[ruxp] Fred Langa: Is Microsoft XP's "Product Activation" A Privacy Risk?

  • From: "Karl Dallas" <karldallas@xxxxxxxxxxxxxxxx>
  • To: <ruxp@xxxxxxxxxxxx>, <ruxp@xxxxxxxxxxxxx>, <RUXP@xxxxxxxxxxxxxxx>
  • Date: Mon, 20 Aug 2001 07:18:19 +0100

In his latest on line newsletter, Fred Langa highlights concerns about
Microsoft XP's "Windows Product Activation" (WPA) asking if it is  a
privacy risk?

He writes:

?Microsoft's forthcoming "XP" operating system and the Office XP
suites/apps (such as Word 2002, Excel 2002, etc) all use an anti-piracy
system called "Windows Product Activation," or WPA:

Once you've installed XP software, the WPA system keeps track of how
many times you've launched the software and/or how much time has passed.
Before the end of a Microsoft-determined amount of time or number of
launches, you must--- *must*--- register the software or it reverts to a
reduced functionality mode.
?The allowed number of launches and time varies by product. For example,
after 50 launches without registration, Office XP will let you view your
documents, but not change them or create new ones. With the Windows XP
OS, you get 30 days before you must register.
?OK, you might say, so what? Why not just evade the mandatory
registration by making up fake information and registering from a
throwaway email account?
?You can't. Here's why:
?When you register XP software, the registration process creates and
sends to Microsoft a unique 50-digit numeric fingerprint or code that is
a combination of the serial number of your copy of XP, plus additional
information about 10 major hardware elements in your system:
?     1. CPU serial number
?     2. CPU model number/type
?     3. Amount of RAM in the system
?     4. Graphics adapter hardware ID string
?     5. Hard drive hardware ID string
?     6. SCSI host hardware ID string (if present)
?     7. IDE controller hardware ID string
?     8. "MAC" address of your network adapter
?     9. CD-ROM drive "hardware identification string"
?    10. And whether the system is a dockable unit (e.g. a laptop) or
?But that's not all. Even when it's been fully registered, the WPA
component wakes up from time to time to verify that it's still on the
original system where it was first installed; and it "phones home" to
check with the central Microsoft database to make sure it's still indeed
a registered copy. If anything's amiss, your software reverts to
reduced- functionality mode.
?So, with WPA, Microsoft is quite literally *forcing* registration:
Microsoft wants your full-fare money for the software *and* they want to
know who you are and what PC you're using--- and you better give it to
them pronto, buster, or they'll cripple your software!
?There's lots more to the WPA story, and I've made this large and
important topic the focus of the current InformationWeek column, live
now at http://www.informationweek.com/851/langa.htm . (If you arrive
early, the link won't work: just try again a little later.) Or, you can
use the general "front door" to InformationWeek.Com's "Listening Post:"
?In that new column, we'll discuss all the above, plus: exactly what
?- and is not--- being "phoned home" by WPA; how much latitude you'll
have in changing your system before the WPA decides to cripple your
software; things you may not know about product licensing; how the
malicious hacker community is responding; and lots more.
?How do you feel about being *forced* to register your software? How do
you feel about WPA monitoring your hardware setup? What about its phone-
home activity? Or its ability to cripple your software setup? Do you
think WPA will prevent piracy, or will it simply drive people to less-
expensive and user-friendlier competitors? Will you use XP?
?Your voice is your vote--- please join the discussion!
?                                    Click to email this item to a

This is the most comprehensive and trenchant comment on XP?s WPA so far.
We have asked Microsoft for comments on why it is necessary to
re-activate Office XP every now and then, but so far have received no
Let?s have your comments also.

Other related posts:

  • » [ruxp] Fred Langa: Is Microsoft XP's "Product Activation" A Privacy Risk?