In a message to security expert Steve Gibson, Microsoft admitted yesterday that the company had secretly tagged the Windows XP downloads for technical beta testers to catch the software pirates who had been giving out builds of the product for the past year. The company inserted a universally unique identifier (UUID) into each download so it could determine whether testers had given out their copies of XP to others.
"Yes, as other posters have surmised, [we used UUIDs] to track down leaky beta testers," Microsoft's John Gray told Gibson. "There are a number of people no longer participating in the beta because they were directly traced to deliberately leaking builds. However, disclosing the existence of the tracing technology simply means that we will no longer be able to remove such people from the beta as easily. Many beta sites complained over and over about the warez kiddies getting builds. Well, this is one thing we did to try to stop the leaks."
Microsoft notes that the UUID, which ties each XP download to a specific beta tester's Beta ID and IP number, isn't included in any of the retail or OEM versions of Windows XP. Also, the UUID isn't a privacy or security concern because it's only a tag that never leaves your computer unless, of course, you choose to share your copy of XP. The company had hoped to use this technology to trace warez, or illegal, copies of XP on the Internet to specific people.