Slashdot Log In
iTunes is Malware?
Posted by
ScuttleMonkey
on Wed Jan 11, 2006 12:46 PM
from the but-not-if-apple-does-it dept.
from the but-not-if-apple-does-it dept.
Moby writes "On the heels of the big Apple love-in that is Macworld comes some interesting but alarming news. Recently a few blogs have started to indicate that iTunes is tracking your music preferences and using that data to recommend other songs from iTMS. The article provides a good overview, with some recommendations of its own. Basically, iTunes is tracking your music and sending the data back to Apple servers. This info is then used to advertise songs that may be to your tastes. A convenient feature, perhaps, but it raises concerns over privacy."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Extremely easy to disable, and more info (Score:5, Informative)
Edit -> Hide MiniStore (or shift-command-M)
No information of any kind is sent when the MiniStore is disabled.
What iTunes 6.0.2 is doing:
Sending information about the currently playing track to Apple, and then displaying information related to that track in the iTunes Music Store in the MiniStore pane. It is not broadly "tracking your music preferences".
Further - though we admittedly don't know this since Apple doesn't explain how it is using the data - there is no proof that Apple is doing anything but merely changing the MiniStore display based on what track you are listening to (which is very likely exactly what they're doing); not aggregating or "tracking your music preferences".
iTunes isn't doing this surreptitiously, either: the MiniStore pane clearly actively changes depending on what track you have selected. One would presume this does not happen via magic or the dark arts.
I'd love to have comment from Apple, and a clear presentation that information is being sent to Apple for x purpose, and a clear option to allow - or disallow - such use. I've looked through the iTunes 6.0.2 license and do not see any such guidance.
Granted, the MiniStore pane is present by default, but it can be disabled as easily as is described above.
I realize many people think this represents "going over the line"; but is there ever any instance where datamining to match items you might be interested in to your interests is acceptable? Is there any value to having this be the default state in certain instances where it could be significantly helpful?
Re:Extremely easy to disable, and more info (Score:5, Insightful)
Then it should be disabled by default or you should be asked (in plain English) if you want it enabled when the program starts for the first time after update. If you say no it shouldn't ever ask you again nor should it track your listening preferences.
I realize many people think this represents "going over the line"; but is there ever any instance where datamining to match items you might be interested in to your interests is acceptable? Is there any value to having this be the default state in certain instances where it could be significantly helpful?
No. Absolutely not. Especially when they didn't ask my permission first.
Parent
Re:Extremely easy to disable, and more info (Score:5, Interesting)
You don't know that it's "tracking" anything, even now.
On the other hand, we don't know it's not doing that, since Apple doesn't tell us.
No. Absolutely not.
It's never ok for an external entity to attempt to match things to your interests? Okay, possibly a different philosophical outlook on things, here...
Especially when they didn't ask my permission first.
Agreed. But, as I said, it's not exactly a secret that it's doing something to be able to actively change the MiniStore display.
Sure, Apple's trying to sell something. But it can also be argued, correctly, that this improves the user experience with iTunes (aside from the broader privacy argument). I do, however, agree that Apple should have made this clearly known on the first launch, and given an option at the same time to simply disable it.
Parent
Re:Extremely easy to disable, and more info (Score:4, Insightful)
Then they can watch my surfing and purchase habits inside the *store* (which I am 110% sure that they already do). They don't need to track my listening habits for music that was not purchased in their store. Just because I am using their software doesn't mean they should be able to receive information about *everything* I listen to on it.
Since when was spying on people just because they utilize your software something that people found acceptable?
Parent
Re:Extremely easy to disable, and more info (Score:5, Insightful)
When I use the term "malware" I typically mean programs that do one or more of the following;
- resist uninstallation
- persist after uninstallation attempts
- reinstall after uninstallation or "by the roots" removal
- hide from the user
- hide from the operating system
- hide what they are doing *
- damage the operating system
- replace, interfere with, spoof, or hijack functions such as DNS resolution, home page, file associations and toolbars
- create problems in order to sell you a "fix" for them
The one with the asterisk, is the ONLY one of these things that iTunes is doing, and that only if the user is hopelessly ignorant about computers and the internet.
It might be "spyware" but it is not "malware" in my book.
Parent
seems like it could be okay (Score:5, Informative)
While it's been some time since I installed iTunes (to provide support for friends and family -- hard to walk them through an interface I've never seen) it seems to me that the tracking and recommendations is optional. I could be wrong.
That said, even if it were NOT optional, I'm not sure I see the controversy here. People love the iTunes/iPod marriage and the "it just works" philosophy.
Part of that philosophy is the synergy that is the relationship between the user and the product. Apple seems to be good at defining and enhancing that relationship. So, it seems (to me) a logical extension to "observe" the music a user likes and make recommendations therein.
How different and onerous is this compared to the Amazon "people who have purchased this also have purchased ...,"
feature?
iTunes isn't my cup of tea, but for many users, this "malware", in my opinion, is a far different (and more benign) animal than, say, the SONY DRM debacle.
As for the author's opinion about how controversial this should be, quoting the last paragraph from the article:
specifically and especially to his last sentence, I don't (have a feeling this will be making some waves in the immediate future).Furthermore!, it should be pointed out the author "concedes" in the article:
which almost completely renders moot the original thesis.So what? (Score:5, Interesting)
And what exactly sinister use will Apple have for this horribly damaging data, anyway?
Plus, it's so easy to disable. Get over it already.
More info (Score:4, Informative)
Here [boingboing.net]
and
Here [since1968.com]
Malware?? (Score:5, Insightful)
Spyware, sure, but not malware.
-stefan
Re:Malware?? (Score:5, Funny)
'Nuff said
Parent
Impossible!!! (Score:5, Funny)
Apple soars above such outrages!! You will feel His Jobnesses' Wrath!!
Amazon is malware! (Score:5, Funny)
Re:Amazon is malware! (Score:4, Insightful)
So, iTMS can track my habits just like Amazon does. iTunes should not.
Parent
Re:Amazon is malware! (Score:5, Funny)
Parent
iTunes is Malware? (Score:5, Informative)
Malware definition [wikipedia.org]
Perhaps the news submitter ment to use the term spyware?
Oh, build a damned bridge.... (Score:5, Insightful)
The reccommendations feature in iTunes is fantastic. Amazon's Reccommendations page has a "I own it" check box. I use this page frequently to find new music or books or DVDs I would be interested in based on the other things I own (even those I didn't buy from Amazon).
From TFA, it hasn't been determined if the cookie sent back contains your Apple ID. It may not. It may not contain anything traceable or of a privacy concern. How about trying to use iTunes on a clean install without buying anything first and seeing if it does the same?
But one thing is for sure - if you want service of a personalized nature, you have to be willing to let someone know something about you.
Please (Score:5, Funny)
So What? (Score:5, Interesting)
My point is that every time I go to the iTunes music store, I think, "Gee, wouldn't it be cool if the store knew about my collection and taylored the site to my tastes. I really don't care to see the latest offering from Kelly Clarkson.
I guess the ideal thing would be if I were given a choice. I didn't see any mention of that in the article. To me, that would be one way to satisfy both crowds. I guess I'll have to fire up iTunes and see if I'm being "watched".
Ok, seriously! (Score:4, Interesting)
In all seriousnes I will check the eula when I get home, but I bet there is something in there when you install a new version. On top of that, it only happens when you have the MiniStore open. The whole point of the MiniStore is to offer you music you might like. How else should it work?
You might be a redneck when... (Score:5, Funny)
You actually want this to happen (Score:4, Interesting)
What happens: iTunes sends a request to the music store if you click on a track in your iTunes Library. It displays the recommendations it received based on the track you clicked in a mini store below the library. If you dislike this, press COMMAND-SHIFT-M ( Edit > Hide MiniStore).
Is this spyware? I think the definition as used in the article is ways to broad:
spyware (because it sends information to a server) and adware (because it displays information to attempt to sell you products)My definition would include "without my consent and without me being able to turn if of". Maybe yours would be "without asking me BEFOREHAND".
The main problem is that we are developing a lot of technology that allows us to personalize any kind of service. This has been impossible in the past, but with the establishment of the web as data infrastructure and database driven applications on web servers accessing data from millions of users at a time, this all changed. I think we have to change the way we think about this and whom to blame.
I'm somewhat paranoid about my data, e.g. I only pay cash to leave no trace. On the other hand I LOVE amazons recommendation system and am very willing to give them informations not only about what I buy, but also about what I might buy. [But I wouldn't search amazon for the "Anarchists handbook" or "DIY pipe bombs" without deleting my cookies first.]
We're just at the beginning of the massive use of personalization. Wait a couple of years and someone will convince you with a service that requires tracking you via GPS 24h/day. The old idea of "minimal data collection" simply will not work. But 1984 wont happen either. We will get used to leaving data tracks everywhere. [One thing that really scared me was AT&Ts patent to read the RFID tags in your trash can to find out about your consumption habits.] It will happen because it is so convenient. Like gene modified fruit or gene therapy. Resistance is (basically) futile, though often worth a try.
Our main focus should be to push society into handling this wisely, if it cannot (or should not) be stopped. So push for privacy laws that do not simply allow or prohibit collecting data, but which clearly define who may access the data, what they may do with it, in which ways they have to inform you about it.
Control what is done with your data, not if it exists at all.
Chriss
--
memomo.net - brush up your German, French, Spanish or Italian - online and free [memomo.net]
Yes it is... (Score:5, Funny)
P.S. I also heard the sky was falling...
Windows Media Player (Score:5, Insightful)
Sample headline: "It seems the most recent update to Microsoft's bundled media application Windows Media Player is mining the music tracks that a user plays and sending that data back to Microsoft in order to present the user with similar tracks from the MSN Music Store. What Microsoft does with this data after Music Store recommendations are made is unknown."
Will the apologists for Apple and their data mining stand up in this case as well?
Interesting question, anyway.
B
Maybe this will improve their selection? (Score:5, Interesting)
But it's not Microsoft! (Score:4, Insightful)
How ironic (Score:4, Funny)
RTFA and stop whining about things which aren't (Score:5, Informative)
THIS IS NOT THE "RECOMMENDED FOR YOU" WINDOW IN THE MUSIC STORE. This is a new bar which appeared prominently in a playlist window by default after the latest update. THIS IS NOT HIDDEN TRACKING. THIS IS A CLOSABLE AD.
The mini-store bar is very obvious. It is annoying that it appears at all, but can be turned off easily (click the close/hide button) just like the album artwork. The mini-store is not subtle. It very clearly is showing songs in iTMS that match whatever song you just selected in iTunes, like other songs by that artist, and such. It does not appear to suggest songs based on my previous purchases. It looks just like the iTMS store (when you get to actual tracks), but at the bottom of *your* playlist instead of going through the usual iTMS clicks.
According to the reports, sniffing the traffic shows that if you close the mini-store window, it does not bother to send any hits/requests/info back to Apple. Presumably because you wouldn't see the results anyway. If Apple is sending my uniqueid along with my selection clicks, this would be somewhat more of a privacy issue.
I am annoyed by the new "feature" since I hate advertising. But I don't see it as a serious breach of privacy, except that a little popup explaining the new feature and what it does would have been greatly appreciated. It's only a little different from clicking on tracks in the iTMS in that it appears in playlists.
Adware? Sure. Spyware? No. Annoying? Yes, for five seconds, until you click the hide button.
Re:Big Brother and the iTunes Company (Score:5, Informative)
Suspected? Secretly? They make no secret about it. What do you think those cards are for? They offer you discounts in return for your demographic information and purchasing habits. They print coupons after your sale based on it too. Its not some grand secret conspiracy.
Parent
Re:Big Brother and the iTunes Company (Score:5, Funny)
Makes me wonder what happens in their data centers when I make a late-night beer run...
Parent
Re:Big Brother and the iTunes Company (Score:5, Funny)
Parent
Re:Big Brother and the iTunes Company (Score:5, Funny)
It still gets me when they try to do the whole "Have a nice day Mr. ___" after you pay them, take a look at the name, pause, and then give up on the whole tactic altogether.
Parent
They do track you... (Score:5, Interesting)
Parent
Re:Big Brother and the iTunes Company (Score:5, Interesting)
But as I've read more about the grocery store industry I'm thinking more and more that those 'club' cards aren't much about tracking consumers as in identifying the gross number of unique shoppers that use the club card.
The reason being, is that the way grocery stores work is a little counter-intuitive. You would think that some shopper for safeway goes out, finds some variety of products , then places them on the shelves in such a way that the more profitable are chest level.
The actual mechanics are much more complex. Food suppliers will actually pay money to have their products on the ends of the isles, in the best position on the space. I'm pretty sure there's a little buying and selling on the part of Safeway, but I suspect the real situation is more like the suppliers are renting the space out to put their products on.
The store brand then is the way the store makes money on the actual product not on just the shelf space.
Therefore, the club cards are something that safeway charges for. Products become club specials, not when safeway finds a crate going bad, or found a good deal, but when the supplier pays safeway to put them on the club. So, Safeway really doesn't care about the information behind the card, (My last couple of club cards I got, they just handed me a new card, I didn't have to fill out anything). All safeway cares about is how often the card is used, so they can tell their suppliers how great it would be if they put their products on the club card.
Parent
Re:Big Brother and the iTunes Company (Score:5, Informative)
As far as tracking sales with the club card. For instance, the safeway cards that do not have magnetic stripes but rather just a barcode, that barcode does not hold a lot of information. The other club cards with the magnetic strip can actually made to link to your checking account for shopping at Vons. Of course a pin number is tacked on for a bare level of security. I find that the vast majority of customers will have a club card with correct information as well. Also many of them have the card connected to their bank accounts.
As far as employees not using their club card, I have never heard an employee say they refuse to use the card as it tracks sales (I mean, heck, this company pays your freaken checks, they have all your information ANYWAY). Most employees that do not have cards are really just to damn lazy to fill out a peice of paper.
Speaking of iTunes, yes they are tracking what you download, not sure if they ask or not, though I'm sure its in the eula, but if they asked and you said yes, I do not see the problem. Do not like it, do not use them for your music needs.
Parent
Privacy Risk != Malware (Score:5, Insightful)
Kneejerk reactions like this are unsupprising given the current culture of "Oh my god, the've got my name and they know what music I like!". If you are conserned about your privacy with regard to a company or service, I suggest you start with their Terms of Service [apple.com] and Privacy Policy [apple.com] - If you don't like them, you don't have to use their service.
Parent
Re:Big Brother and the iTunes Company (Score:5, Funny)
Why, their motto, of course! After all with a motto like Don't be Ev... whoops.. I'll come back next article.
Parent
Re:Big Brother and the iTunes Company (Score:4, Insightful)
Parent
Re:Big Brother and the iTunes Company (Score:5, Insightful)
Parent
Re:Big Brother and the iTunes Company (Score:5, Insightful)
Parent
Re:Big Brother and the iTunes Company (Score:5, Funny)
Parent
Re:Big Brother and the iTunes Company (Score:5, Insightful)
While the poster might be absolving the user from all responsibility, you are doing the same with Apple. Privacy is something that needs to be respected by the vendor and they should be required to ask the user what elements of their privacy they are willing to give up. There are just too many contracts for too many different things to be able to read them all - it would be nice, but in reality people give up on reading them.
Parent
Re:Big Brother and the iTunes Company (Score:5, Interesting)
Parent
Re:Big Brother and the iTunes Company (Score:5, Informative)
Yup. I was able to shut it off moments after seeing it on.. I didn't even know what it was doing there, why I couldn't shut it off or that it was even watching what I was playing. I just went into options, parental controls, and shut off the music store because I don't use it anyway, if I want to buy something from the ITMS I'll just go enable it and purchase, then disable it again..
Also I saw an article today here [macosxhints.com] at macosxhints.com (via slashbox) which explains how to do it too:
"Thankfully, there's an easy workaround. Kirk McElhearn used tcpdump to verify that if you simply disable the mini store (Edit: Hide Ministore, or just Shift-Command-M), then no data is transmitted. So that's the hint -- if you value the privacy of your listening habits, then hide the mini store. "
-matt
Parent
It's there (Score:5, Informative)
Parent
Re:Big Brother and the iTunes Company (Score:5, Interesting)
I've bought about 10 songs from the iStore, but have about 3000mp3s in my iTunes. The recommendations I've gotten are pretty obviously from those 10 songs I bought. Don't know if they know about my 3000mp3s, but they're not making recommendations from it right now.
Parent
But it can be disabled trivially. (Score:5, Informative)
But I don't think people should worry. You can simply press one button and iTunes stops doing it (the disclosure button on the left side of the bottom button bar). It's pretty simple to verify that your computer isn't sending any data on track selection or play when that window is not added, so in general you only get this information when you ask for it. Further, all it has to go on are the identifying tags in the music, and these can be easily changed, so it's not something that could ever hold up in any sane court if someone came at you with a lawsuit. Then again, sanity doesn't seem to be a prerequisite these days, so our milage may vary.
Don't get me wrong, I am not to happy about this feature because it's effectively embedding ads in iTunes. They're pretty well targeted, but they're ads. Still, the article seemed to overreact to what iTunes is doing.
Parent
Re:OMG! (Score:5, Insightful)
Parent
Re:OMG! (Score:5, Insightful)
You know if this was Sony or Microsoft there would be howls of anger and the pitchforks and torches would already be out. Apple does it and; "hey, they're swell guys but I don't know how comfortable I am about this".
If the crack dealer I see on the corner were to pull a gun out of his pocket, I'd go for cover. If my brother pulled a gun out of his pocket I'd probably say something like, "hey what is that gun you're carrying?" The reason for this is because I know my brother and have some level of trust in him. I might say, "hey put that away" if I felt it was inappropriate. I feel that what Apple has done is inappropriate. They should have issued a privacy policy that explains what they do and don't do with the information they are collecting. They should have had the feature disabled by default (even if they included a big "enable ministore suggestions" button). That said, Sony has a history of doing unethical things, as does MS. Apple has a much better record. Thus, I give them the benefit of the doubt and assume they are probably not data mining. If that proves not to be the case, I'll be more skeptical of them in the future.
I can't believe people are focusing on this, however. I mean sure, this is pseudo-spyware (not malware), but Apple just released machines that implement EFI. I'm much more concerned about the "trusted computing" possibilities of the new firmware than I am about iTunes. One might let them collect data about the songs listened to using freeware they distribute (with an easy option to turn it off). The other might allow them to restrict your actions on the hardware you buy, after the purchase. I'm tentatively giving them the benefit of the doubt there too, but it is certainly a much more pressing concern than iTunes phoning home.
Parent
Re:OMG! (Score:5, Interesting)
Yea, I'm about as worried about Apple knowing my musical tastes as I am about Amazon knowing my reading preferences. As in... not at all.
If you're the type that's worried about Amazon and Google tracking you with cookies and such, then yea, it's nice to know about this ( and the fact that they don't track you when the mini-store is hidden ). I guess I'm just not that paranoid... I'm actually quite happy to tell everyone what kind of music I like. I'd even tell you, if I thought you wanted to know.
I'm frankly much more paranoid about Google keeping records of my searches and gmail messages, but even that... I mean, if you use credit cards, Apple knowing your music preferences is the least of your worries.
Parent
Re:+5 Insightful? the Mind Boggles! (Score:5, Insightful)
if you really want to bitch about nothing then here's a far better one: Firefox has cookies enabled by default and sets your homepage to one of theirs on first run - THEY COULD BE SPYING ON EVERYTHING YOU EVAR DO ON TEH INTERPOWER COMPUTERWEB!
Parent