Related Resources • Virus Encyclopedia • Glossary of terms

From Other Guides • Who's Selling You? • Maintaining Privacy

Elsewhere on the Web • ComputerBytesMan.com • Privacy and Profiling • The Privacy Foundation

Let's just get it all out in the open. My favorite movies are "Pay It Forward", "Michael", and "Fellowship of the Rings". You might not find this of much interest, but some think that Microsoft might. According to Richard M. Smith, noted privacy watchdog and former CTO of The Privacy Foundation, Microsoft is "watching us watch DVD movies" on our computers. Specifically, Windows Media Player version 8, preinstalled on all Windows XP systems, has an unadvertised component that "phones home" to Microsoft and builds a database of watched movie titles coupled with cookies that can be used to uniquely identify the system. With no readily apparent means to disable this hidden "feature" and a lack of documentation describing it, Windows Media Player version 8 could be construed by some as being a Trojan or spyware.

According to Mr. Smith, when a DVD movie is played using Windows Media Player on XP, the Media Player queries a Microsoft server for information about the DVD. By using a packet sniffer, Mr. Smith was able to monitor these queries, which revealed that unique movie identifiers were being sent to WindowsMedia.com (a Microsoft website) and a cookie was generated on the system which uniquely identifies the Windows Media Player for that system. While the cookie is, by default, anonymous, if a user then signs up for the Windows Media newsletter, a subsequent cookie value with the submitting email address is sent to the same site. Mr. Smith also points out that by "using various well-known "cookie synch" tricks, an email address can be associated with a cookie value at any time."

Mr. Smith expressed further concern that, "When subscribing to the Windows Media newsletter, I was encouraged by an email message from the Microsoft newsletter department to create a Passport account based on my email address. In theory, yet more personal information from Passport could be matched with what DVD movies I have watched." However, Smith also noted "there is no evidence that Microsoft is making this connection."

Graham Cluley, Senior Technology Consultant for Sophos Anti-Virus commented that he "can't imagine (Microsoft) planned to collect data on what movies people are watching - all they wanted to do was add a cool feature helping people identify what bit of the movie they were in. They probably thought it was easy to do, so they did it. However, in this security conscious age people are beginning to worry more about security than this kind of dubious extra functionality." Graham's opinion concurs with the official Microsoft response to the privacy concerns raised by Mr. Smith, in which they pledge to revise their privacy statement to disclose the nature of the DVD monitoring. Perhaps if they had read Bill Gates memo, which stated in part, "when we face a choice between adding features and resolving security issues, we need to choose security", they may have simply elected to omit this now controversial "feature".