Feeds

Phoenix answers all our phone-home BIOS questions

And by the way, PhoenixNet is dead

  • alert
  • submit to reddit

High performance access to file storage

As promised, Phoenix has answered all the questions we sent them about the controversial PhoenixNet BIOS. Now we know why it took so long to get our answers: the scheme was dying quietly as we corresponded.

1. Does the PhoenixNet installation software alert the user to the Net feature and give them a chance to decline to install it? (We understand that the user can disable the service in CMOS setup; but if an option is not present during installation, then the connection, when available, will likely be made without the user's knowledge since only a fraction of users will go into setup before using their machine.)

"When a PhoenixNet-Enabled PC running Windows 98 or ME is initially booted up, the BIOS causes a small application, called the Permission Application, to be enabled. The BIOS performs no other functions related to the PhoenixNet Delivery System after this occurs. The Permission Application presents a display screen than asks the user, following the Windows registration process, whether the user wishes to receive PhoenixNet services. If the user decides not to accept the PhoenixNet offer, an icon is placed on the PC's desktop, so the user can accept the offer later and enroll on the PhoenixNet web site. No other PhoenixNet application is installed if a user declines the offer, and the Permission Application will not launch again, unless the operating system is removed and reinstalled. In that case, the process described above occurs."

2. Are there any versions of PhoenixNet-enabled BIOS which do not offer the option to disable it in CMOS setup? If not, is Phoenix prepared to guarantee that there won't be any in future?

"PhoenixNet was designed to use a Permission Screen approach to give users an easy way to enroll or not in the PhoenixNet service. This feature eliminated any need for a user to go into BIOS setup to disable or decline these services. In some cases, motherboard companies went further and added a switch to the BIOS setup that allowed a PC system builder to disable PhoenixNet capabilities entirely. If the PC was shipped with the switch in the default position, the Permission Screen was displayed and the process explained in answer no. 1 took place. However, if a system builder disabled the option, the process never started. In short, the PC was not PhoenixNet-Enabled.

Because of a change in the PhoenixNet business model mentioned in our response to question 6, motherboard companies discontinued adding PhoenixNet Solutions Delivery clients to their products in the first quarter of this year. The shipments of the product that remain in the channel are from earlier production that will not be resumed." [our emphasis]

3. Certain PhoenixNet installed files, PTLSEQ.DAT; PTLSEQ.MET; and PTLSEQ.RCL, appear to contain some configuration and hardware information related to the individual PC its running on. What data about the PC is sent to Phoenix during the Net connection? Is it recorded? If so, what is it used for and by whom can it be accessed?

"Before a user accepts the PhoenixNet offer displayed by the Permission Application, he or she is provided with a link to the PhoenixNet privacy policy. The privacy policy notifies users that certain information is collected to determine which features to offer the user. This 'tailoring' is based on the user's country selection during enrollment and the operating system language settings. The privacy policy also informs the user that aggregate statistical information may be provided to PhoenixNet's partners. This statistical information is collected only if the user enrolls in the service, and relates to CPU manufacturer and model, amount of RAM, operating system version, and the number and type of connected IDE peripheral devices. No personal information is collected. This statistical information is only used to provide product configuration data to the motherboard companies upon their request. Personal information can only be collected or shared when the user registers for software or services provided by PhoenixNet affiliates, and only then if the user gives his or her specific permission to do so. (See also our response to question 4.)"

4. What data about the PC *can be* sent to the mobo manufacturer during the Net connection? In other words, how flexible is this feature? Could a manufacturer track the aggregate use of their mobos with this feature? Could they track individual use?

"PhoenixNet has no capability to track how the PC is being used by users, whether or not they enroll in the PhoenixNet service. As noted in the response to question 3, aggregate non-personal configuration data is collected in accordance with PhoenixNet's privacy policy from users who enroll in the service. The configuration data is transmitted to the PhoenixNet data center only once, upon enrollment. The aggregated data may be sent to motherboard manufacturers upon request. Statistical data that might be derived from the aggregate data is along the lines of the following: '25% of this model of motherboard in Taiwan use 128MB of RAM'. To date, however, no motherboard manufacturer has requested this data."

5. Is it possible to identify a particular mobo with any feature currently included in, or planned for, the Net service?

"If a user enrolls in the PhoenixNet service, the PC is identified to the service to indicate that the machine is enrolled, and to maintain a record of services that the user has chosen from our Web site. This practice is analogous to the placement of 'cookies' by various web services."

6. We assume that the purpose of PhoenixNet is to attract ad revenues for Phoenix and possibly mobo manufacturers by driving consumers toward commercial products and services which you or the manufacturers have been paid to promote. Correct us if we're wrong.

"Obviously, the success of any free Internet service depends on advertising and similar revenue sources. The weaknesses in this business model have become apparent recently and have been responsible for the termination of many free Web services. Phoenix has concluded that this business model no longer represents a viable approach to delivering services to its users, and the product is being phased out."

Addendum

There was some confusion in our previous report. The company has clarified its position:

"Since we are clarifying what PhoenixNet Solutions Delivery is all about, we would like to take this opportunity to make one comment on the preliminary responses that were published in the July 8th edition of The Register. The preliminary information we provided stated in several places that PhoenixNet does not collect hardware configuration information or user personal data. This statement is true, insofar as it relates to a user who decides not to join PhoenixNet. For users who decide to join PhoenixNet, we collect certain hardware data and voluntarily provided personal data in accordance with our privacy policy.

"As we hope becomes clear from our enclosed answers, PhoenixNet is a permission-based system that a user must 'opt-into'. Before doing so, the user given the opportunity to review our privacy policy. If the user decides to join PhoenixNet, we may collect certain data in accordance with our privacy policy. Our use and distribution of this data is in accordance with our privacy policy, and industry best practices.

"We hope this clarification and our enclosed answers provide the information necessary to put any concerns to rest over PhoenixNet."

Has it? Hit the e-mail link at the top of the page and let me know what you think. I'll forward your comments to Phoenix. ®

Related Link

Phoenix privacy statement

Related Stories

Phoenix BIOS phone-home questions addressed
Phoenix BIOS mobos phoning home?

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.