Product activation: Privacy Frequently Asked Questions
This page answers Frequently Asked Questions about the privacy aspects of product activation. In order to understand this page you should first have an understanding of what product activation is, why some Wincent products feature it and how it works; this information is available on the main Product Activation Page.
Is my personal information transmitted to the server?
No. None of your personal information nor any other information about (or stored on) your computer is sent to the server, not even your license code or the name of the product which you are activating.
The product activation system has been carefully designed so that it can perform its function without transmitting any of your personal information across the network. There are multiple layers which protect your privacy and confidentiality: firstly, at a design level the protocol requires neither the transmission nor the storage of your personal information on the server; secondly, the information that actually is transmitted is effectively indistinguishable from random data because it is the product of a one-way cryptographic digest function; and thirdly, because all communications take place over a protected SSL-encrypted connection.
When you install a product for the first time it generates a number that is unique to the machine on which the software is being installed without actually identifying the machine. The number is what is known as a one-way cryptographic hash; it's so called because the calculation only works in one direction: it is easy to generate the number based on the machine, but it is impossible to look at the number and know which machine it came from. You can read a basic introduction to cryptographic hashes here.
A hash is also made from your license code. The one-way nature of the hash means that if somebody were to see it he or she would have no way of figuring out what your license code was; nevertheless, the hash is a unique number and no two licenses will produce the same hash.
These two pieces -- let's call them the "machine hash" and the "license hash" -- are sent to the Wincent server at activation time. If the server sees many activation requests coming in with the same license hash but lots of different machine hashes, then it knows that the software is being activated on many different machines with the same license code. Note that because one-way hashes are used in the process nobody can personally identify machines or customers; the numbers are just random ID numbers that cannot be traced back to a particular individual or computer.
Does the software "phone home"?
Wincent products will never "phone home" without your permission. Product Activation occurs when you first enter your license code and you press the "Verify" button. The user interface for entering your license code makes it very clear what will happen, so there are no surprises. If you cannot connect to the Internet to perform the activation, the software will remind you to do so the next time you run it.
Wincent software won't attempt to phone home for other purposes either; see the Wincent privacy policy for more general information.
What happens if somebody on the network is spying when the activation occurs?
As explained above none of your personal information is transmitted to the server during the activation process. The information that is transmitted would be useless to any third-party observer because it could not be used to determine anything that would identify you or reveal what your license code is. An additional layer of protection is provided because all connections are performed over an encrypted SSL link. No information is stored on the server, other than the number of activations.