iTunes update spies on your listening and sends it to Apple?

[David Farber <dave () farber net>]

Begin forwarded message:

From: Matt Manor <kingmanor () gmail com>
Date: January 11, 2006 12:54:28 PM EST
To: dave () farber net
Subject: iTunes update spies on your listening and sends it to Apple?

iTunes update spies on your listening and sends it to Apple?

http://www.boingboing.net/2006/01/11/itunes_update_spies_.html

By Cory Doctorow

  A new version of Apple's iTunes for Mac appears to communicate
information about every song you play to Apple, and it's not clear if
there's any way to turn this off, nor what Apple's privacy policy is
on this information.

  Yesterday, I updated my version of iTunes to 6.0.2, at the
recommendation of Apple's Software Update program. I noticed
immediately that iTunes had a new pane in the main window -- the
"Mini-Store" which showed albums and tracks for sale by the artist
whose song was presently playing.

  The question is: how does Apple know which version of the Mini-Store
to show you unless iTunes first transmits the current song that you're
playing to Apple? I've turned off the Mini-Store, but a look at
Apple's site, the iTunes license, and the iTunes documentation does
not state whether this turns off this spyware behavior, or whether it
merely causes iTunes not to show me things to buy based on the track
I'm presently playing.

  As Marc at Since1968 points out, there's no language in Apple's
privacy policy that addresses this specific behavior.

  I love iTunes because it's a clean music player. But no amount of
clean UI is worth surrendering my privacy for -- I wouldn't buy a
stereo that phoned home to Panasonic and told it what I was listening
to; I wouldn't buy a shower radio that delivered my tuning preferences
to Blaupunkt. I certainly am not comfortable with Apple
shoulder-surfing me while I listen to digital music, particularly if
they're doing so without my meaningful, informed consent and without
disclosing what they intend on doing with that data.

  At very least, Apple must deliver information about whether iTunes
gathers  and transmits your data when the Mini-Store is switched off,
and about what it does with the data the Mini-Store transmits when
it's loaded.
  Each time you play a different song, the MiniStore features
information about the artist currently playing, as well as "Listeners
Also Bought..." Here's a full size capture of Apple marketing in
action: as you can see, I'm playing Mary J. Blige covering U2's "One",
and the MiniStore shows other albums from Mary J. Blige and U2.

  This means, of course, that every single time I play a song the
information is sent back to Apple. You can turn off the MiniStore at
the click of a button, but it's not clear whether turning off the
MiniStore is the same as turning off the flow of data (one doubts it).
And don't bother looking for a way to turn this "feature" off in the
Preference pane: it's not there.      Link    (Thanks, Marc!)

  Update: John sez, "With the Mini-Store turned off, no data is passed
back to Apple.  Verified with Little Snitch and Ethereal." I'd be
interested in deeper analysis than this, though -- is this under all
circumstances?

  Update 2: John sez, "The iTunes MiniStore does not transmit the
current song data if the MiniStore pane is hidden. I ran TCPFlow to
check my outgoing data and it only queried the server when the pane
was open."

  Update 3 Merlin reports that iTunes appears to be phoning 2o7.net
when the Ministore is loaded. That domain is registered to Omniture,
Inc. of Orem, Utah. From Omniture's site:
  2o7.net is an Internet domain used by Omniture, Inc. on behalf of
our customers to improve Web site design and to generally improve the
user experience on the Web. This domain is used by Omniture's data
collection systems, and is the domain under which Omniture places
cookies. These cookies are NOT spyware – they are simple text files
that help Omniture customers measure usage of their Web sites and
performance of their marketing campaigns.

  Update 4: Kirk has verified that hiding the Mini-Store appears to
deactivate the spyware behavior in iTunes.

  Update 5: Marc, who broke this story, has posted a snappy comebacks
to silly apologists message that addresses the common objections to
this subject (e.g., "It's not spyware if Apple does it," and "You have
a duty to monitor all your applications' use of TCP sockets and filter
the ones you object to," and "Privacy is dead, stop acting like
companies are immoral for spying on you.")

  Update 6: Timo sez, "I just ran a packet trace of the new iTunes -
it only connects to  Apple if the Mini Store is open. For regular
MP3s, it'll run a full text search to find related  articles, for
purchased music, it searches by the original product ID. Sample query
string is:

  "/onca/xml? 
Service=AWSProductData&SubscriptionId=1KQJD90W67ZBHT7ZH282&Operation=
ItemSearch&SearchIndex=Music&Keywords=Alanis%20 Morissette%20Jagged%20
Little%20Pill&ResponseGroup=Images"

  Update 7:  Kirk adds, "after more analysis, this does not send info
to Apple when you are playing music, but rather when you click on a
song. So if you start playing a song by double-clicking, it will send
info to the iTunes Music Store and retrieve suggestions. But if the
song is in a playlist, the MiniStore display will not change when the
next song begins."

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/