Microsoft again earns the moniker “Micro$haft”

Slashdot’s nightly headlines brought this bit of news from Information Week and Ars Technica to my attention last night: Microsoft submitted an adware patent back in 2006 that will use “context data” from your hard drive to select focused advertising for you to view while you’re surfing, reading your email, working on Word and Excel documents, etc.

That’s right – their patent covers adware that could reside in the host Windows operating system, reside as a “feature” of an application like Word or Outlook, or be installed as a specific, stand-alone application. And it would search the context of the files you have open to target ads to your desktop or application while you’re working on them.

I can see it now – someone’s working on a vampire cyberpunk short story and they get distracted every few minutes by ads for Anne Rice’s Interview with the Vampire and for the RPG CyberPunk 2020. And, just in the process of writing this very post, I can imagine getting context-based ads about patent law firms, cyberpunk and vampire literature, Microsoft products, and even companies offering adware. Just great.

Unfortunately, according to both articles, the patent application includes nothing about how it will guarantee data security or protect personal data. I can’t imagine that this is really a good idea for any industry, or any person, except the advertising firms who’ll use it.

Let’s assume you’re a telecommunications equipment manufacturer (a prior life of mine, actually). You are engaged in a massive price and feature war against all comers on your telephony, wireless, and DSL products. In the process of doing your job, you build Excel spreadsheets called Bills of Material (BOMs) that have the exact part numbers, quantities, prices, and suppliers for all the electronic components you’re using in your Latest Big Thing. In addition, you write your product specifications, test procedures, and marketing documents in Word and FrameMaker respectively. Even if we assume that the adware can’t scan files that aren’t actively in use (a very bad assumption), the adware will still gradually gather that you’re using Arrow as your primary component distributer, that you use Texas Instruments DSPs on your product (both from the BOM spreadsheets), that your company uses Tyco to manufacture your electronics (from the product specification), and that you use HP test equipment to verify that your product works right (from the test procedure). From the marketing documentation, the adware will know just what you’re planning on announcing at the next SuperComm expo, what new DSL features and routing functions it will have, how big it is, etc. And in the process, TI may learn from the adware that you’re considering buying their latest DSP chip before you’re purchasing negotiators tell them, putting your people at a significant disadvantage in negotiations. And that’s the least of your worries – what if a competitor buys advertisting time on the adware service and gets access to your company’s proprietary intellectual property (IP)?

If the adware is a stand-alone application, it could be uninstalled. But if the adware is built into Office programs like Word and Excel (never mind Outlook), or even worse, if the adware is built into Windows itself, the only obvious way to keep this example from happening is to totally isolate the company’s network from the Internet altogether. Think about the amount of work you do via the Internet in some fashion – you can’t tell me that isolating your desktop computer from the Internet so you can securely work on company IP is a good thing. And these days, many companies have network access configured so that employees can work remotely while on vacation or at home – doing so would give the adware on a private computer access to the clean network at the company.

As bad as the corporate picture looks, the personal picture is much, much worse. Most companies at least have people who will be trained on how to disable these functions so that company IP is protected. But individual users simply don’t have that kind of support, and so all sorts of private data will be available to the adware. Just to use some innocuous examples from my own home computer, I don’t really want to be targeted with ads for Dungeons and Dragons books because I run a D&D game. And I don’t want advertisers to know who my insurance company is by scanning my PCs “bookmarks” file. And I don’t want to see ads for dial-up access services just because I had to use dial-up for a week instead of my DSL while I was on vacation. But what about those people who keep things like their taxes (TurboTax), bank account information (Quicken), health insurance records (Word, searchable .pdf files), mortgage data (also Quicken), children’s names and ages (Word letters, blog archiving software), etc. Do you want an advertising program, and thus the massive database(s) it feeds and the customers who mine that database, to have detailed private information about you? I don’t. Hell, Gmail is a lot less intrusive than this patented adware would be, and yet I will never use Gmail myself because I don’t want Google and its advertisers to have access to private communications.

Whether or not Microsoft wins this patent, some adware like this will eventually come into existence. And when it does, it will only be a matter of time before some enterprising virus writer reverse-engineers it to snag personal information that the original adware excluded. If Microsoft integrates this into their operating systems, I’ll probably stop using PCs altogether and migrate to a Mac.

This kind of adware is a boon only to the advertisers who would use it – to everyone else it’s a bane. Ok, maybe not everyone – spy agencies would love it. So would the data mining companies who sell correlated personal data to the government (and that the government is legally prevented from producing itself), especially given how easily this adware could be modified into true spy-ware.

Some things should never come to pass – this is one of those things. To paraphrase Ripley from Aliens, “Nuke the patent from orbit – it’s the only way to be sure.”

9 replies »

  1. This would make me angry for an entirely different reason than privacy: yet another thing churning away on my processor slowing down my machine, possibly causing hiccups in other programs, and insisting on accessing the internet unneccessarily. I think every piece of software we install now thinks it’s important enough for a “quick start” or “show in systray” or “check for updates at bootup”. I want a check box when every piece of software is installed for the first time: “shut the heck up and don’t do anything until I click your icon”. I don’t need an icon in my systray for freaking Logitech just because they made my mouse.

    I don’t think this adware will come to pass unless they only put it on “home” versions of software. I would give it six months before a Fortune 500 company would sue the pants off Microsoft for this. There is just too much information stored electronically for people to be comfortable with this idea.

    That said, I wouldn’t be surprised if a limited version became available for windows media (itunes has it already). While you’re downloading a movie online, it scans your database of music & movies and suggests other downloads. “Would you like to download the Nine In Nails concert video for $9.99?” “How about purchasing the soundtrack to Transformers since you’ve bought the movie?” (Would love to have snarky comments from it too, “Dude, even we think that’s too much porn.”)

  2. Since the fizzled launch of Vista, there have been quite discussions among ITs about whether that was the last hurrah for Microsoft. Perhaps more than end users, technicians feel trapped by the software giant.

    The one thing about technology is that it invites innovation. Just ask the knight of old pinned in his armor by a crossbow bolt fired by some lowly peasant! Not even the Pope could outlaw the deadly weapons they were so effective at literally leveling the field of battle.

    Apple, too, once held a monopoly in personal computing. Their little machines were ubiquitous in schools until they managed to alienate users by making it impossible to make application backups. Microsoft’s undoing might come at the hands of an Apple that learned its lesson from a sudden fall. Open-source software is another possible way of driving a stake into the heart of the Microsoft monster.

  3. At age 61, I have come to this sad conclusion about life: “There’s no place left to hide.”

    Thanks, Brian.

  4. Wait a second. So this means that the patent threatens intrusion into, I don’t know, CLASSIFIED data? Sounds like a national security threat to me.

    Even better, the new “blogger shield law” – which really seems like a Trojan Horse for corporate interests – sets proprietary corporate information (important stuff, like the day you’re going to hold a press conference to make a product announcement) alongside critical national security related info. That would suggest to me that this kind of software is fucking around in some VERY dangerous territory.

    Or am I missing something?

  5. Sam, if I read the SCIF requirements right (from this post on how the WH and VP aren’t safeguarding national secrets) , no computer that has national secrets on it may be on a network that connects to the outside world. There are probably exceptions for things like private DOD networks and that sort of thing, but I suspect that the feds would require “scrubbed” versions of the OS for secure computers.

    But, theoretically, it’s possible that national secrets could be accidentally put onto an insecure laptop and then made available via this adware to the wider world. Certainly variants of this type of adware could be used in this fashion (if they don’t already exist).

    And no, you’re not missing anything – this kind of adware is true, honest-to-the-gods SPY-ware. And if it gets out there, nothing connected to the network would be secure and everyone would be able to buy any secret they wanted. Microsoft would become the ultimate database mining company, with databases the envy of the credit card companies.

    This is one of the scariest technology items I’ve read in a long time. Things like this make melamine poisoning look like a mild case of indigestion. If enough people realize just what this means, it has the potential to turn back the clock to before the Dot-Com bubble burst, before essentially free networking bandwidth and open-source and wiki and both in- and out-sourcing flattened a lot of the developed world. And that’s not a good thing.

  6. If Microsoft gets to do this to “non-secured” (read non-government) computers, doesn’t it simply provide a way for MS to cozy up to an increasingly intrusive government by being able to provide private info on citizens? Isn’t this just MS getting into the spying business as a private contractor – and offering Bushevik types a way to contract out (and end run) using NSA or FBI spying?

    Please tell me I’m going off the deep end, Brian. Please….

  7. I’d love to tell you that Microsoft won’t be able to get into the spying business as a private contractor, but I can’t – this technology has EXACTLY that potential.

  8. Not to mention that we’re presupposing Microsoft isn’t ALREADY in the spy business–simply by virtue of the sheer amount of technology they supply to the government in order to avoid any more antitrust lawsuits. Every single Windows computer is a backdoor not only for hackers, spies, and cybercriminals, but for Microsoft itself.

    Our best hope is the slow, slogging pace of Microsoft itself, and its propensity for launching apps and OSes filled with bloat and unnecessary additives. Vista was cracked even before the official launch, and cracked again within a month. If anything like this starts making its way into the next iteration of Microsoft apps (most likely when you install your regular Windows patches), you can be sure some cracker will post a solution on Digg within the hour.

    You can’t stop innovation and the uniquely American desire to be left the fuck alone. Google thought it could, and it’s being browbeaten into changing its ways. There’s no system that’s undefeatable.

  9. Oh yeah:

    Like I said before, every major app these days has a freeware counterpart out there somewhere. Run a Linux OS, use Firefox, Safari, or Opera for your browser, OpenOffice for your word processing, Paint.NET or the GIMP for your art needs, etc.

    Microsoft and Apple are no longer the only players in the game.