You Listening Post readers are amazing! The column Is Windows XP's 'Product Activation' A Privacy Risk? generated an incredible number of reader responses.
There's good reason for the furor. Because Windows Product Activation is a mandatory and unavoidable element of the new XP Office/Office 2002 software and the XP operating system, it will affect millions of users.
However, the volume of WPA-related reader messages was so high that it was hard to keep up. Some excellent topics, comments, and amplifications may have slipped beneath your radar. Let's look at a few of the most interesting topics that arose.
One provocative subthread, raised by several readers, involved the Desktop Product Lifecycle Guidelines that Microsoft quietly published some time ago. There, you can see or calculate the dates after which Microsoft will no longer support various products. (For more life-cycle information, see the related site at http://support.microsoft.com/ directory/ discontinue.asp.)
For example, all support for DOS, Windows 3.x, and Windows 95 will cease as of January. Windows 98 and Windows NT have a couple years left, but will no longer be supported after June 30, 2003. And from now on, all new Microsoft products will have a basic three-year life (for full support), followed by a one year "extended" period (with partial support).
This guideline suggests that Windows XP will cease to be actively supported in 2005. The XP software itself will still work, of course, but many readers wondered what would happen when or if WPA kicked in because of a reinstall or system upgrade. It's not clear from the Microsoft documentation whether product reactivation services will still be continued for a unsupported product. If not, the XP software will only work for 30 days before the WPA "reduced-functionality" mode kicks in. Then, you either must upgrade to a newer, supported version of the software or do another full reinstall of the old software--and another, and another--every 30 days.
Building on this, some readers assume that WPA, combined with an arbitrarily finite product life cycle, is actually a way for Microsoft to continue moving users toward a subscription model, where you must--must--renew or upgrade your software on a schedule that Microsoft determines, rather than at a time of your own choosing.
On the other side of this topic, reader Dan Brooks--who's been extremely active and helpful in the posting area--wrote:
MS reps ... directly involved with WPA policy have stated that if WPA support ever ends, that is the phone and server infrastructure is terminated, MS will provide the means for end users to disable WPA. Possible scenarios include Windows Update or a patch or Service Pack. ...Although Dan's note refers to the termination of WPA itself, that same approach--deactivating WPA--could also be used when or if WPA is stopped for just a particular product--say, at the end of XP's support lifetime. This would prevent XP from becoming a white elephant in a couple years.
But a lot can transpire between now and XP's scheduled end-of-support date in 2005, and no one can say definitively what will or won't happen then. Microsoft even builds in explicit wiggle room for itself. Most of the Microsoft WPA and product-life-cycle pages contain caveats that clearly state that Microsoft can change product support or WPA details as time goes on. There's simply no way to tell if XP will become essentially unusable in 2005.
I have used the Beta 2, rc1, and rc2. ... I did change my motherboard, CPU, and RAM, and the system still ran fine. I did not have to reactivate it. I did then reinstall to a different hard drive and then I had to re-activate.
But Jerry Groskind (and others) had a very different encounter:
My recent experience (Aug. 22, 2002) with Windows Product Activation suggests that the data on Microsoft's site about when this is required is less than accurate. I am currently running Windows XP RC2 as well as Office XP and FrontPage 2002. I replaced a hard disk and added memory--according to Microsoft, this should not trigger the need to call Microsoft to get permission to run my programs. Not only did I have to call to reactivate Windows XP, but I separately had to call to reactivate Office XP and FrontPage 2002.
The Microsoft folks were nice, no one grilled me about what I was really doing, but I had to call three times and on two of those occasions had trouble getting through. I think XP is great--the most stable operating system I have used--but I frequently update computer components on several computers and I don't want to put Microsoft's activation personnel on my frequent caller's program. It's a major pain, and my experience is inconsistent with what Microsoft suggests.
Indeed, many other readers said that a simple change of hard drive triggered WPA's reactivation engine for them. Changing hard drives is one of the most common, most often-performed system changes, so there's a potential for large numbers of people to be forced into needless reactivation cycles.
Open To Interpretation
Because of conflicting experiences, because the XP operating system isn't fully finished yet, and because the final product-life-cycle answers may be years in coming, many variables in the WPA mix are, at present, intractable.
As a result, WPA is a kind of Rorschach test. If you trust Microsoft, you may interpret WPA's many ambiguities in a positive way, assuming that the as-yet-unresolved details will be worked out in a way favorable to users. Others, of course, see WPA the opposite way and fill in the blanks by assuming that Microsoft will only act in its own interests.
For example, here's how far apart the two sides can be. At one end of the spectrum, some pro-XP readers argued that I misrepresented WPA in the original article because it's not really "registration." They point out that the mandatory "product activation" is step one of a two-step process. Step two is what Microsoft actually calls "registration," and you may skip this step if you wish.
But to me, if you must contact the vendor and must provide some information (even if it's a hash code based on your system configuration) to get permission to use the software, that's "registration"--even if Microsoft calls it something else.
A reader named Joe agreed, but went much further in suggesting a possible reason Microsoft might want to create an arbitrary semantic difference between "activation" and "registration:"
Re: the current discussion on windows WPA--I know in some places it is illegal to require 'registration' for support/services/etc. This is an older law that was created so that when you buy a TV, [for example,] the maker can't deny you your guaranteed rights because you didn't fill out the registration material. I don't know if relates at all to the computer world, but it could. ...At the very least, it would be Machiavellian to try to circumvent legal issues of "registration" by calling it something else, such as "activation." Whether this seems plausible or ridiculous to you depends on how you regard Microsoft as a corporate entity.
There also are many third-party sites digging into WPA. See, for example:
Several sites do concur with one of the central assertions in the original article--that WPA is not a particular security risk.
Microsoft has played clean in the past with other phone-home apps, such as the automated versions of Windows Update. To my knowledge, there's never been a documented case where those apps have violated user privacy or sent back inappropriate data to Microsoft. I don't believe there's any reason to suspect that the phone-home elements of WPA, per se, will behave any differently.
But most also concur with my assertion--an assertion echoed by the overwhelming majority of readers (more than 85%) who've posted so far on InformationWeek's Listening Post--that WPA is nevertheless a user-hostile technology with a number of major real or potential drawbacks and with no redeeming benefit for Microsoft's customers (you and me).
I think WPA is a terrible idea. But let me ask you: