The hard side of Mister Softie

Microsoft is really only screwing itself here. Hotmail is already 10 times worse than Gmail as it is, this situation is only going to drive more people away from their service and into the arms of their competitors. I dumped hotmail years ago and have been a lot happier since.

I have a great example of Microsoft’s arrogant attitude to add to this. I am helping my Grandma right now move from WebTV to her first computer. WebTV was bought by Microsoft, so it’s now MSN TV.

Grandma has been using this service for at least 8 years now, and she has a lot of important stuff in her email folders that she’d like to move to her new service.

I called MSN support and asked (nicely) how we could transfer all that data - her data - over. The response was a simple, “you can’t do that”.

An incredible exchange followed, going something like this:

Me: “I can’t do that? Why not?”

MSN Rep: “because there’s no way to do it”

Me: “Well shouldn’t there be? It’s her data!”

MSN Rep: “Well we don’t have a way to do that”

Me: “I can’t imagine I’m the first person to want to do this. Have other people called with questions like this?”

MSN Rep: “Yes, quite a few”

Me: “And what do you tell them?”

MSN Rep: “We tell them there’s no way to do it”

Me: “Well that sounds like a problem doesn’t it? How are you addressing it?”

MSN Rep: (I don’t remember how she answered this point)

Me: “Ok let me ask… is email stored on the box or on your servers?”

MSN Rep: “It’s kept on our servers”

Me: “Alright, is there an open protocol your servers support, like IMAP or POP, to access email on the servers?”

MSN Rep: “No”

Very frustrating.

YOU GUYS ARE NERDS!

So Rob, why doesn’t MS take the lead in establishing an open and secure method for companies to do this sort of thing?
There are several initiatives from Microsoft to allow websites to import contact information without requesting their password. Have a look at http://dev.live.com/contacts/ to see what Microsoft is doing in this area. The business terms of these APIs say they’re free to use until you have more than one million unique users.

Microsoft is anti-American! It is damaging software developement in America and throughout the world. Most of the new inovation in software is centered on Linux. The surprising thing is the major U.S. hardware and software companies have more power put together than Microsoft, they just don’t use it!!!

It is always easy to pic on the guy in the front. well lets look at the larger issue, management of online identity. Your article seems to be spinning a business and governance(factual) model into personal (emotional) issue. It would be good if you looked at what your proposing more objectively and long term based the implicit impact on user profile management and personal information security.

Over the year, Hotmail and MSN IM users have taken advantage of the integrated identity management (AKA: Live platform) across the multitude of services available from Microsoft partner networks as the source of identity and presence management. Microsoft Live as a business group have the mandate to manage to a service level and provide the necessary supporting services to protect and act responsibly on behalf of their subscribers.

From a pure commercial perspective, Microsoft has taken the IM business model user from simply being a social networking tool and applied a broader context of presence and identity management model to develop and provide value-add services to the users of this service. Like many other companies who are developing new lines of business to expand their revenue base, Microsoft has taken advantage of their multi year investment in free online services for email and IM and now provide value-ad services to the same users across their gaming platform (XBOX and PC), Web based services, mobile platform and other subscription based products (Anti virus, Software+Service, Software registration). Has America forgotten that we are the heart and sole of capitalism or was internet supposed to have changed the world to socialistic model?
Google and Yahoo may like to think they are all for users but it is not magic that is driving up Google’s share prices. They too could have adopted similar approach to Microsoft but found it easier to drive their main revenue base from Ad driven revenue streams. This business model absolves the big search giants from the added need management of user’s online identity beyond their primary profile management. Google and Yahoo’s licensing allows the companies to track, analyse and share any of the user’s interaction and data consumption patterns as matrices to drive ad placement revenue and other commercial reasons. Wait a second, what happened them being in it for the greater good of the users?

One of the biggest challenges that user’s of online services are faced with going forward is consolidation and management of their virtual identity. Some of the most common profiles that we manage on regular basis are professional networking services, IM, Mobile SMS, Professional Memberships, Social Networking, subscription services and the list goes on. Do you propose that there should be no governance and rigger applied by the companies providing the online service to secure the user’s profile and data? Should the user not have the right to feel safe about whom they have shared this information with and how this information is shared after they subscribed to the services of the primary provider?

So who is really the bad guy here? I would suggest that at least Microsoft is very upfront about their business model. They are a FOR PROFIT company and that is what they do best. In exchange of making profit from my business as a user, I fully expect the BIG Software giant to protect my personal data in any and all business ventures direct or through partnership.
I signed-up to Hotmail online email service in 1997. Since then, I have used my user ID to procure many services from Microsoft and their network of partners. I take some comfort in the idea that Microsoft at least tries to apply a level of governance on who gets access to my ID and user data, how my information is shared and secured across all partner networks.

Perhaps you could be more objective then simply playing to people’s emotions.

TRUST is of course, the issue. However, it is irrelevant who Microsoft trusts. Microsoft can exchange whatever personal information is Microsoft’s with whomever Microsoft trusts. When the *user* decides to port their data to a new data holder, the user asserts trust of the new holder. It doesn’t matter a hill of bean who Microsoft trusts; the user has already asserted the relationship. (Maybe the user makes poor decisions… That’s entirely up to the user.)

More proof of MS SOP. This seems like extortion, in my humble opinion.

Ah, I’m so glad I use linux.

Hi, I offer absolutely no defense for Microsoft on anything. However, isn’t it rather disingenuous of a Timer Warner company to “raise a red flag” on *anything* nowadays? Doesn’t your own ISP business have some pretty underhanded things a-brewin’?

If a startup’s software logs in using a secure connection, then there is no risk in point-to-point. The risk lies in the collection and storage of login information. Users who are foolish enough to not read privacy policies, as well as take note of the security (how hard is it to look for a padlock icon or a letter in the url?), they will be burned and will hopefully learn their lesson with time. “Mister Softie” is simply continuing the anti-trust, monopolization of key markets, and bullying of the little guys. If you have any backbone, stand up for yourselves and do something like simply not support them. Don’t give them ammo.

Does anyone wonder why so many HATE Microsoft and the people that work there? This is dispicable.

Microsoft has been a bully for more than twenty years. This is just another example of Microsoft bullying.

Do you know what a startup does with the username and password you provide when it imports your Gmail contacts? Do they store it? If they do, is it secure (including physically)? If they don’t store it, are you sure the startup is scrupulous?

It is scary how little people care about this stuff. And then you have respected publications not getting it.

Yahoo, Google and Hotmail provide secure means to do such stuff. I think it is incumbent on them to ensure that their users privacy is maintained in the Web 2.0 world. If Google had done this, it would’ve been a positive article I am sure.

It’s amazing to me that we’re now beginning to see the practical limits of the Frankenstein monster known as The Web. The Web was supposed to make information flow more freely. Yet due to its poor design, only tech-savvy users are capable of doing things like transfer their contacts from one service to another without there being some kind of automated behind-the-scenes linkage between the services. The fact is that Web clients (mostly browsers) have access to both the ability to pull your contact list data from a service, and the ability to push new contact data to another service. In theory then, shouldn’t the platform be capable of allowing any developer to write a client-side web app that is easy for a novice to run and ensure his data security that would perform the transaction for him, and even reconcile discrepencies between contact list specification formats? Why is something as notionally simple as contact list transfer so technologically complicated that we actually consider it to be a great service to us when two giants like Microsoft and Facebook bless us with the ability to synchronize our contact information between them?

If Microsoft really cared about user security, they would add some kind of export-only authentication. Perhaps you could request a one-time-use export code using a button somewhere in Hotmail. Then you could give that to anyone, and they would get one-time access to your contacts.

It *is* our data, and the only way Microsoft has provided for us to retrieve it is with our full account access. If they alternatives they offered weren’t sabotaged with exclusivity agreements then they might find that startups were happy to play ball!

Microsoft doing anything under the guise of better security for the user is a steaming pile of feces. Microsoft wants security for their investors, which means proprietary formats, contract lock-ins, and strong-arming startups who are trying to add new content to the respective field.

I think rob/ahoutx/maddawg are missing the point. Exclusivity and top billing have nothing to do with security.

MS COULD demand certain security measures or, more uniformly, require the service to send the user to MSN where they must agree to a warning about how this startup may do lord knows to their info. It should be up to the user.

Keep in mind that if this article is accurate, they are NOT doing this. But they ARE saying that it’s totally fine to do whatever you want IF you only use MSN.

Generally these types of services at least require you to enter your IM info AND PASSWORD for them to get all your contacts. And if you give _anybody_ this info they can sign on using an IM client and get all your contacts.

Not exactly a lot here that this policy is keeping safer.

As a startup, why would you care? Seriously. Ask them who owns the contact information. “The user.”, ok, the USER explicitly said they wanted this done, so SHOVE OFF. And then politely show them the door.

Microsoft get dirty with contractual strong arming? No, I can’t believe it… LOL. Remember when Dell initially wanted to sell PCs without Windows? MS penalized them $100 per computer sold without Windoze and only charged them like $80 for an OEM copy of their software.Wanna write hardware drivers for Windows OS, be prepared to fork out cash if you make the hardware compatible with anything other than Windows. MS loves exclusivity contracts.

Why are there so many freaking Microsoft apologists?

Microsoft has shown time and time again that security is not important to it. It is only there as a selling point. The book - The Software Conspiracy - has on-the-record statements from Microsoft’s vice president of development that Microsoft does not give a damn about security.

Alchin went to Intel’s developer conference and said that they completely ELIMINATED ALL BUFFER OVERFLOWS from window XP. Yet, the very first security hotfix for XP is a buffer overflow issue - released before XP is even officially released!!!!

Look at DRM - I know of NO consumer who is saying “hey, I want DRM - build me the most restrictive DRM you can, so that you can also licence your other crap to the media companies”. But Microsoft did so anyway - so who does the restrictive DRM benefit? The consumer? (so, what happens to your DRM’ed files when you have to restore, or reset the DRM database or use it on your 2nd laptop, or whatever? you are screwed, because Microsoft did not put any effort into ensure that the USER - the *CUSTOMER* has the basic use rights necessary), no, it’s so that Microsoft can use it to sell to media companies the idea that they can protect their files using a Microsoft DRM - which means paying Microsoft.

On the other hand - have you paid Google for anything? Do they not spend the effort to make their free services as *useful* to *YOU*, the user, as possible?

This is not about trust. This is about leveraging their monopoly into new markets. This is about expanding their power. Anyone who thinks otherwise (including delusions about security) is fooling themselves.

Better not try to share users’ data in the UK in the manner suggested - it’s a breach of the Data Protection Act and a criminal offence (offense). And as the writer says - it’s NOT Microsoft’s data - it’s the users.

I was utterly gobsmacked to see that Facebook actually ask for users’s login details - that’s the main reason I WON’T use Facebook. There again only a moron would give away their security like that - probably why there are so many of them joining Facebook.

Wow, some of these comments look like astroturfing. Fake grassroots FTW! No, I don’t believe security is the real aim. I think it’s just MS at its regular tactics. Use size and strength to force a deal. Hey, it works. Why should they stop using a tactic they’ve found effective?

Sure, there is a security risk, since MS probably doesn’t have secure APIs for doing this. I suspect Google and Yahoo worked to make sure there were secure means of performing this transfer as Google, particularly, is good about opening APIs for Google services.

“I don’t know of any contract we’ve signed that has those terms,” he said, pointing out that the term sheets that are being passed around merely represent what Microsoft wants—not what it will ultimately get in each instance.

A very interesting argument. We’re not extorting money, because sometimes people pay less than we initially demand.

“For years, Provenzano - who reputedly took the helm of Cosa Nostra in 1993 - had employed an extortion strategy of ‘let them pay a little but make everyone pay,’ according to Piero Grasso, a former Palermo prosecutor who is now Italy’s national anti-Mafia prosecutor based in Rome.”

http://news.wired.com/dynamic/stories/I/ITALY_DEFYING_THE_MAFIA?SITE=WIRE&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2008-01-13-12-29-01

I believe you are confused. Many of those startups that allow you to import contacts from your email accounts are in fact putting your privacy at risk. They don’t use the proper meassurements to keep your credential and contacts safe… some of them even transmit your credentials in clear text. What Microsoft seems to be doing is to put in some order and make sure that people’s privacy is respected.

So Rob, why doesn’t MS take the lead in establishing an open and secure method for companies to do this sort of thing? If MS provided documented, secure APIs for exchanging this information, they’d be a leader in this space. I didn’t read one sentence that talked about MS enforcing security standards on the receiver’s end. They don’t demand to audit your database security level, for example, or if they did, it wasn’t mentioned by anyone this interviewer talked to. All that was mentioned was exclusivity, top billing and payment.

I you want privacy, do not give out information. Read your so called ‘privacy’ statements! All of them really say that your data ‘can be shared’. Kroger is willing to give up forty percent of the retail price of goods for your data. Keep your money out of banks, too. At one percent interest on savings that the same institutions basically lend out for up to fifty percent interest, they are profiteering on your money. Remember that as far as secrecy of your privacy is concerned the old Trotsky phrase:
“Three can keep a secret if two of them are dead!”.

The previous comments imply that Google and Yahoo are selling your contact information to some thir party; this is false: they are just giving it for free to you.

Interesting how there is no mention of Facebook and all of the hubub about Plaxo trying to export the Facebook contacts.

agreed with rob and ahoutx….

the security of MS software can and MUST be taken on my MS.

no other software maker, when they write MS compatible software, will go out of their way to assure MS software security is upheld unless it is in their best interests.

also, MS has every right to assure that data on its users is not compromised when it shares it with other companies.

one very effective way to accomodate that right, is to make ‘deals’ with companies that request MS share their data such as the social websites.

there has to be a TRUST between companies when it comes to PII. (personally identifiable information)

MS is not out of line by attempting to create this trust BEFORE they share any PII on its users.

just because goog and yahoo will sell their mothers information for a quick buck does not mean it is right and it certainly does not mean MS must do it.

” If this is such a security problem, why do Google and Yahoo let their users take their contacts with them?”
because google and yahoo will sell out our information in a heart beat if they cann make $ out of it.
Actually they are using all that info to make $ on us already.

I believe you are confused. Many of those startups that allow you to import contacts from your email accounts are in fact putting your privacy at risk. They don’t use the proper meassurements to keep your credential and contacts safe… some of them even transmit your credentials in clear text. What Microsoft seems to be doing is to put in some order and make sure that people’s privacy is respected.

MS always uses security as the reason for what it does. But if you look deeper it never rings true. They disable cross platform Netscape plugin support in a service pak without notice. You update, your software no longer works. The reason is security. Yet the alternative is MS’s own Active-X which is not cross platform and is by far, way less secure.