Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Geolocation Question
From: mrx <mrx () propergander org uk>
Date: Fri, 08 Jan 2010 00:55:40 +0000

Hash: SHA1

Agreed, there are a lot of things that "try to" phone home.

I would have less dislike for MS data collection practices if there
was a tick box along the lines of "disable all communication with MS servers"
Perhaps with the exception of OS updates with the only information sent to MS
being the current patch level of the machine to be updated.
After all what other info do they need to update the OS?

I concur with your appraisal of Google. That's why I use Scroogle, don't use Chrome
and block analytics, syndication, adservices and doubleclick.

I guess I am just paranoid.


ps I wish Thunderbird would default to the list when replying.

Dan Kaminsky wrote:
There's lots of things that phone home, but as long as they're opt-in
and explicitly documented, I don't have a problem with it per se.

Google can sure identify a heck of a lot more, and doesn't exactly
assail you with the opportunity to browse anonymously.

On Jan 8, 2010, at 1:12 AM, mrx <mrx () propergander org uk> wrote:


Windows 7 has a multitude if services that relay usage and hardware
data back to Microsoft.
I would be surprised if you are unaware of this.

Location awareness.
Smartscreen filter.
Searches defaulting to Live/Bing.
Windows problem reporting.
Windows online help and support.
Customer Experience Improvement Program.
Search string collection.
Windows Media Player.

There are other services that contact MS with usage data.

Much of the above is opt in, however MS recommend that these
"features" are enabled to ensure a safe and enhanced Windows experience.
As most computer users are consumers as opposed to knowledgeable
computer users, I would imagine the majority will accept and enable.

Although MS may not be able to identify me personally, ie: name,
address, age, colour of eyes etc. They can get a pretty good profile
of my
surfing and computer usage habits along with my IP and MAC address.
And this is more information than I am prepared to share.

Perhaps I am being paranoid, but I would prefer that MS not have a
clue what I do with my PC, what hardware it consists of, what software
I run
on it, or which websites I visit.




I recently removed the RC version of win7 which I installed out of
curiosity. When I get around to buying the RTM I will run Wireshark
with the
OS for a while, opt in to all that MS recommend, and discover exactly
what data is shared with MS. I will then discover if my paranoia is in
fact warranted.


Dan Kaminsky wrote:
phone home features?

On Thu, Jan 7, 2010 at 11:50 PM, mrx <mrx () propergander org uk> wrote:

Dan Kaminsky wrote:
On Thu, Jan 7, 2010 at 11:12 PM, <Valdis.Kletnieks () vt edu> wrote:

On Thu, 07 Jan 2010 23:07:01 +0100, Dan Kaminsky said:
No, he uses an XSS against the router to pull its wireless MAC, and
puts that into Firefox's location services API.  That bounces off
wardriving sources and comes up with a latlong.
OK, so it only works against wireless routers that have been
already.  Makes you wonder what's on those Google Street-View trucks
besides a camera. ;)

www.wigle.net and SkyHook have been doing this stuff for a while.
Though I
suppose there is that rule, "It's only creepy if Google does it"

Disabling ssid broadcast doesn't mitigate detection either, well not by
more than a couple of minutes.
If you don't need wireless access disable it.

I used to think Microsoft were creepy. I still think Microsoft are
especially after discovering the phone home features in Win 7.
Google on the other hand are plain scary, thankfully unlike Microsoft
are entirely altruistic.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]