ml2mst wrote:
> Roy Schestowitz schreef:
> > Opinion: Who wouldn't trust a company that hid built-in spyware on every
> > Windows-based PC in the land?
>
> - snip -
>
> > http://www.eweek.com/article2/0,1895,1974911,00.asp
>
> Nice article, however "phoning home" is a old Windows habit that was
> already build in the Kernel32.dll component of Windows 98 and Me, proved
> by the Sygate Personal Firewall.
Actually, Windows 95 could "phone home" as well. It would send
unidentified encrypted messages to one of a number of IP addresses.
These were eventually traced back to Microsoft. It was caught by using
a Linux firewall and enabling router logging.
> So there is nothing new under the sun, Microsoft just has moved the
> "service" from the kernel component to a more visible user space based
> component.
Microsoft has actually included the provisions for this in their EULA.
In the EULA, you agree to let Microsoft collect information which it
can use for any purposes. Another dialogue asks if you want to be
informed of the services and upgrades which Microsoft find appropriate
from it's probes of your computer.
Microsoft asserts this is essential to help it monitor privacy.
Furthermore, because Microsoft has your consent through the EULA, they
are able to legally forward information they discover to government
agencies, including the IRS, DYFSS, DEA, DHS, FBI, CIA, Treasury, and
Defense department.
The exact nature of the information transferred is highly classified,
and because no warrant is required, Microsoft is simply listed in court
cases as an "anonymous informant". Appearantly they do this without
direct compensation or they would be listed as a paid informant. One
could question whether leiniency in FTC hearings, DOJ hearings, and
other "containment actions" which have allowed Microsoft to avoid
direct confrontations with state governments, as compensation. On the
other hand, this is probably not significantly different than the DA
who drops charges in exchange for information provided by someone
charged with a minor crime, when the information helps prosecute or
prevent a major crime.
> Well, at least it shows Microsoft is redesigning for good or worst :)
Keep in mind that Microsoft has many ways to watch you. If you use
Windows, they can get information there. If you use MSN, hotmail, or
MSN Instant Messenger, Microsoft can collect your mail and anything
else forwarded through your connection. If you visit any Microsoft
sites, including their strategic partners they can give you a spyware
virus that will give them any file they want. If you use Verisign,
RSA, or Thawte Group SSL certificates, they can get the symetric key
required to monitor the link. They can also decrypt the link if the
traffic flows through a Microsoft router.
There are some strange coincidences. It appears that a number of
important PCs were tapped in the manner described above (cannot prove
it was Microsoft though). These included an Al-Queda leader in
Pakistan, Special Prosecutor Ken Starr, The president of the United
States (possibly Clinton and George W Bush), and possibly members of
both presidential cabinets.
|
|
