| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Jan 2010 00:55:40 +0000 From: mrx <mrx@...pergander.org.uk> To: full-disclosure@...ts.grok.org.uk Subject: Re: Geolocation Question -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Agreed, there are a lot of things that "try to" phone home. I would have less dislike for MS data collection practices if there was a tick box along the lines of "disable all communication with MS servers" Perhaps with the exception of OS updates with the only information sent to MS being the current patch level of the machine to be updated. After all what other info do they need to update the OS? I concur with your appraisal of Google. That's why I use Scroogle, don't use Chrome and block analytics, syndication, adservices and doubleclick. I guess I am just paranoid. mrx ps I wish Thunderbird would default to the list when replying. Dan Kaminsky wrote: > There's lots of things that phone home, but as long as they're opt-in > and explicitly documented, I don't have a problem with it per se. > > Google can sure identify a heck of a lot more, and doesn't exactly > assail you with the opportunity to browse anonymously. > > > > > > > > On Jan 8, 2010, at 1:12 AM, mrx <mrx@...pergander.org.uk> wrote: > > Dan, > > Windows 7 has a multitude if services that relay usage and hardware > data back to Microsoft. > I would be surprised if you are unaware of this. > > WGA or WAT. > Location awareness. > Smartscreen filter. > Searches defaulting to Live/Bing. > Windows problem reporting. > Windows online help and support. > Customer Experience Improvement Program. > Search string collection. > Windows Media Player. > > There are other services that contact MS with usage data. > > Much of the above is opt in, however MS recommend that these > "features" are enabled to ensure a safe and enhanced Windows experience. > As most computer users are consumers as opposed to knowledgeable > computer users, I would imagine the majority will accept and enable. > > Although MS may not be able to identify me personally, ie: name, > address, age, colour of eyes etc. They can get a pretty good profile > of my > surfing and computer usage habits along with my IP and MAC address. > And this is more information than I am prepared to share. > > Perhaps I am being paranoid, but I would prefer that MS not have a > clue what I do with my PC, what hardware it consists of, what software > I run > on it, or which websites I visit. > > http://news.softpedia.com/news/30-Windows-7-Features-Phone-Home-to-Microsoft-129592.shtml > > > http://news.zdnet.co.uk/software/0,1000000121,39544372,00.htm > > http://www.microsoft.com/windows/windows-7/m3/privacy-highlights.aspx > > I recently removed the RC version of win7 which I installed out of > curiosity. When I get around to buying the RTM I will run Wireshark > with the > OS for a while, opt in to all that MS recommend, and discover exactly > what data is shared with MS. I will then discover if my paranoia is in > fact warranted. > > mrx > > > > Dan Kaminsky wrote: >>>> phone home features? >>>> >>>> On Thu, Jan 7, 2010 at 11:50 PM, mrx <mrx@...pergander.org.uk> wrote: >>>> >>>> Dan Kaminsky wrote: >>>>>>> On Thu, Jan 7, 2010 at 11:12 PM, <Valdis.Kletnieks@...edu> wrote: >>>>>>> >>>>>>>> On Thu, 07 Jan 2010 23:07:01 +0100, Dan Kaminsky said: >>>>>>>>> No, he uses an XSS against the router to pull its wireless MAC, and >>>> then >>>>>>>>> puts that into Firefox's location services API. That bounces off >>>> various >>>>>>>>> wardriving sources and comes up with a latlong. >>>>>>>> OK, so it only works against wireless routers that have been >>>>>>>> wardriven >>>>>>>> already. Makes you wonder what's on those Google Street-View trucks >>>>>>>> besides a camera. ;) >>>>>>>> >>>>>>> www.wigle.net and SkyHook have been doing this stuff for a while. >>>> Though I >>>>>>> suppose there is that rule, "It's only creepy if Google does it" >>>>>>> >>>> Disabling ssid broadcast doesn't mitigate detection either, well not by >>>> more than a couple of minutes. >>>> If you don't need wireless access disable it. >>>> >>>> I used to think Microsoft were creepy. I still think Microsoft are >>>> creepy, >>>> especially after discovering the phone home features in Win 7. >>>> Google on the other hand are plain scary, thankfully unlike Microsoft >>>> they >>>> are entirely altruistic. >>>> >>>> mrx >>>> >>>> >>>>> > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >>>>> > - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS0aCjLIvn8UFHWSmAQI3nQf/fESE130D7N4hgf913y3hEF/ziekTz7xc 4N/sYFLbkIMkwRPMg8oP7DJ8V4DHVR66NlGZBJtCLmWEKIHiZ8E5kCsrLH0hIFPS UV9Aa69tx67PnbigdQC022kzmA94xjg+6E6whz0mFIlEiXQ4hWYS8Os0utzSbLjJ PE2Lm7rrZYT/fJgfzkR8qm14HtmHGKzg5CJ8hQVZSZYeC3dZm/aXloCFURrAVR+H chsVzg0XoczPGChOssvuZV6woiWnm+6c+oZ56OfnJmBgyPW3H4UqOWMxCVfYxgbv Oo37uYh+AyRSFSw/0/3e8nSVMXTLwQCjd4i9Quh+1cJx2f7hvs6Jng== =qJzz -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists