Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
National broadband plan: What’s in it for businesses?
Mobile developers take measure of Windows Phone 7
Comcast, ISC offer IPv6 transition tool
New Cisco Ethernet switches to play broader video, security roles
Windows XP: No IE9 for you
Microsoft lowers Windows licensing costs for virtual desktops
Apple's Ban on Screen Protectors Makes (Some) Sense
Corporate IT eager to deploy Windows 7, survey shows
MIT researchers enable self-assembling of chips
8 things you didn't know about Windows Phone 7
Microsoft touts 'browser with no name' in Windows Phone 7
Microsoft touts speed, HTML 5 support in IE9
It's Official: Facebook Rules the Web
It does not take a village -- or a country
New Internet browser threat sneaks by traditional defenses
/

Microsoft to avert Win 98 privacy issue

Today's breaking news
Send to a friendFeedback

By Nancy Weil AND JAMES NICCOLAI
IDG News Service, 03/09/99

Microsoft will modify future releases of Windows 98 to allow greater control of a feature that could be used to collect private information about users of the popular operating system, the company yesterday wrote in a letter to customers.

The software giant will offer a free utility to current users of Windows 98 who want to delete the feature called Registration Wizard. This feature sends to Microsoft a globally unique number that is tied to a given user's hardware configuration when the user registers. The objective of having the hardware information on file is to shorten customer service call times, Microsoft said.

The software maker acted quickly to brief consumer groups about its efforts to address the issue-a sign that it has learned a valuable lesson from the backlash Intel suffered over its plans to embed a unique serial number in its Pentium III processor.

"Microsoft says they have addressed the issue. We still need to see how that plays out, but we're pleased that they understand this is a problem and that they're doing something about it," said Ari Schwartz, policy analyst at the Center for Democracy and Technology (CDT) in Washington, D.C., who was briefed by Microsoft by telephone.

Microsoft learned on Friday that "the Registration Wizard might inadvertently be sending a specific hardware identifier to Microsoft during user registration, regardless of whether the user chose to send his or her hardware diagnostic information," Yusuf Mehdi, director of Windows marketing said in a letter posted on the Microsoft Web site.

"This hardware ID is only used by the software system and is not used for customer record-keeping purposes," he wrote. "Nonetheless, there are hypothetical scenarios under which this number could be used to learn something about the user's system without his or her knowledge."

Microsoft will sift through its own database and delete information that had been "inadvertently gathered" through the Windows 98 numbers, Mehdi wrote. The company also will modify the feature in future Windows 98 versions so that hardware ID information is not sent to Microsoft unless a user checks the option to provide it.

A programmer in Cambridge, Mass. discovered the number and immediately contacted Microsoft.

"These two cases-the Microsoft case and the Intel case-have done a lot to alert people to what can happen with identification out there on the Internet," said Schwartz.

The threat to privacy posed by the Registration Wizard may be relatively small, given that the user information is sent only to Microsoft and doesn't appear to be available to Internet users at large, Schwartz said. Nevertheless, the issue is disturbing because the software flaw would have allowed Microsoft to collect user data even after the user explicitly requested otherwise, he added.

Intel, meanwhile, has been dragged through the fire over a unique serial number it decided to embed in each of its Pentium III processors. Intel said the number allows for increased security on the Internet by making it easier to verify the identities of two parties in a transaction.

Under pressure from consumer groups the company offered at least one mechanism that allows users to disable the serial number so that it can't be read, although some consumer advocates say a skilled hacker could read the serial number if they wanted to.

Schwartz said the Pentium III's serial number has a greater potential for harm than does Microsoft's Registration Wizard.

"The Intel situation is different because people can design software and Web sites based around whether or not you have this serial number, and they can force you to divulge information about yourself as a condition of receiving their service," he said.

The CDT also fears that online marketers, as well as other people with more unscrupulous motives, could use the Pentium III serial number to help build databases of information about users based on their activities on the Internet.

Some means of identifying users on the Internet are necessary, Schwartz acknowledged. But the CDT, along with other privacy groups, believes this can be achieved by using smart cards, digital certificates and biometrics, which use unique physical characteristics like fingerprints to identify users, he said.

"I think software and hardware firms will find there are a lot of instances where you don't need to know a user's identity. In the meantime, they're creating a lot of hassle for themselves on the (public relations) front," Schwartz said.

Schwartz acknowledged that there are likely other technologies on the Internet that allow users to be identified and their Web movements to be tracked. The Intel and Microsoft products have generated a lot of reaction because they are so widely distributed, he said.

RELATED LINKS

Microsoft Web site
Identify the user, not the processor
Network World, 02/08/99

Jump on the serialized bandwagon
Network World, 02/01/99

Intel to add personal ID numbers to chips
Network World, 01/21/99

Bradner: Traveling down the road to exposure
Network World, 7/27/98

U.S., FTC and private sector offer remedies for online privacy
Network World, 7/22/98


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.