Microsoft patents the end-all-be-all of spyware; open source community gears up in response.

Jul 18, 2007

A couple of days ago it came to light that Microsoft, everyone's favorite software powerhouse took out a patent on what very well could be the spyware to end all spyware - a system which scans information stored on a workstation and sends it Someplace Else for analysis... to generate advertising specifically geared for the person logged into the box. The patent describes a system integrated not only into the operating system and user interface, but all of the applications linked against this functionality that would look at every document on the machine, every e-mail sent or recieved, multimedia files' metadata (such as keywords or genre), and even internal status messages (such as remaining disk space or printer status) and send it off for processing. APIs would be included in the system libraries that would then make it possible to show advertisements along with whatever you happen to be doing. For example, the background of the disk management utility could show ads from Western Digital for bigger hard drives if you're running low on disk space, or popups that can't be easily banished could accompany every web page you look at.

Now, just because there's an active patent doesn't mean that it's actually going to happen, right? Or at least, that's what one hopes. MS software already phones home and reports on what the system's been up to, but this is a whole 'nother smoke. At a minimum, such a thing would be a horrible invasion of privacy; not everyone would like their personal data being scanned for keywords, be it a spreadsheet of finances or the novel they're writing. Web browsing history is another hot-button - when you get right down to it, it's nobody's business what you're looking at or searching, and there are ways and means that can and really should be taken to keep that data out of the hands of a central authority. Third... could someone who's built such a system really keep the information protected? I strongly doubt that such a thing would be possible. Hell, somebody hit the US Department of Transportation with a heavily targeted attack of forged e-mails and viral payloads that netted them an unspecified quantity of sensitive information over the past year or so. On top of all of this, who is to say that such a technology won't accidentally leak sensitive information in the course of looking for keywords to send you advertisements for?

I can only hope that nobody is crazy enough to actually do this.