Daily Archives: February 29, 2008

internet, security

Google Health, Phorm, where next for your private data?

Let’s look at the fundamentals. Is an advertising company an appropriate place for sensitive personal data like health records? That’s easy to answer, no matter how many privacy assurances Google gives. Google is a specialist at mining personal data; and whenever I read its terms and conditions it is almost enough to stop me using its services. So Google Health? No thanks. Google, if you want to do this, split the company.

How about this idea: some of the UK’s largest ISP’s – Carphone Warehouse, BT and Virgin Media – intend to hand over their users Internet history to an advertising company called Phorm. The Reg has more details – read the comments to get fully spooked. Someone has setup a protest site here.

Phorm says it has strong privacy practices that safeguard user data, audited by Ernst and Young [PDF]. Safeguards include:

  • Deleting raw data after 14 days
  • Removing numbers longer than 3 digits
  • Not storing email addresses or IP numbers
  • Not storing form fields (thus no passwords)
  • Identifying users only by a random number
  • Analysing data only for predetermined keywords

Happy now? No. Some of these protections are weak. For example, the AOL search data debacle proved that replacing IP numbers with random identifiers is insufficient protection, because users can be identified solely by their activity. This applies even more strongly to an ISP’s data, which has everything you do on the Internet, not just your search history. Second, it is an opt-out system – it should be opt-in – and the opt-out on offer is weak; it merely stops you seeing the targeted ads, rather than preventing your data being sent to Phorm. Third, the data to be mined includes all your non-encrypted Internet activity, such as reading Google Mail, and not just URLs visited. While Phorm says it won’t read it, any additional use of this data makes it more vulnerable to interception and abuse.

What’s the answer? Change your ISP, of course; but also SSL, which encrypts your Internet traffic. Passwords themselves are inherently bad enough, without making it worse by sending them in plain text; further, we need to learn that anything we read or send in plain text over the Internet has been potentially been intercepted. This 2005 article spells out what that means. My hunch is that it is little better now. If we encrypt all the traffic that matters to us, then we won’t care so much that the ISP is selling it on.

[This post replaces an earlier draft].

Update: More details at the Reg today, complete with diagrams. Performance impact is also a concern.

Technorati tags: , , ,
microsoft, vista, windows

Microsoft’s Vista Capable campaign: where it all went wrong

1 Comment

A series of remarkable internal emails have been made public as a result of the class action lawsuit against Microsoft for its “Vista capable” marketing campaign in the second half of 2006. In essence, the claim is that many of these PCs were not really Vista-compatible, because they could only run Vista Basic, and not Vista’s distinctive Aero graphics.

This is not just about eye candy. See Microsoft’s Greg Schechter’s explanation of Vista’s Desktop Window Manager, part of Aero:

The primary takeaway for desktop composition:  the way an application gets pixels on the screen has fundamentally changed.

It’s fair to say that missing out on Aero means missing out on a core feature of Vista.

Todd Bishop’s Microsoft blog has more details on the case, including a large PDF document showing internal correspondence from Microsoft and its partners, giving insight into how the Vista Capable campaign evolved.

The problem was that Microsoft allowed machines to carry the “Vista Capable” sticker even if they were not able to run Aero. An email from Microsoft’s Ken Goetsch:

We have removed the technical requirement that a Windows Vista Capable PC contains a Graphics Processor Unit (GPU) that supports the Windows Display Driver Model (WDDM), formerly known as the Longhorn Display Driver Model.

Other correspondence in the PDF shows that many at Microsoft were uneasy with this decision; however it was apparently done to help out Intel. Here’s an internal email from John Kalkman, dated February 26 2007::

In the end, we lowered the requirement to help Intel make their quarterly earnings so they could continue to sell motherboards with 915 graphics embedded. This in turn did two things: 1. Decreased focus of OEMs planning and shipping higher-end graphics for Vista ready programs and 2. Reduced the focus by IHVs to ready great WHQL qualified graphics drivers. We can see this today with Intel’s inability to ship a compelling full featured 945 graphics driver for Windows Vista.

Later he says:

It was a mistake on our part to change the original graphics requirements. This created confusion in the industry on how important the aspect of visual computing would play as a feature set to new Windows Vista upgraders.

Now I know why I have over two hundred comments to my January 2007 post, Vista display driver takes a break. My laptop, a Toshiba Portege M400, has the 945 chipset. I bought it specifically to run Vista, towards the end of 2006; and yes, it has a “Windows Vista Capable” sticker. The early Vista graphics drivers were indeed faulty, though in my case a February 2007 update pretty much fixed the problems. I was lucky it did not have a 915 chipset.

How did all this mess come about? The heart of the problem seems to be the infamous Vista reset in 2004, when a ton of work on Longhorn was scrapped, and work resumed based on the Windows 2003 codebase. This was almost certainly a good decision (or the least-bad one possible); but the consequence was that Vista was very late. Another reason was the huge effort put into Windows XP SP2; and the reason for that was the number of desperate security problems in Windows XP.

So Vista was late, and in consequence was rushed. In addition, PC sales were sagging because XP was old and people were waiting for Vista (or switching to Macs), so Intel had overstock. All the pieces were now in place for a Vista-capable sticker whose meaning was not what most people would expect.

Embarrassing for Microsoft. It is better to be transparent even with bad news like, “Your PC will never run Vista properly”, rather than fudge the issue. The episode also illustrates one of the downsides of working with multiple hardware partners, rather than keeping both hardware and software in-house as Apple does.

Technorati tags: , ,