http://www.overclockersclub.com/cgi-bin/viewnews.cgi?id=EpEuFFpVAZoTJpiMtn from the above link: "Windows Media Player is a spy!" Posted: Thursday, 21 February, 2001 @4:29 PM Author: LinuXProX Microsoft Corp.'s new version of its popular Media Player software is logging the songs and movies that customers play. The company said Wednesday that it was changing its privacy statement to notify customers about the technology after inquiries from the Associated Press. The system creates a list on each computer that could be a treasure for marketing companies, lawyers or others. Microsoft says it has no plans to sell the data collected by Media Player 8, which comes free with the Windows XP operating system. "If you're watching DVDs you don't want your wife to know about, you might not want to give her your password," said David Caulton, Microsoft's lead program manager for Windows Media. The new privacy policy was issued Wednesday. The media player has been bundled as a free addition to Windows for several years and allows users to play music CDs, DVD movies and digitally stored songs on their computers. When a CD is played, the player downloads the disc name and titles for each song from a Web site licensed by Microsoft. That information is stored on a small file on each computer in the latest version of the software. The new version released with Windows XP last fall also added the same technology for DVD movies. Microsoft's original privacy statement informed customers that they were downloading the information about CDs but never stated it was being stored in a log file on each computer. The new statement makes clear that information is being downloaded for DVDs and CDs, but does not explain how users can eliminate or get into the log file. There is no easy way to clear out the log, Microsoft said, without crippling Media Player. The only way to keep Media Player from going to the Microsoft site is to make the player think it is working without an Internet connection, which can be tedious if the user switches between watching DVDs and listening to Internet radio stations. As part of downloading the information about songs and movies from the Web site, the program also transmits an identifier number unique to each user on the computer. That creates the possibility that user habits could be tracked and sold for marketing purposes. Privacy experts said they feared the log file could be used by investigators, divorce lawyers, snooping family members, marketing companies or others interested in learning about a person's entertainment habits. It also could be used to make sure users have paid for the music or movie and have not made an illegal copy. Source: Latimes" Big Brother is really here and his name is Bill! Regards STORM

Sigh. People get so worked up about these things that it often doesn't even seem that the reality of what's happening even enters into it.

There are two main issues:

*** When you play a Audio CD/DVD** your system needs some information. This is more important for CD's than DVD's. This keeps you from having to enter into your system all the information (track list and so on) of the CD.

It is conceivable that Microsoft will then know what CD you put into your system by keeping track of the information your computer asks for. Then they might (gasp!) know what your taste in music is. Heck, if you registered with Microsoft when you set up your system they might even then be able to send you spam.

Personally, I fail to see this as a massive threat to my privacy. It will be noted that almost every other Audio CD player does the same thing, and that the servers that keep that data could also track you.

*** Windows Media Player keeps a LOCAL list of** what you have played so that you can revisist those files int he future. This list is not transmitted outside your machien and it is password tied to your account. This only threat here is that your wife may log on and find out you have a huge MPEG collection you would rather not have her see.

If that is the case then maybe you would consider not given someone access to your account or maybe not thinking your local data is secure if it is not. this is no different than your browser history. You can turn this off if you wish.

Heck, even the folks at Slashdot couldn't make a good case for this being a "Big Brother" situation, and they hate Microsoft with a passion.

Feel free to relax :)

You couldn't PAY me to install Media Player 8...but not because of any of this. Twice now, since it came out I have tried to "upgrade" to it, and on BOTH occasions, after the install, my PC needed to reboot, which is normal. On BOTH occasions, the reboot crashed. After waiting quite a while to see what would happen, I manually shut it off and then turned it back on. And was greeted by the simple message: Operating system not found (maybe not detected). Which of course led to a complete reinstall of Win 98, losing everything on my C drive and all the registry entries for programs on my other drives. The first time it happened, I thought it must have been a fluke, so I tried again...same thing. No Media Player 8 for me, thank you...

Attached Link: http://www.chip.de/downloads_updates/downloads_updates_8613583.html

There is a nice little tool available called XP Antispy. It is freeware and eleminates every spyware (Alexa) that comes with Windows XP. You might know, that XP is sending informations to Microsoft behind the users back. This XPAntispy tool is recommended by every reputable german computer magazine. Over here in germany people take data protection very serious and no one has to stick his nose into my PC. Microsoft even losts a lawsuit against a german student who demanded the disclosure (right word?) of the data that is transferred to Microsoft. They refused to give the information and got kicked a**. The attached link goes to a german computer magazine straight to the page where you can read about XP Antispy and download it. Over here everyone I know who has XP running did clean his PC with this nice little tool. BTW, it elimanets this Media Player problem too.

Well well guys this really is very old...Windows Media Player 8 spys since the player is on the marcet. Anyway Media Player 8 - ICQ all this are Spyware Programms from Microsoft and Sciencetology. If you open both Programms they sending Datas right away to Microsoft and you can stop this by changing your Regestry :))

Yes right but Microsoft is spying since Windows ME and Windows 2000, it isn't alone Windows XP and i always change my regestry. The same news you could read about spying your system after Windows ME and Win 2000 came on the Marcet.

Cherokee69, with the XPAntispy tool phoning home is over. Marcabros, ICQ is developed by a company in Israel and was bought by AOL some years ago. But I think you meant the MSN Messenger.

Nope Puntomaus i don't mean the MSN Messenger I said and I mean ICQ. ICQ is an Spyware Programm like Windows Mediaplayer don't try to make other people stupid. I can show you a lot old messages about ICQ and Mediaplayer. Both are Spyware Programms

Here is the homepage for XP anti-spy. http://www.xpantispy.de/ There is an English version homepage and if you click on Downloads there is an German, English and French version of the application. thanks for the initial link Puntomaus. STORM

Cherokee you right....In Germany we got a lot problems over here and like Puntomaus said: [Over here in germany people take data protection very serious and no one has to stick his nose into my PC.] Microsoft even losts a lawsuit against a german student who demanded the disclosure (right word?) of the data that is transferred to Microsoft. They refused to give the information and got kicked a**. If you could understood German you would see, all over the past years the german computer magazines writing issues about those criminal acts and spyware props.

Ron You can pick it up at all sorts of places. For instance I found the initial link to the Media Player 8 stuff on an AMD technical forum. If you look at tech forums, security sites and forums and also Pirate BBs (I am not into warez for the record) you will find lots. The Pirate BBs are particularly good for stuff on privacy and spyware, wonder why? ;0) The whole Aureate spyware scandal (about 2 years ago) that kicked off public awareness that spyware was being included in demo applications started from a number of Pirate BBs and was picked up by security forums. Recently the FBI launched a major attack on a number of Warez groups (DOD and others). This marked a new departure under the Bush Presidency. However, since the wars in former Jugoslavia (when Serbian hackers took down the N.A.T.O European Headquarters site and communications and attacked the Pentagon site and others during the bombing) and also following on recent experiences in the war against the Taliban, there has been an increased emphasis on Cyber Warefare. I would be willing to bet that some of the vast new defense spending funds that Bush is seeking will be spent on cyber warfare. Add that to existing projects like Echelon and others..... Microsoft and the world-wide penetration of it's product would be an ideal intelligence vehical for data gathering. I am not saying it is happening, but if I were in the CIA/FBI, I would be seeking to use such a vehical as part of my intelligence arsenal. mmmm.... Bill could go from bad boy of the US courts to most favoured person! STORM

Boy am I glad I'm on a mac. The world seems less interested in what I do since I am part of a measely 5%. The gov't is working on developing new super encription methods and the entertainment industry is comping at the bit to get it's hands on it. If they are sucessful warez on new stuff will be virtually impossible. Though warez is a problem, in the sceme of things rather small when compared to poverty,aids, and violence. I am concerned that our current gov't is putting so much effort into snagging warez (which for the most part is a problem for corperate profits) when that effort put into rounding up and arresting say deadbeat dads would have a much more widespread effect and message. Oh, dah, I forgot, that would only improve the lives of women and children. What was I thinking?

Attached Link: http://grc.com/dos/intro.htm

Storm - great that there is an english version of XP Antispy. LOL...imagine, even this system clock contacts Microsoft as soon as you are going online to synchronize - of course *only* to synchronize the time... There is an article about XP on Steve Gibsons site (attached link) And another one: http://grc.com/unpnp/unpnp.htm FYI Marcabros: On June 8, 1998, America Online purchased Mirabilis. More to read about it on Diamond Back's ICQ page: http://diamond-back.com/icqlies4.html Ich versuch nicht, andere f dumm zu verkaufen. Und zu Scientology: das Be ist immer und erall ;-).

I avoid the issue altogether and use WinAmp or Windows Media Player 6.4. Versions 7 and 8 are classic examples of sluggish bloatware.

Well is it "Bye bye Enron...........HELLO Microsoft, Adobe...." time? George: Hi Bill, Golf? Bill: Sure George. George: Small side bet Bill? Bill: No problem George $100 million O.K.with you? BTW how many strokes do I loose by this time? George: Lots if you want that Supreme Court Judge retired. ;0)

heh-heh. :) Hey this reminds me, isn't it about time someone comes up with a Bill Gates .cr2 character for Poser, preferably based on Dork?

I was asked a while back why Sony wasn't doing much to prevent the "ModChips" & copies of the games? The Answer: They sold way more units then if they had made the discs "Warez Proof"... BTW, there's already such a system that was designed right here in Quebec! It's been in use by Soft Cies that make custom software(Mostly in the $25,000+ range). So, Yes! They can make all the Software "Uncopiable"! (Pardon my French!) LOL And, as for the "Spyware" in OS. Well, i should know! Our team made such a thing on an Apple II back in College. So, if i can do it! Imagine Bill & his Team of Wiz Kids... :-))) Oh! You could easily make the "innocent" little things like "Solitaire" & "MineSweeper" do the "Spying"... Not to worry though! I give the Net a life of 2 years... Then it's back to "sign Language".. :-O Ciaos! Marco

Anybody ever hear of firewalls? and allowing permissions? Ron, 20years? Then you should know, if I don't want it sent, it isn't getting sent. I decide what information leaves or enters my machine. Not Microsoft.

Somebody created a Bill Gates Microsoft Agent character that didn't last too long before they were forced to not use it any more. Guess it was too close to the real thing :) Ed

The problem with connection permissions is that if the program is set-up to route through IE as a sub-routine Firewalls will not detect the connection request as IE has permissions already enabled. If this is happening we could be lulling ourselves into a false sense of security. STORM

This is true, but it would have to originate from IE, not Media Player in order for that to work. And that's also assuming the user is operating with IE. Otherwise IE would be making a call that was not authorized.

There is some really amazing stuff in this thread, I mean the tinfoil hat level paranoia.. I'll just take it as I go...

MikeJ: "You couldn't PAY me to install Media Player 8...but not because of any of this.
Twice now, since it came out I have tried to "upgrade" to it, and on BOTH occasions, after the install, my PC needed to reboot, which is normal. On BOTH occasions, the reboot crashed."

I would say this is something specific to your system. I am running Media Player 8 on all the systems here (15 or so) and most of my supported clients are running it. The scenario you describe has never happened to any of them. Not once.

Puntomaus: "You might know, that XP is sending informations to Microsoft behind the users back."

And so far for all the paranoia and scrutiny not ONE SINGLE piece of teh data microsoft sends or exchanges with the users PC has been infringing. Funny that.

cherokee69: ""He wan't ready to register the program at the time. He never went online but once during the time he had XP on his computer. He received an email from Microsoft telling him if he didn't uninstall XP because it was a pirate copy (which it wasn't, he purchased if from a store and has the box and all paperwork for it), he would be charge with copywrite violation and would be fined him $150,000.00."

There has been not ONE credibly documented case of any such thing.  Given that the information comes without any supporting evidence... I would say it is simply FUD.

cherokee69:"I don't have to give you squat...nothing..nada..point blank, you full of it...period. And because of your demanding, I'm out of theis thread."

How dare you not just take my word for something that there is absolutely no evidence for!

Puntomaus: "LOL...imagine, even this system clock contacts Microsoft as soon as you are going online to synchronize - of course only to synchronize the time..."

Yes, in fact it IS only to sync he time :) The protocol used is an open one and an internet standard. All you need is a packet sniffer to confirm this.

Does EVERYONE just believe the stuff the read on warez IRC channels?

I can guarantee you that Sun Microsystems has a few techs that do nothing in life but analyze WindowsXP network traffic looking for damaging transfers so they can nail MS in a PR war. Not to mention a few million drooling MS hating Linux "hackerz".

And yet, no one has published anything damaging. Why do you think that is?

Little_Dragon: "I avoid the issue altogether and use WinAmp"

Be aware that WinAmp ALSO transmits your CD data across the network.

OpticalSingenoid: "I was asked a while back why Sony wasn't doing much to prevent the "ModChips" & copies of the games?

The Answer: They sold way more units then if they had made the discs "Warez Proof"..."

And you are wrong. Sony has NO REASON to allow this to happen. The hardware in game consoles is typically sold at a loss. In other words selling you a Playstation so that you can play pirated software loses Sony money. Lot's of money.

Game systems usually cost more to make than they sell for, and when you add in R&D they are losing propositions hardware wise. The only reason to get into the console market is to sell you the games. Sony typically gets 4-6$ PER UNIT of software sold for the Playstation.

They have no reason to let you pirate it. None.

ElectricAardvark: "Anybody ever hear of firewalls? and allowing permissions? Ron, 20years? Then you should know, if I don't want it sent, it isn't getting sent. I decide what information leaves or enters my machine. Not Microsoft. "

Well said! A good point. In the end the end user CAN control their traffic... and they can analyze it as well. This is one of the reasons why the paranoia about the great "microsoft conspiracy with aliens" thing is so sad.

STORM: "If this is happening we could be lulling ourselves into a false sense of security."

Our firewalls check the destination of the connection and it source, not the program it came from. The hardware firewalls that is, not our Zonealarm stuff. So it doesn't matter who is trying to send it we can see exactly what is being sent, to whom.

Again, Microsoft lives under the most intense scrutiny of any company in all of history. The USG is checking their software for violations or any excuse to shut it down, the Linux crowd has their analyzers out and the other companies (Sun, IBM etc') are checking as well.

No one has found a privacy violation, back door or "spy" from MS.

I got a new comp with XP home installed.

Before that I used to worry about hackers getting INTO my system.

Now, all my firewall SW does is block OUTgoing packets from various parts of the OS and media players.

I like XP and think it's a great OS, but I'm sure glad I have the firewall.

The Gibson Research Corporation Web Site (GRC.COM), which is basically Steve Gibson, has a LOT of information on Spyware & how to neutralize it. I use ZoneAlarm. I see Media Player, Real Player, & many others try & call out every time they start up. I click on deny, & never had a problem.

Whew! I just went back thru the thread again, & I'm left with three overwhelming conclusions. There are a LOT of knowlegable folks that visit this forum! A LOT of experience! And, like Politics, sports, romance; A LOT of opinions! ...I learn so much here.....!

How does this differ from a web browsers cache? Oh no! IE stores every site you go to, look out! It can be used by the same people for the same reasons. Oh, thats deletable isnt it? So whats stopping MS from making IE call home every 5 minutes with the info? There goes that delete fnction down the drain. MS has had a 7 year opportunity to do what all these newfangled "spyware" applications are trying so hard to do, yet they never have. Cherokee69, your story is 100% false. Soulhuntre, great post. leather-guy, do you also block ZoneAlarm itself from accessing the net every time it starts? Yes, like the other apps you mentioned, ZA also likes to call home and check for software updates when it starts.

"do you also block ZoneAlarm itself from accessing the net every time it starts? Yes, like the other apps you mentioned, ZA also likes to call home and check for software updates when it starts." There is an option for confiduration on that. I've unchecked it, and I never get that alert

So did I; and I've checked to make certain it doesn't. Mind you, I don't think or claim that ZoneAlarm is perfect. I used to be perfectly happy with an even better app called AtGuard - first shareware I ever registered when I started on the net. Never a problem. Until they sold out to Symantec, who (supposedly) upgraded it as Norton's Internet Security. I liked Norton Utilities, so I "upgraded" eagerly. Quite disappointed to find that Symantec had decided that removing nearly all user-controls & customisable options was an improvement. That and a whimsical tendancy to turn itself off randomly without notifying me, requiring a complete re-install before it would work again - only to quietly de-activate itself a couple of days later. Couldn't re-install AtGuard, as I'd lost my registration number by then. ZoneAlarm came very highly recommended. Does 80% of what I want a firewall to do. Happy with it (for now :-))

Attached Link: http://ontrack.com/fixit/

I agree with you about Symantec too, have you tried OnTrack's Fixit? I'm not sure what version they're at right now, I'm using Fixit 2000.... for over a year now. The user interface is great, and it's got NAV beat by a mile. I just checked they're at version 4 now. I don't think you'll be disappointed :)) Link attached I was sold when the registry cleaner found over a thousand entries that Norton's somehow "missed". Made an amazing difference.

And I do believe Soulhuntre has said all there is to say about this topic. Nicely put.

leather-guy, I wasn't slamming you or ZoneAlarm with that remark. I was just curious if you allowed it to check for updates is all. Most other applications, like Real Player, also have an option to automatically check for updates. I generally keep all my update checkers disabled and run a check manual since some seem to get confused if you arent connected to the net and take forever to load or dont load. However, there really is nothing to worry about by letting them do it. If anyone believes a company like MS or Real is going to risk all the money and credibility they will lose if they gathered info from you through a background app, you are crazy. Anyone remember about 4 years ago when Blizzard updated Battle.net, their online play area, and had it secretly checking the registry for Diablo player email addresses (it was an anti-piracy measure)? Well, it took all of about a day before they were caught and shutdown. That was back when security wasnt nearly as big a concern as it is today. With todays security watchers everywhere, any backdoor is lucky to have 5 minutes of life before exposure. Especially one from a large corp.

1Freon1, I didn't take any offense, I try to keep up with privacy concerns & take whatever measures I feel are prudent for me. I appreciate seeing other folks' opinions of such sensitive subjects. I don't feel the "spyware" elements imbedded in mainstream softwares are evil or malicious, but I do have an unavoidable (for me) distaste for apps & services that suck up my resources for no specific benifit to me. - It's the same reason I went thru & resarched the 85-odd Services that my OEM XP starts up by default every time I boot up. I turned off all but 14 and haven't had any real problems from it. Would things run just as well if I'd left all alone? - It's certainly possible, but I feel better when I'm the final authority over what my computer spends it's resources on. (Streak of the paranoid, I guess :-))

That's very interesting, Jeff, that you are getting so much stuff trying to go OUT. I think I'll continue to surf with my old Windows 98 computer and leave the new XP one unconnected to the Net. Problem solved. What I play, or do, on my computer is my buisness, and no one else's.