Question about how information is sent to MS RRS feed

  • Question

  • Oddly, this question disappeared about a day after I posted it. I am asking because the current news (groklaw et al) seems to indicate that the info is passed in such a way that MS can read each of the listed values, and that angers some people (not me personally). If the data is indeed hashed, that would actually be a very good thing for MS to confirm, as it would allay some of the fears these folks have.

    In the WGA FAQ, it says the stuff quoted below. My question is:

    Is all this information passed in such a way that MS can read it or report on it directly? Or is it more like the activation setup, where all these values are evaulated locally, then made into a one-way hash before they are sent to MS?

    Q: What information is collected from my computer?
    The genuine validation process will collect information about your system to determine if your Microsoft software is genuine. The validation tools do not collect your name, address, e-mail address, or any other information that Microsoft will use to identify you or contact you. The tools collect such information as:
    • Computer make and model
    • Version information for the operating system and software using Genuine Advantage
    • Region and language setting
    • A unique number assigned to your computer by the tools (Globally Unique Identifier or GUID)
    • Product ID and product key
    • BIOS name, revision number, and revision date
    • Volume serial number
    • Office product key (if validating Office)

    In addition to the configuration information above, status information such as the following is also transferred:
    • Whether the installation was successful
    • The result of the validation check

    As standard procedure, your Internet Protocol (IP) address is temporarily logged when your computer connects to a genuine validation website or server. These logs are routinely deleted.



    Thanks for your time!


    Thursday, August 31, 2006 7:27 AM


All replies

  • quux,

    Will be back shortly with an answer for you


    Thursday, August 31, 2006 11:30 AM
  • Derrick,

    Thanks for checking into this. No luck yet?

    Wednesday, September 6, 2006 8:00 AM
  • Is there any answer yet?
    Monday, September 18, 2006 9:43 PM
  • Due to legal constraints, we cannot discuss this here.





    Tuesday, September 19, 2006 1:03 AM
  • Thank you Phil.


    It isn'tthe answer I was hoping for, but it's an answer. I do understand that with the lawsuits pending, it might be good to get all ducks in a row.

    For now, I will conclude that this information is not hashed, and that MS is using it in some (not well explained) way. Personally I don't feel a privacy violation in this, but I know others differ.

    Thanks to any who spent time on this!


    Friday, September 22, 2006 12:58 AM
  • The orginal question asked whether the information is passed in such a way that MS can read each of the listed values, or whether it's hashed so MS can NOT read the data. I do not understand why such a sensible question can not be answered definitively. Surely if there is nothing to hide, then it should be both an easy answer to provide, and reassuring to have such a definitive answeer.

    As a European, I value my privacy and am entitled to know what data I am being forced to send, and how such data is being protected and used. Excuses of legal constraints is not really a good answer.

    Surely utter clarity and transparency should be the order of the day. Unless, as I say,there are things MS feels it needs to hide (and given the problems MS is facing in court, surely openness is less likely to get MS sued).

    If there really are legal constraints, I'd be grateful for a citation - what specific laws allow MS, or force MS,to do this. What does "legal constraints" actually mean?




    Friday, October 6, 2006 9:41 AM