12:52 PM
Fred Langa
Fred Langa

Langa Letter: 1,000 Posts Later: WPA Update

Fred Langa's last column about Windows Product Activation generated more than 1,000 messages in his Listening Post forum. This week, Fred presents some of the most thought-provoking and informative topics, along with a technical update.

You Listening Post readers are amazing! The column Is Windows XP's 'Product Activation' A Privacy Risk? generated an incredible number of reader responses.

There's good reason for the furor. Because Windows Product Activation is a mandatory and unavoidable element of the new XP Office/Office 2002 software and the XP operating system, it will affect millions of users.

However, the volume of WPA-related reader messages was so high that it was hard to keep up. Some excellent topics, comments, and amplifications may have slipped beneath your radar. Let's look at a few of the most interesting topics that arose.

Time Bomb?
One provocative subthread, raised by several readers, involved the Desktop Product Lifecycle Guidelines that Microsoft quietly published some time ago. There, you can see or calculate the dates after which Microsoft will no longer support various products. (For more life-cycle information, see the related site at directory/ discontinue.asp.)

For example, all support for DOS, Windows 3.x, and Windows 95 will cease as of January. Windows 98 and Windows NT have a couple years left, but will no longer be supported after June 30, 2003. And from now on, all new Microsoft products will have a basic three-year life (for full support), followed by a one year "extended" period (with partial support).

This guideline suggests that Windows XP will cease to be actively supported in 2005. The XP software itself will still work, of course, but many readers wondered what would happen when or if WPA kicked in because of a reinstall or system upgrade. It's not clear from the Microsoft documentation whether product reactivation services will still be continued for a unsupported product. If not, the XP software will only work for 30 days before the WPA "reduced-functionality" mode kicks in. Then, you either must upgrade to a newer, supported version of the software or do another full reinstall of the old software--and another, and another--every 30 days.

Building on this, some readers assume that WPA, combined with an arbitrarily finite product life cycle, is actually a way for Microsoft to continue moving users toward a subscription model, where you must--must--renew or upgrade your software on a schedule that Microsoft determines, rather than at a time of your own choosing.

On the other side of this topic, reader Dan Brooks--who's been extremely active and helpful in the posting area--wrote:

MS reps ... directly involved with WPA policy have stated that if WPA support ever ends, that is the phone and server infrastructure is terminated, MS will provide the means for end users to disable WPA. Possible scenarios include Windows Update or a patch or Service Pack. ...
Although Dan's note refers to the termination of WPA itself, that same approach--deactivating WPA--could also be used when or if WPA is stopped for just a particular product--say, at the end of XP's support lifetime. This would prevent XP from becoming a white elephant in a couple years.

But a lot can transpire between now and XP's scheduled end-of-support date in 2005, and no one can say definitively what will or won't happen then. Microsoft even builds in explicit wiggle room for itself. Most of the Microsoft WPA and product-life-cycle pages contain caveats that clearly state that Microsoft can change product support or WPA details as time goes on. There's simply no way to tell if XP will become essentially unusable in 2005.

Conflicting User Experiences
If 2005 is too far out to discuss in meaningful terms, you might think that at least we could find common ground about WPA in its current form. But even that's elusive. For example, Mike Butler (and several other readers) found WPA to be reasonably forgiving of hardware changes:
I have used the Beta 2, rc1, and rc2. ... I did change my motherboard, CPU, and RAM, and the system still ran fine. I did not have to reactivate it. I did then reinstall to a different hard drive and then I had to re-activate.

But Jerry Groskind (and others) had a very different encounter:

My recent experience (Aug. 22, 2002) with Windows Product Activation suggests that the data on Microsoft's site about when this is required is less than accurate. I am currently running Windows XP RC2 as well as Office XP and FrontPage 2002. I replaced a hard disk and added memory--according to Microsoft, this should not trigger the need to call Microsoft to get permission to run my programs. Not only did I have to call to reactivate Windows XP, but I separately had to call to reactivate Office XP and FrontPage 2002.

The Microsoft folks were nice, no one grilled me about what I was really doing, but I had to call three times and on two of those occasions had trouble getting through. I think XP is great--the most stable operating system I have used--but I frequently update computer components on several computers and I don't want to put Microsoft's activation personnel on my frequent caller's program. It's a major pain, and my experience is inconsistent with what Microsoft suggests.

Indeed, many other readers said that a simple change of hard drive triggered WPA's reactivation engine for them. Changing hard drives is one of the most common, most often-performed system changes, so there's a potential for large numbers of people to be forced into needless reactivation cycles.

Open To Interpretation
Because of conflicting experiences, because the XP operating system isn't fully finished yet, and because the final product-life-cycle answers may be years in coming, many variables in the WPA mix are, at present, intractable.

As a result, WPA is a kind of Rorschach test. If you trust Microsoft, you may interpret WPA's many ambiguities in a positive way, assuming that the as-yet-unresolved details will be worked out in a way favorable to users. Others, of course, see WPA the opposite way and fill in the blanks by assuming that Microsoft will only act in its own interests.

For example, here's how far apart the two sides can be. At one end of the spectrum, some pro-XP readers argued that I misrepresented WPA in the original article because it's not really "registration." They point out that the mandatory "product activation" is step one of a two-step process. Step two is what Microsoft actually calls "registration," and you may skip this step if you wish.

But to me, if you must contact the vendor and must provide some information (even if it's a hash code based on your system configuration) to get permission to use the software, that's "registration"--even if Microsoft calls it something else.

A reader named Joe agreed, but went much further in suggesting a possible reason Microsoft might want to create an arbitrary semantic difference between "activation" and "registration:"

Re: the current discussion on windows WPA--I know in some places it is illegal to require 'registration' for support/services/etc. This is an older law that was created so that when you buy a TV, [for example,] the maker can't deny you your guaranteed rights because you didn't fill out the registration material. I don't know if relates at all to the computer world, but it could. ...
At the very least, it would be Machiavellian to try to circumvent legal issues of "registration" by calling it something else, such as "activation." Whether this seems plausible or ridiculous to you depends on how you regard Microsoft as a corporate entity.

Staying Informed
WPA is an unfolding story. All we can do is keep track of information as it becomes available. You can get yourself current with the official word from Microsoft at the following links, both of which contain information that was not available for the original "Is Windows XP's 'Product Activation' A Privacy Risk?" article. For example, there's a broad overview at piracy/ basics/ activation/ windowsproductactivationtechnicalmarketbulletin.doc, and there's good tech detail at technet/ treeview/ default.asp?url=/ TechNet/prodtechnol/ winxppro/ evaluate/ xpactiv.asp.

There also are many third-party sites digging into WPA. See, for example:

I have yet to find any non-Microsoft site that seems to think that WPA, as currently implemented, is an unalloyed good idea.

Several sites do concur with one of the central assertions in the original article--that WPA is not a particular security risk.

Microsoft has played clean in the past with other phone-home apps, such as the automated versions of Windows Update. To my knowledge, there's never been a documented case where those apps have violated user privacy or sent back inappropriate data to Microsoft. I don't believe there's any reason to suspect that the phone-home elements of WPA, per se, will behave any differently.

But most also concur with my assertion--an assertion echoed by the overwhelming majority of readers (more than 85%) who've posted so far on InformationWeek's Listening Post--that WPA is nevertheless a user-hostile technology with a number of major real or potential drawbacks and with no redeeming benefit for Microsoft's customers (you and me).

I think WPA is a terrible idea. But let me ask you:

  • If you've encountered the WPA reactivation sequence, what triggered it? Is your experience in agreement with or contrary to Microsoft's claims?

  • Are you willing to give Microsoft benefit of the doubt and to assume that the company will let XP continue to be reactivated and used after 2005? Or do you agree with detractors who believe WPA is a way for Microsoft to force users into a mandatory upgrade cycle?

  • Do you think Microsoft is playing a semantic game with "activation" to avoid the legal morass of "registration" obligations?
Please add your voice--pro or con--to the amazing debate going on in the Listening Post. See you there!

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service