Microsoft clarifies WGA Notifications "phone home"

Microsoft responds to "WGA Phones home" issue, on the MSDN blog.

We've gotten a few questions recently about the fact that our latest WGA Notifications package sends install telemetry when installed or canceled. Given past concerns about data WGA sends out I wanted to take a moment to explain what is happening with this latest release and why.

First, all downloads that flow through Windows Update return success/failure telemetry. This is because of the large scale of distributions over Windows Update. When sending out an update package to potentially millions of customers it's important to gather basic data on successful installations, install failures and user rejections or cancelations at any point in the process. Second, this event is one time only. Also, if the system isn't connected to the internet nothing will be sent nor will it be if an attempt to send fails.

By learning at what point in the install process some users decide to abandon, we can put more effort into the right places in the installation wizard. Remember our goal with the wizard is to give more information so customers will be better informed. We heard from customers that they wanted more information about what the software was and how it worked so we created the install wizard to provide that greater context. Knowing this kind of information about the install wizard installations is critical for us to continue to improve the customer experience of WGA. If we are not hitting that mark, we can use this method to improve.

Just to allay any fears that Microsoft is using any personal information, here an example of the actual XML that is returned when a user cancels an installation. We've also added a data type and detailed description of each field. This XML schema is common to a number of products so some fields are not used in this case.

For completeness (and for our lawyers) I'd like to point out that disclosure of this type of install telemetry is made in the Windows Update privacy statement. All the information that is sent as a result of WGA Notifications being installed is covered by WGA-specific disclosures such as the EULA presented in the installation wizard and our privacy statements. Our commitment on privacy is oft-stated and we do not use any of the information collected through WGA to identify or contact any user. For more info on WGA Notifications see these pages."

News source: MSDN Blogs

Report a problem with article
Previous Story

The Ultimate Wallpaper

Next Story

US government dept bans Vista

19 Comments

Commenting is disabled on this article.

Either way, those last three hashed values are all they need to link you up with other information they've collected...or can collect via the sending IP address, etc. I'm sorry, but that disclosure will allay the fears of a noob, but not any professional who looks at it closely.

There is absolutly no reason for MS to know about the updates that I decide not to install. If they want a success or failure report then i see no reason that information should not be sent back.

I'm thinking that the whole process of sending any information back to MS about my decision NOT to apply anything from the updating procedure, should be labled as spyware.

And I want to know WHY I'm having to install multiable WGA files. I'm running a legitamate version of XP but I've noticed multible times the insatll of the WGA program.

Then disable automatic updates so it doesnt even attempt to start updates. Jeeze. And you DONT ahve to install WGA, the entire article above stems from the fact you can cancel the install if you wish.

Oh my god!!! It's a conspiracy. Microsoft is teh 3v1l !!!!!

Where's my tinfoil hat?

I'm not a big fan of WGA (it seems kind of "kludgey") but you did accept the EULA.

Don't like it? Then don't use Windows.

ahhell said,
Oh my god!!! It's a conspiracy. Microsoft is teh 3v1l !!!!!

Where's my tinfoil hat?

I'm not a big fan of WGA (it seems kind of "kludgey") but you did accept the EULA.

Don't like it? Then don't use Windows.


My version of Vista doesn't contain the MS EULA. 'casue I edited it from a Linux box to read: "Do you agree that Microsoft is evil?" Now when I click "Agree" I get a nice warm feeling and a MS employee looses his pitchfork & horns.


Just kidding. Please don't send Microsoft's army of lawyers after me.

I don't accept the WGA EULA when I install Windows as it doesn't exist in the system at that point. Attempts to enforce post partum changes that do not affect the original product / service through such rubbish as a EULA are illegal. At least they are in this country. Corporate whoreland on the other side of the Atlantic might have different laws in order to "protect" big business from those nasty consumers who might want a fair deal.

Ok. We know you hate MS, but DO NOT completely ignore this article, and the one you linked and give out false information. Both articles say that the only info given out is info about the success or failure (inc. cancellation) of the installs. No personal information goes to them.

-Spenser

Where in that article does it say anything about sending user information? It doesn't, you liar. It sends information about the success or failure of the update, although the EULA gives Microsoft the right to collect information about the computer such as other Microsoft products installed that might need updates, hardware Plug & Play information (you know, so they can offer you updated drivers), and region and language settings (so you can get information in your language instead of a foreign one).

stifler6478 said,
Ok. We know you hate MS, but DO NOT completely ignore this article, and the one you linked and give out false information. Both articles say that the only info given out is info about the success or failure (inc. cancellation) of the installs. No personal information goes to them.

-Spenser


I don't hate companies, but I do hate WGA. I would have to disagree with those that say the WGA only sends success or failure info.

lbmouse, did you skip over this part of the article before posting:

"we do not use any of the information collected through WGA to identify or contact any user"

Or do you really think you know what's best for Microsoft? You should e-Mail your WGA suggestion to them pronto.

I was pretty certain that that was what was being sent when people cancelled or whatever. Big who-har over nothing.

Well,we are all morons so M$ have to decide for us. Thank you M$! This feature is worth paying few 100$