XP search accessing net?

I am trying Tamosoft Commview demo, a packet sniffer.

I noticed plenty of outbound info and script going to

sa.microsoft.com

immediately after clicking on Search on the start menu.  

I did not ask XP to search the net or M$ for anything.  Why is M$ being
contacted?  This happens even before search terms are input.  Can anyone
elaborate on what's going on?
0
gator8her2
9/22/2002 8:09:00 PM
grc.privacy 4590 articles. 0 followers. Follow

153 Replies
1482 Views

Similar Articles

[PageSpeed] 20

gator8her2@yahoo.com wrote:
> I am trying Tamosoft Commview demo, a packet sniffer.
>
> I noticed plenty of outbound info and script going to
>
> sa.microsoft.com
>
> immediately after clicking on Search on the start menu.
>
> I did not ask XP to search the net or M$ for anything.  Why is M$ being
> contacted?  This happens even before search terms are input.  Can anyone
> elaborate on what's going on?

Search Assistant?

http://www.windows-help.net/WindowsXP/tune-20.html

http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=25190

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
9/22/2002 8:29:00 PM
gator8her2@yahoo.com wrote in news:3D8E2389.CA2C6404@yahoo.com:

> I am trying Tamosoft Commview demo, a packet sniffer.
> 
> I noticed plenty of outbound info and script going to
> 
> sa.microsoft.com
> 
> immediately after clicking on Search on the start menu.  
> 
> I did not ask XP to search the net or M$ for anything.  Why is
> M$ being contacted?  This happens even before search terms are
> input.  Can anyone elaborate on what's going on?

http://sa.windows.com/privacy/

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/22/2002 8:30:00 PM
Thanks.  I was searching my local hard drive for a file.  Search
Assistant immediatly contacts sa.windows.com even before any search
terms have been entered.  Is there any way to search for a file, as in
the old "find files" from windows 98 that does not compromise privacy by
putting stuff out on the net?

gator

Robert Wycoff wrote:
> 
> gator8her2@yahoo.com wrote:
> > I am trying Tamosoft Commview demo, a packet sniffer.
> >
> > I noticed plenty of outbound info and script going to
> >
> > sa.microsoft.com
> >
> > immediately after clicking on Search on the start menu.
> >
> > I did not ask XP to search the net or M$ for anything.  Why is M$ being
> > contacted?  This happens even before search terms are input.  Can anyone
> > elaborate on what's going on?
> 
> Search Assistant?
> 
> http://www.windows-help.net/WindowsXP/tune-20.html
> 
> http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=25190
> 
> --
> Robert
> List of Lists - http://lists.gpick.com/
> Eric Howe's Privacy and Security Site -
> http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
gator8her2
9/22/2002 8:51:00 PM
gator8her2@yahoo.com wrote in news:3D8E2D48.C1EE1975@yahoo.com:

> Thanks.  I was searching my local hard drive for a file.  Search
> Assistant immediatly contacts sa.windows.com even before any
> search terms have been entered.  Is there any way to search for
> a file, as in the old "find files" from windows 98

The links Robert has already provided allow you to do what it is 
you're asking, or as close to it as possible.

> that does not compromise privacy by putting stuff out on the net?

And what evidence do you have that your privacy is being compromised?

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/22/2002 9:02:00 PM
Performing a local function should never access the net.  File names
contain *private* content.

gator


> > that does not compromise privacy by putting stuff out on the net?
> 
> And what evidence do you have that your privacy is being compromised?
> 
> --
> BlueJAMC
>
0
gator8her2
9/22/2002 9:04:00 PM
BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:

>gator8her2@yahoo.com wrote in news:3D8E2D48.C1EE1975@yahoo.com:

>> Thanks.  I was searching my local hard drive for a file.  Search
>> Assistant immediatly contacts sa.windows.com even before any
>> search terms have been entered.  Is there any way to search for
>> a file, as in the old "find files" from windows 98
>> that does not compromise privacy by putting stuff out on the net?

>And what evidence do you have that your privacy is being compromised?

Blue, the fact that it transmits means, at minimum, the user's IP
address is known to MS.  That can most certainly be an element of
identification, profiling, etc.

The fact that any process phones home to its maker unbidden is a valid
concern for consumers and professionals alike.

pchelp
0
pchelp
9/22/2002 9:34:00 PM
gator8her2@yahoo.com wrote in news:3D8E3068.3B667E82@yahoo.com:

> Performing a local function should never access the net.  File
> names contain *private* content.

Had you actually read the link I provided earlier on, in response to 
your original post, you'd know that no local filenames, or local 
information of any kind, is transmitted.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/22/2002 9:34:00 PM
<gator8her2@yahoo.com> wrote in message news:3D8E3068.3B667E82@yahoo.com...
> Performing a local function should never access the net.  File names
> contain *private* content.
>
> gator

And you just said the contact was made before you even started searching,
did commview reveal anything being sent after you input the filenames? Had
you at this point nominated local devices? In other words did the contact
appear to be a preparatory thing to save time later, or did it send what you
were searching for to the server anyway?

I'm a bit unsure how a filename alone can breach privacy since even if the
computer's IP is linked to it the user remains unknown.

Charlie
0
Charlie
9/22/2002 9:37:00 PM
pchelp@pc-help.org (pchelp) wrote in
news:3d8e3692.142973992@news.grc.com: 

> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
> 
>>gator8her2@yahoo.com wrote in news:3D8E2D48.C1EE1975@yahoo.com:
> 
>>> Thanks.  I was searching my local hard drive for a file. 
>>> Search Assistant immediatly contacts sa.windows.com even
>>> before any search terms have been entered.  Is there any way
>>> to search for a file, as in the old "find files" from windows
>>> 98 that does not compromise privacy by putting stuff out on
>>> the net? 
> 
>>And what evidence do you have that your privacy is being
>>compromised? 
> 
> Blue, the fact that it transmits means, at minimum, the user's
> IP address is known to MS.  That can most certainly be an
> element of identification, profiling, etc.

With all due respect, you've *GOT* to be kidding me!  Going to 
www.microsoft.com, or www.google.com, or any other site, isn't a 
breach of privacy, yet requires your IP address to be sent.  
Claiming that the transmission of an IP address is "an element of 
identification, profiling, etc" is ludicrous at best, and FUD at 
worst.

> The fact that any process phones home to its maker unbidden is a
> valid concern for consumers and professionals alike.

A concern, yes, but there is *NO EVIDENCE* to support that ANY 
privacy is being compromised.  In fact, quite the opposite;  there 
is evidence to support that NO privacy is being compromised.  There 
have been packet dumps, and independent reviews of this feature, 
and it is well-established that there is no issue of privacy.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/22/2002 9:46:00 PM
In article <Xns9291AAAC98B33BlueJAMCnoneofthatsp@207.71.92.194>, BlueJAMC 
says...
>A concern, yes, but there is *NO EVIDENCE* to support that ANY 
>privacy is being compromised.  In fact, quite the opposite;  there 
>is evidence to support that NO privacy is being compromised.  There 
>have been packet dumps, and independent reviews of this feature, 
>and it is well-established that there is no issue of privacy.
>

So -- why does it do that call? It has been modified with SP1 so it only 
tries once now instead of twice -- but why does it do it at all? To make 
sure you have the current XML? On *every* single file search? Why does it 
do that? Microsoft only sees the need to patch security holes with major 
service packs so why check XML with every single file search? This is 
*not* a troll -- I really want to know.
-- 
Phil
0
Phil
9/22/2002 10:05:00 PM
Phil Youngblood <phil587@my_un_realbox.com> wrote in
news:amleqf$2ga7$3@news.grc.com: 

> In article <Xns9291AAAC98B33BlueJAMCnoneofthatsp@207.71.92.194>,
> BlueJAMC says...
>>A concern, yes, but there is *NO EVIDENCE* to support that ANY 
>>privacy is being compromised.  In fact, quite the opposite; 
>>there is evidence to support that NO privacy is being
>>compromised.  There have been packet dumps, and independent
>>reviews of this feature, and it is well-established that there
>>is no issue of privacy. 
>>
> 
> So -- why does it do that call?

I'll let you figure it out yourself...there are plenty of results
on Google which answer that question, and you seem quite capable
of typing tiny words into Google's search box--at least, you seem
capable of doing it here. 

> It has been modified with SP1 so it only tries once now instead
> of twice

Seems to try twice here, with SP1...but I'll take your word for
it. 

> -- but why does it do it at all?

C'mon...you can find the answer yourself...don't make me spoon
feed you. 

> To make sure you have the current XML? On *every* single file
> search? Why does it do that?

Why not ask Microsoft?

> Microsoft only sees the need to patch security holes with major
> service packs so why check XML with every single file search?

This goes BEYOND comparing apples and oranges...I think at this 
point, you're comparing apples and orange concentrate.

> This is *not* a troll

Could have fooled me...

> -- I really want to know. 

I don't know...why don't you ask Microsoft?  (As if their answer 
would be satisfactory for you.)

In any case, whether it tries once, twice, or a dozen times, 
whether it does it once every time the search is started, every 
time the computer is started, every week, every month, or every 
year, has absolutely NOTHING to do with the fact that this is in NO 
WAY a privacy risk.  It has been analyzed...there have been packet 
dumps done...there's even a privacy policy regarding the Search 
Assistant.  And what do all those things conclude?  That there is 
NO privacy issue, and that no information--no filenames which have 
been searched for, no physical addresses, no names, no information 
of ANY kind is being transferred with the connection to 
sa.windows.com.

If you want more/better answers than that, do a Google search like 
a big boy, or contact Microsoft.

Oh, and this is *not* feeding a troll -- I really mean it.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/22/2002 10:19:00 PM
In article <3D8E2D48.C1EE1975@yahoo.com>, gator8her2@yahoo.com says...
> Is there any way to search for a file, as in
> the old "find files" from windows 98 that does not compromise privacy by
> putting stuff out on the net?
> 
> 
Did you check out Robert's link? The second one leads to instructions: 
Q. How can I disable the Windows Explorer search assistant in Windows 
XP?

Once you do that, it won't access the net any longer.
0
Frank
9/22/2002 10:41:00 PM
BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:

>> ... why check XML with every single file search?

>I don't know...why don't you ask Microsoft?

So, Blue.  you assert _absolutely_ that automated and repeated
transmission of the user's IP address (at minimum) to a Microsoft server
every time that user tries to perform a _local_ file search operation
has nothing whatsoever to do with any kind of privacy concern.

And when asked for specifics WRT your staunch and utterly positive claim
that the whole matter has been totally investigated -- you have no clue.

pchelp
, amazed.
0
pchelp
9/22/2002 10:42:00 PM
pchelp@pc-help.org (pchelp) wrote in
news:3d8e45f9.146917222@news.grc.com: 

> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
> 
>>> ... why check XML with every single file search?
> 
>>I don't know...why don't you ask Microsoft?
> 
> So, Blue.  you assert _absolutely_ that automated and repeated
> transmission of the user's IP address (at minimum) to a
> Microsoft server every time that user tries to perform a _local_
> file search operation has nothing whatsoever to do with any kind
> of privacy concern. 

That's correct...

> And when asked for specifics WRT your staunch and utterly
> positive claim that the whole matter has been totally
> investigated -- you have no clue. 

I have no clue why MS chooses to connect three times, four times, 
two times, one time, or one hundred times to sa.microsoft.com, nor 
do I have any clue why it tries to connect to sa.microsoft.com 
every time a local search is done.  All you, or anyone, would have 
to do is run a cursory search on Google and find some of the 
following results:

http://theregister.co.uk/content/archive/24815.html

http://www.sumthin.nu/archives/ntbt/Feb_2002/msg00017.html

http://ask.slashdot.org/askslashdot/02/07/24/2029230.shtml?tid=109

Gee, and wouldn't you know it, every single one of those pages 
explains why the connection is made, and what purpose it serves, 
and that that no information is transferred from your machine.

So do I have a clue why it connects to sa.windows.com with the 
frequency it does?  No.  Do I know why it connects to 
sa.windows.com?  Yes.  Do I know what information is transmitted?  
Yes.  Is there a privacy issue.  Obviously, NO.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/22/2002 10:56:00 PM
Folks, I didn't intend to start an arguement.  I downloaded Commview
becuase I am trying to find out why my XP computer has gotten bogged
down, and sometimes makes the same swish (.wav file) sound that the
search function makes.  I noticed this application connecting and
communicating a fair amount of stuff.

The demo version only displays alternate lines, so I can't say exactly
what if any information is going out.  I did look at google for
sa.windows.com and came up empty.  

The search application connects to the net as soon as it is launched. 
Then if a search term is put into the file box, it connects again.  I
can't see my file name term in the alternate windows that demo CommView
shows.  I can't say what is sent, as I only see half of it.

However, it is inappropriate that any local application contacts the
net.  The IP is available.  The IP is also available from the scheduled
wupdate task.  This stuff can be databased and cross referenced.  Count
on it, or why would they bother?  Not everyone is stuck with dial-up and
many have static IP.

Media player also tries to contact the net if it's in the trusted zone
of the firewall.  Whose business is it what CD I am playing?  

I consider this errant behavior as hostile and it does not belong in
these applications.  Now I need to see if I can keep search in the
sandbox.

Why not put all your personal data on M$ servers and run a diskless
machine?  They are not interested in it anyway, right?

GAtor

one packet below:~

0x0000   00 00 01 00 00 00 D4 E5-20 00 01 00 08 00 45 00   ......��
......E.
0x0010   05 DC A8 3F 40 00 FD 06-CB 3A CF 2E E2 28 42 2C  
..ܨ?@.�.�:�.�(B,
0x0020   11 1E 00 50 0B DF 5E 11-37 A4 19 5E 16 D4 50 10  
....P.�^.7�.^.�P.
0x0030   FA F0 AB 19 00 00 48 54-54 50 2F 31 2E 31 20 32  
��...HTTP/1.1 2
0x0040   30 30 20 4F 6B 0D 0A 53-65 72 76 65 72 3A 20 4D   00
Ok..Server: M
0x0050   69 63 72 6F 73 6F 66 74-2D 49 49 53 2F 35 2E 30  
icrosoft-IIS/5.0
0x0060   0D 0A 50 33 50 3A 20 43-75 73 74 6F 6D 20 48 65   ..P3P: Custom
He
0x0070   61 64 65 72 20 56 61 6C-75 65 3A 20 70 6F 6C 69   ader Value:
poli
0x0080   63 79 72 65 66 3D 22 3C-68 74 74 70 3A 2F 2F 73  
cyref="<http://s
0x0090   61 2E 77 69 6E 64 6F 77-73 2E 63 6F 6D 2F 70 72  
a.windows.com/pr
0x00A0   69 76 61 63 79 2F 3E 22-2C 20 43 50 3D 22 4E 4F   ivacy/>",
CP="NO
0x00B0   49 20 44 53 50 20 4E 49-44 20 43 4F 52 20 43 55   I DSP NID COR
CU
0x00C0   52 20 41 44 4D 61 20 44-45 56 20 4F 55 52 20 53   R ADMa DEV
OUR S
0x00D0   41 4D 20 42 55 53 20 53-54 41 22 0D 0A 44 61 74   AM BUS
STA"..Dat
0x00E0   65 3A 20 53 75 6E 2C 20-32 32 20 53 65 70 20 32   e: Sun, 22
Sep 2
0x00F0   30 30 32 20 32 32 3A 34-33 3A 31 38 20 47 4D 54   002 22:43:18
GMT
0x0100   0D 0A 43 6F 6E 74 65 6E-74 2D 54 79 70 65 3A 20  
...Content-Type: 
0x0110   74 65 78 74 2F 78 6D 6C-0D 0A 41 63 63 65 70 74  
text/xml..Accept
0x0120   2D 52 61 6E 67 65 73 3A-20 62 79 74 65 73 0D 0A   -Ranges:
bytes..
0x0130   4C 61 73 74 2D 4D 6F 64-69 66 69 65 64 3A 20 54  
Last-Modified: T
0x0140   75 65 2C 20 32 36 20 4D-61 72 20 32 30 30 32 20   ue, 26 Mar
2002 
0x0150   30 30 3A 35 39 3A 30 38-20 47 4D 54 0D 0A 45 54   00:59:08
GMT..ET
0x0160   61 67 3A 20 22 34 33 62-65 32 36 65 36 31 64 34   ag:
"43be26e61d4
0x0170   63 31 31 3A 37 65 66 22-0D 0A 43 6F 6E 74 65 6E  
c11:7ef"..Conten
0x0180   74 2D 4C 65 6E 67 74 68-3A 20 31 35 33 31 0D 0A   t-Length:
1531..
0x0190   41 67 65 3A 20 30 0D 0A-56 69 61 3A 20 48 54 54   Age: 0..Via:
HTT
0x01A0   50 2F 31 2E 31 20 63 6C-75 73 74 65 72 2E 6C 6E   P/1.1
cluster.ln
0x01B0   68 2E 6D 64 20 28 54 72-61 66 66 69 63 2D 53 65   h.md
(Traffic-Se
0x01C0   72 76 65 72 2F 34 2E 30-2E 31 32 2D 41 20 5B 63   rver/4.0.12-A
[c
0x01D0   53 73 4E 66 55 5D 29 0D-0A 0D 0A EF BB BF 3C 53  
SsNfU])....<S
0x01E0   69 6D 70 6C 65 44 69 61-6C 6F 67 20 78 6D 6C 6E   impleDialog
xmln
0x01F0   73 3A 73 63 3D 22 75 72-6E 3A 76 61 6C 69 64 2D  
s:sc="urn:valid-
0x0200   73 63 2D 78 6D 6C 2D 66-69 6C 65 22 3E 0D 0A 09  
sc-xml-file">...
0x0210   3C 54 69 74 6C 65 3E 0D-0A 09 09 3C 54 65 78 74  
<Title>....<Text
0x0220   3E 3C 21 5B 43 44 41 54-41 5B 57 68 61 74 20 64  
><![CDATA[What d
0x0230   6F 20 79 6F 75 20 77 61-6E 74 20 74 6F 20 73 65   o you want to
se
0x0240   61 72 63 68 20 66 6F 72-3F 5D 5D 3E 3C 2F 54 65   arch
for?]]></Te
0x0250   78 74 3E 0D 0A 09 3C 2F-54 69 74 6C 65 3E 0D 0A  
xt>...</Title>..
0x0260   09 3C 4C 69 6E 6B 20 49-64 3D 22 35 35 30 30 22   .<Link
Id="5500"
0x0270   20 49 63 6F 6E 49 64 3D-22 32 39 30 22 20 54 6F    IconId="290"
To
0x0280   70 4D 61 72 67 69 6E 3D-22 38 22 3E 0D 0A 09 09  
pMargin="8">....
0x0290   3C 54 65 78 74 3E 3C 21-5B 43 44 41 54 41 5B 26  
<Text><![CDATA[&
0x02A0   50 69 63 74 75 72 65 73-2C 20 6D 75 73 69 63 2C   Pictures,
music,
0x02B0   20 6F 72 20 76 69 64 65-6F 5D 5D 3E 3C 2F 54 65    or
video]]></Te
0x02C0   78 74 3E 0D 0A 09 3C 2F-4C 69 6E 6B 3E 0D 0A 09  
xt>...</Link>...
0x02D0   3C 4C 69 6E 6B 20 49 64-3D 22 35 35 30 31 22 20   <Link
Id="5501" 
0x02E0   49 63 6F 6E 49 64 3D 22-32 39 30 22 20 54 6F 70   IconId="290"
Top
0x02F0   4D 61 72 67 69 6E 3D 22-35 22 3E 0D 0A 09 09 3C  
Margin="5">....<
0x0300   54 65 78 74 3E 3C 21 5B-43 44 41 54 41 5B 44 26  
Text><![CDATA[D&
0x0310   6F 63 75 6D 65 6E 74 73-20 28 77 6F 72 64 20 70   ocuments
(word p
0x0320   72 6F 63 65 73 73 69 6E-67 2C 20 73 70 72 65 61   rocessing,
sprea
0x0330   64 73 68 65 65 74 2C 20-65 74 63 2E 29 5D 5D 3E   dsheet,
etc.)]]>
0x0340   3C 2F 54 65 78 74 3E 0D-0A 09 3C 2F 4C 69 6E 6B  
</Text>...</Link
0x0350   3E 0D 0A 09 3C 4C 69 6E-6B 20 49 64 3D 22 35 35   >...<Link
Id="55
0x0360   30 32 22 20 49 63 6F 6E-49 64 3D 22 32 39 30 22   02"
IconId="290"
0x0370   20 54 6F 70 4D 61 72 67-69 6E 3D 22 35 22 3E 0D   
TopMargin="5">.
0x0380   0A 09 09 3C 54 65 78 74-3E 3C 21 5B 43 44 41 54  
....<Text><![CDAT
0x0390   41 5B 41 26 6C 6C 20 66-69 6C 65 73 20 61 6E 64   A[A&ll files
and
0x03A0   20 66 6F 6C 64 65 72 73-5D 5D 3E 3C 2F 54 65 78   
folders]]></Tex
0x03B0   74 3E 0D 0A 09 3C 2F 4C-69 6E 6B 3E 0D 0A 09 3C  
t>...</Link>...<
0x03C0   4C 69 6E 6B 20 49 64 3D-22 35 35 30 33 22 20 49   Link
Id="5503" I
0x03D0   63 6F 6E 49 64 3D 22 32-39 30 22 20 54 6F 70 4D   conId="290"
TopM
0x03E0   61 72 67 69 6E 3D 22 35-22 3E 0D 0A 09 09 3C 54  
argin="5">....<T
0x03F0   65 78 74 3E 3C 21 5B 43-44 41 54 41 5B 50 72 69  
ext><![CDATA[Pri
0x0400   6E 74 65 72 73 2C 20 26-63 6F 6D 70 75 74 65 72   nters,
&computer
0x0410   73 2C 20 6F 72 20 70 65-6F 70 6C 65 5D 5D 3E 3C   s, or
people]]><
0x0420   2F 54 65 78 74 3E 0D 0A-09 3C 2F 4C 69 6E 6B 3E  
/Text>...</Link>
0x0430   0D 0A 09 3C 4C 69 6E 6B-20 49 64 3D 22 35 35 30   ...<Link
Id="550
0x0440   35 22 20 49 63 6F 6E 49-64 3D 22 32 39 30 22 20   5"
IconId="290" 
0x0450   54 6F 70 4D 61 72 67 69-6E 3D 22 35 22 3E 0D 0A  
TopMargin="5">..
0x0460   09 09 3C 54 65 78 74 3E-3C 21 5B 43 44 41 54 41  
...<Text><![CDATA
0x0470   5B 26 43 6F 6D 70 75 74-65 72 73 20 6F 72 20 70   [&Computers
or p
0x0480   65 6F 70 6C 65 5D 5D 3E-3C 2F 54 65 78 74 3E 0D  
eople]]></Text>.
0x0490   0A 09 3C 2F 4C 69 6E 6B-3E 0D 0A 09 3C 4C 69 6E  
...</Link>...<Lin
0x04A0   6B 20 49 64 3D 22 35 37-30 33 22 20 49 63 6F 6E   k Id="5703"
Icon
0x04B0   49 64 3D 22 32 34 22 20-54 6F 70 4D 61 72 67 69   Id="24"
TopMargi
0x04C0   6E 3D 22 35 22 3E 0D 0A-20 20 20 20 20 20 20 20  
n="5">..        
0x04D0   3C 54 65 78 74 3E 3C 21-5B 43 44 41 54 41 5B 26  
<Text><![CDATA[&
0x04E0   49 6E 66 6F 72 6D 61 74-69 6F 6E 20 69 6E 20 48   Information
in H
0x04F0   65 6C 70 20 61 6E 64 20-53 75 70 70 6F 72 74 20   elp and
Support 
0x0500   43 65 6E 74 65 72 5D 5D-3E 3C 2F 54 65 78 74 3E  
Center]]></Text>
0x0510   0D 0A 20 20 20 20 3C 2F-4C 69 6E 6B 3E 0D 0A 09   ..   
</Link>...
0x0520   3C 4C 61 62 65 6C 20 54-6F 70 4D 61 72 67 69 6E   <Label
TopMargin
0x0530   3D 22 38 22 3E 0D 0A 09-09 3C 54 65 78 74 3E 3C  
="8">....<Text><
0x0540   21 5B 43 44 41 54 41 5B-59 6F 75 20 6D 61 79 20   ![CDATA[You
may 
0x0550   61 6C 73 6F 20 77 61 6E-74 20 74 6F 2E 2E 2E 5D   also want
to...]
0x0560   5D 3E 3C 2F 54 65 78 74-3E 0D 0A 09 3C 2F 4C 61  
]></Text>...</La
0x0570   62 65 6C 3E 0D 0A 09 3C-4C 69 6E 6B 20 49 64 3D   bel>...<Link
Id=
0x0580   22 35 35 30 34 22 20 49-63 6F 6E 49 64 3D 22 32   "5504"
IconId="2
0x0590   34 30 30 34 22 20 54 6F-70 4D 61 72 67 69 6E 3D   4004"
TopMargin=
0x05A0   22 38 22 3E 0D 0A 09 09-3C 54 65 78 74 3E 3C 21  
"8">....<Text><!
0x05B0   5B 43 44 41 54 41 5B 26-53 65 61 72 63 68 20 74  
[CDATA[&Search t
0x05C0   68 65 20 49 6E 74 65 72-6E 65 74 5D 5D 3E 3C 2F   he
Internet]]></
0x05D0   54 65 78 74 3E 0D 0A 09-3C 2F 4C 69 6E 6B 3E 0D  
Text>...</Link>.
0x05E0   0A 09 3C 4C 69 6E 6B 20-49 64                     ..<Link Id


Phil Youngblood wrote:
> 
> In article <Xns9291AAAC98B33BlueJAMCnoneofthatsp@207.71.92.194>, BlueJAMC
> says...
> >A concern, yes, but there is *NO EVIDENCE* to support that ANY
> >privacy is being compromised.  In fact, quite the opposite;  there
> >is evidence to support that NO privacy is being compromised.  There
> >have been packet dumps, and independent reviews of this feature,
> >and it is well-established that there is no issue of privacy.
> >
> 
> So -- why does it do that call? It has been modified with SP1 so it only
> tries once now instead of twice -- but why does it do it at all? To make
> sure you have the current XML? On *every* single file search? Why does it
> do that? Microsoft only sees the need to patch security holes with major
> service packs so why check XML with every single file search? This is
> *not* a troll -- I really want to know.
> --
> Phil
0
gator8her2
9/22/2002 11:12:00 PM
gator8her2@yahoo.com wrote in news:3D8E4E61.ECAB79B1@yahoo.com:

*snip*
> The demo version only displays alternate lines, so I can't say
> exactly what if any information is going out.  I did look at
> google for sa.windows.com and came up empty.  

http://www.google.com/search?q=%22sa.windows.com%22

> The search application connects to the net as soon as it is
> launched. Then if a search term is put into the file box, it
> connects again.  I can't see my file name term in the alternate
> windows that demo CommView shows.  I can't say what is sent, as
> I only see half of it. 

Did you even LOOK at the original link I provided?

From http://sa.windows.com/privacy/:

"No information is ever collected by Search Companion when you 
search your local system, LAN, or intranet for any reason."

> However, it is inappropriate that any local application contacts
> the net.  The IP is available.  The IP is also available from
> the scheduled wupdate task.  This stuff can be databased and
> cross referenced.  Count on it, or why would they bother?  Not
> everyone is stuck with dial-up and many have static IP.

And what would they database?  "Oh, look, this IP has auto-update 
AND updates search assistant!  From this, we can determine that 
they're running XP!"  Not exactly a gold mine of information.

> Media player also tries to contact the net if it's in the
> trusted zone of the firewall.  Whose business is it what CD I am
> playing?  

A lot of people actually like this *FEATURE*, as it saves them the 
effort of having to manually type in song titles, album titles, 
artists, etc.  I personally am one.

> I consider this errant behavior as hostile and it does not
> belong in these applications.  Now I need to see if I can keep
> search in the sandbox.

Wait...so now the fact that Windows Media Player sends what CD 
you're listening to (like pretty much every other major media 
player, like Media Jukebox, Musicmatch Jukebox, Winamp 3 (and 
Winamp2 sends what MP3 you're listening to to the Nullsoft servers 
by default), FreeAMP (IIRC)) makes it hostile?  I suppose that all 
the other media players I mentioned are hostile in your book as 
well?

> Why not put all your personal data on M$ servers and run a
> diskless machine?  They are not interested in it anyway, right?

Once again, you're comparing apples and oranges...but I'm sure you 
already knew that.

> one packet below:~
*snip*

Hmm...and it looks pretty much like what most sites that have 
reviewed this feature say it is.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/22/2002 11:33:00 PM
BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:

>pchelp@pc-help.org (pchelp) wrote in
>news:3d8e45f9.146917222@news.grc.com: 

>> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
>> 
>>>> ... why check XML with every single file search?
>> 
>>>I don't know...why don't you ask Microsoft?

>> So, Blue.  you assert _absolutely_ that automated and repeated
>> transmission of the user's IP address (at minimum) to a
>> Microsoft server every time that user tries to perform a _local_
>> file search operation has nothing whatsoever to do with any kind
>> of privacy concern. 

>That's correct...

And it is dead wrong.  End of story.  Because an IP address most
certainly is potentially traceable and/or may be attributable to a
specific individual and/or to data of a personal nature.

That MS claims it is not logging IPs is however worthy of mention.

Do you suppose they'd find that necessary to mention if it had nothing
to do with privacy concerns?  Would the Register and Slashdot give the
matter of IP transmission lip service if it were a bogus issue?

That you chose not to mention any of that, and instead offered only a
definitive assertion that is patently unsupportable, along with
misrepresentation of my own statement, I find irksome at best.


>> And when asked for specifics WRT your staunch and utterly
>> positive claim that the whole matter has been totally
>> investigated -- you have no clue. 

>I have no clue why MS chooses to connect three times, four times, 
>two times, one time, or one hundred times to sa.microsoft.com, nor 
>do I have any clue why it tries to connect to sa.microsoft.com 
>every time a local search is done.  All you, or anyone, would have 
>to do is run a cursory search on Google and find some of the 
>following results:

>http://theregister.co.uk/content/archive/24815.html
[etc.]

.... which links you could have provided before, and you could also have
commented on the specifics.

A "go find out for yourself" attitude often makes some sense.  But so
does offering helpful information.  And a factual explanation for a
definitive, yet validly questionable statement of your own is more than
a mere courtesy.

Combative, fact-free responses only lengthen threads, and lower the tone
of the dialogue in a place where our exchanges should by all rights be
helpful and informative.

pchelp
0
pchelp
9/22/2002 11:37:00 PM
Man oh man.  Why browbeat someone who arrives with valid concerns, valid
questions, and a valid viewpoint of his own?  I find this really
disappointing, Blue.  You're basically abusing a visitor to someone
else's newsgroup.  You _really_ need to give it a rest.

pchelp


BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:

>Did you even LOOK at the original link I provided?

>And what would they database?  "Oh, look, this IP has auto-update 
>AND updates search assistant!  From this, we can determine that 
>they're running XP!"  Not exactly a gold mine of information.

>A lot of people actually like this *FEATURE*, as it saves them the 
>effort of having to manually type in song titles, album titles, 
>artists, etc.  I personally am one.

>Wait...so now the fact that Windows Media Player sends what CD 
>you're listening to (like pretty much every other major media 
>player, like Media Jukebox, Musicmatch Jukebox, Winamp 3 (and 
>Winamp2 sends what MP3 you're listening to to the Nullsoft servers 
>by default), FreeAMP (IIRC)) makes it hostile?  I suppose that all 
>the other media players I mentioned are hostile in your book as 
>well?

>Once again, you're comparing apples and oranges...but I'm sure you 
>already knew that.
0
pchelp
9/22/2002 11:43:00 PM
In article <Xns9291B040DEA31BlueJAMCnoneofthatsp@207.71.92.194>, BlueJAMC 
says...
>Phil Youngblood <phil587@my_un_realbox.com> wrote in
>news:amleqf$2ga7$3@news.grc.com: 
>
>> In article <Xns9291AAAC98B33BlueJAMCnoneofthatsp@207.71.92.194>,
>> BlueJAMC says...
>>>A concern, yes, but there is *NO EVIDENCE* to support that ANY 
>>>privacy is being compromised.  In fact, quite the opposite; 
>>>there is evidence to support that NO privacy is being
>>>compromised.  There have been packet dumps, and independent
>>>reviews of this feature, and it is well-established that there
>>>is no issue of privacy. 
>>>
 
>> So -- why does it do that call?
>
>I'll let you figure it out yourself...there are plenty of results
>on Google which answer that question, and you seem quite capable
>of typing tiny words into Google's search box--at least, you seem
>capable of doing it here.

Oh, I have done those -- as evidenced by my reference to the file update. 
But, it has never *found* any update to download since the first time I 
turned this machine on in Nov of last year. So, why make the call? 

>> It has been modified with SP1 so it only tries once now instead
>> of twice
>
>Seems to try twice here, with SP1...but I'll take your word for
>it.

Just tried again -- it did make two calls. I have only made one or two 
file searches while connected to the 'net and those only made one. Go 
figure. 

>> -- but why does it do it at all?
>
>C'mon...you can find the answer yourself...don't make me spoon
>feed you.

I know the party line -- extension update, but it never does anything 
except call out. If there is *no* need to make the call, why do it? 

>> To make sure you have the current XML? On *every* single file
>> search? Why does it do that?
>
>Why not ask Microsoft?

I thought I was asking an MS expert -- you profess ultimate knowledge 
about MS apps calling home and what they do and do not do so I attempted 
to farm that knowledge.

>> Microsoft only sees the need to patch security holes with major
>> service packs so why check XML with every single file search?
>
>This goes BEYOND comparing apples and oranges...I think at this 
>point, you're comparing apples and orange concentrate.

No -- not at all. Just making a comparison to how they "update" things -- 
security holes, service packs; file extension updates, every single file 
search. Update comparison -- no fruit involved at all. <g>

>> This is *not* a troll
>
>Could have fooled me...

Must be easily done, then. I REALLY *would* like to know why the call is 
needed. The call out on a Help search is VERY useful, at least to me. I 
can see, find, or think of *no* useful reason for the call on a local file 
search. Well, other than being just plain stupid.

>> -- I really want to know. 
>
>I don't know...why don't you ask Microsoft?  (As if their answer 
>would be satisfactory for you.)

OK, fair enough -- now that you say you don't know. As for the MS answer 
being satisfactory -- I have read it and no it is not. Does it make sense 
to *you* that it looks to update those 4 or 5 files on every search but 
never does anything? Be honest.

>In any case, whether it tries once, twice, or a dozen times, 
>whether it does it once every time the search is started, every 
>time the computer is started, every week, every month, or every 
>year, has absolutely NOTHING to do with the fact that this is in NO 
>WAY a privacy risk.

Please point out to me where *I* said it was a privacy issue.

I'm waiting.

>It has been analyzed...there have been packet 
>dumps done...there's even a privacy policy regarding the Search 
>Assistant.  And what do all those things conclude?  That there is 
>NO privacy issue, and that no information--no filenames which have 
>been searched for, no physical addresses, no names, no information 
>of ANY kind is being transferred with the connection to 
>sa.windows.com.

I'm still waiting.

All *I* want to know is why it makes the call(s) on every single file 
search to do a file update it never does while MS waits for a service pack 
to close a security hole.

>If you want more/better answers than that, do a Google search like 
>a big boy, or contact Microsoft.
>
>Oh, and this is *not* feeding a troll -- I really mean it.

hehheh -- Yeah, the part about patching security holes is DESERVED sarcasm 
on my part, but my original question was an honest one -- why call home on 
EVERY freakin' file search. I fail to see the logic -- do you?

-- 
Phil
0
Phil
9/23/2002 12:05:00 AM
In article <3D8E4E61.ECAB79B1@yahoo.com>, gator8her2@yahoo.com says...
>I consider this errant behavior as hostile and it does not belong in
>these applications.  Now I need to see if I can keep search in the
>sandbox.
>

Install a rules-based personal firewall and you can keep that puppy under 
control. I use Kerio on XP Pro with very good results. It *will* block 
those calls.
-- 
Phil
0
Phil
9/23/2002 12:08:00 AM
Thanks pchelp.  I don't see the errant behavior of this application as
innocent.  

According to one of the links, it brings in the privacy statement each
time.  That means this privacy statement is subject to change with
notice.  You would have to read the privacy statement/eula every time.
  
When I saw the connection and packets going to sa.windows.com I looked
on google.com for it.  Nothing comes back.  I didn't try other search
engines as I've found that google is about 99%.  I keyed the address
into the browser window and "access was denied".  So, I looked here to
the group for answers... Thanks all who kindly helped.

At best, any application that connects over the net without purpose is
wasting bandwidth.  It's sloppy programming.  At worse it is malicious
or has future misuse planned.  They can be "hooks" for future abuse.

BTW, I noticed a long serial number was sent out in one of the packets. 
It resembled a registry entry serial number.  It's not clear that folks
who looked at this really know everything that this application does
when it contacts home.  Many character strings are unreadable.

I know that media player pulls in information concerning the CD (or
DVD?) in case you want it.  As far as I am concerned that is an excuse
for passing this private information.  

Folks who think privacy is a concern of industry only needs to read the
link

 http://www.house.gov/berman/pr072502.htm 
 
to learn why these new operating systems have the hooks in them for new
features... 

Where can I get an old DOS browser?   

gator

pchelp wrote:
> 
> Man oh man.  Why browbeat someone who arrives with valid concerns, valid
> questions, and a valid viewpoint of his own?  I find this really
> disappointing, Blue.  You're basically abusing a visitor to someone
> else's newsgroup.  You _really_ need to give it a rest.
> 
> pchelp
>
0
gator8her2
9/23/2002 12:13:00 AM
I searched without the quote marks and got nothing.  I didn't know quote
marks were needed to look this up.  Thanks.


gator




BlueJAMC wrote:
>  I did look at
> > google for sa.windows.com and came up empty.
> 
> http://www.google.com/search?q=%22sa.windows.com%22
>
0
gator8her2
9/23/2002 12:23:00 AM
<gator8her2@yahoo.com> wrote in message news:3D8E4E61.ECAB79B1@yahoo.com...
> Folks, I didn't intend to start an arguement.  I downloaded Commview
> becuase I am trying to find out why my XP computer has gotten bogged
> down, and sometimes makes the same swish (.wav file) sound that the
> search function makes.  I noticed this application connecting and
> communicating a fair amount of stuff.

I realise that but was interested in what you had seen (Don't have XP here)
and if anything was revealed.

> The demo version only displays alternate lines, so I can't say exactly
> what if any information is going out.  I did look at google for
> sa.windows.com and came up empty.

Ah I understand why you weren't sure now.

> The search application connects to the net as soon as it is launched.
> Then if a search term is put into the file box, it connects again.  I
> can't see my file name term in the alternate windows that demo CommView
> shows.  I can't say what is sent, as I only see half of it.

Fine, but I don't see how knowing that machine with IP xxx.xxx.xxx.xxx has a
file called MyPersonalStuff.txt is really and invasion of privacy, and in
fact unless it sends that info again after the search it's really a case of
"May have because the user is searching for it".

> However, it is inappropriate that any local application contacts the
> net.  The IP is available.  The IP is also available from the scheduled
> wupdate task.  This stuff can be databased and cross referenced.  Count
> on it, or why would they bother?  Not everyone is stuck with dial-up and
> many have static IP.

Well as I understand it the search utility is not confined to local, surely
that's the whole point of the thing?

You just posted your IP in the message header. Now I have it and I know you
sometimes ask questions about search methods. Well, that is assuming of
course that it really is you on that keyboard. I mean it might not be the
same person as last time, right?

Now Keith is saying the IP is an "Element" of identifying you. Quite right,
it's an "Element". However it is the one element that is essential to
virtually everything you do on the internet. It is a given, a foregone
conclusion, but unless you never update your system MS have it anyway.

> Media player also tries to contact the net if it's in the trusted zone
> of the firewall.  Whose business is it what CD I am playing?

The question wasn't about media player was it?

> I consider this errant behavior as hostile and it does not belong in
> these applications.  Now I need to see if I can keep search in the
> sandbox.

Errant? It's by design I thought.

> Why not put all your personal data on M$ servers and run a diskless
> machine?  They are not interested in it anyway, right?

They are very likely to be interested in trying to compile figures in order
to assess how well (or badly) any system works. It is highly unlikely that
they are interested in associating filenames with IP addresses.

Let me hit you with a simple idea, mine, not theirs although they may have
had it too. How often does the "Average" user search for files or
information? Can we improve or modify our search utility to improve this
experience? How often is the search engine used and how much is local Vs
WAN. Since computers are often used for finding information as one of their
primary functions how is trying to improve this performance errant?

Charlie
0
Charlie
9/23/2002 12:33:00 AM
In article <3d8e5124.149777032@news.grc.com>, pchelp@pc-help.org says...
> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
<snip>
> 
> That MS claims it is not logging IPs is however worthy of mention.

Why ? Do you have evidence to the contrary ???

What do *you* think MS is doing with a DB filled with millions of dial-
up IP addresses from XP users that use the search function.

I'll give you that it's *technically* a privacy violation with the 
*default* install of XP. Now give me a pragmatic reason to care ???

> 
> Do you suppose they'd find that necessary to mention if it had nothing
> to do with privacy concerns?  Would the Register and Slashdot give the
> matter of IP transmission lip service if it were a bogus issue?

LOL. Yes.
<snip>

> Combative, fact-free responses only lengthen threads, and lower the tone
> of the dialogue in a place where our exchanges should by all rights be
> helpful and informative.
> 
Then *everyone* should be expected to follow nettiquete.
IE - lurk before you post.
search for your own answers before you post.

THEN the questions that get posted would be helpful and informative to 
everyone, instead of rehashing information *easily* found on google and 
microsoft.com.


-- 
Bloated Elvis
0
bloated
9/23/2002 1:36:00 AM
pchelp@pc-help.org (pchelp) wrote in
news:3d8e5124.149777032@news.grc.com: 

> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
> 
>>pchelp@pc-help.org (pchelp) wrote in
>>news:3d8e45f9.146917222@news.grc.com: 
> 
>>> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
>>> 
>>>>> ... why check XML with every single file search?
>>> 
>>>>I don't know...why don't you ask Microsoft?
> 
>>> So, Blue.  you assert _absolutely_ that automated and repeated
>>> transmission of the user's IP address (at minimum) to a
>>> Microsoft server every time that user tries to perform a
>>> _local_ file search operation has nothing whatsoever to do
>>> with any kind of privacy concern. 
> 
>>That's correct...
> 
> And it is dead wrong.  End of story.  Because an IP address most
> certainly is potentially traceable and/or may be attributable to
> a specific individual and/or to data of a personal nature.

Then browsing to ANY website is a privacy violation--but I
certainly doubt you'd suggest such a thing. 

> That MS claims it is not logging IPs is however worthy of
> mention. 

Yes, it does...because it makes your claim that there is any
violation of privacy even more baseless.  The one identifying
piece of information isn't logged.  

> Do you suppose they'd find that necessary to mention if it had
> nothing to do with privacy concerns?

Obviously you feel the transmission of an IP address  is a privacy
concern...maybe they find it necessary to mention it for people
like you? 

> Would the Register and Slashdot give the matter of IP
> transmission lip service if it were a bogus issue? 

Would two of the largest resources for anti-MS propaganda give the
matter of IP transmission to Microsoft lip service if it were a
bogus issue?  Probably, yes. 

> That you chose not to mention any of that, and instead offered
> only a definitive assertion that is patently unsupportable,
> along with misrepresentation of my own statement, I find irksome
> at best. 

The fact that I failed to mention that not only "no information is
ever collected", but that even the IP address isn't collected
either, you find irksome?  Wow...you must be very easily irked. 

>>> And when asked for specifics WRT your staunch and utterly
>>> positive claim that the whole matter has been totally
>>> investigated -- you have no clue. 
> 
>>I have no clue why MS chooses to connect three times, four
>>times, two times, one time, or one hundred times to
>>sa.microsoft.com, nor do I have any clue why it tries to connect
>>to sa.microsoft.com every time a local search is done.  All you,
>>or anyone, would have to do is run a cursory search on Google
>>and find some of the following results:
> 
>>http://theregister.co.uk/content/archive/24815.html
> [etc.]
> 
> ... which links you could have provided before, and you could
> also have commented on the specifics.
> 
> A "go find out for yourself" attitude often makes some sense. 
> But so does offering helpful information.  And a factual
> explanation for a definitive, yet validly questionable statement
> of your own is more than a mere courtesy.

I suppose the privacy policy for Search Assistant (which I linked
to in my original post to this thread) which states that "no
information is ever collected" isn't "helpful information".  And I
also suppose that when the privacy policy says the following, it's
not "helpful information" either: 

"Search Companion may check for updates even if you are using
Search Companion only to find files on your local system. For
example, if you use Search Companion to find only Music files on
your machine, Search Companion may check to see if there are any
new types of Music files that should be included in your search.
No information about your local system or the content of your
search is ever sent to Microsoft during this update check." 

> Combative, fact-free responses only lengthen threads

I see...wouldn't your argument that an IP address is a privacy
violation be as--if not more--"fact-free" than anything I've
posted?  As far as lengthening threads, I was thinking that posting 
questions to which the answers are already known (a la Phil) did a 
fairly good job of that.

> and lower the tone of the dialogue in a place where our
> exchanges should by all rights be helpful and informative.

I see...it seems to me that "helpful and informative" would have 
been not asking questions to which the answers are already known, 
and asking for links to information which he already knows.  But 
then, that's just me being logical.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 1:52:00 AM
Phil Youngblood <phil587@my_un_realbox.com> wrote in
news:amllri$2qcn$2@news.grc.com: 

> In article <Xns9291B040DEA31BlueJAMCnoneofthatsp@207.71.92.194>,
> BlueJAMC says...
>>Phil Youngblood <phil587@my_un_realbox.com> wrote in
>>news:amleqf$2ga7$3@news.grc.com: 
>>
>>> In article
>>> <Xns9291AAAC98B33BlueJAMCnoneofthatsp@207.71.92.194>, BlueJAMC
>>> says... 
>>>>A concern, yes, but there is *NO EVIDENCE* to support that ANY
>>>>privacy is being compromised.  In fact, quite the opposite; 
>>>>there is evidence to support that NO privacy is being
>>>>compromised.  There have been packet dumps, and independent
>>>>reviews of this feature, and it is well-established that there
>>>>is no issue of privacy. 
>>>>
>  
>>> So -- why does it do that call?
>>
>>I'll let you figure it out yourself...there are plenty of
>>results on Google which answer that question, and you seem quite
>>capable of typing tiny words into Google's search box--at least,
>>you seem capable of doing it here.
> 
> Oh, I have done those -- as evidenced by my reference to the
> file update. But, it has never *found* any update to download
> since the first time I turned this machine on in Nov of last
> year. So, why make the call? 

My car's check engine light has never come on, yet it continuously 
checks to make sure the engine is functioning correctly.

*snip*
>>> -- but why does it do it at all?
>>
>>C'mon...you can find the answer yourself...don't make me spoon
>>feed you.
> 
> I know the party line -- extension update, but it never does
> anything except call out. If there is *no* need to make the
> call, why do it? 

Just because it's not immediately necessary does not mean it won't 
become necessary down the road.

>>> To make sure you have the current XML? On *every* single file
>>> search? Why does it do that?
>>
>>Why not ask Microsoft?
> 
> I thought I was asking an MS expert -- you profess ultimate
> knowledge about MS apps calling home and what they do and do not
> do so I attempted to farm that knowledge.

An MS expert?  Hardly.  I simply read.  I can read the privacy 
statement that MS has regarding the Search Companion/Search 
Assistant.  I can read the numerous evaluations of the feature.  I 
suppose if actually having the ability to learn from reading makes 
me an "MS expert", then so be it.  However, I certainly don't see 
it that way.

>>> Microsoft only sees the need to patch security holes with
>>> major service packs so why check XML with every single file
>>> search? 
>>
>>This goes BEYOND comparing apples and oranges...I think at this 
>>point, you're comparing apples and orange concentrate.
> 
> No -- not at all. Just making a comparison to how they "update"
> things -- security holes, service packs; file extension updates,
> every single file search. Update comparison -- no fruit involved
> at all. <g> 

Yeah...cute...

>>> This is *not* a troll
>>
>>Could have fooled me...
> 
> Must be easily done, then. I REALLY *would* like to know why the
> call is needed. The call out on a Help search is VERY useful, at
> least to me. I can see, find, or think of *no* useful reason for
> the call on a local file search. Well, other than being just
> plain stupid. 

"For example, if you use Search Companion to find only Music files 
on your machine, Search Companion may check to see if there are any 
new types of Music files that should be included in your search."

While it may be "just plain stupid" to you, I can see how that 
feature would be useful to people with a little less knowledge 
about computers.

>>> -- I really want to know. 
>>
>>I don't know...why don't you ask Microsoft?  (As if their answer
>>would be satisfactory for you.)
> 
> OK, fair enough -- now that you say you don't know. As for the
> MS answer being satisfactory -- I have read it and no it is not.
> Does it make sense to *you* that it looks to update those 4 or 5
> files on every search but never does anything? Be honest.

No, it doesn't make sense to me--but it's hardly any evidence of 
privacy being violated.

>>In any case, whether it tries once, twice, or a dozen times, 
>>whether it does it once every time the search is started, every 
>>time the computer is started, every week, every month, or every 
>>year, has absolutely NOTHING to do with the fact that this is in
>>NO WAY a privacy risk.
> 
> Please point out to me where *I* said it was a privacy issue.
> 
> I'm waiting.

That has been pretty much the whole point of the thread.  I assumed 
that your contribution to this thread--and obvious disagreement 
with my point of view--would actually have something to do with the 
privacy issues (or lack thereof) caused by Search Assistant.

>>It has been analyzed...there have been packet 
>>dumps done...there's even a privacy policy regarding the Search 
>>Assistant.  And what do all those things conclude?  That there
>>is NO privacy issue, and that no information--no filenames which
>>have been searched for, no physical addresses, no names, no
>>information of ANY kind is being transferred with the connection
>>to sa.windows.com.
> 
> I'm still waiting.
> 
> All *I* want to know is why it makes the call(s) on every single
> file search to do a file update it never does while MS waits for
> a service pack to close a security hole.

And once again, there's no comparison.

>>If you want more/better answers than that, do a Google search
>>like a big boy, or contact Microsoft.
>>
>>Oh, and this is *not* feeding a troll -- I really mean it.
> 
> hehheh -- Yeah, the part about patching security holes is
> DESERVED sarcasm on my part, but my original question was an
> honest one -- why call home on EVERY freakin' file search. I
> fail to see the logic -- do you? 

No, I don't see any point to contacting it on every file search.  I 
don't see any problems with Windows doing it that way, though.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 1:52:00 AM
pchelp@pc-help.org (pchelp) wrote in
news:3d8e54fe.150762768@news.grc.com: 

> Man oh man.  Why browbeat someone who arrives with valid
> concerns, valid questions, and a valid viewpoint of his own?

Brow beat?  Hardly.  As far as teh valid concerns, they've been
answered.  The valid questions?  They've been answered.  The valid
viewpoint?  I'm simply providing facts as to why I feel the way I
do regarding my viewpoint, as opposed to simply coming to a
conclusion with no facts to support such a conclusion. 

> I find this really disappointing, Blue.  You're basically
> abusing a visitor to someone else's newsgroup.

I'm abusing NO ONE.  Abuse would be namecalling, being insulting, 
etc, etc.  I'm doing nothing of the sort.

> You _really_ need to give it a rest. 

Give the facts a rest?  I never thought I'd hear YOU suggest such a 
thing--especially with the way you defended facts and truth in 
regards to Lockdown 2000.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 1:52:00 AM
"Charlie Tame" <charlie@tames.net> wrote in
news:amlnir$2vkn$1@news.grc.com: 

*snip*
>> The search application connects to the net as soon as it is
>> launched. Then if a search term is put into the file box, it
>> connects again.  I can't see my file name term in the alternate
>> windows that demo CommView shows.  I can't say what is sent, as
>> I only see half of it. 
> 
> Fine, but I don't see how knowing that machine with IP
> xxx.xxx.xxx.xxx has a file called MyPersonalStuff.txt is really
> and invasion of privacy, and in fact unless it sends that info
> again after the search it's really a case of "May have because
> the user is searching for it". 

I could see the problem if it were sending the names of the files 
you were searching for.  But, it doesn't even do *THAT*.

Other than that, I agree with pretty much everything you said in 
your post.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 1:58:00 AM
bloated elvis <thel8elvis@hotmail.com> wrote:

>In article <3d8e5124.149777032@news.grc.com>, pchelp@pc-help.org says...
>> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
><snip>

>> That MS claims it is not logging IPs is however worthy of mention.

>Why ? Do you have evidence to the contrary ???

LOL!  Short of arguments, Elvish dude?  Looks like you've leapt to a
conclusion which has nothing to do with anything I said, thought or
meant.

pchelp
0
pchelp
9/23/2002 3:06:00 AM
In article <Xns9291D45226EF9BlueJAMCnoneofthatsp@207.71.92.194>, BlueJAMC 
says...
>Phil Youngblood <phil587@my_un_realbox.com> wrote in
>news:amllri$2qcn$2@news.grc.com: 
          
<snip>

>>>I'll let you figure it out yourself...there are plenty of
>>>results on Google which answer that question, and you seem quite
>>>capable of typing tiny words into Google's search box--at least,
>>>you seem capable of doing it here.
>> 
>> Oh, I have done those -- as evidenced by my reference to the
>> file update. But, it has never *found* any update to download
>> since the first time I turned this machine on in Nov of last
>> year. So, why make the call? 
>
>My car's check engine light has never come on, yet it continuously 
>checks to make sure the engine is functioning correctly.

Poor analogy. You knew it the instant you thought of it. You knew what my 
response was going to be before you put the period at the end. Is this a 
test to see if I am paying attention? Does your check engine light wait 
until you are at a gas pump so it can use the electrical grid to call the 
manufacturer of your car? Poor analogy -- rhetorical question in kind.

          <snip>

>Just because it's not immediately necessary does not mean it won't 
>become necessary down the road.

Pure speculation.

     <big snip to clear argumentative points unresolvable>
 
>> OK, fair enough -- now that you say you don't know. As for the
>> MS answer being satisfactory -- I have read it and no it is not.
>> Does it make sense to *you* that it looks to update those 4 or 5
>> files on every search but never does anything? Be honest.
>
>No, it doesn't make sense to me--but it's hardly any evidence of 
>privacy being violated.

I will remind you -- I made no reference to any privacy issue. You keep 
bringing it up, not me. If I wanted to address the potential and real 
privacy issues I see with Microsoft, this one would not be included.

>>>In any case, whether it tries once, twice, or a dozen times, 
>>>whether it does it once every time the search is started, every 
>>>time the computer is started, every week, every month, or every 
>>>year, has absolutely NOTHING to do with the fact that this is in
>>>NO WAY a privacy risk.
>> 
>> Please point out to me where *I* said it was a privacy issue.
>> 
>> I'm waiting.
>
>That has been pretty much the whole point of the thread.  I assumed 
>that your contribution to this thread--and obvious disagreement 
>with my point of view--would actually have something to do with the 
>privacy issues (or lack thereof) caused by Search Assistant.

You know what assuming does so that is dismissed. Now, please point out 
where my "obvious disagreement" is in my reply to your post. You are 
making stuff up again. I believe all I did was ask a question.

I'm waiting.

>> 
>> All *I* want to know is why it makes the call(s) on every single
>> file search to do a file update it never does while MS waits for
>> a service pack to close a security hole.
>
>And once again, there's no comparison.

.... as much or more comparison than an oil check light has to do with 
software calling home.

>>>If you want more/better answers than that, do a Google search
>>>like a big boy, or contact Microsoft.
>>>
>>>Oh, and this is *not* feeding a troll -- I really mean it.
>> 
>> hehheh -- Yeah, the part about patching security holes is
>> DESERVED sarcasm on my part, but my original question was an
>> honest one -- why call home on EVERY freakin' file search. I
>> fail to see the logic -- do you? 
>
>No, I don't see any point to contacting it on every file search.

Thank you.

>I don't see any problems with Windows doing it that way, though.

Each to his own. Personally, I can think of several ways to do it 
differently and *none* of them include a secret, poorly hidden process and 
the need to explain. The recurring questions about potential or perceived 
MS nastiness never would have happened.

-- 
Phil
0
Phil
9/23/2002 3:09:00 AM
In article <3d8e8443.162865667@news.grc.com>, pchelp@pc-help.org says...
> bloated elvis <thel8elvis@hotmail.com> wrote:
> 
> >In article <3d8e5124.149777032@news.grc.com>, pchelp@pc-help.org says...
> >> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
> ><snip>
> 
> >> That MS claims it is not logging IPs is however worthy of mention.
> 
> >Why ? Do you have evidence to the contrary ???
> 
> LOL!  Short of arguments, Elvish dude?  Looks like you've leapt to a
> conclusion which has nothing to do with anything I said, thought or
> meant.
> 
Really ? Why is that not worthy of mention ? 
The *only* conlusion you have is that your IP address is sent, and that 
is "bad".
If the only privacy violation is your IP address, and MS doesn't log it, 
who cares ??

What other information is being sent out ? Again, how will it negatively 
affect me ? Enlighten me, as I asked before. What are the consequences 
that will affect me ?

BTW, you know you skipped a couple questions - I assume you agree with 
me on those points you didn't address ??

-- 
Bloated Elvis
0
bloated
9/23/2002 3:53:00 AM
bloated elvis <thel8elvis@hotmail.com> wrote:

>BTW, you know you skipped a couple questions - I assume you agree with 
>me on those points you didn't address ??

As far as I'm concerned, you're either drunk or trolling.  You're making
a fool of yourself, whichever it is.  I suggest you cease assuming
anything whatsoever and simply pipe down.

pchelp
, flabbergasted.
0
pchelp
9/23/2002 6:46:00 AM
In article <3d8eb82c.176156701@news.grc.com>, pchelp@pc-help.org says...
> bloated elvis <thel8elvis@hotmail.com> wrote:
> 
> >BTW, you know you skipped a couple questions - I assume you agree with 
> >me on those points you didn't address ??
> 
> As far as I'm concerned, you're either drunk or trolling.  You're making
> a fool of yourself, whichever it is.  I suggest you cease assuming
> anything whatsoever and simply pipe down.

How am I making a fool of myself ? The more foolish person would seem to 
me to be the one making blanket generalizations and refusing to discuss 
or justify them.
I *re*read the thread. I *re*read your posts. 
Here is what you said:
-------------------
'Blue, the fact that it transmits means, at minimum, the user's IP
address is known to MS.  That can most certainly be an element of
identification, profiling, etc.'
'The fact that any process phones home to its maker unbidden is a valid
concern for consumers and professionals alike.
So, Blue.  you assert _absolutely_ that automated and repeated
transmission of the user's IP address (at minimum) to a Microsoft server
every time that user tries to perform a _local_ file search operation
has nothing whatsoever to do with any kind of privacy concern.'
'Because an IP address most
certainly is potentially traceable and/or may be attributable to a
specific individual and/or to data of a personal nature.'
----------------------

So, I am simply asking, based on all your assertations, why should I 
care ? MS says they don't log these. Fine, assume thier lying ... even 
then, WHAT is MS doing with a DB full of IP addresses ?
WHAT is the concern ?
Be prgamatic, WHY should I care ?


Why is it so difficult for you to address this question?
Why must you resort to name calling instead of answering a simple 
question? 

-- 
Bloated Elvis
0
bloated
9/23/2002 2:12:00 PM
In grc.privacy, bloated elvis said...
> 'Blue, the fact that it transmits means, at minimum, the user's IP
> address is known to MS.  That can most certainly be an element of
> identification, profiling, etc.'
> 'The fact that any process phones home to its maker unbidden is a valid
> concern for consumers and professionals alike.
> So, Blue.  you assert _absolutely_ that automated and repeated
> transmission of the user's IP address (at minimum) to a Microsoft server
> every time that user tries to perform a _local_ file search operation
> has nothing whatsoever to do with any kind of privacy concern.'
> 'Because an IP address most
> certainly is potentially traceable and/or may be attributable to a
> specific individual and/or to data of a personal nature.'
> ----------------------
> 
> So, I am simply asking, based on all your assertations, why should I 
> care ? MS says they don't log these. Fine, assume thier lying ... even 
> then, WHAT is MS doing with a DB full of IP addresses ?
> WHAT is the concern ?
> Be prgamatic, WHY should I care ?

As a matter of principle?

-- 
Milly
0
Milly
9/23/2002 2:34:00 PM
Phil Youngblood <phil587@my_un_realbox.com> wrote in
news:amm0m4$3ba$2@news.grc.com: 

> In article <Xns9291D45226EF9BlueJAMCnoneofthatsp@207.71.92.194>,
> BlueJAMC says...
>>Phil Youngblood <phil587@my_un_realbox.com> wrote in
>>news:amllri$2qcn$2@news.grc.com: 
>           
> <snip>
> 
>>>>I'll let you figure it out yourself...there are plenty of
>>>>results on Google which answer that question, and you seem
>>>>quite capable of typing tiny words into Google's search
>>>>box--at least, you seem capable of doing it here.
>>> 
>>> Oh, I have done those -- as evidenced by my reference to the
>>> file update. But, it has never *found* any update to download
>>> since the first time I turned this machine on in Nov of last
>>> year. So, why make the call? 
>>
>>My car's check engine light has never come on, yet it
>>continuously checks to make sure the engine is functioning
>>correctly. 
> 
> Poor analogy. You knew it the instant you thought of it. You
> knew what my response was going to be before you put the period
> at the end. Is this a test to see if I am paying attention? Does
> your check engine light wait until you are at a gas pump so it
> can use the electrical grid to call the manufacturer of your
> car? Poor analogy -- rhetorical question in kind. 

Ok...self-healing tires.  You've heard of them, right?  Tires that 
have an air pump in them and automatically fill the tire if it senses 
a leak?  Same thing.

>>Just because it's not immediately necessary does not mean it
>>won't become necessary down the road.
> 
> Pure speculation.

And it's pure speculation on YOUR part that it won't ever be 
necessary.

>      <big snip to clear argumentative points unresolvable>
>  
>>> OK, fair enough -- now that you say you don't know. As for the
>>> MS answer being satisfactory -- I have read it and no it is
>>> not. Does it make sense to *you* that it looks to update those
>>> 4 or 5 files on every search but never does anything? Be
>>> honest. 
>>
>>No, it doesn't make sense to me--but it's hardly any evidence of
>>privacy being violated.
> 
> I will remind you -- I made no reference to any privacy issue.
> You keep bringing it up, not me. If I wanted to address the
> potential and real privacy issues I see with Microsoft, this one
> would not be included. 

Yes, I keep bringing up the privacy issues because that's what the 
thread was pretty much about.  If your only point--and reason for 
posting--is to point out that the updating is a useless feature, then 
you can have that point, and I'm done with this whole branch of the 
thread.

*snip*


-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 2:55:00 PM
pchelp@pc-help.org (pchelp) wrote in
news:3d8eb82c.176156701@news.grc.com: 

> bloated elvis <thel8elvis@hotmail.com> wrote:
> 
>>BTW, you know you skipped a couple questions - I assume you
>>agree with me on those points you didn't address ??
> 
> As far as I'm concerned, you're either drunk or trolling. 
> You're making a fool of yourself, whichever it is.  I suggest
> you cease assuming anything whatsoever and simply pipe down.

He's asked a couple of questions a number of times, to which you 
have neglected to respond.  The first time may have been an 
accident...ok, fine, it happens.  After the second time, though, 
one starts wondering why you haven't addressed those questions, and 
one assumes--even if it is an incorrect assumption.

So for the benefit of all of us, and this thread, could you please 
answer the following questions in your opinions?

1.)  If the transmission of an IP address is a privacy violation, 
then are websites violating privacy when requiring the IP address 
that the user is browsing from?

2.)  If the IP address is logged (which the privacy policy states 
it isn't, but just for the sake of argument), then what information 
would Microsoft have?  That someone at the IP address 67.1.190.32 
is running XP?  How is this useful to anyone?

3.)  You went out of your way to point out that the only even if 
the only information transmitted is an IP address, that it's still 
a violation of privacy.  My question is that if the IP is used to 
transmit, but is not logged, and if no other information is 
collected (as documented by the privacy policy as well as other 
reviews), then what is the privacy concern?

Could you give these questions a direct response, instead of just 
referring to them as trolling, brow beating, etc?  Doing so might 
make it easier to understand where you stand on this issue.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 3:06:00 PM
Milly <-@-.-> wrote:

>In grc.privacy, bloated elvis said...

>> Be prgamatic, WHY should I care ?

>As a matter of principle?

Ahem.  This is supposed to be a help group, Milly.

It's poor form to use concepts and terms that are out of the inquirer's
reach.

pchelp
0
pchelp
9/23/2002 3:29:00 PM
pchelp@pc-help.org (pchelp) wrote in
news:3d8f32c2.207543286@news.grc.com: 

> Milly <-@-.-> wrote:
> 
>>In grc.privacy, bloated elvis said...
> 
>>> Be prgamatic, WHY should I care ?
> 
>>As a matter of principle?
> 
> Ahem.  This is supposed to be a help group, Milly.
> 
> It's poor form to use concepts and terms that are out of the
> inquirer's reach.

"Combative, fact-free responses only lengthen threads, and lower
the tone of the dialogue in a place where our exchanges should by
all rights be helpful and informative."

You may want to examine your own advice...

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 3:35:00 PM
BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:

>He's asked a couple of questions a number of times, to which you 
>have neglected to respond.

Well, it IS interesting that the whole issue has, in your mind and
Elvitch's, been bent 'round to place vast importance upon whether I
answer the questions you concoct.

But the very simple facts speak for themselves.  Unwanted, unannounced
phone-home-over-the-Net behavior by an oft-used O/S utility, which
occurs even when the user's purposes are strictly local to his own
machine, is something you both clearly wish to tolerate, justify, pass
off as insignificant, whatever.

So fine.  Pass it off however you like.  Don't worry your poor little
heads over what I think, boys.  It's ungraceful.  People who're
confident of their views don't need approval.

pchelp
0
pchelp
9/23/2002 3:37:00 PM
BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:

>You may want to examine your own advice...

Heh.  Guess I should have tacked on a smiley.

pchelp
0
pchelp
9/23/2002 3:46:00 PM
In grc.privacy, BlueJAMC said...
> pchelp@pc-help.org (pchelp) wrote in
> news:3d8eb82c.176156701@news.grc.com: 
> [...]
> He's asked a couple of questions a number of times, to which you 
> have neglected to respond.  The first time may have been an 
> accident...ok, fine, it happens.  After the second time, though, 
> one starts wondering why you haven't addressed those questions, and 
> one assumes--even if it is an incorrect assumption.
> 
> So for the benefit of all of us, and this thread, could you please 
> answer the following questions in your opinions?

What might be of benefit, if is you be more precise in what you 
address. So often these bunfights start, or are maintained, because of 
reading too much or too little or something else entirely into what is 
posted. As you appear to have done.

> 1.)  If the transmission of an IP address is a privacy violation, 
> then are websites violating privacy when requiring the IP address 
> that the user is browsing from?

PCHelp referred to the transmission of an IP address as a privacy 
concern, not violation. Surely you accept it is a valid concern (which 
may then be addressed satisfactorily or not, as the case may be)?

And there is no meaningful comparison between visiting a site by giving 
your return address, and having an apparently (absent RTFM) local 
activity doing it unbidden. Yes, I know the explanations are there to 
be found - but that is addressing, and perhaps putting to rest, the 
concern, not negating it.
 
> 2.)  If the IP address is logged (which the privacy policy states 
> it isn't, but just for the sake of argument), then what information 
> would Microsoft have?  That someone at the IP address 67.1.190.32 
> is running XP?  How is this useful to anyone?

Oh dear, it's a sad fact that we are *still* having to restate the 
principles of profiling. Little bits of information are worth, well, 
little. But string them together and powerful profiles can be created. 
You don't think that (as you've suggested, for the sake of argument) 
building a database of who (by IP) searches what (by search request) 
wouldn't be of interest to some parties? Then you need to read more. 
(And no, I don't think it's happening. I think the privacy concern has 
been reasonably adequately addressed. But not negated).

> 3.)  You went out of your way to point out that the only even if 
> the only information transmitted is an IP address, that it's still 
> a violation of privacy. 

No he didn't. Precision, man, precision.

> My question is that if the IP is used to 
> transmit, but is not logged, and if no other information is 
> collected (as documented by the privacy policy as well as other 
> reviews), then what is the privacy concern?

A concern satisfactorily addressed is still a concern. PCHelp has 
claimed not one word more. Try reading them all again.

> Could you give these questions a direct response, instead of just 
> referring to them as trolling, brow beating, etc?  Doing so might 
> make it easier to understand where you stand on this issue.

As would reading what he actually said.

-- 
Milly
0
Milly
9/23/2002 3:52:00 PM
"pchelp" <pchelp@pc-help.org> wrote in message
news:3d8f33ae.207779381@news.grc.com...
> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
>
> >He's asked a couple of questions a number of times, to which you
> >have neglected to respond.
>
> Well, it IS interesting that the whole issue has, in your mind and
> Elvitch's, been bent 'round to place vast importance upon whether I
> answer the questions you concoct.
>
> But the very simple facts speak for themselves.  Unwanted, unannounced
> phone-home-over-the-Net behavior by an oft-used O/S utility, which
> occurs even when the user's purposes are strictly local to his own
> machine, is something you both clearly wish to tolerate, justify, pass
> off as insignificant, whatever.

I think your dealing with a couple of Microsoft shills here who staunchly
defend Microsoft no matter what.   Forget about having an intelligent
debate.

The matter has been discussed here.
http://theregister.co.uk/content/archive/24815.html

What I did was  enter the following into hosts:
127.0.0.1    sa.windows.com

Firewall no longer goes off any more.  I have a shortcut to google in my
links toolbar to replace Search Assistant for internet searches.

AL
0
AL
9/23/2002 3:58:00 PM
pchelp@pc-help.org (pchelp) wrote in
news:3d8f33ae.207779381@news.grc.com: 

> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
> 
>>He's asked a couple of questions a number of times, to which you
>>have neglected to respond.
> 
> Well, it IS interesting that the whole issue has, in your mind
> and Elvitch's, been bent 'round to place vast importance upon
> whether I answer the questions you concoct.

It is also interesting that as someone who has placed such 
importance upon refraining from "combative, fact-free responses" 
you have been providing the least factual information in the entire 
thread.  I also find it interesting that some of your recent follow 
ups seem to be limited combativeness.  Certainly your "combative, 
fact-free responses" speak volumes.

> But the very simple facts speak for themselves.  Unwanted,
> unannounced phone-home-over-the-Net behavior by an oft-used O/S
> utility, which occurs even when the user's purposes are strictly
> local to his own machine, is something you both clearly wish to
> tolerate, justify, pass off as insignificant, whatever.

And the only argument you've come up with regarding this as a 
privacy violation is the fact that it sends your IP--WHICH ISN'T 
EVEN LOGGED.  As you say, "the very simple facts speak for 
themselves," and the very simple fact is that your decision to see 
this as a privacy violation has no basis in reality.  Despite the 
numerous examinations of this feature, despite the privacy policy, 
despite all logic and reason, you consider this a privacy 
violation.  It's something you clearly don't wish to tolerate, 
justify, pass off as significant, whatever--but the fact of the 
matter is that it IS insignificant.  Even in the face of the fact 
that you yourself pointed out that MS isn't even logging the IPs--
the one identifying feature.

Where as you're basing your position on FUD, Elvis and I are basing 
it on fact.

> So fine.  Pass it off however you like.

I pass it off as someone who knows that he's wrong but is unwilling 
to admit it, so he basically plugs his ears and says, "Nah nah, I'm 
not listening!"

> Don't worry your poor little heads over what I think, boys.

Is THAT what you think I'm doing?  Have a mighty high opinion of 
yourself there, don't you?

> It's ungraceful.

Even more ungraceful is calling for non-combative, fact-filled 
responses, and then when faced with the facts resorting to insults.

> People who're confident of their views don't need approval.

And hey, who needs facts to come to their views.

Oh, wait...you don't.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 3:58:00 PM
"AL" <nospam@nospam.com> wrote:

>I think your dealing with a couple of Microsoft shills here who staunchly
>defend Microsoft no matter what.   Forget about having an intelligent
>debate.

Already dismissed as an impossibility.  :-)


>The matter has been discussed here.
>http://theregister.co.uk/content/archive/24815.html

>What I did was  enter the following into hosts:
>127.0.0.1    sa.windows.com

There ya go.


>Firewall no longer goes off any more.  I have a shortcut to google in my
>links toolbar to replace Search Assistant for internet searches.

Aha.  Replace the lost function with a superior one.  The solution is
complete.

pchelp
0
pchelp
9/23/2002 4:04:00 PM
Milly <-@-.-> wrote:

>In grc.privacy, BlueJAMC said...

....

>> Could you give these questions a direct response, instead of just 
>> referring to them as trolling, brow beating, etc?  Doing so might 
>> make it easier to understand where you stand on this issue.

>As would reading what he actually said.

Thank you, Milly.  I did wonder if the smoke had grown too thick.

pchelp
0
pchelp
9/23/2002 4:07:00 PM
In grc.privacy, AL said...
> "pchelp" <pchelp@pc-help.org> wrote in message
> news:3d8f33ae.207779381@news.grc.com...
> > BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
> >
> > [...]
> 
> What I did was  enter the following into hosts:
> 127.0.0.1    sa.windows.com
> 
> Firewall no longer goes off any more.  I have a shortcut to google in my
> links toolbar to replace Search Assistant for internet searches.

I like the Search Assistant, and don't want to disable it.

But still, you might like some of the extra Google->MS search tools 
(bookmarklets) here ...

http://www.imilly.com/bm.htm

-- 
Milly
0
Milly
9/23/2002 4:10:00 PM
"AL" <nospam@nospam.com> wrote in news:amndnp$1f7m$1@news.grc.com:

> 
> "pchelp" <pchelp@pc-help.org> wrote in message
> news:3d8f33ae.207779381@news.grc.com...
>> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
>>
>> >He's asked a couple of questions a number of times, to which
>> >you have neglected to respond.
>>
>> Well, it IS interesting that the whole issue has, in your mind
>> and Elvitch's, been bent 'round to place vast importance upon
>> whether I answer the questions you concoct.
>>
>> But the very simple facts speak for themselves.  Unwanted,
>> unannounced phone-home-over-the-Net behavior by an oft-used O/S
>> utility, which occurs even when the user's purposes are
>> strictly local to his own machine, is something you both
>> clearly wish to tolerate, justify, pass off as insignificant,
>> whatever. 
> 
> I think your dealing with a couple of Microsoft shills here who
> staunchly defend Microsoft no matter what.   Forget about having
> an intelligent debate.

I pretty gave up any hope of an intelligent debate when PCHelp 
accused of Elvis of being "drunk or trolling" in an effort to 
completely side-step relevant questions.

However, I fail to see how pointing out the fact that no 
information is collected--not even IP addresses--and thus there is 
no privacy concern makes me a Microsoft shill.  Oh, wait...I'm not 
jumping on the "bash Microsoft even when they're not doing anything 
wrong" bandwagon.  I suppose THAT makes me a shill.

> The matter has been discussed here.
> http://theregister.co.uk/content/archive/24815.html

Yeah, and would you looky at what they said?

"One of the files the Assistant fetches is the MS Search Companion 
privacy statement. This is done for P3P compliance. According to 
the statement, MS doesn't collect information about local searches. 
'No information is ever collected by Search Companion when you 
search your local system, LAN, or intranet for any reason.' 

I certainly didn't pick up anything to contradict that. But there 
is some obvious collecting when SA is used to search the Internet."

Huh...well what do you know...just what I've been saying all along!  
That there is no evidence of any kind that there is any privacy 
violation, concern, etc!

> What I did was  enter the following into hosts:
> 127.0.0.1    sa.windows.com
> 
> Firewall no longer goes off any more.  I have a shortcut to
> google in my links toolbar to replace Search Assistant for
> internet searches. 

You'd better look out...from the Google privacy policy 
(http://www.google.com/privacy.html):

"Google notes and saves information such as time of day, browser 
type, browser language, and IP address with each query.

So not only is Google collecting IP addresses--the one thing Search 
Assistant could (but doesn't) do--but it's linking what's searched 
for to each IP address!!  Egads!!

But then again, I suppose this is just me being a Microsoft shill, 
right?

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 4:12:00 PM
In grc.privacy, pchelp said...
> >Firewall no longer goes off any more.  I have a shortcut to google in my
> >links toolbar to replace Search Assistant for internet searches.
> 
> Aha.  Replace the lost function with a superior one.  The solution is
> complete.

Not quite. It really is very slick indeed.

-- 
Milly
0
Milly
9/23/2002 4:14:00 PM
In article <MPG.17f936bda7843d5298a0e6@news.grc.com>, -@-.- says...
<snip>
> > Be prgamatic, WHY should I care ?
> 
> As a matter of principle?
> 
Sure, but that doesn't seem very pragmatic to me.

-- 
Bloated Elvis
0
bloated
9/23/2002 4:18:00 PM
BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:

>I pretty gave up any hope of an intelligent debate when PCHelp 
>accused of Elvis of being "drunk or trolling" in an effort to 
>completely side-step relevant questions.

Hey, now.  Look back at what I said and where he went off to.

Relevant, my ass.  It was nuts.  Wrongheaded presumption of my meaning,
mixed with loaded/combative/presumptive questions.  There IS no response
to that sort of thing.

For his own sake, I'd be sorry to learn he _wasn't_ drunk.

pchelp
0
pchelp
9/23/2002 4:18:00 PM
"AL" <nospam@nospam.com> wrote in news:amndnp$1f7m$1@news.grc.com:

[ ]
> 
> The matter has been discussed here.
> http://theregister.co.uk/content/archive/24815.html
> 
> What I did was  enter the following into hosts:
> 127.0.0.1    sa.windows.com
> 
> Firewall no longer goes off any more.  I have a shortcut to google
> in my links toolbar to replace Search Assistant for internet
> searches. 

Congrats.  This indicates to me that _you_ saw the behavior as 
violating _your_ privacy policy...and you fixed it.  No philosophical 
arguments.  No universally accepted definitions.  No arguments.  Just 
appropriate (for you) action.  Excellent.
0
Mark
9/23/2002 4:18:00 PM
bloated elvis <thel8elvis@hotmail.com> wrote:

>In article <MPG.17f936bda7843d5298a0e6@news.grc.com>, -@-.- says...
><snip>
>> > Be prgamatic, WHY should I care ?

>> As a matter of principle?

>Sure, but that doesn't seem very pragmatic to me.

Sometimes it requires sharp perception and some depth of understanding
to see, late one, that correct principle ultimately works to pragmatic
advantage.

pchelp
0
pchelp
9/23/2002 4:26:00 PM
Milly <-@-.-> wrote in
news:MPG.17f9492582dbb3b198a0ea@news.grc.com: 

> In grc.privacy, BlueJAMC said...
>> pchelp@pc-help.org (pchelp) wrote in
>> news:3d8eb82c.176156701@news.grc.com: 
>> [...]
>> He's asked a couple of questions a number of times, to which
>> you have neglected to respond.  The first time may have been an
>> accident...ok, fine, it happens.  After the second time,
>> though, one starts wondering why you haven't addressed those
>> questions, and one assumes--even if it is an incorrect
>> assumption. 
>> 
>> So for the benefit of all of us, and this thread, could you
>> please answer the following questions in your opinions?
> 
> What might be of benefit, if is you be more precise in what you 
> address. So often these bunfights start, or are maintained,
> because of reading too much or too little or something else
> entirely into what is posted. As you appear to have done.

What about Elvis' questions?  In his first reply to PCHelp, he
said: 

> What do *you* think MS is doing with a DB filled with millions
> of dial-up IP addresses from XP users that use the search
> function. 

That question was ignored.  Then, Elvis asked again:

> The *only* conlusion you have is that your IP address is sent,
> and that is "bad".
> If the only privacy violation is your IP address, and MS doesn't
> log it, who cares ??
> 
> What other information is being sent out ? Again, how will it
> negatively affect me ? Enlighten me, as I asked before. What are
> the consequences that will affect me ?

I don't see how much more precise he could be without physically
standing in front of PCHelp and speaking in slow, tiny words. 

>> 1.)  If the transmission of an IP address is a privacy
>> violation, then are websites violating privacy when requiring
>> the IP address that the user is browsing from?
> 
> PCHelp referred to the transmission of an IP address as a
> privacy concern, not violation. Surely you accept it is a valid
> concern (which may then be addressed satisfactorily or not, as
> the case may be)? 

Do I feel that only an IP address being transmitted is a valid
concern?  No. 

> And there is no meaningful comparison between visiting a site by
> giving your return address, and having an apparently (absent
> RTFM) local activity doing it unbidden. Yes, I know the
> explanations are there to be found - but that is addressing, and
> perhaps putting to rest, the concern, not negating it.

I can see the concern of a process connecting to the internet. 
Once the information has been pointed out, however, it's painfully
obvious that there is no privacy violation, and that there is no
reason for concern. 

>> 2.)  If the IP address is logged (which the privacy policy
>> states it isn't, but just for the sake of argument), then what
>> information would Microsoft have?  That someone at the IP
>> address 67.1.190.32 is running XP?  How is this useful to
>> anyone? 
> 
> Oh dear, it's a sad fact that we are *still* having to restate
> the principles of profiling.

But WHAT PROFILING?!  The extent of the information they would be
able to gain from this is that user 67.1.190.32 is running Windows
XP--and they don't even log the IPs! 

> Little bits of information are worth, well, little. But string
> them together and powerful profiles can be created. You don't
> think that (as you've suggested, for the sake of argument)
> building a database of who (by IP) searches what (by search
> request) wouldn't be of interest to some parties?

If--for the sake of argument--a database of what I was searching
for was made, THEN I could see the cause for concern.  However,
what I'm searching for locally isn't even sent--just my IP. 
That's the only personally identifiably information that can be
gained--and even calling the IP "personally identifiable" is iffy
at best. 

*snip*
>> 3.)  You went out of your way to point out that the only even
>> if the only information transmitted is an IP address, that it's
>> still a violation of privacy. 
> 
> No he didn't. Precision, man, precision.

My bad... s/violation of privacy/privacy concern/g .

>> My question is that if the IP is used to 
>> transmit, but is not logged, and if no other information is 
>> collected (as documented by the privacy policy as well as other
>> reviews), then what is the privacy concern?
> 
> A concern satisfactorily addressed is still a concern. PCHelp
> has claimed not one word more. Try reading them all again.

A concern can be based on ignorance;  claiming that this is a 
concern--despite the facts--is ignorant.

>> Could you give these questions a direct response, instead of
>> just referring to them as trolling, brow beating, etc?  Doing
>> so might make it easier to understand where you stand on this
>> issue. 
> 
> As would reading what he actually said.

As would him answering the first timem...or the second time...or 
even the third time.  But he didn't.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 4:29:00 PM
In grc.privacy, bloated elvis said...
> In article <MPG.17f936bda7843d5298a0e6@news.grc.com>, -@-.- says...
> <snip>
> > > Be prgamatic, WHY should I care ?
> > 
> > As a matter of principle?
> > 
> Sure, but that doesn't seem very pragmatic to me.

Not directly, though the two aren't mutually exclusive.

And it was only your restriction - caring about matters of principle 
surely needs no immediate pragmatic defence or justification.

-- 
Milly
0
Milly
9/23/2002 4:30:00 PM
"BlueJAMC" <BlueJAMC@noneofthatspamhereatnetzero.net> wrote in message
news:Xns9292720674D9BBlueJAMCnoneofthatsp@207.71.92.194...
> "AL" <nospam@nospam.com> wrote in news:amndnp$1f7m$1@news.grc.com:
>
> >
> However, I fail to see how pointing out the fact that no
> information is collected--not even IP addresses--and thus there is
> no privacy concern makes me a Microsoft shill.  Oh, wait...I'm not
> jumping on the "bash Microsoft even when they're not doing anything
> wrong" bandwagon.  I suppose THAT makes me a shill.

Many people would seem to think that there should be no contact with
Microsoft whatsoever when conducting a local search on the PC
>
> > The matter has been discussed here.
> > http://theregister.co.uk/content/archive/24815.html
>
> Yeah, and would you looky at what they said?
>
> "One of the files the Assistant fetches is the MS Search Companion
> privacy statement. This is done for P3P compliance. According to
> the statement, MS doesn't collect information about local searches.
> 'No information is ever collected by Search Companion when you
> search your local system, LAN, or intranet for any reason.'
>
> I certainly didn't pick up anything to contradict that. But there
> is some obvious collecting when SA is used to search the Internet."
>
> Huh...well what do you know...just what I've been saying all along!
> That there is no evidence of any kind that there is any privacy
> violation, concern, etc!
>
> > What I did was  enter the following into hosts:
> > 127.0.0.1    sa.windows.com
> >
> > Firewall no longer goes off any more.  I have a shortcut to
> > google in my links toolbar to replace Search Assistant for
> > internet searches.
>
> You'd better look out...from the Google privacy policy
> (http://www.google.com/privacy.html):
>
> "Google notes and saves information such as time of day, browser
> type, browser language, and IP address with each query.
>
> So not only is Google collecting IP addresses--the one thing Search
> Assistant could (but doesn't) do--but it's linking what's searched
> for to each IP address!!  Egads!!
>
> But then again, I suppose this is just me being a Microsoft shill,
> right?
The subject matter regarded searches on the local drive.  Google doesn't
interact with searches on the local drive.   As far as internet searches is
concerned, I believe Search Assistant passes the search argument off to the
user's search engine, so there would be no difference in designating Google
as the engine in search assistant (except that MS also collects some
information.)  I don't understand why you are comparing Google's internet
search policy with MS's local search policy.

     There is another issue here, security.   In the event of a DNS
hijacking, are there any checks that Search Assistant does to ensure it is
actually contacting the authorized server?  I'm not going to search through
endless web pages to find out.

     One thing was clear to me though.  I, and most others were unaware that
SA was contacting MS on searches of the "C" drive until a firewall or friend
alerted me to it.   Just seems a little sneaky to me.

In my opinion, you are 100% a MS shill, taking the company's position,
almost as though you are a bot.

AL
>
> --
> BlueJAMC
>
> -Insert worn-out cliched anti-MS flame here...it'll make you cool-
>     (Extra coolness awarded for doing so from your Windows box)
>
> "Never, ever, EVER, sarcastic.  Ever."
>
0
AL
9/23/2002 4:39:00 PM
"AL" <nospam@nospam.com> wrote in news:amng4a$1hq4$1@news.grc.com:

> 
> "BlueJAMC" <BlueJAMC@noneofthatspamhereatnetzero.net> wrote in
> message 
> news:Xns9292720674D9BBlueJAMCnoneofthatsp@207.71.92.194... 
>> "AL" <nospam@nospam.com> wrote in
>> news:amndnp$1f7m$1@news.grc.com: 
>>
>> >
>> However, I fail to see how pointing out the fact that no
>> information is collected--not even IP addresses--and thus there
>> is no privacy concern makes me a Microsoft shill.  Oh,
>> wait...I'm not jumping on the "bash Microsoft even when they're
>> not doing anything wrong" bandwagon.  I suppose THAT makes me a
>> shill. 
> 
> Many people would seem to think that there should be no contact
> with Microsoft whatsoever when conducting a local search on the
> PC 

Even if everyone but me thought there should be no contact with 
Microsoft, that doesn't make it a privacy violation.

*snip*
>> But then again, I suppose this is just me being a Microsoft
>> shill, right?
> The subject matter regarded searches on the local drive.  Google
> doesn't interact with searches on the local drive.

Nor does Microsoft.  Microsoft doesn't see what you're searching 
for.  Windows isn't transmitting any more than what is necessary.

The point I was *trying* to make (and you obviously missed) is that 
people seem to be so concerned with the transmission of an IP 
address (which they don't even log).  The irony in this, however, 
is that they won't think twice about putting themselves in a nice 
database of every search they've done on Google, with their IP 
address.

*snip*
>      There is another issue here, security.   In the event of a
>      DNS 
> hijacking, are there any checks that Search Assistant does to
> ensure it is actually contacting the authorized server?  I'm not
> going to search through endless web pages to find out.

I feel that is the first valid concern I've actually seen brought 
up, and to be honest, I don't know the answer.  If you (or someone 
else) would like to examine the XSL files listed at the Register 
(I'm assuming that's a complete list) and see if there is the 
potential for abuse, I'd be more than happy to e-mail them.

>      One thing was clear to me though.  I, and most others were
>      unaware that 
> SA was contacting MS on searches of the "C" drive until a
> firewall or friend alerted me to it.   Just seems a little
> sneaky to me. 

Sneaky?  Sure.  An issue?  No, not in my opinion.

> In my opinion, you are 100% a MS shill, taking the company's
> position, almost as though you are a bot.

And my opinion is that you are 100% wrong, someone who resorts to 
calling a person an "MS shill" to make your point seem more valid, 
or discredit me.  Sorry, but it doesn't.


-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 4:58:00 PM
AL <nospam@nospam.com> wrote:

>> However, I fail to see how pointing out the fact that no
>> information is collected--not even IP addresses--and thus there is
>> no privacy concern makes me a Microsoft shill.  Oh, wait...I'm not
>> jumping on the "bash Microsoft even when they're not doing anything
>> wrong" bandwagon.  I suppose THAT makes me a shill.
>
> Many people would seem to think that there should be no contact with
> Microsoft whatsoever when conducting a local search on the PC

I agree.  Why did Microsoft choose to cause extra, unnecessary traffic on
the Internet?  Has anyone been able to answer that?

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
9/23/2002 4:59:00 PM
BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:

--
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."

JAMC,

"worn-out anti-MS flame here"?  How about a sig flame?  More than 4 lines.
>:->

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
9/23/2002 5:02:00 PM
In grc.privacy, BlueJAMC said...
> Milly <-@-.-> wrote in
> news:MPG.17f9492582dbb3b198a0ea@news.grc.com: 
> 
> >> So for the benefit of all of us, and this thread, could you
> >> please answer the following questions in your opinions?
> > 
> > What might be of benefit, if is you be more precise in what you 
> > address. So often these bunfights start, or are maintained,
> > because of reading too much or too little or something else
> > entirely into what is posted. As you appear to have done.
> 
> What about Elvis' questions?  In his first reply to PCHelp, he
> said: [...]
> 
> That question was ignored.  Then, Elvis asked again:
> 
> > [...]
> I don't see how much more precise he could be without physically
> standing in front of PCHelp and speaking in slow, tiny words. 

You complain of PCHelp ducking questions, whilst answering my 
suggestion about your own lack of precision with stuff about BE's 
questions. How imprecise is that?

> >> 1.)  If the transmission of an IP address is a privacy
> >> violation, then are websites violating privacy when requiring
> >> the IP address that the user is browsing from?
> > 
> > PCHelp referred to the transmission of an IP address as a
> > privacy concern, not violation. Surely you accept it is a valid
> > concern (which may then be addressed satisfactorily or not, as
> > the case may be)? 
> 
> Do I feel that only an IP address being transmitted is a valid
> concern?  No. 

If there was no explanation and no privacy statement, you wouldn't be 
concerned? I think you've muddled knowing the answer with not 
recognising there was a question. But perhaps you really don't <shrug>.

And, even if you do, you still recognise the difference between a 
concern and a violation, right? And thus where you have misunderstood 
and misrepresented what PCHelp said?

> > And there is no meaningful comparison between visiting a site by
> > giving your return address, and having an apparently (absent
> > RTFM) local activity doing it unbidden. Yes, I know the
> > explanations are there to be found - but that is addressing, and
> > perhaps putting to rest, the concern, not negating it.
> 
> I can see the concern of a process connecting to the internet. 
> Once the information has been pointed out, however, it's painfully
> obvious that there is no privacy violation, and that there is no
> reason for concern. 

Then why did you say "A concern, yes"...

	> The fact that any process phones home to its maker unbidden is 
	> a valid concern for consumers and professionals alike.
	
	A concern, yes, but there is *NO EVIDENCE* to support that ANY 
	privacy is being compromised.  In fact, quite the opposite;  
	there is evidence to support that NO privacy is being 
	compromised.  There have been packet dumps, and independent 
	reviews of this feature, and it is well-established that there is 
	no issue of privacy.

> >> 2.)  If the IP address is logged (which the privacy policy
> >> states it isn't, but just for the sake of argument), then what
> >> information would Microsoft have?  That someone at the IP
> >> address 67.1.190.32 is running XP?  How is this useful to
> >> anyone? 
> > 
> > Oh dear, it's a sad fact that we are *still* having to restate
> > the principles of profiling.
> 
> But WHAT PROFILING?!  The extent of the information they would be
> able to gain from this is that user 67.1.190.32 is running Windows
> XP--and they don't even log the IPs! 

You see where you said "but just for the sake of argument"? And where I 
said "as you've suggested, for the sake of argument" and "And no, I 
don't think it's happening", specifically to avoid it being taken as 
something more? Well, I was wasting my time, apparently. 

> > [...]

> *snip*
> >> 3.)  You went out of your way to point out that the only even
> >> if the only information transmitted is an IP address, that it's
> >> still a violation of privacy. 
> > 
> > No he didn't. Precision, man, precision.
> 
> My bad... s/violation of privacy/privacy concern/g .
> 
> >> My question is that if the IP is used to 
> >> transmit, but is not logged, and if no other information is 
> >> collected (as documented by the privacy policy as well as other
> >> reviews), then what is the privacy concern?
> > 
> > A concern satisfactorily addressed is still a concern. PCHelp
> > has claimed not one word more. Try reading them all again.
> 
> A concern can be based on ignorance;  claiming that this is a 
> concern--despite the facts--is ignorant.

You're left with nothing but semantics. Concerns are dealt with by 
addressing them, if possible, as in this case (and as even you did, 
once, in your off-hand derisive way), not by dismissing them as 
unfounded (as you keep doing).

> >> Could you give these questions a direct response, instead of
> >> just referring to them as trolling, brow beating, etc?  Doing
> >> so might make it easier to understand where you stand on this
> >> issue. 
> > 
> > As would reading what he actually said.
> 
> As would him answering the first timem...or the second time...or 
> even the third time.  But he didn't.

Perhaps he's seen how long it takes you to admit to errors, and didn't 
have the patience?

-- 
Milly
0
Milly
9/23/2002 5:12:00 PM
"BlueJAMC" <BlueJAMC@noneofthatspamhereatnetzero.net> wrote in message
news:Xns929279DE1EE5BlueJAMCnoneofthatsp@207.71.92.194...
> "AL" <nospam@nospam.com> wrote in news:amng4a$1hq4$1@news.grc.com:
>
> > The subject matter regarded searches on the local drive.  Google
> > doesn't interact with searches on the local drive.
>
> Nor does Microsoft.  Microsoft doesn't see what you're searching
> for.  Windows isn't transmitting any more than what is necessary.
>
What is necessary should be left to the disgression of the user.  SA hasn't
contacted MS since I first got XP, and searches of my C drive work just
fine.   No transmission is "necessary".  If they come up with a better idea
for searches, and place the code in these xsl, then include it in the next
service pack.   They certaintly can wait for the service pack when
correcting a bug that can delete files in any directory, so what's the hurry
in "improving" my C drive searches?
> The point I was *trying* to make (and you obviously missed) is that
> people seem to be so concerned with the transmission of an IP
> address (which they don't even log).  The irony in this, however,
> is that they won't think twice about putting themselves in a nice
> database of every search they've done on Google, with their IP
> address.

Actually I would be concerned with the fact that MS is informed that I'm
even using the SA on my PC (when not conducting an internet search.)
However, I knew to get a software firewall to track and shut off outbound
connections.  That was the first order of business when I got XP.
>
> *snip*
> >      There is another issue here, security.   In the event of a
> >      DNS
> > hijacking, are there any checks that Search Assistant does to
> > ensure it is actually contacting the authorized server?  I'm not
> > going to search through endless web pages to find out.
>
> I feel that is the first valid concern I've actually seen brought
> up, and to be honest, I don't know the answer.  If you (or someone
> else) would like to examine the XSL files listed at the Register
> (I'm assuming that's a complete list) and see if there is the
> potential for abuse, I'd be more than happy to e-mail them.

I'm not an expert on the use of these files.  However, I'm not going to
leave the thinking to those who brought us the Help Center fiasco.   Also,
MS was supposed to come clean with all downloading technologies in XP -
don't see anything about SA here.
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/manageautoupd
ate/default.asp

>
> >      One thing was clear to me though.  I, and most others were
> >      unaware that
> > SA was contacting MS on searches of the "C" drive until a
> > firewall or friend alerted me to it.   Just seems a little
> > sneaky to me.
>
> Sneaky?  Sure.  An issue?  No, not in my opinion.

Not an issue so long as one isn't looking for "trustworthy computing".
>
> > In my opinion, you are 100% a MS shill, taking the company's
> > position, almost as though you are a bot.
>
> And my opinion is that you are 100% wrong, someone who resorts to
> calling a person an "MS shill" to make your point seem more valid,
> or discredit me.  Sorry, but it doesn't.
Problem with that is, I've yet to see a post where you don't take 100%, the
MS company line. Seems your signature line corroborates that.

AL
>
0
AL
9/23/2002 5:14:00 PM
Milly <-@-.-> wrote in
news:MPG.17f95bc39893f1a398a0f6@news.grc.com: 

> In grc.privacy, BlueJAMC said...
>> Milly <-@-.-> wrote in
>> news:MPG.17f9492582dbb3b198a0ea@news.grc.com: 
>> 
>> >> So for the benefit of all of us, and this thread, could you
>> >> please answer the following questions in your opinions?
>> > 
>> > What might be of benefit, if is you be more precise in what
>> > you address. So often these bunfights start, or are
>> > maintained, because of reading too much or too little or
>> > something else entirely into what is posted. As you appear to
>> > have done. 
[...]
> You complain of PCHelp ducking questions, whilst answering my 
> suggestion about your own lack of precision with stuff about
> BE's questions. How imprecise is that?

I wouldn't consider it imprecise at all...not only was Elvis
precise, but so was I in the post--to which PCHelp replied, "Fine,
think what you want, I don't care." 

>> >> 1.)  If the transmission of an IP address is a privacy
>> >> violation, then are websites violating privacy when
>> >> requiring the IP address that the user is browsing from?
>> > 
>> > PCHelp referred to the transmission of an IP address as a
>> > privacy concern, not violation. Surely you accept it is a
>> > valid concern (which may then be addressed satisfactorily or
>> > not, as the case may be)? 
>> 
>> Do I feel that only an IP address being transmitted is a valid
>> concern?  No. 
> 
> If there was no explanation and no privacy statement, you
> wouldn't be concerned?

No, I'd be curious.  The fact, however, is that there is a privacy
statement (You may also want to...Learn more about Search
Companion->Search Companion Privacy Statement). 

> I think you've muddled knowing the answer with not recognising
> there was a question.

Questions usually receive answers--unless, of course, the questions 
are asked of PCHelp.  But for review...

Question (Milly):  "Surely you accept it is a valid concern (which 
may then be addressed satisfactorily or not, as the case may be)?"

Answer (Me):  "No, I do not feel it is a valid concern."

> But perhaps you really don't <shrug>. 

Or perhaps you'd rather your questions go unanswered.

> And, even if you do, you still recognise the difference between
> a concern and a violation, right? And thus where you have
> misunderstood and misrepresented what PCHelp said?

A transmission of an IP address isn't a concern.  What reason do I 
have to be concerned?  What reason does ANYONE have to be 
concerned?  Certainly if they trust Microsoft enough to pay to run 
the operating system, they can trust that a connection to the 
internet is just that, and nothing malicous.

>> > And there is no meaningful comparison between visiting a site
>> > by giving your return address, and having an apparently
>> > (absent RTFM) local activity doing it unbidden. Yes, I know
>> > the explanations are there to be found - but that is
>> > addressing, and perhaps putting to rest, the concern, not
>> > negating it. 
>> 
>> I can see the concern of a process connecting to the internet. 
>> Once the information has been pointed out, however, it's
>> painfully obvious that there is no privacy violation, and that
>> there is no reason for concern. 
> 
> Then why did you say "A concern, yes"...
*snip*

Ok, let me be clear...

User A sees the computer connecting to sa.windows.com.  He is 
concerned.  He does a Google search, and sees that no personally 
identifiable information is being, and that no information is being 
transferred to Microsoft.  There is no longer any reason to have a 
concern.

Have I made myself clear enough?

>> >> 2.)  If the IP address is logged (which the privacy policy
>> >> states it isn't, but just for the sake of argument), then
>> >> what information would Microsoft have?  That someone at the
>> >> IP address 67.1.190.32 is running XP?  How is this useful to
>> >> anyone? 
>> > 
>> > Oh dear, it's a sad fact that we are *still* having to
>> > restate the principles of profiling.
>> 
>> But WHAT PROFILING?!  The extent of the information they would
>> be able to gain from this is that user 67.1.190.32 is running
>> Windows XP--and they don't even log the IPs! 
> 
> You see where you said "but just for the sake of argument"? And
> where I said "as you've suggested, for the sake of argument" and
> "And no, I don't think it's happening", specifically to avoid it
> being taken as something more? Well, I was wasting my time,
> apparently. 

Yes, you said, "for the sake of argument".  And for the sake of 
argument, they would be getting an IP address.  Period.  Nothing 
else.  For the sake of argument, what are they going to do with an 
IP address, and no other information to go along with it?  It's 
useless.

*snip*
>> A concern can be based on ignorance;  claiming that this is a 
>> concern--despite the facts--is ignorant.
> 
> You're left with nothing but semantics. Concerns are dealt with
> by addressing them, if possible, as in this case (and as even
> you did, once, in your off-hand derisive way), not by dismissing
> them as unfounded (as you keep doing).

I addressed them in my original post in this thread.  I addressed 
them again later on in my "off-hand derisive way" as you like to 
call it.  And now, I'm dismissing them, because the one concern 
that PCHelp had--the fact that maybe the IP address could be used 
for some kind of profiling--is moot, because they aren't using the 
IP address for profiling.

> 
>> >> Could you give these questions a direct response, instead of
>> >> just referring to them as trolling, brow beating, etc? 
>> >> Doing so might make it easier to understand where you stand
>> >> on this issue. 
>> > 
>> > As would reading what he actually said.
>> 
>> As would him answering the first timem...or the second
>> time...or even the third time.  But he didn't.
> 
> Perhaps he's seen how long it takes you to admit to errors, and
> didn't have the patience?

Or perhaps he knows that his one complaint--the fact that the IP 
address could be used to profile--is moot, and so he resorts to 
dodging questions and childish insults.  I'm leaning towards my 
version more than yours.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 5:28:00 PM
"AL" <nospam@nospam.com> wrote in news:amni5h$1k18$1@news.grc.com:

> 
> "BlueJAMC" <BlueJAMC@noneofthatspamhereatnetzero.net> wrote in
> message 
> news:Xns929279DE1EE5BlueJAMCnoneofthatsp@207.71.92.194... 
>> "AL" <nospam@nospam.com> wrote in
>> news:amng4a$1hq4$1@news.grc.com: 
>>
>> > The subject matter regarded searches on the local drive. 
>> > Google doesn't interact with searches on the local drive.
>>
>> Nor does Microsoft.  Microsoft doesn't see what you're
>> searching for.  Windows isn't transmitting any more than what
>> is necessary. 
>>
> What is necessary should be left to the disgression of the user.

Then if they don't want to use the search assistant, they don't
have to.  Robert posted links to how to disable it.  

>  SA hasn't contacted MS since I first got XP, and searches of my
> C drive work just fine.   No transmission is "necessary".

Transmission is "necessary" for the feature to work as designed.

> If they come up with a better idea for searches, and place the
> code in these xsl, then include it in the next service pack.  
> They certaintly can wait for the service pack when correcting a
> bug that can delete files in any directory, so what's the hurry
> in "improving" my C drive searches? 

Apples and oranges, once again.

>> The point I was *trying* to make (and you obviously missed) is
>> that people seem to be so concerned with the transmission of an
>> IP address (which they don't even log).  The irony in this,
>> however, is that they won't think twice about putting
>> themselves in a nice database of every search they've done on
>> Google, with their IP address.
> 
> Actually I would be concerned with the fact that MS is informed
> that I'm even using the SA on my PC (when not conducting an
> internet search.)

.....why?

*snip*
>> I feel that is the first valid concern I've actually seen
>> brought up, and to be honest, I don't know the answer.  If you
>> (or someone else) would like to examine the XSL files listed at
>> the Register (I'm assuming that's a complete list) and see if
>> there is the potential for abuse, I'd be more than happy to
>> e-mail them. 
> 
> I'm not an expert on the use of these files.  However, I'm not
> going to leave the thinking to those who brought us the Help
> Center fiasco.

But you have no problem trusting the people who make the OS? 
Seems a bit odd to me... 

> Also, MS was supposed to come clean with all downloading
> technologies in XP - don't see anything about SA here. 
> http://www.microsoft.com/WindowsXP/pro/techinfo/administration/ma
> nageautoupd ate/default.asp

Neither do I.

>> >      One thing was clear to me though.  I, and most others
>> >      were unaware that
>> > SA was contacting MS on searches of the "C" drive until a
>> > firewall or friend alerted me to it.   Just seems a little
>> > sneaky to me.
>>
>> Sneaky?  Sure.  An issue?  No, not in my opinion.
> 
> Not an issue so long as one isn't looking for "trustworthy
> computing". 

There's nothing untrustworthy going on.  The only information
being transferred is an IP address, and that's not even logged. 

>> > In my opinion, you are 100% a MS shill, taking the company's
>> > position, almost as though you are a bot.
>>
>> And my opinion is that you are 100% wrong, someone who resorts
>> to calling a person an "MS shill" to make your point seem more
>> valid, or discredit me.  Sorry, but it doesn't.
> Problem with that is, I've yet to see a post where you don't
> take 100%, the MS company line.

Then read a little more.

> Seems your signature line corroborates that. 

My signature line simply shows my opinion of the mindless, stupid,
pointless MS bashing that goes on--especially from people who are
doing it with their Microsoft Windows machine with their Microsoft
Outlook Express while asking for how to do something with their
Microsoft products.  A perfect example of this is a question
someone asked in grc.techtalk...I'll only paste the relevant
portion: 

> I've tried to access a Kodak source to download any new software
> or driversfor my digital camera. The results are always a blank
> page. 
> 
> Is the .jhtml unique to only the latest version of Micro$ucks IE?

Let's see..."Micro$ucks"...well, that's two cliches right 
there...the mindless bashing (as evidenced by the fact that he is 
suggesting that a server-generated page with the extension .jhtml 
has something to do with Internet Explorer)...oh, and the fact that 
it appears he's posting from a Windows box.

My signature line simply corroborates that I'm tired of the 
hypocrisy of the MS bashers--nothing more.

-- 
BlueJAMC

-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 5:50:00 PM
"Robert Wycoff" <Don't.use.Lockdown@any.price> wrote in
news:amnij7$1kk3$2@news.grc.com: 

> JAMC,
> 
> "worn-out anti-MS flame here"?  How about a sig flame?  More
> than 4 lines. 
>>:->

*smack!*

There, ya happy?!  <g>

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 5:51:00 PM
In grc.privacy, Milly said...
> In grc.privacy, AL said...
> > "pchelp" <pchelp@pc-help.org> wrote in message
> > news:3d8f33ae.207779381@news.grc.com...
> > > BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
> > >
> > > [...]
> > 
> > What I did was  enter the following into hosts:
> > 127.0.0.1    sa.windows.com
> > 
> > Firewall no longer goes off any more.  I have a shortcut to google in my
> > links toolbar to replace Search Assistant for internet searches.
> 
> I like the Search Assistant, and don't want to disable it.

No, I don't mean that at all.

I like the MS-KB search built in to the Help system. I've never used 
the Search Assistant for Internet searches from within Explorer ...  
until now.

If I set it use Google, it fetches a Google results page as normal.

But it also shows a bunch of "Sponsored Links" within the explorer pane 
(not the results window). Search on 'computers', for example, and it 
makes links to Dell, Tech Depot, and Shop.voicerecognition.com

Search on 'milly' and it shows shopbop.com, netDoll.com, Songsearch.net 
and MyFamily.com

Google didn't fetch those for me, 'sa.windows.com' did.

Now, where on ...

http://sa.windows.com/privacy/ 

 ... does it tell me about that?

-- 
Milly
0
Milly
9/23/2002 5:53:00 PM
In grc.privacy, BlueJAMC said...
> A transmission of an IP address isn't a concern.  What reason do I 
> have to be concerned?  What reason does ANYONE have to be 
> concerned?  Certainly if they trust Microsoft enough to pay to run 
> the operating system, they can trust that a connection to the 
> internet is just that, and nothing malicous.

LOL. Okay, we are too far apart to bridge the gap. What a pleasant 
world you and the Telletubbies must live in.

-- 
Milly
0
Milly
9/23/2002 6:00:00 PM
Milly <-@-.-> wrote in news:MPG.17f96570c97169c798a0f8
@news.grc.com:

*snip*
> Now, where on ...
> 
> http://sa.windows.com/privacy/ 
> 
>  ... does it tell me about that?

Fourth paragraph...right where it says:

"When you search the Internet using the Search Companion, the 
following information is collected regarding your use of the 
service: the text of your Internet search query, grammatical 
information about the query, the list of tasks which the Search 
Companion Web service recommends, and any tasks you select from the 
recommendation list."

Additionally, it goes on to tell you how to disable the Search 
Companion Web service.

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 6:01:00 PM
Milly <-@-.-> wrote in news:MPG.17f9671bef78e22898a0f9@news.grc.com:

> LOL. Okay, we are too far apart to bridge the gap. What a pleasant 
> world you and the Telletubbies must live in.

And what a sad world you and agents Fox and Mulder must live in, 
where every thing is some evil conspiracy designed to take over the 
world.

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 6:02:00 PM
BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
> "Robert Wycoff" <Don't.use.Lockdown@any.price> wrote in
> news:amnij7$1kk3$2@news.grc.com:
>
>> JAMC,
>>
>> "worn-out anti-MS flame here"?  How about a sig flame?  More
>> than 4 lines.
>>> :->
>
> *smack!*
>
> There, ya happy?!  <g>

What do *you* think?  <VBG>

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
9/23/2002 6:04:00 PM
"Robert Wycoff" <Don't.use.Lockdown@any.price> wrote in news:amnl47
$1n6m$1@news.grc.com:

> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
>> "Robert Wycoff" <Don't.use.Lockdown@any.price> wrote in
>> news:amnij7$1kk3$2@news.grc.com:
>>
>>> JAMC,
>>>
>>> "worn-out anti-MS flame here"?  How about a sig flame?  More
>>> than 4 lines.
>>>> :->
>>
>> *smack!*
>>
>> There, ya happy?!  <g>
> 
> What do *you* think?  <VBG>

I think you need another *smack!* or two...but I'll wait, until you 
least expect it... <EG>

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 6:06:00 PM
In grc.privacy, BlueJAMC said...
> Milly <-@-.-> wrote in news:MPG.17f96570c97169c798a0f8
> @news.grc.com:
> 
> *snip*

Unsnip.

> > But it also shows a bunch of "Sponsored Links" within the explorer pane 
> > (not the results window). Search on 'computers', for example, and it 
> > makes links to Dell, Tech Depot, and Shop.voicerecognition.com
> 
> > Search on 'milly' and it shows shopbop.com, netDoll.com, Songsearch.net 
> > and MyFamily.com
> 
> > Google didn't fetch those for me, 'sa.windows.com' did.
> 
> > Now, where on ...
> > 
> > http://sa.windows.com/privacy/ 
> > 
> >  ... does it tell me about that?
> 
> Fourth paragraph...right where it says:
> 
> "When you search the Internet using the Search Companion, the 
> following information is collected regarding your use of the 
> service: the text of your Internet search query, grammatical 
> information about the query, the list of tasks which the Search 
> Companion Web service recommends, and any tasks you select from the 
> recommendation list."

Does that answer convince even you? Really?

-- 
Milly
0
Milly
9/23/2002 6:16:00 PM
In grc.privacy, BlueJAMC said...
> Milly <-@-.-> wrote in news:MPG.17f9671bef78e22898a0f9@news.grc.com:
> 
> > LOL. Okay, we are too far apart to bridge the gap. What a pleasant 
> > world you and the Telletubbies must live in.
> 
> And what a sad world you and agents Fox and Mulder must live in, 
> where every thing is some evil conspiracy designed to take over the 
> world.

Nice try, but you won't find anything in my posts to support a 
characterisation of paranoia. Whilst naivety or wilful obliviousness is 
common in yours.

-- 
Milly
0
Milly
9/23/2002 6:21:00 PM
Milly <-@-.-> wrote in
news:MPG.17f96ac6b0f1d0d898a0fa@news.grc.com: 

*re-snip*
>> > Now, where on ...
>> > 
>> > http://sa.windows.com/privacy/ 
>> > 
>> >  ... does it tell me about that?
>> 
>> Fourth paragraph...right where it says:
>> 
>> "When you search the Internet using the Search Companion, the 
>> following information is collected regarding your use of the 
>> service: the text of your Internet search query, grammatical 
>> information about the query, the list of tasks which the Search
>> Companion Web service recommends, and any tasks you select from
>> the recommendation list."
> 
> Does that answer convince even you? Really?

What is it--EXACTLY--that you're asking?  If you are Are you asking  
if that answer satisfies the question of where you're told about 
this, then yes, it does convince me.  It's right there in black and 
white.

If you're referring to something else now, please be precise.

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 6:32:00 PM
Milly <-@-.-> wrote in
news:MPG.17f96c2213ea99d098a0fb@news.grc.com: 

> Nice try, but you won't find anything in my posts to support a 
> characterisation of paranoia. Whilst naivety or wilful
> obliviousness is common in yours.

Yes, I guess the fact that I can see no benefit for Microsoft to 
simply receive an IP address (which isn't even logged) makes me 
naive.  Yep...perfect sense.

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 6:34:00 PM
BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:

>For the sake of argument, what are they going to do with an 
>IP address, and no other information to go along with it?  It's 
>useless.

Not for the sake of argument at all, but for the sake of any readers who
may not understand the possibilities...

IF one assumes there is no other information to go along with an IP
address, well sure, it's not much use.

But:

    1) more data can be derived with an IP address as a starting
       point;

    2) data from other source(s) which is also associated with a
       given IP can be correlated;

    3) data so correlated can be combined with still more
       information, itself unrelated to the IP address.

Now, first, before I go into detail, let's agree that Microsoft's claim
that it is not logging IPs at the server in question is probably true.
I regarded that statement as good news. Even so we do need to recognize
that there's no way for anyone but MS to know absolutely, so it is a
matter of trust.  Personally, I am NOT repeat NOT concerned that MS is
using that particular data from tracking or profiling.

I am addressing here what CAN be done, not what I believe IS being done.

That said, let's start with point 1.

I'll take Blue's own IP address, 67.1.190.32 as an example.

A simple reverse DNS lookup, which is done routinely by most web
servers, produces this hostname:

0-1pool190-32.nas6.sioux-falls1.sd.us.da.qwest.net

.... which obviously provides some data about location and ISP.

An ARIN lookup confirms the netblock belongs to Qwest, validating the
hostname.  The word "pool" suggests it is a dialup pool.

That IP address is no longer JUST a number.  It has conveyed potentially
useful information; which certainly can assist in tracking or profiling.

There are sometimes additional means of lookup, such as RWHOIS.  That,
or ARIN itself, might identify an organization or small ISP, zeroing-in
on a relatively small group of individuals.

Let's not forget that with any IP contact comes the data willy-nilly, of
when and how often the transmissions are sent.  Over time, such data
could allow one to infer a schedule of usage patterns, to confirm
someone is still "home" at a given IP, etc.


On to point 2.

Public sources such as Usenet, the Google archive, etc., and comparable
private sources, could turn up lots of data about what else may have
issued from that IP or its immediate neighborhood.  That kind of
tracking is complex, and involves considerable uncertainty, so let's set
it aside for this exercise, but please be aware that I personally have
tracked people this way.

Microsoft owns a number of heavily-trafficked websites.  Search entries
are capable of revealing very significant facts about a user, and they
have access to millions of those, in company with IPs.  Expedia is a
potential gold mine of data.  Millions of people enter their home
locations, and those of their friends, into its online driving
directions forms.  Travel plans -- even if only speculative -- are
revealed in detail.  Actual purchases of airline tickets involve
_complete_ personal details.

Add cookies to the equation, and toss in the "cross-domain cookies"
Microsoft employs.

All this may be correlated to an IP address, if fixed, or to a series of
them, if not.


Point 3.

Once details are known, such as a person's possible address, a company
name, an unusual subject of interest, or what-have-you; those details
can be followed up.  Telephone listings are digitized everywhere,
commonly with street addresses included.  Data commodities such as
mailing lists and customer profiles can be bought from any number of
sources ranging from data-mining businesses to mail-order sales
operations to credit reporting agencies.  Public sources include
property listings and voter registration records.  Add news stories.
Toss in the whole of the searchable Web.

I'm not trying to assert that MS in particular is doing this kind of
tracking.  What I am saying is that the possibilities are there, and as
a consequence, VALID concerns exist about revealing a mere IP address,
especially where it happens surreptitiously and where trust  of a
gigantic commercial entity is at issue.

Start with a bit of data; follow it up; leverage the bits so acquired;
correlate multiple sources; and a picture can be built, sometimes a very
complete one.  This is truly the Information Age.  Let slip ONE key fact
to someone who may want to know all about you -- and they may soon know
all about you!

Though we may often let baseless worries or mistrust take it overboard,
nonetheless, no one in his right mind can afford to ignore these
possibilities.

pchelp
0
pchelp
9/23/2002 7:07:00 PM
In grc.privacy, BlueJAMC said...
> Milly <-@-.-> wrote in
> news:MPG.17f96ac6b0f1d0d898a0fa@news.grc.com: 
> 
> *re-snip*
> >> > Now, where on ...
> >> > 
> >> > http://sa.windows.com/privacy/ 
> >> > 
> >> >  ... does it tell me about that?
> >> 
> >> Fourth paragraph...right where it says:
> >> 
> >> "When you search the Internet using the Search Companion, the 
> >> following information is collected regarding your use of the 
> >> service: the text of your Internet search query, grammatical 
> >> information about the query, the list of tasks which the Search
> >> Companion Web service recommends, and any tasks you select from
> >> the recommendation list."
> > 
> > Does that answer convince even you? Really?
> 
> What is it--EXACTLY--that you're asking?  If you are Are you asking  
> if that answer satisfies the question of where you're told about 
> this, then yes, it does convince me.  It's right there in black and 
> white.

Oh, I see ... more pointless semantics.

> If you're referring to something else now, please be precise.

To what end? I have no interest in a dumb pro-/anti-MS bunfight. There 
is an issue of adequate disclosure here (as I hope and presume you see, 
from one side or the other), but I see no purpose in debating it with 
you.

-- 
Milly
0
Milly
9/23/2002 7:14:00 PM
Milly <-@-.-> wrote:

>To what end? ... I see no purpose in debating it with you.

We have a lot in common, Milly.  What's your sign?  ;-)

pchelp
0
pchelp
9/23/2002 7:25:00 PM
AL wrote:

> I think your dealing with a couple of Microsoft shills here who staunchly
> defend Microsoft no matter what.   Forget about having an intelligent
> debate.

Gettin' mighty close there ain't ya? Gonna whack some shins if'n you 
ain't keerful, mister.

But we all know MS don't lie or deceive, don't we? Hey, they said so 
didn't they? After all...they didn't rig any  demonstations or anything 
in court, did they? And we all know Shane Brooks is lyin' through his 
teeth when he says takin' out a bunch of the junk you don't need (that 
MS says you can't take out without breakin' it) don't break Winders, 
don't we? <G>

Every once in a while, in idle moments, I muse over how much use MS puts 
all these security holes to, themselves, before they get discovered. I 
cannot, in all my wildest dreams, imagine them being that dumb or 
incompetent. It's too cotton-pickin' cornsistent a history for all the 
holes. The latest Word97 thingy (also the old GUID thingy too) has to be 
one of the funniest ones, in my book. Every single hole found can be a 
tool for MS as well as for anyone else one might want to worry about the 
intentions of.

Combine that with the intense 'competitive spirit' of MS, and their 
well-dominated need to totally dominate everything they can stick their 
fingers into, it can give one a ton of food for thought, if one has the 
time to ponder things.

Where I come from, there's a world of difference between 'competition' 
and 'scorched Earth'.

Might be bettin' time here again, soon. <G>

Call it 'dumb like a fox'.

Here's a comforting thought...imagine MS as the prime contractor on 
Echelon and Carnivore. Then ask yourself what they're **really** gonna 
watch for. Warm and fuzzy right off, ne? They gonna watch for terrorism 
or business competition? Jest another tidbit for thought.

Cheers.

Keep smilin'; people will go crazy wondering what you're up to.

Waldo
0
Waldo
9/23/2002 8:08:00 PM
Robert Wycoff wrote:

> I agree.  Why did Microsoft choose to cause extra, unnecessary traffic on
> the Internet?

Bite your tongue...it's a feature!

Waldo
0
Waldo
9/23/2002 8:39:00 PM
On Mon, 23 Sep 2002 13:08:40 -0700, Waldo Hamilton <waldo@mei.ws>
wrote:

>But we all know MS don't lie or deceive, don't we? Hey, they said so 
>didn't they? After all...they didn't rig any  demonstations or anything 
>in court, did they? And we all know Shane Brooks is lyin' through his 
>teeth when he says takin' out a bunch of the junk you don't need (that 
>MS says you can't take out without breakin' it) don't break Winders, 
>don't we? <G>
>
To paraphrase the late William Colby...
"Trust us. We're honorable men. We're here to help you."

---------------------------------------------
Not from here, just passin' thru.
0
Juergen
9/23/2002 8:42:00 PM
Juergen wrote:

> To paraphrase the late William Colby...
> "Trust us. We're honorable men. We're here to help you."

I like the response in Appalachia to the proverbial 'grey-suited Fed' 
who walks up and says 'Hi; I'm from the US government; I'm here to help 
you';

"Run for your life!!"

Waldo
0
Waldo
9/23/2002 8:54:00 PM
"Waldo Hamilton" <waldo@mei.ws> wrote in message
news:amnscb$1v9b$1@news.grc.com...
> AL wrote:
>
> But we all know MS don't lie or deceive, don't we? Hey, they said so
> didn't they?

Of course  know they would never lie.   Sorry if I implied otherwise ;-)

http://www.ftc.gov/opa/2002/08/microsoft.htm

AL
"According to the Commission's complaint, Microsoft falsely represented
that:"
0
AL
9/23/2002 8:57:00 PM
In article <amndnp$1f7m$1@news.grc.com>, nospam@nospam.com says...
<snip>
> > But the very simple facts speak for themselves.  Unwanted, unannounced
> > phone-home-over-the-Net behavior by an oft-used O/S utility, which
> > occurs even when the user's purposes are strictly local to his own
> > machine, is something you both clearly wish to tolerate, justify, pass
> > off as insignificant, whatever.
> 
> I think your dealing with a couple of Microsoft shills here who staunchly
> defend Microsoft no matter what.   Forget about having an intelligent
> debate.
> 
When did I defend MS in this debate ? I don't recall making a jugment 
one way or another. 

I *simply* asked what the pragmatic consequences are, especially when MS 
has a privacy policy that specifically addresses this issue. And when 
pchelp was finally finished insulting me and acting like a petulant 
child, he finally gave an answer about what one *could* (possibly) do 
with an IP address. 
Which, when all is said and done, is no different than what could be 
done with an ip address from here, from using the web, etc. 
So, IOW, I am at no more risk of my privacy being violated than I am by 
simply using the internet. Less, since the privacy policy says it 
specifically does not do what pchelp listed.

And since pchelp later says:
 
"Now, first, before I go into detail, let's agree that Microsoft's claim
that it is not logging IPs at the server in question is probably true.
I regarded that statement as good news. Even so we do need to recognize
that there's no way for anyone but MS to know absolutely, so it is a
matter of trust.  Personally, I am NOT repeat NOT concerned that MS is
using that particular data from tracking or profiling."

he would seem to be in agreement with me that practically speaking, 
there are *NO* consequences from search sending out to sa.windows.com.

1) They are not logging the data.
2) They are not using it for tracking or profiling.


Now - onto this issue :
"Many people would seem to think that there should be no contact with
Microsoft whatsoever when conducting a local search on the PC"

OK, simple, as we said at the begining - turn it off. If you don't like 
the default settings, change them. 

> The matter has been discussed here.
> http://theregister.co.uk/content/archive/24815.html
> 
> What I did was  enter the following into hosts:
> 127.0.0.1    sa.windows.com
<snip>
Yes, we all know various ways to turn it off. This wasn't the question 
after the first response.


-- 
Bloated Elvis
0
bloated
9/23/2002 9:17:00 PM
In article <MPG.17f95bc39893f1a398a0f6@news.grc.com>, -@-.- says...
<snip>
> 
> You're left with nothing but semantics. Concerns are dealt with by 
> addressing them, if possible, as in this case (and as even you did, 
> once, in your off-hand derisive way), not by dismissing them as 
> unfounded (as you keep doing).
> 
> > >> Could you give these questions a direct response, instead of
> > >> just referring to them as trolling, brow beating, etc?  Doing
> > >> so might make it easier to understand where you stand on this
> > >> issue. 
> > > 
> > > As would reading what he actually said.
> > 
> > As would him answering the first time...or the second time...or 
> > even the third time.  But he didn't.
> 
> Perhaps he's seen how long it takes you to admit to errors, and didn't 
> have the patience?
> 

I was not (merely) dismissing the concerns as unfounded ( although since 
they are addressed by a provacy policy, I think they are) , I was simply 
asking for, as we discussed in another thread before, the practical 
application and ramifications of this telltale IP transmission.
I don't think I was rude, nor do I think I misuderstood pchelps points.

In fact, I thought it was a pretty relevant question.


-- 
Bloated Elvis
0
bloated
9/23/2002 9:33:00 PM
In article <Xns9292650374D28BlueJAMCnoneofthatsp@207.71.92.194>, BlueJAMC 
says...
>Phil Youngblood <phil587@my_un_realbox.com> wrote in
>news:amm0m4$3ba$2@news.grc.com: 
>> 
>> I will remind you -- I made no reference to any privacy issue.
>> You keep bringing it up, not me. If I wanted to address the
>> potential and real privacy issues I see with Microsoft, this one
>> would not be included. 
>
>Yes, I keep bringing up the privacy issues because that's what the 
>thread was pretty much about.  If your only point--and reason for 
>posting--is to point out that the updating is a useless feature, then 
>you can have that point, and I'm done with this whole branch of the 
>thread.

You seem to keep losing track of the facts here, BJ. I posted to ask if 
you knew *why* the call was made. You could have simply said in the first 
place you don't know and "this branch of the thread" would have died right 
there. It was your assumptions and insinuations about my intentions that 
caused everything that followed -- including your incorrect remark above. 
Now *I* am done with this whole branch of the thread.
-- 
Phil
0
Phil
9/23/2002 10:02:00 PM
Phil Youngblood <phil587@my_un_realbox.com> wrote in
news:amo30o$2417$1@news.grc.com: 

> In article <Xns9292650374D28BlueJAMCnoneofthatsp@207.71.92.194>,
> BlueJAMC says...
>>Phil Youngblood <phil587@my_un_realbox.com> wrote in
>>news:amm0m4$3ba$2@news.grc.com: 
>>> 
>>> I will remind you -- I made no reference to any privacy issue.
>>> You keep bringing it up, not me. If I wanted to address the
>>> potential and real privacy issues I see with Microsoft, this
>>> one would not be included. 
>>
>>Yes, I keep bringing up the privacy issues because that's what
>>the thread was pretty much about.  If your only point--and
>>reason for posting--is to point out that the updating is a
>>useless feature, then you can have that point, and I'm done with
>>this whole branch of the thread.
> 
> You seem to keep losing track of the facts here, BJ. I posted to
> ask if you knew *why* the call was made.

"For example, if you use Search Companion to find only Music files
on your machine, Search Companion may check to see if there are
any new types of Music files that should be included in your
search." 

You wanted to know why?  That's why--and I already pointed it out.  
The answer's not good enough for you?  Fine, turn off the feature. 

> You could have simply said in the first place you don't know and
> "this branch of the thread" would have died right there.

The fact that you don't want to search Google for the reason, or 
listen to the reason when it's presented to you, doesn't mean I 
don't know.  It just means you don't care.

> It was your assumptions and insinuations about my intentions that
> caused everything that followed -- including your incorrect
> remark above.

So it's NOT correct that we were talking about privacy?  
Okay...whatever you say...

> Now *I* am done with this whole branch of the thread. 

Ok, then we're agreed.

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/23/2002 10:06:00 PM
In article <amnij7$1kk3$1@news.grc.com>, Robert Wycoff says...
>AL <nospam@nospam.com> wrote:
>
>>> However, I fail to see how pointing out the fact that no
>>> information is collected--not even IP addresses--and thus there is
>>> no privacy concern makes me a Microsoft shill.  Oh, wait...I'm not
>>> jumping on the "bash Microsoft even when they're not doing anything
>>> wrong" bandwagon.  I suppose THAT makes me a shill.
>>
>> Many people would seem to think that there should be no contact with
>> Microsoft whatsoever when conducting a local search on the PC
>
>I agree.  Why did Microsoft choose to cause extra, unnecessary traffic on
>the Internet?  Has anyone been able to answer that?
>

Certainly not our MS apologists in residence.
-- 
Phil
0
Phil
9/23/2002 10:09:00 PM
In grc.privacy, bloated elvis said...
> In article <MPG.17f95bc39893f1a398a0f6@news.grc.com>, -@-.- says...
> <snip>
> > 
> > You're left with nothing but semantics. Concerns are dealt with by 
> > addressing them, if possible, as in this case (and as even you did, 
> > once, in your off-hand derisive way), not by dismissing them as 
> > unfounded (as you keep doing).
> > 
> > > >> Could you give these questions a direct response, instead of
> > > >> just referring to them as trolling, brow beating, etc?  Doing
> > > >> so might make it easier to understand where you stand on this
> > > >> issue. 
 > > > > 
> > > > As would reading what he actually said.
> > > 
> > > As would him answering the first time...or the second time...or 
> > > even the third time.  But he didn't.
> > 
> > Perhaps he's seen how long it takes you to admit to errors, and didn't 
> > have the patience?
> 
> I was not (merely) dismissing the concerns as unfounded ( although since 
> they are addressed by a provacy policy, I think they are) , I was simply 
> asking for, as we discussed in another thread before, the practical 
> application and ramifications of this telltale IP transmission.
> I don't think I was rude, nor do I think I misuderstood pchelps points.
> 
> In fact, I thought it was a pretty relevant question.

Have you mistaken my post quoted above to be a reply or response to 
your post(s)? It wasn't, and wasn't directed obliquely at you either.

I can, if you like? The supposed accusation of privacy *violation* was 
indeed unfounded. As was the notion that mere transmission of an IP 
address was "bad". But PCHelp said neither, notwithstanding that you 
initially specifically suggested he did (indicating misrepresentation, 
no doubt unintended, if not misunderstanding).

And privacy *concerns* are not rendered unfounded by the happy instance 
of a satisfactory explanation. They are rendered satisfied. They would 
be unfounded, in this example, if no such IP transmissions were made.

I think questioning the practical ramifications is relevant too. A 
shame you did it in posts which misrepresented, merely carelessly I 
trust, the earlier questions.

-- 
Milly
0
Milly
9/23/2002 10:17:00 PM
Milly wrote:

> LOL. Okay, we are too far apart to bridge the gap. What a pleasant 
> world you and the Telletubbies must live in.

You're mean, Milly. I love it!!!

Of course, nobody's talking about the possibility that after they've 
soaked up all your personal data you handily keep in all the neat little 
folders they set up for you, they no longer need the IP, are they? Why 
save the IP if you've got names, addresses, credit cards, kids' names, 
and all that other rot, right?

Note I didn't say they were doing all this...I'm just not dumb enough to 
assume they wouldn't...especially afte watching them in court several 
times. That upsets some people. Some 'experts' act just like the teacher 
in Catechism, when attendees ask too many questions they aren't supposed 
to ask.

If this argument gets any more convoluted, it may be betting time again. <G>

Cheers

Waldo
0
Waldo
9/23/2002 10:33:00 PM
BlueJAMC wrote:

> Yes, I guess the fact that I can see no benefit for Microsoft to 
> simply receive an IP address (which isn't even logged) makes me 
> naive.  Yep...perfect sense.

Why save the IP if you've soaked up everything else? You seem to be 
forgetting, or unaware of, events that actually resulted in the 
existence of these NG's.

Cheers

Waldo
0
Waldo
9/23/2002 10:36:00 PM
pchelp wrote:
> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
> 
> 
>>For the sake of argument, what are they going to do with an 
>>IP address, and no other information to go along with it?  It's 
>>useless.

<all the good stuff snipped to save room>

There you go again...raising all the points nobody's sposta know about. 
How come you keep asking all the questions that aren't sposta be asked?
<G>

Waldo
0
Waldo
9/23/2002 10:40:00 PM
BlueJAMC wrote:

> I think you need another *smack!* or two...but I'll wait, until you 
> least expect it... <EG>

Is that something learned in MSCE school?

Waldo
0
Waldo
9/23/2002 10:43:00 PM
Waldo Hamilton <waldo@mei.ws> wrote:

>Might be bettin' time here again, soon. <G>

Think you'll find a bookie to take YOUR kinda bet, Waldo?

pchelp
, who is betting there'll be a rainstorm somewhere someday.
0
pchelp
9/23/2002 11:29:00 PM
bloated elvis <thel8elvis@hotmail.com> wrote:

>And since pchelp later says:

>"Now, first, before I go into detail, let's agree that Microsoft's claim
>that it is not logging IPs at the server in question is probably true.
>I regarded that statement as good news. Even so we do need to recognize
>that there's no way for anyone but MS to know absolutely, so it is a
>matter of trust.  Personally, I am NOT repeat NOT concerned that MS is
>using that particular data from tracking or profiling."

>he would seem to be in agreement with me that practically speaking, 
>there are *NO* consequences from search sending out to sa.windows.com.

What?  Eh?  Where'd you find THAT idea?

I'll tell you ONE damn consequence.  It's people wondering what the hell
is going ON when their O/S phones home.

Sure, explanations exist.  But it's new news to one persona after
another after another...

Another consequence?  Millions of packets crossing the Net, at the
expense of many entities, destined for a single server that does what?
Auto-configures people's machines, unbeknownst to them, for file
associations?  That is boneheaded at best!  Or is it, as Waldo aptly
asks, dumb like a fox?

No consequences, my eye.


>1) They are not logging the data.
>2) They are not using it for tracking or profiling.

No, PROBABLY not.  Not _anymore_, they tell us.


>Now - onto this issue :
>"Many people would seem to think that there should be no contact with
>Microsoft whatsoever when conducting a local search on the PC"

>OK, simple, as we said at the begining - turn it off. If you don't like 
>the default settings, change them. 

Simplistic nonsense.  Millions pf people have no clue it's happening to
begin with.

pc"nobody understands me"help
0
pchelp
9/23/2002 11:38:00 PM
In article <Xns9292AE11F341ABlueJAMCnoneofthatsp@207.71.92.194>, BlueJAMC 
says...
>The fact that you don't want to search Google for the reason, or 
>listen to the reason when it's presented to you, doesn't mean I 
>don't know.  It just means you don't care.
>

You are misstating the facts *again*. Why do you insist on doing that to 
no good end? You put four totally incorrect statements in two sentences. 
That may be some kind of record. I won't restate because the correct 
versions are in the thread. I have no reason to think you are a troll but 
you are certainly beginning to play one in this thread.
-- 
Phil
0
Phil
9/23/2002 11:46:00 PM
In article <amo5er$299v$2@news.grc.com>, waldo@mei.ws says...
> BlueJAMC wrote:
> 
> > I think you need another *smack!* or two...but I'll wait, until you 
> > least expect it... <EG>
> 
> Is that something learned in MSCE school?
> 
> Waldo
> 
Waldo, after reading all your posts I would like to thank you for 
contributing exactly *nothing* to this thread. 
It must be fun to just wait on the sidelines to pile on with meaningless 
comments.

-- 
Bloated Elvis
0
bloated
9/23/2002 11:47:00 PM
BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:

>Phil Youngblood <phil587@my_un_realbox.com> wrote in

>> You seem to keep losing track of the facts here, BJ. I posted to
>> ask if you knew *why* the call was made.

>"For example, if you use Search Companion to find only Music files
>on your machine, Search Companion may check to see if there are
>any new types of Music files that should be included in your
>search." 

>You wanted to know why?  That's why--and I already pointed it out.  
>The answer's not good enough for you?  Fine, turn off the feature. 

Gotta wonder how often new music file types are invented.  Daily?

pchelp
0
pchelp
9/23/2002 11:58:00 PM
BlueJAMC wrote:

> My car's check engine light has never come on, yet it continuously 
> checks to make sure the engine is functioning correctly.

Yeah, but does your car call a f**kin' dealer every time you start it or 
do some other specific thing with it?

I think that's the point being made here, and you're dodging the whole 
thing with lame comparisons.

Cheers

Waldo
0
Waldo
9/24/2002 12:26:00 AM
pchelp@pc-help.org (pchelp) wrote in news:3d8fa62d.20074690
@news.grc.com:
 
> Gotta wonder how often new music file types are invented.  Daily?

No.  Just new DRM schemes.  :-)

[Dashes stage left quickly before the Musketteers resume the 
swordfight.]
0
Mark
9/24/2002 12:55:00 AM
Here you go Elvis, a nice piece of software to help you stay secure...

The advertising suggests that you may be (Gasp) "Broadcasting your internet
address" and this is their remedy.

I suggest you treat this link with caution, the name is a bit of a giveaway

http://www.bonzi.com/bonziportal/index.asp?l=home&t=support&nav=ft&fscroll=a
uto&fh=600&fsrc=http://www.bonzi.com/support/update.htm

Charlie

"bloated elvis" <thel8elvis@hotmail.com> wrote in message
0
Charlie
9/24/2002 1:04:00 AM
"pchelp" <pchelp@pc-help.org> wrote in message
news:3d8fa62d.20074690@news.grc.com...

> Gotta wonder how often new music file types are invented.  Daily?
>
> pchelp

Obviously you have never heard me playing a musical instrument <g>

Possibly .OMG .YUK or .FM (and I don't mean frequency modulation)


Charlie
0
Charlie
9/24/2002 1:20:00 AM
In article <MPG.17f9a36631b1e87198a10c@news.grc.com>, -@-.- says...
<snip>
> 
> Have you mistaken my post quoted above to be a reply or response to 
> your post(s)? It wasn't, and wasn't directed obliquely at you either.

No, I know it wasn't directed at me.

> 
> I can, if you like? The supposed accusation of privacy *violation* was 
> indeed unfounded. As was the notion that mere transmission of an IP 
> address was "bad". 

The notion that the transmission of an IP was bad is unfounded ?
I guess we are reading different posts.

> But PCHelp said neither, notwithstanding that you 
> initially specifically suggested he did (indicating misrepresentation, 
> no doubt unintended, if not misunderstanding).

I thought it was very clear that pchelp belives transmitting an IP 
address is a privacy *concern* and this it is a *bad* thing.
> 
> And privacy *concerns* are not rendered unfounded by the happy instance 
> of a satisfactory explanation. They are rendered satisfied. They would 
> be unfounded, in this example, if no such IP transmissions were made.

Talk about a matter of semantics. According to your definitions, my 
'concern' that aliens are trying to kill me can *never* be unfounded, 
only satisfied.

> 
> I think questioning the practical ramifications is relevant too. A 
> shame you did it in posts which misrepresented, merely carelessly I 
> trust, the earlier questions.

I misrepresented nothing. I wanted to know how transmission of an Ip 
address is a privacy *concern* ( and I assume having a privacy concern 
about your OS is a bad thing ) when the company in question has a 
privacy policy that says the IP Address is not logged. 

-- 
Bloated Elvis
0
bloated
9/24/2002 1:50:00 AM
In article <3d8fa3f5.19506697@news.grc.com>, pchelp@pc-help.org says...
<snip>
> >he would seem to be in agreement with me that practically speaking, 
> >there are *NO* consequences from search sending out to sa.windows.com.
> 
> What?  Eh?  Where'd you find THAT idea?
> 
> I'll tell you ONE damn consequence.  It's people wondering what the hell
> is going ON when their O/S phones home.

NO PRIVACY CONSEQUENCES. Sorry I did not spell it out for you, before.
> 
> Sure, explanations exist.  But it's new news to one persona after
> another after another...

So is the fact that the sky is blue. Now you want to make the issue of 
the fact people wonder about thier OS ? Please. 

> 
> Another consequence?  Millions of packets crossing the Net, at the
> expense of many entities, destined for a single server that does what?
> Auto-configures people's machines, unbeknownst to them, for file
> associations?  That is boneheaded at best!  Or is it, as Waldo aptly
> asks, dumb like a fox?
> 
> No consequences, my eye.

Ok, so the consequences are that people that notice these packets and 
become curious. 

Again, I will ask you, since you stated you believe MS is not logging 
this info or using it for profiling, what is the evil plot that you keep 
insinuating exists ? 
PLEASE explain it to me.
YOU still haven't explained how this information being transmitted 
affects me.
You have a *concern* that it's being transmitted, but you haven't 
expounded on the consequence of this specific transmission. 
That's all I have been asking for all along. From my first post:

"What do *you* think MS is doing with a DB filled with millions of dial-
up IP addresses from XP users that use the search function.
I'll give you that it's *technically* a privacy violation with the 
*default* install of XP. Now give me a pragmatic reason to care ???"

Apparently it is too difficult for you to give me a reasonable answer.

<snip>

-- 
Bloated Elvis
0
bloated
9/24/2002 2:01:00 AM
Phil Youngblood <phil587@my_un_realbox.com> wrote in
news:amo93u$29ve$5@news.grc.com: 

> In article <Xns9292AE11F341ABlueJAMCnoneofthatsp@207.71.92.194>,
> BlueJAMC says...
>>The fact that you don't want to search Google for the reason, or
>>listen to the reason when it's presented to you, doesn't mean I 
>>don't know.  It just means you don't care.
>>
> 
> You are misstating the facts *again*.

You said--and I quote:

> You could have simply said in the first place you don't know and
> "this branch of the thread" would have died right there. 

"In the first place" I pointed out a link to the Search Assistant
privacy policy.  The privacy policy explains what actions are
carried out, what information is transferred, what information is
kept, and what the purpose of it is.  So I concluded--from your
continued questions on the subject--that you didn't actually care
what the answer was.  


> Why do you insist on doing that to no good end?

Perhaps the same reason you keep asking questions you know the
answers to to no good end? 

> You put four totally incorrect statements in two sentences.

Let's see, I said:

> The fact that you don't want to search Google for the reason, or
> listen to the reason when it's presented to you, doesn't mean I 
> don't know.  It just means you don't care.

Let's see...you didn't appear to want to search Google.  You
didn't listen to the reason when it was presented to you--as
evidenced by the fact that you asked after the reason was
presented to you.  And the fact that you didn't appear to want to
search Google or listen to the reason it was provided to you
doesn't mean I don't know.  However, it certainly seems to make
you look like it's no concern of yours. 

> I have no reason to think you are a troll but you are certainly
> beginning to play one in this thread. 

You know, it seems to me that a troll would be someone who asks 
questions not related to the thread or the group to which you 
already know the answers.  I'm not saying that you're a troll, but 
there's certainly some troll-ish behavior there.

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/24/2002 4:15:00 AM
pchelp@pc-help.org (pchelp) wrote in news:3d8fa62d.20074690
@news.grc.com:

> Gotta wonder how often new music file types are invented.  Daily?

No, not daily--nor does the average user use the search function 
daily.  However, since XP was released, OGG Vorbis has gained 
popularity.  That would be one benefit of such a feature.  
Additionally, it's not used just for music files;  that's an example.  
It's also used for pictures, video, and different types of documents.  
But then, I think you knew that, didn't you?

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/24/2002 4:15:00 AM
Waldo Hamilton <waldo@mei.ws> wrote in
news:amobev$2fg9$1@news.grc.com: 

> BlueJAMC wrote:
> 
>> My car's check engine light has never come on, yet it
>> continuously checks to make sure the engine is functioning
>> correctly. 
> 
> Yeah, but does your car call a f**kin' dealer every time you
> start it or do some other specific thing with it?

You know, it doesn't...but now that you mention it, that might be a 
good idea.  A car which checks with the maker or dealer every time 
it is started to see if there have been any recalls for that model.  
Seems like a good idea to me.

> I think that's the point being made here

The point being made here is that--shock, horror!--the IP address 
is sent!

> and you're dodging the whole thing with lame comparisons.

And you're dodging the entire discussion, choosing to inject lame, 
pointless comments which have nothing to do with anything being 
discussed.

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/24/2002 4:15:00 AM
Milly <-@-.-> wrote in
news:MPG.17f978823f11bd1598a0fd@news.grc.com: 

> In grc.privacy, BlueJAMC said...
>> Milly <-@-.-> wrote in
>> news:MPG.17f96ac6b0f1d0d898a0fa@news.grc.com: 
>> 
>> *re-snip*
>> >> > Now, where on ...
>> >> > 
>> >> > http://sa.windows.com/privacy/ 
>> >> > 
>> >> >  ... does it tell me about that?
>> >> 
>> >> Fourth paragraph...right where it says:
>> >> 
>> >> "When you search the Internet using the Search Companion,
>> >> the following information is collected regarding your use of
>> >> the service: the text of your Internet search query,
>> >> grammatical information about the query, the list of tasks
>> >> which the Search Companion Web service recommends, and any
>> >> tasks you select from the recommendation list." 
>> > 
>> > Does that answer convince even you? Really?
>> 
>> What is it--EXACTLY--that you're asking?  If you are Are you
>> asking  if that answer satisfies the question of where you're
>> told about this, then yes, it does convince me.  It's right
>> there in black and white. 
> 
> Oh, I see ... more pointless semantics.

Let me be clear...the first issue brought up is of privacy, that 
something is being transmitted to Microsoft.  It's then pointed out 
that no information is transmitted.

Next, it's argued that to make a connection, it's necessary to give 
MS your IP address, and that this is a "privacy concern".  It's 
then pointed out that the IP address isn't even logged.

Next, it's argued (or implied, suggested, choose whatever verb you 
like, I'm getting tired of these word games) that there's no 
mention anywhere in the privacy policy that using the Search 
Assistant on a web search will transmit that search to Microsoft.  
It's then pointed out, and quoted, that there is mention of this 
behavior in the privacy policy.

Now you're asking me if it convinces me.  This is REALLY getting 
old...if you're going to bitch and moan about privacy, then bitch 
and moan about privacy, but quit trying to change the issue.  Pick 
an issue and stick with it.

>> If you're referring to something else now, please be precise.
> 
> To what end? I have no interest in a dumb pro-/anti-MS bunfight.
> There is an issue of adequate disclosure here (as I hope and
> presume you see, from one side or the other), but I see no
> purpose in debating it with you.

Yes, there is an issue of adequate disclosure--and it's adequately 
disclosed.  You want to learn more about Search Companion?  Then 
you click the item in the Find menu that says, "Learn more about 
Search Companion".  Makes sense to me.

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/24/2002 4:15:00 AM
pchelp@pc-help.org (pchelp) wrote in
news:3d8f5d35.1391747@news.grc.com: 

> BlueJAMC <BlueJAMC@noneofthatspamhereatnetzero.net> wrote:
> 
>>For the sake of argument, what are they going to do with an 
>>IP address, and no other information to go along with it?  It's 
>>useless. 
> 
> Not for the sake of argument at all, but for the sake of any
> readers who may not understand the possibilities...
> 
> IF one assumes there is no other information to go along with an
> IP address, well sure, it's not much use.
*snip*

So you feel that the fact that Search Assistant is a privacy
violation--oh, I'm sorry, "concern"--because if the IP address
were collected, it could be be used to determine information which
is already widely available in the gigantic MS database. 

*  The IP address could be used to determine your location.  Of
course, every time you browse, your IP address is sent, and could
be used to determine your location.  So the Search Assistant
feature provides no additional information in that regard. 

*  The IP address could be joined with other Microsoft databases,
which already provide more information than only the IP address
submitted with Search Assistant gives.  If joined with a
third-party database, then there's still more information in that,
and linking it to one IP address in the Search Assistant database
is insignificant. 

*  "Once details are known, such as a person's possible address, a
company name, an unusual subject of interest, or what-have-you"--
then now the same thing can be done that could be done before the 
Search Assistant database.

In short, the Search Assistant database provides no information 
that that is significant, unless it is joined with a third-party or 
separate database--which, would still provide no additional insight 
to the user.

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/24/2002 4:15:00 AM
In article <Xns9292EC9678763BlueJAMCnoneofthatsp@207.71.92.194>, BlueJAMC 
says...

   <snip yet more misdirection>

>You know, it seems to me that a troll would be someone who asks 
>questions not related to the thread or the group to which you 
>already know the answers.  I'm not saying that you're a troll, but 
>there's certainly some troll-ish behavior there.

Not related? OK -- let's take look at that. Subject: XP search accessing 
net? The thread was about the local search function calling home. I asked 
why does it have to do that on every single local search. Not related? 
Anything "not related" that followed flowed from your incorrect 
assumptions and innuendo.

You know, for someone seemingly intelligent and knowledgeable on many PC 
issues, you really go stupid when someone questions your beloved Microsoft 
-- and it wasn't even *me*. Your points might be better taken if your 
position was not quite so polarized and defensive.

-- 
Phil
0
Phil
9/24/2002 5:12:00 AM
BlueJAMC wrote:
> "Never, ever, EVER, sarcastic.  Ever."

Dear Blue,
I must state that I have not read this entire thread, only about the
first half.  I think that only a true masochist could swallow it whole. 
However, it has me wondering.  Indeed, I'm wondering if you acquired the
"blue" nickname from winning too many breath holding contests?  Having
an operating system contact the internet uninitiated due to some purely
local action, i.e., searching for a file, is, in my opinion, which is in
agreement with the original poster's opinion, unreasonable.  Yes, I know
my comments about your "blue" nickname were unreasonable as well but
they still stand.  Why not give it a break and accept that each person
is entitled to make up their own mind over what reasonable operating
system behavior is and what it is not?

I also think that more people should read your signature tag.  It leads
me to believe that much of this discussion is simply pure entertainment
and nothing more.

Observer
0
Observer
9/24/2002 5:35:00 AM
"Milly" <-@-.-> wrote in message
news:MPG.17f9492582dbb3b198a0ea@news.grc.com...

> > 3.)  You went out of your way to point out that the only even if
> > the only information transmitted is an IP address, that it's still
> > a violation of privacy.
>
> No he didn't. Precision, man, precision.

Fine, some "ballpark" precision...

First packet group..
GET /en-us/srchasst/srchasst.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 27 Feb 2002 21:47:55 GMT
If-None-Match: "74706ad8bfc11:858"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: ie.search.msn.com
Connection: Keep-Alive
Cookie: lang=en-us; MC1=V=2&GUID=5b3798cd403b4c018180614ac059c4ee; mh=ENCA

HTTP/1.1 304 Not Modified
Server: Microsoft-IIS/5.0
Date: Tue, 24 Sep 2002 05:21:18 GMT
P3P:CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Connection: close
ETag: "74706ad8bfc11:887"
Content-Length: 0


Second critter...
GET /sasearch/bar.xsl HTTP/1.1
If-Modified-Since: Tue, 24 Sep 2002 05:21:20 GMT
User-Agent: SCAgent
Host: sa.windows.com

HTTP/1.1 304 Not Modified
Server: Microsoft-IIS/5.0
Date: Tue, 24 Sep 2002 05:22:35 GMT
P3P: Custom Header Value: policyref="<http://sa.windows.com/privacy/>",
CP="NOI DSP NID COR CUR ADMa DEV OUR SAM BUS STA"
ETag: "f7eb2d6d61d4c11:7ef"
Content-Length: 0

and another...
GET /sasearch/lcladvdf.xml HTTP/1.1
If-Modified-Since: Tue, 24 Sep 2002 05:21:19 GMT
User-Agent: SCAgent
Host: sa.windows.com

HTTP/1.1 304 Not Modified
Server: Microsoft-IIS/5.0
Date: Tue, 24 Sep 2002 05:22:35 GMT
P3P: Custom Header Value: policyref="<http://sa.windows.com/privacy/>",
CP="NOI DSP NID COR CUR ADMa DEV OUR SAM BUS STA"
ETag: "468adb829cac11:7ef"
Content-Length: 0

'Seek and ye shall find'
NT Canuck
0
NT
9/24/2002 5:50:00 AM
Observer <observer@net.net> wrote in news:3D8FF988.8D280A28@net.net:

> BlueJAMC wrote:
>> "Never, ever, EVER, sarcastic.  Ever."
> 
> Dear Blue,
> I must state that I have not read this entire thread, only about
> the first half.  I think that only a true masochist could swallow
> it whole. However, it has me wondering.  Indeed, I'm wondering if
[ ]

I've been around for the entire match.  How the contestents can still 
be standing is beyond me.  Doesn't matter.  The thread expired (or 
should have) at midnight EDT!
0
Mark
9/24/2002 6:05:00 AM
bloated elvis wrote:

> Waldo, after reading all your posts I would like to thank you for 
> contributing exactly *nothing* to this thread. 
> It must be fun to just wait on the sidelines to pile on with meaningless 
> comments.

Well, excuuuuuuse me for not kissing yore li'l ol' be-hind, BE. Better 
luck next year, eh? Maybe? <G>

Hot damn...talk about humbled. You shore did it baby. Hadda climb back 
up on the floor. Pheeeewww!!!

You shoulda put a C&C on that one, BE. Made my girlfriend spit her wodka 
all over the kybd and screen. Good thing it dries fast. Such a cackle I 
ain't heard in years. <G>

Here's what's **really** meaningless:

Meaningless is looking at the original question, and then watching you 
and a couple of others arguing about whether an IP by itself is worth 
anything or not. And actually pretending that somebody said it was. I 
hate to break it to you, but nobody did.

Meaningless is comparing this question to a car that checks things all 
the time, but doesn't call anybody because it ain't hooked to anything.

There were a couple of others, but I think this will more than suffice. 
They're all still there, if you need more.

If the hazards of what gets done with these IP's by some people weren't 
real, you and I both know these NG's wouldn't exist, because there would 
be no need for them. But you just stick with the fantasy that MS is God, 
and that they made you a demigod. And I'll keep chuckling, thank you.

As much as you know, you seem to be better at turning it into a negative 
than a positive, with your attitude. If you could avoid tangents, and 
quit trying to rut with people who don't kiss your backside, you'd 
probably be able to get a pretty good pay raise. But that's just a 
suggestion. You can do any old thing you want. But don't bitch at others 
if your way doesn't work. <G>

I may like Windows for the most part, but if you're gonna keep depending 
  on them for livelihood, you're going to need quite a bit thicker skin, BE.

You can't expect us all to watch them for years, use their stuff, and 
have to constantly castrate it to make it behave, and still expect us 
trust them the way you seem to. You're beholden to them...I'm not.

I've got one of their EULA's pasted inside the front cover of my kids' 
copy of "The Emporor's New Clothes". Wanna buy a good book? Works fine, 
last long time; cheap, special price just for you, GI. I'll even throw 
in a copy of "The 500 hats of Bartholomew Cubbins" gratis.

Keep on ruttin' on...

And keep smiling...people will either think you're crazy or wonder what 
you're up to.

Waldo
0
Waldo
9/24/2002 9:48:00 AM
BlueJAMC wrote:

> You know, it doesn't...but now that you mention it, that might be a 
> good idea.  A car which checks with the maker or dealer every time 
> it is started to see if there have been any recalls for that model.  
> Seems like a good idea to me.

Yeah, I'll bet you'd love that, wouldn't you? I'll bet you'd try to sell 
'em too, right? I figger it's better to know what the hell you're buying 
instead. Things work out better that way.

And my granny would tell you you're full of gutter water. I'll just 
remind you of the crack about what the Christmas turkey's full of.

>>I think that's the point being made here
> 
> 
> The point being made here is that--shock, horror!--the IP address 
> is sent!

No...that's what some of you are trying to twist it to. The **real** 
point was about what gets done with an IP at the other end. Or why is 
something calling out when it wasn't asked to, and wasn't saying it was 
calling out. It isn't always being handled by people with 'honorable 
intentions'.


> And you're dodging the entire discussion, choosing to inject lame, 
> pointless comments which have nothing to do with anything being 
> discussed.

No, I'm telling you that's what you and a couple of others are doing in 
comparison to what the original question was.

If there were no problems, or none had been discovered, these NG's 
wouldn't exist or even be needed. That was well established about 4 
years ago. You've seen SG furnish proof on his webpages, of what goes 
on. Some pretty high powered people backed off when that happened.

Some of you people seem to take people for pretty dumb. That makes me 
occasionally wonder who the bigger fool is. <G>

Waldo
0
Waldo
9/24/2002 10:09:00 AM
Observer wrote:

> I also think that more people should read your signature tag.  It leads
> me to believe that much of this discussion is simply pure entertainment
> and nothing more.

Cheater. <G>

Waldo
0
Waldo
9/24/2002 10:10:00 AM
In article <MPG.17f97223fb2d74df9899b8@news.grc.com>, 
thel8elvis@hotmail.com says...
> In article <amo5er$299v$2@news.grc.com>, waldo@mei.ws says...
> > BlueJAMC wrote:
> > 
> > > I think you need another *smack!* or two...but I'll wait, until you 
> > > least expect it... <EG>
> > 
> > Is that something learned in MSCE school?
> > 
> > Waldo
> > 
> Waldo, after reading all your posts I would like to thank you for 
> contributing exactly *nothing* to this thread. 
> It must be fun to just wait on the sidelines to pile on with meaningless 
> comments.

LOL look whos talking ... 
everything youve ever said that ive ever read means nothing to me. You 
are so full of yourself you cant seem to grasp reality.. Now for being 
such a naughty fat child you can join the other 
microsoft/cydoor(backdoor) shill(blue jammies) in my killfile .
btw i think you should change your name to "bloated ego" . it seems to 
fit your personality so snugly
asswipe
0
Jack
9/24/2002 10:21:00 AM
In grc.privacy, bloated elvis said...
> In article <MPG.17f9a36631b1e87198a10c@news.grc.com>, -@-.- says...
> <snip>
> > 
> > Have you mistaken my post quoted above to be a reply or response to 
> > your post(s)? It wasn't, and wasn't directed obliquely at you either.
> 
> No, I know it wasn't directed at me.

Okay, good.

> > I can, if you like? The supposed accusation of privacy *violation* was 
> > indeed unfounded. As was the notion that mere transmission of an IP 
> > address was "bad". 
> 
> The notion that the transmission of an IP was bad is unfounded ?
> I guess we are reading different posts.

No, I meant that if PChelp had put forward that notion, it would 
unfounded. But he didn't.

> > But PCHelp said neither, notwithstanding that you 
> > initially specifically suggested he did (indicating misrepresentation, 
> > no doubt unintended, if not misunderstanding).
> 
> I thought it was very clear that pchelp belives transmitting an IP 
> address is a privacy *concern* 

Yes. But only you said privacy *violation* ...

	"If the only privacy violation is your IP address, and MS doesn't 
	log it, who cares ??"

> and this it is a *bad* thing.

Only you said anything about a "bad thing" ...

	"The *only* conlusion you have is that your IP address is sent, 
	and that is "bad"."

So you may have interpreted what he believes as pretty clear (mostly 
wrongly, in my view), but by suggesting that's what he said or meant, 
you at least misrepresented him (I repeat, I'm sure unintentionally) 
and presumably misunderstood him.

> > And privacy *concerns* are not rendered unfounded by the happy instance 
> > of a satisfactory explanation. They are rendered satisfied. They would 
> > be unfounded, in this example, if no such IP transmissions were made.
> 
> Talk about a matter of semantics. According to your definitions, my 
> 'concern' that aliens are trying to kill me can *never* be unfounded, 
> only satisfied.

Nonsense. Exactly the opposite. 

There are (I presume) no indications at all that aliens are trying to 
kill you. No threatening voices in your head, no near-miss phaser fire, 
no sign of aliens at all. There is no foundation for such a concern.

But if you were being followed by a Klingon with a chetvI', that might 
be a foundation for concern. Which might be satisfied by learning that 
he's just a Trekkie with an anti-MS gripe. Or confirmed if he kills you 
and dematerialses.

> > I think questioning the practical ramifications is relevant too. A 
> > shame you did it in posts which misrepresented, merely carelessly I 
> > trust, the earlier questions.
> 
> I misrepresented nothing. 

See above.

> I wanted to know how transmission of an Ip address is a privacy *concern* 

Yet you asked ...

	"What do *you* think MS is doing with a DB filled with millions 
	of dial-up IP addresses from XP users that use the search 
	function.
	
	I'll give you that it's *technically* a privacy violation with 
	the *default* install of XP. Now give me a pragmatic reason to 
	care ??? "

> ( and I assume having a privacy concern about your OS is a bad thing ) 
> when the company in question has a 
> privacy policy that says the IP Address is not logged. 

I'm not surprised BJ doesn't get this, but I am that you don't. 

If someone is surprised and concerned that a Klingon is following them, 
because it *is* an odd and surprising thing to happen, they are 
justified in that concern. Even if you happen to know that Klingons 
follow everyone, and that reading the inter-species EULA will explain 
why, and will satisfy that concern.

A local search tool phoning home on every use *is* an odd and 
surprising thing to happen, and concern on discovering that fact is 
justified. Even if you happen to know, or then discover, that it's by 
design, and that reading the privacy policy will explain why, and will 
satisfy that concern.

-- 
Milly
0
Milly
9/24/2002 11:11:00 AM
In grc.privacy, BlueJAMC said...
> Milly <-@-.-> wrote in
> [...]
> > Oh, I see ... more pointless semantics.
> 
> Let me be clear...the first issue brought up is of privacy, that 
> something is being transmitted to Microsoft.  It's then pointed out 
> that no information is transmitted.
> 
> Next, it's argued that to make a connection, it's necessary to give 
> MS your IP address, and that this is a "privacy concern".  It's 
> then pointed out that the IP address isn't even logged.

Clear? That's an inaccurate summary of this thread, but in any event 
I'm not responsible for the thread, only my contributions to it.

> Next, it's argued (or implied, suggested, choose whatever verb you 
> like, I'm getting tired of these word games) that there's no 
> mention anywhere in the privacy policy that using the Search 
> Assistant on a web search will transmit that search to Microsoft.  

Here it is ...

	"> I like the Search Assistant, and don't want to disable it.

	No, I don't mean that at all.
	
	I like the MS-KB search built in to the Help system. I've never 
	used the Search Assistant for Internet searches from within 
	Explorer ...  until now.

	If I set it use Google, it fetches a Google results page as 
	normal.
	
	But it also shows a bunch of "Sponsored Links" within the 
	explorer pane (not the results window). Search on 'computers', 
	for example, and it makes links to Dell, Tech Depot, and 
	Shop.voicerecognition.com
	
	Search on 'milly' and it shows shopbop.com, netDoll.com, 
	Songsearch.net and MyFamily.com
	
	Google didn't fetch those for me, 'sa.windows.com' did.
	
	Now, where on ...
	
	http://sa.windows.com/privacy/ 
	
	 ... does it tell me about that?

> It's then pointed out, and quoted, that there is mention of this 
> behavior in the privacy policy.
> 
> Now you're asking me if it convinces me.  This is REALLY getting 
> old...if you're going to bitch and moan about privacy, then bitch 
> and moan about privacy, 

That's helpful.

> but quit trying to change the issue.  Pick 
> an issue and stick with it.

Why? The initial topic (local searches generating phone home 
connections) lead me to a new but associated area of concern (as 
clearly explained above). What's wrong with that?

> >> If you're referring to something else now, please be precise.
> > 
> > To what end? I have no interest in a dumb pro-/anti-MS bunfight.
> > There is an issue of adequate disclosure here (as I hope and
> > presume you see, from one side or the other), but I see no
> > purpose in debating it with you.
> 
> Yes, there is an issue of adequate disclosure--and it's adequately 
> disclosed.  

You really think ...

	"When you search the Internet using the Search Companion, the 
	following information is collected regarding your use of the 
	service: the text of your Internet search query, grammatical 
	information about the query, the list of tasks which the Search 
	Companion Web service recommends, and any tasks you select from 
	the recommendation list."

 ... adequately discloses what information is disclosed, and to whom? 

How I get, for example, Overture (the current name for the infamous 
GoTo) links related to my search terms, even with Google selected as my 
default Search Companion engine? Who compiled them? sa.windows.com? 
Microsoft? MSN? Overture? Others? Which others? What information was 
given to them to do it? Is the GUID generated by SA shared with the 
sponsors?

It is silent on all that.

All it says is that sa.windows.com collects my search terms, the 
sponsored links (if we are to presume they are included within "list of 
tasks" and/or "recommendation list"), and which I select. Nothing about 
how those tasks are compiled or by whom.

It is preposterous to pretend that is adequate disclosure of what it 
does, and how. Do *you* know what it does and how?

> You want to learn more about Search Companion?  Then 
> you click the item in the Find menu that says, "Learn more about 
> Search Companion".  

Which adds no further information relevant to my question (go on, quote 
it, if you disagree).

> Makes sense to me.

No doubt.

-- 
Milly
0
Milly
9/24/2002 11:13:00 AM
Milly <-@-.-> wrote in
news:MPG.17fa593dfd0416b998a117@news.grc.com: 

*big, whiney snip*
> It is preposterous to pretend that is adequate disclosure of
> what it does, and how. Do *you* know what it does and how?

It is.  Read the privacy policy.  Simple as that.  You don't like it?  
They even tell you how to disable it.  I don't see how they can 
adequately disclose it any better than that.

At this point, I'm done in the thread, because you're only seeing 
what YOU want to see, and going out of your way to avoid the facts as 
presented.  Run along now...nothing to see here.

-- 
-Insert worn-out cliched anti-MS flame here...it'll make you cool-
    (Extra coolness awarded for doing so from your Windows box)

"Never, ever, EVER, sarcastic.  Ever."
0
BlueJAMC
9/24/2002 4:13:00 PM
In article <ampdrd$cuo$1@news.grc.com>, return2sender@127.0.0.1 says...
> In article <MPG.17f97223fb2d74df9899b8@news.grc.com>, 
> thel8elvis@hotmail.com says...
> > In article <amo5er$299v$2@news.grc.com>, waldo@mei.ws says...
> > > BlueJAMC wrote:
> > > 
> > > > I think you need another *smack!* or two...but I'll wait, until you 
> > > > least expect it... <EG>
> > > 
> > > Is that something learned in MSCE school?
> > > 
> > > Waldo
> > > 
> > Waldo, after reading all your posts I would like to thank you for 
> > contributing exactly *nothing* to this thread. 
> > It must be fun to just wait on the sidelines to pile on with meaningless 
> > comments.
> 
> LOL look whos talking ... 

Uhm, you ?

> everything youve ever said that ive ever read means nothing to me. 

Probably because you are an idiot, although I could be wrong, I doubt 
it.

> You 
> are so full of yourself you cant seem to grasp reality.. Now for being 
> such a naughty fat child you can join the other 
> microsoft/cydoor(backdoor) shill(blue jammies) in my killfile .

I know you will be reading this, because people who feel compelled to 
announce that they are KF'ing someone always do. 
If you want KF me, just do it and get on with your life.

> btw i think you should change your name to "bloated ego" . it seems to 
> fit your personality so snugly
> asswipe

Wow. What in intelligent post. Thanks for participating, I think you 
have done a nice job in showing how seriously someone should take your 
posts.

-- 
Bloated Elvis
0
bloated
9/25/2002 2:26:00 AM
In article <ampcd8$cu4$1@news.grc.com>, waldo@mei.ws says...
<snip>
> 
> Here's what's **really** meaningless:
> Meaningless is looking at the original question, and then watching you 
> and a couple of others arguing about whether an IP by itself is worth 
> anything or not. And actually pretending that somebody said it was. I 
> hate to break it to you, but nobody did.

So what pcelp is actually saying in the quotes below, is that an ip by 
itself is not worth anything ?

pchelp said:
"Blue, the fact that it transmits means, at minimum, the user's IP
address is known to MS.  That can most certainly be an element of
identification, profiling, etc."
" Because an IP address most certainly is potentially traceable and/or 
may be attributable to aspecific individual and/or to data of a personal 
nature."

<snip>
> 
> I may like Windows for the most part, but if you're gonna keep depending 
>   on them for livelihood, you're going to need quite a bit thicker skin, BE.

Depending on them for my livelihood ? Come again ?
<snip>
Waldo, when you start adding some technical content to your posts 
instead of simple personal commentary and opinion, I'll start taking you 
more seriously.
-- 
Bloated Elvis
0
bloated
9/25/2002 2:40:00 AM
In article <MPG.17fa58c58aa4337998a116@news.grc.com>, -@-.- says...
<snip>
> > 
> > I thought it was very clear that pchelp belives transmitting an IP 
> > address is a privacy *concern* 
> 
> Yes. But only you said privacy *violation* ...
> 
> 	"If the only privacy violation is your IP address, and MS doesn't 
> 	log it, who cares ??"
> 
> > and this it is a *bad* thing.
> 
> Only you said anything about a "bad thing" ...
> 
> 	"The *only* conlusion you have is that your IP address is sent, 
> 	and that is "bad"."

Sorry, I didn't know we were nitpicking words at the time or I would 
have been more careful to say 'concern' rather than 'violation'.
It still seems obvious ( to me ) from his posts that the conclusion is 
that sending your IP is a 'bad' thing.
> 
> So you may have interpreted what he believes as pretty clear (mostly 
> wrongly, in my view), but by suggesting that's what he said or meant, 
> you at least misrepresented him (I repeat, I'm sure unintentionally) 
> and presumably misunderstood him.

Do the posts lead you to the conclusion that sending the IP address is 
good or bad ? We can certainly agree to disagree, but again, I thought 
it quite an obvious conclusion that it is a bad thing.

<snip semantics argument - I don't agree, and I could give you an 
another example that (more) specifically meets your definition but seems 
absurd <reductio ad absurdum>, but that's not the issue>
> 
> A local search tool phoning home on every use *is* an odd and 
> surprising thing to happen, and concern on discovering that fact is 
> justified. Even if you happen to know, or then discover, that it's by 
> design, and that reading the privacy policy will explain why, and will 
> satisfy that concern.
> 
Fine, it was a valid concern, and now it isn't.

But that seems to fly in the face of the views of the majority of people 
who seem to feel it necessary to block this transmission, which we ( I 
think ) agree should *no longer* be a concern. If we agree that it is 
not (no longer) a *concern*, and not a *violation*, then we don't need 
to block it, right ?

-- 
Bloated Elvis
0
bloated
9/25/2002 2:51:00 AM
pchelp wrote:

> Think you'll find a bookie to take YOUR kinda bet, Waldo?

Don't need no steenkin' bookie. I can write and count. <G>

Waldo
0
Waldo
9/25/2002 5:00:00 AM
bloated elvis wrote:

> So what pcelp is actually saying in the quotes below, is that an ip by 
> itself is not worth anything ?

You're asking the wrong person. Ask him what he meant. What I make of it 
is immaterial to you, him, or the discussion. If any questions arise, 
I'll ask them. I think that should be a satisfactory approach to every 
single member here. I'll take all the evidence presented and make my own 
decisions.

Of course, if you have a problem with that approach, you'll say so, 
right? I can't kowtow correctly with no procedural instruction from the 
Alpha. Would you prefer a curtsy or a genuflect? Head to the mat? Which 
direction facing? Be forewarned that I draw the line at kissing 
feet...you'd better by God wash 'em first or you're on your own.

> pchelp said:
> "Blue, the fact that it transmits means, at minimum, the user's IP
> address is known to MS.  That can most certainly be an element of
> identification, profiling, etc."
> " Because an IP address most certainly is potentially traceable and/or 
> may be attributable to aspecific individual and/or to data of a personal 
> nature."

You bet. That in itself is the prime reason for the existence of these 
very NG's. The potential for abuse is the corncern...which on many 
occasions has been found to have been realized.

> Depending on them for my livelihood ? Come again ?

You ignored the "If you're..." part and made something new out of it 
that nobody said. Yep, you've done stuff like that with others. Possible 
source of tangent arguments, wouldn't you think? Your attitude has 
already been addressed by others and yourself...no need to duplicate. 
But I was already listening when you were adult and ignoring you when 
you get jerky. I'm easy.

> Waldo, when you start adding some technical content to your posts 
> instead of simple personal commentary and opinion, I'll start taking you 
> more seriously.

Take me seriously? Not a fret. You're the one with a need to be bigdog. 
That's been addressed already, remember? I'm years past stuff like that. 
I leave the 'fastest gun' crapola to people who need it. That's not even 
what this 'community' is about. My inbox is the only gage of who does 
and doesn't take me seriously here. It's doing fine, thank you. None of 
the rest has any meaning. It's all ether and 1's and 0's on a fibreglas 
line. Nothing more, nothing less. If you make any  assumption that any 
of my needs are based on the same or even similar criteria to yours 
(which it appears you have), you'll do nothing but embarrass yourself. 
I'm under no obligation to protect you from yourself.

Technical content? Are you setting a standard that technical content is 
mandatory for participation? That was in no FAQ I ever read. Did you 
rewrite it? Gimmee a link, dozo. I'll check it out forthwith and modify 
my behavior to suit.

BTW...if you've seen no technical content from me, you're paying 
selective attention...which would be no real surprise either. Of course, 
if I need your approval before doing so, you need to say so. Then we can 
*all* have a good laugh; you too. <G>

Others are furnishing perfectly satisfactory technical information. If 
something comes up where something is needed that nobody else has and I 
do, I'll do so. I'm pretty much like SG did with his firewall project a 
while back...when he saw ZA was pretty good, he dropped his, and said 
so, and said why. No need to duplicate or compete. Just made more room 
for other stuff he wants to do. I'm pretty much the same way. If 
somebody's questions about TCP/IP are being answered, and I'm in the 
mood to go fly a Bearcat or climb Halfdome, I'm gonna go fly the Bearcat 
or climb Halfdome. You're perfectly welcome to stay here and play 
bigdog. I'm easy. Just make sure you clean up your mess when you're done.

It's a little like a poker game. I'll see your slam and raise you three 
GAS's.

Cheers

Waldo
0
Waldo
9/25/2002 7:24:00 AM
In grc.privacy, BlueJAMC said...
> Milly <-@-.-> wrote in
> news:MPG.17fa593dfd0416b998a117@news.grc.com: 
> 
> *big, whiney snip*

More of that, eh? Do you think it reveals more about me or you?

> > It is preposterous to pretend that is adequate disclosure of
> > what it does, and how. Do *you* know what it does and how?
> 
> It is.  Read the privacy policy.  Simple as that.  

I suppose if I persevered, like with your KaZaA imbroglio, you might 
reach the point of overcoming your reluctance to admit error. But I 
can't be bothered this time.

> You don't like it?  
> They even tell you how to disable it.  I don't see how they can 
> adequately disclose it any better than that.

Oh dear.

> At this point, I'm done in the thread, because you're only seeing 
> what YOU want to see, and going out of your way to avoid the facts as 
> presented.  Run along now...nothing to see here.

LOL, transference encapsulated.

-- 
Milly
0
Milly
9/25/2002 9:38:00 AM
In grc.privacy, bloated elvis said...
> > [...]
> > A local search tool phoning home on every use *is* an odd and 
> > surprising thing to happen, and concern on discovering that fact is 
> > justified. Even if you happen to know, or then discover, that it's by 
> > design, and that reading the privacy policy will explain why, and will 
> > satisfy that concern.
> > 
> Fine, it was a valid concern, and now it isn't.
> 
> But that seems to fly in the face of the views of the majority of people 
> who seem to feel it necessary to block this transmission, 

That's one of those phrases - "majority of people" - you often bandy 
around to bolster your seeming belief that you are an outnumbered  
crusader against an army of anti-MS dogma. It's not even clear (though 
I haven't counted up) that the majority of people in this *thread* 
block this transmission.

> which we ( I 
> think ) agree should *no longer* be a concern. If we agree that it is 
> not (no longer) a *concern*, and not a *violation*, then we don't need 
> to block it, right ?

Hmm. I'd really like to just agree, in your spirit of wrapping up. And 
*I* don't block it. But them I don't use it either (PowerDesk's Find is 
better for me).

But. Unless you fancy ...

	"Microsoft will occasionally update this Statement of Privacy to 
	reflect company and customer feedback. Microsoft encourages you 
	to periodically review this Statement to be informed of how 
	Microsoft is protecting your information."

 ... periodically reviewing their Statement, who's to say they won't 
start doing something more concerning in the future? For those, like 
me, who would only use it for local searches, the negligible utility of 
the (near-redundant, in practice) update feature might easily be 
outweighed by the benefit in principle of blocking an unnecessary web 
connection.

I don't think that would of itself be a sign of paranoia or anti-MS 
dogma. After all, that would be similar to the basic practice of 
outbound firewalling - i.e. to block all that you don't need.

Now, on a different, but related, matter, I'm sure not going to use the 
Search Companion's web search function. Whether you like advertising 
links in your search pane, as distinct from the results window, is a 
matter of preference. But having no adequate explanation or privacy 
policy for that part of that feature is a much clearer concern. Right?

-- 
Milly
0
Milly
9/25/2002 9:43:00 AM
In article <MPG.17fb95876975d7d898a125@news.grc.com>, -@-.- says...
<snip>
> > 
> > But that seems to fly in the face of the views of the majority of people 
> > who seem to feel it necessary to block this transmission, 
> 
> That's one of those phrases - "majority of people" - you often bandy 
> around to bolster your seeming belief that you are an outnumbered  
> crusader against an army of anti-MS dogma. 

Only because on this news server, it's true :-p

> It's not even clear (though 
> I haven't counted up) that the majority of people in this *thread* 
> block this transmission.

No, we didn't take a vote, and I am sure by now no one cares.
Perhaps a majority of people that know about it don't block it.

> > which we ( I 
> > think ) agree should *no longer* be a concern. If we agree that it is 
> > not (no longer) a *concern*, and not a *violation*, then we don't need 
> > to block it, right ?
> 
> Hmm. I'd really like to just agree, in your spirit of wrapping up. And 
> *I* don't block it. But them I don't use it either (PowerDesk's Find is 
> better for me).
> 
> But. Unless you fancy ...
> 
> 	"Microsoft will occasionally update this Statement of Privacy to 
> 	reflect company and customer feedback. Microsoft encourages you 
> 	to periodically review this Statement to be informed of how 
> 	Microsoft is protecting your information."
> 
>  ... periodically reviewing their Statement, who's to say they won't 
> start doing something more concerning in the future?

Whose to say that the moon won't fall out of the sky ?
Based on past behaviour, I would say *check it often*.
<snip>

> . But having no adequate explanation or privacy 
> policy for that part of that feature is a much clearer concern. Right?

The ad portion ? In the interest of ending this, I agree completely and 
wholeheartedly.

-- 
Bloated Elvis
0
bloated
9/26/2002 2:44:00 AM
Robert,

Thanks for the link. I thought I had this taken care of previously, but
apparently I didn't since ZA kept trying to access the Internet.. Your link
reasserted the control back to me.

Thanks again.

You guys are all great!

SS
0
sunshinesuewithashin
9/26/2002 2:45:00 AM
In article <amroav$2rn0$1@news.grc.com>, waldo@mei.ws says...
> bloated elvis wrote:
<snip>
> 
> Of course, if you have a problem with that approach, you'll say so, 
> right? I can't kowtow correctly with no procedural instruction from the 
> Alpha. Would you prefer a curtsy or a genuflect? Head to the mat? Which 
> direction facing? Be forewarned that I draw the line at kissing 
> feet...you'd better by God wash 'em first or you're on your own.

I'd prefer you just kiss my ass.

<snip>

> Technical content? Are you setting a standard that technical content is 
> mandatory for participation? That was in no FAQ I ever read. Did you 
> rewrite it? Gimmee a link, dozo. I'll check it out forthwith and modify 
> my behavior to suit.

No, it just makes for informative reading as opposed to the 'me too' 
drivel you tend to post.
<snip>
> 
> It's a little like a poker game. I'll see your slam and raise you three 
> GAS's.

Gee, and I though you deserved the royal flush.

-- 
Bloated Elvis
0
bloated
9/26/2002 2:52:00 AM
"Phil Youngblood" <phil587@my_un_realbox.com> wrote in message
news:amleqf$2ga7$3@news.grc.com...

> So -- why does it do that call? It has been modified with SP1 so it only
> tries once now instead of twice -- but why does it do it at all? To make
> sure you have the current XML? On *every* single file search? Why does it
> do that? Microsoft only sees the need to patch security holes with major
> service packs so why check XML with every single file search? This is
> *not* a troll -- I really want to know.

Phoning home?
One of the files the Assistant fetches is the MS Search Companion privacy
statement. This is done for P3P compliance. According to the statement, MS
doesn't collect information about local searches. "No information is ever
collected by Search Companion when you search your local system, LAN, or
intranet for any reason."

'Seek and ye shall find'
NT Canuck
0
NT
9/26/2002 3:21:00 AM
Milly wrote:

> LOL, transference encapsulated.

Beamed up or beamed out? <G>

Come to think of it, I might get beamed this weekend. It's been a good 
week. That's **Jim Beamed**. Only lightly though. Maybe 24 years is a 
long enough wait for a real celebration. Let 'er rip. <G>

Waldo
0
Waldo
9/26/2002 6:30:00 AM
bloated elvis wrote:

> I'd prefer you just kiss my ass.

There, you're back to normal. But wouldn't you rather have that kind of 
games with your girlfriend or boyfriend? You don't even know me.

  >>Technical content? Are you setting a standard that technical content is
>>mandatory for participation? That was in no FAQ I ever read. Did you 
>>rewrite it? Gimmee a link, dozo. I'll check it out forthwith and modify 
>>my behavior to suit.

> No, it just makes for informative reading as opposed to the 'me too' 
> drivel you tend to post.

I don't really me-too a whole lot of people. But pay me enough and I'll 
agree with you on anything you say; right or wrong. In the absence of 
that, I'll just keep betting on you. That brings things out far enough 
ahead to be satisfactory. Entertainment doesn't always entail paying out.

>>It's a little like a poker game. I'll see your slam and raise you three 
>>GAS's.

> Gee, and I though you deserved the royal flush.

With your handsomely demonstrated sour attitude toward the world and 
life in general, you don't really appear to be in a position to 
determine what *anybody*, much less me, deserve. Not meant to be mean or 
anything, but you've acknowledged your attitude yourself, a while back, 
and it has seemed to be pretty accurate. Of course, in cards, a royal 
flush usually is; that bad, so I'll just look at is as not as negative 
as you might have intended.

cheers

Waldo
0
Waldo
9/26/2002 6:49:00 AM
Charlie Tame wrote:
....FM...

I know what that is. That was stuff the instructor in one of my computer 
schools couldn't explain. It must have been a religeous computer too. He 
was telling people he couldn't epxlain stuff to that they'd just have to 
take in on faith.

Same one? Or are there other kinds too?

Waldo
0
Waldo
9/26/2002 6:56:00 AM
NT.

I don't have enough time to read all the posts these days...

In the interests of further development, would it be useful for the
developers to know the ratio between local searches and searches that
eventually use their online assistant? For example, without recording the IP
or anything at all they could collect

1. Hits that happen and go nowhere
2. Hits that actually use it and go further.

I would have thought this might be of some use to them while remaining
completely innocuous for the user. After all MS aren't just concerned with
the workstation performance but also that of their servers.

Charlie

--
Trouble opening Outlook Express attachments?
http://www.tames.net/oe6.htm

Charlie
"NT Canuck" <ntcanuck@hotmail.com> wrote in message
news:amtufh$25dm$1@news.grc.com...
> "Phil Youngblood" <phil587@my_un_realbox.com> wrote in message
> news:amleqf$2ga7$3@news.grc.com...
>
> > So -- why does it do that call? It has been modified with SP1 so it only
> > tries once now instead of twice -- but why does it do it at all? To make
> > sure you have the current XML? On *every* single file search? Why does
it
> > do that? Microsoft only sees the need to patch security holes with major
> > service packs so why check XML with every single file search? This is
> > *not* a troll -- I really want to know.
>
> Phoning home?
> One of the files the Assistant fetches is the MS Search Companion privacy
> statement. This is done for P3P compliance. According to the statement, MS
> doesn't collect information about local searches. "No information is ever
> collected by Search Companion when you search your local system, LAN, or
> intranet for any reason."
>
> 'Seek and ye shall find'
> NT Canuck
>
>
>
0
Charlie
9/26/2002 12:15:00 PM
sunshinesuewithashinykazoo@hotmail.com wrote:
> Robert,
>
> Thanks for the link. I thought I had this taken care of previously, but
> apparently I didn't since ZA kept trying to access the Internet.. Your
> link reasserted the control back to me.
>
> Thanks again.
>
> You guys are all great!

You are welcome.

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
9/26/2002 1:04:00 PM
NT Canuck <ntcanuck@hotmail.com> wrote:
> "Phil Youngblood" <phil587@my_un_realbox.com> wrote in message
> news:amleqf$2ga7$3@news.grc.com...
>
>> So -- why does it do that call? It has been modified with SP1 so it only
>> tries once now instead of twice -- but why does it do it at all? To make
>> sure you have the current XML? On *every* single file search? Why does it
>> do that? Microsoft only sees the need to patch security holes with major
>> service packs so why check XML with every single file search? This is
>> *not* a troll -- I really want to know.
>
> Phoning home?
> One of the files the Assistant fetches is the MS Search Companion privacy
> statement. This is done for P3P compliance. According to the statement, MS
> doesn't collect information about local searches. "No information is ever
> collected by Search Companion when you search your local system, LAN, or
> intranet for any reason."

NT,

P3P compliance?  Since when is it necessary to do that through an Internet
connection, rather than providing a file on the local hard drive?  Are you
saying that if a corporation deploys 2,000 XP clients that they will all be
calling out to the Internet every time they do a local search?  I would
think that an IT manager would frown on that extra use of bandwidth.

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
9/26/2002 1:08:00 PM
"Robert Wycoff" <Don't.use.Lockdown@any.price> wrote in message
news:amv0tg$4vj$1@news.grc.com...

http://www.microsoft.com/windows/ieak/license/ordercd/corp.asp

Make their own, or your own IE6 and options.
Takes mabe an hour if you've never done one before.
Deploy via network install.

'Seek and ye shall find'
NT Canuck
0
NT
9/26/2002 2:17:00 PM
In grc.privacy, Robert Wycoff said...
> NT Canuck <ntcanuck@hotmail.com> wrote:
> > "Phil Youngblood" <phil587@my_un_realbox.com> wrote in message
> > news:amleqf$2ga7$3@news.grc.com...
> >> [...]
> >
> > Phoning home?
> > One of the files the Assistant fetches is the MS Search Companion privacy
> > statement. This is done for P3P compliance. According to the statement, MS
> > doesn't collect information about local searches. "No information is ever
> > collected by Search Companion when you search your local system, LAN, or
> > intranet for any reason."
> 
> NT,
> 
> P3P compliance?  Since when is it necessary to do that through an Internet
> connection, rather than providing a file on the local hard drive?  

It is nothing to do with P3P compliance. NT is quoting Thomas Greene at 
The Register who, not for the first time, has got it completely wrong. 
I imagine Greene saw a P3P header in one of the pages fetched, and 
jumped to the wrong conclusion.

> Are you
> saying that if a corporation deploys 2,000 XP clients that they will all be
> calling out to the Internet every time they do a local search?  

Yes.

> I would
> think that an IT manager would frown on that extra use of bandwidth.

Then he'd have to turn off the feature (hopefully before rollout), or 
block the connection. Being careful not to get labelled anti-MS in the 
process ;)

-- 
Milly
0
Milly
9/26/2002 2:28:00 PM
In grc.privacy, NT Canuck said...
> "Robert Wycoff" <Don't.use.Lockdown@any.price> wrote in message
> news:amv0tg$4vj$1@news.grc.com...
> 
> http://www.microsoft.com/windows/ieak/license/ordercd/corp.asp
> 
> Make their own, or your own IE6 and options.
> Takes mabe an hour if you've never done one before.
> Deploy via network install.

I don't think it's part of the IEAK. But the principle is the same: 
corporate rollouts can be tailored.

-- 
Milly
0
Milly
9/26/2002 2:28:00 PM
Milly <-@-.-> wrote in news:MPG.17fd29d383e0a8bc98a144@news.grc.com:

> Then he'd have to turn off the feature (hopefully before rollout),
> or block the connection. Being careful not to get labelled anti-MS
> in the process ;)

ROTFLMAO  That's a genuine hazard in many many corporations.
0
Mark
9/26/2002 3:12:00 PM
"Milly" <-@-.-> wrote in message
news:MPG.17fd29e1b014a00998a145@news.grc.com...

> I don't think it's part of the IEAK. But the principle is the same:
> corporate rollouts can be tailored.

It'll be in ieak, in the pre-install package and even likely setup inf's.

'Seek and ye shall find'
NT Canuck
0
NT
9/26/2002 3:37:00 PM
"Milly" <-@-.-> wrote in message
news:MPG.17fd29d383e0a8bc98a144@news.grc.com...

> It is nothing to do with P3P compliance. NT is quoting Thomas Greene at
> The Register who, not for the first time, has got it completely wrong.
> I imagine Greene saw a P3P header in one of the pages fetched, and
> jumped to the wrong conclusion.

Umm...in the packets to be exact, and this before any entries typed.

And yes, I was lazy and grabbed a quote, hands are full here.

'Seek and ye shall find'
NT Canuck
0
NT
9/26/2002 3:39:00 PM
You know, I frequently hear the "why do you use their products" retort when people complain
about (bash?) M$ products.

Following that same logic...and reading the captured bit below, I have to wonder...

Why do you use this server?

bloated elvis wrote:
> 
> [snip]
>
> >
> > That's one of those phrases - "majority of people" - you often bandy
> > around to bolster your seeming belief that you are an outnumbered
> > crusader against an army of anti-MS dogma.
> 
> Only because on this news server, it's true :-p
>
> [snip]
0
zulu
9/26/2002 11:24:00 PM
On Thu, 26 Sep 2002 19:24:40 +0000, zul wrote:

> You know, I frequently hear the "why do you use their products" retort when people complain
> about (bash?) M$ products.
> 
> Following that same logic...and reading the captured bit below, I have to wonder...
> 
> Why do you use this server?

Well, I guess that pat answer would be so I could crusade against anti-MS
dogma.
But if you actually read this thread, you would know I didn't have a thing
to say about whether it was good or bad that MS was doing it.

This is a decent place to learn some new things, it was the first place
I heard about the XP help center debacle. I have picked up some cool tips
in techtalk. And Steve is worth his weight in amusement value when he
get's a full head of steam going on some wacky idea like the 'XP Christmas
of Death'.
I ignore a lot of the gratuitious MS bashing, but sometimes I feel like
debating about it, even when the outcome is usally that no one changes
anyone else minds. 
Believe it or not, I sometimes just enjoy being helpful and answering some
questions that I am able to.
This server is just like my posts - you have to sift the wheat from the
chaff to get the good stuff.

--
Bloated Elvis


> 
> bloated elvis wrote:
>> 
>> [snip]
>>
>> >
>> > That's one of those phrases - "majority of people" - you often bandy
>> > around to bolster your seeming belief that you are an outnumbered
>> > crusader against an army of anti-MS dogma.
>> 
>> Only because on this news server, it's true :-p
>>
>> [snip]
0
Bloated
9/27/2002 11:55:00 AM
"pchelp" <pchelp@pc-help.org>  wrote:
>
> Well, it IS interesting that the whole issue has, in your mind and
> Elvitch's, been bent 'round to place vast importance upon whether I
> answer the questions you concoct.
>
> But the very simple facts speak for themselves.  Unwanted, unannounced
> phone-home-over-the-Net behavior by an oft-used O/S utility, which
> occurs even when the user's purposes are strictly local to his own
> machine, is something you both clearly wish to tolerate, justify, pass
> off as insignificant, whatever.
>
> So fine.  Pass it off however you like.  Don't worry your poor little
> heads over what I think, boys.  It's ungraceful.  People who're
> confident of their views don't need approval.
>
> pchelp

Hear, hear !!
One wonders why people who disregard their own right to privacy
and that of others in such a serious manner,
even bother to visit newsgroups like this one, which after all
are about privacy of the end user.

"But the very simple facts speak for themselves.  Unwanted, unannounced
 phone-home-over-the-Net behavior by an oft-used O/S utility......"

That's all I need to know. Thanks.
Jemand.
0
Fred
9/27/2002 8:53:00 PM
I didn't know I was going to start such a spirted discussion when I asked
the group about this.  I thought I would drop by and mention a few more
observations.

Switching to "Classic" mode does not stop it from calling out.

If you are not already dialed in, clicking on search assistant brings up the
dialup screen.

Search Assistant is not configured seperately by IS2002, one must block
sa.windows.com to prevent it calling home.

While no one reports anything passing other than the search form(s) while
packet sniffing, it's not clear that the computer ID is not embedded in the
stuff you can't read as text.

With more and more people signing up for services with static IP, and
signing up for "passport", I don't see this activity as benign, particularly
since it's function is subject to change with updates and evolving EULA's.

Does anyone know where I can find a browser for my CPM-80  S-100 bus system?

later,

Gator


>
>
> "But the very simple facts speak for themselves.  Unwanted, unannounced
>  phone-home-over-the-Net behavior by an oft-used O/S utility......"
>
> That's all I need to know. Thanks.
> Jemand.
0
Gator
9/27/2002 10:27:00 PM
In article <3D94DB40.C05DAE88@yahoo.com>, gator8her2@yahoo.com says...
<snip>
> 
> While no one reports anything passing other than the search form(s) while
> packet sniffing, it's not clear that the computer ID is not embedded in the
> stuff you can't read as text.

So, I am curious - what exactly would it take to make it 'clear' ?
You know, it's impractical to prove a negative.

<snip>

-- 
Bloated Elvis
0
bloated
9/27/2002 11:16:00 PM
bloated elvis <thel8elvis@hotmail.com> wrote:

>In article <3D94DB40.C05DAE88@yahoo.com>, gator8her2@yahoo.com says...
><snip>

>> While no one reports anything passing other than the search form(s) while
>> packet sniffing, it's not clear that the computer ID is not embedded in the
>> stuff you can't read as text.

>So, I am curious - what exactly would it take to make it 'clear' ?
>You know, it's impractical to prove a negative.

Must one state the obvious?  MS needs only publish what IS transmitted.


pchelp
0
pchelp
9/28/2002 5:14:00 AM
In article <3d953a1d.45666891@news.grc.com>, pchelp@pc-help.org says...
> bloated elvis <thel8elvis@hotmail.com> wrote:
> 
> >In article <3D94DB40.C05DAE88@yahoo.com>, gator8her2@yahoo.com says...
> ><snip>
> 
> >> While no one reports anything passing other than the search form(s) while
> >> packet sniffing, it's not clear that the computer ID is not embedded in the
> >> stuff you can't read as text.
> 
> >So, I am curious - what exactly would it take to make it 'clear' ?
> >You know, it's impractical to prove a negative.
> 
> Must one state the obvious?  MS needs only publish what IS transmitted.
> 
Gee, I guess I'm too drunk to find it obvious. Go troll Brett some more.

If you don't believe this:
When you search the Internet using the Search Companion, the following 
information is collected regarding your use of the service: the text of 
your Internet search query, grammatical information about the query, the 
list of tasks which the Search Companion Web service recommends, and any 
tasks you select from the recommendation list. Search Companion does not 
record your choice of Internet search engine, and does not collect or 
request any personal or demographic information. Information collected 
by the Search Companion can not be used to identify you individually, 
and is never used in conjunction with other data sources that may 
contain personal data

Then why would you believe anything else they say ?

They don't *need* to publish what is transmitted - sniff it and see for 
yourself. If you find some kind of UID in there, I'll give you a cookie.


-- 
Bloated Elvis
0
bloated
9/28/2002 5:47:00 AM
bloated elvis <thel8elvis@hotmail.com> wrote in 
news:MPG.17ff0c6f9a025d5d9899d2@news.grc.com:

> They don't *need* to publish what is transmitted - sniff it and see for 
> yourself. If you find some kind of UID in there, I'll give you a cookie.

I think Microsoft has built in a hidden *sniffer sniffer* into Windows XP.  
When the *sniffer sniffer* sniffs a sniffer, nothing important gets 
transmitted, but if the *sniffer sniffer* does not sniff a sniffer, well, 
then I don't know what gets transmitted, but it would obviously be something 
important if they went through that much trouble to hide it.

I obviously can't prove this, so it will have to be up to someone else to 
prove that this is NOT true.  :)

Okay, so I'm kinda kidding, but not entirely.  I guess I'm just curious to 
know if this would be possible or not, so if nothing else, here is your 
chance to educate a *clueless* AOL user.

~Adrenalyn~
0
Adrenalyn
9/28/2002 3:32:00 PM
In article <Xns929756DA21F32MsRcknRllaolcom@207.71.92.194>, 
MsRcknRll@aol.com says...
<snip>
> Okay, so I'm kinda kidding, but not entirely.  I guess I'm just curious to 
> know if this would be possible or not, so if nothing else, here is your 
> chance to educate a *clueless* AOL user.
> 
OK, I'll try to give you a serious answer.
The sniffer does not have to be on the XP machine. And although it is 
possible to detect sniffers ( mainly by detecting nics that are in 
promiscious mode ) , I don't think it's possible for XP to have a 
sniffer sniffer that without fail sniffs all other sniffers.

As I said, it's hard to prove a negative, and I am glad you said you 
were 'kinda' kidding :-)
-- 
Bloated Elvis
0
bloated
9/28/2002 4:45:00 PM
bloated elvis <thel8elvis@hotmail.com> wrote:

>In article <3d953a1d.45666891@news.grc.com>, pchelp@pc-help.org says...

>> bloated elvis <thel8elvis@hotmail.com> wrote:

>> >So, I am curious - what exactly would it take to make it 'clear' ?

>> Must one state the obvious?  MS needs only publish what IS transmitted.

>Gee, I guess I'm too drunk to find it obvious. Go troll Brett some more.

Touchy, aren't we?


>If you don't believe this:
[MS statement]
>Then why would you believe anything else they say ?

I never said I didn't believe it.  But that statement isn't the same as
describing how the packets are coded and structured, which is what I had
in mind when I said "what is transmitted."


>They don't *need* to publish what is transmitted - sniff it and see for 
>yourself. If you find some kind of UID in there, I'll give you a cookie.

I'm not running XP.  So that's not possible for me.

The one packet that was published in this thread looks like HTML code,
which is readable enough.  But that looks like incoming stuff to me, and
comments of others have suggested the outgoing transmissions are more
cryptic.

Faced with a bunch of binary gibberish, most users if not most techies
might very well be unable to make heads or tails of it.

You know as well as I do that a UID or what-have-you could be encoded in
any number of ways that would not be human-readable and may not result
in any consistent strings from one packet to the next.  This could be
for good reasons or not-so-good ones.

I'm ill-prepared to disclaim or verify what MS says, but I'm sure of
this:  the description they offer is not a technical one.  I'd prefer to
see the technical details.

pchelp
0
pchelp
9/29/2002 5:27:00 AM
Thanks, Bloated.  I appreciate your courteous reply.  :)

~Adrenalyn~
0
Adrenalyn
9/29/2002 2:00:00 PM
In article <3d9689f5.17594741@news.grc.com>, pchelp@pc-help.org says...
<snip>
> 
> Touchy, aren't we?

We ? Do you have a mouse in your pocket ?
<snip>
> 
> >They don't *need* to publish what is transmitted - sniff it and see for 
> >yourself. If you find some kind of UID in there, I'll give you a cookie.
> 
> I'm not running XP.  So that's not possible for me.

I guess if you were *that* interested in what was being sent, you could 
probably find a way to sniff those packets.

<snip>
> 
> I'm ill-prepared to disclaim or verify what MS says, but I'm sure of
> this:  the description they offer is not a technical one.  I'd prefer to
> see the technical details.

Since you want the techincal details handed to you - did you email MS 
and ask them ?
-- 
Bloated Elvis
0
bloated
9/29/2002 8:27:00 PM
Reply:

Similar Artilces:

XP ASP.NET 2.0.50727 IIS 5.1 Switched off IIS Anonymous access for 1 site, changed access for all sites
Well... erm I feel a bit stupid. My excuse is that I am new to ASP.NET etc. Before making any changes I took a backup of wwwroot.  I was testing to see if I could take one website off public access by unticking the anonymous access tick box (in IIS, <website>, properties, DIrectory Security). The idea was that I wanted to develop the site and then make it accessible when it is complete. After selecteing the anonymous acccess flag, the configuration changed for all websites. Ouch! I selected the flag at 'Default Website' and website levels. Everything looks...

accessing MS Access from .net
hi I am accessing ms access data base which has a table called customers. when i try to insert data into the table i am gettign the error like "Operation must use an updatable query" and the line its showing is myOleDbcommand.ExecuteNonQuery() here is my code in page lode event Sub Page_Load(Sender As Object, E As EventArgs) Dim StrConnectString as String Dim strStatement as String strConnectSTring = "Provider=Microsoft.Jet.OLEDB.4.0;Password='';User ID=Admin;Data Source=C:\Inetpub\wwwroot\Srinu\WebApplication2\...

I Need Help with: ASP.NET searching Access Database
  Situation: ASP.NET 2.0 Visual Studio 2005 IDE Access Database Visual Basic.NET Scenario: What I'm trying to accomplish is - the user creates and updates records. The function I need help with is I have created a search page where the user can search existing records by one or multiple criteria, a mix between text boxes and dropdown lists. Lets say I have 2 text boxes and 2 dropdown list, if the user only selects one of them and does a search, it should only search that criteria; though if the user slects all four, it will search all four criteria in the access database, narr...

Why is XP's Win Explorer accessing the Net?
I run Win XP Pro and I recently got a message from my Sygate Pro 5.0 firewall which said: ==== START QUOTE ==== "Windows Explorer is trying to broadcast an ICMP Type 10 (Router Solicitation) packet to [224.0.0.2]. Do you want to allow this program access to the network?" ==== END QUOTE ==== When I look it up it seems that 224.0.0.2 is for something called "Local Network Control Block" (See http://www.faqs.org/rfcs/rfc3171.html) My QUESTION to the newsgroup is should I allow Windows Explorer access to the Net in order for it to go to that IP address...

Problem inserting datas to ms access XP via .net
hi Icould nt able to insert datas to access XP from asp.net cose behied. i use oledbcommand and execute non query statement . The error am getting is "the code is not in updatabe" what should i do? regards mahendran...

1.5.0.3 stopped accessing Net, wasted search plugin
Couple of strange behaviors from 1.5.0.3 today. First, installation wasted a search engine plugin I had written for the Conquery extension, for Yahoo Finance. It is one I use all the time, and now it was nowhere to be found. I rewrote it. Then, just now, FF stopped accessing the Net entirely. I got FF's own no connection screen. All the while IE was working fine. Closing and reopening FF solved the problem. p. -- Using FF 1.5.0.3 on Win XP sp2 Paul_B <pb_public@operamail.com> in news:21a7lrotsqhj$.dlg@pbpublic.invalid: > Couple of strange behaviors from 1.5.0.3 ...

Accessing an Access report in ASP.NET
I developed an online survey using VB in VWD 2008 Express Edition.  The pages read from and write to an Access database.  I have a report in Access that summarizes the results of the survey.  How can I create a link on the ASP.NET page to open the report.  I am thinking that I would need to convert the report to a PDF so the user can view it online, but how do I get ASP.NET to contact the database to start the procedure that would convert the report to PDF? Thanks, kc You can't run a report in Access from ASP.NET unless you install Access on the web server and inv...

accessing linked Access table from .net
We have an access database with a linked table to MYOB through ODBC. The MYOB table appears in access with a green dot indicating it's a linked table. In Access it all works fine. When we try to get at it through .net, it brings up DB_SEC_E_AUTH_FAILED(0x80040E4D) which as far as I can see indicates authentication failed. Any idea what is required to be able to use it from.Net? You might try this stepp0, put in admin for the username and leave the password blank (unless you specified other) Source=C:\Inetpub\wwwroot\Components\Databases\Db.m...

Vb.net code in asp.net 2.0: works on hosts win 2003asp.net 2.0 server, crashes on xp asp.net offline workstation
Hi All  Can anyone tell me whats wrong with this code ?  Dim WeeklyRentalMinT as double = txtminrent.text  I 've been using code similar or identical to that since I started experimenting with ASP 3.0 in 2004 its worked every time, yet I now wonder if it contributed to slowing down my apps, we'll the code works on my host server, it worked on my pc when it was running asp.net 1.1, but now that i've upgraaded to asp.net 2.0, i get an error "[FormatException: Input string was not in a correct format.]"  How would you read input from a form tex...

Unable to access migrated ASP.NET 2.0 under IIS 5.x on Windows XP
My attempts to migrate a moderate-sized asp.net 1.1 app to 2.0 have caused me considerable frustration. In an attempt to debug what seems to be a problem with the file-based web server (Cassini) in VS 2005, I decided to access the app under IIS to compare behavior. However, I'm getting an error when I try to do that. Here's what I did:- add a new virtual directory in Internet Services Manager- point it at the same web app root directory as is being used by Cassini- ensure that it's configured to use ASP.NET 2.0When I try to access the app, I get the following error in the browser:Server Appl...

ASP.Net and XP Home or XP PRo
Hi - I hope no-ne thinks this is an inappropriate forum for this question. I am getting really into ASP.Net, and want to now upgrade my home PC to allow me to do more from there - Windows XP appears to be the standard for new PCs, although I've began my learning on a W2000 professional machine. Is there anything I need to know/do if I buy a pc with Windows XP - does it make a difference to the running of ASP.Net (I need to run IIS locally to test my work) if I get XP Home, or XP Pro? Thanks for any advice, XP Home does not support IIS (which I think is a good thing, personally), s...

Registry Access asp.net/VB.net
I have this code: My.Computer.Registry.LocalMachine.CreateSubKey("Software\Test").SetValue("TestValue", "MyValue") After running it VS says: Access to the registry key 'HKEY_LOCAL_MACHINE\Software\Test' is denied. Anyone know a quick line of code that will give me permission to do this?   Thanks! hi boy,  you can this with web installer  of you web solution, else you can take full permission,but in course you never don't must to write values from web application in registry key, use same file in app_data or create data tabl...

Net::LDAP::Search Search.pod v1.5
Graham, studying the documentation of Net::LDAP::Search's sorted routine, I was wondering whether the routine uses LDAP's object comparison methods (which would be rather heavy weighted). The documentation is unclear about that: --- =item sorted ( [ ATTR_LIST ] ) Return a list of L<Net::LDAP::Entry> objects, sorted by the attributes given in ATTR_LIST. The attributes are compared in the order specified, each only being compared if all the prior attributes compare equal. If all the specified attributes compare equal then the DN is used to determine order. --- ...

is there a way to access MS-ACCESS FORMS in asp.net
Hello, i have an access database with a form and tables. i know how to access the tables thru asp.net and C#. iam wondering if theres a way to access the FORM created in the access database. can some one please help me out . Thanks No there isn't.  You cannot get to reports, macros or modules either.  These things are all part of an "Access application".  What you are actually making use of in a web scenario is a Jet database (via the Jet provider) - despite the fact that it is commonly (and confusingly) referred to as an Access database.  In fact, you ...

Web resources about - XP search accessing net? - grc.privacy

Highest Percentage Of Opera Mini Users Accessing Facebook? Macau
If you were asked to guess which country had the highest percentage of users of Opera mobile Web browser Opera Mini users accessing Facebook ...

International Users Accessing Facebook Places Through US VPN Accounts
By using a virtual private network (VPN) hosted in the United States, Facebook users from around the world are accessing Facebook Places. The ...

What are some alternatives to Yodlee for accessing bank information?
Clay Loveless , Founder, Jexy. Co-founder, Mashery. Founder, Jexy. Co-founder, Mashery.

Cloud Console - Accessing files in cloud storage for iPad on the iTunes App Store
Get Cloud Console - Accessing files in cloud storage on the App Store. See screenshots and ratings, and read customer reviews.

Meryl Streep On Accessing The Characters Within - YouTube
Meryl Streep talks about the importance of an actors work representing their ability. CONNECT WITH AFI: http://facebook.com/AmericanFilmInstitute ...

Accessing the Future Fund a sensible proposal, says super expert Daryl Dixon
As portfolios go, the Future Fund's asset allocation is concentrated in higher-risk investment, including equities and alternative assets.

Accessing my Super
I'm 57 - can I access my super?

Australia, US accessing Indonesian telephone data, leaked documents show
Newly disclosed documents from former US intelligence contractor Edward Snowden have revealed that Australian intelligence efforts against Indonesia ...

Euthanasia advocate Philip Nitschke detained at Melbourne Airport, accuses Customs officials of accessing ...
Euthanasia advocate Philip Nitschke has accused Customs officials of accessing hundreds of patients' sensitive records on his laptop after detaining ...

Frances Abbott scholarship: Sydney woman pleads guilty to accessing Whitehouse Institute records on PM's ...
A Sydney woman who leaked the student records of Tony Abbott's daughter pleads guilty. A Sydney woman who leaked the student records of Prime ...

Resources last updated: 12/18/2015 9:29:26 AM