A reader sent a mail indicating that the reported Win98 Excel/Word privacy problem might not be unique to Windows 98 as files on the Mac also contain GUID info. (A reader tip on defaulting to RTF files is a good way to bypass avoid this issue and preserve most formatting intact):

" It appears to me that Microsoft's newest security bug also affects Macintoshes. I do not have any "inside info" on the Microsoft GUID Feature from MS or the person who apparently reported it but it is clear to me that every Macintosh Office 98 Document contains this GUID. I have not tried with word 6.

It is easy to find your Globally Unique Identifier or "GUID" by simply creating a blank word document and saving it then opening it with a text editor like BBEdit or BBedit lite. on the third to the last line after you've also gone through a lot of registration information from your copy of office you will notice the letters "PID_GUID" followed by a little garbage and then 32 digits of numbers and hex values in brackets {}. I do not know how the last 12 hexadecimal values relate to my Ethernet address but that is part of my understanding of how this possible feature works on windows and many more Macs already have Ethernet addresses.

I would appreciate it if you could spread this news so that someone more skilled than myself can follow-up and see how far MS went to keep this "accident" working on the Mac platform and perhaps demand a patch for our "registry" before summer.

[he later commented on the issue of whether the info is sent back to MS]

Well a lot of registration info as well as this number is spread around by everyone exchanging word documents regardless of if they are online or not. It is just strange to think that long after a document is written it can be possibly be tracked back to the computer it was written on or that by looking at a word document it might also be possible to see if it came from a widely circulated copy of office. It is also really strange that if any digit of this number is changed word will refuse to open the file. Thanks,
Josh Lewis "

Scott Hinckley writes that changing the number does work - if using a Hex editor:

" He may have tried changing the number while in BBedit and saving from BBedit. In that case he would have been trying to modify a binary file in a text editor, which does not work.

I used a hex editor to chage the PID_GUID number to nulls (Hex 00) and MS had no problem opening the file.
Scott Hinckley "

Another reader offered to put up $10 in a class action suit offer :-)

Reader Feedback:

Tip: Save As RTF File: Rabbe Sandelin writes with a note on avoiding the embedded GUID number in saved files:

" Hi, and thanks for a great site!
A very good way of getting rid of all the problems with Word's native format is to save everything in rtf format (and making it the default in Word's preferences). All your fonts, tables, pictures and so on show up correctly, and you also minimize the risk of sending any Word macro viruses along if you send your files as attachments. RTF files are also openable by almost every word processor out there, and they import nice in PageMaker and so on.
Regards,
Mr Rabbe Sandelin
Helsinki, Finland"

More info on data contained in the PC files:

" Here's some more information on how pervasive the information contained is. I opened a PC Word document from a friend and found a history of when it was printed and to what printer, information about the registry, and a strange reference which I'll copy: RegisteredOrganization (garbage) (Dr. Diet Mountain Dew). Not only that, but the user hadn't applied the privacy patch and somehow a message that 'I think (name withheld) is a jerk !' was encased in the code.

The information about the printers, of course, can reveal server names (\\printserver\printername). Add that to the organisation name and people are sending out documents which (on a PC), can tell the wrong person more than you'd want to be known about your network.

You can also see the marketing implications. I opened a document from a friend of my wife's and instantly learned that he owns a Dell and an Epson 640 printer. If that's not market target info, what is ?
alan"

A reader notes that his name was also in the file:

" Mike,
I just did what your other reader did: saved a blank document from MS Word98 and opened it with BBedit lite. Yes, the GUID has my computer's ethernet hardware address as reported to me by the TCP/IP control panel. Needless to say, this is very disturbing. What goes even further, is that MY PERSONAL NAME is stored in this info, thereby robbing me of all anonymity. Also, the NAME OF MY HARD DRIVE is stored here as well as the location of the file when it was created.... Sincerely, James P."

Related Articles:

• Microsoft Admits Privacy Problem, Plans Fix (News.com)
• Microsoft Will Fix Privacy Problem (Yahoo)
• Sniffing Out MS Security Glitch (Wired)