Feeds

MS ID number system could track all Windows users

Redmond knows all about you - but it's not going to abuse the data, honest...

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Earlier this year the built-in serial numbers in Intel's Pentium III caused a privacy storm. But now a software company has revealed that Microsoft has been running a rather more effective identification system since the launch of Windows 98. So Redmond knows a lot more about you than you might have thought. The point about the Intel system is that it could be used to track personal data relating to PC users, but the Microsoft system is apparently doing so already, and has the potential to operate as a digital fingerprint that tracks where you go, and the documents you produce, anywhere on the Internet. Robert Smith, president of development tools company Phar Lap, last week pointed out that the Windows 98 registration wizard, which is used to register for support and updates, does cute things in addition to just sending Microsoft the Windows 98 registration number. This number, known as a Globally Unique Identifier, is sent to Microsoft along with name, address, phone number, plus demographic details and information on the hardware and software being used. Note that with the progressive tightening-up of Microsoft's registration procedures it is becoming more and more difficult to get support from the company, or to get software updates, without registering, so Microsoft is going to acquire more and more of this data. In the Windows 98 install procedure, users are not told that all this data is being sent, but Smith says that the data Microsoft is gathering is being used to build a database of Windows users globally. From what Smith says, it would also seem that Microsoft has been doing a pretty through job of 'integrating' the number into a user's entire installation. Aside from being linked to the user's name, it also appears in files the user has created, so Microsoft's database could be used to track both users and the documents they produce across the Internet. Microsoft denies that it ever intended to use the data it's gathered for marketing, but as the Windows 98 registration wizard clearly says that the data will be used by Microsoft and its affiliated companies, and the usual check box asking if you mind being sent information is there, this is obvious nonsense. Users do have the ability to decline to send inventory information during registration, but they clearly can't do much about identification numbers embedded in the data files they produce. Microsoft may change the registration wizard in the next Windows 98 service pack (which may be a while yet), but may also (probably depending on the level of the privacy firestorm) produce a utility that will delete the information from the local machine's registry. The company also apparently intends to delete information already collected from its database, but it's not clear what this information consists of. Probably it will be data on users and their machine configurations which have been acquired as part of the online support and update processes. Microsoft's own privacy policy provides some information on what this data consists of: "When you buy and install a new product, we ask you to register your purchase," it says. "We then merge your registration information with any information you've already left with us (we call that information your personal profile). If you haven't previously registered with us, we create a personal profile for you from your registration information." This information is available at the Personal Information Center" on the Microsoft site. But here's the bit that makes you wonder why everybody got worried about Intel without noticing Microsoft: "In creating a new profile or updating an existing one, we obtain your hardware identification number from the registry on your computer's hard drive. If you have already registered, we also obtain the personal identification number you were assigned … We then send a small bit of code back to your hard drive. This code is uniquely yours and only includes your registration information. It is your passport to seamless travel across microsoft.com, allowing you to download free software, order free newsletters and visit premium sites without having to fill out another registration form. Even if you switch computers, you won't have to re-register." There - so it's all supposed to make it easy for you, right? Microsoft may however find itself having to clean up its act sooner rather than later. The US and the EU remain locked in negotiation over how to tackle EU privacy regulations which restrict the export of personal data. If a solution is arrived at, US companies holding data on EU citizens will have to adhere to some sort of mutually agreed code of conduct. One might observe that a company that gives the impression of neither knowing what data it has nor why it acquired it will have a bit of difficulty passing the tests. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
HBO shocks US pay TV world: We're down with OTT. Netflix says, 'Gee'
This affects every broadcaster, every cable guy
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
America's super-secret X-37B plane returns to Earth after nearly TWO YEARS aloft
674 days in space for US Air Force's mystery orbital vehicle
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.