By: Marius Oiaga, Technology News Editor
Enlarge pictureAre you using Windows Vista? Then you might as well know
that the licensed operating system installed on your machine is harvesting
a healthy volume of information for Microsoft. In this context, a program
such as the Windows Genuine Advantage is the last of your concerns. In
fact, in excess of 20 Windows Vista features and services are hard at work
collecting and transmitting your personal data to the Redmond company.
Microsoft makes no secret about the fact that Windows Vista is gathering
information. End users have little to say, and no real choice in the
matter. The company does provide both a Windows Vista Privacy Statement and
references within the End User License Agreement for the operating system.
Combined, the resources paint the big picture over the extent of
Microsoft's end user data harvest via Vista.
Reading Between the EULA Lines
Together with Windows Vista, Microsoft also provides a set of
Internet-based services, for which it has reserved full control, including
alteration and cancellation at any given time. The Internet-based services
in Vista "coincidentally" connect to Microsoft and to "service provider
computer systems." Depending on the specific service, users may or may not
receive a separate notification of the fact that their data is being
collected and shared. The only way to prevent this is to know the specific
services and features involved and to either switch them off or not use
The alternative? Well, it's written in the Vista license agreement. "By
using these features, you consent to the transmission of this information.
Microsoft does not use the information to identify or contact you."
The Redmond company emphasized numerous times the fact that all information
collected is not used to identify or contact users. But could it? Oh yes!
All you have to know is that Microsoft could come knocking on your door as
soon as you boot Windows Vista for the first time if you consider the
system's computer information harvested. Microsoft will get your "Internet
protocol address, the type of operating system, browser and name and
version of the software you are using, and the language code of the device
where you installed the software." But all they really need is your IP
What's Covered in the Vista License?
Windows Update, Web
Content, Digital Certificates, Auto Root Update, Windows Media Digital
Rights Management, Windows Media Player, Malicious Software Removal/Clean
On Upgrade, Network Connectivity Status Icon, Windows Time Service, and the
IPv6 Network Address Translation (NAT) Traversal service (Teredo) are the
features and services that collect and deliver data to Microsoft from
Windows Vista. By using any of these items, you agree to share your
information with the Redmond Company. Microsoft says that users have the
possibility to disable or not use the features and services altogether. But
at the same time Windows update is crucial to the security of Windows
Vista, so turning it off is not really an option, is it?
Windows Vista will contact Microsoft to get the right hardware drivers, to
provide web-based "clip art, templates, training, assistance and Appshelp,"
to access digital software certificates designed "confirm
the identity of Internet users sending X.509 standard encrypted
information" and to refresh the catalog with trusted certificate
authorities. Of course that the Windows Vista Digital Rights Management
could not miss from a list of services that contact Microsoft on a regular
basis. If you want access to protected content, you will also have to let
the Windows Media Digital Rights Management talk home. Windows Media Player
in Vista for example, will look for codecs, new versions and local online
The Malicious Software Removal tool will report straight to Microsoft with
both the findings of your computer scan, but also any potential errors.
Also, in an effort to enable the transition to IPv6 from IPv4, "by default
standard Internet Protocol information will be sent to the Teredo service
Microsoft at regular intervals."
Had Enough? I Didn't Think So!
Microsoft has an additional collection of 47 Windows Vista features and
services that collect user data. However, not all phone home and report to
Microsoft. Although the data collection process is generalized across the
list, user information is also processed and kept on the local machine,
leaving just approximately 50% of the items to both harvest data and
contact Microsoft. Still, Microsoft underlined the fact that the list
provided under the Windows Vista Privacy Statement is by no means
exhaustive, nor does it apply to all the company's websites, services and
Activation, Customer Experience Improvement Program (CEIP), Device Manager,
Driver Protection, Dynamic Update, Event Viewer, File Association Web
Service, Games Folder, Error Reporting for Handwriting Recognition, Input
Method Editor (IME), Installation Improvement Program, Internet Printing,
Internet Protocol version 6 Network Address Translation Traversal, Network
Awareness (somewhat), Parental Controls, Peer Name Resolution Service, Plug
and Play, Plug and Play Extensions, Program Compatibility Assistant,
Program Properties-Compatibility Tab, Program Compatibility Wizard,
Properties, Registration, Rights Management Services (RMS) Client, Update
Root Certificates, Windows Control Panel, Windows Help, Windows Mail (only
with Windows Live Mail, Hotmail, or MSN Mail) and Windows Problem Reporting
are the main features and services in Windows Vista that collect and
transmit user data to Microsoft.
This extensive enumeration is not a complete illustration of all the
sources in Windows Vista that Microsoft uses to gather end user data.
However, it is more than sufficient to raise serious issues regarding user
privacy. The Redmond company has adopted a very transparent position when
it comes to the information being collected from its users. But privacy,
much in the same manner as virtualization, is not mature enough and not
sufficiently enforced through legislation. Microsoft itself is one of the
principal contributors to the creation of a universal user privacy model.
The activation process will give the company product key information
together with a "hardware hash, which is a non-unique number generated from
the computer's hardware configuration" but no personal information. The
Customer Experience Improvement Program (CEIP) is optional, and designed to
improve software quality. Via the Device Manager, Microsoft has access to
all the information related to your system configuration in order to
provide the adequate drivers. Similarly, Dynamic Update offers your
computer's hardware info to Microsoft for compatible drivers.
Event Viewer data is collected every time the users access the Event Log
Online Help link. By using the File Association Web Service, Microsoft will
receive a list with the file name extensions. Metadata related to the games
that you have installed in Vista also finds its way to Microsoft. The Error
Reporting for Handwriting Recognition will only report to Microsoft if the
user expressly desires it to. Through IME Word Registration, Microsoft will
receive Word registration reports. Users have to choose to participate in
the Installation Improvement Program before any data is sent over at
Ever used a print server hosted by Microsoft? Then the company collected
your data through Internet Printing. Network Awareness is in a league of
its own. It does not premeditatedly store of send directly information to
Microsoft, but it makes data available to other services involving network
connectivity, and that do access the Redmond company. Via Parental
Controls, not only you but also Microsoft will monitor all the visited URLs
of your offspring.
Hashes of your Peer Name tied to your IP address are published and
periodically refreshed on a Microsoft server, courtesy of the Peer Name
Resolution Service. Every time you install a Plug and Play device, you tell
Microsoft about it in order to get the necessary device drivers. The same
is the case for PnP-X enabled device, only that Windows Update is more
actively involved in this case.
The Program Compatibility Assistant is designed to work together with the
Microsoft Error Reporting Service, to highlight to Microsoft potential
incompatibility errors. For every example of compatibility settings via the
Compatibility tab, Microsoft receives an error report. The Program
Compatibility Wizard deals with similar issues related to application
incompatibility. File properties are sent to Microsoft only with the item
that they are associated with.
You can also volunteer your name, email address, country and even address
to Microsoft through the registration process. A service such as the Rights
Management Services (RMS) Client can only function in conjunction with your
All the queries entered into the Search box included in the Windows Vista
Control Panel will be sent to Microsoft with your consent. The Help
Experience Improvement Program also collects and sends information to
Microsoft. As does Windows Mail when the users access Windows Live Mail,
Hotmail, or MSN Mail. And the Windows Problem Reporting is a service with a
self explanatory name.
But is this all? Not even by a long shot. Windows Genuine Advantage,
Windows Defender, Support Services, Windows Media Center and Internet
Explorer 7 all collect and transmit user data to Microsoft. Don't want them
to? Then simply turn them off, or use alternative programs when possible or
stop using some services altogether. Otherwise, when your consent is
demanded, you can opt for NO.
What Happens to My Data?
Only God and Microsoft know the answer to that. And I have a feeling that
God is going right now "Hey, don't get me involved in this! I have enough
trouble as it is trying to find out the release date for Windows Vista
Service Pack 1 and Windows Seven!"
Generally speaking, Microsoft is indeed transparent - up to a point - about
how it will handle the data collected from your Vista machine. "The
personal information we collect from you will be used by Microsoft and its
controlled subsidiaries and affiliates to provide the service(s) or carry
out the transaction(s) you have requested or authorized, and may also be
used to request additional information on feedback that you provide about
the product or service that you are using; to provide important
notifications regarding the software; to improve the product or service,
for example bug and survey form inquiries; or to provide you with advance
notice of events or to tell you about new product releases," reads a
fragment of the Windows Vista Privacy Statement.
But could Microsoft turn the data it has collected against you? Of course,
what did you think? "Microsoft may disclose personal information about you
if required to do so by law or in the good faith belief that such action is
necessary to: (a) comply with the law or legal process served on Microsoft;
(b) protect and defend the rights of Microsoft (including enforcement of
our agreements); or (c) act in urgent circumstances to protect the personal
safety of Microsoft employees, users of Microsoft software or services, or
members of the public," reveals another excerpt.
And you thought that it was just you... and your Windows Vista. Looks like
a love triangle to me... with Microsoft in the mix.