Microsoft Harvesting Organs* for evil purposes
Marius Oiaga the Technology News Editor wrote and article over at Softpedia called Forget about the WGA! 20+ Windows Vista Features and Services Harvest User Data for Microsof which he claims Microsoft is harvesting users information. This is a typical hit piece that normally people would assume Microsoft would write. After reading the article I couldn’t find any falsehoods isn’t I found a pile of FUD (Fear, Uncertainty, and Doubt).
Let’s start at the beginning.
The Redmond company emphasized numerous times the fact that all information collected is not used to identify or contact users. But could it? Oh yes! All you have to know is that Microsoft could come knocking on your door as soon as you boot Windows Vista for the first time if you consider the system’s computer information harvested. Microsoft will get your “Internet protocol address, the type of operating system, browser and name and version of the software you are using, and the language code of the device where you installed the software.” But all they really need is your IP address.
emphasis added
This is where the common user should be scared. In fact you should hide under the stairs with a tin foil hat because Microsoft will have your IP address not only that but they harvest all sorts of information. What… you clicked on the links and those sites could find out that the same information as Microsoft? That’s right the information is readily available. In face with out your IP address websites would not be able to send back information.
Windows Update, Web Content, Digital Certificates, Auto Root Update, Windows Media Digital Rights Management, Windows Media Player, Malicious Software Removal/Clean On Upgrade, Network Connectivity Status Icon, Windows Time Service, and the IPv6 Network Address Translation (NAT) Traversal service (Teredo) are the features and services that collect and deliver data to Microsoft from Windows Vista. By using any of these items, you agree to share your information with the Redmond Company. Microsoft says that users have the possibility to disable or not use the features and services altogether. But at the same time Windows update is crucial to the security of Windows Vista, so turning it off is not really an option, is it?
And this is different than Linux and/or Apple in what way? Your computer needs to send information to the patch server it knows what patches to send. Furthermore you can still patch your machine manually. i.e. download the patch and run it yourself.
The article then goes on to explain how the evil Microsoft client connect to Microsoft’s evil x.509 server to check to see if certificates are valid. OK this is actually an extremely important and good thing. Lets say a malicious use breaks into your bank and steals their SSL certificate. Well now there is no way for you to know if you are connecting to the bank’s website or MaliciousCorp. The revoking of certificates is to insure an identity.
Well I am done ranting. I don’t want to get to worked up and have a stroke. And before any one complains and tells me I am a Microsoft stooge I am writing this in Firefox on a MacBook Pro.
* and by organs I mean small useless pieces of information.