Software & hardware manufacturers may access their error reports using Microsoft's [[Windows Dev Center]] Hardware and Desktop Dashboard (formerly [[Winqual]]) program.<ref>[{{Cite web |url=https://sysdev.microsoft.com/ |title=SysDev (was Winqual) website] |access-date=2012-11-07 |archive-date=2018-08-03 |archive-url=https://web.archive.org/web/20180803125334/http://sysdev.microsoft.com/ |url-status=dead }}</ref> In order to ensure that error reporting data only goes to the engineers responsible for the product, Microsoft requires that interested vendors obtain a [[VeriSign]] Class 3 Digital ID or [[DigiCert]] certificate.<ref>[http://msdn.microsoft.com/en-us/library/windows/hardware/br230783.aspx Update a code signing certificate]</ref> Digital certificates provided by cheaper providers (such as [[Thawte]], [[Comodo Group|Comodo]], [[GlobalSign]], [[GeoTrust]], [[Cybertrust]], [[Entrust]], [[GoDaddy]], QuoVadis, [[Trustwave]], [[SecureTrust]], [[Wells Fargo]]) are not accepted.<ref>[http://blogs.technet.com/b/empower/archive/2007/05/15/introducing-windows-error-reporting.aspx Introducing Windows Error Reporting]</ref><ref>[http://idvlpsw.wordpress.com/2008/03/08/winqual-registration-head-aches/ WinQual Registration Head Aches]</ref><ref>[http://social.msdn.microsoft.com/forums/en-US/windowscompatibility/thread/37cc820e-d715-44b2-a7bd-a7fe47f6f13e/ Microsoft Support Forum: WER with Thawte authenticode signed app]</ref><ref>[http://blogs.msdn.com/oldnewthing/archive/2005/08/10/449865.aspx The Old New Thing: How can a company get access to Windows Error Reporting data?]</ref><ref>[http://successfulsoftware.net/2008/02/27/the-great-digital-certificate-ripoff/ The great digital certificate ripoff?]</ref>
Software and hardware manufacturers can also close the loop with their customers by linking error signatures to Windows Error Reporting Responses. This allows distributing solutions as well as collecting extra information from customers (such as reproducing the steps they took before the [[Crash (computing)|crash]]) and providing them with support links.
Line 53:
==Privacy concerns and use by the NSA==
Although Microsoft
has made privacy assurances, they acknowledge that [[personally identifiable information]] could be contained in the memory and application data compiled in the 100-200 KB "minidumps" that Windows Error Reporting compiles and sends back to Microsoft. They insist that in case personal data is sent to Microsoft, it won't be used to identify users, according to Microsoft's [[privacy policy]].<ref>[{{Cite web |url=http://oca.microsoft.com/en/dcp20.asp |title=Microsoft Privacy Statement for Error Reporting] |access-date=2007-10-07 |archive-date=2012-10-10 |archive-url=https://web.archive.org/web/20121010075211/http://oca.microsoft.com/en/dcp20.asp |url-status=dead }}</ref><ref>[http://support.microsoft.com/kb/283768/ Description of the end user privacy policy in application error reporting when you are using Office]</ref> But in reporting issues to Microsoft, users need to trust Microsoft's partners as well. About 450 partners have been granted access to the error reporting database to see records related to their [[device driver]]s and apps.<ref>{{cite web | url = https://rcpmag.com/articles/2002/10/03/microsoft-error-reporting-drives-bug-fixing-efforts.aspx | title = Microsoft Error Reporting Drives Bug Fixing Efforts | last = Bekker | first = Scott | date = 3 October 2002 | website = Redmond Partner Channel | publisher = 1105 Redmond Media Group}}</ref>
Older versions of WER send data without encryption; only WER from [[Windows 8]] uses TLS encryption.<ref name="wsense2013-12"/> In March 2014, Microsoft released an update (KB2929733) for Windows Vista, 7 and Server 2008 that encrypts the first stage of WER.<ref>{{cite web|title=The first stage of the WER protocol is not SSL encrypted in Windows|url=http://support.microsoft.com/kb/2929733|publisher=Microsoft|access-date=10 January 2015|date=11 March 2014}}</ref>
