About | Buy Stuff | News | Products | Rants | Search | Security
Home » News » Roundups

Why Are Microsoft Watching Us Watch DVD movies?

February 20, 2002 11:42 PM UTC

Things are getting worse for Microsoft - or Microsoft's customers, whichever way you look at it. After a week-long barrage of security advisories which also exposed Microsoft's penchant for stealing information off local machines, Richard M. Smith finds out more. In an advisory posted on the BugTraq mailing list, Smith takes a close look at Microsoft's Media Player and finds - you guessed it, spyware. 'A number of design choices were made in WMP which allow Microsoft to individually track what DVD movies consumers are watching on their Windows PC,' writes Smith.

While many media systems use Internet databases to cull information, Microsoft's goes farther, sending along a cookie which the Microsoft server can then use to uniquely identify the client computer. In addition, Windows Media Player constructs a database of all movies which have been played - overkill at best, espionage in the making at its worst. Most importantly according to Smith is Microsoft's unwillingness to reveal these sordid details to WMP users.

'As of Feb. 14, 2002, the Microsoft privacy policy for WMP version 8 does not disclose that the fact that WMP 'phones home' to get DVD title information, what kind of tracking Microsoft does of which movies consumers are watching, and how cookies are used by the WMP software and the Microsoft servers,' writes Smith. And there doesn't seem to be any way to turn ET off either. 'There does not appear to be any option in WMP to stop it from phoning home when a DVD movie is viewed. In addition, there does not appear any easy method of clearing out the DVD movie database on the local hard drive.'

Smith used a packet sniffer to find out what Microsoft was up to. A typical outbound packet to the Microsoft servers looked like the following.

http://windowsmedia.com/redir/QueryTOC.asp?WMPFriendly=true&locale=409&version=8.0.0.4477
&cd=1E+96+1B1E+30D9+42D8+5D61+783E+9083+C49C+F0C8+1151E+13CF9+15812+16C5D+1A04F+1BF2D+1ECB7
+212E1+22E48+25724+27E9D+2A91A+2D0E6+2F451+38367+3CF64+4A4D6+4C001+4D517+4E51B+4FDBC+51F74

Smith explains:

'The hex numbers at the end of the URL are an electronic fingerprint for the DVD table of contents which uniquely identify the 'Dr. Strangelove' DVD. This URL is sent to WindowsMedia.com, Microsoft's Web site dedicated to the WMP software. The HTTP GET request also included a ID number in cookie which uniquely identifies my WMP player. Here's what this cookie looks like:

MC1=V=2&GUID=CA695830BB504D399B9958473C0FF086

'By default, this cookie is anonymous. That is, no personal information is associated with the cookie value. However, if a person signs up for the Windows Media newsletter, their email address will be associated with their WindowsMedia.com cookie. For example, when I signed for the Windows Media newsletter, the following URL was sent to Microsoft servers:

http://windowsmedia.com/mg/Newsletter.asp?eNws=rms@computerbytesman.com&format=HTM

'The WindowsMedia.com cookie was assigned to my computer the first time I ran WMP. The lifetime of the cookie was set to about 18 months. This cookie gives Microsoft the ability to track the DVD movies that I watch on my computer.'

Smith does not claim to know what, if anything, Microsoft is doing with this information - only that it is a clear invasion of privacy, drawing a comparison with the US Video Privacy Protection Act which specifically prohibits activities of this kind.

Smith has received a response from Microsoft which may be read here. Smith's BugTraq posting may be found here.

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.