View Full Version : Microsoft admits to DVD snooping

02-25-2002, 12:34 PM
A very disturbing piece of news popped up on DVDreview.com's website this afternoon. For all you DVD fans that watch movies on your computer, take note your rights to privacy are being violated. No big suprise from Bill Gates and Microsoft. :Pirate: :mad: Here is the report:

February 25, 2002
Microsoft has admitted that its most recent DVD player Media Player 8.0 which is integrated in its Windows XP operating system is tracking the CD and DVD usage of its users. The company has also admitted that its player software tracks DVD content.
While Microsoft is downplaying the issue claiming the tracking features are to enhance user navigation and can be disabled, the Electronic Privacy Information Center is raising concerns that the level of profiling done by the software giant may be dangerous and raises several political issues. EPIC counsel Chris Hoofnagle claims "This will be the first of many realizations that software is being written so it can log content consumption," he said. "We're just coming on the brink of this.".
Currently Microsoft claims that it does not track personally identifiable information and that its tracking will not be sold or used for direct marketing.

Frankly disgusting news, and another reason why I really hate having to use Microsoft products. Oh well, I don't watch movies on my computer anyway, but I wanted to warn anyone here that did. :(


Jar Jar Binks

02-25-2002, 12:41 PM
I don't watch DVDs on my computer, and I don't use XP. Do you have to be online to use media player?

This can't be legal.

Oh well, just another sad realization of how our world works today.

02-25-2002, 12:44 PM
Here's a more indepth article on this from Yahoo! News. Still a disgusting practice that needs to be stopped. Know I am glad I stuck with just a DVD player, and not a DVD rom drive. :mad: The report can be found here: http://story.news.yahoo.com/news?tmpl=story&u=/cn/20020221/tc_cn/windows_media_aware_of_dvds_watched as well as I am posting a copy here.

Windows Media aware of DVDs watched
Thu Feb 21,12:31 PM ET
Paul Festa CNET News.com

Microsoft on Wednesday amended the privacy policy for its Windows Media Player after a noted computer security expert warned that the software keeps track of the DVD titles people watch.

In a Web advisory, computer privacy and security consultant Richard Smith detailed what he termed "a number of serious privacy problems" with the Windows Media Player for the Windows XP (news - web sites) operating system.

The posting flagged a feature that allows Microsoft to log what DVDs play on a particular PC through the use of an electronic tracking file known as a "cookie."

"Each time a new DVD movie is played on a computer, the WMP software contacts a Microsoft Web server to get title and chapter information for the DVD," Smith wrote in his advisory. "When this contact is made, the...server is giving an electronic fingerprint which identifies the DVD movie being watched and a cookie which uniquely identifies a particular (Windows Media Player). With (these) two pieces of information, Microsoft can track what DVD movies are being watched on a particular computer."

In addition, the player creates its own database of all DVD titles watched, Smith wrote.

Smith went on to criticize the Windows Media privacy policy, which as of Tuesday did not disclose the DVD reporting feature.

In response, Microsoft said that it had changed its privacy policy Wednesday morning.

"It is now amended," said David Caulton, lead product manager for Microsoft's Windows Digital Media division. "As of this morning, we have updated the policy to specifically call out that DVD metadata involves a call to the network and a cookie."

The metadata at issue lets people using WMP and XP navigate through DVDs with more information than simple track numbers. The metadata, including track titles, DVD cover art, and credits, sits on the WindowsMedia.com Web site, from where the player retrieves it.

To keep track of what metadata a particular computer has already downloaded, the WindowsMedia.com server assigns the querying computer a cookie, as do most media and commerce Web sites. But until the privacy policy was amended, Microsoft did not specify how it was connecting the information it was gathering, leaving consumers and privacy and security gadflies such as Smith to spin their own scenarios.

"Microsoft can be (using) DVD title information for direct marketing purposes," Smith speculated in his advisory. "For example, the WMP start-up screen or e-mail offers can be customized to offer new movies to a WMP user based on previous movies they have watched. Microsoft can be keeping aggregate statistics about what DVD movies are the most popular."

Microsoft denied that the information collected would let it target individual users.

"One thing Smith says that's simply wrong is that e-mail offers could be customized," Caulton said. "We don't have any information about who user No. 345216436 is, so there's no way to send them e-mail."

Caulton contended that Microsoft's cookie did not give the company any individually identifying information, that customers concerned about it could disable cookies in their browser, and that the database on the computer hard drive--which lets people access downloaded DVD metadata when they're offline--was stored in a proprietary, machine-readable format that could not be easily read by a third party.


Jar Jar Binks

02-25-2002, 12:48 PM
I'm glad you are putting these thing up, but pick one or the other. It's a little redundant.

My mum has some DVD unit on her computer. I have to see which on it is. Bloody buggery bastards they are at Microsoft. Yeah, Gates... I'm talking about YOU! :mad:

02-25-2002, 12:54 PM
Originally posted by JEDIpartnr
I'm glad you are putting these thing up, but pick one or the other. It's a little redundant.
I put the links as well, due to the fact if more info comes out about this, and I don't happen to catch it to post here, someone else may. DVDreview and Yahoo update all the time, and I wanted to be sure, even after my posts were read, if more info popped up someone might see it, if I don't and can post here. :D


Jar Jar Binks

Lord Tenebrous
02-25-2002, 01:25 PM
Gah! I frickin' hate Microsoft! :mad:

Between this and their name lawsuit with Lindows (Background (http://www.lindows.com/lindows_michaelsminutes.php)), the company that I want to switch over to this year...grrr...

You want consumer profiling, Gates? Watch me profile my foot right up your...

master jedi
02-25-2002, 02:20 PM
Bill Gates it the devil.

I don't have Windows XP and don't use any Microsoft DVD players.
So I guess I'm ok, for now.

Mandalorian Candidat
02-25-2002, 03:06 PM
I didn't realize that Microsoft was so desperate for money that they have to resort to this insidious consumer profiling. Isn't that how Palpatine came to power anyways? By doing holographic profiling?

02-25-2002, 08:20 PM
one of the reasons that the farthest ill go with windows is 2000 pro. who uses Windows Media player to watch DVD's or listen to CD's though? i use Interactual and Winamp, respectively.
here's (http://vbb.volition-inc.com/ubb/Forum9/HTML/007513.html) an interesting perspective on all of this.

02-25-2002, 11:21 PM
... can be found here: Microsoft's REALLY hidden files (LINK DELETED) (see next post by JT for explanation)

I'd like to believe that all this is purely to help them build more useful software, but the fact is that with the potential dirt Gates could have databased on so many folks, maybe we ought to wonder if there was some more sinister reason why the gov't. dropped the Microsift case. Did Billy threaten to leak info on what websites ol' G.W. likes to surf when Laura's out of town?

------the following info was added due to link being deleted------

Due to a poor choice of website name by the author, I'll reprint some of his better info (scrubbed-clean) here:

Microsoft's Really Hidden Files: A New Look at Forensics
Version 2.6b
There are folders on your computer that Microsoft has tried hard to keep secret. Within these folders you will find two major things: Microsoft Internet Explorer has not been clearing your browsing history after you have instructed it to do so, and Microsoft's Outlook Express has not been deleting your e-mail correspondence after you've erased them from your Deleted Items bin. (This also includes all incoming and outgoing file attachments.) And believe me, that's not even the half of it.

When I say these files are hidden well, I really mean it. If you don't have any knowledge of DOS then don't plan on finding these files on your own. I say this because these files/folders won't be displayed in Windows Explorer at all -- only DOS. (Even after you have enabled Windows Explorer to "show all files.") And to top it off, the only way to find them in DOS is if you knew the exact location of them. Basically, what I'm saying is if you didn't know the files existed then the chances of you running across them is slim to slimmer.

It's interesting to note that Microsoft does not explain this behavior adequately at all. Just try searching on microsoft.com.

I know there are some people out there that are already aware of some of the things I mention. I also know that most people are not. The purpose of this tutorial is teach people what is really going on with Microsoft's products and how to take control of their privacy again. This tutorial was written by me, so if you see a mistake somewhere then it is my mistake, and I apologize.

Well, the best definition I have been able to come up with is the following:

I) A "really hidden" file/folder is one that cannot be seen in Windows Explorer after enabling it to "show all files," and cannot be seen in MS-DOS after receiving a proper directory listing from root.
a) There is at least one workaround to enable Windows Explorer to see them.
b) There is at least one workaround to enable MS-DOS to see them.

II) Distinguishes "really hidden" file/folders from just plain +h[idden] ones, such as your "MSDOS.SYS" or "Sysbckup" folder.

III) Distinguishes from certain "other" intended hidden files, such as a file with a name of "x."

(Interesting to note that Microsoft has disabled the "Find: Files or Folders" from searching through one of these folders.)

No. Enabling Windows Explorer to "show all files" does not show the files in mention. No. DOS does not list the files after receiving a proper directory listing from root. And yes. Microsoft intentionally disabled the "Find" utility from searching through one of the folders.

Oh, but that's not all.

Just from one of these files I would be able to tell you which web sites you previously visited, what types of things you search for in search engines, and probably gather your ethnicity, religion, and sexual preference. Needless to say one can build quite a profile on you from these files. It has the potential to expose and humiliate -- putting your marriage, friendship, and corporation at risk. Here's one good example of the forensic capabilities.

"I've been reading your article as I have a problem with an employee of mine. He has been using the work's PC for the internet and using it to chat and look at porn sites. He was then deleting the cookies and history in order to cover his tracks. A friend of mine pointed me in the direction of this site and your article. I have found it to be incredibly useful . . ."

-- Concerned Boss, 8/24/01

One more thing. They contain your browsing history at ALL times. Even after you have instructed Microsoft Internet Explorer to clear your history/cache. And so the saying goes, "seeing is believing."

To see for yourself simply do as you would normally do to clear your browsing history. Go to Internet Options under your Control Panel. Click on the [Clear History] and [Delete Files] buttons. (Make sure to include all offline content.)

So, has your browsing history been cleared? One would think so.

Skipping the to chase here. These are the names and locations of the "really hidden files":

If you have upgraded MSIE several times, they might have alternative names of mm256.dat and mm2048.dat, and may also be located here:

Not to mention the other alternative locations under:
c:\windows\application data\...
c:\windows\local settings\...
(or as defined in your autoexec.bat.)

FYI, there are a couple other index.dat files that get hidden as well, but they are seemingly not very important. See if you can find them.
Step by step information on how to erase these files as soon as possible. This section is recommended for the non-savvy. Further explanation can be found in Section 4.0. Please note that following these next steps will erase all your cache files, all your cookie files. If you use the offline content feature with MSIE, following these next steps will remove this as well. It will not erase your bookmarks.
1) Shut your computer down, and turn it back on. 2) While your computer is booting keep pressing the [F8] key until you are given an option screen.
3) Choose "Command Prompt Only" (This will take you to true DOS mode.) Windows ME users must use a boot disk to get into real DOS mode.
4) When your computer is done booting, you will have a C:\> followed by a blinking cursor. Type this in, hitting enter after each line. (Obviously, don't type the comments in parentheses.)
C:\WINDOWS\SMARTDRV (Loads smartdrive to speed things up.)
DELTREE/Y TEMP (This line removes temporary files.)
DELTREE/Y COOKIES (This line removes cookies.)
DELTREE/Y TEMP (This removes temporary files.)
DELTREE/Y HISTORY (This line removes your browsing history.)
DELTREE/Y TEMPOR~1 (This line removes your internet cache.)

(If that last line doesn't work, then type this:)

(If that didn't work, then type this:)
(If this still does not work, and you are sure you are using MSIE 5.x, then please e-mail me. If you have profiles turned on, then it is likely located under \windows\profiles\%user%\, while older versions of MSIE keep them under \windows\content\.)
This last one will take a ridiculous amount of time to process. The reason it takes so incredibly long is because there is a ton of (semi-) useless cache stored on your HD.

5) Immediately stop using Microsoft Internet Explorer and go with any of the alternative browsers out there (e.g., Netscape 4.7x from netscape.com, Mozilla from mozilla.org, or Opera from opera.com).

FYI, Windows re-creates the index.dat files automatically when you reboot your machine, so don't be surprised when you see them again. They should at least be cleared of your browsing history.
It was once believed that the registry is the central database of Windows that stores and maintains the OS configuration information. Well, this is wrong. Apparently, it also maintains a bunch of other information that has absolutely nothing to do with the configuration. I won't get into the other stuff, but for one, your typed URLs are stored in the registry.

HKEY_USERS/Default/Software/Microsoft/Internet Explorer/TypedURLs/
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/TypedURLs/
These "Typed URLs" come from MSIE's autocomplete feature. It records all URLs that you've typed in manually in order to save you some time filling out the address field. By typing "ama" the autocomplete feature might bring up "amazon.com" for you. Although I find it annoying, some people prefer this feature. One thing is for sure, however -- it's an obvious privacy risk. You wouldn't want a guest to type "ama" and have it autocomplete to "amateurmudwrestlers.com," would you?
As you may already know, deleting files only deletes the references to them. They are in fact still sitting there on your HD and can still be recovered by a very motivated person.
BCWipe (http://www.bcwipe.com/) is a nice program that will clear these files.
For you DOS buffs, there's a freeware file wiper on simtel.net that I use.
If you are using PGP, there is a "Freespace Wipe" option under PGPtools.
The newer versions of Norton Utilities have a nice file wiping utility.
You might want to check out Evidence Eliminator (http://www.evidence-eliminator.com/) 30 day trial. This is probably the best program as far as your privacy goes.
If your work environment forces you to use Microsoft Internet Explorer, then I strongly recommend that you talk your boss into checking out one of these programs:
PurgeIE (http://www.aandrc.com/purgeie)
Cache and Cookie Cleaner for IE (http://www.webroot.com/washie.htm)
TARGET="new-window">Anonymizer Window Washer (http://www.anonymizer.com/anonwash)
These programs automate the process for you, and is a better alternative to adding 'deltree/y' lines to your autoexec.

And if your work environment forces you to use Outlook or Outlook Express, then you should get in the habit of compacting your mailboxes.

You can do this by going to File > Folder > Compact All if you have Outlook Express, or Tools > Options > Other tab > [Auto Archive] if you have Outlook. Make sure to set things up here.
There is more at the website. Email me direct for the link, since the site name is too profane for this forum to permit a direct link.
- Swafman

02-25-2002, 11:35 PM
I'm afraid I had to delete that link because even after I changed the offensive link to DNS numbers (because the URL had "the f-word" in it), the page itself had the offending site name all over the place. It's too bad, I've visited the site before, their info is very helpful and pretty shocking that MS has been like this for so long; but I have a responsibility to keep the SSG forums online. SWAFFY, you may want to reprint some of their more interesting, non-profanity-laiden text here, like step-2 on that page (showing the hidden files).

Lord Malakite
02-25-2002, 11:44 PM
Another reason to avoid the X-Box. :D I have no doubts that Microsoft has the thing just as rigged. It can play DVD movies and will have internet capabilities later on. I bet you its hard drive is copying all of the games and movies you stick in it, just waiting for the day you can use its online capabilities so it can send its information to its diabolical master. :evil:

Beware the wrath of sith lord Gates or you'll surely end up dead. :dead:

02-26-2002, 07:12 AM
Originally posted by Lord_Malakite
and will have internet capabilities later on
nope. they have specificlly said that it is not a PC ( :rolleyes: ) and it will never browse the web or allow you to use a keyboard and mouse on it. you will be able to play multiplayer games over the web, but it wont have a browser available for it.

Lord Malakite
02-26-2002, 08:36 AM
I never said it would be a PC. I said it would have internet capability. Being able to play others online is an internet capability. It dosen't really matter, either way it still fits into sith lord Gates dark plan for world domination. :evil:

02-26-2002, 08:42 AM
you wont be able to store anything on it from the web was what i was trying to say.

James Boba Fettfield
02-26-2002, 09:30 AM
Which is why we should all revert back to playing Ghostbusters on Atari...or E.T. Well, forget E.T. and just play Custer's Revenge for Atari, that game beats anything of today!

Lord Malakite
02-26-2002, 11:15 AM
I'm pretty certain the X-Box has a rewritable hard drive built into it. Either that or it will be add on later since the GCN is getting one. This will allow you to save data from games without the use of a memory card. This is what the cancelled 64DD was supposed to be to the N64. I'm certain with the right skills, you could modify it to also copy what games and movies you play on the X-Box. Then that info. can be sent to Microsoft when you try to use X-Box's online capabilities.

As for Custer's Revenge, :eek: nobody here wants that porn game.

Admiral LSD
02-27-2002, 12:29 AM
Originally posted by jw_bryant
one of the reasons that the farthest ill go with windows is 2000 pro. who uses Windows Media player to watch DVD's or listen to CD's though? i use Interactual and Winamp, respectively.
here's (http://vbb.volition-inc.com/ubb/Forum9/HTML/007513.html) an interesting perspective on all of this.

You do know that M$' five year plan (http://www.microsoft.com/windows/lifecycle.asp) applies just as much to Win2k as it does to Win9x? The difference between you and the 9x tardz is that you get an extra year of limited support before entering the red zone. It applies to XP as well, I just hope Longhorn can live up to the high standards set by its predecessor.

02-27-2002, 03:13 AM
Its so true, Microsoft has most every PC user by the *****. I remember learning about all this in high school. Then I became a "computer geek" and now I use Unix and a Mac.

Microsoft has so many backdoors into every windows user, its not even funny, especially if you have a internet connection that always keeps you online, (cable, T1, etc...)

I try to stay away from the whole Mac/PC debate, but if you just surf the net and type papers, you might want to consider a iMac or something other than a PC.

02-27-2002, 03:16 AM
I play LucasArts games on-line so that is no option for me. :D Although I just fear what Microsoft has already done that they're not telling with Windows, who knows what kinda spyware it could have.... Dang, where's that paranoia face. :frus:

Admiral LSD
02-27-2002, 04:07 AM
Believe me, I'd love to get a Mac. MacOSX is probably the coolest looking OS out there today (even cooler than XP) and its Unix core combines beauty with brains. However I'm not prepared to pay the price Apple charge for it. Until Macs become price competitive with PCs it'll be PCs for me. And given that Linux is far from being ready as a mainstream desktop OS those PCs will run whatever is the going version of Windows. Thats not to say I don't like Linux, I do, but the sad fact of the matter is that for me and millions of others Windows does everything I need from my computer much more elegantly than any of the alternatives. If and when that changes, I'll be off like a shot but until then I'll stick with Windows.

02-28-2002, 12:54 AM
Basker, I believe in this case, that icon would be: :eek: then :cry: then :dead: