lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B46828C.4080103@propergander.org.uk>
Date: Fri, 08 Jan 2010 00:55:40 +0000
From: mrx <mrx@...pergander.org.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Geolocation Question

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Agreed, there are a lot of things that "try to" phone home.

I would have less dislike for MS data collection practices if there
was a tick box along the lines of "disable all communication with MS servers"
Perhaps with the exception of OS updates with the only information sent to MS
being the current patch level of the machine to be updated.
After all what other info do they need to update the OS?

I concur with your appraisal of Google. That's why I use Scroogle, don't use Chrome
and block analytics, syndication, adservices and doubleclick.

I guess I am just paranoid.

mrx

ps I wish Thunderbird would default to the list when replying.

Dan Kaminsky wrote:
> There's lots of things that phone home, but as long as they're opt-in
> and explicitly documented, I don't have a problem with it per se.
> 
> Google can sure identify a heck of a lot more, and doesn't exactly
> assail you with the opportunity to browse anonymously.
> 
> 
> 
> 
> 
> 
> 
> On Jan 8, 2010, at 1:12 AM, mrx <mrx@...pergander.org.uk> wrote:
> 
> Dan,
> 
> Windows 7 has a multitude if services that relay usage and hardware
> data back to Microsoft.
> I would be surprised if you are unaware of this.
> 
> WGA or WAT.
> Location awareness.
> Smartscreen filter.
> Searches defaulting to Live/Bing.
> Windows problem reporting.
> Windows online help and support.
> Customer Experience Improvement Program.
> Search string collection.
> Windows Media Player.
> 
> There are other services that contact MS with usage data.
> 
> Much of the above is opt in, however MS recommend that these
> "features" are enabled to ensure a safe and enhanced Windows experience.
> As most computer users are consumers as opposed to knowledgeable
> computer users, I would imagine the majority will accept and enable.
> 
> Although MS may not be able to identify me personally, ie: name,
> address, age, colour of eyes etc. They can get a pretty good profile
> of my
> surfing and computer usage habits along with my IP and MAC address.
> And this is more information than I am prepared to share.
> 
> Perhaps I am being paranoid, but I would prefer that MS not have a
> clue what I do with my PC, what hardware it consists of, what software
> I run
> on it, or which websites I visit.
> 
> http://news.softpedia.com/news/30-Windows-7-Features-Phone-Home-to-Microsoft-129592.shtml
> 
> 
> http://news.zdnet.co.uk/software/0,1000000121,39544372,00.htm
> 
> http://www.microsoft.com/windows/windows-7/m3/privacy-highlights.aspx
> 
> I recently removed the RC version of win7 which I installed out of
> curiosity. When I get around to buying the RTM I will run Wireshark
> with the
> OS for a while, opt in to all that MS recommend, and discover exactly
> what data is shared with MS. I will then discover if my paranoia is in
> fact warranted.
> 
> mrx
> 
> 
> 
> Dan Kaminsky wrote:
>>>> phone home features?
>>>>
>>>> On Thu, Jan 7, 2010 at 11:50 PM, mrx <mrx@...pergander.org.uk> wrote:
>>>>
>>>> Dan Kaminsky wrote:
>>>>>>> On Thu, Jan 7, 2010 at 11:12 PM, <Valdis.Kletnieks@...edu> wrote:
>>>>>>>
>>>>>>>> On Thu, 07 Jan 2010 23:07:01 +0100, Dan Kaminsky said:
>>>>>>>>> No, he uses an XSS against the router to pull its wireless MAC, and
>>>> then
>>>>>>>>> puts that into Firefox's location services API.  That bounces off
>>>> various
>>>>>>>>> wardriving sources and comes up with a latlong.
>>>>>>>> OK, so it only works against wireless routers that have been
>>>>>>>> wardriven
>>>>>>>> already.  Makes you wonder what's on those Google Street-View trucks
>>>>>>>> besides a camera. ;)
>>>>>>>>
>>>>>>> www.wigle.net and SkyHook have been doing this stuff for a while.
>>>> Though I
>>>>>>> suppose there is that rule, "It's only creepy if Google does it"
>>>>>>>
>>>> Disabling ssid broadcast doesn't mitigate detection either, well not by
>>>> more than a couple of minutes.
>>>> If you don't need wireless access disable it.
>>>>
>>>> I used to think Microsoft were creepy. I still think Microsoft are
>>>> creepy,
>>>> especially after discovering the phone home features in Win 7.
>>>> Google on the other hand are plain scary, thankfully unlike Microsoft
>>>> they
>>>> are entirely altruistic.
>>>>
>>>> mrx
>>>>
>>>>
>>>>>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
> 

- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBS0aCjLIvn8UFHWSmAQI3nQf/fESE130D7N4hgf913y3hEF/ziekTz7xc
4N/sYFLbkIMkwRPMg8oP7DJ8V4DHVR66NlGZBJtCLmWEKIHiZ8E5kCsrLH0hIFPS
UV9Aa69tx67PnbigdQC022kzmA94xjg+6E6whz0mFIlEiXQ4hWYS8Os0utzSbLjJ
PE2Lm7rrZYT/fJgfzkR8qm14HtmHGKzg5CJ8hQVZSZYeC3dZm/aXloCFURrAVR+H
chsVzg0XoczPGChOssvuZV6woiWnm+6c+oZ56OfnJmBgyPW3H4UqOWMxCVfYxgbv
Oo37uYh+AyRSFSw/0/3e8nSVMXTLwQCjd4i9Quh+1cJx2f7hvs6Jng==
=qJzz
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ