boecius who wrote a little about this exactly on the last years of Rome.

Why I am telling about this. Because you are doing a similar thing. You are giving away your rights, your identity, your ownership for the ease of a click. And a day may come when you can only get these things back if someone allows you to click. Or else you are nothing, a dropout, an alien, an abortion thrown over the sideways of the Information Highway.

You had one guy that loved too much to play with funny inventions. I believe that God gave him a chance not getting fried because he was also a big thinker. And once he warned that if someone gives a little bit of his freedom for security he has no right for being free. Confort is somehow also a bit of security. We should note that Mr. Franklin spoke about freedom in the society of very rich people who exactly care about confort as a part of their security. Today a larger segment of Americans can feel a little bit more of it. So remember that crazy founding father of yours. He was also a genius of Philosophy.

Oooooooh. I forgot, you Americans fell quite DISCONFORTABLE with Philosophy...

Re:A reminder

[Ektanoor]

I am not talking about perfections dear Sir. I'm talking about a society that valued some freedoms. However tis society started to trade these freedoms for a more confortable and easy life. By selling, renting and lending information uppon which one may influence personal lifes. That's the point I make. Your freedom today in the US may be in the balance of the level of your self-conscience as citizens and your desires as consumers.

Excuse me your optimism but such trade-off is mainly seen in America.

And what concerns "comfortable"... Mr. All Correct, I'm an european. In several european languanges "m" only appears in front of of two consonants: "p" or "b". And usually the root "confort" is what I may use more frequently in the languages I know. Anyway, sorry for trashing the english language with my barbaric continentalisms.

Legalese for: "You don't get roses or a kiss."

[crovira]

By "inputting data ... or engaging in any other form of communication with or through the Passport Web Site" -- or any of its "associated services" -- you grant Microsoft the rights to "use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication"

That's like the phone company claiming the profits to a stock transaction that was called in.

Re:Collision with GPL?

[TrentC]

So let's say I'm discussing something techie via e-mail or a discussion forum using the Passport site and by way of example I include a snippet of GPL'd code. My reading of MS's Passport terms tells me that they now have the right to use that snippet of GPL code, create derivative products, etc. Doesn't that collide with the GPL? Sounds like a lawyer's wet dream...

It does not collide with the GPL, because the GPL is the license under which you release your (implicitly) copyrighted work.

The Passport Terms of Service [passport.com] is an attempt to re-hack the copyright issue in their favor by saying that, when you use their service, you are agreeing to give them a free (an is no-compenstation) unlimited license to do whatever they want with any copyrighted material that passes through any Passport-"affiliated" service. (Note the section labeled "License to Microsoft" to see what I mean.)

So in essence, your code could be considered to be under two licenses; the GPL and the MS-specific "AYBABTU" license. (Hey, I like that name...)

Dual-licensing is possible -- IIRC, Mozilla is offered under both the MPL and the GPL now. And I believe Troll Tech still offers Qt under the GPL and the QPL.

Jay (=

A humble solution (and a silver lining)

[FreeUser]

I must say, the number of apologist posts downplaying what is an obvious mass grab of other peoples intellectual property on the part of Microsoft is downright amusing. The amount of spin being put on this is worthy of the finest Clinton or Busch media machines.

Anyone reading the plane English of this license cannot help but see that, very clearly, the end user is required to grant Microsoft any and every right to their ideas, their work, even their patents, just by processing their information through a piece of software which happens to use Passport as an authentication mechanism. This could, in the future, include any document written by Micosoft Word (using passport to authenticate the author or encrypt the file as a new feature, etc.), sent through a Microsoft mail server, or served from a Microsoft Web server.

Microsoft has a well documented history of stealing other peoples work (and getting sued for it, and being required by the court to make appropriate reparations to the aggrieved parties). This isnt about avoiding frivolous lawsuits, this is about legalizing a reprehensible tactic they already engage in: theft from their customers, their competitors, and anyone else whose idea they like.

There is, however, a silver lining to this dark cloud. Two states have already, very foolishly, passed UCITA legislation, giving this sort of EULA the force of law. One would hope the courts would overturn such an onerous condition, particularly in light of the fact that nearly every party to this agreement has no idea what theyve agreed to, but one cannot assume reason will always prevail.

If it doesnt, it wouldnt be too terribly difficult for the authors of Apache, sendmail, various USENET and chat servers, and so forth, to add a clause to their respective licenses reading something like this:

By inputting data or engaging in any other form of communication with or through this software, or any of its associated services, you grant the Free Software Community and the world at large the rights to use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication and exploit any proprietary rights in such communication, including but not limited to rights under copyright, trademark, service mark or patent laws.

This would be a potent weapon indeed for the Free Software community to strike a possibly leathal blow to copyright and patent law, once and for all (until such a time as another court rethinks this kind of thing, or a law is passed making such onerous and unreasonable property grabs illegal). Much of the very infrastructure of the Internet is powered by free software of one sort or another. If the courts should uphold this kind of behavior, we as a Community are in a position to use it in liberating far more knowledge and intellectual property, doing the Copyright and Patent Barons far more damage (and correspondingly far more good for free science and free software) than they could ever do to us. We arent compelled to use their software, but if they are using the internet at all, they are almost certainly using ours.

Re:I hope everyone will boycott

[pivo]

Only some of these are owned by M$: http://www.passport.com/directory/default.asp [passport.com]

Re:This just in...

[Pope Slackman]

"All your top-secret spy plane are belong to us."

For great justice, take off every 'MiG'.

C-X C-S

Re:It should be...

[Zico]

Jamie, out of curiosity, why didn't you ever try contacting Microsoft/Passport? Journalism is a little more than cutting and pasting a plagiarizing other people's comments about something. I saw eleven or twelve question marks in what you wrote, so is there any reason in particular why you didn't get off your ass and try to add something original to all those links you posted, like, say, a response from Microsoft?

Cheers,

Re:Why use Passport at all?

[Sloppy]

so he paid you to fill it out

Or, depending on your point of view, he charges you extra for not filling it out.

When the grocery stores started using those "discount" cards, they increased their prices. So the non-card price became higher than the pre-card price, and the card price became about the same as the pre-card price.

You can never come out ahead.

---

Re:Concerns on LKML - NO! [ THEBS' SPEAKS! ]

[BitMan]

NO! Only the original copyright holder on software can give his/her copyright to Microsoft. God, my article is getting out of hand!

I'm putting up a new version (with the INcorrect statement about "license revocation" removed).

-- Bryan "TheBS" Smith

Re:Yahoo's not much better

[HiThere]

If I'm reading that correctly, Yahoo's license to publish your stuff terminates as soon as you remove it from the system. I think that they may need that kind of license on the temporary basis that they claim it for.

And if you elect to publicly publish is, then it seems that you have made it available for public distribution. So that's fair.

I'm not too thrilled about the "sublicense, perpetual, and irrevocable" parts, however. Still, that only applies to stuff that you publish publically.

Caution: Now approaching the (technological) singularity.

Re:IF we protest, they will change

[Royster]

This adds fuel to the first of the Microsoft Antitrust appeal doesn't it?

No. The facts of the case are those presented at trial. It's very difficult to get an appeals court to consider new facts that didn't come out at trial. That is sometimes grounds for a new trial, but often it is not.

The appeal will be decided based on the facts in the court record.

Re:Concerns on LKML

[Royster]

The concern is that patches that a developer might write (and thus holds a copyright interest in) and submit to LKML from a Hotmail account might be seen as being licensed to Microsoft/Hotmail. The license allows MS to use this code. It does not assign the copyright in the code to Hotmail which is what would be required if MS were to use it to restrict distribution (which they couldn't do anyway because of the GPL.) Assignments of copyright *must* be made in writing to be legal.

Just anyone mailing pieces of source code around would have no effect if they have no copyright in the code.

Re:Old News

[Royster]

The pertinant part being:
Hotmail will not monitor, edit, or disclose the contents of a user's private communications unless required to do so by law or in the good faith belief that such action is necessary to: ... (2) protect and defend the rights or property of Hotmail

If they think your patch is their property or a right they posess, they will defend that right as they see fit.

Concerns on LKML

[Royster]

Someone posted a message [alaska.edu] to the Linux Kernel Mailing List telling people not to use Hotmail for patches to the kernel.

It may be an overreaction, but it's probably still a good idea. It would be a messy court fight if it ever came to that.

Re:Why use Passport at all?

[Roundeye]

I'm a big fan of XNS.

There's actually no reason Microsoft couldn't use XNS in place of their Passport authentication (and users would definitely benefit from the increased control over their information) -- unless they really aren't concerned about their users' privacy.

Maybe if enough people pushed for it...

What shocks me...

[still cynical]

...is that anyone is surprised by this. Why shouldn't they do this? It's not like they've ever been given a serious disincentive before. And the current administration gives every indication that they will ENCOURAGE behavior like this! How many press releases about the anti-trust lawsuit have you seen recently?

Expect more of the same in the future. We, and the government that is supposed to represent us, have given them no reason to stop.

Re:All Your Reg Stories Are Belong To Slashdot

[mattbee]

Even the guys at the Register are wise to this-- ISTR Kieran writing to say that Slashdot thought they were `too tabloidy or something'; not sure where this impression came from, but they've noticed a grudge. Would be nice if the Slashdot staff would occasionally step forward and engage with their readership a bit; seems like they take themselves way too seriously these days.

Illegal Material

[Perlguy]

So, does this also mean that if we send "illegal" material, such as the DeCSS code, through it that Microsoft then owns it - and would therefore be in violation of the law?

Re:Wrong Number

[mindstrm]

No actually.. I didn't...

Re:Wrong Number

[mindstrm]

Well.. the original phrase is 'All your base are belong to us'... but of course, base was supposed to be plurall.. it should mean 'we have conquered all your bases!' or some such thing.

SO in order for the title to fit with this mis-translated-yet-somehow-taking-the-world-by-sto rm statement, it should read 'all your bit are belong to us!'

Re:And What are Slashdot's Terms of Service ?

[listen]

Look down the bottom of the page:

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2001 OSDN.

Re:Plagiarism!

[angelo]

And? Why are you responding to my post with the title "plagarism!"? I don't even read the register.

So, clarify something...

[TBHiX]

If you mail a warez crack, DeCSS, kiddie porn, or something similar to yourself using a Hotmail account, does this mean Microsoft can be held legally accountable. :)

This could have possibilities, if we can dig up a few kamikaze mailers....

-TBHiX-
All my comment are belong to me. You have no need to agree make your dissent. For great amusement!

Re:Ouch

[mistered]

Well, actually only the idiot spammers let you see anyone else on their list. Since the To: field has no relationship to where the message is actually delivered, any spammer that lets you see other addresses is a total moron.

Re:Here's Microsoft's response - be thankful!

[AtariDatacenter]

I clicked on your URL. And actually, I was thankfully surprised. It didn't require that you already have a Microsoft Passport account in order to read the Terms of Use. Isn't that downright friendly of them?

Re:Wow.

[DarkMan]

IANAL

It's not quite that bad - If you can prove you wrote the code, it becomes Microsoft's responsability to prove that you sent it over Passport stuff.

It is not up to you to prove you didn't.

Admitingly, if you belive that they would falsify evidence, then that's a moot point. But barring that, the onus of proof is on them, not you.
--

So with their NSA dealings...

[hardaker]

Microsoft has been in the news a lot lately and in the past about whether the NSA has backdoors in windows code or not. They may not have a technical backdoor to your passwords, but it sure sounds like they have a legal one now.

Collision with GPL?

[Rocketboy]

So let's say I'm discussing something techie via e-mail or a discussion forum using the Passport site and by way of example I include a snippet of GPL'd code. My reading of MS's Passport terms tells me that they now have the right to use that snippet of GPL code, create derivative products, etc. Doesn't that collide with the GPL? Sounds like a lawyer's wet dream...

All Your Reg Stories Are Belong To Slashdot

[albalbo]

When will this bullshit anti-Register stuff quit? The Reg came out with this story ages ago (see http://www.theregister.co.uk/content/4/18002.html) , even with the "All Your..." lead. This is nothing but a re-hash.

It happens so frequently. Interesting story on Slashdot, frighteningly similar to recent Reg story, sans any quote of the Reg or link to their story. In fact, Slashdot seems to _never_ post Reg links any more, and seems to enjoy taking shots at them (witness them being described as 'scare mongerers' during the CPRM debacle).

S'not cos El Reg gets better stories and funnier content is it? And while we're on the subject, what's up with not linking to BeSpot?? Huh???

Boycott brewing.

[Tomy]

Here's [moongroup.com] the most constructive way to deal with it.

Activism

[miracle69]

Here [moongroup.com] is the way to protest this.

Copied below (because black text on black background doesn't work - at least in Konqueror)....

Microsoft should be feared and despised!

After taking the time to read the Microsoft Passport Web Site Terms of Use and Notices I have had a belly full of them. The potential damage they can do with this license is staggering. I encourage everyone to take the time to read it, particularly the section entitled "LICENSE TO MICROSOFT". If you've ever had any doubts about the nature of that company reading that section should put them to rest for good and all!

I don't know how many times I've heard Microsoft described as "evil" by Linux zealots and open source supporters (which I am both) and thought, "They're losing it... Microsoft is just a company!" but now I'm forced to agree with them. This license is heinous, and more, it's frightening because I know that some people won't read it and will lose the rights to their own data/content without knowing. Add that to the fact that the license is clearly attempting to gain the rights to *ALL CONTENT WHICH PASSES OVER ANY SERVICE THEY PROVIDE*. For example... this article could be copied by someone and sent to someone else who uses the hotmail email service. According to the license Microsoft would then own the rights to this article! Unbelieveable you say? Go read it and see for yourself.

Most of the time when confronted with things like this I may rage for a while but I usually conclude that there is little that I can do to cause the policy to change so why bother doing anything at all but not this time!

Effective with this posting the following blocks are in place against email inbound to MoonGroup.com or any of it's domains. If you truly understand what their license means you will do the same on your mail server.

msn.com 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
msn.net 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
microsoft.com 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
microsoft.net 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
hotmail.com 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.
hotmail.net 550 Microsoft licenses are unacceptable. No mail from their services will be accepted.

As this is clearly a pre-cursor of what Microsoft's .Net initative is all about I will be watching very closely to see where it goes. I had thought that SOAP might be something very useful which would help to open them up a bit but after reading this license it's clear to me that all that .Net and Hailstorm are going to be is just another sad example of "embrace and extend".

I fear them for what they are doing! I despise them for doing it!

Good luck to all of us... we're going to need it!

Here are some related links:

The Register.COM article: http://www.theregister.co.uk/content/4/18002.html

Troubleshooters.COM new copyright and other articles: http://www.troubleshooters.com/cpyright.htm http://www.troubleshooters.com/tpromag/200104/2001 04.htm#_new_copyright http://www.troubleshooters.com/tpromag/200104/2001 04.htm#_three_articles

LEAP Thread (first article in thread): http://lists.leap-cf.org/pipermail/leaplist/2001-A pril/011248.html

By Chuck Mead on Monday April 02 2001 @ 11:55PM EDT

SLASHDOT HAS THE SAME T.O.S.!!!

[fixion]

All your base are belong to Slash!!!

Check out the TOS from the Open Source Development Network [osdn.com], the Slashdot parent owned by VA Linux. The TOS is available at http://www.osdn.com/terms.shtml [osdn.com].

Of particular interest would be the clause in Section 4 of the OSDN Terms of Service: "the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed"!

Slashdot owns my intellectual property! Oh, the horror!!

Sigh.

So what should we learn from this? We should learn to put our paranoia in check and consult a lawyer before we open our mouths.

This clause is in virtually every TOS for any web service and is designed to protect service providers from litigious jerks who do things like sue service providers because their web page appeared in a marketing brochure for the service provider or (even worse) litigious twits who do dumb things like claim "They've infringed upon my copyright because they're keeping a 'copy' of my work on their servers!!"

These standard clauses are NOT designed (nor would they legally allow) the service provider to claim legal ownership of the content in question.

This same old tired shit hit the fan a year ago when Yahoo bought Geocities and someone noticed a clause in the TOS (that had been probably been there before but just not gotten any press). See the Wired story [wired.com], the Wired follow-up [wired.com], and the obligatory Slashdot reference [slashdot.org] from last year.

Yahoo caved to the PR blitz and rampant public ignorance and slightly modified their TOS to make it more clear. Microsoft probably won't . . . simply because they're Microsoft and they don't need to.

Maybe the angry hordes ought to jump down OSDN/Slashdot's throat now, eh? I bet they could get OSDN to cave and change their TOS, right?

Or maybe they should just take a deep breath, get a grip, and wise up.

better yet

[winse]

Actually maybe everyone should sign up for three or four accounts...and fill them with all the spam they can sign up for. I've already done my part, but perhaps this could be automated. I wonder how many pedabytes their whole system could really hold? I mean I just need 3-4 hundred thousand accounts full of pr0n mail.

Re:An Opening?

[MadAhab]

So how about this scenario:

10 Someone posts something horribly offensive to a forum there. They now own it and are therefore responsible for it.

20 They are sued by whatever group is offended or injured by the posting.

30 Goto 10

That's not a horrible idea - but you'd have to catch them claiming to own the post in the first place - save this one in your pocket. If they ever republish stuff, then publish Co$ docs and sit back.

It would be far more likely that the reverse would happen - if they've ever dodged responsibility, then use this defense when they claim ownership. Less satisfying.

Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

LIke you couldn't see this coming!

[CAIMLAS]

This is precisely why I stopped using hotmail when MS bought the place - they can't be trusted. This is also a good motivation to read TOSes more carefully (or to start reading them if you don't currently).

This also brings to mind that 'one apple ruins the bunch' - or however that saying goes. This type of devious behavior has likely not simply started with the advent of passport, and is more than likely simply a revenue through which to do it "legally." I mean, seriously here - what's to say that MS hasn't been secretly selling, using, etc information that passes through their systems? Everyone who's ever used a notmail (did I say that?) account since the MS takeover gets craploads of spam each day, even if it's a new address.

The way things are now, MS is simply a more efficient, more respected Big Brother than the government, and possibly slightly less informed. The loyalty shown to MS is also much more substantial to that shown towards the government, increasing the 'scare factor' of the situation.

-------
CAIMLAS

Re:TRUSTe? What a joke!

[alecto]

Concur. I generally regard TRUST-E as a warning label. Just like meatspace business that tout their association with the BBB, I find that generally those with the most to be ashamed about are the loudest in proclaiming their association with one of these organizations.

Off Topic

[Simon Brooke]

Who died and made ICANN boss?

Jon Postel, of course. IANA, to the rest of you. RIP; all those people who criticised him while he was alive and doing the job by himself should look at how much worse it's being done by an expensive, unaccountable beaurocracy now he's dead.

Had a beer with Jon in Geneva, six months before he died...

Re:Why use Passport at all?

[Tackhead]

> [Dell] had a special deal where you got 20% refund (I think) if you used Passport to submit your info. Made no sense why,

Makes perfect sense. Passport is a data aggregator - since all your bits are belong to Passport, Passport can resell that data to marketers to provide you with spam, telemarketing calls, and junk snail mail.

Bill just got tired of the fact that nobody fills out warranty registration cards because they hate junk mail, so he paid you to fill it out.

The assumption here, of course, is that Joe Sixpack will continue to use the machine as shipped by Dell, and Passport can continue to accumulate information on Joe Sixpack's profile, thereby increasing the value of that data to multiple customers beyond the $500 check he sent you.

Of course, if you reformat the hard drive and install Linux, you come out ahead of the game by about $500 minus the cost of the Windoze license you bought with the Dell box.

> but I got a $500 check shortly thereafter.

...and a $5000 credit card bill two years from now when Passport gets 0wned. But since you're only responsible for the first $50 of fraudulent charges in the States, you're still ahead of the game by about, well, $500 minus $50 minus the cost of the 'doze license ;-)

Re:Arg!

[Wariac]

Sir, I would like to give you "props" for such a poignant and thought provoking post. I am about to re-read it, at which time I shall retire to my study to mull over your musings and perhaps come back and add my thoughts to your statements.

Kudos sir!

Re:All Your Genetic Makeup Are Belong To Us

[PacketMaster]

I also, after the July 29, 2000 article on Password, tried to get Passport to remove my account. The response I got was "we're working on that functionality at this time". Guess they've dropped that project....

Protecting our inoccent friends

[Peter Eckersley]

Hi....

We all have a lot of non-geeky loved ones who use Hotmail because they heard about it and their friends use it. I've explained to a few of them why they shouldn't use it, but it's a real hastle.

What we need right now is a cannonical "why you shouldn't use Hotmail" website. We could then set an auto-reply on every message from hotmail (or at least the first message from each account) pointing out the URL.

Does anyone feel like setting this up?

(Hotmail is probably a registered trademark of Microsoft Corporation)

End users should know MS is shafting them...

[Christopher Whitt]

so why doesn't somebody write an exploit for the "massive security hole" in IE mentioned here [slashdot.org] earlier today that will put a textfile in some or all directories of a victim system with a little message like

Microsoft Windows has many security flaws, one of which allowed this file to be created here without your permission. Nothing else has been done, but other files could have been deleted or modified without your knowledge. Please contact Microsoft and demand that they replace your defective copy of Windows (at their expense).

Note that Microsoft posted a security update on 2001-03-29 addressing this flaw, but that update was also flawed. It only works for certain versions of Internet Explorer, and erroneously claims the update isn't needed when it actually is. To apply the update you are also forced to download a different version of Internet Explorer, since Microsoft has chosen not to fix this flaw in most versions of their products.

Don't be content with paying exorbitant prices for low quality software.

It could be even dandier if such a virus made the locations of such text notices somewhat random, and had a stock of several different messages to choose from.

A really nice one would be to stick a little executable with some scary splash screen in an obscure directory, and then add a shortcut to the Startup folder or the RunOne key in HKEY/Local Machine/Software/Microsoft/Windows/. The file could delete itself after it ran.

It's too bad that something like is probably illegal, since it's about the only way most people would ever have a chance to clue in to MS's mistakes.

Oh well...

Re:Old News

[Datafage]

But their TOS does NOT say "in order to display it for you." It allows them to do anything they desire with your email, which happens to include sending it, but far from guarantees that is all they want those rights for.

-----------------------

Re:Well...

[Datafage]

And a good-looking woman who walks around without a bodyguard DESERVES to be raped.

-----------------------

Re:Well...

[Datafage]

We may not be surprised, but would you say she DESERVED to get raped, and that the rapists shouldn't be punished, and severely? You still can't justify that statement.

-----------------------

Don't forget .NET is associated with Passport!

[retrosteve]

If you think this is bad, just look at how dot-NET and Passport [cnet.com] are tied together.
If you use the new Windows XP, you are automatically a .NET (=Passport) customer!
...and therefore all your IP belong to us!

Never mind Hotmail and Passport, beware XP!

[retrosteve]

Okay, maybe I didn't make myself clear.
Boycott XP or be assimilated...

You don't have to use Hotmail or Passport to have MS own EVERYTHING you do. You just have to use Windows XP, which is claiming to be Microsoft's next "gotta have it" OS.

From the Microsoft White Paper on Hailstorm [microsoft.com]

Windows XP will integrate the Windows authentication system with the Passport authentication system, so a user can log onto Windows XP a single time and also be logged onto Passport and therefore be able to receive HailStorm services without an additional logon process. The release will also incorporate support for programmatic notifications, which means users of the HailStorm myNotifications service can easily opt to have their notifications delivered to their Windows XP-powered PC.

So talk all you want about using other mail and password services, Micro$oft plans to own all XP users too!

Wow, the Reg guys were right.

[Tridus]

Slashdot really does hate linking to The Register [theregister.co.uk], even though they broke this story last week and have been credited in every other article about it I've seen. They even used the All your Base reference in their original story. There is no mention of any of that here at all.

Geez.

All Your Plagiarism Are Belong To Jaimie

[szcx]

This is suprisingly similar to The Register article titled All your data (and biz plans) are belong to Microsoft [theregister.co.uk].

Not that I'd ever accuse a slashdot editor of plagiarism.

I hope everyone will boycott

[stevens]

I don't use passport, and now I won't. I don't care if it helps me achieve something I need; I'll find a different way.

This has come up before--I've given up some online business because they required me to have a passport account; I've written the vendor and told them why I will not threaten my own privacy for any reason.

The best we can do is not to use these services, and intelligently evangelize more privacy-friendly alternatives.

Steve

Whatever...

[supabeast!]

This is going to get moderated down to troll, but...

Passport is a "free" service provided by a company with decades of sleazy history. People should know better than to trust them from the start. We all saw Micro$oft screw one company after another. We saw what they did to Dr DOS and Stacker. We watched them show forged evidence to a federal court in their own antitrust hearings. And all of those actions were given plenty of press. People should know better than to trust Micro$oft already. Anyone screwed by this deserves it for using a Micro$oft service to begin with.

Yahoo's not much better

[passion]

Directly from Yahoo Mail's Terms of Service [yahoo.com]

With respect to Content you submit or make available for inclusion on publicly accessible areas of Yahoo! Clubs and Yahoo! Groups, the license to use, distribute, reproduce, modify, adapt, publicly perform and publicly display such Content on the Service solely for the purposes of providing and promoting the specific Yahoo! Club or Yahoo! Group to which such Content was submitted or made available. This license exists only for as long as you elect to continue to include such Content on the Service and will terminate at the time you remove or Yahoo removes such Content from the Service.

With respect to photos, graphics, audio or video you submit or make available for inclusion on publicly accessible area of the Service other than Yahoo! Clubs or Yahoo! Groups, the license to use, distribute, reproduce, modify, adapt, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available. This license exists only for as long as you elect to continue to include such Content on the Service and will terminate at the time you remove or Yahoo removes such Content from the Service.

With respect to Content other than photos, graphics, audio or video you submit or make available for inclusion on publicly accessible areas of the Service other than Yahoo! Clubs or Yahoo! Groups, the perpetual, irrevocable and fully sublicensable license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content (in whole or in part) and to incorporate such Content into other works in any format or medium now known or later developed.

Re:I am sure

[donutello]

Why would anyone trust their company secrets to Hotmail?

Where I work, sometimes when our mail servers are down, we use an external free email provider to exchange important messages with colleagues. When doing this, it is a very clear policy to state in the first line of the email that it is being sent via hotmail and no confidential information should be contained in any reply. Also, of course, the sender makes sure that no confidential information is disclosed in the original message.

Messages are simply of the form "The build is ready" or "I have checked in the fix for Bug #12345".

This is not because we don't trust the email provider but because we don't trust the security of messages transmitted as clear text over the internet. It would be foolish to do otherwise.

Not just Hotmail, though...

[TopShelf]

When I got cable-modem service installed, the first time I accessed my new email address there were already 10 spams in there. This was an address that had only been created a few days prior by the ISP's customer support staff. A nice intro to the new service!

Well...

[pongo000]

And, is Hotmail affected by this?

If anyone is using Hotmail for serious, private e-mail, they deserve to be exploited.

Associativity

[Tom7]

Slashdot says, "If Hotmail is associated with Passport, does that mean Passport is associated with Hotmail? (Is "association" associative?)"

That's not associativity, that's symmetry.

Hotmail fall's to Passport TOS

[Ghost-in-the-shell]

I just finished reading the orignal posting, and find it very disturbing. I am aware that Hotmail has it's own Terms of Use, and many people has pointed that fact out, but in a quick search I found this line in the Terms of Use [msn.com] for Hotmail. "Some MSN Sites/Services automatically provide you with a Microsoft Passport account when you open an account (e.g. Hotmail, MSN Explorer), to learn more about what a Microsoft Passport is please visit the Passport web site at www.passport.com [www.passport.com] " I belive this answers the orignal posters question as to weather or not Hotmail is affected, but how does it affect Explorer? How can a Online portal's TOS affect a application? Since I am not a M$ Guru, I am only assumeing that Explorer is refering to the application.

I have bad feeling that 1 year is not enough...

[tandr]

I did not use more then a year, I think, and was logged on in msn without any big trouble. But, do not count on my memory, somebody else should confirm it.

BTW, I have 2 different passwords for same email address with them. do not know how. one I use with msn messenger, and second was send me back whne I wanted to register for Whistler and forgot it. wierd, really.

oh, and one more. AFAIK in Europe you have to provide ability to remove all data from database per customers request.

tandr

What can a responsible sysadmin do

[heikkile]

Knowing how many clueless users there is in any organization, can a responsible sysadmin allow any sort of traffic from a corporate firewall to any sites "associated" with this "Passport" "service" ?

"Your mail to manager@bigcompany.com" had a delivery failure because of the following reason: Due to legal and ethical considerations we can not engage in communications with organizations that violate elementary privacy rules. If you wish to contact us, please do so through a reputable service provider"

Re:Personal and non-commercial use only

[rjamestaylor]

So, at worst, doesn't that mean MS will know I'm going to Cancun, my girlfriend's name is Sarah, and we aren't renting a car?

Well, just explain that to your wife when she gets a little note from Passport Information Services...

Re:SLASHDOT HAS THE SAME T.O.S.!!!

[Jammer@CMH]

Yes, that may be true, but /. does not market itself as a tool for private comunications. HotMail is a communications tool (but not too private), .NET is intended for business use, whereas ./ is a public forum.

If I post something to ./, and expect it to remain private, I deserve to lose.

Here's Microsoft's response

[legLess]

First (gotta get this off my chest):

2001-03-30 22:34:02 Microsoft Passport: we 0wn j00 (yro,microsoft) (rejected)

Second, following is an email a friend and I both got after we complained:

Thank you for your message to Passport Privacy.

We appreciate your concerns related to the Microsoft Passport Terms of Use. This issue has recently come under review, and will be addressed soon with an updated Microsoft Passport Terms of Use. You will be able to view the updated Microsoft Passport Terms of Use at http://www.passport.com/Consumer/TermsOfUse.asp as soon as it is posted.

We apologize for any inconvenience that this may have caused you.

Sincerely,

Passport Privacy

Christ, I've gotten used to M$ software being beta - but even their TOS are beta?? Bastards.

question: is control controlled by its need to control?
answer: yes

All Your Genetic Makeup Are Belong To Us

[StoryMan]

Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account

LOL. I hadn't thought of this excuse.

Look, due to security reasons I must backwards engineer your code. I can't explain it, but it's a part of my private genetic makeup. I'll be glad to supply you with my public genetic key, but, as you know, the private key must stay with me.

I must backwards engineer CSS.

I must hack BlueMatter.

I must attempt to thwart the latest SDMI watermarking scheme.

Rest assured (and this means you, Hilary, and you too, Jack Valenti -- even though, yeah, you're getting up there in years) that if I do not release my version of your encryption schemes, they will be deleted from my hard and from my memory banks. But, as you know, for security reasons, there's no way I can delete them manually. Nor is there any way that you -- Hilary or Jack or you spooks at the NSA -- can compel me to delete them sooner.

I'm sorry, but that's just the way it is. It's for security. You understand. I know you do.

"All your gene makeup are belong to us."

Re:Well...

[DNAGuy]

Anyone who uses unencrypted e-mail for serious private communications doesn't deserve to be exploited but shouldn't be that surprised when they are.

--- Brent Rockwood, Senior Software Developer

why does this not make sense?

[yzquxnet]

"All Your Bits Are Belong To Us"

Tell me I'm not just freaking out...

but, I do have a serious question. Should I be able to own bits that are sent from my machine. I created them (in a sense), and I paid for them (electricty). Should I not be able to own those bits? If I don't own any bits of data, is it okay for others to tamper with bits that I don't own?

But then again, is there any real sense in owning something that doesn't really exist (so to speak).

Re:Why use Passport at all?

[don_carnage]

LOL! Thanks...I needed that! Why trust us? Because we're your friend.


--

Why use Passport at all?

[don_carnage]

I'm sorry if this sounds like a flame, but why would anyone want a website to hold on to all of your passwords? I mean, we all know that it's insecure to submit passwords in open text anyways.

I don't even trust IE to hold on to my /. password! You never know when Bill Gates may want to hi-jack my account and burn my karma away by posting anti-Linux hate speech!
--

Heres how secure passport is.....

[gamorck]

Go to this URL:

http://register.passport.com/global.asa+.htr

This exploits a VERY well known and easily fixable IIS hole on the passport registration site. Check out the source behind this page and you will see exactly what I mean:-) Note this doesnt work well on pure ASP pages because of the presence of the
Its very likely that the passport site is vulnerable to other holes as well - but I'll leave that to you NT Script Kiddies out there dying to get a piece of the Microsoft action.

Now normally I'm one to stay away from the MS Bash Mobile here at Slashdot - but in this case I would suggest that anybody with a brain refrain from using passport for anything you wish to keep even remotely private.

Gamorck

"Equal Oppurtunity Windows/Linux/Macintosh Basher"

Re:Old News

[PolyDwarf]

2) protect and defend the rights or property of Hotmail

Yeah, but when what you post belongs to M$... Begs the question, what are the rights and property of Hotmail, and what rights and property can be construed through other services (for instance, PassPort).
If Hotmail has the "right" to cooperate with other M$ services, and Passport has the "right" to use/copy/rape/etc your data, then Hotmail may not necessarily have the right to use/copy/rape/etc your data, but their partners do, and since they're going to cooperate with their partners...

Re:Why use Passport at all?

[/dev/urandom]

> I'm sorry if this sounds like a flame, but why would anyone want a website to hold on to all of your passwords? I mean, we all know that it's insecure to submit passwords in open text anyways.

"We all know." *WE* do. We, the savvy users of the net know that. But does Joe Blow Internet User know? Nope. The average web surfer doesn't know one wit about security, not even the simplest idea like not giving out your passwords. Hell, these are the people that write their work login on a sticky note and put it on their monitor.

This is exactly how companies like Microsoft, AOL, etc. can get away with their predatory and irresponsible practices. They target the 90% of the computer world that is totally clueless about how to protect themselves and their data. All they see in things like Passport is a very nice, pretty service that makes their life a bit easier. They don't know or think about the (in)security side of it.

And another problem is, this sort of knowledge really only circulates among people like us, who hang out on Slashdot and other techie sites. This kind of information needs to be put in places where the average user will see it, like in PC Magazine and such. I'd say it also needs to be put on the front pages of the main portals (like Yahoo, and so forth). But then again, a lot of those portals are run by companies guilty of these practices, so...

I am sure

[Alien54]

This has probably been submitted dozens of times since the Reg posted it week. Granted that this is probably the most elaborate of the submissions, with lots of supporting links, etc.

Microsoft should probably put in etraordinarily clear armor plated language that this does not license them to theft of corporate secrets, not that this has never stopped them before.

That said, If it wasn't news last week, why is it news now?

(People moan about news items around here being old if they saw it twelve hours ago, but the age on this seems a little extreme)

Heck, it could have made a wonderful story for April Fools day, the one legit story that would have looked like a fake.

Check out the Vinny the Vampire [eplugz.com] comic strip

Unreadable legalese

[Erasmus Darwin]

An article in the Daily Aardvark points out that Netscape users have a hard time reading Passport Q&A.

This raising an interesting issue: What happens if a web browser fails to properly display a disclaimer (or other legal document)? For example, suppose the main site uses javascript to pop up the legalese. Further suppose that I browse the web with javascript disabled. So when I click on the link that says, "Click here to view limitations of the offer", am I able to interpret the lack of any limitations appearing on my screen as a complete lack of any limitations on the offer? What if I do have javascript enabled, but the text isn't displayed (or is displayed blank) due to an error in the web browser's interpretation of javascript?

Privacy? What privacy ...

[WillSeattle]

Look, even the US Supreme Court avoids ruling on whether Americans have a right to privacy, so forget it - you have none on Hotmail.

In Canada, there's the Internet Privacy Act, which became law on 01/01/01, and which means that I, as a dual citizen of the US and Canada, have more rights by virtue of my Canadian citizenship than by my American birthright.

And in the EU they have more rights, but the EU won't sue the US companies that violate their citizens' rights to privacy.

All this shall pass ....

IF we protest, they will change

[erroneus]

This adds fuel to the first of the Microsoft Antitrust appeal doesn't it?

So yeah, let's all talk about it, raise awareness and show what we think of their heavy-handed and likely unlawful approach to being more than commoncarrier service.

I wonder though... if they were to buy a big chunk of the internet, could they do the same thing? "If your traffic passes through our routers, we will sniff it and steal anything we like!"??

These people need to be stopped.

Re:All Your Genetic Makeup Are Belong To Us

[dlkf]

I can just see MS using this more and more in the future.

"Due to security reasons we do not allow nor do we have a feature to delete Microsoft Windows from your system. Rest assured that if you do not access your computer within 12 months your hard drive will automatically be reformatted."

This just in...

[slcdb]

Chinese Prime Minister Jiang Zemin, avid Microsoft enthusiast and regular user of Microsoft Passport, was said to have been greatly angered by the recent uncovering of the oppressive Microsoft Passport license agreement. The official Xinhua news agency quoted him as saying, "All your top-secret spy plane are belong to us."

Re:Old News

[infinite9]

I think everyone should lighten up about this. Remember who we're dealing with? That's like getting mad at the devil for trying to steal your soul. Of course they're going to write the legalese this way. 99.9% of their users never read the terms of service. And they know it. So they write them to their advantage. And they try to include everything, including the kitchen sink if their lawers think there's even a minute chance that something bad could happen to them legally. This is no different from park-at-your-own-risk signs in parking lots. Sure if the attendant keys your car, you'll want to sue. But will that really stop you from parking there? If you're really concerned about all this then do one of these things:

1. Don't use the service

2. Use a service with a more agreeable TOS

3. Encrypt your transmissions

4. Send truly important things fedex or registered mail.

I think a little grown-up thinking is in order.

Irritating

[Keslin]

Mod down my comment if you want, but I think that it's a legitimate concern that this story has such an irritating headline.

The story itself is really interesting, it is well-written, and it has a lot of interesting background information. It is thought-provoking, it provided me with information that actually does happen to be new to me (I missed the first story on this) and it should start some interesting discussion. Then it gets posted with the fifteen thousandth AYBABTU reference in the last week. That totally distracted me from the story itself by sheer irritation level alone.

The whole thing reminds me of the "WHAZZUP!!" commercials. It was funny once. Maybe even twice. Now I can't go into a sushi bar without a bunch of jerks getting drunk on sake and yelling "WASSSABI!!"

The AYBABTU thing is way past old. I almost expect to see it linger on in comments for the next six months, but it really doesn't need to keep coming up in the headlines. Especially not in the headlines of stories that are otherwise really interesting. That just makes it more irritating.

-Keslin [keslin.com], the naked nerd girl