All Microsoft Updates Phone Home 233
juct writes "In the wake of heise Security's report on the garrulous WGA Notification, Microsoft has now supplied additional details on the data sent. They have revealed to developers that apparently all updates relay information to the company in Redmond."
EULA (Score:5, Interesting)
So I guess it might be a bit sneaky, but it has all been covered by WGA disclosures.
An example of the XML returned when a user cancels an installation is available here [msdn.com], "just to allay any fears that Microsoft is using any personal information".
So ya, I don't think this is a huge deal, nor particularly unexpected.
Re:All updates relay Information... (Score:5, Interesting)
Yeah totally, because:
Pirates? (Score:3, Interesting)
Seeing that Microsoft has done very poorly in correctly determining which installations of Windows are legitimate, how competently can they track legal software?
Re:What if. . .piracy were more difficult? (Score:4, Interesting)
My hope is that is all of these things make running pirated versions of Windows more difficult -particularly in the developing countries where internet connectivity is spotty such that OSS can gain in popularity and use. This could end up being a real win for Linux and other OSS.
cue stories of entire countries running off a single pirated copies of Windows and Office.....
-I'm just sayin'
Re:I've said it before, and I'll say it again... (Score:2, Interesting)
I have a few friends that play in the stock market and have said for a long time that they bet Bill uses this information to buy/sell stocks and $$$. Think of the unbelievable wealth of information. Which hardware/software/etc... are folks buying and what are they not buying? etc... etc...
...and they go further than that! (Score:3, Interesting)
UK/EU - Data Protection Act (Score:5, Interesting)
Re:All updates relay Information... (Score:3, Interesting)
Re:All updates relay Information... (Score:3, Interesting)
Mu.
HP and Dell don't do their own driver patches. They do roll up other people's drivers in their own packages, but they simply use the drivers of others.
There ARE non-driver patches for both, but they're related to special, custom software. For example HP has their own version of the software that goes with the Infineon TPM chip inside this HPQ laptop. But Microsoft isn't going to be delivering those patches to you.
Absolutely the only thing they need to provide updates are device and vendor IDs. For ISA and PCI cards that's provided by PnP. For USB devices, it's part of the initial conversation with the host, as well as for bluetooth. I don't know precisely what PCI-E does, but it's probably the same old PCI/PnP-style vendor and type.
The code is probably already able to distinguish between OS information and everything-else information. This can only be a deliberate decision. Wouldn't you want to retrieve as little data as possible to minimize the effects of bad network links and to avoid having unnecessary data complicating your life? Of course you would. Unless you wanted that data...
I've never seen one. I think they did deliver me a video bios update once though. Anyone know this for sure?
Re:Killing suggestions (Score:3, Interesting)
Re:UK/EU - Data Protection Act (Score:2, Interesting)
Heh, "common sense that companies can't keep what ever records they want - secretly at least."
It may seem common sense to you and me, but that's not how US citizens have it. And yes, we can ask for information to be deleted, but only if it's inaccurate. In the UK, we have to pay a small fee to cover some of the company's admin costs in getting the information and to act as a deterrent against people using this kind of thing for bullying tactics. Of course, since it's so much hassle for the company, you still can use it to bully; I did this to my bank once:
Me: I'd like 3 duplicate bank statements please, for these months...
Bank: That'll be £15 please
Me: What's your fee for a data protection act request? can't I get access to all information you hold on me?
Bank: £10
Me: I may as well get all the information you have then, if that's cheaper
Bank: That's all right sir, we'll do the statements for free
Wasn't that nice of them :)
Re:UK/EU - Data Protection Act (Score:2, Interesting)
Here's a link to Microsoft UK's data protection registration information, for the curious:
http://www.esd.informationcommissioner.gov.uk/esd
However, if you paid your £10 and asked, he answer would probably be "nothing". The definition of "personal data" in the Data Protection Act (which you can read online at http://www.opsi.gov.uk/ACTS/acts1998/80029--a.htm [opsi.gov.uk] - do have a look, it's not too hard to decipher; all EU states have essentially equivalent legislation) is
"personal data" means data which relate to a living individual who can be identified-
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller.
I think they would claim that they cannot identify you from the information that they record. Any thoughts?