bit-tech.net

Built-in Vista probing tools exposed

Built-in Vista probing tools exposed

Softpedia has exposed more than 60 Windows Vista features and services that collect data - only 20 of them are fully disclosed in the Windows Vista Privacy Statement.

A report on Softpedia has revealed more than 20 different Vista features and services that harvest user data for Microsoft and (dare I say it) to the software giant's credit, it makes no secret about the fact Windows Vista is gathering information.

Whether or not the data harvesting is right, Microsoft provides both a Windows Vista Privacy Statement and there are also references to the data collection services in the End User License Agreement (PDF) that you agree to when you are installing the operating system.

However, what's disappointing is the fact that Microsoft has admitted that the list provided under the Windows Vista Privacy Statement is far from exhaustive. Indeed, Softpedia says that there are another 47 Windows Vista features and services that collect data. Not all of these phone home, but the report claims that around 50 percent of these items do contact Microsoft.

There is no indication of what actually happens to the data collected by Microsoft via Windows Vista but, based on two excerpts from the Windows Vista Privacy Statement, the software giant is in two minds as to how it'll use the data collected from your machine.

Almost right at the start of the Privacy statement, Microsoft says that it will not use the information it gathers to identify Windows Vista users, but just a couple of paragraphs further down the statement, the company reveals that it can use the data it collects against you if it wanted to, or was forced to.

You can read a full breakdown of the services Microsoft is using to collect data on end users here. Our best advice is that if you don't want your data sent to Microsoft, don't install Windows Vista.

Discuss in our forums

41 Comments

Discuss in the forums Reply
yakyb 3rd July 2007, 11:48 Quote
thats not good i would like a further insight into exactly what is recorded if its just browsing habits im not that bothered (still not exactly happy) but if its more detailed stuff like whether i use DVDdecrypter or clonecd or BitTorrent(which i dont BTW) i would be vry pissed
bilbothebaggins 3rd July 2007, 12:14 Quote
Quote:
Originally Posted by Article
(...) Our best advice is that if you don't want your data sent to Microsoft, don't install Windows Vista.
;)
Which is exactly what I will do. (Or don't do - i.e. don't do the installing ... whatever ...)

First game I want to play that only runs on Vista - remains to be seen if the game will be worth the 300€ I'll have to pay to get Vista.

-btb-
E-Jungle 3rd July 2007, 12:25 Quote
I'm using Vista Ultimate atm, and it works ok for me, but i was already thinking of reverting back to good old linux. This just helped me make up my mind :D

I think it's kinda rude from M$ to collect the data and not tell the users about it... if i paid for my copy of vista i would have tried to get my money back (i'm using a legit copy through work).
Hugo.B 3rd July 2007, 13:08 Quote
Quote:
I think it's kinda rude from M$ to collect the data and not tell the users about it...
You realize of course, it goes a little deeper than that?
XP so far doesn't have any phone-home malware, other than WGA, which I have consistently refused to let updater download.
So, with a combination of XP and Linux, I'll keep going till I work up the courage to switch entirely to a Linux based OS.
By the way, does anyone know whether Splash Damage is doing a Linux release for ET:QW?


H.B.
Buzzons 3rd July 2007, 13:35 Quote
What is wrong with MS getting the data? it is all your fault for not reading the EULA anyhoo :p But really, what do you think they willl do with all this data, other than patch/release Service packs based on all this data.. so in the long run it helps your experience.
jezmck 3rd July 2007, 13:37 Quote
Quote:
based on two excepts from the
excerpt

----

I don't think they're doing anything unreasonable here (tbh imho rofl).
They say that they can, but that they won't unless required by law.

People seem to forget that they as individuals are not interesting to the authorities unless they do something they shouldn't.
Tim S 3rd July 2007, 13:53 Quote
Quote:
Originally Posted by jazzle
excerpt
slip of the fingers, thanks :)
Phil Rhodes 3rd July 2007, 14:03 Quote
We need a "sigh of grim inevitability" smiley.
ComputerKing 3rd July 2007, 14:09 Quote
Microsoft start to be idiot and rude... I really Don't know why they do that... I will back to my XP SP2 and sell my Vista... Idiot company :(
[USRF]Obiwan 3rd July 2007, 14:14 Quote
Woooohhh scary.... and now?

Will vista stop working? nope.
Will you get more spammail then you allready getting? Probably, but you will never know if it was vista's datacolllecting that causes it.
Will you get a letter from microsoft with the stats they collected from you? nope
Does it do anything at all to make your usage of vista uncomfortable? Nope


And i can say that vista collects and send 2000 different items to microsoft. But i dont know what it is and when its done.


Come on! this is useless information.
Hugo.B 3rd July 2007, 14:24 Quote
Your first statement attempts to ridicule those that care about their privacy.
Following statements prove that all you care about is:

Will Vista stop working?
Will I get more spam?
Will I be contacted by Microsoft to show me the info they collected.
Will Vista be made uncomfortable for me?

You sound like you're desperately trying to justify the amount you spent on Vista. :D
It's intrusive, and people have become desensitized to invasions of their privacy.
They simply say it's in the EULA, and that it's your fault for not reading it.


H.B.
DXR_13KE 3rd July 2007, 14:25 Quote
Quote:
Microsoft says that it will not use the information it gathers to identify Windows Vista users

so MS does not know who i am and has no way to find me but:
Quote:
the company reveals that it can use the data it collects against you if it wanted to, or was forced to.

making the above null and void, how the hell can they use data against you if they do not know who you are?
steveo_mcg 3rd July 2007, 14:29 Quote
Any one know what ports it connects on?
Hugo.B 3rd July 2007, 14:50 Quote
Try Wireshark or Kismet.


H.B.
Nix 3rd July 2007, 16:09 Quote
Quote:
Originally Posted by [USRF]Obiwan

Come on! this is useless information.

And how would youl know what information thats being collected is useless. Remember that about a year before Vista was released, when it was unvieled, Microsoft announced that they have been working closely with security services to make the Operating System a lot "Safer". Chances are there are parts of malware that collect information on everything that you do, view and create that could be for the Security Services.

I hated when Microsoft announced this as they know their product is used worldwide, and having security services from 1 Country (USA) is possibly the worst idea theyve had... and we all know theyve had a few. Anyway, we all know what the American Government thinks about net neutrality.

Also the bit about the EULA statement, could that cause a legal quagmire.... seeing as they say one thing in it, and then later contradict themselves?
eldiablo 3rd July 2007, 16:13 Quote
I also wonder what this would do on the performance if you could switch all these collectors of. Becuase more then 60 collectors, that doesnt sound like they wont use any resources to me. *naughty naughty microsoft*
Amon 3rd July 2007, 16:22 Quote
Even though we're living in a world wherein digital autonomy is so passé, monitoring your customers is really unnecessary. It would be nice to simply check a box to disable all of it. This is also an even bigger reason for Vista to continue to be ignored in the enterprise environment (*big* money in licensing there) for fear of security. If users are so compelled to contribute to Megasoft's user activity feedback database, then they will do so at will, and just check the "yes" box if it will be made an option--so much for choice in an opinion-driven digital society, eh?

I hope Vista grasps my vista of it crashing and burning.
flabber 3rd July 2007, 16:22 Quote
It doesn't matter what Microsoft is doing with that data... the fact is that they don't tell the buyer that they are using 67 programs in total to get that information from you.

Which, in my book, is a direct "attack" on your privacy.
f00dl3 3rd July 2007, 16:36 Quote
I don't see what the big deal is, software companies havebeen doing this for years. This is nothing new to IT.
Nexxo 3rd July 2007, 16:47 Quote
Quote:
Originally Posted by jazzle
People seem to forget that they as individuals are not interesting to the authorities unless they do something they shouldn't.
Correction: they are not interesting until the authorities think they might be doing something the authorities think they shouldn't. There's the rub.
Quote:
Originally Posted by Hugo.B
Your first statement attempts to ridicule those that care about their privacy...

...It's intrusive, and people have become desensitized to invasions of their privacy.
[USRF]Obiwan has a point, though. Vista has about 67 features collecting information. There are going to be literally hundreds of millions of people using Vista over the next decade. How much information does Microsoft have to wade through? Chances are, your precious private data is never even going to be seen by human eyes, but just automatically amalgamated with millions of other bits of data into some anonymous statistics by computer software.

And then, why would authorities care about whether you use DVDdecrypter or that slightly dodgy Student Edition of MSOffice past its Terms of Use? What interesting data could Vista actually collect that the government could not, by the usual means? The really interesting information about you is already out there: what searches you do on Google, your political opinions as expressed in which forums you visit, your internet-associated Credit Card activity, your blogs, your chat room activities and associates... And that is not even considering the usual channels: your bank account activities, credit rating, census data, car registration (and associated CCTV records), CRB checks, employment records, mobile and landline phone tapping, e-mail snooping... Trust me, the authorities don't need Vista. They can already find out all they want about you.
devdevil85 3rd July 2007, 17:06 Quote
Quote:
Originally Posted by f00dl3
I don't see what the big deal is, software companies havebeen doing this for years. This is nothing new to IT.
[sarcasm]Well who gives a s**t then.....I mean c'mon they've been doing this for years now anyways.....[/sarcasm] All I can say is that all of this hidden spyware better not be eating resources that should otherwise be used for their original purpose (like running the OS! maybe?) M$ better come out of the closet here and explain why they didn't insert the other 47 methods of data farming in the EULA.
Amon 3rd July 2007, 17:13 Quote
Quote:
Originally Posted by devdevil85
[sarcasm]Well who gives a s**t then.....I mean c'mon they've been doing this for years now anyways.....[/sarcasm] All I can say is that all of this hidden spyware better not be eating resources that should otherwise be used for their original purpose (like running the OS! maybe?) M$ better come out of the closet here and explain why they didn't insert the other 47 methods of data farming in the EULA.
I don't think freeing system resources is the real concern here as much as the user's digital anonymity. This is one great reason why Vista isn't taking off in the corporate environment where security and privacy are the highest of priorities. I work in the same department as a bank's entire corporate security system experts and I understand quite vividly the importance of an operating system's 'cleanliness' before being implemented into the enterprise. If Vista is this 'dirty', then it'll just remain stuck to casual users and OEM outfitters at best.
Luukas 3rd July 2007, 17:34 Quote
Quote:
Originally Posted by Hugo.B
By the way, does anyone know whether Splash Damage is doing a Linux release for ET:QW?


H.B.
This is a bit off-topic but...apparently yes.
Faulk_Wulf 3rd July 2007, 17:42 Quote
Long Version:
Quote:
Originally Posted by Nexxo
And then, why would authorities care about ... They can already find out all they want about you.
So either you're paranoid, or the real state of the web-based world is a scary place with the right (or wrong) people running it. I think maybe I'll make a tin foil hat now. My mental idea of being secured just completely changed, and unless I want to live in the mountains away from all technology, there really isn't sh*t I can do about it.

I can't speculate on corporations, or educational environments, but I do find it kinda BS that to play the latest games they'll force you to upgrade to Vista. I don't remember the switch from 98-XP being so harsh. The 8x00 from nVidia supports DX10, which is only available on Vista. Since Apple and Linux don't support Direct X (Indeed, isn't it a Windows only thing?) game developers pretty much have to develop for Windows if they want to target the PC market. Since the only other solution would be for developers to make there own "Direct X" for another OS, and we all know that that would be too cost prohibitive to be remotely logical, it essentially gives Microsoft a monopoly on the gaming industry. (Which I wouldn't think would be legal, but I'll wait for the replies that will explain my errors in these thoughts. ;) )

The bigger point is this: Who is this targeting? While I'm sure any more criminals have computers, laptops, hell maybe even full networks-- I'm equally sure that they probably use command line, or proprietary operating systems for alot of major illegal activity. This might pick up on some white collared business crime, but more then likely, it would pick up anything massively illegal. (Well maybe child pornography?)

Really this will target a primary demographic of 13 - 35 home PC users with a typical computing knowledge range of decent to horrendous. I see that most people on this forum with "decent" to excellent knowledge pretty much always use Linux and Mac when the option is available to them. I'd also pay money on a bet that another 25% would use Linux instantly if they could play proprietary games on it. So what are the main activities of this demographic? File sharing and video gaming, and social networking. RIAA/MPAA, Video game industry, and governments could benifit from the kind of information picked up by the kinds of programs installed on your computer, whether they're legal or not, and your browsing habits. Along with sharing music movies etc, and burinng your own. Yeah, its one giant conspiracy theory. And maybe I've read 1984 too much, and read too much into Nexxo's post. I'm not saying Vista is evil, and I'm not saying that the American government is to the point of monitoring every teeny bopper, but they might be getting close. (F#cking Patriot Act, et all) After all, what better time to start profiling a populous then before they know they have rights that are already being violated.

Short Version:
:(
zero0ne 3rd July 2007, 17:52 Quote
My guess of why its "contradicting" is because it works like this:

when it stores the data it collects, it attaches it with say the CD key of the system...

So if the authorities had a reason to attack someone for having pics of naked 5 yr old kids, they would see its attached to CD key X, and that CD Key X is registered to John Doe.

the first statement probably means when they use the data collected for their purposes, or sell it, no one on that end has access to who each specific data point is referring to, but they have the ability to link it if needed by the federal government.
Bluephoenix 3rd July 2007, 20:05 Quote
I read the EULA, and even then I don't care all that much, because if they do use it, I can have anything they use thrown out because of a reasonable expectation of privacy (which was recently upheld by the supreme court in the case of datalogging by IPs )
jfreak 3rd July 2007, 20:27 Quote
ok, here is what I see as the big problem with MS invasion of your PC..

They collect data on your pc about you. Then they work a business plan muscle out products and services that compete with them. This has the potential to give MS an unfair advantage in the business world.

Second, lets say MS can't take down google and can't buy them out. Well, now they have enough information to cripple/alter operation/shut down applications/service/web addresses they deem to be threatening (to their business) that you use too often.

Yeah yeah, you say that will never happen... well then, why do they need the information in the first place. A service patch does not require 6 billion peoples information in order to be released or worked on.

What justifiable reason does a company like MS need to collect all that information on you or I?

Linux is looking better and better all the time. I just wish they would get gaming and other multimedia up to equal or better footing to windows. It's getting closer.
TTmodder 3rd July 2007, 21:11 Quote
Only one thing to say. Linux & Cedega
jezmck 4th July 2007, 08:52 Quote
Quote:
Originally Posted by Nexxo
Correction: they are not interesting until the authorities think they might be doing something the authorities think they shouldn't. There's the rub....
Fair point, but they can then look at the data and see that you're innocent, right?
Nexxo 4th July 2007, 13:30 Quote
Quote:
Originally Posted by jazzle
Fair point, but they can then look at the data and see that you're innocent, right?

Again, depends on what they think of as "innocence". Or should I say: "harmlessness"? ;)
Nexxo 4th July 2007, 13:51 Quote
Quote:
Originally Posted by jfreak
ok, here is what I see as the big problem with MS invasion of your PC..

They collect data on your pc about you. Then they work a business plan muscle out products and services that compete with them. This has the potential to give MS an unfair advantage in the business world.

Second, lets say MS can't take down google and can't buy them out. Well, now they have enough information to cripple/alter operation/shut down applications/service/web addresses they deem to be threatening (to their business) that you use too often.

Yeah yeah, you say that will never happen... well then, why do they need the information in the first place. A service patch does not require 6 billion peoples information in order to be released or worked on.

What justifiable reason does a company like MS need to collect all that information on you or I?
MS has the rather unique problem that their product needs to work on an infinite number of differently configured PCs, with sometimes unique installations of hardware, drivers and software produced by third parties over which they have little control. It has to be flexible, easy to set up and use by even the most computer-illiterate moron and stand up to a fair bit of user abuse, obscure hardware glitches and data corruption.

No, don't wave Linux around. You need to be a geek to install Linux, and it is very unforgiving of badly configured hardware. Not something I see the average home PC user get to grips with. Get Root requires Get Geek.

So, it is useful for MS to get as much information as possible from as wide a range of different PCs as possible, under as real-life-use conditions as possible. After all, there's many different PCs out there, and computer-illiterate people do things that from a computer geek's perspective can seem rather strange and illogical.

Of course, MS being MS, they will study usage patterns to tailor their software and services accordingly. But we benefit from that in the end. MS is very unlikely to try and shut out popular services/applications/web addresses not provided by them, simply because no user is going to shell out up to $300,-- on Windows Vista Next Edition if they cannot use Google or eBay on it. The average consumer or company has no loyalties towards any particular OS like Apple or Linux users may have --if, say, Apple allows them to do the things they want and Windows doesn't, they switch. What is more likely is that MS will try and develop competitive services. But although it may rub those in our faces, unless they are really better than the competition, people will simply not use them. My default search engine and home page is still Google, no matter how much MSN Search and MSN Homepage was installed per default.

Neither is MS going to sabotage such services. Google has programmers too, and the slightest whiff of any cyber-warfare coming from Redmond will result in lawsuits that would cripple MS and put key members of its board in prison (not to mention some counter-measures in retribution).
GoodBytes 4th July 2007, 15:07 Quote
We can call use Vista... there is no problem (just don't connect to the net :p)
mrlanrat 6th July 2007, 07:10 Quote
True, this is one of the 100's or reasons I use Linux. (Is I type in a windows vista laptop. ;) )
mrlanrat 6th July 2007, 07:13 Quote
Quote:
Originally Posted by GoodBytes
We can call use Vista... there is no problem (just don't connect to the net :p)


I'm sure Microsoft thought of this, maybe they have a way for the computer to send very small electrical pulses out of the powersuply to the power lines over to Microsoft so they can harvest your data!
proxess 6th July 2007, 23:25 Quote
I love my privacy...
Cthippo 6th July 2007, 23:48 Quote
Quote:
Originally Posted by GoodBytes
We can call use Vista... there is no problem (just don't connect to the net :p)

The problem withg that of course is that without web activation Vista shoots itself in the foot after 30 days. I wonder if it also quits working if you activate it and then disconnect it from the web.

There is one reason, above all the many others, I switched to linux, and it's called Vista.
TreeheadWoodfist 16th July 2007, 07:07 Quote
Quote:
Originally Posted by DXR_13KE
Quote:
Microsoft says that it will not use the information it gathers to identify Windows Vista users

so MS does not know who i am and has no way to find me but:
Quote:
the company reveals that it can use the data it collects against you if it wanted to, or was forced to.

making the above null and void, how the hell can they use data against you if they do not know who you are?

My guess is that they'll just have to find another way to identify you, like when you register your version of vista online or even via your ISP... just a thought :/
Liete87 20th July 2007, 08:08 Quote
That's why I installed Vista on a seperate partition and only use it for DX10 games.

Anything else I do is done on XP
GoodBytes 20th July 2007, 15:16 Quote
As Nixxo says:
http://forums.bit-tech.net/showpost.php?p=1516656&postcount=29

Either way, you have nothing to do with an illegal broken (they all are without exception) OS copy. Also, I don;t know about you, but I would prefer to be called then be sued for a huge amount of money.
Dna14 21st July 2007, 18:05 Quote
Its like big brother. I also heard about this, but it is quite common with other things too. I suppose there is not alot we can do to stop them. Just makes you wonder what information they gather.
pumpman 21st July 2007, 20:38 Quote
meh google knows more about me than ms does, does it matter what os you use if you browse the web google knows about it ?
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums