You've seen it in countless movies. An innocent fugitive is travelling across the country incognito. Naturally, an evil government agency is trying to track him down. Suddenly, a government nerd points to a computer screen and says, "We've got him. He just used his Visa card to purchase size 38 Fruit of the Looms at Macy's in Trenton, New Jersey."
I find the above scenario to be somewhat frustrating. It is common knowledge that movie-land government agencies can trace every credit-card transaction at a moment's notice. Therefore, it is hard to feel sorry for the idiot fugitive who should have known he was putting himself in jeopardy.
Outside of the movie world, however, there is only one guilty party: the government agency. In the real world, you should be able to charge a pair of underwear without the CIA being able to find out which brand you use. In fact, I can think of only one thing that would be more outrageous: if your underwear sent personal information about you back to Fruit of the Loom.
Well, surprise. That is exactly what Windows does if your computer is connected to the Internet. Windows sends your user profile and hardware configuration -- right down to the Ethernet address of your network card -- to Microsoft. And it does so without informing you or asking for your consent.
Don't flame me for being paranoid; Microsoft admits it. (In what may be a first for Microsoft, the company calls it a bug, not a feature.) What's more, Microsoft admits that its Office suite embeds your Ethernet address into your Office documents.
Microsoft plans to fix the "bug" in future versions of Windows, and promises to release a utility that removes the ID from Office documents.
Privacy advocates have complained about several issues lately. It all started with the uproar over Intel's decision to embed a unique ID in each Pentium III chip. But personally, I wasn't alarmed until now. I don't have a problem with Intel branding each Pentium III.
Why? It isn't the unique ID that matters. What matters is whether software vendors use the ID to identify you or your system without your consent. Most vendors beside Microsoft probably wouldn't take the risk. It would be a PR disaster to be counted among those who abuse personal information for copy protection, especially when other vendors give away their software free for personal use.
In addition, IT wouldn't stand still for copy protection these days, especially if it complicated installation procedures. Finally, I'm sure someone out there would write a crack program for every copy-protected software package that emerges. It would hardly be worth the effort after that.
Like the Pentium III ID, Microsoft's use of the Ethernet MAC (Media Access Control) address as part of a user ID doesn't tie up my underwear in a knot. What bothers me is that it is being sent to Microsoft without my permission.
Yes, it is true that a MAC address can be put to more insidious use than a digital signature on a Pentium III. If I know your Ethernet address, have direct access to an Internet backbone and am lucky, I could gather a lot of information. I might not see everything you do, but I'm sure I would see more than you'd like. Depending on where I tap into the network, I could even monitor your incoming and outgoing mail.
I sincerely doubt that Microsoft is dispatching secret agents packing network sniffers (although I must admit that guy working on my network the other day did look an awful lot like Steve Ballmer). Nevertheless, I think it is time we gave serious thought to Internet privacy issues. Perhaps we need legislation that would forbid any software vendor from sending information over the Internet without a customer's permission.
Thanks for the memory
Last week I mentioned a rumour that Windows NT could not use more than 300Mbytes of memory for its file cache, thus reducing its capability to scale. Thanks to an InfoWorld (a Computerworld sister publication) Electric forum participant, I found out this is a known limitation of NT and has no work-around. The absolute theoretical limit is 512Mbytes for NT Server and 448Mbytes for NT Enterprise Server but, as usual, your mileage may vary.
Former consultant and programmer Nicholas Petreley can be sniffed at email@example.com, and you can visit his forum on InfoWorld Electric at www.infoworld.com.