I haven't read everything in this thread, but did come across an article in an online rag this morning that I thought might be of interest. I've just cut-and-pasted it FYI:
<font color=blue>Amidst the muffled hoopla surrounding the release of Microsoft's Windows XP operating system, some heavy-hitting consumer groups have complained to the Federal Trade Commission (FTC) that Windows XP and Microsoft Passport -- software that consolidates passwords, credit card numbers and other personal information -- jeopardize user privacy. The complaint alleges privacy problems stemming from the XP set-up process, which repeatedly asks users to sign up for Microsoft Passport.
CALL FOR ACTION
The groups complaining about XP and Passport are serious players. They include: Center for Digital Democracy, Computer Professionals for Social Responsibility, Consumers Union, Electronic Frontier Foundation, Media Access Project, Privacy Rights Clearinghouse, Center for Media Education, Consumer Action, Electronic Privacy Information Center, Junkbusters Corp., NetAction and U.S. PIRG.
On July 26, these groups submitted a complaint to the FTC that set forth alleged privacy implications of XP and Passport. On Aug. 15, the groups sent the FTC a supplement that detailed how XP and Passport would harm consumer interests. The FTC has not yet taken any affirmative steps to address the issues raised.
On Oct. 23, the groups sent a demand to the FTC that complained about "Microsoft's ability to track, profile, and monitor the 165 million [Microsoft] Passport users" and the "far-reaching and profound implications for privacy protection in general and in particular with regard to the growth of electronic commerce."
ALLEGED SECURITY LAPSES
Before setting forth the requested relief, the Oct. 23 demand notes a recent "series of security lapses" that further support the groups' claims that "Microsoft's guarantees of privacy and security are deceptive and unfair to consumers." Indeed, according to the demand, "Microsoft's failure to disclose the actual risks associated with the collection and use of personal information ... constitutes an unfair and deceptive trade practice." The referenced "security lapses" include:
• A programmer's ability to crack both Hotmail and Passport by cross-site scripting, thus allowing anyone to gain access to Passport identification and credit card data with a single line of code;
• Code posted on the Internet, enabling other people to read the e-mail of Hotmail users;
• A programmer's reported ability to access Microsoft's corporate network over the course of six days by way of a hole in Windows 2000;
• Infection of the Code Red Worm through Microsoft's Hotmail servers;
• Infection of the NIMDA virus, which is propagated through Microsoft's Internet Information Server, on about 1.3 computers;
• Ability to view Microsoft customers' names, addresses, e-mail addresses, phone numbers and purchase histories as a result of an error on the company's customer support Web site;
• Internet display of user names and passwords in plain text through an error on Microsoft's Certified Partners page.
REQUESTED RELIEF
After detailing these alleged security lapses, the groups made specific requests for relief in their demand, including:
• An investigation into Microsoft's collection practices through Passport and associated services;
• An order requiring Microsoft to revise its XP registration procedures to make sure that purchasers of XP are clearly informed that they do not need to register for Passport to gain access to the Internet;
• Absent explicit consent, an order requiring Microsoft to block the sharing of personal information among Microsoft areas provided by a user under the Passport registration procedures;
• An order mandating that Microsoft use techniques for anonymity and pseudo-anonymity that would allow XP users to access Microsoft Web sites without disclosing their actual identities;
• An order requiring Microsoft to use techniques that allow XP users to easily integrate services provided by non-Microsoft companies for online payment and other electronic commerce activities;
• Commencement of an investigation to ascertain whether Passport complies with the requirements of the Children's Online Privacy Protection Act;
• And lastly, that Microsoft be required to disgorge any personal information collected "fraudulently and deceptively" through XP and Passport.
FOOD FOR THOUGHT
The consumer groups certainly raise issues worthy of consideration by the FTC. However, because of the current focus on anti-terrorism efforts, it is possible that the issues raised will not get the visibility and response that they would have otherwise.</font color=blue>
Glenn, for what it's worth, I'm using Win2k at home, work, and laptop, and it's just fine. XP looks pretty, but these certainly are interesting concerns.