[wordup] Microsoft tracking beta testers?

Tue Aug 28 15:17:47 EDT 2001

Via: Colin Dabritz <Colin at dabritz.org>
From: http://www.wininformant.com/Articles/Index.cfm?ArticleID=22291

EXCLUSIVE: Microsoft Secretly Marking Windows XP CD-ROMs

Technical beta testers who downloaded Windows XP Home or Professional
Edition from Microsoft's servers last weekend might want to be careful
about giving out copies of the CD-ROMs they generated. Microsoft has
embedded a security check into each XP CD-ROM that uniquely identifies
each tester so the company can tell if someone else uses the authorized
tester's CD-ROMs to install XP. A tester who wondered about a universally
unique identifier (UUID) reference number in the CD-ROM's International
Organization for Standardization (ISO) header unwittingly uncovered the
security measure. (Microsoft used ISO files to generate the XP CD-ROMs).
Security expert Steve Gibson is examining the UUID, and the preliminary
results are obvious: Microsoft is watching you.

"Earlier today someone forwarded an interesting post to me from the
[Windows XP newsgroups] regarding the discovery of a UUID at offset 9400
bytes into the ISO images we have been downloading," Gibson wrote
yesterday. "It caught my curiosity." Gibson posted a small downloadable
application testers could use to check their UUID numbers against his, and
although he obviously isn't asking users to forward their UUID
information, he's interested in hearing whether other testers have unique
numbers. Based on discussions I've had with various testers, they do.

"It turns out that the UUID is indeed unique per beta tester," one tester
wrote. "If I give you the Windows XP ISO image, Microsoft can, at a later
date, track it back to me." The tester noted that it's still fairly easy
to bypass this antipiracy measure, but I'm waiting for a response from
Microsoft before I publish this information.

Given Microsoft's recent antipiracy moves, this news isn't surprising, but
Microsoft could have mitigated the inevitable backlash against this
customer-tracking measure by informing testers that their downloaded
versions of XP were somewhat rigged. During the XP beta, technical beta
testers and others leaked an unprecedented number of interim builds to
various "warez" Internet sites. Some leaks, however, clearly came from
within Microsoft. Is the company also watching its own employees?