Feeds

Windows ID numbers – how they work

The strange tale of the bug Microsoft has been calling a useful feature...

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Further details of the identification system used in Windows 98 registration have emerged. In the past few days it has been revealed (see earlier story) that data gathered during the registration process gives Microsoft the means to track both individual users and the documents they produce across the Internet. Each copy of Windows has its own registration number, and during online registration the user is asked to fill in personal details, including name, address and class of user. The registration also produces a hardware audit of the local machine, but the user can decline to send this to Microsoft if they want. In addition, however, machines with an Ethernet adaptor present will send a unique hardware identification number, whether or not the user declines to send hardware audit information. Microsoft yesterday described this as a bug in the software, but the company's privacy policy, parts of which were published here in yesterday's story, makes it clear that it's no bug -- it's quite intentional, and Microsoft has been upfront about it (albeit in a document hardly anyone's going to bother reading). The number is used to generate unique identification numbers for Microsoft Office documents created on the machine. These numbers are embedded in the documents themselves, which means they can be 'fingerprinted' -- ever send somebody a file anonymously? Maybe you didn't after all. If the machine doesn't have an Ethernet adapter, a dummy number is used. This is -- allegedly -- common to all non-networked Windows 98 machines, so it shouldn't be possible to use it to trace documents. But if the mechanisms for processing unique identification numbers exist, then clearly Microsoft is going to make the numbers unique -- unless the appalling publicity puts it off the idea. A unique number system, quite possibly incorporating the Pentium III identifier, is an obvious next step for Windows 2000, particularly as Microsoft wants to introduce universal registration, or possibly even the infamous 'software rental' model by that point. But the exposure of the current tracking system seems to have torpedoed that plan for the moment. Microsoft yesterday said the Windows 98 identification system certainly won't be used in Windows 2000. But we'll all have to watch the process that is in there very closely, just in case. ®

Intelligent flash storage arrays

More from The Register

next story
BIG FAT Lies: Porky Pies about obesity
What really shortens lives? Reading this sort of crap in the papers
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.