Thanks for the links, I will check them. I'm actually only moderately concerned about Microsoft. There are a lot of other vendors now that phone home too, now that it's assumed that everyone has a connection. They also fail softly if not, so you never know. I remember a German author putting in a phone home bit 10 yrs ago or more into a small but useful utility. It would sometimes trigger the dial up networking if you weren't on a lan. His fine-print explanation was that he just wanted to see who was using and when and it just dropped an IP stamp in his log or such. That was then... Today, it's so fast and users are so inundated with network traffic that a periodic ping won't be noticed. It would not be tough to transfer all sorts of interesting facts about a user that way. That's one of the big nasties about GoogleSearch. It builds a smallish sized index to everything on your drive, then allows (or could be made to upload) it to be used quickly without an exhaustive, obvious hard disk access. If it were such that they or some vendor got a majority of users into this by default settings, etc (think MS search), then it becomes of interest to use by anyone from a curious employee to a subpoena (US) to trigger a search for terms and return 'interesting' results. It's even useful to harvest your metadata if you're a questionable person (according to whomever's metrics) and you run something that gives others this kind of access. It's especially troubling in the US where we now have a secret court and citizens can be stripped of due process if labeled 'enemy combatant". It can even be a criminal act to reveal you were asked to provide such data (Patriot Act) and there are programs to involve citizens in looking for data (Operation TIPS). Through the Military Commissions Act (US) (and through precedent and principles used even before the Act, since 9/11) one can be categorized as an enemy for lending any kind of aid to the enemy, which could include just favorable opinion... Under FBI Director Hoover (in the 50' & 60's) you could have all sorts of disinformation unleashed against you if you were 'suspected' of being a communist or aiding the wrong party, if not legal problems. In today's terms, that might affect the ability to get a security clearance, a mortgage, a better job, insurance, etc, depending on these efforts, which might all have stemmed from an inappropriate number of certain words on your hard drive. Many of these are important to an engineer's (or anyone's) life... Hoover and McCarthy would have loved today's technology. Those who were around then will remember that even a 'wrong' magazine subscription could get you onto a 'list'. I think one of the reasons it fell apart wasn't only that McCarthy saw 'red' everywhere, but that the data processing load was enormous and these lists were people and paper based. Search programs couldn't remain secret for long and were labor intensive. Not true today where it's all electrons tracking other electrons ;-) and PCs can easily keep crunching the results anyway you like. Hoover's programs could fit on a pocket hard drive and a pc today... At least in the 60's, you had to pay for the subscription or such to get into trouble. Today a bot or an interest could get you into the same trouble, but you might have a hard time finding it beforehand and an even harder time extracting yourself from the resulting personal mess... A firewall with robust outbound filtering is imperative. Just look at the delay users had in implementing inbound firewall protection (over the recent years) and the mess it created in being penetrated, even today. It was tough for the average Joe to 'see' this threat to his PC from outside. The same is (or will be) true of outbound - first, denial of a problem, second, groups take advantage of the 'hole', then, a mess. Even if the technology is just applied to the more 'visible' suspects, it creates a fear in the public that one's hard disk might contain incriminating words or bytes, which then drives you to limit your investigations and learning to avoid them, etc. Just the fear of such a program shapes public knowledge and opinion to avoid topics that are off limits or suspect. I've found engineers to be more curious than most, and willing to dive deep in order to get a good understanding. That creates a larger than average trail or repository of information. Let's hope it's not something that's on 'the list'. ;-) However, there are a lot of cases where a useful utility either wants to phone home for 'updates' that can't be turned off, or no mention is made that it even phones home at all, but it does. It might all be innocent today, but tomorrow is always a new day... On the popup style firewall, once you give permission, you shouldn't get the popup for that item again. After a little while it stops as you've given your core permissions. It's very handy, especially when testing new software though, because the alternative is port watching and packet logging and analyzing for every new utility. Just port watching a program can fail you, since it can send one off quick enough you don't catch it, and then it's after the fact anyway... and in a world of VMs and rootkits, even a software firewall may not cut it tomorrow. "Trust, but verify" - Ronald Reagan Xiaofan Chen wrote: > On Jan 13, 2008 9:35 PM, Xiaofan Chen wrote: > > > What I mean is that even they do "phone home" but I doubt that they are really > make use of the data to be against you. > > > I do understand that there are great concerns of the "Phone Home" features > built-in Vista (and XP SP2 or other Microsoft software). The following is > about Vista. > http://news.softpedia.com/news/Forget-about-the-WGA-20-Windows-Vista-Features-and-Services-Harvest-User-Data-for-Microsoft-58752.shtml > -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist