

Leaked document: Here's what Microsoft will reveal to police about you - ilamont
http://blogs.computerworld.com/15655/leaked_microsoft_intelligence_document_heres_what_microsoft_will_reveal_to_police_about_you

======
georgecmu
Here's a direct link to the document on Wikileaks site:

<http://file.wikileaks.org/files/microsoft-spy.pdf>

------
jrockway
_IP history for the lifetime of the gamertag (only one gamertag at a time)_

Ouch. Every time you turn your XBox, it's logged.

~~~
Hexstream
Personally I'd have been surprised if it _hadn't_ been the case...

I recently got myself a server, and even though I'm really newbie at this, I
already understand how crucial logging is. I have only a handful of users on
my (niche) service and already I gained really valuable insights from scouring
my logs, for example there are some concepts that I thought were self-obvious
that some users obviously didn't understand so I'm updating the site to
explain these simply and clearly so that there's no possibility for confusion.
I'm planning on adding much more detailed logging, as long as it's not
unnecessarily privacy-invading and as long as it doesn't degrade the user
experience at all (ex: I wouldn't add tracking via extraneous GET parameters
because it clutters the URL location bar).

Now, I just one newbie and already I want to log everything. Now scale this to
a megacorporation. How can you be surprised?! If you start logging something
at the moment that you realize it's good to know, it's probably already too
late, you can't go back in time to log it.

~~~
jrockway
Personally, I try not to log personally identifiable information. I don't log
Referer, I don't log User-Agent, I definitely don't request a list of your
fonts and log that, etc. I do log IPs, but I will stop doing that in the
future; imagine a scenario where you are hacked by an oppressive regime, and
the information in your logs is used to convict someone of a crime that is
punishable by death. No thanks.

Basically, spying on your users is bad. Keeping data around forever is even
worse. I would rather become an open relay for spammers than to compromise
peoples' privacy. (Although I am pretty good at avoiding the first one, too.)

------
iamelgringo
Any privacy mavens Google care to leak Google's Global Criminal Compliance
Handbook? I would dearly love to see that.

------
csmeder
Who else got a full page Microsoft add before they could see the article?
Microsoft is paying you to view this...

~~~
streety
Would it not be more correct to say they are paying the publisher to tell us
about this?

