Saturday, July 29, 2006

Garden Phone May "Call Forward"!

I expressed my original concerns with regard to Microsoft's "Windows Genuine Advantage" (WGA) software tools last month in "Garden Phone?". This morning I was reading a post in the Microsoft WGA Forum, entitled, "Is MS making my PC phone home?". A link within that thread led to discovering the following statement located in the "Microsoft Genuine Advantage Privacy Statement":

"How is this data used?

We use the information to

  • Help prevent improperly licensed use of the software
  • Improve our software and services
  • Develop aggregate statistics.
We may also share aggregate data with others, such as hardware and software vendors and volume licensees to help protect their license keys." {Bold added}
To be certain that I was not misunderstanding the definition of "aggregate", I checked the Merriam-Webster Online Dictionary:
"Main Entry: 1ag·gre·gate
Pronunciation: 'a-gri-g&t
Function: adjective
Etymology: Middle English aggregat, from Latin aggregatus, past participle of aggregare to add to, from ad- + greg-, grex flock
: formed by the collection of units or particles into a body, mass, or amount"
Aggregate is not defined as a summary but as being formed by the collection of units. In the context used by Microsoft in the privacy statement quoted above, I am certainly led to believe that such an aggregate will include all information collected by Microsoft with the WGA tools.

You might ask what information Microsoft collects. Again from the "Microsoft Genuine Advantage Privacy Statement":

"The tools collect such information as:

  • Computer make and model
  • Version information for the operating system and software using Genuine Advantage
  • Region and language setting
  • A unique number assigned to your computer by the tools (Globally Unique Identifier or GUID)
  • Product ID and Product Key
  • BIOS name, revision number, and revision date
  • Hard drive serial number
In addition to the configuration information above, status information such as the following is also transferred:
  • Whether the installation was successful
  • The result of the validation check

    . . . To help protect your privacy, only a non-unique portion of your IP address is used and retained with the information collected above."

Microsoft legal beagles have certainly left their footprint on the privacy statement. It is extremely general, with absolutely no limitation or indication of which hardware and/or software vendors this collection could be shared with. Will the data be sold to the highest bidder? Will the recipient vendors maintain the data secure or publish it for their own marketing purposes? Imaginary headline reading: "XYZ Software Company holds market share of Microsoft customers with their XYZ Software! Statistics follow."

Marketing departments could further benefit from this information, targeting their software based on region, narrowed by IP Address. After all, even though Microsoft retains only "a non-unique portion of your IP address", coupled with the region and language, that would be sufficient for vendors to target advertisements to areas not using their product based on the aggregate data collected by Microsoft.

Microsoft is not the world police force and, in my opinion, does not belong providing any data to other vendors. Message to Microsoft: Stick to protecting Microsoft license keys, not those of other vendors!

No comments: