Within Windows

With the increasing count of native applications – those with special blessing from Microsoft to use C++ and private APIs – showing up in the Windows Phone Marketplace, I’ve been as increasingly focused on ensuring my privacy is kept intact. Tango, a Skype-like video calling startup, recently released an application for Windows Phone and it’s one of those native applications. It has a simplistic UI, unlike Skype’s dumpster fire on the desktop, and is super fast thanks to it’s native access. But all that aside, I want to focus on privacy issue that I discovered.

Figure Uno – Screenshots of the Create Account and Edit Account views in Tango.

When I downloaded and installed Tango, I was presented with the Create Account screen (figure 1, left). I provided the usual amount of information, agreed to some terms set forth, and tap the Save button. Logged in and ready to go, I receive a call. Bringgg ringg ringgg! That’s nice… wait, what just happened here?

I was surprised to discover that tapping on Contacts revealed my entire contact list with Tango presence data intertwined. In my case, someone had discovered I was online and tried to make a call. Did I miss a consent somewhere? (Answer: No.)

I read over the Terms of Use that I agreed to at startup, admittedly after agreeing to them, and the word “contacts” is missing completely. (I assume these are the latest because the latest privacy policy link is broken.) No where in the terms does it mention a privacy policy (for Tango) but at the very bottom of the webpage itself, there’s some itty bitty text – yep, Privacy Policy.

Tango’s Privacy Policy specifically calls out the information they collect, which is excellent. But it fails to accurately portray how the phone retrieves consent and gathers this data in the real world, which is a huge no-no. They state (emphasis mine):

In addition, when you install the Service on your device and register with Tango, you will be asked to allow us access to your address book. If you consent, we will have access to contact information in your address book on the devices you use for the Service (names, numbers and emails, but not notes or other personal information in your address book). If you consent separately to the storage of this contact information, we will store it on our servers and use it to help you use the Service, for example, by synchronizing your Tango contacts between different devices you may want to use with the Service. If you do not want Tango to store this information, you may opt-out through your account settings at any time. However we may not be able to offer some of the features that require this information.

After installing the client on my test phones, I was never asked to give Tango access to my address book. Nor was I separately asked if I wanted Tango to store this information on their servers. They do, to be fair, have a slider that shuts off the flow of contacts to their servers – but at this point, it’s too late. And it’s on by default (figure 1, right). Fortunately, the policy explains you can undo this mess by emailing them (privacy@tango.me):

You can remove your data anytime you want. If you ask us to delete your account, we will use commercially reasonable efforts to remove your data from our servers.

Any personally identifiable information you submit on a blog, bulletin board or chat room on our website or elsewhere can be viewed and used by others, including to send you unsolicited messages or to commit identity theft. Tango is not responsible for any misuse of your information that might result from your disclosure of information in these forums or elsewhere.

I sent them an email, which landed me in a support queue, which is fair enough. I haven’t made my way through it yet but I suspect it’ll be rather painless.

Now to work on decrypting its XMPP-TLS traffic so I can peek inside…

Update 11/11/11 (4:04pm): Tango support responded to my deletion inquiry and noted that turning off the Save Address Book feature wipes your data off their server. Handy tip.

When you disable the ‘Save Address Book’ option in your Tango profile, that actually will dynamically delete your address book from the server so in the future you don’t need to have the account removed. Please let me know if I can be of further assistance.

Over a month ago, Microsoft approved the distribution and sale of a Nintendo NES emulator bundled with illegal ROMs on the Windows Phone marketplace. (Those following me on Twitter know I’ve been very vocal about how wrong this is.) Well, good news! Microsoft finally pulled the applications from the marketplace. There’s no word on how much money that scumbag Jesse Dudley made off with nor how things went down; let’s hope all the buyers receive some sort of compensation for the screw up.

Back in September, Microsoft finished their investigation and issued a statement regarding the location issue. It comes as no surprise that the plaintiff updated the class action complaint to address these statements. (You can read the entire amended complaint (Document 19) for yourself, if you wish.)

Ignoring the grammar changes peppered throughout, two major changes were made:

1. The plaintiff added a new claim, alleging Microsoft violated the Washington Privacy Act (with emphasis mine):

Washington’s Privacy Act, RCW §§ 9.73, et seq. (“Privacy Act”) prohibits companies from intercepting private communications without the consent of all parties involved. The Privacy Act is one of the most restrictive privacy statutes in the United States.

Microsoft does not qualify as an entity exempted from liability under the Privacy Act as defined by RCW § 9.73.070.

Defendant’s conduct violated RCW § 9.73.030(a) because Defendant intentionally intercepted and/or recorded, by device or otherwise, private communications from mobile devices, as described more fully herein, without first obtaining the consent of Plaintiff or the Class.

Defendant’s conduct also violated RCW § 9.73.030(b) because Defendant intentionally intercepted and/or recorded, by device or otherwise, private conversation(s) from mobile devices, as described more fully herein, without first obtaining the consent of Plaintiff or the Class.

Plaintiff and the Class suffered harm as a result of Defendant’s violations of the Privacy Act, and therefore seek liquidated damages computed at the rate of one hundred dollars a day for each day of violation, or one thousand dollars, whichever is greater, and reasonable costs and attorneys’ fees. RCW § 9.73.060

2. The plaintiff added additional details to their Factual Background write up (with emphasis mine):

IV. Microsoft Admits To Unlawful Tracking

In September of 2011, shortly after this lawsuit was filed, Microsoft issued a press release indicating that it had discovered a “bug” in its Windows Phone OS that caused mobile devices running the software to transmit location information to Microsoft’s servers through its camera application—without user consent.

Specifically, Microsoft’s press release stated, in relevant part, that:

We have identified an unintended behavior in the Windows Phone 7 software that results in information about nearby Wi-Fi access points and cell towers being periodically sent to Microsoft when using the Camera application … the software bug results in the behavior even where you have disabled geotagging photos in the Camera application.

Although Microsoft attempts to blame its unauthorized tracking scheme on a software “bug,” the true facts show otherwise. Microsoft is one of the largest and most renowned software developers in the world, with a highly sophisticated staff of engineers. The idea that, during the programming process, these software engineers simply “overlooked” the fact that their own code was designed to ignore users’ refusal to consent to be tracked is untenable.

Furthermore, as described above, Microsoft made very specific representations to U.S. Congress members about the very functionality of its Windows Phone 7 OS that the Company now claims is flawed. Even assuming, arguendo, that Microsoft’s initial oversight led to the unlawful transmission of its users’ geolocation data, surely Microsoft’s engineering team conducted further investigation into the software before submitting to Congress that its software never transmits geolocation data without express permission of the user.

In truth, this was no coding error. Microsoft intentionally programmed its software to send its users’ geolocation information to its servers without consent because it wanted to maximize the amount of data it receives for use in its database. Now that it has been exposed, Microsoft is attempting to cover-up its malfeasance.

Whoa. Those are quite the punches! Unfortunately, they don’t land anywhere.

I won’t dispute the fact that Microsoft is one of the largest software shops in the world, but I don’t feel this directly correlates to software quality within individual product groups. If anything, it catalyzes the “oops rate”. Take Adobe, for example. They’re huge, right? So with this line of thinking, Acrobat Reader and Flash should be amazing. But they’re not even close. Recently released Microsoft Security Intelligence Report 11 shows that “Adobe Acrobat and Adobe Reader [exploits] accounted for most document format exploits detected in [1H] 2011.” And look at Skype for Windows software. 31% of its issues reported as Critical remain unresolved to date. (Any real user will tell you it’s one of the worst necessary evils on PC today.) Finally, let’s not forget this team was responsible for some high visibility blunders, such as the February and March update and the still-online illegal Nintendo ROMs on the marketplace. Point is: Nobody’s perfect. Not even Microsoft.

Untouched was the original research provided by Samy Kamkar, which is interesting given the research doesn’t hold water due to the use of a AT&T bound Samsung Omnia 7 – a combination that isn’t legitimately available to consumers in the US. But with Microsoft’s validation of the bug, I suppose the research’s value isn’t very high anymore.

What are your thoughts?

With Walter Bishop’s help, I started borrowing time and resources from another dimension. With my newfound time, I hooked up with a tech friend of mine – Paul Paliath – and set up a Minecraft server from scratch. This isn’t your ordinary single-executable server though. It’s a server based on the popular Bukkit kit that introduces an incredible amount of extensibility and terrible bugs. Paliath has the shopping list of what he installed, configured, and managed to get working without proper documentation.

But let’s talk about code! (Java-based) Bukkit offers an easy-to-use framework, allowing you tap into almost any event or facet of Minecraft you can think of. Want to know when people are punching cows? Wire up an event handler. Done. Want to know when someone tries to sleep in dark, so you can set their house ablaze? Done and done. But, wait – want to tie into the Windows platform? Errr. Cue the crickets. While Bukkit has a large following of plugin developers that do really crazy things, none seem to tap into the Windows platform itself. They were leaving it for me, of course!

Windows 8 (Metro-style) Minecraft Control Center, concept

As a Metro-style application development exercise, I figured I should tie Minecraft into Windows 8 somehow. I decided to roll out a Minecraft (Server) Control Center, which would allow for the remote administration of a server somewhere on the Internet. While I have some mini-map code here and event code there, I haven’t glued it all together yet. But above is a concept I drew out and am targeting for an initial tinker release.

The first column demonstrates some at-a-glance information I thought would be useful for the typical Minecraft server administrator. (It’s configurable, of course.) The next column displays a mini-map drawn using tiles output from a Bukkit-based plugin called dynmap. I’d like to note this plugin is an extreme pain in the ass to work with thanks to the horrible coordinate system used in Minecraft and/or in this plugin. (Drugs were obviously involved.)

I haven’t fleshed out other columns, but am kicking around some ideas. At the bottom would, perhaps, be a communication area giving admins a peek at what Minecraftians are arguing about. I’m not sure yet.

If you’re bored at work or perhaps want to claim some land, feel free to join our Punching Blocks server right now! We’re live!

On Saturday, my Windows 8 Secrets co-author Paul Thurrott wrote about a small but welcome change to Windows 8 – the ability to change your Custom Library icons. He wrote:

In Windows 8, finally, you can arbitrarily change the icon for custom libraries. Note, however, that this capability extends only to custom libraries, and not the built-in libraries (still Documents, Music, Pictures, and Videos). And while that’s a shame, power users will still appreciate being able to customize their custom libraries with a new icon. […]

I’m guessing there is a way to change the default library icons as well, even though this feature isn’t available in the Desktop user interface. If you know of a way to accomplish this in the Windows 8 Developer Preview without using a third party application, please let me know.

Naturally, I accepted the challenge. A few minutes with Windows 8 and well… it wasn’t hard at all, to my nerdy disappointment. Simply click Start –> Run (or WinKey + R), type explorer %AppData%\Microsoft\Windows\Libraries and click the OK button. This will open a new Explorer window showing us the raw Library metadata files (.library-ms). Drag the library into your favorite text editor (or simply Notepad) and locate the XML element <iconReference>. Edit the value within to meet your needs, save, and restart Explorer. (You can safely terminate Explorer in Windows 8 by holding the CTRL and SHIFT keys while right-clicking the Taskbar.)

You’re done!

I created two icon cheat sheets, if you need them — one for imageres.dll and one for shell32.dll.