All Microsoft Updates Phone Home 233
juct writes "In the wake of heise Security's report on the garrulous WGA Notification, Microsoft has now supplied additional details on the data sent. They have revealed to developers that apparently all updates relay information to the company in Redmond."
it's the price you pay, alas (Score:3, Informative)
like, for instance, all of the "cool features" use new runtimes and new features, and none of it is backwards compatible.
so is anybody really surprised here? if the user hash code field they recover is all over the warez circuit, no matter what the EULA says, someday the number of hits on you is going to run over some trigger number in update. at that point, you will run into a block.
had to reinstall windows ME legally on a machine last weekend. got all the critical updates pulled off on IE, and from that point on, update kept returning "thank you, you have a Mac, you can't update here." everything worked fine the next day, and I got the rest of the criticals done.
I can only assume they have all sorts of wonderful blocks and trigger numbers over there, and since they own the software and you own only a cancelled check, it's just tough damn luck.
Re:No (Score:5, Informative)
Again, it's been this way for quite a while, and the information does not "perfectly" identify you, but each install has it's own signature as far as I can tell so they can deduce who you are pretty quickly.
Why do you care now as opposed to all of the other Microsoft's-evil-OS stories on
List of data sent back (Score:5, Informative)
From the WGA Blog [msdn.com]
Re:All updates relay Information... (Score:3, Informative)
Re:Reverse double-speak? (Score:3, Informative)
So Microsoft isn't using that info (and certainly not that specific item of info) to contact users, but they might be passing it on to someone who is.
Typical Microsoft statement; parsed carefully and in the right context, it might well be literally true, and it sounds good, but it could well be misleading.
Re:Success/Failure/______/etc./ (Profit?) (Score:3, Informative)
Simple solution (Score:3, Informative)
on a *Nix box, say maybe the DNS server
vi
127.0.0.3 genuine.microsoft.com
For windows
edit c:\windows\system32\drivers\etc\hosts
0.0.0.0 genuine.microsoft.com
Re:Simple solution (Score:5, Informative)
http://yro.slashdot.org/article.pl?sid=06/04/16/13 51217 [slashdot.org]
Re:UK/EU - Data Protection Act (Score:2, Informative)
Why would you have to pay at all?
At least in Finland, I can walk to every place that I suspect might have records on me and ask to be given those records, and the company or what ever, even the police have to comply. AFAIK you can also ask the data to be deleted.
Also, AFAIK according to Finnish law Microsoft (which does have a company in Finland too) they should have in the open a document (or upon request) that specifies what information is being collected in to their registers.
Too bad I don't use Windows :) but anyways.. I'm not a lawyer. It's just common sense that companies can't keep what ever records they want — secretly at least.
Not really - here's what it is (Score:2, Informative)
1) Since there are so many update events, the client software only sends a random sample ~10% of all events to the server. This was added in one of the more recent changes to the Windows Update s/w.
2) Yeah, they have a *huge* data warehouse that they store all that info in. It's SQL Server 2005 and one of the larger SQL Server installs in the world. From what he tells me, they get millions of new rows each day, so they can only keep 1 year of data available online in the database (everything else gets moved off to tape or to another database). BTW, it's in the terybytes.
3) They use this data to help better serve their customers. They have a reporting/analytics solution built on top of that Data Warehouse. They can analyze history by region, by service pack, by language, etc. So they can make better strategic decisions with that info and in a more timely manner (it's updated daily).
Look, here's one example where that data is useful for them - if a few customers call up and say there update is failing, a tech support person can look at some data for that customer's region, or service pack, or update and see if there are any trends there to help move the case along (i.e. maybe a trend shows that a bunch of users with that OS are having problems with that update).
No comment on the privacy issues - all they know about is your computer's GUI and your IP address (i.e. city/state/zip or region/country). Some are ok with that, many aren't.