Sign in to follow this  
Followers 0
Talz

Stopping Microsoft/Vista spying?

30 posts in this topic

I recently got myself a brand new laptop (an acer 5920 it looks like a v-tech and I love it.) This is meant to be my windows box and it came preloaded with Vista.. which I've never actually used before.

Downgrading to xp is a fight with this box since acer only supports it for vista. It's an option I guess but I wouldnt mind keeping vista. Yes its just because it looks pretty.

Ok long story short, I found the report on softpedia about vista harvesting data and sending it back to microsoft. I'm not hacking the FBI but even if this box was only used for playing hello kitty online (I didnt actually know this was real till I typed it then googled it) I'm not crazy about my laptop telling anyone, let alone microsoft, anything about my activities.

Did a quick search here on the forums and on google but cant really find much..

The only way I can think of doing it would be having a firewall restrict the traffic as much as possible. I was hoping for a mod or better yet a reg edit that would siable it all together?

I know life is never that easy but hey its worth a try right?

0

Share this post


Link to post
Share on other sites

No amount of software you install will protect you from this, since the spyware behavior is part of the OS itself. If you don't like the loss of privacy you feel you're experiencing, install a different system.

0

Share this post


Link to post
Share on other sites
No amount of software you install will protect you from this, since the spyware behavior is part of the OS itself. If you don't like the loss of privacy you feel you're experiencing, install a different system.

I agree. Ditch Windows and try something

0

Share this post


Link to post
Share on other sites

Thats what I was afraid off. Oh well, goodbye pretty icons and folding windows.

Thanks guys, I'll have linux installed by the end of the day.

0

Share this post


Link to post
Share on other sites
No amount of software you install will protect you from this, since the spyware behavior is part of the OS itself. If you don't like the loss of privacy you feel you're experiencing, install a different system.

Hmm... I'm aware of certian features being enabled by default like Vista activation, device manager and hardware wizard, dynamic updates and help and support feature but you make it sound like there is an application that sends mass reports of every user on any vista machine in the world that cannot be disabled. Is there any proof of this or is everybody being paranoid.

Even in linux there are file update applications that you can set to run automaticly. Yes, you can disable them or not enable them in the first place but who is to say they don't report user statistics and application usage. (of course they'd have to run under the GPL)

0

Share this post


Link to post
Share on other sites
No amount of software you install will protect you from this, since the spyware behavior is part of the OS itself. If you don't like the loss of privacy you feel you're experiencing, install a different system.

Hmm... I'm aware of certian features being enabled by default like Vista activation, device manager and hardware wizard, dynamic updates and help and support feature but you make it sound like there is an application that sends mass reports of every user on any vista machine in the world that cannot be disabled. Is there any proof of this or is everybody being paranoid.

Even in linux there are file update applications that you can set to run automaticly. Yes, you can disable them or not enable them in the first place but who is to say they don't report user statistics and application usage. (of course they'd have to run under the GPL)

Well, actually Debian does (and i'm sure some other Linux distro's too) but the major difference here is that it is opt-in (or maybe opt out, i cant really remember). The only way i can think of opting out of Windows info gathering is to not install it.

Although saying that i'm not really sure what data Microsoft gathers about the user. If anyone has any info on this matter i'd be interested to see it.

0

Share this post


Link to post
Share on other sites

Which SoftPedia article are you talking about? Can you provide a link? I know a lot of Microsoft software sends user-experience reports it in the background to gather information on bugs and improve their software development life cycle, but that's a feature that you can simply opt out of as far as I know. Is that what you're talking about or is this another thread about that NSA crypto kernel symbol?

0

Share this post


Link to post
Share on other sites
No amount of software you install will protect you from this, since the spyware behavior is part of the OS itself. If you don't like the loss of privacy you feel you're experiencing, install a different system.

Hmm... I'm aware of certian features being enabled by default like Vista activation, device manager and hardware wizard, dynamic updates and help and support feature but you make it sound like there is an application that sends mass reports of every user on any vista machine in the world that cannot be disabled. Is there any proof of this or is everybody being paranoid.

The "feature" is called DRM, it's built into the Operating System. It cripples the functionality and gives partial control over your computer to people in the entertainment industry. Bruce Schneier wrote about this:

http://www.schneier.com/blog/archives/2007..._windows_1.html

Other features that sabotage a person's privacy are Windows Update, Web Content, Digital Certificates, Auto Root Update, Windows Media Player and all other sorts of software that send personal data to Microsoft. There's a lengthy article about it and other things hidden in Vista's EULA on Softpedia.

http://news.softpedia.com/news/Forget-abou...oft-58752.shtml

0

Share this post


Link to post
Share on other sites

DRM stands for Digital Rights Management. DRM provides a way to help control the unauthorized distribution of copyrighted media. DRM does not spy on people. Most DRM implementations today use only cryptography to verify if the person attempting to use the medium is authorized to do so. Bruce Schneier, whose blog I read daily and whose books I own, does not mention spying in that article. He does mention technical aspects that can cause interference and annoyances. My guess is that Softpedia does NOT have access to Windows source code and therefore is speaking out of its bum. Microsoft spreads a lot of FUD about Linux and so do other companies about Microsoft. By reading the Softpedia article, I can tell it's nothing more than a scare article. Without quoting any relevant part of the Windows Vista EULA, Softpedia scares its readers into thinking Vista is going to steal all their private, sensitive documents.

Take, for example, this part of the article:

The alternative? Well, it's written in the Vista license agreement. "By using these features, you consent to the transmission of this information. Microsoft does not use the information to identify or contact you."

Softpedia does not discuss prior to quotation nor after quotation what the key phrases "these features" and "this information" pertain to. Softpedia continues frightening people by providing, in very vague terms, a potentially out-of-context explanation.

My suggestion is to take a closer look at articles you read. My intention is not to disprove whether Vista spies on people or not, but is to bring into question the validity of this particular Softpedia article.

Edited by lattera
0

Share this post


Link to post
Share on other sites

Both of the articles you have linked to are interesting, but the article on DRM states nothing about spyware being included. It goes into much detail about reduced functionality for High Def audio and Video so you can't see the movies you've illegally downloaded or the black market blu-ray DVD's you bought in calcutta. But there is nothing about reporting details to Microsoft (That's the RIAA and MPAA's function).

I agree with you on the second article, it is much more informative. Read those EULA's carefully.

Damm, Lattera beat me to it, but I'm a slow reader

Edited by C'thulhu
0

Share this post


Link to post
Share on other sites

Also, if one wanted proof, one could set up a linux box as a gateway and log all internet traffic to/from the gateway. I would think that having such a system up for a period of three months would provide an adequate measure.

Vista Box -> Linux Gateway -> Internet

0

Share this post


Link to post
Share on other sites
DRM stands for Digital Rights Management. DRM provides a way to help control the unauthorized distribution of copyrighted media. DRM does not spy on people.

DRM does spy on people. Ever heard of WGA?

Most DRM implementations today use only cryptography to verify if the person attempting to use the medium is authorized to do so.

And to do that they need to "call home".

My guess is that Softpedia does NOT have access to Windows source code and therefore is speaking out of its bum.

My guess is that you didn't even bother reading the article, because they analyze Vista's own EULA.

Microsoft spreads a lot of FUD about Linux and so do other companies about Microsoft.

Like, for example... ?

By reading the Softpedia article, I can tell it's nothing more than a scare article. Without quoting any relevant part of the Windows Vista EULA, Softpedia scares its readers into thinking Vista is going to steal all their private, sensitive documents.

The word "document" isn't mentioned anywhere on the site, so you're just imaginating it.

Take, for example, this part of the article:
The alternative? Well, it's written in the Vista license agreement. "By using these features, you consent to the transmission of this information. Microsoft does not use the information to identify or contact you."

Softpedia does not discuss prior to quotation nor after quotation what the key phrases "these features" and "this information" pertain to. Softpedia continues frightening people by providing, in very vague terms, a potentially out-of-context explanation.

My suggestion is to take a closer look at articles you read. My intention is not to disprove whether Vista spies on people or not, but is to bring into question the validity of this particular Softpedia article.

You can read the EULA yourself and see that the quotes aren't out-of-context.

http://download.microsoft.com/documents/us...89cf5105718.pdf

And Softpedia isn't the only site criticising Vista's EULA.

http://www.theregister.co.uk/2006/10/29/mi..._eula_analysis/

http://blogs.zdnet.com/Bott/?p=158

http://www.linuxcookbook.com/declining_vista_eula.html

http://www.securityfocus.com/columnists/423

It goes into much detail about reduced functionality for High Def audio and Video so you can't see the movies you've illegally downloaded or the black market blu-ray DVD's you bought in calcutta

Or if there's a bug, you're watching a lower quality version or listening to a lower quality audio, but I like how you suggest that everyone having problems with DRM is a pirate.

0

Share this post


Link to post
Share on other sites

Just install Linux and the problem will be gone. Some distros might ask you at install time if you would like to participate in a package popularity program in order to ship the most popular packages in the next release, but you are in no way forced to agree.

0

Share this post


Link to post
Share on other sites

WhatChout, I might be mistaken, but I think you're taking personally what I said. I was merely providing my thoughts on the validity of Softpedia's article. Whether those thoughts are valid or not, in your opinion, is yours to decide.

However, let me provide a few more thoughts.

Windows Vista's EULA might have some rather "interesting" clauses, but Vista might not even be programmed in such a way to fulfill those clauses. Sure an EULA might say "we'z gonna steal ur codez" but the product might not be implemented to do that. One could argue the against EULA all day, but not have a case if the product does not fulfill the EULA.

That said, if one has a problem with a product's EULA, my advice is simple: don't use the product. Why would someone buy a hair dryer if the purchaser had to agree to be shocked every five seconds during use? While discussing potential legal issues regarding EULAs can provide positive insight, spreading fear is counter-productive.

WhatChout, if you would like, I can set up a lab here and test if WGA spies on me. Also, I have some friends who work on different development teams at Microsoft. I can make an inquiry as to how WGA is implemented and/or if it really does spy on me (and, if it does, on what activities does it spy?)

I think we could argue this all day, but without seeing any sort of hard evidence, any arguments we make (including mine) would be pure speculation or opinion. I tend to prefer not to speak in ignorance (which is why you'll notice I haven't given my thoughts on the issue).

Edited by lattera
0

Share this post


Link to post
Share on other sites
WhatChout, I might be mistaken, but I think you're taking personally what I said.

Not at all, I don't have anything against you personally. I tend to get passionate in discussion but that's because I like discussions, not because I hate people on the other side.

Windows Vista's EULA might have some rather "interesting" clauses, but Vista might not even be programmed in such a way to fulfill those clauses. Sure an EULA might say "we'z gonna steal ur codez" but the product might not be implemented to do that. One could argue the against EULA all day, but not have a case if the product does not fulfill the EULA.

Well, that's the problem. Since the OS is proprietary you can only guess what functions it has implemented. What I suggest is that if someone feels uncomfortable and feels that all of this infringes his privacy, then he should use another Operating System.

WhatChout, if you would like, I can set up a lab here and test if WGA spies on me. Also, I have some friends who work on different development teams at Microsoft. I can make an inquiry as to how WGA is implemented and/or if it really does spy on me (and, if it does, on what activities does it spy?)

That would be interesting, although your friends may be under NDAs requiring them not to talk about WGA in too many details. What I know so far is that WGA has typical characteristics of spyware - it installs in a misleading way, it "phones home" regularly and has features such as enforcing validation before installing updates and locking people out of features of their OS.

0

Share this post


Link to post
Share on other sites

Now I'm a little more paranoid

Just for the halibut I decided to run ethereal on my firewall system - (running mandriva) - and enable logging for tcp port 80. I then rebooted my windows vista machine and watched. After a few minutes my vista machine did an HTTP get to www.msftncsi.com and downloaded the file ncsi.txt. I did some googling and found that NCSI stands for Network Connectivity Status Indicator. Apparently Vista does this automaticaly after each boot to verify your network is up and running, and the microsoft server it contacts logs the information, including if the vista machine is behind a firewall. A little more googling turns up the fact that you can disable this, but it requires editing the registry. So in the very least microsoft can verify every time you boot your vista machine.

Now I'm thinking of setting up ethereal to monitor all network traffic from my Vista machine.

0

Share this post


Link to post
Share on other sites
Now I'm a little more paranoid

Just for the halibut I decided to run ethereal on my firewall system - (running mandriva) - and enable logging for tcp port 80. I then rebooted my windows vista machine and watched. After a few minutes my vista machine did an HTTP get to www.msftncsi.com and downloaded the file ncsi.txt. I did some googling and found that NCSI stands for Network Connectivity Status Indicator. Apparently Vista does this automaticaly after each boot to verify your network is up and running, and the microsoft server it contacts logs the information, including if the vista machine is behind a firewall. A little more googling turns up the fact that you can disable this, but it requires editing the registry. So in the very least microsoft can verify every time you boot your vista machine.

Now I'm thinking of setting up ethereal to monitor all network traffic from my Vista machine.

If i was Microsoft i would encrypt the really good stuff

0

Share this post


Link to post
Share on other sites

By doing anything online, you expose your IP address. Why are you paranoid about Microsoft seeing it? I guess rational thinking isn't allowed.

0

Share this post


Link to post
Share on other sites
By doing anything online, you expose your IP address. Why are you paranoid about Microsoft seeing it? I guess rational thinking isn't allowed.

Rational thinking has nothing to do with this. I know when I boot up my I.S.P. can see my machine. If I web surf then I know anyone i.e. my isp or the web server I contact can see my i.p address and I accept this. I can accept that WGA might contact microsoft every two weeks to verify my copy of Vista is legit. But this allows Microsoft to know when I boot up, not just when I go on-line.

As I said, it doesn't really worry me that isp logs and web server logs can tell when I contact them, that is something I control. I am the one who tells the browser to do this. But to have an application that contacts a major software company whenever I boot my machine without any action on my part other than booting seems a little too much.

0

Share this post


Link to post
Share on other sites

DRM is not a specific technology, it's a concept. How that concept is implemented changes from platform to platform. Some, like Valve's STEAM, relies on a mix of client-server authentication with cryptography. Others, like some fairplay, relies purely on crypto processed on the client-end.

Yes, authentication allows for knowing the content you play. It's a byproduct of the technology. Just how you go into a store, and you buy a CD, means that the retailer knows what was bought. It's not spying on you, it's collecting market data. Welcome to the world of business.

I dislike DRM because I believe it conflicts with the notion of ownership - particularly with laws like the DMCA that prohibit the use of that digital property. That said, I have no quarrels when its implemented for rentals - when you don't own it.

Now back to upping usage data: you can disable it. You can disable Media Player from sending data. You can not send error reports. It's up to you. Just like in Linux. Go with an enterprise OS like Red Hat, and you see that they aren't so different from MS in terms of those practices after all.

Edited by Seal
0

Share this post


Link to post
Share on other sites

Most of the privacy concerns with Vista can be alleviated by turning off anything automatic, like Windows Update, etc., and by not using certain programs like Windows Media Player.

Most of the problems people have with Vista - not just these privacy concerns - can be addressed by just doing a little bit of work turning some stuff off. This is what it comes down to: If you don't like it, don't use it. There are many alternatives, so there is no real reason to bash MS.

As an example, nearly every store has CCTV cams. In theory, they could use facial recognition and a drivers license database to spy on everyone in their store and track their purchases, consumer behavior, etc. While that may be close to impossible, the point is they can do what they want with the info they gather. There is no EULA there, and no real alternative. So stop whining about MS. You have other choices.

And yes, that Softpedia article is total FUD.

Edited by decoder
0

Share this post


Link to post
Share on other sites
Most of the privacy concerns with Vista can be alleviated by turning off anything automatic, like Windows Update, etc., and by not using certain programs like Windows Media Player.

Most of the problems people have with Vista - not just these privacy concerns - can be addressed by just doing a little bit of work turning some stuff off. This is what it comes down to: If you don't like it, don't use it. There are many alternatives, so there is no real reason to bash MS.

As an example, nearly every store has CCTV cams. In theory, they could use facial recognition and a drivers license database to spy on everyone in their store and track their purchases, consumer behavior, etc. While that may be close to impossible, the point is they can do what they want with the info they gather. There is no EULA there, and no real alternative. So stop whining about MS. You have other choices.

And yes, that Softpedia article is total FUD.

Well said.

I still don't think I can go fulltime linux when my Computer needs Windows Vista 64bit to run most of my apps, games, ect.

Even then, I'm not sure Linux can utilize all of the technology that I'm currently using.

So, if I'm using Intels' VPro, does that mean Microsoft is getting encrypted data from me? Or does Intel share encryption keys with Microsoft?

As far as DRM goes, what exactly do they have access to?

0

Share this post


Link to post
Share on other sites
As an example, nearly every store has CCTV cams. In theory, they could use facial recognition and a drivers license database to spy on everyone in their store and track their purchases, consumer behavior, etc. While that may be close to impossible, the point is they can do what they want with the info they gather.

Actually that's very possible, customer tracking is a real feature of Verint's software.

http://verint.com/video_solutions/releases...2&year=2003

(scroll to 3:50)
And yes, that Softpedia article is total FUD.

And yes, that is a blanket statement.

0

Share this post


Link to post
Share on other sites
As an example, nearly every store has CCTV cams. In theory, they could use facial recognition and a drivers license database to spy on everyone in their store and track their purchases, consumer behavior, etc. While that may be close to impossible, the point is they can do what they want with the info they gather.

Actually that's very possible, customer tracking is a real feature of Verint's software.

http://verint.com/video_solutions/releases...2&year=2003

(scroll to 3:50)

That's tracking customer movement, not using facial recognition.

Although, I do remember there being a big thing a few years back at a Super Bowl. If I remember correctly, they were photographing everyone as they entered the stadium and, ostensibly, using it against a "terrorist" database. Because, as we all know, going to the Super Bowl is pretty high up there on the terrorist agenda.

The Softpedia piece is still FUD. It's a blanket statement because the entire article is written as FUD, not just certain elements. Almost all conspiracy literature is written as FUD - the difference is most of that shit is entertaining. You need some sort of entertainment aspect with your FUD, otherwise it just looks stupid.

A conspiracy FUD piece might say, "The Gov't is out to get you, poison you, kill you, and there is nothing you can do about it!!!! O NOES!" But you don't have that problem with Windows software because, you know... you don't have to use it.

edit: I've read a million TOS's and EULAs and honestly, they are all ridiculous. they are written by lawyers whose job it is to cover the companies ass in every way conceivable. For the most part, they aren't meant to be taken that seriously. In many cases, certain elements of these "agreements" are illegal, and would never stand up in court. The bottom line is still that you have many alternatives to Windows and there are much more important issues in the world of privacy than Vista harvesting user data in order to improve their software.

Edited by decoder
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0