MS ID Scheme

To: SCALUG <scalug@kendeco.com>, TCLUG <tclug-list@listserv.real-time.com>
Subject: MS ID Scheme
From: Troy Johnson <john1536@tc.umn.edu>
Date: Sun, 07 Mar 1999 11:44:20 -0600
http://www.theregister.co.uk/990307-000006.html

Posted 07/03/99 4:17pm by John Lettice

  MS ID number system could track all Windows
  users

  Earlier this year the built-in serial numbers in Intel's Pentium III
caused a privacy storm.
  But now a software company has revealed that Microsoft has been
running a rather
  more effective identification system since the launch of Windows 98.
So Redmond
  knows a lot more about you than you might have thought. 

  The point about the Intel system is that it could be used to track
personal data relating
  to PC users, but the Microsoft system is apparently doing so already,
and has the
  potential to operate as a digital fingerprint that tracks where you
go, and the
  documents you produce, anywhere on the Internet. Robert Smith,
president of
  development tools company Phar Lap, last week pointed out that the
Windows 98
  registration wizard, which is used to register for support and
updates, does cute
  things in addition to just sending Microsoft the Windows 98
registration number. 

  This number, known as a Globally Unique Identifier, is sent to
Microsoft along with
  name, address, phone number, plus demographic details and information
on the
  hardware and software being used. Note that with the progressive
tightening-up of
  Microsoft's registration procedures it is becoming more and more
difficult to get
  support from the company, or to get software updates, without
registering, so
  Microsoft is going to acquire more and more of this data. In the
Windows 98 install
  procedure, users are not told that all this data is being sent, but
Smith says that the
  data Microsoft is gathering is being used to build a database of
Windows users
  globally. 

  From what Smith says, it would also seem that Microsoft has been doing
a pretty
  through job of 'integrating' the number into a user's entire
installation. Aside from
  being linked to the user's name, it also appears in files the user has
created, so
  Microsoft's database could be used to track both users and the
documents they
  produce across the Internet. 

  Microsoft denies that it ever intended to use the data it's gathered
for marketing, but
  as the Windows 98 registration wizard clearly says that the data will
be used by
  Microsoft and its affiliated companies, and the usual check box asking
if you mind
  being sent information is there, this is obvious nonsense. Users do
have the ability to
  decline to send inventory information during registration, but they
clearly can't do much
  about identification numbers embedded in the data files they produce. 

  Microsoft may change the registration wizard in the next Windows 98
service pack
  (which may be a while yet), but may also (probably depending on the
level of the
  privacy firestorm) produce a utility that will delete the information
from the local
  machine's registry. The company also apparently intends to delete
information already
  collected from its database, but it's not clear what this information
consists of.
  Probably it will be data on users and their machine configurations
which have been
  acquired as part of the online support and update processes. 

  Microsoft's own privacy policy provides some information on what this
data consists
  of: "When you buy and install a new product, we ask you to register
your purchase," it
  says. "We then merge your registration information with any
information you've already
  left with us (we call that information your personal profile). If you
haven't previously
  registered with us, we create a personal profile for you from your
registration
  information." This information is available at the Personal
Information Center" on the
  Microsoft site. 

  But here's the bit that makes you wonder why everybody got worried
about Intel
  without noticing Microsoft: "In creating a new profile or updating an
existing one, we
  obtain your hardware identification number from the registry on your
computer's hard
  drive. If you have already registered, we also obtain the personal
identification number
  you were assigned … We then send a small bit of code back to your hard
drive. This
  code is uniquely yours and only includes your registration
information. It is your
  passport to seamless travel across microsoft.com, allowing you to
download free
  software, order free newsletters and visit premium sites without
having to fill out
  another registration form. Even if you switch computers, you won't
have to re-register."


  There - so it's all supposed to make it easy for you, right? 

  Microsoft may however find itself having to clean up its act sooner
rather than later.
  The US and the EU remain locked in negotiation over how to tackle EU
privacy
  regulations which restrict the export of personal data. If a solution
is arrived at, US
  companies holding data on EU citizens will have to adhere to some sort
of mutually
  agreed code of conduct. One might observe that a company that gives
the impression
  of neither knowing what data it has nor why it acquired it will have a
bit of difficulty
  passing the tests. ®
Prev by Date: Java 2 development kit making its way to Linux
Next by Date: DNS Questions
Prev by thread: Java 2 development kit making its way to Linux
Next by thread: DNS Questions
Index(es):
- Date
- Thread