Unlike Warren, WinRumors was born in October 2010, a year after Windows 7 general availability. The site still claims to provides every piece of interesting Microsoft related news or rumors but has mysteriously gone dark since Warren’s move to The Verge. However, Warren does share his birthday with Princess Alia bint Al Hussein, eldest child to King Hussein of Jordan, who also worked as registrar with the British School of Archaeology under Crystal Benett OBE, and has been a member of Fakherelnissa’ Zeid’s Art Group since the 1980s. Princess Alia graduated with honours from the University of Jordan in 1977, obtaining a bachelors degree in English literature.

You can follow Tom Warren on Twitter (@tomwarren).

[Developing story]

In all seriousness though, Happy Birthday Tom.

Thinking I missed something, I went ahead and re-installed Daemon Tools. Sure enough, a MountSpace related dialog appears.

Several problems:

1. The Daemon Tools Lite EULA only mentions the word “privacy” twice, both in irrelevant contexts. In fact, the EULA appears truncated.
2. Selecting “Don’t allow MountSpace to use my mount statistics” here doesn’t actually turn off MountSpace.
3. MountSpace doesn’t have a real privacy policy.

While MountSpace could argue that selecting the latter option here would simply flag your data for deletion server-side, there’s no way to validate they’ll actually follow through. So as a workaround, I recommend everyone block 212.117.184.51 and 212.117.185.149 in their firewalls, until the matter is clarified. Windows 8’s native ISO mounting couldn’t come quicker.

You can find already sent/received cached data in %AppData%\DAEMON Tools Lite\ImageInfoCache.

–

Update: A Daemon Tools administrator claims my information is false in their forums. I tried explaining but my post on their forum was delayed, then edited down. I queued up a reply, just waiting to get through the moderation queue again.

Also, popular German magazine CHIP picked up on the post. Of course, they didn’t attribute me at all.

In response to some reader mail I received, I purchased a Bluetooth A2DP-capable wireless headset – the Motorola S10-HD – to test on a Windows Phone. Pairing with the device worked great. Crystal Method sounded okay. (PCMag slammed them in this area, though.) It transmitted my voice enough for Paul Paliath to hear me. And it sported a standard mini-USB port for charging.  I couldn’t be happier. But to my immediate disappointment, the headset just wasn’t compatible with glasses at all. The hard plastic on hard plastic on skin combination wasn’t a winning one and breaking out the contacts was not an acceptable workaround. So I rate this headset: “dead to me”.

What alternatives do you recommend?

I wasn’t successful in creating that dream backup application this time around, but as Buckminster Fuller once said: “There is no such thing as a failed experiment, only experiments with unexpected outcomes”.

So what happened? I made some assumptions that weren’t in fact true. This left me poking, prodding, and fighting Windows Phone’s OMA Client Provisioning layer all night. (I totally get why the XDA Developers folks keep playing with this stuff now.)

Here are some technical notes in no real order:

My ARM7i compiled DLLs worked nicely. Hurray for miracles.

Using Samsung’s LaunchExe function was pretty simple, for bouncing out of Least Privileged Chamber (LPC).

Rapiconfig.exe, the configuration tool that executes provisioning XML, blows. By blows, I mean it’s poorly written and requires certain stars and planets to be aligned in a particular manner to work correctly. For example, I wasted hours trying to feed it valid XML to later learn from XDA’s Heathcliff74 that provisioning XML must be in Unicode (UTF-16). Never mind the actual encoding specified in the XML header or using a proper damn XML parser. Also, the attribute and element values are all case-sensitive. God only knows what would happen if you introduce a single blank line.

According to MSDN/Technet documentation for both WM6 and Windows Embedded Compact 7 – of which Windows Phone is supposedly built upon – the provisioning magic on the phone supports a parameter name of "SelfRegister”. This was supposed to tell the OS that I want to (COM) register my library. This should have then triggered a call into DllRegisterServer, executing my code. I tried this with both TCB signed and unsigned code to no avail. Maybe I screwed something up here? I suspect this is broken for valid security reasons.

My phone is very unstable. At times, simple things like COM registration were failing with security errors. And at one time I was able to deploy XAPs with my phone locked. Scary. Reboots fixed all these issues temporarily.

This homebrew backup application should allow me to backup Marketplace-derived applications, allowing them to be transferred to another device. Given the little time I’m giving myself to get this done, I’ve simplified my requirements to the following:

• Must support backup of Marketplace-derived apps. (e.g. Plants vs. Zombies save state)
• Must use sockets for easy PC<->Phone communication. Fishing crap out of Isolated Storage manually is unacceptable.
• Must work on my Samsung Focus (v1.3) devices running Mango.
• Must succeed in using saved app. state on restore target.

If I succeed, I will release the XAP and any information needed to use it/further development. Future posts will cover progress milestones as I reach them, so stay tuned.

You can hang out with me on Freenode IRC, if you’d like.

Here’s some of the more interesting requirements.

5-point digitizers
Microsoft requires that Windows 8 touch PCs use digitizers supporting a minimum of 5 touch points. Yep, you no longer have to hunt down information to answer that question: “Hey, does this thing do multi-touch?”. This requirement ensures your Windows 8 certified PC supports at least a hand of fingers on the screen, for all those gestures and finger-painting activities.

“Hey Windows 8, this is HP TouchSmart… you win.” (Even the newest HP TouchSmart only works with two touch points.)

NFC “touch marks”
Microsoft requires that Windows 8 PCs featuring NFC technology have “touch marks”. This one is a no brainer – A PC, likely a tablet or slate, must have a sticker or similar signage indicating where another NFC capable device can mate with it. I bring this up because we’re not used to NFC being visible in this manner. Today, NFC is available in Google’s new Galaxy Nexus phone for the most part. To invoke it, you presumably start a supportive application and mash it onto a NFC reader, moving it around until it beeps. With a larger form factor, however, knowing where the sensor is physically located becomes crucial to avoid Neanderthal-like clashing of tablets.

Hardware buttons
Microsoft requires that Windows 8 tablet/convertible PCs have 5 hardware buttons. Not three; not six. Five. Those buttons are:

• Power
• Rotation lock
• Windows Key
• Volume up
• Volume down

The Windows Key will be at least 10.5 mm in diameter and be sported in any number of shapes (e.g. circular, rectangular, square).

New button combo for CTRL + ALT + DEL
Microsoft requires that Windows 8 PCs joined to a domain and without keyboards implement new Ctrl+Alt-Del sequence. While the on-screen keyboard remains an option for logging into a domain-joined PC, the quicker (and new) option is to press Windows Key + Power.

Minimum component set for tablets and convertible PCs
Microsoft requires that Windows 8 tablet/convertible PCs feature a minimum set of components. Requiring partners to install a baseline set of components isn’t new, but we can now begin to drool over what future Windows 8 tablets/convertible PCs will look like. Here’s what a bare minimum Windows 8 tablet would look like:

• Storage: At least 10gb free space after the out-of-box experience completes
• System firmware: UEFI
• Networking: WLAN and Bluetooth 4.0 + LE (low energy)
• Graphics: Direct3D 10 device w/ WDDM 1.2 driver
• Resolution: 1366×768
• Touch support: At least 5 touch points, must pass all tests
• Camera: 720p
• Ambient Light Sensor: 1-30k lux capable w/ dynamic range of 5-60K
• Magnetometer
• Accelerometer: 3 axes w/ data rates >= 50Hz
• Gyroscope
• USB 2.0: At least one controller and exposed port
• Speakers

No reboot driver upgrades
Microsoft requires that Windows 8 PCs support no-reboot upgrade of graphic card drivers. Finally. While Windows Vista has supported reboot-less upgrades of WDDM drivers, enforcing that requirement was hard with unified driver sets containing both XDDM and WDDM drivers mixed in. With XDDM drivers gone in Windows 8, however, enforcement is easy and should be welcomed by users and gaming enthusiasts with wide open arms.

2 second resume … but not for ARM
Microsoft doesn’t require that Windows 8 ARM PCs resume in two seconds or less … only Intel-compatible Windows 8 PCs have this requirement. And yes, the two seconds max for Standby (S3) to “resume complete” requirement was in place since Windows 7. But I suspect ARM doesn’t come with this requirement because of architecture implementation volatility or, more likely, that Microsoft simply doesn’t yet have enough data in this space. As ARM improves and matures as a Windows host, I suspect we’ll see this requirement pop up in a future release.

Windows 8 Build 8175 – Start screen Personalization applet (© The Verge)

Back in September, I dissected the new Start UI in Windows 8 and wrote that readers should expect a new personalization UI. Well, it’s official! The Verge, today, uploaded some photos of a newer Windows 8 build running at CES, with a shot of the new Personalize applet amongst them. As suspected, Microsoft is offering users the option of customizing the background color and image, with limited options. Before you balk at the idea of only having 9 colors and 8 parallax background images to choose from, think about usability.

I’m not a UI designer or usability guru but you don’t need to be one to picture the hell that would ensue if a user set their background color to a bright orange. (If you can’t, I provided an example above.) The tile, as you can see, immediately loses its depth (due to the background image being impossible to see) and becomes difficult to retrieve information from.

Limitations have been imposed on the background image as well, for similar reasons. While my example isn’t great, you can kinda picture the problem. The left image has a square-based motif that slowly pans left or right, depending on swipe direction. This creates the illusion of depth. The image on the right, however, uses a custom horizontal gradient that creates infinitely reaching bars. As the user swipes left or right, the bars would remain unchanged in appearance. The effect would be lost.

While the customization community would lead you to believe they know what they’re doing and prefer unfettered customization access, the reality is Microsoft knows what’s better for all of us. If you insist on having that access, however, I’m sure desktop customization king Stardock will have something to play with soon enough.

The Next Web published a follow up post re: the situation. It isn’t corrective in any way, but I got the gist of what Alex was trying to say: “I fucked up, sorry man.”

I hope I don’t get removed from the holiday card mailing list.

“Thank you note for every language” 
© woodleywonderworks

[1] ChevronWP7 Labs enters the New Year with 10,000 token sales under our belt. Hooah! ^RR

[2] Our agreement with Microsoft was to sell no more than 10,000 tokens, hence "sold out". We’re discussing if we want to up that number. ^RR

The use of our and we were references to “the ChevronWP7 team”, i.e. Chris Walsh, Long Zheng, and myself. I mean, the tweet did come from the ChevronWP7 account after all. Here’s how I designed it to be read:

We [the team] are still discussing if we [the team] want to up this number.

Here’s how it was interpreted:

MICROSOFT HATES THE WORLD; MICROSOFT IS SHUTTING DOWN CHEVRONWP7; THEY DENIED THEM TOKENS!!!!11111

Microsoft isn’t involved in our discussion yet. And they can’t provide us with more unlocks because we haven’t asked yet. If we do request more, we’re sure Microsoft will respond positively – as they have in the past.

What frustrates me is that I know and like these guys personally, but corners were cut and no fact checking was performed. Despite being only a Skype call/KiK/email/IM away, no one bothered to contact me or anyone on the team.

Now I’m stuck with cleaning up the mess.

Yep. I should’ve known not to blindly trust what was on US-CERT, sigh.

Upon inspection of the actual disclosure one area jumped out at me:

Vendor communication:
2011/11/01 Coordinated notification to PHP, Oracle, Python, Ruby, Google
via oCERT

2011/11/29 Coordinated notification to Microsoft via CERT

Yep. These guys waited an arbitrary 30 days (in reality, less) before publishing it to the world. Never mind that this issue affected Microsoft .NET Framework 1.0 and up. Never mind that this framework has been built into Windows since Windows XP. Never mind patches for all these platforms have to be engineered and tested. Never mind it’s the fucking holidays and people have families they’re spending time with. Never mind this doesn’t just affect ASP.NET but also web frameworks written in Java, Python, Ruby, PHP, and JavaScript (think node).

I couldn’t find a shred of evidence to suggest this flaw was being exploited by malicious actors or that the information was discovered by other folks – possible reasons that would have explained such a disclosure. This appears to just be a classic case of dirtbagery.

Here’s how the adults handle this, take notes guys:

Today we’re taking another step, with the public availability of access to the Messenger network via XMPP, an open standard. This means that anyone can build innovative messaging clients—either stand-alone or built into their devices—that include access to Messenger’s 300 million active users. […]

Developers interested in learning more about our XMPP interface can check out our code samples on GitHub []along with the overview documentation on the Live Connect developer center. These should give you enough information to get started building integration with the Messenger network into your mobile apps, devices and web sites.

There are still some missing basics though, like the ability to add/remove folks from your buddy list. Maybe in a future release.

Unfortunately, because of the actors involved, we’re missing a bunch of specifics. For example, we don’t have information on the affected OS versions or information on the string itself, aside from some hints. Nor if this is limited to a specific mobile operator, device type, transmission channel – we know of SMS, Facebook, Windows Live Messenger –, or position of my bear claws.

Shortly after Warren’s post went up, Salameh tweeted this issue isn’t limited to just Windows Phone. Dang, too late.

To set this up, simply open the Sound applet and click the Sounds tab. Scroll down the list of Program Events and locate Microsoft Visual Studio. The rest is pretty straight forward. I’m currently using a small “blip” sound from a public domain sounds archive. You can use anything you wish, however it must be converted to a WAV file. (Your best bet is to use a 1 second or less, subtle cue.)

What’s intriguing is that I feel like I’m processing breakpoint information more efficiently. By processing, I mean the audio cue gives me that “you’re at a breakpoint” information seemingly faster than processing the yellow/red color combo on the screen. If you’re aware of any research in the area of audio vs. visual cues, would love to read it.

In Silverlight applications, sometimes you want to call unmanaged libraries or native code, including Microsoft Win32 functions. In Silverlight 5, you can call unmanaged or native code through the platform invoke feature. Platform invoke is also referred to as PInvoke or P/Invoke. Platform invoke in Silverlight is very similar to platform invoke in the .NET Framework. However, there are some important differences.

• Platform invoke in Silverlight can only be used in trusted applications hosted either in-browser or out-of-browser.

• Platform invoke in Silverlight can only be used on computers running the Windows operating system. There is no Mac support.

Can someone share why I would want to adapt Silverlight’s model then bolt myself to the Windows platform using P/Invoke? I can’t imagine many Silverlight developers were clamoring for P/Invoke functionality, as they made the decision to go Silverlight based on its operating system agnosticism. The only case fumbling around in my head now is one involving “enhanced experiences”. Perhaps a Silverlight developer would want to detect the OS it’s running on and upgrade itself if it’s on Windows. But that’s far-fetched given the requirements to do so (full trust). So, err… what the heck is the use case here? Why not just use WPF?

Discuss.

The Microsoft® Flight team is excited to announce that we are now accepting applications to our beta. To apply for the beta:

1. Make sure you have a LIVE Gamertag. To sign up for the Microsoft® Flight beta, you will need a LIVE Gamertag. If you don’t already have one, you can get your LIVE Gamertag here.

2. Opt in to stay informed. We are in the process of integrating our newsletter with Xbox LIVE®. To make sure that you receive the upcoming news and information about Microsoft Flight, be sure to opt in to receive marketing emails when you sign up for your Gamertag. If you already have a LIVE Gamertag, review your opt-in preferences to make sure you’re receiving marketing emails.

3. Fill out your application on Microsoft Connect. Beta invitations will be sent out in early January 2012. While we will try our best to include as many of our interested users as we can, completing the beta application does not guarantee an invitation to the beta program.

One of the reasons I hate using Windows Live Messenger is that it contains overzealous photo and video sharing capabilities. I often share links with Paul Thurrott, for example, to only be greeted with a full screen representation of what’s behind my link… as if I needed confirmation of what I just pasted in. Worse is the fact that Messenger window gyrates, shakes, and moves around, repositioning itself for a direct view of my eyeballs. But wait, there’s more – all this affects the recipient too. That’s three strikes.

I’ve had this on my TOHACK list for quite some time now, perhaps even a year. But I never got to it. (Blame Minecraft.) Thankfully, I can scratch this off my list because someone by the pseudonym of Erazor beat me to it. Messenger customization software A-Patch (version 15.4.3538.0513) now features his hack in the form of two little checkboxes. Just run the utility and you’re cured for life. (Microsoft don’t really update Windows Live Messenger, so expect the change to stick for a long time.)

As those A-Patch folks would say: Praise be to God.

Nitpicker’s Corner: The recipient could disable the expansion of images on their screen by un-ticking “Automatically accept when I receive: Invitations to view photos”. But there is no option to disable this behavior for the originator.

This isn’t directly related to Windows however I try to promote ooShirts any chance I get. You may recall we ordered shirts through them for the ChevronWP7 Labs experiment. Well, while mailing out shirts this week, I discovered this cute 19-page choose-your-own-adventure book. I narrated the book to Long Zheng over Skype and he gave it (and the narration) 112 stars.

Head over to ooShirts to read the digital copy.

People oft forget they’re throwing exorbitant amounts of cash at their mobile operator for various “packaged services”. SMS isn’t a freebie they threw in for laughs, you pay for it one way or another. In my case, I pay $60.76 a month for what amounts to barebones telephone service and a smartphone data package, for my Samsung Focus. That includes an 18% or so discount as part of some deal with my employer. Justifying that is hard enough. If I wanted to sext Jenny, I’d have to dish out an extra $20/mo.

Fuck that.

Clarification: It was pointed out that the Windows Phone Marketplace uses short-codes, as opposed to a full blown SMS message, if you have Find Your Phone enabled. Unfortunately, those are blocked too. AT&T has only one feature called “Text Message Opt-Out”. This presumably encompasses both short-code and SMS text messaging.

The Xbox can now be controlled via the Windows Phone, adding to an already awesomely long list of submissive styles – the Xbox controller, media remote, web, keyboard(?), PC, and Kinect. For those who don’t allow SMS on their device – like me – use this handy Zune marketplace link. Thanks Nuduaa, I was pulling my hair out there for a second.

Surprisingly, no native code was used in the making of this app.

Revenue model: Successful apps earn 80 percent of every dollar of revenue earned after passing $25,000 USD in total revenue. The first $25,000 USD is paid out at the industry standard 70 percent revenue share.

This means Microsoft takes 30% of your profits, aligning with Apple’s offering. The differentiator here is that Microsoft will ease off when you exceed 25k, which could influence those deciding on a launch platform for their next whizamajig. Or Angry Birds clone.

Timing: Opening its doors at Windows 8 Beta in late February 2012, the Windows Store will welcome developers to begin submitting apps starting today through the First Apps Contest to be considered for the Store’s opening. More details on the contest can be found at buildwindowscontest.com.

The Next Web called the timeframe. The contest looks fun, perhaps enough motivation for me to actually write that Minecraft administration tool. Long Zheng pinged me, wanting to port MetroTwit to WinRT, but discovered Australia isn’t good enough to apply. Poor bastard.

Opportunity: Windows presents the largest single platform opportunity for developers, with 500 million Windows 7 licenses sold around the world to date.

Assuming half of those folks upgraded, that’s 500 million potential eyeball views. Whoa.

Oh, and there’s a new Windows Store blog too.

A. Cousineau Does Not Allege Injury-in-Fact to Support Article III Standing.

To establish the “irreducible constitutional minimum of standing,” a plaintiff must allege and prove three distinct elements: (1) injury in fact; (2) causation; and (3) redressability. Steel Co. v. Citizens for a Better Env’t, 523 U.S. 83, 102-04 (1998) (quotations omitted). “[I]injury in fact” refers to “a harm that is both ‘concrete’ and ‘actual or imminent, not conjectural or hypothetical.’” Vermont Agency of Natural Res. v. United States ex rel. Stevens, 529 U.S. 765, 771 (2000) (quoting Whitmore v. Arkansas, 495 U.S. 149, 155 (1990)). Article III therefore requires a plaintiff to allege a “distinct and palpable” injury, Gladstone Realtors v. Village of Bellwood, 441 U.S. 91, 100 (1979) (quoting Warth v. Seldin, 422 U.S. 490, 501 (1975)), that is “certainly impending,” if not already suffered, Babbitt v. United Farm Workers Nat’l Union, 442 U.S. 289, 298 (1979).

If you wish, you can read the 33-page motion to dismiss for yourself. I’ll keep an eye out to see if this motion passes or not.

The ChevronWP7 Labs Unlock Client – Loading screen

The unlock client users download and run gathers a few bits of phone data, including (but not limited to) the make and model of the device and version of running OS. You may remember the screen above – this is the step in which the client gets this data and packages it up for transmission to our service. For the techies out there, this is done via the Microsoft.WindowsMobile.DeviceUpdate component that comes bundled with with the Windows Phone Support Tool. It does a decent job at managing connected devices and grabbing data.

Anyway – let’s get to the more interesting stuff.

Going by a list of Windows Phones on Wikipedia, you’d expect to see a maximum of 20 distinct phone types in our database. (I made a tweak to this list, separating the US-based and EU-based Samsung Focus Flash.) I mean, why would I expect otherwise, right? A phone should report its make and model accurately. But a quick look in the database shows otherwise. The database contains 50 distinct phones and that only represents a tiny group of devices in the wild.

Here’s an example: Samsung currently has 5 phones in the market – the Focus, Focus S, Focus Flash, Omnia 7, and Omnia W. But looking at our database, I saw 10. Here’s a table showing what I expected and then what was actually reported via our software:

Samsung devices on the market vs. actual telemetry data

You may recall that the Samsung Focus was the cause of February update headaches, which becomes clearer with this data in hand. Word on the street is that there were undocumented differences between Samsung’s 1.3 and 1.4 revisions of the phone that Microsoft didn’t account for. Okay, creating a fix is easy enough but from an update perspective – how the hell do you identify and target in this diverse group of phones? I’m not sure how Microsoft pulled it off, but I suspect they re-engineered the February update to look for the critical differences at install time, rather than try to selectively deliver updates based on the phone’s report of its make/model – because it’s unreliable and thus useless. Not the ideal solution but from where I stand – it was their only choice.

Whom to blame is tricky – from this data, it appears while OEMs define one name, mobile operators can define another (or have the ability to change it). This theory is supported via the data. For example, Rogers – a mobile operator in Canada – does just this. Their Samsung Focus phones report a customized model name, including the letter R (for Rogers) at the end of their model name. Cute.

Samsung isn’t alone here, of course. Some interesting tidbits:

• HTC has 7 devices on market, but our data shows 28 actual configurations (plus a bonus HTC Leo configuration missing a manufacturer tag altogether)
• LG has 2 devices on market, but our data shows 7 actual configurations
• Dell has 1 device on market, but our data shows 2 actual configurations
• Nokia and Fujitsu are being good partners with 1 device on market with just 1 actual configuration.

Looking at just a tiny subset of phones in the homebrew community, it is miraculous to me that Microsoft was able to deliver an update like Mango in such a timely and orderly fashion. Major kudos.

Figure Uno – Screenshots of the Create Account and Edit Account views in Tango.

When I downloaded and installed Tango, I was presented with the Create Account screen (figure 1, left). I provided the usual amount of information, agreed to some terms set forth, and tap the Save button. Logged in and ready to go, I receive a call. Bringgg ringg ringgg! That’s nice… wait, what just happened here?

I was surprised to discover that tapping on Contacts revealed my entire contact list with Tango presence data intertwined. In my case, someone had discovered I was online and tried to make a call. Did I miss a consent somewhere? (Answer: No.)

I read over the Terms of Use that I agreed to at startup, admittedly after agreeing to them, and the word “contacts” is missing completely. (I assume these are the latest because the latest privacy policy link is broken.) No where in the terms does it mention a privacy policy (for Tango) but at the very bottom of the webpage itself, there’s some itty bitty text – yep, Privacy Policy.

Tango’s Privacy Policy specifically calls out the information they collect, which is excellent. But it fails to accurately portray how the phone retrieves consent and gathers this data in the real world, which is a huge no-no. They state (emphasis mine):

In addition, when you install the Service on your device and register with Tango, you will be asked to allow us access to your address book. If you consent, we will have access to contact information in your address book on the devices you use for the Service (names, numbers and emails, but not notes or other personal information in your address book). If you consent separately to the storage of this contact information, we will store it on our servers and use it to help you use the Service, for example, by synchronizing your Tango contacts between different devices you may want to use with the Service. If you do not want Tango to store this information, you may opt-out through your account settings at any time. However we may not be able to offer some of the features that require this information.

After installing the client on my test phones, I was never asked to give Tango access to my address book. Nor was I separately asked if I wanted Tango to store this information on their servers. They do, to be fair, have a slider that shuts off the flow of contacts to their servers – but at this point, it’s too late. And it’s on by default (figure 1, right). Fortunately, the policy explains you can undo this mess by emailing them (privacy@tango.me):

You can remove your data anytime you want. If you ask us to delete your account, we will use commercially reasonable efforts to remove your data from our servers.

Any personally identifiable information you submit on a blog, bulletin board or chat room on our website or elsewhere can be viewed and used by others, including to send you unsolicited messages or to commit identity theft. Tango is not responsible for any misuse of your information that might result from your disclosure of information in these forums or elsewhere.

I sent them an email, which landed me in a support queue, which is fair enough. I haven’t made my way through it yet but I suspect it’ll be rather painless.

Now to work on decrypting its XMPP-TLS traffic so I can peek inside…

Update 11/11/11 (4:04pm): Tango support responded to my deletion inquiry and noted that turning off the Save Address Book feature wipes your data off their server. Handy tip.

When you disable the ‘Save Address Book’ option in your Tango profile, that actually will dynamically delete your address book from the server so in the future you don’t need to have the account removed. Please let me know if I can be of further assistance.

Ignoring the grammar changes peppered throughout, two major changes were made:

1. The plaintiff added a new claim, alleging Microsoft violated the Washington Privacy Act (with emphasis mine):

Washington’s Privacy Act, RCW §§ 9.73, et seq. (“Privacy Act”) prohibits companies from intercepting private communications without the consent of all parties involved. The Privacy Act is one of the most restrictive privacy statutes in the United States.

Microsoft does not qualify as an entity exempted from liability under the Privacy Act as defined by RCW § 9.73.070.

Defendant’s conduct violated RCW § 9.73.030(a) because Defendant intentionally intercepted and/or recorded, by device or otherwise, private communications from mobile devices, as described more fully herein, without first obtaining the consent of Plaintiff or the Class.

Defendant’s conduct also violated RCW § 9.73.030(b) because Defendant intentionally intercepted and/or recorded, by device or otherwise, private conversation(s) from mobile devices, as described more fully herein, without first obtaining the consent of Plaintiff or the Class.

Plaintiff and the Class suffered harm as a result of Defendant’s violations of the Privacy Act, and therefore seek liquidated damages computed at the rate of one hundred dollars a day for each day of violation, or one thousand dollars, whichever is greater, and reasonable costs and attorneys’ fees. RCW § 9.73.060

2. The plaintiff added additional details to their Factual Background write up (with emphasis mine):

IV. Microsoft Admits To Unlawful Tracking

In September of 2011, shortly after this lawsuit was filed, Microsoft issued a press release indicating that it had discovered a “bug” in its Windows Phone OS that caused mobile devices running the software to transmit location information to Microsoft’s servers through its camera application—without user consent.

Specifically, Microsoft’s press release stated, in relevant part, that:

We have identified an unintended behavior in the Windows Phone 7 software that results in information about nearby Wi-Fi access points and cell towers being periodically sent to Microsoft when using the Camera application … the software bug results in the behavior even where you have disabled geotagging photos in the Camera application.

Although Microsoft attempts to blame its unauthorized tracking scheme on a software “bug,” the true facts show otherwise. Microsoft is one of the largest and most renowned software developers in the world, with a highly sophisticated staff of engineers. The idea that, during the programming process, these software engineers simply “overlooked” the fact that their own code was designed to ignore users’ refusal to consent to be tracked is untenable.

Furthermore, as described above, Microsoft made very specific representations to U.S. Congress members about the very functionality of its Windows Phone 7 OS that the Company now claims is flawed. Even assuming, arguendo, that Microsoft’s initial oversight led to the unlawful transmission of its users’ geolocation data, surely Microsoft’s engineering team conducted further investigation into the software before submitting to Congress that its software never transmits geolocation data without express permission of the user.

In truth, this was no coding error. Microsoft intentionally programmed its software to send its users’ geolocation information to its servers without consent because it wanted to maximize the amount of data it receives for use in its database. Now that it has been exposed, Microsoft is attempting to cover-up its malfeasance.

Whoa. Those are quite the punches! Unfortunately, they don’t land anywhere.

I won’t dispute the fact that Microsoft is one of the largest software shops in the world, but I don’t feel this directly correlates to software quality within individual product groups. If anything, it catalyzes the “oops rate”. Take Adobe, for example. They’re huge, right? So with this line of thinking, Acrobat Reader and Flash should be amazing. But they’re not even close. Recently released Microsoft Security Intelligence Report 11 shows that “Adobe Acrobat and Adobe Reader [exploits] accounted for most document format exploits detected in [1H] 2011.” And look at Skype for Windows software. 31% of its issues reported as Critical remain unresolved to date. (Any real user will tell you it’s one of the worst necessary evils on PC today.) Finally, let’s not forget this team was responsible for some high visibility blunders, such as the February and March update and the still-online illegal Nintendo ROMs on the marketplace. Point is: Nobody’s perfect. Not even Microsoft.

Untouched was the original research provided by Samy Kamkar, which is interesting given the research doesn’t hold water due to the use of a AT&T bound Samsung Omnia 7 – a combination that isn’t legitimately available to consumers in the US. But with Microsoft’s validation of the bug, I suppose the research’s value isn’t very high anymore.

What are your thoughts?