Windows Tracks CDs & DVDs You Watch 421
lcypher writes "The AP is reporting that
there is spyware within Windows Media Player
8(which ships with XP), which records the song
titles and DVD titles that a user listens to or views in WMP8. Microsoft execs claim no marketing use right now, but they won't rule it out. "
This looks like less of a big deal than the article
makes it out to be, but it definitely could be used
for evil.
Playing right now: (Score:5, Insightful)
---
But anyway, fair enough. What I'd like to know is how easy it is to insert my own random data into that playlist before it goes off to Microsoft?
Seems the only way to fight this will be with dis-info
It won't be personally identifable? (Score:4, Insightful)
This is just a local CDDB mirror (Score:5, Insightful)
It appears they extended to DVDs as well as CDs (just a bigger database I suppose).
The article is a bunch of fluff for a functionality we've used for a long time with numerous programs such as XMCD, AudioCatalyst, etc etc. Microsoft adds it to media player and omg, privacy for getting the disc information for you. I'm pretty sure there's a button to turn it off.
(Gracenote is probably using the CD request data anyway for marketting purposes these days).
This is basically CDDB (Score:2, Insightful)
If you look in your home directory on your Linux box, you'll probably find a similar cache.
Someone just noticed that you can reconstruct people's listening habits from their CDDB lookups - no big deal.
We'd like to inform you (Score:5, Insightful)
So what? (Score:1, Insightful)
Re:This is basically CDDB (Score:5, Insightful)
Re:Winamp does this too (Score:4, Insightful)
You don't. I do. I don't need a reason to want to keep people out of my personal life. Rather, they need a good reason to butt into it.
Max
It's not a log, it's a cache (Score:5, Insightful)
Of course, mainstream media can spoonfeed the word/concept "log" (eg. history, audit, etc.) easier than it can "cache".
Reality Forces me Into Cynicism (Score:2, Insightful)
Technology permitted capture of more information about us, our habits, our preferences, our purchases, any activity; and a company or State passed on that opportunity.
Winamp does the same damn thing (Score:2, Insightful)
not just CDDB (Score:4, Insightful)
The same company that assigns you a unique number for the downloads you make also has the database you were required to register with in order to activate your WindowsXP. Manipulated properly it would be a rather simple task to match a real name and address with what you watch on media player - especially if this 'unique number' and the registration number for XP were one and the same.
And note that Microsoft hasn't ruled out using the data for marketing purposes. Imagine the look on your spouse's face when you suddenly start getting free trial issues of Spanking Teen Cheerleaders! . Or the look on your face when the FBI comes crashing through the door because an 'anonymous tip' from a 'reputable source' claims that you were watching illegal porn videos.
Max
I can't even play music on my computer any more! (Score:5, Insightful)
And when I use the Sony Media Bar software that came with my Vaio, to try to listen to a CD while browsing the web and performing another task (graphics or HTML editing, for example), the damn thing crashes!
The machine has a perfectly good DVD-ROM drive. If I could just run a headphone jack directly out of it, and play CDs with no stupid software layer involved, I'd be happy. But I can't.
So now, sadly, I have to listen to music on a portable CD player sitting on my desk. My perfectly usable computer has been handicapped by its software.
The worst part is, that when I see what's coming down the pipe -- region-coded everything, RIAA/MPAA copy "protection" lockdowns destroying fair use, the death of webcasting, even more media mega-mergers, and spyware in EVERYTHING -- I know that it's going to get a lot worse.
Re:What could somebody do with this data? (Score:1, Insightful)
Well, actually you can just make this stuff up... (Score:5, Insightful)
This article is mostly scare tactics, as ever since the beginning of time there's been a file named CDPLAYER.INI in the windows folder that stores CDDB info. A local cache should actually enhance your privacy as it will reduce calls to central servers when you play your CDs or whatever.
WMP 7+ however doesn't use this file. If you look in your Windows folder again, you'll notice a couple of files named WMSysPrx.prx and another one named similarly that actually stores the song database. That's how the 'media library' feature works, it's all stored in there -- you would expect a program that catalogues songs to store a list of media played somewhere, wouldn't you?
It's true WMP does track how many times you play a song. But discovering the fact isn't aexactly a journalistic coup, it's listed in the program itself. Look in the 'Media Library', this is listed along with all the rest of the ID3 information (at least in WMP 7)... not exactly a huge secret. I have never heard of MS sending this info off to its site before... that sounds a lot like how Real got into trouble a few years back, and also a lot like a very inventive and paranoid reporter. If you're worried, delete those files mentioned above every so often.
The unique ID is more interesting. I really recommend turning this off in your WMP options, as it's only really useful if you're buying proprietry WMA files online... and somehow I don't think many slashdotters will be doing that
The worst part is that it opens up the recently discovered SuperCookie [securitytracker.com] exploit in which websites can embed a player in a page and get it's ID number. Since it's globablly unique and installed on most computers, it's a great way of tracking users who are savvy enough to turn off cookies.
So nuke the ID feature quickly from your player options... even if you use *AMP to play your sounds, you could still be vulnerable to this.
Proof of Microsoft's bad faith (Score:3, Insightful)
"This is essentially a case where it (the ID) doesn't serve any purpose and it isn't used," [Microsoft's] Caulton said.
Which begs the obvious question of why put it in there in the first place.
The end of the article takes an interesting twist:
In a recent memo, Microsoft chairman Bill Gates ordered his company to check for privacy and security concerns before adding new features.
"Users should be in control of how their data is used," Gates wrote. "Policies for information use should be clear to the user. Users should be in control of when and if they receive information to make best use of their time."
[...]
He said the feature seems to conflict with Gates' directive.
"You can really see the Microsoft culture coming through that Gates wants to change. These guys are digging in their heels," he said.
Bill Gates is not a stupid person. Let us suppose for a few moments that he really has seen the writing on the wall and is sincere about this new direction for the company.
Gates bred this culture that he is now trying to change. And the paradigm shift for his company is much sharper philosophically than the previous one of desktop- to network-centric computing.
And then there is the very real argument that Microsoft's proprietary, closed-source code policy is antithetical, or at the very least sub-prime for dealing with privacy and security concerns.
What's an ersatz-visionary computer mogul to do?
Re:This is just a local CDDB mirror (Score:3, Insightful)
Re:Turn off Windows Media Player (Score:3, Insightful)
Well, yes. If I am seen boarding a plane headed for Washington DC, that's not news. If Osama Bin Ladin is seen boarding a plane headed for Washington DC, that's news.
Re:We'd like to inform you (Score:2, Insightful)
Is DVD chapter navigation a needed or useful feature? I'm sure if we ask MS, they will respond with their usual "our customers ASKED us for this feature" response the same way that ALLLL of those customers really, REALLY wanted Product Activation. Sorry, but given MS's track record, this little "feature" will probably be used for their continued little monopoly purposes. Remember, they are trying become the center of your Home Entertainment because after all, thats where the REALLY big dollars are at. If they can show the MPAA and RIAA that they can control what you listen, watch and jack off to, then they out themselves in a very sweet position of becoming THE defacto OS for your next PVR, CD player, DVD player, etc. All it would take is one little service pack to enable that "only a local CDDB" to start being transmitted for complete tracking purposes. And no doubt, you will have given them the right to do it through one of those oh-so-readable click thru EULAs.
Even worse: IE tracks your browsing! (Score:3, Insightful)
The worst part is, Microsoft doesn't deny that they could use this information for marketing!
The only way these customer-hostile corporations will get the message is if we vote with our wallets. Don't use IE! Use only browsers that don't maintain this so-called "History" log! Power to the people!
</sarcasm>
By now, everyone knows that this behavior inside WMP is just CDDB lookup caching. Every CD player I've ever seen has done the same thing. For that matter, so does every program that caches anything, from your web browser to your email program to... well, anything.
You can all stand down from red alert now. Cancel the march on Washington.