Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Geolocation Question
From: mrx <mrx () propergander org uk>
Date: Fri, 08 Jan 2010 00:55:40 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Agreed, there are a lot of things that "try to" phone home.

I would have less dislike for MS data collection practices if there
was a tick box along the lines of "disable all communication with MS servers"
Perhaps with the exception of OS updates with the only information sent to MS
being the current patch level of the machine to be updated.
After all what other info do they need to update the OS?

I concur with your appraisal of Google. That's why I use Scroogle, don't use Chrome
and block analytics, syndication, adservices and doubleclick.

I guess I am just paranoid.

mrx

ps I wish Thunderbird would default to the list when replying.

Dan Kaminsky wrote:
There's lots of things that phone home, but as long as they're opt-in
and explicitly documented, I don't have a problem with it per se.

Google can sure identify a heck of a lot more, and doesn't exactly
assail you with the opportunity to browse anonymously.







On Jan 8, 2010, at 1:12 AM, mrx <mrx () propergander org uk> wrote:

Dan,

Windows 7 has a multitude if services that relay usage and hardware
data back to Microsoft.
I would be surprised if you are unaware of this.

WGA or WAT.
Location awareness.
Smartscreen filter.
Searches defaulting to Live/Bing.
Windows problem reporting.
Windows online help and support.
Customer Experience Improvement Program.
Search string collection.
Windows Media Player.

There are other services that contact MS with usage data.

Much of the above is opt in, however MS recommend that these
"features" are enabled to ensure a safe and enhanced Windows experience.
As most computer users are consumers as opposed to knowledgeable
computer users, I would imagine the majority will accept and enable.

Although MS may not be able to identify me personally, ie: name,
address, age, colour of eyes etc. They can get a pretty good profile
of my
surfing and computer usage habits along with my IP and MAC address.
And this is more information than I am prepared to share.

Perhaps I am being paranoid, but I would prefer that MS not have a
clue what I do with my PC, what hardware it consists of, what software
I run
on it, or which websites I visit.

http://news.softpedia.com/news/30-Windows-7-Features-Phone-Home-to-Microsoft-129592.shtml


http://news.zdnet.co.uk/software/0,1000000121,39544372,00.htm

http://www.microsoft.com/windows/windows-7/m3/privacy-highlights.aspx

I recently removed the RC version of win7 which I installed out of
curiosity. When I get around to buying the RTM I will run Wireshark
with the
OS for a while, opt in to all that MS recommend, and discover exactly
what data is shared with MS. I will then discover if my paranoia is in
fact warranted.

mrx



Dan Kaminsky wrote:
phone home features?

On Thu, Jan 7, 2010 at 11:50 PM, mrx <mrx () propergander org uk> wrote:

Dan Kaminsky wrote:
On Thu, Jan 7, 2010 at 11:12 PM, <Valdis.Kletnieks () vt edu> wrote:

On Thu, 07 Jan 2010 23:07:01 +0100, Dan Kaminsky said:
No, he uses an XSS against the router to pull its wireless MAC, and
then
puts that into Firefox's location services API.  That bounces off
various
wardriving sources and comes up with a latlong.
OK, so it only works against wireless routers that have been
wardriven
already.  Makes you wonder what's on those Google Street-View trucks
besides a camera. ;)

www.wigle.net and SkyHook have been doing this stuff for a while.
Though I
suppose there is that rule, "It's only creepy if Google does it"

Disabling ssid broadcast doesn't mitigate detection either, well not by
more than a couple of minutes.
If you don't need wireless access disable it.

I used to think Microsoft were creepy. I still think Microsoft are
creepy,
especially after discovering the phone home features in Win 7.
Google on the other hand are plain scary, thankfully unlike Microsoft
they
are entirely altruistic.

mrx



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBS0aCjLIvn8UFHWSmAQI3nQf/fESE130D7N4hgf913y3hEF/ziekTz7xc
4N/sYFLbkIMkwRPMg8oP7DJ8V4DHVR66NlGZBJtCLmWEKIHiZ8E5kCsrLH0hIFPS
UV9Aa69tx67PnbigdQC022kzmA94xjg+6E6whz0mFIlEiXQ4hWYS8Os0utzSbLjJ
PE2Lm7rrZYT/fJgfzkR8qm14HtmHGKzg5CJ8hQVZSZYeC3dZm/aXloCFURrAVR+H
chsVzg0XoczPGChOssvuZV6woiWnm+6c+oZ56OfnJmBgyPW3H4UqOWMxCVfYxgbv
Oo37uYh+AyRSFSw/0/3e8nSVMXTLwQCjd4i9Quh+1cJx2f7hvs6Jng==
=qJzz
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault