iTunes is Malware?

Moby writes "On the heels of the big Apple love-in that is Macworld comes some interesting but alarming news. Recently a few blogs have started to indicate that iTunes is tracking your music preferences and using that data to recommend other songs from iTMS. The article provides a good overview, with some recommendations of its own. Basically, iTunes is tracking your music and sending the data back to Apple servers. This info is then used to advertise songs that may be to your tastes. A convenient feature, perhaps, but it raises concerns over privacy."

Re:Big Brother and the iTunes Company

[IAmTheDave]

I don't know about all stores online, but the e-commerce site I run keeps a database of purchases for both my own book-keeping and customer support needs (like, track a shippment, order history.) The data is already there, I don't understand how it becomes spyware when the data is mined to look for similar music that might match what you already have purchased through the store.

Re:Extremely easy to disable, and more info

[garcia]

Edit -> Hide MiniStore (or shift-command-M) No information of any kind is sent when the MiniStore is disabled.

Then it should be disabled by default or you should be asked (in plain English) if you want it enabled when the program starts for the first time after update. If you say no it shouldn't ever ask you again nor should it track your listening preferences.

I realize many people think this represents "going over the line"; but is there ever any instance where datamining to match items you might be interested in to your interests is acceptable? Is there any value to having this be the default state in certain instances where it could be significantly helpful?

No. Absolutely not. Especially when they didn't ask my permission first.

Malware??

[ShortSpecialBus]

What is it doing that is malicious?

Spyware, sure, but not malware.

-stefan

OMG!

[east coast]

From the blurb: Basically, iTunes is tracking your music and sending the data back to Apple servers. This info is then used to advertise songs that may be to your tastes. A convenient feature, perhaps...

You know if this was Sony or Microsoft there would be howls of anger and the pitchforks and torches would already be out. Apple does it and; "hey, they're swell guys but I don't know how comfortable I am about this".

WTF? Where has all the anger gone?

If Steve Jobs was a record exec we'd have a battle cry that he should be flogged in public and put in the stocks for no less than 28.7 years.

Oh, build a damned bridge....

[nvrrobx]

...and get over it.

The reccommendations feature in iTunes is fantastic. Amazon's Reccommendations page has a "I own it" check box. I use this page frequently to find new music or books or DVDs I would be interested in based on the other things I own (even those I didn't buy from Amazon).

From TFA, it hasn't been determined if the cookie sent back contains your Apple ID. It may not. It may not contain anything traceable or of a privacy concern. How about trying to use iTunes on a clean install without buying anything first and seeing if it does the same?

But one thing is for sure - if you want service of a personalized nature, you have to be willing to let someone know something about you.

Re:Amazon is malware!

[mopslik]

Amazon.com is a malicious website! When I click on a book, they show me other books that people have purchased with it!

While the term "malicious" should probably not have been applied to either iTunes or Amazon, what you say is correct: Amazon.com monitors your clicks and purchases, and profiles it against its database to suggest other books you might want to purchase.

The difference, of course, is that while you are clicking on Amazon.com, you are essentially playing about on their server. When you are casually listening to MP3s via iTunes, your personal data is being collected and sent from your own computer.

Privacy Risk != Malware

[FalconZero]

Ever used an Internet browser? That sends data to various servers, does that constitute a risk to your privacy? Probably, but it doesn't make Firefox, IE & Opera 'malware', in the same way that even if iTunes is sending data to Apple, it's not necessaraly malware.

Kneejerk reactions like this are unsupprising given the current culture of "Oh my god, the've got my name and they know what music I like!". If you are conserned about your privacy with regard to a company or service, I suggest you start with their Terms of Service [apple.com] and Privacy Policy [apple.com] - If you don't like them, you don't have to use their service.

Re:Extremely easy to disable, and more info

[garcia]

But it can also be argued, correctly, that this improves the user experience with iTunes (aside from the broader privacy argument).

Then they can watch my surfing and purchase habits inside the *store* (which I am 110% sure that they already do). They don't need to track my listening habits for music that was not purchased in their store. Just because I am using their software doesn't mean they should be able to receive information about *everything* I listen to on it.

Since when was spying on people just because they utilize your software something that people found acceptable?

Re:Big Brother and the iTunes Company

[Moby Cock]

The song you are listening to may NOT have been purchased through iTMS. They are monitoring your library of songs that have been obtained in other manners and keeping record of them too. That is spyware.

Re:Extremely easy to disable, and more info

[spectre_240sx]

I don't see that in iTunes 6 on the Mac at my office. Is this only for PCs or something?

Anyway, I love having new music reccomended for me. I have an account at Last.FM [www.last.fm] set up to do just that for me. It keeps track of every song I listen to, rates the artists I listen to most as well as the albums and songs I listen to most. It even has a community feature where you can find people with similar music tastes.

Re:Amazon is malware!

[garcia]

Amazon is a store accessable via a web browser. iTMS is a music store accessable via software. iTunes is an interface to iTMS *OR* a standalone player. As far as I'm aware Amazon doesn't have its own branded browser.

So, iTMS can track my habits just like Amazon does. iTunes should not.

Windows Media Player

[brettlbecker]

It would be interesting to re-phrase the question and replace "iTunes" with "Windows Media Player" and see what kinds of responses are generated by the Slashdot crowd.

Sample headline: "It seems the most recent update to Microsoft's bundled media application Windows Media Player is mining the music tracks that a user plays and sending that data back to Microsoft in order to present the user with similar tracks from the MSN Music Store. What Microsoft does with this data after Music Store recommendations are made is unknown."

Will the apologists for Apple and their data mining stand up in this case as well?

Interesting question, anyway.

B

the art of spying on an exhibitionist

[jheath314]

My taste in music is my business and I don't want other people knowing that my most listened to album is Tom Dooley and Other Hits by The Kingston Trio.

/me tries avoid posting just to point out the irony of writing this on /.

*strain*

Re:OMG!

[NeutronCowboy]

Maybe because it can be disabled? Maybe because it doesn't root your computer? Maybe because it just isn't as bad as the stuff Sony and MS pull on a regular basis? Maybe there is no conspiracy?

But it's not Microsoft!

[saleenS281]

Everyone knows tracking is only bad when it's from "evil" companies like SCO, Microsoft, or Sony. Apple is "good" and "on our side".

/satire In all reality, this would be fine if they had a clearly labeled option/popup when you first ran iTunes. "Hey, we'd like to track the songs you listen to so we can recommend some other songs we think you'll like" and not buried somewhere in a EULA, or not actually brought up at all. Then again, from what I can tell apple doesn't like to give users choice, they like to decide what's right and wrong for you. This truly isn't a flame either... after working back and forth with them extensively for over a year, it's just how they operate. Sometimes it's a good thing, sometimes it's not. In this case, I would say it's not.

Re:Big Brother and the iTunes Company

[Ucklak]

Is this any different from Microsoft's Windows Media Player database that phones home or used to phone home?
http://www.computerbytesman.com/privacy/wmp8dvd.ht m [computerbytesman.com]

Re:OMG!

[kannibal_klown]

You know if this was Sony or Microsoft there would be howls of anger and the pitchforks and torches would already be out. Apple does it and; "hey, they're swell guys but I don't know how comfortable I am about this".

Actually, no. As much as I "don't like" Microsoft and such, if they did this I wouldn't care.

It's saying "Hmm, you seem to like a lot of girlie music. We think you might like this song by the Backstreet Boys. Check it out of you want."

In my opinion, that's not malware. Malware would be installing a rootkit, or installing a driver/DLL that prevents you from listening to non DRM'ed songs on your PC alltogether. This is just implementing what just about every big online site does: based on your habits while using our service, might we recommend product X

It's just over-reactionary. Now, if this thing reports to Apple that "Person x has a suspicious number of mp3's with common hashcodes. Notify the RIAA ASAP!" then I would definately start Apple bashing. But it isn't, so who cares.

Re:Big Brother and the iTunes Company

[Ghostx13]

Right from www.apple.com/itunes "while you're browsing your own music, the MiniStore will automatically show you more music from your favorite artists that you can find at the iTunes Music Store." If you don't like it, don't use it. It's not being deceptive about what it does, which is why it's not spyware. You didn't bother reading what the software clearly states it does, and now your mad about it. How does that make sense.

Re:Big Brother and the iTunes Company

[C0rinthian]

I wish Apple would make a service called halfTunes that sold songs at 50 or 25 or free for bands that are looking for exposure, not profits.

And why do you think bands are looking for exposure? Exposure means more customers. More customers means more profits.

Re:OMG!

[99BottlesOfBeerInMyF]

You know if this was Sony or Microsoft there would be howls of anger and the pitchforks and torches would already be out. Apple does it and; "hey, they're swell guys but I don't know how comfortable I am about this".

If the crack dealer I see on the corner were to pull a gun out of his pocket, I'd go for cover. If my brother pulled a gun out of his pocket I'd probably say something like, "hey what is that gun you're carrying?" The reason for this is because I know my brother and have some level of trust in him. I might say, "hey put that away" if I felt it was inappropriate. I feel that what Apple has done is inappropriate. They should have issued a privacy policy that explains what they do and don't do with the information they are collecting. They should have had the feature disabled by default (even if they included a big "enable ministore suggestions" button). That said, Sony has a history of doing unethical things, as does MS. Apple has a much better record. Thus, I give them the benefit of the doubt and assume they are probably not data mining. If that proves not to be the case, I'll be more skeptical of them in the future.

I can't believe people are focusing on this, however. I mean sure, this is pseudo-spyware (not malware), but Apple just released machines that implement EFI. I'm much more concerned about the "trusted computing" possibilities of the new firmware than I am about iTunes. One might let them collect data about the songs listened to using freeware they distribute (with an easy option to turn it off). The other might allow them to restrict your actions on the hardware you buy, after the purchase. I'm tentatively giving them the benefit of the doubt there too, but it is certainly a much more pressing concern than iTunes phoning home.

Opt-in or opt-out

[Frankie70]

Granted, the MiniStore pane is present by default, but it can be disabled as easily as is described above.


Shouldn't a non-evil company have Opt-In rather an
Opt-Out - spammers are the ones who are supposed
to prefer opt-out.

Re:Big Brother and the iTunes Company

[croddy]

Usually, the way to handle something like this is to leave the feature disabled, unless you've asked the user or they explicitly enable it. The problem is that it is enabled by default, without asking the user.

Re:Big Brother and the iTunes Company

[Ghostx13]

If the user bothered to read the features list they would know it was there. You're absolving the end user from personal responsibility. The information was there, but the users were too lazy to bother reading anything about the product they were using. The American public is used to being spoon fed everything and it's led us to being fat and lazy. Personal responsibility folks. It's not that difficult of a concept.

Re:Extremely easy to disable, and more info

[garcia]

It may infuriate you, but that's just the state of things, I guess.

Giving up is lame. You should be ashamed.

What about piggybacking Quicktime downloads?

[Curmudgeonlyoldbloke]

Not sure that tracking purchases is really "malware", but I'm certainly not a fan of the way that the default Quicktime download is "QuickTime 7 with iTunes 6".

If I wanted iTunes I'd download it - I don't want it appearing on my PC because I installed something else. There is (or was last time that I needed it) a non-iTunes version that you can find after lots of hunting around, but it's sharp practice at least to make it available this way.

Re:Big Brother and the iTunes Company

[tsa]

You don't even have to play it. Just selecting it is enough. I like this new feature, but I think I'm the only one here :-)

+5 Insightful? the Mind Boggles!

[tabdelgawad]

1) "But you can turn it off!" - And here I thought it was about default settings and opt-in. Didn't we (users) already fight these battles with Windows Media Player and Real?

2) "But Amazon does it!" - In a browser, while online browsing on *their* servers. A child can see the difference.

3) "But it's useful!" - So, potentially, is any invasion of privacy. If they know everything about you, they can make your shopping experience *really* convenient!

4) "But Apple wouldn't use the info for bad purposes!" - The government wanted to access your bookstore receipts and library checkouts (in addition to monitoring your phonecalls and emails without warrants). I'm sure Apple will fight to the last cent before handing over one iota of info to the government ...

Every one of these points was made in a +5 moderated post. Think, moderators, think!

Re:Extremely easy to disable, and more info

[jafiwam]

To add to the parent poster, I think "Malware" is not an appropriate term for what this program is doing.

When I use the term "malware" I typically mean programs that do one or more of the following;

- resist uninstallation
- persist after uninstallation attempts
- reinstall after uninstallation or "by the roots" removal
- hide from the user
- hide from the operating system
- hide what they are doing *
- damage the operating system
- replace, interfere with, spoof, or hijack functions such as DNS resolution, home page, file associations and toolbars
- create problems in order to sell you a "fix" for them

The one with the asterisk, is the ONLY one of these things that iTunes is doing, and that only if the user is hopelessly ignorant about computers and the internet.

It might be "spyware" but it is not "malware" in my book.

Because the same people

[C10H14N2]

Would probably have a conniption fit if they walked into a bar and the bartender brought them "their usual" without being prompted. When it's a human, this is called "good customer service." Suddenly, when it's a computer, it is the root of all evil. As long as they keep it to themselves, sort of like the bartender not running up to your office and telling everyone you like to have fifteen martinis every wednesday night, I don't see the big deal.

Re:Oh, build a damned bridge....

[revscat]

Question: How can it in any way be construed as "secret" when it takes up approximately 20% of the application's window?

Re:+5 Insightful? the Mind Boggles!

[Yahweh Doesn't Exist]

the terms "opt-in" and "opt-out" are way out of proportion here. this isn't some obscure setting or (de-)registration procedure. it's a single click of the mouse to close a window.

if you really want to bitch about nothing then here's a far better one: Firefox has cookies enabled by default and sets your homepage to one of theirs on first run - THEY COULD BE SPYING ON EVERYTHING YOU EVAR DO ON TEH INTERPOWER COMPUTERWEB!

Re:+5 Insightful? the Mind Boggles!

[Kenshin]

1) "But you can turn it off!" - And here I thought it was about default settings and opt-in. Didn't we (users) already fight these battles with Windows Media Player and Real?

It's not like it scans your entire library the moment you launch iTunes.

The matter is you can turn it off before it DOES ANYTHING.

Re:Big Brother and the iTunes Company

[timeOday]

Baloney. You're readining far more into that disclaimer than what it actually states. When they say "your favorite artists," it's reasonable to assume they're gleaning this from your interactions with *their* website. Just as Amazon does. But when they're monitoring your actions on your own computer and sending it back to a central server... sorry, that's the definition of spyware. iTunes is spyware.

They can defuse this whole situation simply by adding a checkbox to iTunes, to only enable this invasive feature at the user's request. If enough customers demand it, I'm sure they'll comply. Personally, if they want to make money tracking me, they'll at least have to pay for the privilege.

Re:Big Brother and the iTunes Company

[Ghostx13]

"while you're browsing your own music, the MiniStore will automatically show you more music from your favorite artists that you can find at the iTunes Music Store."

"it's reasonable to assume they're gleaning this from your interactions with *their* website."

Appearently you're not reading enough into it. It clearly states, as you can see from my bolding above that it says "while you're browsing YOUR OWN MUSIC". It doesn't say "while your browsing the ITMS" or "while your browsing apple.com" it clearly states "YOUR OWN MUSIC". Maybe my reading comprehension isn't up to par, but when something says "YOUR OWN MUSIC" I'm assuming they mean my own music.

Malware means MALICIOUS software

[Overly Critical Guy]

You're absolutely right. Hey, kids, guess what? Every web server you visit is logging your IP address in their server logs! My god! Even what browser and OS you're using!

iTunes recommending music based on your purchases isn't "malware." If iTunes was actually being malicious, THAT would be malware. All it's doing is recommending albums. What an inflammatory headline to generate page hits. People need to read the definition of what malware actually is.

Re:What about piggybacking Quicktime downloads?

[Xenna]

Yes, that's what annoyed me as well. my girlfriend had to install a quicktime viewer for a university course recently and ended up with iTunes.

I already hated quicktime for various reasons and now I hate it even more. And iTunes with it :(

$appleimage--

X.

Re:OMG!

[notaprguy]

Try instaling Windows Media Player. By default, Microsoft does NOT collect any data. You have to "opt in." Apple's approach seem to be that you have to "opt out."

Re:Impossible!!!

[Sentry21]

The ergonomically designed iTunes interface hides nothing from the user and shows any and all pertinent information at the briefest glance.

Truer than you know - the 'malware' is actually iTunes suggesting similar music when you click on a track, which displays in the Ministore pane. If you turn off the Mini-store, then no data is sent. Hence, your statement is correct. It *isn't* hiding it from the user, and it *does* show pertinent information. Neat huh?

Re:How ironic

[DaveV1.0]

You forgot they are also the ones sharing their musical tastes when the put songs on all those wonderful P2P sites and software.

Re:Big Brother and the iTunes Company

[timeOday]

If you don't like it, use something else

People can't decide to quit using spyware until they discover it, now can they? That's the value of publicising this issue.

As it happens, I'm not an iTunes user at all (mplayer and xmms). One of the big things I love about Linux is freedom (for lack of a better word) from little spams tucked into every icon and preinstalled application and bookmark. But I think issues like this clearly illustrate the benefit of keeping media available outside proprietary players, and that won't happen unless a lot of people demand it. My own choices alone will not determine the environment I live in. The more people complain about the commercialization of every mouse click, the better the future will be.

Say it ain't so

[inkswamp]

You mean Apple is doing exactly what they stated they were doing when they unveiled this feature months ago? NOOO!!! How shocking! What an outrage. I'm glad the sleuthing reporters at mcelhearn.com are on top of these shocking developments and can bring them to our attention so quickly.

Quit being so paranoid!

[Anonymous Coward]

When you buy a burger and Coke at McDonalds, they look at your purchase and say, "You want fries with that?"

That's all ITMS is doing... They just want to be able to say, "You want a Barry Manilow tune with that?"

Re:Big Brother and the iTunes Company

[Midnight Thunder]

If the user bothered to read the features list they would know it was there. You're absolving the end user from personal responsibility.

While the poster might be absolving the user from all responsibility, you are doing the same with Apple. Privacy is something that needs to be respected by the vendor and they should be required to ask the user what elements of their privacy they are willing to give up. There are just too many contracts for too many different things to be able to read them all - it would be nice, but in reality people give up on reading them.

Re:Big Brother and the iTunes Company

[xnot]

No. I see a big difference between spyware, which is software installed without my consent and which sends information to anyone who may want it and what iTunes is doing, which is collecting information for the purposes of improving my user experience in iTMS. The difference for me I think is the amount of value the company provides for my agreeing to them collecting information. Random information collected about me while I use my computer does not benifit me in any way- it only benifits the company that installed the spyware. Thus it has no use to me, and I delete it. But what google, amazon, and now iTunes do actually helps me, so I allow it.

last.fm?

[Brunellus]

You know, it sounds suspiciously like the features of last.fm [www.last.fm], which collects data on your listening habits, then reports back to its servers, and recommends new things to listen to. The killer here is that using those data it queues up a streaming audio player that plays music similar to the stuff you listen to anyway.

Actually, I rather like this feature on last.fm, and I don't particularly mind broadcasting the type of music/audio I'm listening to at any given moment. The "neighbour radio" (last.fm's term for it) is the best part--it lets me tune out my cubemate's preference for '80s soft rock.

Oh, God no!

[niteskunk]

Telling Apple what I listen to? HEAVEN FORBID IT!

Is it just me or are a lot of people hypersensitive to issues like this? Who cares if Apple knows my playlist? To their servers, I'm just another consumer, they don't have the time/will to sit there and read incoming data, "HEHE, THAT GUY LISTENS TO MICHELLE BRANCH."

Seriously now. There are issues far greater than this that should be stressed.

Re:But it can be disabled trivially.

[Trojan35]

Right. Relevant, non-annoying ads in a free product. That's Google level evil right there.

Re:Big Brother and the iTunes Company

[MoneyT]

love these idiots who proclaim that the disclosure in the online docs (which appeared during a recent mandatory upgrade) is sufficient. Line 'em up..

Aside from the fact that people have checked that hiding the mini store does stop it from sending data, please explain to me where you would like them to disclose this? No one reads the EULAs so Apple put it in a FEATURES list for the program. If you can't even be bothered to read the features list, do you really give a shit what your program does? Furthermore, explain to me how this was a mandatory update? My old systems are still puttering along just fine without the new iTunes.

Re:Big Brother and the iTunes Company

[m50d]

The user doesn't have to read the readme, they're entitled to assume it will not contain anything they need to know about unless their attention is drawn to it.

Re:How ironic

[Anonymous Coward]

Why do you think they are so afraid of Apple recording their musical tastes? They probably _got_ most of their music illegally via P2P. If they hadn't, they'd just be smiling and enjoying a useful feature.

Re:Big Brother and the iTunes Company

[R3d M3rcury]

Gee, that sounds simple! The issue I have is what data is it using to make this determination?

If it's taking the song I'm currently playing and sending that to iTMS, I don't have much of a problem with that.

But suppose it's is taking the song I'm currently play and sending to iTMS, where it is being stored in order to come up with "better" suggestions. Then I have a bit more of a problem with it.

Suppose, further, that iTMS is also keeping statistics as to whether the song came from iTunes or a ripped CD. Suppose, further, that it's able to detect the difference between a track ripped with iTunes and a track ripped "in some other way" (some tag that iTunes adds), in order to come up with "better" suggestions. After all, if you went and bought the whole CD, you must really like these guys.

Let's go a little further. Since the RIAA suspects you might be trafficking in "stolen" music, they contact Apple and subpoena that information as part of an investigation. Sure enough, something like 90% of the 1000 individual songs you played were ripped "in some other way." I think that'd be enough evidence for a search warrant...

You're right. While I'm browsing my own music, the MiniStore will automatically show me more music from my favorite artists. What they're not telling me is what information is being used to determine it. As I mentioned, if it's sent and forgotten, I don't have much of a problem with this. It's a useless feature--I'll decide when I want to look for new music--but what the heck. The problem is, the cute marketing description doesn't tell me what information is being sent for Apple to come up with this list.

That's where this is bad. I'll decide what information about me that Apple gets to use, thank you very much.

People need to Grow Up

[ranton]

I work at a small computer software company, and we do everything in our power to collect as much information about our customers as possible. Every time they log onto the software it checks for updates, which also allows us to track how much and when they use it.

Since the software is largely used during recreational time, this lets us know the best time of day to reach this customer if we have to call them. Our latest marketing push was the most successful we ever had because we had detailed information about the habits of our customers. We know what they usually buy, at what time of the day they like to do their shopping, and when are they most likely to be home and able to answer a call.

What does this allow us to do? It allows us to offer the best service possible to our customer. And of course, that also helps our bottom line so that we make more money. Anyone who is so anal retentive that they care if someone knows what brand of peanut butter they like is being childish. The information age helps everyone, businesses and consumers. You have to take the good with the bad, but in this case the Pros greatly outweigh the Cons.

Re:Big Brother and the iTunes Company

[ChatHuant]

Is this any different from Microsoft's Windows Media Player database that phones home or used to phone home? http://www.computerbytesman.com/privacy/wmp8dvd.ht m [computerbytesman.com]

Yes, it's different.

First of all, the article you link to is very old (2002, and talking about WMP8). Since then the public outlook on privacy has changed, issues and expectation have been clarified, things like opt-out have become less acceptable, and so on. Current versions of WMP not only don't enable phoning hoome by default, but also open a window during installation asking you about the privacy options you want. Apple seems to have missed on some of those developments.

Re:Malware??

[geekee]

"What is it doing that is malicious?

Spyware, sure, but not malware."

Spyware is by definition malware. Just because there is an apparent obvious use doesn't mean there aren't other things Apple could do with this data. They could sell it to record labels. They could identify tracks that are probably obtained illegally, etc.

Re:Big Brother and the iTunes Company

[atta1]

The real question here, that nobody seems to be asking, is how would all the people defending Apple react if it was the Microsoft Music Store doing the exact same thing. My guess is that while a tiny minority would still say "big deal", the rest would be spouting diatribes about how evil MS is collecting their data.