In looking over last week's LWN, I came across a link:
http://www.microsoft.com/windows/windowsmedia/software/v8/privacy.aspx
It describes the information that Windows Media Player "phones home"
with. According to Microsoft, they do not obtain personal information
from your machine, like your phone number and address. Among other
things, a unique code that identifies your machine is passed around.
Microsoft says that this information is generated via OS APIs. This is
interesting for a couple of reasons. First, when you originally
"register" your copy of XP, presumably Microsoft records a similar
(identical?) number from you. One could assume that this number, too, is
generated from OS API calls. I've never registered or run a copy of XP,
but I would assume that they record your name and such when you do it.
If so, then if Microsoft uses that same little number in other places
(like the Windows Media Player), why couldn't they put your name and
that number together? That would make the statement about Windows Media
Player completely true-- they don't record personal information when you
use the _Media Player_. But that statement would sidestep the
possibility of putting the two pieces of information together. Microsoft
says that with the Media Player, this little number would likely go to
non-Microsoft sites. More on that later.
The second reason this is interesting is the angle about the fact that
this number is generated by APIs in the OS. Why have an API devoted to
this type of thing? One reason would be to allow others to use this
number for things. Recently, my wife contemplated some major upgrades to
some Windows packages she uses. In a couple of cases, she was told that
they required XP. As I recall, she was told that if she used Win2K,
she'd have to obtain a service pack that allowed Win2K to mimic certain
capabilities of XP, having to do with transmittal of unique data over
the internet. Hmm. Could that be this little number, or something like
it?
Recall that Microsoft's Passport gizmo didn't meet with the rosiest
welcome. Passport was supposed to allow a single sign-on everywhere over
the internet. I believe it's still used with certain Microsoft services.
Also recall that Microsoft has worked tirelessly on the idea of DRM
(Digital Rights Management), where in effect, you can't use your
computer or listen to an MP3 unless "we" (RIAA, MPAA, Microsoft) say you
can. Also recall that Microsoft created the Business Software Alliance
(BSA) specifically to fight "piracy". Also recall that Microsoft has
been pushing their Palladium DRM chip idea to motherboard manufacturers.
Now imagine if Microsoft came up with a scheme where they could generate
a unique number that would identify your machine on the internet. They
could say it was to prevent piracy of their OS software. Let's say they
had your name and address stored somewhere else, and that the little
unique number ("GUID") could potentially be mated up with that personal
information. And let's say that they put an API in their OS that would
allow a program to generate that number or another similar number on
command. And let's say that they sold this idea to companies like Adobe
and Symantec. "Cut piracy by knowing when users try to move your
software onto a different machine. Easy to do with our patented GUID
technology." "Uniquely identify the machines your software runs on!"
Let's be generous and assume that these little APIs generate different
numbers whether it's Windows XP or Adobe Illustrator that's asking for
the number. Sooner or later, someone should be able to come up with a
way to mate your personal information (stored _somewhere_) with that
little number. And theoretically, if the _same_ number (or part of it)
is generated in all cases, _all_ your personal information residing on
servers all over could be joined up into one database.
This can't be a completely new line of thought. Surely someone has
thought of this before. Of course, I don't see this splashed all over
computer media. But I can't imagine Microsoft, being Microsoft, wouldn't
have thought of it already. Is there someone else who's thought this
through and has more detail about it than my guesswork?
Paul
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:45:41 EDT