Microsoft censors Windows Live users. Gives free speech a treatment that would make any tyrant dictator proud.

Ballmer still wants to “fucking kill Google”, but first, Bittorrent.

You’ll have to wait until May to see Sacha Baron Cohen’s new movie, The Dictator, but in the mean time, Sweaty Ballmer wants to show us how being a petty tyrant is done.

Torrent Freak reports that Microsoft is censoring Windows Live Messenger users.

When the user enters a link and it’s to a site that Microsoft doesn’t like, Microsoft’s new approach is to block it at their server and report back to the user that the site is “dangerous”.

So far they seem to do it with The Pirate Bay, which probably hosts and serves less malware and spyware than Microsoft itself (source source source) or sites that aren’t being blocked by them, such as CNET Download.com which delivers crapware bundles with legitimate software.

Since the censorship of links is done at the server level, it means that (not shockingly), Microsoft is monitoring, logging, and spying on everything you say or do while connected to their chat service. It also means that users of alternative messenger software which doesn’t come bundled with the ability to display malicious advertisements like Microsoft’s official client does will not escape the Microsoft server spying on them and kicking back any links that Microsoft doesn’t like. If Microsoft can’t keep their own software and websites from installing malicious software onto Windows PCs, they shouldn’t be blocking anyone else under that excuse.

Microsoft’s official terms of use for their spyware instant messaging network clearly forbid the user from taking any measures to protect themselves from Microsoft’s built-in advertising, which ranges from merely obnoxious, to becoming hijacked to serve malware, either by applying binary patching to their official software, adding “127.0.0.1 rad.msn.com” to their hosts file, using Privoxy as their system-wide ad filtering local proxy server, or using free and open source software such as Pidgin (which runs on many platforms) or Telepathy (which now has front ends for GNOME and KDE, and what I personally use with the Jabber instant messaging service).

The penalty for being caught doing any of this is the worst kind of censorship that Microsoft can impose on their users, total account deletion. Some choice excerpts from the EULA for Microsoft’s instant messaging service.

” In particular, we may access or disclose information about you, including the content of your communications”

“We may cancel or suspend your service and your access to the Windows Live ID network at any time without notice and for any reason.”

In addition, the terms point to a separate obnoxious Code of Conduct with such gems as:

“You will not use any form of automated device or computer program that enables the submission of postings without the express written consent of Microsoft Corporation.”

Among other things, you agree that you won’t post links on how to bypass the security of computer software or break DRM, piracy, “pornography” (which even the Supreme Court has been unable to define, but thank god we have Microsoft as the arbiter of all things wholesome), and of course you are responsible for anything that malicious Windows software decides to do once it has taken over your computer and starts spamming all your friends. (which is bound to happen sooner or later considering you’re using Windows).

Of course, Microsoft includes the clause that lets them delete your account for no reason at all, so really anything you do can (at their whim) be grounds for suspending or deleting your account.

Bottom line: Microsoft is malicious and abusive and anyone who bothers to read their burdensome, obnoxious, and dangerously open-ended and one-sided policies and licensing agreements would have already known this.

If anything, this should serve as another wake up call to ditch Microsoft and their abusive policies and a reminder that if you think Microsoft can be trusted, you’re living in a dream world.

Thoughts on Linux and so-called Secure Boot.

DRM, fun for the whole Family License Pack

The uEFI Forum is largely a bunch of SOPA promoters hoping to turn your PC into a locked platform using DMCA anti-circumvention laws.

Unfortunately, the next generation boot firmware for the PC not only fails to completely replace the PC BIOS (which will continue to be used for power on self test and hardware initialization). Those in the know, beyond the corporate media spin doctoring, know that uEFI is just a layer of DRM and corporate lock-in that rides on top of the 30 year old legacy BIOS that starts the computer in real mode just like it did in the 1980s.

uEFI is not a next generation PC boot firmware, we’re being sold a bill of goods. The biggest particular problem is “Secure Boot”. Users are being mislead into believing it has something to do with securely booting a computer while its true purpose is to lock the user into running whatever corporate-sponsored OS that came with the computer, and turning them into a criminal by forcing them to commit a US federal felony by circumventing it to install free software as the computer’s operating system instead.

For the latest lies from the corporate-sponsored media, we go to The H Online which has declared that “Securely booting Linux [is] a “difficult” proposition”. The H is becoming less of a legitimate news source about free and open source software, and becoming more like just any other anti-free and open source rag that mindlessly recites anything that Microsoft pays for. The Register is another example of such an occurance. Over time, Microsoft starts writing their Linux news and you get libellous headlines instead of information. It’s not like the Red Hat employee that they cite is helping dispel this propaganda. (more in a moment)

uEFI “Secure Boot” (which should be called Restricted Boot since it is designed to lock you into an ISV’s operating system software), is is a complex specification. It relies on a nebula of assumptions about the state of the hardware and the bootloader that are not necessarily true and are easily forged. Even if that was not the case, it relies on an assumption that there are no firmware bugs which can be used to subvert and bypass it. It will not provide any meaningful level of additional security to users of any PC operating system, even if it agrees to boot the operating system that the user is trying to use at all. It is designed to turn anyone who cracks it into a criminal, by forcing them to violate Section 1201 of the Digital Millennium Copyright Act and being liable to be sentenced to prison for trying to use their computer in freedom.

Cited in the contemptible malarkey is Matthew Garrett, a Red Hat employee. Red Hat is a member of the uEFI forum so that they can sign RHEL and won’t be stopped by Restricted Boot on any workstation or server that comes with their software. I’m pretty sure that this is why we won’t be seeing the GRUB 2 bootloader on RHEL any time soon. GRUB 2 is licensed under the GPL version 3, which  protects users from what the FSF refers to as “Tivoization”, which refers to the practice of using free software in a manner that locks the user out of their system with free software, by using DRM in that software.

If Red Hat shipped GRUB 2 and did not disclose their signing keys as teh GPL 3 requires(to protect the user from exploitative hardware/software vendors), they would be in violation of the GPL. The Free Software Foundation could revoke their rights to use the GRUB 2 software. Red Hat has a lot of resources and can probably maintain their fork of Grub 0.97 indefinitely so that they can cooperate with hardware makers to restrict the user. Red Hat benefits from user lock-in just as surely as Apple and Microsoft do if only their signing key is in the uEFI Secure Boot implementation on hardware that ships with their operating system, because there won’t be any of that pesky competition on any system that comes with RHEL.

So right off the bat, I don’t think Matthew Garrett can be a trusted source of information because he is obviously tainted by his employer, and has the same reasons to lie and mislead you as Stevan Sinofsky of Microsoft.

Canonical (Ubuntu) is also a member of the uEFI forum and can probably use Secure Boot on embedded ARM systems to trap people in Ubuntu. They can’t use GRUB 2, but there are bootloaders for ARM, some of them proprietary, which can be used instead. They can probably also sign Ubuntu LTS releases and get their signing key into workstations and servers that ship with Ubuntu, for much the same end result as the RHEL situation I described above. They could even use Grub Legacy in that situation. It didn’t just disappear, it’s still being carried by them if you look up “grub” in their software repository.

A better news flash would be that there never was, is, or will be a way to securely boot a PC, and that corporations are salivating at the prospect of using it to lock end users into their operating system software, to keep the user trapped with whatever their computer happened to come with. The headlines designed to smear Linux are just paid for by Microsoft. The “bootloader attacks” that Secure Boot is supposedly meant to deal with are mostly attacks on the Windows Activation system that rely on bootloader exploits to make Windows believe it is an OEM copy that came with the PC so that the user may use a copy of Windows without paying for it.

Microsoft isn’t interested in stopping the malware of the week from stealing your identity or subverting your system and using it to display (sometimes pornographic) advertisements, which are just two of the things that Windows is known well for. They are interested in stopping the user from being able to run their own software on their private property and from getting away with using a less crippled version of Windows than what came with their computer without forking over more money through the Anytime Upgrade scam.

I don’t believe the corporate ambitions of Red Hat or Canonical are any different.

This work by Ryan Farmer is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.