To understand how Microsoft can learn all about you, visit one of the company’s new city-guide Web sites, known as Sidewalk. There are now 10 of them, including Boston, New York, San Francisco, and Sydney (Australia), with more on the way, and they’re chock-full of information about restaurants, movies, and other ways to spend your leisure time. If you have a fondness for topless bars, those are listed; if you’re curious about gay bars, you can find those as well. You can even customize a site to update with new activities that fit your interests. It is undeniably convenient.
This Web site is offered to the user conditioned on the user’s acceptance without modification of the terms, conditions, and notices contained herein. By accessing and using this Web site, the user is deemed to have agreed to all such terms, conditions, and notices.
That’s a little weird: After all, the instant you land on the site, you’ve accessed and used it, thereby agreeing to Microsoft’s terms before you even know what they are. Then, if you scroll farther down, you come to a line simply titled “Use of Information.” It reads:
By being a user of this Web site, the user agrees that Microsoft may share with other parties both aggregate information, individual information, and locator information gathered by Microsoft in the course of the user’s continuing individual use of this Web site.
That seems inoffensive enough, until you come to the part about “locator information.” Locator information, according to Microsoft, “consists of a user’s name, e-mail address, physical address, and/or other data about the user that enables the recipient to personally identify the user.”
If this line doesn’t stop you in your cybertracks, well, then Microsoft loves you for it. After all the hard-to-find legalese, Microsoft’s intentions become bluntly clear: You are giving Microsoft permission to collect specific, highly personal information on who you are and what you do—collected as you surf. Microsoft learns your taste in film, culture, politics, sex. And then it can do whatever it wants with that information.
Microsoft can preserve such data indefinitely, for its own use, until you die. And it’s a safe bet that, sooner or later, Microsoft will sell it to other businesses because such information is a valuable commodity. Microsoft could sell it to a direct-marketing company; it could sell it to your health insurer or your employer; it could, theoretically, give it to the FBI, which is conducting a background check on you. Or Microsoft could simply use the data for its own commercial purposes, collecting as much information about you as, say, the government does—but with far less oversight.
You don’t have to be a privacy rights fanatic to find such information collection alarming. “Microsoft has the ability to automate data collection in a way that no one else does,” says Paul Saffo, a director at the Institute for the Future in Menlo Park, California. Lauren Weinstein, the moderator of the Web site Privacy Forum, adds, “Consumers feel that Microsoft takes a parental attitude: ‘Trust us, we know what’s best, we’ll take good care of you.'”
Saffo and Weinstein say that what Microsoft can do isn’t qualitatively different from what, for example, banks and credit card companies try to do. But “because Microsoft has such a wide reach,” Weinstein explains, “the amount of potential power and the amount of potential problems are multiplied.” Admits Megan Bowman, Microsoft’s government affairs manager: “We’re hard to compare to some of the other actors just because of the breadth of our business.”
The inevitable domination of its Internet Explorer browser means that Microsoft has another way of gathering information about you: The browser can keep track of your stopping points along the Web—your “clickstream”—and that information could be transferred to Microsoft when you visit one of its Web sites. Given the lack of government Internet oversight, it’s completely legal. In a new ad campaign, Microsoft describes I.E. 4 as a “faster, more personalized Web browser” and promotes “content that can only be viewed with Internet Explorer 4.” It’s a seamless horizontal ladder: You use Windows to open Explorer to access, say, Carpoint, Microsoft’s online car-buying service, and details of the sites you’ve visited previously can be sent to Microsoft—like a pipeline from your brain to Redmond.
This, of course, can all sound a little paranoid. But Microsoft has given experts who follow privacy issues ample reason to worry in the past.
Most notorious is the Windows 95 “Registration Wizard.” Back when Microsoft was releasing early versions of the operating system, it introduced a rather remarkable feature: To register your software, the system calls up Microsoft via modem. During the process, Windows asks whether it can send Microsoft information about your computer. If you agree, Windows, exploring your computer, will tell the company what other products you use.
But savvy users pointed out that Windows doesn’t just send back information about Microsoft programs on your hard drive; it will also send back data about competitors’ programs. After furious protests by developers, Microsoft defended the program, saying it was for the consumer’s benefit: If you have a compatibility problem, Microsoft will know what software you have and can help you diagnose the problem.
The company has still another means of accessing information from your computer: Internet Explorer contains a “File Upload” feature, which allows users to send information to Web sites. But the feature also reportedly can allow Web servers to upload files from your hard drive without your knowledge. (To be fair, Netscape used it first, in Navigator.)
And then there are “cookies,” small text files that a Web site can write onto your hard drive. The cookie can retain information about whatever you do on that Web site, such as using your credit card to buy a magazine subscription. The next time you visit that site, the cookie enables the Web site’s owner to determine who you are and sometimes even what other sites you’ve been visiting. (Due to complaints—and probably to fend off government regulation—Netscape and Microsoft built tools into their browsers that let you block cookies.)
The likelihood of Microsoft becoming a major information clearinghouse grows with the number of services it provides. In addition to Sidewalk, Microsoft also operates Slate, an online magazine; Expedia, an Internet travel business; Investor, a financial services site; and Carpoint.
“The only sensitivity they have about privacy is that it could present obstacles to some business venture,” says James Love, director of Ralph Nader’s Consumer Project on Technology.
Says Microsoft’s Bowman: “A lot of the promise of the Internet is in personalization. When people understand what value they get for providing information, and that that information is protected, they will feel quite comfortable providing it.”
Consider, for example, the different ways Slate learns about its readers. The magazine recently posted and e-mailed to registered Slate readers an extremely detailed survey.
An accompanying note from Rogers Weed, Slate‘s publisher, downplays any privacy concerns: “Contrary to what some people believe, we in cyberspace do not secretly scan your hard drive while you surf Slate.” And many of the questions seem fairly standard (What is your total household income? Do you read your newspaper’s editorial page?). But the information also helps Microsoft understand the potential for new online markets, possibly to develop future Web sites, and allows the company to integrate itself into your life, so that you find it as hard to live without Microsoft as, say, to extricate Explorer from Windows.
For Microsoft, there is a massive amount of valuable information out there, and little standing in its way. As Love puts it, “From a privacy point of view, Microsoft is a very big deal—and a lot of what’s a big deal hasn’t even happened yet.”
Richard Blow is a Mother Jones contributing writer and a senior editor at George magazine.