During the run-up to Windows XP's release, we identified two important areas for concern regarding the way XP manages--or mangles--your privacy: Windows Product Activation and Passport.
To recap: We initially focused extensively on WPA. (See Is Windows XP's 'Product Activation' A Privacy Risk? and 1,000 Posts Later: WPA Update .) After those articles were written, Microsoft "softened" WPA. The company increased the number of components that it let you change without triggering a need to reactivate and changed the time period during which system changes are tracked. If you don't change your system components too much, too fast, you can avoid many of WPA's hassles. (Alas, one exception seems to be the network interface card; many users report that any NIC change seems to trigger the whole reactivation process, even if nothing else changes.) Even this gentler, kinder WPA remains an issue, because it's a mandatory element of XP. There's no getting around it. If you don't register, your software cripples itself and reverts to a reduced functionality mode.
But the greater security/privacy issue may lie with Passport, which is a nominally optional part of XP and many other Microsoft offerings.
Passport Has Your Number
Microsoft's Passport is a centralized, cross-domain logon-automation service. (Microsoft recently changed the service's name to .Net Passport, but we'll continue using the short form of the name here.)
Passport is very aggressively pushed within Windows XP and most of Microsoft's online offerings. While you don't have to sign up for Passport to use XP itself, you'll encounter it as a mandatory element of many of Microsoft's bundled offerings such as MSN/Hotmail, MSN Messenger, and the personalized versions of MSN.com.
In Microsoft's words, Passport is:
... an online service that makes it possible for you to use your E-mail address and a single password to sign in--securely--to any .NET Passport participating Web site or service. It lets you move easily among participating sites without the need to remember a different sign-in name and password for each site. With .NET Passport you can take advantage of personalization options at many Web sites, and you can also choose to use .NET Passport express purchase to make online shopping easy and convenient. Use .NET Passport on any web-enabled device.
As of now, the central Passport site stores a limited amount of user data: birth date, country/region, state, ZIP code, gender, accessibility, time zone, and occupation. By default, signing up for Passport authorizes Microsoft to share this demographic data with its partners, although, Microsoft says, not in a way that can be associated with you in particular.
That sounds fine. It sounds even better when you see that you can inform Microsoft not to share this demographic information: Just click the opt-out check boxes on the Passport member services form.
But there's a catch, because Microsoft and its partners actually still can track you via a unique numeric identifier:
Passport associates a Passport unique identifier with every Passport account at registration. The unique identifier is a unique 64-bit number that Passport sends (encrypted) to each Passport participating site that you choose to sign in to. This unique identifier makes it possible for the site to determine whether you are the same person from one sign-in session to the next.
This gives Passport-enabled sites a way to get around some techniques used for anonymous surfing. Even if a Passport site doesn't initially know you by name, it may still know you by your Passport's persistent numeric code and thus can build an ongoing profile of you and your surfing habits on that site. More darkly, there's also no technical reason two or more Passport-enabled sites couldn't combine their information to build a highly detailed personal profile about you, using Passport's unique numeric identifier as the unifying key. And if any one site has a record of your name, E-mail, credit-card numbers, and the like, then in theory all the sharing sites could have that information simply by collating their separately gathered data via the unique identifier.