Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Windows ID 338

Igor wrote in with a link to a San Jose Mercury article about the discovery of the "Windows ID", and claims it "has been quietly used to create a vast database of personal information about computer users." It seems Windows 98 and other programs, like Office, embed a unique ID based on a MAC address into every document created (Office), or even submit an ID unique to a user during Windows Update (where it specifically says Microsoft will not send any information like that). The Intel thing never bothered me too much, but I'm not so sure about this...
This discussion has been archived. No new comments can be posted.

Windows ID

Comments Filter:
  • Slackware installs with a /var/spool/mail/root that has a couple of messages in it. It doesn't *really* send you an email; you can verify by installing off a network. Email is still there.
  • Why does /. post this irelavant article? Am I to believe that Justin is implying people actually still use Microsoft products? If so, poor suckers.

  • by bram ( 490 )
    I get word documents all the time at work and need to use Word to read them and write new ones. It is a company standard and I MUST use it.

    What's wrong with using StarOffice?


  • You know, it'd be interesting to have the setup
    programs for the different distros have an option
    to "phone home" -- give us some idea of a census
    of the Linux comminuty. I wouldn't dream of it
    being this sneaky and underhanded, but I can't
    imagine why I *wouldn't* want to be counted in
    such a way.

    At the end of the install process, just say
    something like "We are trying to get a reasonable
    count of how many people use Linux. To be counted,
    say "Yes" here. We won't keep any other info than
    which IP you're at and what distro you're using."

    I don't see anything wrong with that, so long as
    the terms weren't violated.


  • Do they? In America that question is still open for debate. I know how I feel about it, but there has been no really strong legal precedent set.

    However, if they're selling these products and collecting this information in Europe, then they're in violation of several countries' privacy laws. People really need to get over thinking that just because Microsoft (or any other company) sells you some software that they have the right to tell you what to do with your computer or collect all the information about you that they want.

    It's a weak mind indeed that falls for their "it's just good business" BS.

  • I always like to draw a parallel between Bill Gates and Steve Jobs. They both want to be in control. They both want to be on top. But Steve Jobs wants to do it to prove he's better than everyone else. If he doesn't do it by being better, it doesn't count. Gates, on the other hand, just wants to be on top and doesn't care how he gets there, as long as he gets there.
  • The company said it will alter the way the registration process works in the next maintenance release of Windows 98
    What about '95, NT, and existing '98 customers?
    Moot point: they will alter it by sending the ID _twice_ instead of once. That constitutes altering it.

    the company will create a software tool to let customers clear the ID number from the Registry
    So it's an opt-out. Chances they'll publicize this "tool"?
    Again, you're thinking small: says they will create it, nowhere does it say they will _distribute_ it, does it?

    "If it is, it's just a bug," Bennett said. "If it is indeed happening, and we have testers working this weekend, we'll absolutely fix that."
    It's a "bug" that information is included in the documents?
    "Just" a bug. Also, I deduce that MS testers don't work weekends ;)

    Bennett promised that Microsoft also will wipe any of those numbers from its internal databases that the company can determine may have been inadvertently collected.
    "can determine"? "inadvertently"? This is probably sufficient qualification to avoid doing anything.
    You got it! Since they collected all these numbers on purpose (their war on piracy seems like the most logical explanation for this behavior) clearly no numbers at all need be wiped. None were inadvertent: they meant every one. Maybe it's helping them sue copiers of MS software.

    I know this: I'm warning my workplace about this. We'd best not take any chances, and if that means doing without, maybe we'd better do without. It's actually pretty funny- I'm the guy who's been swearing up and down that Intel PIDs are not for individual tracking, but for asserting that the chip is not a Celeron or AMD (I am PIII! 'You may pass'). And suddenly, here MS is, actively doing the very thing Intel was only suspected of trying to set up to do (and far less effectively, to boot).
    _This_ is what people were flipping out about, and it's bizarre that they originally saw this behavior in a CPU ID which is only good for intentionally limiting compatibility and forcing monopoly of Intel chips in the long run.
  • This slashdot poster has four various Macs at home (only one is serious, the others are bitty boxes) one of which dualboots linuxppc... but!
    I do tech support at a computer repair place, and though I am a Mac tech, we totally depend on two Windows boxes. One's out front as a financial records keeper and answering machine, and nothing is ever done to it- the one out back has drives and stuff constantly thrown at it in the course of repair work, and consequently gets reinstalled a lot. Both are connected to the net...
    It doesn't matter that we can't trust MS. We still have to use it to fix other broken MS stuff: maybe the front box could be a Mac or Linux machine (answering machine software with caller ID anyone? on either platf... wait, you can get 'YoYo' for the Mac. But who's paying?) but the back machine needs to run a Microsoft PC setup just to be able to deal in case somebody brings in a winprinter to be fixed or some such thing... so we're vulnerable.
    We had better do without, and keep an eye on our windows tech- guy is one of those crotchety griping jovial characters who clearly does not _respect_ the MS license agreements if he thinks he can get away with ignoring him- and he could be putting us in danger by pirating stuff internally. I will have to ask about that, ask whether he's been doing that for anything.
    Interesting world we live in, no? Wonder if we got sued, would they let us off with a slap on the wrist and a legal contract to get rid of our Mac, never do Mac repair again, never make a Linux box and in general become an exclusively MS shop?
    As a final note- they must have repeated copies of our information, because W98 hates most hardware, and we've installed it on hardware it hates _many_ times... *install install install* the 'doze guys get real grouchy and aggravated at the way the quality went downhill so much...
  • "Why would you want to run Photoshop when GIMP can do all that photoshop can?"

    Bollocks ;)
  • ...for their own use, telling folks they aren't there. If people buy 'em, it's their responsability. Right?

    Making software that sends information without permission is every bit as morally wrong.
  • Note that I specified that they deny the existance of the aforementioned devices; It can thus be assumed that they're not used in providing services.
  • by cduffy ( 652 )
    Excellent argument.

    Been a while since I read "The Dead Past". The point of gov't intervention, as I understood it, was stability of society -- as such a complete removal of personal privacy would completely destroy it.
  • At the moment, we're under an acceptable government.

    Not everyone always is. There've been folks who've needed to use the strong crypto you anti-privacy types attack to hide lists of folks participating in human-rights protests or other Good Things. There are times when privacy and crypto are good and neccesary, and just because we have it good right now and don't need them doesn't need that we won't 10, 25, 50 or 100 years down the line.

    On principal, the empowerment of the individual is not to be questioned. Privacy is an important part of that empowerment.

    And anyhow, "they" can't trace all cash by fingerprints; It's logistically impossible (where do they do this? Banks? Where do they get fingerprints of folks who don't get arrested?). I'm not advocating unreasonable paranoia.

    And does Microsoft HAVE TO keep track of who made each document? I sure as hell think not. You can use RTF or something of the like on all docs you save (and read Word docs just fine). All your word-using friends will be just fine.
  • ...are best handled by LaTeX. Really -- its formatting is just beautiful, and LyX makes creating 'em simple.

    And a postscript document can hardly be messed up at all on the other end; Your docs are safer that way than as word docs (where the right fonts may not exist on the other end or they may have an incompatible version of Word).

    Btw, what is it you folks do using NT at work? Development? You could try developing your Windows apps with winelib (unless they make you use VB... ugh!) and be able to ensure that your company's product'll run under linux while getting your work done. Or word docs? Save in RTF (or in Word format without QuickSave) and StarOffice/WordPerfect/Whatever should do fine.
  • ...at least they don't deny this. And there are alternatives which are far less incompatible.

    I CAN have privacy in my transactions with Average Joe Vendor if I want to. I can't have it with Average Joe Word User if he insists I create my docs with his app.
  • Word (or WordView) will run in Wine well enough to do any test views.
    Anyhow, I don't advocate this; In the case of docs that are just going to be turned in with no furter editing, PostScript's better.

    I'm a poor student. I don't have two computers. I can't afford Photoshop and don't need anything so professional. And I'm very, very happy with the apps I use (PINE, gtkICQ, Netscape -- though I don't need to do any stylesheet stuff, LyX WP or SO depending on the job). And I run three servers in the background. If I get one Windows app, no way in hell I'm buying a copy of Windows, repartitioning, etc to be able to use it. So finding ways to work in a 100% linux environment works for me. If it doesn't work for you, fine.

    So where do I lose time? I DON'T. But that's not to say that there may not be situations where it's elsewhere; I work w/ plenty of folks who run Windows and don't advocate that they switch unless they do development or server work.

    Sorry 'bout the rambling form... I'm somewhat tired.
  • And, as I pointed out earlier, there are ways around this (WP8/SO's conversion w/ WordView to verify, for instance).

    Anyhow, I didn't go saying "Using NT? Evil! Switch to a pure linux system!". I simply pointed out ways one could do equivalent work with a pure linux system, opening new options in his decisions regarding which OS to use for what jobs; I didn't say any other options were invalid.

    I can understand/appreciate the rant, though. I would be rather annoyed by someone advocating that I use FreeBSD for my word processing, even if they were right about it being better for my servers.
  • Posted by Mr. Assembly:

    A wise person (somebody tell me who please) once said that people have a good reason for dong things, then they have the REAL reson.
    Why do I feel like I been fed the good reason here?
    I really hope that the WINE project will reach maturity so that we can junk this ID shackle, and the Microshift ball and chain.
    You know it's not one reson why I am moving to Linux, it's about a dozen now and counting....
  • Posted by Mr. Assembly:

    A wise person (somebody tell me who please) once said that people have a good reason for dong things, then they have the REAL reason.
    Why do I feel like I been fed the good reason here?
    I really hope that the WINE project will reach maturity so that we can junk this ID shackle, and the Microshift ball and chain.
    You know it's not one reason why I am moving to Linux, it's about a dozen now and counting....
  • Posted by Stephen "The Carp" Carpenter:

    About a year and a half ago I got a
    computer problem call set on my desk with
    the words "Grant Pending" written on it.

    I rushed out to the site to find a Doctor
    had been saving his entire grant proposal
    paper on 1 floppy disk in a word file and been
    using fast save (as it is enabled by default)

    The file was corrupted. Word refused to open it.
    I grabbed notepad and opened it and said 'Voila'
    He was so happy to see his document back...then he
    realized that it was 2 weeks old! he had been
    working 10 hour days for 2 weeks and all his
    changes were gone!

    The man then proceded to practically break into
    tears. Ever since I have turned off fast save
    on ever computer I see.

    Sure this guy was stupid for saving all his work
    on 1 floppy with no backups but...if it wasn't
    for fast save...I may have been able to recover
    most of it.
  • Posted by Mephie:

    Ask your ISP really nicely to burn it on cd for you, ALOT of ISP's have burners and most local ISP's are pretty keen to your needs. And if that fails, buy one of the midnight techs a six pack. =)
  • My main objection to this claptrap (from both MS and Intel) is the fact that it is built on the assumption that there is only one user per computer. If someone uses the same computer I do, I don't want his ID and his log trail attached to me.

    This kind of assumption might be defensible if MS were to finally come out and admit that its Windows crap isn't really multiuser at all. It's assumptions like this on their part that run contrary to their claim to be 'mutli-user'. (With Intel's PIII ID it's even more annoying than the Windows ID, because putting the ID the CPU starts to affect real multiuser systems like Linux too.)

    Don't let them spread the myth that workstations must be single-user. Letting that myth take root will kill one of the things that makes Unix better than the rest.

  • Since I first installed Slackware, it's always sent mail to root imediately after completion of installation. What was the message? Please head to the Linux counter and add this machine.
  • That's what is so cool about Open Source, everyone gets to see what da hell is going on in the code under the hood . . . When we were developing Cytlok and working with VxD (Virtual Device Drivers) and wrapping around the File System and the TCP/IP stack . . . NOTHING is documented, you can't get it from Microsoft either!

    That's what is so scary, and let's talk about Easter eggs, when you have a Flight Simulator in Excel, and a Pinball game in Word, when triggered by a sequence of keystrokes (which in definition is called a Trigger Virus technically), no telling what else there is !

    Who knows what else is in there, a key sequence to delete all .dlls ? Delete all Word docs ? Transmit all excel files to ftp.microsoft.com ?

    Is it probable, NO . .is it possible YES !
    This is definately NOT FUNNY, but at least NOW we are talking about CLIENT/WORKSTATION security that has been LONG over looked.

    (This is the inspiration for why me and Protocol created Cytlok)
  • I suppose you naturally wouldn't mind registering your ballpoint pen and having microtags suspended in the ink? Perhaps you would also like to have an id system built into your pants? After all, they made the pants, they have a right to know where you wear them.

    They have a right to know who bought what from them, and that's it. What you do with it (as long as it isn't piracy) is none of their business.

  • O.K. let's put it this way. You are sitting in your living room reading a book. A book which is widely recognised as a good book. It is not the least bit controversial. Absolutely nothing wrong here.

    Now, someone you don't know pulls a chair up to your window and proceeds to stare in at you while you read your safe book. Do you mind?

    If not, you are in a minority.

    Then, there are cases where your activity is legal, perhaps even legally mandated (such as blowing the whistle on government corruption). Unfortunatly, if the document is connected back to you before the corruption is halted by authorities (consider that the corruption may be in local authorities) there could be serious negative consequences. I'll bet you'd like some privacy then.

  • It isn't hard to create an ID which is opaque, says nothing about who created the object, and is still guarenteed to be unique.

    For example, $id = MD5(Date,Time,Pid,MAC,AppID,Salt):
    It won't be repeated for a very long time, yet because of the one way hash, it says nothing about you.

  • Anything that can't be edited with a texteditor
    should be banned! :-)
  • COM/DCOM is based open the OSF's DCE RPC when calling remote objects. Objects are identified using a Globally Unique Identifier (GUID), which usually is a fudging of your MAC address + a timestamp + some randomness.

    CORBA does this too, though in a slightly different way, (plus it usually hides its unique identifiers from the end-programmer through a persistent name that's called through a COSNaming service, which is why its a lot less clunky to use than COM).

    MS did not do this intentionally to 'track' people, it's a way of insuring uniqueness in a theoretical "universal distributed object" namespace.

    For a bunch of technical people, I'm surprised you guys don't see the logic of this. Did you even read the whole article? It was pure FUD - the quotes in the article were totally uninformed about the real use of these GUIDs.

    Sure, it's kind of annoying, and I'm in favor of a better uniqueness algorithm that DOESN'T use my MAC addy, but this isn't something to get totally worked up over - MS will fix it (they have to, or it'll be a PR nightmare. Try explaining a GUID to a cluebie.)

  • Office documents use the COM structured storage API to save info, from my inderstanding, so essentially, a doc is a serialized com object.

    Of course, if this is wrong (which I doubt), you have a point.
  • "no technically valid reason"?

    Again, it depends how they store the document. I think it's done through a COM-oriented API, which would explain the GUID. Microsoft likes COM-everything for some reason, even if COM is ugly.

    I agree there probably is a suitable alternative, but you're making a very large, illogical leap from "bad technical choice" to "tracking piracy".
  • you're quite right, and it probably would be a better solution, but as I said, GUIDs are 'historical baggage' from DCE RPC...
  • 'technical squarmish' ?

    clue: http://msdn.microsoft.com
    read "Structured Storage" in the Platform SDK

    then come back when you have a real argument.

    info is sent to MS during the Win98 registration. CLUE: a GUID is a unique identifier - WHY NOT USE IT to identify a person who has registered, as in a DATABASE PRIMARY KEY? Gee.

    The concern is that it may not have been the wisest privacy choice as it's tied to the MAC address, but my point is that it was a technical decision. If MS were "really" using it, why would they say "oh we'll just purge the info out of our database".. Gee, sounds like it was a relational database ROW identifier to me....

    Oh wait, don't tell me you don't understand relational databases, either?


    I *DO NOT* like Microsoft, but I dislike bullshit FUD a lot more.

  • oh, I give an answer that you don't understand and I'm billed an arrogant computer geek. how wonderfully childish.

    what arrogance? i said I could be wrong. I seriously don't know if office docs use com structured storage - I think they do, otherwise you couldn't save compound documents.

    i'm speaking in the language of the facts & if you can't deal with it, stop spreading your bullshit fud.
  • Btw, what is it you folks do using NT at work? Development? You could try developing your Windows apps with winelib (unless they make you use VB... ugh!) and be able to ensure that your company's product'll run under linux while getting your work done.

    This "everyone MUST use Linux for EVERYTHING" attitude is really starting to bug me. If I'm developing projects that are meant to be deployed on NT systems, you'd better damn well bet I'm going to be developing and testing these things on NT. It's significantly easier and more productive for me if I use existing established tools under NT to do this task than to resort to using experimental, support-less OSS tools under Linux.

    And despite what you may think, SO's RTF/Word format is not always perfect. I've come across quite a few inaccuracies when viewing a document cross-platform. This means he will be required to write his document in SO, reboot to Windows, "test view" it in Word to be sure it's right, make any corrections, and only then send it.

    Or, you can reduce this time-consuming document creation steps to just two: Write it in Word for Windows, and then send it.

    Let's face it, folks: Linux is useful for a myriad of tasks, but when you're working in a Windows environment or need Windowscentric documents, it's a WHOLE LOT more convenient and efficient to just do it in Windows. I myself have two computers at home, one Linux and one Win98. Since I do a great deal of stylesheet work on an Intranet, I use IE as my web browser (since Netscape's handling of stylesheets is far inferior, and ngLayout is not ready for real use), Word as my word processor, and Photoshop5 as my graphics app. I run an X server under Windows where my Linux apps appear, and occasionally I'll move my graphics over to the GIMP since the GIMP is easier to use for a few types of effects. I use IRC in an rxvt window, Windows ICQ, mutt for my e-mail, Outlook Express for newsgroups, etc.

    All in all, I think I have it easy. I get to use the real productivity workhorses from Linux alongside the good Windows apps. Yes, I effectively have to reboot once a week or so, but I think that more than makes up for the amount of time I've saved.

    Using a 100% Linux environment in many cases can be JUST as time-draining and inefficient as working in a 100% Windows environment. Educated people know to use the best tools for the job, and don't get involved in all of these stupid "everything MS is bad, everything linux is superior" arguments.
  • I noticed Microsoft is suing a lot of companies these days for pirating their software ... how do they know?

    Because someone tipped them off, they did some investigation, and then filed a lawsuit.

    Anyone that thinks that Microsoft somehow used this GUID information to determine who has registered software and who doesn't, and who to go suing is just an easily-frightened, paranoid sheep. What about those organizations that buy 10 copies of Windows but only use one CD/key to install on their workstations? To my knowledge there's nothing really wrong with this, yet your alleged GUID abuse would point to these guys as being evil, yes?

    Think about it. The ID was only sent as part of the online Win98 registration process. The odds that you are even affected by this are remote.

    Stop believing everything you read in the media (or on Slashdot) and learn to think for yourself. Get educated about the facts behind this matter before you go off spouting nonsense.
  • If you're right, Micros~1 is criminally negligent in allowing this privacy bug to slip out the door.

    They broke no laws here. Your entire argument is flawed. I really feel like a dirty bastard having to defend Microsoft here. I don't care for them any more than most of you do, but when people don't seem to care that they don't know SQUAT about the issues at hand, and only want to jump on the "Microsoft is evil" bandwagon and start badmouthing them, I feel I need to step up.

    The GUID is only sent to Microsoft as part of the online Win98 registration. If this applies to you, then you've ALREADY given MS your name, address, etc. along with your IP address. The addition of a GUID perhaps allowing identification of your MAC address (which is all but useless to MS) and generally just being a unique ID doesn't necessarily degrade your privacy any way.

    Yes, it does seem suspicious and odd that this information would be required and stored in Word documents among others, but you should at least open yourself up to the possibility that there IS a logical explanation for why it's there, and I sincerely doubt that explanation has anything to do with violating your privacy or tracking you down.

    Stop being an uneducated paranoid slashdot sheep and think about this for a while.
  • Do you have ANY idea what you're talking about here?

    The only reason for this is so that Microsoft has hard evidence of piracy of their software.

    How in the WORLD can this be used as evidence of piracy? Do you have any idea how many people and organizations buy 3 or 5 or 50 copies of software and just use the same CD/key to install it on every machine? To my knowledge this is perfectly kosher. What about someone installing Win98 on their PC, selling that copy of Win98 to someone else, and having that person install it on *their* PC? There are a million examples like this that totally shoot down the idea of this GUID being able to identify software pirates. If Microsoft were really tracking this information in some sort of piracy database, they would have to spend a LOT more time investigating the discrepancy than you'd think, and in most cases, it simply wouldn't be worth it.

    Your argument is basically the same as the one dealing with Intel's CPU ID mechanism and software piracy. The whole idea is totally absurd and impractical.
  • They don't have to follow up on it (or even track it for that matter). Just knowing that the capability is there cows corporate customers into diligently keeping their licenses current.

    And this is bad?

    Firstly, I don't know about the types of places you work, but the corporation I work for has valid licences for every piece of software on every system. If unfounded fear (paranoid stupidity) in the minds of managers and administrators is really a factor here, while I'm laughing my asses off at these people, I don't see it as a bad thing at all.

    Secondly, saying this whole PR mess is a plot by Microsoft to instill fear in the big corporations who are allegedly pirating thousands of dollars in Microsoft products is just silly. It really disturbs me that so many people actually think along these lines. I guess maybe when you end up with a real job in the real world and deal with real companies and real tactics and real technologies to solve real problems, you'll start seeing what's really going on.

    This is all paranoid silliness.
  • Anyhow, I don't advocate this; In the case of docs that are just going to be turned in with no furter editing, PostScript's better.

    This isn't always acceptable. If they're asking for it in Word format, they probably have a reason. Chances are, they're using a Word file viewer to browse through each document. When they come up to your Postscript file they're going to toss it in the trash can and give you an F for not following directions.

    I'm not saying my specific (2 PC's) is appropriate or even desirable for everyone. I'm just saying you should let people use what they need to use. I don't recall hearing the original poster say he wished he could do all of his work under Linux, yet it was implied that he was foolish for doing his NT development under NT and experimental Linux alternatives were supplied.

    Now, granted, my rant was more generic and was more or less against "everyone" that has this "Use Linux for Everything" attitude... Your post was just the one I broke down and chose to reply to. Nothing personal.
  • Because when you then need to throw something into Premiere, it's a lot easier not to reboot.
  • If you use smail on a Debian system, the configuration script already does this. After smail is configured, it asks the user if he would like to send a test message to the Linux Counter project. If you answer yes, Linux Counter++.
  • whoa. careful there, you might start a panic. (Or throw another stick on the ignorance fire.)

    Slackware sends an email from Patrick Volkerding to root when installed, and asks very nicely for the newly-rooted to visit the Linux Counter and register.

    It does not "phone home" all by itself.
  • Here is something even more scary...
    There are these wonderful things that you can use to purchase things without money, I believe they're called credit cards. Anyway, you can buy stuff over the internet, or from the local store, or even of TV Informercials. But then they keep track of where you bought stuff! Good GOD! And for about 7 cents a piece companies can buy 4000 pieces of information about from places like Experian. You have no privacy. Deal with it, okay?
  • Its not that much of a different issue. They both are used to track what you have done. Using a credit card I can track your movements around the country and personal habits. Using the windows thing I can track what you have written. If anything, the credit card thing should scare you more because its easier to get access to.

    Also, I was not reffering to storage of credit card numbers. Thats a completely different thing.
  • and Caldera hit them with a big lawsuit over it.
  • Blizzard got in big trouble for doing this.
    Class-action suit anyone?

    Just wiped out my last Windows box :-)

    As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
  • Aside from the legal issues, how many people do you know that really like their movements tracked?
    How many folks would stop using MS stuff RIGHT NOW if they knew? 30% More?

    As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
  • Yes. Let's all take some soma, and get over it.

    Leave the thinking to the Alphas, they are so frightfully clever!
    I am glad I am an Epsilon-minus semi-moron. Operating elevators is where true joy lies!

    As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
  • Ever see his deposition?

    Gates has a strange habit of curling into a fetal position and rocking back and forth when he gets nervous. They say Scott McNealy always has this effect on him.

    The only other people I know who do this are paranoid schizophrenics.

    Then of course there's the story about the $.50 coupon.
    Bill was buying a carton of ice cream, and held up the line for a solid 15 minutes while he searched for this coupon. A guy behind him in line gave him $.50 to move him along, and Bill took it. This would be unremarkable, except Bill was already worth several billion at the time.

    He took the money. Who does this. Small children, that's who.

    As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
  • All true. More recent versions do not have this "feature"

    As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
  • Robert X. Cringely relates this story in his book "Accidental Empires". If its a UL, it's a good one.

    As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
  • I bet they look for Warez d00ds with it.

    It would be nice if they hunted them down and prosecuted them; however, I think it is much worse. Does the typical company use Microsoft software? Is it all properly licensed? Shareware registered? They can build a database and calculate the top violators for the so called Microsoft/SPA raids. Ever wonder why so many companies so easily fall for a Total Microsoft Solution after a raid?

    Do not use improperly licensed software. It gets expensive if you are caught and coerced into a "settlement."

  • However, will say that I have been used many illegal copies of Windows for some time.

    I have every right to report your unauthorized software to the SPA and Microsoft. They have every right to prosecute violations to the maximum extent of the law. If you cannot pay the price, you will be doing the time.

  • ... is GUID embedded in every word/excel document?

    I'd love to see the memorandum or directive that specified the code for these programs to put the such information in documents. This was most likely a coordinated effort that required planning that came from a person. I wish this would be brought to trial and have the documents subpoenaed. Microsoft set a precident for getting documents to subpoena the bad-attitude list from Netscape and this should be no exception.

  • According to the article, the ID can only be generated when your name and a few other serial numbers are combined together.

    Well yeah, what's the sense of transmitting the database before any apps are installed. It waits for a few serial numbers are entered, then the missile is fired.

    For M$ to have your name, you have to have registered,

    The whole point of putting personal information in all those little boxes. Suppose you do not put your personal information and something else in those boxes. They may get an IP address with your name on it anyway! Surprise!

  • Are these IDs being sent to Redmond? Is there any information where Redmond people may read "General X., commander SuperTaskForce "Kamikadze", Room 0, The Hexagon, MAC XXXXXXXXXX". Can anyone else read this?

    I wonder what happened when that navel destroyer got a bad entry in its database and the whole ship was rendered dead in the water. Was there any final IP packets delivered to an evil software company that declared: "US DESTROYER DISABLED, LOCATION: xxxx.xxxx"

  • I wonder if Microsoft can gather enough information from a computer and use it against the onwer in court? Is it legal to get information this way?

    No, it is not legal and not usable in court. That will not stop them from launching a legal investigation from which they may get enough information for a search warrant. Perhaps then they will request to visit your site. If you refuse, you might get a paper signed by a judge forced in your face as they enter your door escorted by the police. Everything from then on is fair game.

    When you violate a license agreement, the software companies ARE the police.

    After that is reconciliation if your credit is worth the time. Otherwise you will be fed to the dogs.

  • I seem to recall that he is a huge fan of Napoleon.

    Which just begs the question: which disaster will be his Waterloo?

  • Consider the behavior of an anorexic, that person is driven by a thought "I need to be thin" that overrides everything - they may look in the mirror and see a bag of bones but "I need to be thin" continues to be their driving goal, they may step on the scale and see 70 pounds but "I need to be thin" pushes them onward. I think for bill gates that thought is "I need to demonstrate that I am a success". Think about it, the guy became exceedingly rich and powerful *years* ago but is still fixated on the thought that somehow, someway someone might come along and take him down a peg. I suppose he feels like without his accomplishments he'd be left with just himself and that is apparently a terrifying thought. You know, MS might well have been able to beat out Netscape by just making a better product but because of Gates' paranoia they had to stack the deck - coerce all the AOL users into using IE, bundle IE with the OS - Gates couldn't leave any possibility that he might not come out the victor. You know, thinking about it there are some scary parallels with Hitler's behavior. Initially he did a great deal for Germany but in the end it was ultimately his neurotic nature that caused his country's downfall. I suppose it goes without saying that history has an annoying tendency to repeat itself.
  • Microsoft already admitted it, you idiot, so there's no need to prove it.

    This sort of knee jerk defense of Microsoft is almost as nauseating as Microsoft's own evil actions.

  • That's all very true. But there's nothing at stake here, unlike the courtroom, and your tone was very annoying, as was the fact that you didn't bother to read the article before taking a (sharply worded) position.
  • by jim ( 3666 )
    I lock the door when I go to the toilet but that isn't because I don't want people I know to find out I'm having a crap...
  • Looks like it might be time to drag out this old chestnut [wu-wien.ac.at] again...
  • A friend of mine told me that when you run a copy of any of their games in Windows and then use any internet gaming features, the game copies information from your registry and sends it to Blizzard. This is just what I was told second hand so it might not be totally accurate.
  • If this was for piracy, it would be in MicroSoft's interest to advertise the fact that they can catch pirates using this. Prevention of piracy is far more useful than persecution after the fact.

    Since they have not advertised this it would indicate the purpose of the ID is something else.

    IMHO, this is just idiot programmers making a mess, not some great plot by the evil Redmond geniuses. In fact I fear the idiot programmers more than the evil monopoly!
  • OK, my question is who on Slashdot is stupid enough to have a PC running a Microsoft PC set up at home (at least) so it can access the Internet? I've felt for years this would be a very bad thing to do. Microsoft has shown for Years that they can not be trusted in this respect.

    1. I work in a small office dominated by WinNT. Our work is not sensitive to the occasional BSOD (as long as we save it often) so we can live with it. And since our work is in WinNT, I need to have WinNT at home so I can do some stufff out of the office.
    2. My university instructors are all using MSWord. If I try to use SO5 to write my papers with charts graphs and pictures, then it would end up messed up on the other end. I can't affort that.
  • I used to be one of the few around here (it seems) that didn't think using Microsoft software was one of the worst things a human being could do. I've changed my mind since reading that article.
    This database -- which seems to already exist -- could have plenty of information about anybody out there who has ever used a recent Windows product. Me being one of those people, unfortunately, this news shocks me to no end. I will not tolerate these "bugs" any more.
    I also find it interesting that they try to point the finger at the Open Software Foundation, saying that it was some sort of standard at the time. That is nothing but bull and a pathetic attempt to save face.
    This could become a very clear argument in favor for using free software. GNU&Linux forever!
  • Actually this sounds almost like the results from network trouble shooting about a year ago. One of the students installed a developer copy of Windows 98 (legally given to his research group) on one of the school machines. He was having difficulties registering with the DHCP server we use. So I hauled up a sniffer and traced down the packets.

    I was very much suprised to find that it sent a number of packets to Microsoft on startup, the oddest of which was a broken IP packet. I felt that this was probably just a debugging feature in the development version. Well it looks like I was wrong!

    Personally, I feel that we should be outraged by this action. The Microsoft Corperation is clearly violating our rights in a way that not even the US government is allowed. Aquiring personal information under the guise of innocent support requirements, is little more that an unauthorized search and seizure of personal property. Should not corperations be held to the same 4th ammendment requirements that our government is? (Last I checked purchasing a Microsoft program was not a warrent to search my hard drive.)


  • I find that really difficult to believe. It sounds like the usual paranoid nonsense I remember from reading alt.fan.bill-gates.
  • > In OSS you can recompile your kernel to get rid of anything that you don't like!

    WorldGroup Manager BBS software. And WWIV as well. Both have/had source code available (with restricted licensing on the modified source, if I remember correctly). I work with a WorldGroup system about once a week - if you make a configuration change, it recompiles the files that are modified by your changes.

    Pretty amazing stuff.

    But I can't give you my WGMAN directory, source included. I can't give you my WWIV source code distribution, however old it may be.

    Back to Windows ( can't run an S3 ViRGE GX chipset #385, oops).
  • You don't get the whole point behind privacy, don't you? Try educating youself on the subject, it will make come accross as a far more intelligent person when posting on subjects such as these.

  • There's another little dollop of code over in Cambridge that can help with this matter:

    ftp://net-dist.mit.edu/pub/PGP/ [mit.edu]

    I spose the bright side to all this is...um, well...I guess there isn't one after all.

  • from

    C.5 Node IDs when no IEEE 802 network card is available
    If a system wants to generate GUIDs but has no IEE 802-compliant network card or other source of IEEE 802 addresses, then this section describes how to generate one.

    The ideal solution is to obtain a 47-bit cryptographic quality random number, and use it as the low 47 bits of the node ID, with the high-order bit of the node ID set to 1. (The high-order bit is the unicast/multicast bit, which will never be set in IEEE 802 addresses obtained from network cards.)

    Let's see, how to obtain a random number, hmmm, a random number generator in the c.p.u. maybe? Where have I heard of that sort of thing lately?
  • For freeware that demands your name and e-mail address, why not use Lucent Personal Web Assistant?
    http://www.lpwa.com/ [lpwa.com]

    Or better yet, use LPWA in conjunction with a web-based e-mail forwarding service or throwaway e-mail account.

    I have not done this with some (I thought) reputable companies, and lived to regret it.

  • right on.

    granted I use windows at work, but at home its a linux only shop.


  • I don't know what the hell you are doing to your documents, but I have tables, graphs, and bitmaps from my scope in all of my lab reports, and star office handles them fine. If teachers are complaining about any type of formmating errors, then use ghostscript to convert the output to a PDF, and then everyone is happy.

  • Frankly, I don't care. They can track me all they want. I also think that, assuming that the article is true, what Microsoft is doing is very underhanded, nasty and reprehensible. It's akin to spying. They should be brought up on this.

    However, will say that I have been used many illegal copies of Windows for some time. Also, their number of users has got rather inflated as I ususally use a different name every time I have to install it - which is _very_ often.

    Maybe it's just to inflate their egos - "The more installs we have, the better our OS is!"
  • Remember some guy writing a scary article making scary predictions how someone would stick a trojan into a program or a patch and then distribute it to others? Remember how most Slashdot readers responded by saying that it's more likely to happen in proprietory software, since noone but the developers sees the source? Here's proof.

  • It doesn't surprise me one bit. I always suspected M$ would do such a thing. Next thing you know they'll patent oxygen and respiration. You'll have to pay them an annual fee to breath.

    "I've got to run some errands. I need to stop my the M$-Bank to get some M$-Money so I can go to the M$-Grocery Store and pick up some M$-Pork Chops."
    Joe Bob, 2003

    I think it's about time someone bomb Redmond.

  • Of course there's a way to disable it... a hex editor comes to mind. Assuming the IP addy is stored as a string, one could change it to a different address as long as it had the same number of digits... Now, which dll's are those?
  • Think about this, the smartupdate HAS to connect to Microsoft.com to do the Update... Duh.. that doesn't prove anything... What would prove something would be to do a sniffer capture and look at the traffic that the dammed thing sends.

    I don't have 98 installed anywhere, but I'm trying to talk a friend of mine into letting me capture his...
  • Short, Sweet, and to the point. I LIKE IT!
  • I can put up with your crashes. I can put up with your bloated programming. I can put up with your slow performance. But I cannot, and will not put up with wrongful and illegal invasions of my privacy. This is not something that you can fix with a patch or a program, Microsoft. This is not something you can cover with FUD. Violating my rights is the fastest way to your inevitable destruction and collapse.

    I am in the process of downloading Red Hat Linux 5.2, and will no longer use Windows on any active internet connections. Good bye, and good riddance, Microsoft.
  • I had DRDOS 5.0 installed and it worked
    beautifully. I needed to run PALASM. It would
    crash if I used extended memory. I was told
    that the program was using some Microsoft
    libraries which were responsible for the crashes
    and I should install DOS 4.0 if I wanted it to
    run without crashing. I kept DRDOS but had to
    disable that feature in PALASM.

    I never used winblows at the time so I wouldn't
    know about any crashes on DRDOS.
  • If PPP doesn't work under Linux you read some
    of the misc HOWTOS and find out which file
    you take of the CD to fix the problem when
    it's not your hardware that's shot.
    With winblows you have to hide the shotgun
    as it would be a bit too tempting. Make sure
    your winblows CD is close by for the reinstall.

    Don't lose the codes. On Win 95 I had lost
    my codes and managed to get a clean install with
    bogus numbers. I don't know if that would still
    work on Win 98.
  • I did read what you wrote but I don't think
    you went thru all the possibilities. I used
    to run Slackware on a 486 and had similar
    problems. I managed to get PPP to work a program
    that generates the script for me. None of the
    ones you stipulate works. I would have to look
    for it and I would remember by the name.
    My modem needed a particular initialization
    string and with \ replaced by \\
    Also my ISP uses pap.
    It took me a long time to get it to work so
    I was using only OS/2 for connecting to the
    When I upgraded to RedHat it worked right
    out of the box with a few clicks.

    Michel Catudal

  • by deusx ( 8442 )
    So many things I could say, but I just have to shake my head at this. Just hope WordPerfect for Linux doesn't preserve this ID.

    Any enterprising h4xx0r want to make a patch to corrupt/obscure/wipe this ID?

    And, seeing the number of scans & attacks hammering my machines on this cable modem network makes me wonder if there's a possible bit of nastiness that could be done by submitting a flood of bogus ID's to MS Windows Update?

    All academic ponderings, I assure you...
  • > At the moment, we're under an acceptable government.

    When you have your car and your house siezed and your children taken away from you because you've been ACCUSED (not convicted) of a crime, you come tell me we have an acceptable government. How about police choppers with infrared units looking for growrooms in attics? How's it feel to live in the land of the free now?
  • Program ... Data ... You say these are different, bwana? How is this? In this land of ours, program is data, document object is data, data use methods to manipulate. data must attach handlers or have name that lists handlers in big hut we call registry.

    Tell me of this strange world where all your data has no name?
  • I've got a thought here.

    What if the slothlike responses we've seen to various security bugs were intentional?

    Wouldn't it be possible that some of these bugs weren't much of a surprise to them, in light of this latest outrage?

    Makes the old 'They're just arrogant & unresponsive to customer needs' seem a poor piece of reasoning.

    Enh, just food for (slighty paranoid) thought.


    My definition of an expert in any field is a person who knows enough
    about what's really going to be scared. --P.J. Plauger, Computer Language,
    Programming on Purpose, p.29, March 1983
  • Ok, you, me, my brother's comp and my neighbor's one...
    Besides they are trying to control the Government also.
    Yesterday I read an article on NT crap security and how the governement institutions are violating rules by installing NT 4 in their comps. The problem was that on one side they wanted to use Office97 and IE on their work. NT 3.5 is the only certified system to go under federal security rules and we all know under what conditions can be set. However in places where Orange Book is law they are using 4.0 _networked_.
    The article had also a reference on the tribulations of a security expert trying to warn about the danger these institutions were falling in. However he was unsucessful.

    The article echoed a suggestion that the US government "was taken hostage by Microsoft".

    Well is this ID stuff a sign of it? Do governmental systems send Microsoft _their_ information? Are people at critical sectors aware of this?

    We may not stop here. Let's think about any other government of any country (ally, foe, whatever). Let's think about such guys like CityCorp or CMB. Let's think about the UN and its branches. About NATO, Pentagon or even the Russian Army. Let's think even about the American Navy and _that_ ship with NT ruling on it... Or let's think about some critical industrial complex like a Oil rig.

    Are these IDs being sent to Redmond? Is there any information where Redmond people may read "General X., commander SuperTaskForce "Kamikadze", Room 0, The Hexagon, MAC XXXXXXXXXX". Can anyone else read this?

    If you don't wanna think so high then let's think about your insurance company.

    It looks like a nightmare coming right from a SF cheap story. It looks like the "Shadow World Government".
  • I wonder the worse. In a future not far away:
    "Welcome to Windows2xxx. Where do you wanna go today?" Uh, well Persian Gulf. Coordinates XXE XXN. "Ok grab a cup of coffee and wait a moment while we are proceeding your request..."
    Meanwhile, somewhere in lost corner of the world, some crazy mojaheddin runs into his colleagues hut and says "Ok Abdullah I just got that damn M$ crap out!!! Let's take that scapegoat of Satan. There's a russian destroyer, also with Win2xxx server ruling it, around in the Red Sea. According to MSWeatherSat, conditions are foggy. Do that and that and let's send USS Yorktown into the deeps of Hell!"
    Like Bond's stories. It may look childish and quite fantastic, but I'm really afraid if something near this may happen somewhere in the future.

    PS: Microsoft's Official reaction:
    It was not a bug. It was a feature. However who cares after IIIWW?
  • But also about privacy & piracy and most worse about confidentiality. Sometime ago I was told of a very scaring episode that happened to one friend of mine. He grabbed a very hot document to be sent to another company. He took Excel and ripped off every highly confidential information which should not, by any way, be seen by their partners-to-be.
    Somehow he decided to look at the size of the document. And the thing look bigger than it should have been. Looked through a simple file manager (not from crappy M$ stuff) and OH WONDER! Everything was still there... Together with his name and a lot of more stuff that pointed to him, his office, E-mail and company.

    This is a well known feature on M$ Oriffice documents. They have produced several patches and SPs that seem to "solve" it. But I have heard of situations when even SPed systems seem to "revive" these features.

    Now add the above story to it, add some imagination, and think:
    Their partners-to-be are a little smart. They get the doc. And they see what they should not know. So they grab the info, _the_ ID and try to dump into this poor guy's comp. Considering that all is run under M$ crap they may have a chance. A trojan through Outlook for example.

    I wonder if in court this doc could have such explosive consequences as to set the whole guilty part over my friend. Maybe he was "offering" his services. Maybe he wanted to put down his company. Considering that some courts hardly understand what's going on here, my friend could have fallen in very big trouble. Just by sending such doc would have given him enough trouble to his sleep. Fortunately a little wondering about sizes, managed him to avoid the possibility of a huge mistake from his part.
  • In a better world wouldn't the title of that article be Microsoft caught stealing personal data and somewhere in the article it certainly should have mused that "if the programmer in Cambridge Mass. had not exposed this functionality it is unlikely that Microsoft would be taking any action".

    Why is the press so damned nimsy-toed?

  • Say, you don't remember that quote by R.A.H.
    about feeding inconsistant data to surveys
    ,questionairs etc ? The idea was to make the data
    collected on you so incoherent that it was useless. Of course that won't work with what
    M$ is doing, but is fun nonetheless.
  • It is a known fact that Bill politely waits in lines all over the Seattle area. In living around here for 20 years in Bill G "central" I never ever heard the story about the .50 cent coupon. Sounds to me that you got caught by an urban legend. ;-)
  • The only people that think GIMP can do everything Photoshop can are people who don't know thing one about Photoshop. Get a book. Get a clue. Come back tommorrow. Thanks.
  • I bet they look for Warez d00ds with it.

    xm@GeekMafia.dynip.com [http://GeekMafia.dynip.com/]
  • I bet they look for Warez d00ds with it. 1st POST!

    xm@GeekMafia.dynip.com [http://GeekMafia.dynip.com/]

The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system.