MSDN Subscriber Forced to use Passport

alandd writes "As a Microsoft Developer Network (MSDN) member, I just recieved the email below notifying me in order to get special developer downloads, I will have to have a Microsoft Passport account. Passport stores all your private info to share with one click among other sites. Past articles have mentioned some since removed draconian terms of use and there have also been reports of security breaches in the past. Now MS is requiring the technically savy to sign up. I don't want to but my job requirements and MS give me no choice!" No your honor we're not a monopoly. We just use our market share to force people to adopt each of our new products. Click on to read the email

Dear MSDN subscriber,

MSDN® Subscriptions is pleased to announce that the MSDN Subscriber Download Web site at http://msdn.microsoft.com/subscriptions/resources/ subdwnld.asp will soon be upgrading its logon authentication technology to Microsoft® Passport.

Microsoft Passport provides personal authentication services that make it easier for you to navigate between Web sites, and makes it faster and more secure for you to make purchases online.

Beginning in late June, the MSDN Subscriber Download Web site will prompt you to sign up for your personal Passport and associate your current subscriber record to this Passport. After signing up, access to MSDN Subscriber Downloads will be easier, faster, and more secure.

For complete details, and to sign up now for your free Microsoft Passport, please visit http://www.passport.com.

Sincerely,

The MSDN Subscriptions Team

http://msdn.microsoft.com/subscriptions

CT: So, if you want to write code under windows, you must use Passport. Or not use MSDN. And lets face it, if you develop under windows, you must buy MSs tools, and you sure can't use those tools without their docs. Times like this I just sorta throw my hands up in the air and say wow. How long before MSNBC requires it? Windows? IE? Your Visa company works with Microsoft Money, so you can bet that sooner or later, you'll need passport to balance your checkbook and credit cards. Paranoid delusion? Of course not. Windows XP will link my complaints to all sorts of helpful sources of information on medication that can be used to calm my delusions, or the numerous sites that exist to mock me or slashdot, thus undermining my credibility and making me seem like a crazy man to any onlooker.

Ok, I'm obviously exagerating. But you still gotta be a little wary.

If it's for your JOB use JOB info.

Passport stores all your private info to share with one click among other sites. I don't want to but my job requirements and MS give me no choice!

So use your JOB info. What is there to 'compromise'? e.g., all software here is registered to "Software Development", company name, company address, company tel#, company email.

Why do you care that MS wants your non personal info?

No no no

Hold on. CT sez: "So, if you want to write code under windows, you must use Passport. Or not use MSDN". That is blatant FUD. No one in the world is stopping you from using MSDN Online [microsoft.com]. In fact, most of the information ever used by developers is on that site absolutely, 100% free.

No one is stopping you from obtaining a subscription [microsoft.com] to MSDN. This gets MAILED RIGHT TO YOUR DOOR.

The ONLY thing the above is saying is "If you want to download some stuff that we've only made available on the web, you gotta get a Passport". This is like saying "If you want to use Hotmail, you gotta get a Passport".

Does this mean you have to have everything from your Mother's maiden name to your pet's favorite food in there? NO.

I'm an intern for MS, but I'm not trolling here. And since I'm an intern, I barely have an impact on my own group let alone MSDN.

So?

Just make a cypherpunk/cypherpunk login. I doubt anyone at microsoft would `get it' anyway.

--

Err

Actually GNU tools for Win32 development are becoming increasingly popular, what with VC++ being $300. The Win32 version of MAME is now built with MinGW32, and when a project that big makes the jump a lot of others probably won't be far behind.

Need cypherpunk coordination? Cookies?

Why do you care that MS wants your non personal info?

Well... they'll track your useage anyhow, and also know that your company exists. Moot point for MSDN anyway, but Passport links up with lots of other things. Who knows what else it will do in five years?

Microsoft aren't reknowned for letting invasive ideas languish, and caving in at any point is useless. You don't pacify a crocodile by tossing it steaks.

How aboute a website somewhere listing logins?

cypherpunk/cypherpunk

cyph3rpunk/cyph3rpunk

bigbrother1984/blinkandyoudie

msownsme/h34rt&s0u1

One still needs cookie control. On Linux, that's easy, redirect web traffic to a local proxy that strips cookies, both in headers and in URL. What about on work machines etc?

Microsoft want to take your freedom and replace it with multiple choice. In particular:

[Microsoft] [Microsoft] [Microsoft] [Microsoft] [AllOfTheAbove]

Suggestion

Use this info:

Name : C. Montgomery Burns
Address: 666 Mammon Lane, Springfield, USA
Phone: KL5-3226
Company: Springfield Nuclear Power Plant

--

Re:Uhm, guys,

And for the email address...why not use a Hotmail (tm) account?

BTW, does anyone else remember getting a sinking feeling back when MS acquired Hotmail?

Re:$300 dollars isn't that much

It's a lot when you're a teenager that's bored in high school that's trying to program a cool new game. I remember mowing lawns to get the $150 (or whatever) to buy Borland C++ 3.1 (I still use it).

It's either forced compliance or forced lying

Nothing really insightful here, but I personally hate to lie. I think one of the problems with what we've become is that too many are willing to lie at the drop of a hat. But now MS narrows my choices to two I don't like: register with my real information, or lie.

I despise click-throughs that give me the choice to "register now" or "register later". I have to lie because there is no "don't register" choice. I have to agree to license agreements where part is written in a language I don't speak. When I click "Agree", it's another lie. How can I agree to what I don't understand. Some writer wrote an excellent column on that, but I don't remember who.

I'm a Windows programmer for a living and I use MSDN. But I will not create a real Passport account. Again, I will lie, as much as I hate it. The only choices they give are unpalatable. Even worse than their monopoloy, even worse than their licenses, they make you comply, lie, or do without. When they're the only source of Win32 documentation, what's the choice going to be? I hate it.

Grow up Taco

Taco, in your anti-MS frenzy could you at least get some of the facts straight?

i) You don't need Passport to get MSDN, or develop for Windows. MSDN subscriptions are delivered to your door (or office) and you use them from there. There is no reason to access the downloads unless you NEED the latest and greatest betas right now.

ii) If you've signed up for MSDN, and signed up online for the downloads then you've already given Microsoft all the information you need to create a passport account anyhow - where's the issue here?

iii) You can create separate passport accounts for home and work. Only give work info (which is all you should do with an MSDN subscription anyhow) to Passport for the downloads.

Now I know that these three things probably got lost in the rabid frothing and knee jerking, but at least you should consider them sometimes, please?

Microsoft does bad things at times, but just because Microsoft does something doesn't AUTOMATICALLY make it bad. You've been given a brain - use it.

Re:You got it all wrong

> hey I don't feel like remembering 20 passwords. I mean I have accounts with Slashdot, Linux.com, MSDN, and many others, do you really think I'm going to remember all those passwords? Hell no

...root password on my home box, root password at work, guest password on the CD-burning machine by the secretary's desk, MSDN subscription password, why the hell should I use different passwords? It's too hard to remember more than one password. I even have a hard time remembering my one password that I use for everything! Maybe I'll just write it on a slip of paper and stick it by my monitor so I can remember.

You, sir, are either an AOLuser or a Micros~1 intern being paid to FUD here, and I claim my 50 quatloos bounty.

Either that, or I'm too old for this modern world of .NET. When I was growing up, I distinctly remember everyone I've ever respected in the field of computer security - from my high school "computer programming" teacher who let me h4x0r the school assignments assembly, to the BOFH at university who let me run "crack" distributed-style on the school's shiny new Sun workstations because I was nice enough to ask him first, to my cow orkers, all saying "Never use the same password for more than one system, because if one system is compromised, the other ones will be too".

So don't use Windows.

This technique works great for me.

Also, you don't need MS's development tools to do Windows development.

You can use the (free) Cygwin/MinGW32 or Borland C/C++ compilers if you like.

You can use any of a plethora of non-MS languages, like Java, Perl, Python, Delphi and lots of others.

QT, GTK, wxWindows are all good, cross-platform toolkits for Windows, your comment about needing Windows development tools to develop on Windows is plain wrong.

I'm not denying that MS tools are the most widely used and convenient tools to use for M$ development in an M$-only environment, but to say you have no alternative is just plain wrong.

What youre complaining about is the fact that your employer requires you to use M$ tools.

So get your employer to get a single Passport and then all developers at your company use it. When you perform work for your company, you represent that company, not yourself personally.

M$ is free to use any authentication scheme it likes with it's web services.

Its not news that M$ is a giant corporate entity that abuses its monopoly power to screw the consumer and lock them in so it can keep screwing them, but you have, and always have had the choice not to use their products.

Why is MSDN using MS authentication service bad?

in order to get special developer downloads, I will have to have a Microsoft Passport account.

Maybe I'm missing something, and I'll get flamed to hell about this. Why is this a shocking or bad thing?

Before, in order to get special developer downloads, you needed an account with some other Microsoft Authentication service, right?

With this announcement, you need an account with some new Microsoft Authentication service.

Why is a Passport account so much more horrible then the old-style MS Authentication service?

MSDN is a division of Microsoft. It's pretty expected that a large company like MS would want to use a centralized authentication service. It's not like MS is using some strongarm tactics to muscle some non-MS business to use the Passport service (At least, not in the MSDN example).

You don't need to login to the subscriber site

I just want to clarify that you don't need to log into the Subsrciber site, just the Subscriber Downloads site. I just verified this by looking around the MSDN site on a computer I just loaded yesterday. That way I was sure there weren't any cookies floating around from my previous visits allowing me to reach places other couldn't. I could look up info in the documentation, and even look at what software is in the latest MSDN shipment. What I can't do is download software from the subscriber downloads. The subscriber downloads is where I can go if I want to download an entire copy of Windows 2000 Professional. If you're a member of MSDN, they send you the stuff that's on the subscriber downloads on a CD or DVD. The subscriber downloads is a convience in case you need it before you get the CD, or you lose that CD among the hundreds they've sent you. I have only very rarely used the subscriber downloads myself.

As another note. You used to have to log into the MSDN site and fill out a little questionaire just to access the documentation. In this respect Microsoft has gotten better at respecting thier customer's privacy.

This insn't the MSDN docs, you can get those

THIS IS NOT THE MSDN DOCUMENTATION! IT'S THE MSDN DOWNLOADS! Sorry to shout, but I get irritated with all the FUD that gets spread on Slashdot about issues like this. I realize it's unintentional, I sincerely doubt that Taco has a MSDN subscription, so he doesn't know that the Downloads page is a seperat thing. The Downloads page is where you can get the latest updates and patches to MS products, before you get the CD in the mail. MSDN sends out quarterly CDs with all the updted documentation, and any new software that you receive under the MSDN level you signed up for (and are paying for). You also get interm shipments, often on a monthly basis, of software that MS ships between quarterly releases.

As for developing with Non-MS tools, I'm sure it works great for applications, but if you're developing device drivers, you pretty much have to use Visual C++. I've heard of people trying to use other compilers, but I haven't heard anyone say they've had a lot of success.

Re:In the words of Hal Hoffenkamp: Uhh.. no.

FACT : They own the information.
FACT : They can choose whether or not to share it with you.
FACT : If they choose to place conditions on any sharing which may take place, you can either accept the conditions of p*** off.

If microsoft decided that only people who sent in a photo of themselves covered in lowfat mayo were allowed access to the MSDN site, that's totally within their rights. Sure, I wouldn't want to be working in their mailroom, but it's totally their right.

What's the fuss?

Yeah, I didn't want to sign up with Big Brother's Universal ID system either. I never liked tattoos, especially on the forehead. At first, I hated it. But then I started discovering all the wonderful things it let me do. Whole new vistas opened up before me. Now I don't have to carry a wallet anymore. Whenever I need to prove my identity, or charge something to any of my credit cards or debit accounts, I just do the old Kung-Fu thing and slam my forehead down on the sensor. The first time I did that, I got a little carried away and actually broke the poor thing. Gave myself quite a headache too. So now I take it a little easier. Yeah, I know in theory every fact about my life, including my current GPS position, is on file on a server up in Washington State, but I've gotten used to it. Life is just so much easier now that I've got The Mark.

Don't worry. You may not like the idea now, but you'll be one of Us soon.

FUD me harder /.

Microsoft is simply doing what most companies that own several online properties have been flamed for not doing earlier. Why should I have several logins to a service run by the same company? (The original poster failed to mention that you already need a login to the MSDN subscriber site, the only new thing is that the login now goes through passport).

I don't remember references to World Domination (TM) and Revelations when AOL required me to get an AIM user ID once they purchased Netscape. I also know lots of people who complain about the fact that ICQ and AIM don't interoperate even though they by the same company. Quite frankly, the less logins I need to maintain especially to websites owned by the same company, the better. Does CmdrTaco also complain about the fact that Yahoo Mail, Yahoo Finances, Yahoo Groups (formerly eGroups) and Geocities use the same ID?

This is probably one of the bigger non-issues picked up by Slashdot in recent history. This of course, makes more serious allegations become overlooked when there actually is something to complain about.

--

Re:It's either forced compliance or forced lying

The passport need only be linked to your developer account. You DO NOT need to supply any ID for the passport except (if I understand right) country, zip, age, and gender. It also does not have to be the same passport that you use for personal web use.

PASSPORT IS JUST A SECURE ID NUMBER THAT MS CAN TRACK YOU BY.

This given, fill out the passport page with the EXACT SAME info that is in your MSDN subscription. Now the Passport ID will match the MSDN subscription. You will be 100% compliant and not have given any personal info that you hadn't already given.

Basically MS wants to have a single infrastrutcture for indentification. That does not mean they need a single ID for each user. It is so much easier if every single site that MS owns can have its data stored in the same way and identified in the same way.

Basically this is a privacy non-issue because you have already given MS the info for the MSDN subscription and that is ALL that needs to be transfered to the passport. Bam now 2 ids say the same thing. Eventually MS will discontinue the MSDN subscription id and the passport will be all that points to that MSDN account. Quit spreading fud and start looking to understand what is necessary.

Also quit bringing up the whole lieing issue because its fully unecessary to lie in this situation.

Main remember that its not 1 passport per person or 1 person per passport. Its just an id number like the one you used originally.

Erm.. you don't get it, do you?

MSDN subscribers have to login to get to the download section. So you have to store your credentials, online ID etc. at a Microsoft server. Now they want to change that to their own Passport service, which does.... exactly the same: store credentials like online ID etc.

What's the big f*cking deal? Both are Microsoft servers, both do the same thing. And before anyone is crying along, people who want to customize their MSDN site, already HAVE TO register with passport since last year.

Anyway, it's for access to microsoft software, to download that software. Hmmm... Sounds like an interesting topic for an open source developer, not?
--

So you lied to your creditcard company too?

Ever wondered why creditcard companies give out cards without asking for massive amounts of cash on your bankaccounts?

Exactly: they track whatever you do with the card. Build databases with it, run OLAP queries on it. But you did know that, didn't you? So when you wanted a creditcard, you lied with bogus information so they couldn't use the info they gathered from your usage of the card. Oh wait, then you can't succesfully USE the card.

I don't get it when you complain about the passport account you have to create, when you get the MSDN cd's mailed to your doorstep and had to pay for these cd's with probably that creditcard mentioned above. What do you think will happen when you give out REAL information? Will they kill your family ? torture you to give them your creditcard? No. Just less than what happens when you purchase something with your creditcard at wallmart.

Think about it.
--

Re:If it's for your JOB use JOB info.

So use your JOB info. What is there to 'compromise'?
...
Why do you care that MS wants your non personal info?

The problem is that Passport will collect your surfing habbits, no matter what "non personal info" you give them. At some point, you will give some real info to a site you didn't think was associated with Passport, and boom.
So you need very good control over your cookies. Usually, they are associated with the user (on the client machine). Meaning you have to use a different local account to surf Passport-sites (or at least MSDN), or a different browser. The latter is probably the easiest as Microsoft's sites usually "works best with IE", and nobody uses IE for real surfing, right? :*)

M.

I swear I read about this somewhere else already..

Oh, that's right...

"And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name."

-Revelations 13:17

$300 dollars isn't that much

When you consider how much you pay a programmer in one week.

Trolls throughout history:

Taco's a bit paranoid...

First off, MSDN downloads are a subscriber based service -- they've got to keep track of subscriptions somehow! And Passport is MS' new cross server identification system...of COURSE they're going to want to use it. I wouldn't want to have a different password for each server in the apple CVS network, and the same goes for MS' web services. They HAVE revamped the license and it's not nearly as serpentine as before.

But that doesn't stop you from using your ultimate response to any and all registration systems: lie. Lie as much as you can! Lie discordantly! Click female sometimes, male others, enter your race as an albino nepalese scotsgaelic neanderthal from northern Peru, and by all means give them false contact information. If we want to avoid the possible ramifications for misuse of our personal information, then we've got to give false information. Don't be a demographic, be ALL demographics! Nobody said you had to be truthful when asked a question. If MS needs your real name and real MSDN subscriber id, give them...but everything else in your passport should be clever fibs, abominations and halftruths. I like to build unflattering portfolios of people who bug the shit out of me at work.

After all, it won't take much worthless information for MS to drop this whole shenanigan and go to something useful (like an incredibly lightweight key based system...let's introduce PKE to the masses). Marketeers always get theirs in the end when they promote something this annoying...hence, the dotcom bust.

Look at it without the anti-microsoft glasses

Microsoft is licensing VERY CHEAPLY their development and office tools and a huge database of technical information. Of COURSE they have a right to know the information about the person to whom they are sending this software.

But as for the reference tools, that IS all available free, without having to log on via passport, over the web.

What isn't told is that if you are a subscriber of MSDN, you already have given them your information when you sent them your check. As for employees having to divulge your information, big deal. I have to do that all the time. I give my company address and company phone number and nothing else.

Let's keep this in perspective please and not have "the sky is falling" rants just because the person doing it is microsoft. There is no effective difference between logging in via Passport or directly to their websites. They could share the information either way. Again, let's keep perspective. Try downloading something from Oracle, Sun, or Sybase. Each time I've downloaded from one of these companies they've wanted information.