MSDN Subscriber Forced to use Passport

alandd writes "As a Microsoft Developer Network (MSDN) member, I just recieved the email below notifying me in order to get special developer downloads, I will have to have a Microsoft Passport account. Passport stores all your private info to share with one click among other sites. Past articles have mentioned some since removed draconian terms of use and there have also been reports of security breaches in the past. Now MS is requiring the technically savy to sign up. I don't want to but my job requirements and MS give me no choice!" No your honor we're not a monopoly. We just use our market share to force people to adopt each of our new products. Click on to read the email

Dear MSDN subscriber,

MSDN® Subscriptions is pleased to announce that the MSDN Subscriber Download Web site at http://msdn.microsoft.com/subscriptions/resources/ subdwnld.asp will soon be upgrading its logon authentication technology to Microsoft® Passport.

Microsoft Passport provides personal authentication services that make it easier for you to navigate between Web sites, and makes it faster and more secure for you to make purchases online.

Beginning in late June, the MSDN Subscriber Download Web site will prompt you to sign up for your personal Passport and associate your current subscriber record to this Passport. After signing up, access to MSDN Subscriber Downloads will be easier, faster, and more secure.

For complete details, and to sign up now for your free Microsoft Passport, please visit http://www.passport.com.

Sincerely,

The MSDN Subscriptions Team

http://msdn.microsoft.com/subscriptions

CT: So, if you want to write code under windows, you must use Passport. Or not use MSDN. And lets face it, if you develop under windows, you must buy MSs tools, and you sure can't use those tools without their docs. Times like this I just sorta throw my hands up in the air and say wow. How long before MSNBC requires it? Windows? IE? Your Visa company works with Microsoft Money, so you can bet that sooner or later, you'll need passport to balance your checkbook and credit cards. Paranoid delusion? Of course not. Windows XP will link my complaints to all sorts of helpful sources of information on medication that can be used to calm my delusions, or the numerous sites that exist to mock me or slashdot, thus undermining my credibility and making me seem like a crazy man to any onlooker.

Ok, I'm obviously exagerating. But you still gotta be a little wary.

If it's for your JOB use JOB info.

[Anonymous Coward]

Passport stores all your private info to share with one click among other sites. I don't want to but my job requirements and MS give me no choice!

So use your JOB info. What is there to 'compromise'? e.g., all software here is registered to "Software Development", company name, company address, company tel#, company email.

Why do you care that MS wants your non personal info?

No no no

[Shaheen]

Hold on. CT sez: "So, if you want to write code under windows, you must use Passport. Or not use MSDN". That is blatant FUD. No one in the world is stopping you from using MSDN Online [microsoft.com]. In fact, most of the information ever used by developers is on that site absolutely, 100% free.

No one is stopping you from obtaining a subscription [microsoft.com] to MSDN. This gets MAILED RIGHT TO YOUR DOOR.

The ONLY thing the above is saying is "If you want to download some stuff that we've only made available on the web, you gotta get a Passport". This is like saying "If you want to use Hotmail, you gotta get a Passport".

Does this mean you have to have everything from your Mother's maiden name to your pet's favorite food in there? NO.

I'm an intern for MS, but I'm not trolling here. And since I'm an intern, I barely have an impact on my own group let alone MSDN.

So?

[Wakko Warner]

Just make a cypherpunk/cypherpunk login. I doubt anyone at microsoft would `get it' anyway.

--

Re: i feel your pain

[tzanger]

we're 100% MS here, and getting more so all the time,

Hmmm, sounds like you were taught the Intel Pentium-style mathematics. Do you go crazy when people say f00f too? :-)

Re:I swear I read about this somewhere else alread

[Luyseyal]

Heh, that's funny since I just heard for the first time last night the version of Madonna's "Justify My Love" where she is reading from Revelations throughout the song.

What're you gonna do?

-l

That's bad too

[Pseudonymus Bosch]

Didn't some security or usability expert tell you that forcing multiple hard-to-remember passphrases leads to people storing them off-head insecurely?

It's a compromise. What's riskier: your one passphrase being guessed or your passphrase storage being hacked.
__

Re:So?

[unitron]

"Maybe someday we will only need one piece of ID that we get at birth."

That'll be the one they tattoo on our foreheads, right?

Re:An analogy

[unitron]

So all this time Microsoft has been giving us the finger? That would explain a lot.

Re:-1, Flamebait

[unitron]

"..."MS Developer" and "technically savvy" are no longer mutually exclusive..."

Were they ever? I thought the problem was that getting stuff to work with MS stuff was so difficult that it required a lot of technical expertise.

Re:no it's called digital angel

[unitron]

My original post was a joking reference to "the mark of the beast" or whatever that phrase is from the Book of Revelations (may not be exactly correct title). Yours, however, is just a little too close to real possibility for laughs.

Err

[Ian Schmidt]

Actually GNU tools for Win32 development are becoming increasingly popular, what with VC++ being $300. The Win32 version of MAME is now built with MinGW32, and when a project that big makes the jump a lot of others probably won't be far behind.

Need cypherpunk coordination? Cookies?

[leonbrooks]

Why do you care that MS wants your non personal info?

Well... they'll track your useage anyhow, and also know that your company exists. Moot point for MSDN anyway, but Passport links up with lots of other things. Who knows what else it will do in five years?

Microsoft aren't reknowned for letting invasive ideas languish, and caving in at any point is useless. You don't pacify a crocodile by tossing it steaks.

How aboute a website somewhere listing logins?

cypherpunk/cypherpunk

cyph3rpunk/cyph3rpunk

bigbrother1984/blinkandyoudie

msownsme/h34rt&s0u1

One still needs cookie control. On Linux, that's easy, redirect web traffic to a local proxy that strips cookies, both in headers and in URL. What about on work machines etc?

Microsoft want to take your freedom and replace it with multiple choice. In particular:

[Microsoft] [Microsoft] [Microsoft] [Microsoft] [AllOfTheAbove]

Easy answer

[unicorn]

Because those are free resources.

MSDN Subscriber downloads, are not. They are something that is a SUBSCRIPTION, that you pay for.

Lets call 'em

[Yohahn]

How many of us can we get to call their tech support asking how to get a login id that "dosen't use that insercure passport site".

It wouldn't get us anywhere, but it would be funny and annoying to microsoft!

Re:It's either forced compliance or forced lying

[SurfsUp]

"Nothing really insightful here, but I personally hate to lie"

Yeah I did too. But after going through alot of registations on the internet, I got used to it.

I never did, I just just didn't have anything to do with those companies/sites that tried to force me to do such things, and it never hurt me a bit. Oh, but you do have to quit programming for windows to do that, that's a choice each programmer has to make for themselves.

So there are your options: descend to Microsoft's level by taking part in the lie, or quit and do something else. Fortunately, that something else is quite a lot of fun, never mind the morally correct part. ;-)
--

passport = hotmail account

[jonbrewer]

My Microsoft Passport Profile:

First Name: Gail
Last Name: Wynand
Country/Region: United States
State: Kansas
Zip Code: 66044
Time Zone: Central Time
Gender: Male
Birthday: January 1 1978
Occupation: Computer related (Internet)

Does anyone want to guess how much of this is true?

And now does anyone want to tell me WTF the big deal is about? Who cares if they require a Passport Profile in order to download stuff? There's nobody standing over your shoulder when you fill in the profile.

Re:It's either forced compliance or forced lying

[HiThere]

ok. If they force you to. Otherwise I'd prefer to use 2001 (i.e., 02001) as my zip. The problem is, you may need to remember all this garbage to recover from a disk crash. The truth is easier to remember, but it is quite excessively intrusive for them to ask it of you.

Caution: Now approaching the (technological) singularity.

Re:$300 dollars isn't that much

[HiThere]

You also forgot to calculate in the various taxes. It ends up being considerably more than you end up with in a week.

Caution: Now approaching the (technological) singularity.

Re:What's the fuss?

[sharkey]

Actually, the tattoo doesn't go on your forehead. It's just some little blue numbers tattoed on your wrist. The numbers are used to ID you upon entry into the showers, the ovens, the surgery, etc.

--

Suggestion

[sharkey]

Use this info:

Name : C. Montgomery Burns
Address: 666 Mammon Lane, Springfield, USA
Phone: KL5-3226
Company: Springfield Nuclear Power Plant

--

Re:Uhm, guys,

[dillon_rinker]

And for the email address...why not use a Hotmail (tm) account?

BTW, does anyone else remember getting a sinking feeling back when MS acquired Hotmail?

So register as foobarbazquux@hotmail.com

[Mike A.]

And give your "real name" as Heywood Jablomi, and make up some random ZIP code (20036 is in the Washington, DC area, 98052 is in the Redmond area, pick whichever one you're not - or claim that you're from Malta or something). Just remember what Passport name you created, that's all.

--

Re:Frightening thought

[Mike A.]

That's incorrect. Microsoft "encourages" OEMs to offer restore disks instead of a full copy of the OS.

--

Some logic....

[mindstrm]

Well, if I think about this..
To get an MSDN subscription, you *have* to tell microsoft all this stuff about you anyway, so they already know it, right? You can't just get MSDN anonymously.
And they want you to authenticate with them when you sign in, right?
What's wrong with doing so with passport? You don't *have* to use it for anything else if you don't want to.

Credit Info.

[mindstrm]

I checked; it says on my credit card that the credit card is the property of the issuer. That means it doesn't belong to me.
The accompanying contract I received when I was sent the card said that my only responsibility was to report to them if the CARD was stolen, or any fraudulent charges, and they would be refunded.
I have done so in the past with no problems.

So really, I don't *care* if some site is compromised and they steal the banks credit card... all I am inconvenienced by is one phone call to tell them my card has been compromised, and to send me a new one. IT's the banks' problem, not mine.
People should quit spreading the myth that credit card info is somehow your personal asset... it's not. This is not on the same level as somsone stealing your cash.

And you've *already* given the MS people your info, how else did you get an MSDN subscription in the first place?

Well.

[mindstrm]

They can technically hold me liable for $50 of any charges incurred in between the time my card is physically stolen, and when I tell them about it. And most, as you say, don't even bother anyway.

You do have one point; if you rely on your credit card for your date at the restaurant, this can be an inconvenience. That's one reason for carrying two cards I guess.

Also, if you find your credit company is not extremely easy to deal with on the phone, low hold times, polite and prompt answers to your questions, then cancel it and get a new one. YOU are their customer, and they know it.

Also.. why do I have to give passport my credit card number? I don't.

Re:$300 dollars isn't that much

[YoJ]

It's a lot when you're a teenager that's bored in high school that's trying to program a cool new game. I remember mowing lawns to get the $150 (or whatever) to buy Borland C++ 3.1 (I still use it).

Re:So don't use Windows.

[Katravax]

I use non-Microsoft tools to do Windows development. But this is MSDN. It's the documentation. How do you get around that? Even though the writer only mentioned it's for the subscriber downloads, you know it's coming for the regular library too. That's what's driving me crazy. I hate to lie. I also hate to give my personal information to someone that doesn't need it. What choice do they leave? I have to either comprimise my ethics or compromise my personal information. Using Mingw and Borland still don't get me the correct API docs.

It's either forced compliance or forced lying

[Katravax]

Nothing really insightful here, but I personally hate to lie. I think one of the problems with what we've become is that too many are willing to lie at the drop of a hat. But now MS narrows my choices to two I don't like: register with my real information, or lie.

I despise click-throughs that give me the choice to "register now" or "register later". I have to lie because there is no "don't register" choice. I have to agree to license agreements where part is written in a language I don't speak. When I click "Agree", it's another lie. How can I agree to what I don't understand. Some writer wrote an excellent column on that, but I don't remember who.

I'm a Windows programmer for a living and I use MSDN. But I will not create a real Passport account. Again, I will lie, as much as I hate it. The only choices they give are unpalatable. Even worse than their monopoloy, even worse than their licenses, they make you comply, lie, or do without. When they're the only source of Win32 documentation, what's the choice going to be? I hate it.

MSDN

[delmoi]

you develop under windows, you must buy MSs tools, and you sure can't use those tools without their docs.

All of the docs are up on the web [microsoft.com], and you don't need to pay to access it either, MSDN is mostly 'extras' that you don't really need, but that do come in handy (new versions of OSs, new API toolkits, SDKs, etc)

Hotmail

[delmoi]

Hey, give them a hotmail email address

If you have a hotmail account, you already have a passport account.

Dance with the Devil...

[gmhowell]

And you are bound to get burned.

The reason IMHO

[CharlieG]

Ok folks,
This is for the MSDN Universal Subscription DOWNLOAD site. For those of you who are NOT in the Microsoft developer world, the MSDN Universal subscription site allows you to download EVERY non game product Microsoft sell, with NO fee beyond your subscription

The problem was/is the site is a simple ID/Password setup. What's to prevent you from using it at home/giving it to a friend, etc? Not much

When you setup passport, your ONLY going to get in with that Passport PC (or maybe at home) - You sure as heck aren't going to give the info out on the net

It's a pure "If you want it, BUY it" move. The MSDN Univeral Subscription is a GREAT buy (at least compared to "Other" Microsoft prices), so they don't want it shared. That $2000 subscription is cheap compared to the individual prices. Think what a copy of W2K Enterprise, SQL2K Enterprise, and a full copy of Visual Studio cost "retail" and then look at that 2K Price again

Completetly missing the big picture of Passport

[TheInternet]

Most of the comments that have been modded up have been of the "relax, it's no big deal" variety. This is completely wrong. The issue isn't that this one guy is forced to use Passport. It's a sign of things to come -- sneaking this in under the radar of unsuspecting citizens. I think it's safe to assume Microsoft is going to end up requiring everyone to use Passport in order to use services like Hotmail.

By doing this, they are going to artificially grow their user base by leveraging the web monopoly, which was leveraged from their browser monopoly, which was leveraged by their OS monopoly. This is illegal, because it prevents new entries into the market. It reduces choice and increases the amount of control that a single corporate entity has over the population.

Technology is so complicated that the general populous has no idea what they're doing. Things like this don't get nearly as much attention as political activity but the reprocussions will eventually have just as much impact on our lives. Once the user base gets large enough, they are going to claim the largest membership numbers for this type of service, and will convince other corporations that they have to get on board to survive. It's a perpetual cycle until someone slaps their ass down.

All of this is concerning because it's obvious that Microsoft has no self-control in terms of how far they will go to establish things like HailStorm and Passport. They don't want to bother with whether consumers actually want these services. It's easier to just sign a bunch of deals and use various other corporations to do the enforcement. Some people claim that Passport is a natural way to log into various Microsoft services, and therefore shouldn't be questioned. Trojan horse, folks! Microsoft wants other sites to adopt Passport [passport.com] . Do you think they're give a damn when an ActiveX control is required to log in?

The most important issue here is one of scale. All of this behavior wouldn't be nearly as big of a deal if Microsoft wasn't already a hulking juggernaut. Implementing a prioprietary authentication service isn't dangerous if your company isn't that big. It's up to the market to decide if it's worthy to be adopted. But when you're as big as Microsoft you can force standards on people whether they want them or not.

- Scott
--
Scott Stevenson
WildTofu [wildtofu.com]

Re:passport = hotmail account

[gorilla]

If you're from Kansas, couldn't you be Dorothy Gale?

Re:Ahh MS, Always Thinking About Their Customers.

[throx]

I just hate the fact I have to use THEIR download program and can't use my own download manager (which is a hell of a lot better).

Re:Grow up Taco

[throx]

If you are gonna bitch at Microsoft for spreading FUD then you are a hypocrite if you don't bitch at Taco for spreading FUD.

Grow up Taco

[throx]

Taco, in your anti-MS frenzy could you at least get some of the facts straight?

i) You don't need Passport to get MSDN, or develop for Windows. MSDN subscriptions are delivered to your door (or office) and you use them from there. There is no reason to access the downloads unless you NEED the latest and greatest betas right now.

ii) If you've signed up for MSDN, and signed up online for the downloads then you've already given Microsoft all the information you need to create a passport account anyhow - where's the issue here?

iii) You can create separate passport accounts for home and work. Only give work info (which is all you should do with an MSDN subscription anyhow) to Passport for the downloads.

Now I know that these three things probably got lost in the rabid frothing and knee jerking, but at least you should consider them sometimes, please?

Microsoft does bad things at times, but just because Microsoft does something doesn't AUTOMATICALLY make it bad. You've been given a brain - use it.

Editorial committee

[wiredog]

I dunno, the King James Version has some of the best poetry in the English Language, proof that not everything written by committee is bad. Comparing windows to it is a tad insulting.

Prior art

[xixax]

But does this count as prior art?

The way Windows is put together, you'd swear it was the same editorial committee...

Xix.

Just maybe....

[BluSkreen]

MS will remember to renew the passport.com domain next time it's up for renewal.........

Dave

Re:You got it all wrong

[Tackhead]

> hey I don't feel like remembering 20 passwords. I mean I have accounts with Slashdot, Linux.com, MSDN, and many others, do you really think I'm going to remember all those passwords? Hell no

...root password on my home box, root password at work, guest password on the CD-burning machine by the secretary's desk, MSDN subscription password, why the hell should I use different passwords? It's too hard to remember more than one password. I even have a hard time remembering my one password that I use for everything! Maybe I'll just write it on a slip of paper and stick it by my monitor so I can remember.

You, sir, are either an AOLuser or a Micros~1 intern being paid to FUD here, and I claim my 50 quatloos bounty.

Either that, or I'm too old for this modern world of .NET. When I was growing up, I distinctly remember everyone I've ever respected in the field of computer security - from my high school "computer programming" teacher who let me h4x0r the school assignments assembly, to the BOFH at university who let me run "crack" distributed-style on the school's shiny new Sun workstations because I was nice enough to ask him first, to my cow orkers, all saying "Never use the same password for more than one system, because if one system is compromised, the other ones will be too".

So don't use Windows.

[ikekrull]

This technique works great for me.

Also, you don't need MS's development tools to do Windows development.

You can use the (free) Cygwin/MinGW32 or Borland C/C++ compilers if you like.

You can use any of a plethora of non-MS languages, like Java, Perl, Python, Delphi and lots of others.

QT, GTK, wxWindows are all good, cross-platform toolkits for Windows, your comment about needing Windows development tools to develop on Windows is plain wrong.

I'm not denying that MS tools are the most widely used and convenient tools to use for M$ development in an M$-only environment, but to say you have no alternative is just plain wrong.

What youre complaining about is the fact that your employer requires you to use M$ tools.

So get your employer to get a single Passport and then all developers at your company use it. When you perform work for your company, you represent that company, not yourself personally.

M$ is free to use any authentication scheme it likes with it's web services.

Its not news that M$ is a giant corporate entity that abuses its monopoly power to screw the consumer and lock them in so it can keep screwing them, but you have, and always have had the choice not to use their products.

Why is MSDN using MS authentication service bad?

[stefanlasiewski]

in order to get special developer downloads, I will have to have a Microsoft Passport account.

Maybe I'm missing something, and I'll get flamed to hell about this. Why is this a shocking or bad thing?

Before, in order to get special developer downloads, you needed an account with some other Microsoft Authentication service, right?

With this announcement, you need an account with some new Microsoft Authentication service.

Why is a Passport account so much more horrible then the old-style MS Authentication service?

MSDN is a division of Microsoft. It's pretty expected that a large company like MS would want to use a centralized authentication service. It's not like MS is using some strongarm tactics to muscle some non-MS business to use the Passport service (At least, not in the MSDN example).

Re:Uh, what again is the problem?

[MikeBabcock]

I only ever use my work address and telephone number for online subscriptions like Intel, MSDN, etc.

I do sympathise with those who can't hide behind a corporate environment and secretary ...

-1, Flamebait

[VFVTHUNTER]

As a Microsoft Developer Network (MSDN) member...Now MS is requiring the technically savy to sign up.

I know /. has been down due to a router problem recently, so I guess I missed the article where it was decided that "MS Developer" and "technically savvy" are no longer mutually exclusive terms ;-)

Re:What personal info?

[LRJ]

You give up more personal info buying something at radio shack

If you answer their questions. I just tell them I'm homeless and hand them my cash - haven't been refused a sale yet.

Re:Taco's a bit paranoid...

[selectspec]

no shit. RedHat Network has the same thing.

I don't blame Microsoft …

[gig]

... I blame the huge numbers of people who just continue and continue to be Microsoft's bitch and then whine about it afterward. If you build your business and/or career around Microsoft, if you rely on them at all for anything, then be prepared to shut up, bend over, and take it like a man from time to time. That is the price of admission to their market, and everybody knows it. Microsoft's business model is not a secret. There is a line of people from Washington state to Washington, D.C. with sore assholes, surprised looks on their faces, and a sob story to tell about being former partners of Microsoft, and I don't pity them one bit.

Microsoft did the bully work to clear vast tracts of Cyberspace of troublesome natives and trees, and if you want to build there, you can't reasonably complain when Microsoft puts Bill Gates, Steve Ballmer, etc. on the currency. Either get your Passport account or stop sharecropping with Microsoft. There isn't a single thing that you can do with a Microsoft computer that you can't do better with a competing product, whether it's a Sun server, an Apple desktop, or Linux or BSD on just about any hardware. All Microsoft can offer you is their big bland market. If you want that, then fine, but don't kid yourself that you get to keep your soul.

Re:I swear I read about this somewhere else alread

[mattr]

Whoa. A lot of people think the same thing!
<P>
Try <a href= "http://www.google.com/search?hl=en&safe=off&a mp;q=Revelations+13%3A17+buy+Microsoft">searchi ng</a> on
Google for 13:17 and Microsoft!
<P>
I like <a href="http://www.river.org/~buttrfly/vp54.html"&gt ;this</a> quote the best, "One could say that MICROSOFT products are for people
who cannot make moral decisions."
<P>
And <a href="http://hometown.aol.com/discipledave/book/Be ast.html">this</a> page is over the top but talks
about how an implanted chip will be sold to the
masses by describing how much freedom they will have
to make purchases anywhere with unlimited credit.. If an MS Passport chip comes out call me and I'll scream.

No alternative for device drivers

[flatrock]

If you're writing applications, 3rd party tools likely work great. If you're doing Windows driver development you've got to use Visual C++. I heard of people trying to use non MS compilers for drives a while ago, but don't think they were very successful. Maybe things have changed since then. I just figured the price of Visual C++ was worth not having to deal with trying to get it to work with something else. Developing drivers is screwey enough without adding using different tools than everyone else is using. Compilers have bugs, and if you're driver is really acting screwy, you'd like ask other people if they are having the same kinds of problems. To do that it helps if you are using the same tools.

You don't need to login to the subscriber site

[flatrock]

I just want to clarify that you don't need to log into the Subsrciber site, just the Subscriber Downloads site. I just verified this by looking around the MSDN site on a computer I just loaded yesterday. That way I was sure there weren't any cookies floating around from my previous visits allowing me to reach places other couldn't. I could look up info in the documentation, and even look at what software is in the latest MSDN shipment. What I can't do is download software from the subscriber downloads. The subscriber downloads is where I can go if I want to download an entire copy of Windows 2000 Professional. If you're a member of MSDN, they send you the stuff that's on the subscriber downloads on a CD or DVD. The subscriber downloads is a convience in case you need it before you get the CD, or you lose that CD among the hundreds they've sent you. I have only very rarely used the subscriber downloads myself.

As another note. You used to have to log into the MSDN site and fill out a little questionaire just to access the documentation. In this respect Microsoft has gotten better at respecting thier customer's privacy.

This insn't the MSDN docs, you can get those

[flatrock]

THIS IS NOT THE MSDN DOCUMENTATION! IT'S THE MSDN DOWNLOADS! Sorry to shout, but I get irritated with all the FUD that gets spread on Slashdot about issues like this. I realize it's unintentional, I sincerely doubt that Taco has a MSDN subscription, so he doesn't know that the Downloads page is a seperat thing. The Downloads page is where you can get the latest updates and patches to MS products, before you get the CD in the mail. MSDN sends out quarterly CDs with all the updted documentation, and any new software that you receive under the MSDN level you signed up for (and are paying for). You also get interm shipments, often on a monthly basis, of software that MS ships between quarterly releases.

As for developing with Non-MS tools, I'm sure it works great for applications, but if you're developing device drivers, you pretty much have to use Visual C++. I've heard of people trying to use other compilers, but I haven't heard anyone say they've had a lot of success.

Let's stamp passport out of existence

[Ukab the Great]

When it comes to microsoft customs, the only the we have to declare is that linux will kick their sorry ass.

Microsoft Interns spoke before thinking

[BierGuzzl]

I'm a little surprised at the showing of microsoft interns this time around... very quick to defend the legitimacy of passport and the requirement for MSDN online users to have one.

What's happening is that "special access" is being grated to those people who sign up for passport. On the surface, this is entirely harmless, even a mutually beneficial idea. This is not a "anti-microsoft" rant, but an issue of forced privacy violation. You could choose to not sign up, and choose to miss out on developer info, so in that sense it is voluntary. But don't bet your boss is going to take it so lightly when you explain to him why you weren't able to access MSDN online. The information age has brought with it many creative ways of collecting and extorting personal and private information from private citizens for the benefit of the corporate world.

You're right.

[BierGuzzl]

one: A default passport contains nothing but name and login name. There's huge scale for privacy voilation there.

They'll need more info than that to ensure that "people who did not pay cannot get access" see point "two" below...

two: They sell access to the MSDN downloads discussed. Somehow, access to these downloads must be authenticated so that people who did not pay cannot get access. Passport does authentication as is required here. Using their own system for authentication is entirely reasonable, makes sense, is easy for all involved.

The system being used violates the privacy of those who use it. If an individual who uses Passport for authentication elsewhere now uses it for authentication to MSDN online, Passport can develop a profile, similar to one that doubleclick's network is able to comprise through banners on multiple websites.

Some people pointing this out _are_ MS employees, some are simply more intelligent and more rational than the majority of the idiots posting to this story. Taco started the rot: but no-one actually expected reasoned discussion from him, his command of the language can easily be demonstrated to be patchy at best. What's your excuse?

English is my third language. In spite of this, my mediocre mastery of the language has not caused me to engage in personal attacks on anyone, nor generalized character assasinations.

Re:You're right.

[BierGuzzl]

Why would they need more info from Passport? How simple do you think it is for them to keep a database mapping paid subscriptions to passport IDs on their own servers (not Passport's)? Why must this information come from Passport, when it's clearly site-specific? Come on, man, think these things through!

My point precisely. You need more than just a login and a password. You need, at the very least, the database of paid subscriptions, which can reasonably be expected to contain names, addesses, perhaps even payment information.

Re:You're right.

[BierGuzzl]

It's unfortunate that I should have to look at creating fraudulent accounts as a means of protecting my privacy.

Re:In the words of Hal Hoffenkamp: Uhh.. no.

[radish]

FACT : They own the information.
FACT : They can choose whether or not to share it with you.
FACT : If they choose to place conditions on any sharing which may take place, you can either accept the conditions of p*** off.

If microsoft decided that only people who sent in a photo of themselves covered in lowfat mayo were allowed access to the MSDN site, that's totally within their rights. Sure, I wouldn't want to be working in their mailroom, but it's totally their right.

What's the fuss?

[Mendax Veritas]

Yeah, I didn't want to sign up with Big Brother's Universal ID system either. I never liked tattoos, especially on the forehead. At first, I hated it. But then I started discovering all the wonderful things it let me do. Whole new vistas opened up before me. Now I don't have to carry a wallet anymore. Whenever I need to prove my identity, or charge something to any of my credit cards or debit accounts, I just do the old Kung-Fu thing and slam my forehead down on the sensor. The first time I did that, I got a little carried away and actually broke the poor thing. Gave myself quite a headache too. So now I take it a little easier. Yeah, I know in theory every fact about my life, including my current GPS position, is on file on a server up in Washington State, but I've gotten used to it. Life is just so much easier now that I've got The Mark.

Don't worry. You may not like the idea now, but you'll be one of Us soon.

FUD me harder /.

[Carnage4Life]

Microsoft is simply doing what most companies that own several online properties have been flamed for not doing earlier. Why should I have several logins to a service run by the same company? (The original poster failed to mention that you already need a login to the MSDN subscriber site, the only new thing is that the login now goes through passport).

I don't remember references to World Domination (TM) and Revelations when AOL required me to get an AIM user ID once they purchased Netscape. I also know lots of people who complain about the fact that ICQ and AIM don't interoperate even though they by the same company. Quite frankly, the less logins I need to maintain especially to websites owned by the same company, the better. Does CmdrTaco also complain about the fact that Yahoo Mail, Yahoo Finances, Yahoo Groups (formerly eGroups) and Geocities use the same ID?

This is probably one of the bigger non-issues picked up by Slashdot in recent history. This of course, makes more serious allegations become overlooked when there actually is something to complain about.

--

Not forced to use passport?

[Michael Woodhams]

"Beginning in late June, the MSDN Subscriber Download Web site will prompt you to sign up for your personal Passport and associate your current subscriber record to this Passport. After signing up, access to MSDN Subscriber Downloads will be easier, faster, and more secure."

It looks to me like you can keep using the old method if you wish to forgo the supposed benefits of the 'passport'. At least it is ambiguous enough to check out before getting upset.

Re:FUD me harder /.

[Catbeller]

Microsoft is simply doing what most companies that own several online properties have been flamed for not doing earlier.

It's quite simple. AOL, Yahoo, and all the others are not monopolies. Microsoft is.

Re:It's either forced compliance or forced lying

[malfunct]

The passport need only be linked to your developer account. You DO NOT need to supply any ID for the passport except (if I understand right) country, zip, age, and gender. It also does not have to be the same passport that you use for personal web use.

PASSPORT IS JUST A SECURE ID NUMBER THAT MS CAN TRACK YOU BY.

This given, fill out the passport page with the EXACT SAME info that is in your MSDN subscription. Now the Passport ID will match the MSDN subscription. You will be 100% compliant and not have given any personal info that you hadn't already given.

Basically MS wants to have a single infrastrutcture for indentification. That does not mean they need a single ID for each user. It is so much easier if every single site that MS owns can have its data stored in the same way and identified in the same way.

Basically this is a privacy non-issue because you have already given MS the info for the MSDN subscription and that is ALL that needs to be transfered to the passport. Bam now 2 ids say the same thing. Eventually MS will discontinue the MSDN subscription id and the passport will be all that points to that MSDN account. Quit spreading fud and start looking to understand what is necessary.

Also quit bringing up the whole lieing issue because its fully unecessary to lie in this situation.

Main remember that its not 1 passport per person or 1 person per passport. Its just an id number like the one you used originally.

but there's a problem

[small_dick]

the problem with coding to the MS platform for 'money today' is that ... once MS has destroyed the alternatives, they will absolutely start going after the VAR/ISV money.

Any VAR/ISV that codes for income today on MS is taking big chances on their financial future.

Linux/GPL might have a certain amount of headaches to deal with, but Netscape and Oracle both had closed source code at one point and were able to deal with GPL issues.

Linux may not seem like a big money maker today, but I believe it will be an incredible tool for VAR/ISVs down the road ... without the monopolistic threats of MS.

The customer can install the base system on as many machines as desired without threatening letters from the MS licensing department -- making things so much easier for the VAR/ISV.

No more upgrade hassles! It's free.


Treatment, not tyranny. End the drug war and free our American POWs.

Not true

[Otis_INF]

Please, answer me: What's the difference between a) giving information (and I mean: a lot of info, ever registered an MSDN universal or professional subscription? that's what THIS is all about!) and registering your online ID at the MSDN server or b) giving informatoin about your subscription to Microsoft and register your online ID at the Passport server?

There is no 'forcing', it's just that they switch over to another authentication system. I won't comment on yuor last paragraph since that makes totally NO sence at all
--

Erm.. you don't get it, do you?

[Otis_INF]

MSDN subscribers have to login to get to the download section. So you have to store your credentials, online ID etc. at a Microsoft server. Now they want to change that to their own Passport service, which does.... exactly the same: store credentials like online ID etc.

What's the big f*cking deal? Both are Microsoft servers, both do the same thing. And before anyone is crying along, people who want to customize their MSDN site, already HAVE TO register with passport since last year.

Anyway, it's for access to microsoft software, to download that software. Hmmm... Sounds like an interesting topic for an open source developer, not?
--

So you lied to your creditcard company too?

[Otis_INF]

Ever wondered why creditcard companies give out cards without asking for massive amounts of cash on your bankaccounts?

Exactly: they track whatever you do with the card. Build databases with it, run OLAP queries on it. But you did know that, didn't you? So when you wanted a creditcard, you lied with bogus information so they couldn't use the info they gathered from your usage of the card. Oh wait, then you can't succesfully USE the card.

I don't get it when you complain about the passport account you have to create, when you get the MSDN cd's mailed to your doorstep and had to pay for these cd's with probably that creditcard mentioned above. What do you think will happen when you give out REAL information? Will they kill your family ? torture you to give them your creditcard? No. Just less than what happens when you purchase something with your creditcard at wallmart.

Think about it.
--

Re:Look at it without the anti-microsoft glasses

[joto]

Well, even easier is to use a random combination of letters (in upper and lower case), numbers and punctuation. As you're supposed to do for passwords... So, just choose one of your old passwords (that you still remember), and use that as your username.

Uhm, guys,

[jailbrekr2]

I don't mean to state the obvious here, but just because they request personal information, does not mean you have to be HONEST with your personal information.

Only fill out what is absolutely critical (like an email address). Be creative with the rest. I'm sure if enough do this, it'll totally screw up the statistical data they are compiling.

I don't see the panic here...

[tcc]

First, MSDN subscribers are... Subscribers, so somewhere there has to be information about WHO'S subscribed and etc etc.

Second, not that I'll protect microsoft, but I'll surely won't protect over-reaction as well, they are a buisness, how many pirate copies of MSDN and especially how many of you people that didn't pay zit ever got hold of a FTP password to get the latest winXX build? That's blattant piracy, bandwidth chocking and let's face it, evil. Some will argue that being evil with E-vil is good, I won't get into that argument, but if linux would be on top of the food chain and do the same thing, I'm sure most of the people whining here would put the same energy saying how good it is and how good it is to use the technology developped, not just let it sit somewhere.

Microsoft has it's flaw, heck credit cards and banks had their, I remember when people could mass-order stuff from mail-order catalogues and never get caught, that was WAY worse than my info being shared to x and y... because most of the credit card companies wouldn't take the cash hit and the buyer was left screwed. I'd take my personnal info being shared any day over being frauded (yeah I know, my info being shared could POTENTIALLY lead to me being frauded too... but still, weight the balance to some extent).

Now by identifying every users, I'm sure the downloads won't be overcrowded like I recall when win2000 was beta. Plus, I didn't read the passport rules, but I'm sure you can create a 'corporate' (create a msdn@company.com) email account for your company and if you don't want YOUR info being spread out.

I hope you live in the US

[Salsaman]

According to the Register only the Passport terms for US citizens were changed to be less draconian. [theregister.co.uk]

For users outside of the US, Microsoft still owns all your data sent through Passport. [theregister.co.uk]

Re:It's either forced compliance or forced lying

[Frank T. Lofaro Jr.]

If you are goind to do this, make the Zip code agree with the state. 10101 is a NY zip, not Nevada. 89101 would be a good choice if you want to use Nevada. 63101 for Missouri, etc. A computer CAN catch impossible zip code/state combinations trivially.

Re:Passport billed my credit card

[Frank T. Lofaro Jr.]

If they billed your card without authorization (be careful, you may have "agreed" to be resubscribed) do a charge back with the credit card company.

(Credit card companies HATE shady merchants.)

Re:If it's for your JOB use JOB info.

[blirp]

So use your JOB info. What is there to 'compromise'?
...
Why do you care that MS wants your non personal info?

The problem is that Passport will collect your surfing habbits, no matter what "non personal info" you give them. At some point, you will give some real info to a site you didn't think was associated with Passport, and boom.
So you need very good control over your cookies. Usually, they are associated with the user (on the client machine). Meaning you have to use a different local account to surf Passport-sites (or at least MSDN), or a different browser. The latter is probably the easiest as Microsoft's sites usually "works best with IE", and nobody uses IE for real surfing, right? :*)

M.

Or use lcc-win32

[revbob]

If you'd prefer an IDE (resource editor, nice debugger), try lcc-win32 [virginia.edu].

Yes, I know it's only a C compiler, but you'd be surprised how coding in the Win32API instead of MFC can speed up and un-bloat your code.

The only contact with MS you really need is to download the PSDK, which so far has been free and anonymous, and even then the PSDK is just nice to have, not essential.

Passport randomizer service

[bigbadbuccidaddy]

The real problem isn't that MS will get your personal data when you sign up - you can just make up stuff. The problem is that they will be able to associate all your logins to all the Passport-enabled sites to track you. All they have to do is get one real piece of data from you, e.g. a real email address, and you've given them the ability to track many things about you and what you're doing. What we all really need is a Passport randomizer service, so that any two logins you make to Passport-enabled services are never for the same identity. Imagine a Passport client that creates identities and always has a new one ready to use. This has the added benefit of filling up their disk with logins that will only be used once. If a hotmail account is automatically created by passport, that's even better - the client can post the email address to a few key places and fill the account up with SPAM. Distributed SPAM from around the net, filling up hotmail disks and keeping the bogus accounts active. If enough people used this hypothetical client, it would render Passport useless, or force Microsoft to waste a ton of money trying to scale it on pathetic Wintel hardware.

Dear future mindslave

[neuromortis]

Dear future mindslave,

MSDN® Subscriptions is pleased to announce that the MSDN Subscriber Download Web site at http://msdn.microsoft.com:666/subscriptions/resour ces/papers/help/assport/isnt/this/a/really/conveni ent/snappy/and/easy-to-memorize/url?subdwnld.asp will soon be downgrading its logon authentication technology to Microsoft® Assport.

Microsoft Assport provides personal authentication services that make it easier for us to track your every move, and makes it faster and more secure for you to sell your pathetic little soul into our custody.

Beginning in late June, the MSDN Subscriber Download Web site will prompt you to sign up for your personal Assport with a friendly little 110v electric shock through your keyboard and associate your current subscriber record, social security number, credit card number, favorite web sites, and embarassing personal habits to this Assport. After signing up, access to your personal information will be easier, faster, and more secure for our flying monkeys.

For complete details, and to sign up now for your free identification barcode/tattoo, please visit http://www.assport.com.

Sincerely,

The MSDN Acquisitions Team

http://msdn.microsoft.com/subscriptions

Re:FUD me harder /.

[Pinball Wizard]

In theory, not having to type in the same personal information each time you visit a different site is a good idea.

However, its pretty clear that Microsoft wants passport to be the standard. Its a big deal when they make it so we have to use passport, whether we like it or not.

The company you work for is engaging in forcing its customers into buying upgrades. MS is putting its weight into things like enforced registration for the new XP products [zdnet.com] and threatening audits of customers it suspects of piracy [slashdot.org]. Passport is innocent until you consider the company behind it.

FUD me harder indeed. Do you think Microsoft is creating a free service because it so benevolently wants to do something nice for the web community? Please. They are going to sell the data they collect. Your data. My data. Nowhere in the passport.com privacy statement says they won't.

The sad thing is, they won't increase revenues by these efforts. They will just lose customers

Re:I'm well out of it

[IronChef]

The bookstore had 20, 25 books about Linux and maybe 3 about FreeBSD. Easy choice :)

maybe easy, maybe not. ;)

I have had nothing but problems with passport

[Lordrashmi]

Every time I use passport it gives me tons of problems. I have nothing againsts MS, just when they make shitty services

My Previous Response with Rebuttal

[Bluesee]

Here [slashdot.org] is what I wrote on that subject, with a response taht basically told me I could opt out.

Oh, but that isn't true, is it???

I Could Opt Out, but only by opting out of MSDN...

*sigh*

Oh! Make sure you read the rebuttal where I was told I was Wrong. Wrong. Wrong. You know, it's like the inmates defending the warden. What a total brainwashing some people undergo!

Every time some idiot defends MS, I wonder what sort of upbringing they experienced. I bet their Dad beat them a lot, and convinced them that they deserved it.

Re:I swear I read about this somewhere else alread

[sqlrob]

Yes, he is [bbspot.com]

Re:Look at it without the anti-microsoft glasses

[Enigma2175]

Yes, it is a little more convienient to have a single login across several sites. However, if the security of Passport(or one of the websites to which it connects) is comprimised, your access to all the sites is potentially comprimised. Why let them just get into your hotmail account when you can let them access you MSDN account, online banking accounts, IRA accounts and everything else that MS will have using Passport in the future? Several accounts may be a PITA, but a unified login opens up a much larger security hole if an exploit is found. And let's face it, MS has not always been the most security-conscious developer. The best alternative is quick development of biometric [biometrics.org] technologies. I would rather be authenticated by my fingerprints or retinas than entrust MS with my security.


Enigma

Re:Uhm, guys,

[Alien54]

just because they request personal information, does not mean you have to be HONEST with your personal information.

I am tempted to fill in my home page info as that goat page.

In fact the idea of a having the Passport database filled with dummy accounts pointing to perverted sites, all in the name of mr gates amuses me. They have to be able to document more than one person with the same name, right?

Check out the Vinny the Vampire [eplugz.com] comic strip

I swear I read about this somewhere else already..

[dR.fuZZo]

Oh, that's right...

"And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name."

-Revelations 13:17

how are the telescreens suppose to know who we are

[Billly Gates]

Come on guys.

Freedom is slavery and doubleplus-uninnovative. While ingorance is strength and doubleplus-innovative. As a member of the insoc-MSDN party we need a way for the MSN telescreens by apple-compaq-hp-IBM corporation to know who we are so clippy can contact the MS marketing department(aka thought police).

Think about how doubleplus-inovative MS is. We can go actively explore on the internet and communicate and access everyone on messenger with the MSN telescreens and excel in life. We also need to turn in thought criminals to the ms department of Love(aka marketing). So that they can actively inform their double oldthought ways to active newthought ones and excel in their thinking.

Also your comments are not only counter revolutionary but also are in oldthink and oldspeak which are doubleplus-ungood. You need to use the right active words in your office when you write such things.

With Passport you can go to any Microsoft approved website and all the data can be accessed because the data will be integrated. Just look at what happened when Microsoft took over the whole IT industry. Expect the sameplus active results when Microsoft takes every oops leads online transaction and every service concievable known to man on the web. I just can't wait. THe insoc-MSDN party clearly says that our lives our actively better now. Especially those in the inner-MCSE party.

Think double positives when your doublewrite in double oldthink.

Re:Look at it without the anti-microsoft glasses

[mgkimsal2]

And VA Linux is going out of (hardware) business...

Re:So?

[agentZ]

Careful though. The post office could report you [lp.org] if they think you're acting suspiciously. The Man is everywhere.

Re:Lets call 'em

[agentZ]

They do indeed. One does not become rich by giving things away. (Well, at least not after you get them hooked. You could argue that M$ got the US Gov't/many business 'addicted' to Windows and Office and is now charging whatever they want for it. If we can't get them on anti-trust, can they be arrested on drug charges and have their assets seized and auctioned by the DEA?)

Re:So register as foobarbazquux@hotmail.com

[agentZ]

Up until January I always used:

Socks
1600 Pennsylvania Ave
Washington DC 20500-0003

Remember to always use ZIP+4 codes!

Re:So?

[agentZ]

I'd love to respond, but I just crossed the border into New York state and my cell phone is ringing.

Seriously, things only change when the powers at be are somehow inconvenienced. (e.g. personally affected by said law, unable to get re-elected because of it, etc.)

Uh, what again is the problem?

[DarkEdgeX]

As has been said before-- you can sign up using your WORK information on a seperate freemail account (or, use a specially created work account (eg: If you work at fud.com, and your real account is john.doe@fud.com, then make a new account-- msdn_john.dos@fud.com, and use it for Passport)), viola, no problem with personal info or tracking to other sites you visit on your personal time.

Secondly, CT makes a stink about Microsoft using Passport-- what again is the problem with this? I'd rather have them using and trusting their own technology than trying to sell it to us without using it themselves (as has been the case with certain Microsoft owned servers running Apache even though MS has IIS and pushes IIS to the masses).

Finally, if you really are a Win32 developer or WinCE developer or whatever, you DON'T have to use Microsoft tools-- Borland (and other companies, Metrowerks comes to mind) make compilers for Microsoft based operating systems. If all you want are the SDK's for developing software under Windows, you can STILL download the entire PlatformSDK either over the web using their smallish installer, or download the entire mess from ftp.microsoft.com/developr/platformsdk/ [microsoft.com], just pick a recent release and download the entire CD contents (FYI: There's a Jun2001 directory, but it's currently empty as I write this, but the Feb2001 is REALLY recent, and deals with some recent additions with Windows XP Beta 2). Other SDK's I think you can grab via FTP too, but I'm not so sure.

In a nutshell, this isn't a major development, it's not new (I bought Encarta Deluxe 2001, and signed up for the online version (free with the deluxe purchase), and Encarta uses Passport to validate your access), and it's a damn good idea. I'd like to see some other competitors in the "authentication of user identities" biz though, but I don't know of any off-hand that are this well established and easy to use..

Maybe making one or two too many leaps...

[nick_davison]

To get the developer downloads, you need a passport. A week ago, it was noticed that part of the EULA binds you to having to download any MS updates [slashdot.org]. Does this imply that more than just recieving special services, to develop with MS tools at all you now have to have a passport.

Then you get passports being illegal in Maryland [slashdot.org] and quite possibly Europe too [slashdot.org].

So, does this mean that Microsoft tools are now no longer on sale to ... well basically any state or nation who won't bend over the Microsoft way? And is this Microsoft's way of punishing those places for their terribly naughtiness or a case of Microsoft putting so many policies in to effect they've just accidently closed themselves off to what's starting to look like the majority of code developing states and nations?

what the hell?

[unformed]

they ask you for information.

uhh....hmm...we're not AOLers here. We should KNOW BETTER than to give out ACTUAL INFORMATION.

Plain COMMON SENSE.

assport.com

[saintlupus]

lupus@blue#whois assport.com

Whois Server Version 1.3

Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information.

Domain Name: ASSPORT.COM
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com

why do i find this so funny?

--saint
----

Microsoft has proved untrustworthy...

[Futurepower(tm)]

"... Microsoft has proved untrustworthy in the past."

-- U.S. District Judge Thomas Penfield Jackson is his order in case No. 98-1232 [gpo.gov].

$300 dollars isn't that much

[MeowMeow Jones]

When you consider how much you pay a programmer in one week.

Trolls throughout history:

Taco's a bit paranoid...

[dasmegabyte]

First off, MSDN downloads are a subscriber based service -- they've got to keep track of subscriptions somehow! And Passport is MS' new cross server identification system...of COURSE they're going to want to use it. I wouldn't want to have a different password for each server in the apple CVS network, and the same goes for MS' web services. They HAVE revamped the license and it's not nearly as serpentine as before.

But that doesn't stop you from using your ultimate response to any and all registration systems: lie. Lie as much as you can! Lie discordantly! Click female sometimes, male others, enter your race as an albino nepalese scotsgaelic neanderthal from northern Peru, and by all means give them false contact information. If we want to avoid the possible ramifications for misuse of our personal information, then we've got to give false information. Don't be a demographic, be ALL demographics! Nobody said you had to be truthful when asked a question. If MS needs your real name and real MSDN subscriber id, give them...but everything else in your passport should be clever fibs, abominations and halftruths. I like to build unflattering portfolios of people who bug the shit out of me at work.

After all, it won't take much worthless information for MS to drop this whole shenanigan and go to something useful (like an incredibly lightweight key based system...let's introduce PKE to the masses). Marketeers always get theirs in the end when they promote something this annoying...hence, the dotcom bust.

Look at it without the anti-microsoft glasses

[Gazelem]

Microsoft is licensing VERY CHEAPLY their development and office tools and a huge database of technical information. Of COURSE they have a right to know the information about the person to whom they are sending this software.

But as for the reference tools, that IS all available free, without having to log on via passport, over the web.

What isn't told is that if you are a subscriber of MSDN, you already have given them your information when you sent them your check. As for employees having to divulge your information, big deal. I have to do that all the time. I give my company address and company phone number and nothing else.

Let's keep this in perspective please and not have "the sky is falling" rants just because the person doing it is microsoft. There is no effective difference between logging in via Passport or directly to their websites. They could share the information either way. Again, let's keep perspective. Try downloading something from Oracle, Sun, or Sybase. Each time I've downloaded from one of these companies they've wanted information.