Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Tracks CDs & DVDs You Watch

Posted by CmdrTaco on from the you-just-can't-make-this-stuff-up dept.

lcypher writes "The AP is reporting that there is spyware within Windows Media Player 8(which ships with XP), which records the song titles and DVD titles that a user listens to or views in WMP8. Microsoft execs claim no marketing use right now, but they won't rule it out. " This looks like less of a big deal than the article makes it out to be, but it definitely could be used for evil.

10 of 418 comments (clear)

  1. Playing right now: by torpor · · Score: 5, Insightful

    DVD: "1,000 ways to torture a Billionaire", widescreen format. No region encoding.
    ---

    But anyway, fair enough. What I'd like to know is how easy it is to insert my own random data into that playlist before it goes off to Microsoft?

    Seems the only way to fight this will be with dis-info ...

    --
    ; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
  2. It won't be personally identifable? by Scoria · · Score: 4, Insightful

    If your IP address is static as opposed to dynamic, Microsoft may possess the ability to compare it to the one used to register Windows XP.

    --
    Do you like German cars?
  3. This is just a local CDDB mirror by Zoid · · Score: 5, Insightful

    If you read the article all this "database" is a copy from the CDDB records (or whatever CDDB is called these days) used for caching. You stick a CD in, it generates a checksum and asks CDDB for the artist/track listing and stores it locally, so it doesn't have to ask again later. As far as I'm aware, there isn't any sending of this database.

    It appears they extended to DVDs as well as CDs (just a bigger database I suppose).

    The article is a bunch of fluff for a functionality we've used for a long time with numerous programs such as XMCD, AudioCatalyst, etc etc. Microsoft adds it to media player and omg, privacy for getting the disc information for you. I'm pretty sure there's a button to turn it off.

    (Gracenote is probably using the CD request data anyway for marketting purposes these days).

    --
    /// Zoid.
  4. We'd like to inform you by Tremul · · Score: 5, Insightful

    Several weeks ago when you bought our webcam, we decided that for non-related marketing purposes that we would randomly start recording data and sending it back to the company. We don't intend to sell these pictures to anyone.

    --

    "Can't sleep. Clowns will eat me"
  5. Re:This is basically CDDB by nrosier · · Score: 5, Insightful

    On the surface it might look like just a CDDB-a-like lookup, but why do they also send a WMP-unique ID? If it was just a lookup, there wouldn't be this much fuss about it. The use of the unique ID has only one purpose: collect user-specific data.

  6. Re:Winamp does this too by maxpublic · · Score: 4, Insightful

    Maybe it's just me but I honestly don't care if some site logs that I viewed porn from so and so site for so many minutes. Why should I?

    You don't. I do. I don't need a reason to want to keep people out of my personal life. Rather, they need a good reason to butt into it.

    Max

    --
    My god carries a hammer. Your god died nailed to a tree. Any questions?
  7. It's not a log, it's a cache by dstone · · Score: 5, Insightful

    What MediaPlayer is doing is nothing new -- it's equivalent to nearly every other player out there with CDDB (or equiv) capabilities with client-side caching so you don't have to hit the internet database repeatedly for your collection of tunes. BFD. It's not uploading anything back to anyone.

    Of course, mainstream media can spoonfeed the word/concept "log" (eg. history, audit, etc.) easier than it can "cache".

  8. not just CDDB by maxpublic · · Score: 4, Insightful

    As part of downloading the information about songs and movies from the Web site, the program also transmits an identifier number unique to each user on the computer. That creates the possibility that user habits could be tracked and sold for marketing purposes.

    The same company that assigns you a unique number for the downloads you make also has the database you were required to register with in order to activate your WindowsXP. Manipulated properly it would be a rather simple task to match a real name and address with what you watch on media player - especially if this 'unique number' and the registration number for XP were one and the same.

    And note that Microsoft hasn't ruled out using the data for marketing purposes. Imagine the look on your spouse's face when you suddenly start getting free trial issues of Spanking Teen Cheerleaders! . Or the look on your face when the FBI comes crashing through the door because an 'anonymous tip' from a 'reputable source' claims that you were watching illegal porn videos.

    Max

    --
    My god carries a hammer. Your god died nailed to a tree. Any questions?
  9. I can't even play music on my computer any more! by Artifice_Eternity · · Score: 5, Insightful

    It's gotten ridiculous -- WinAmp is bloated spyware, RealPlayer is the same (plus it's a fscking virus that changes all your settings, sticks its shortcuts everywhere, and inserts itself into your Systray).

    And when I use the Sony Media Bar software that came with my Vaio, to try to listen to a CD while browsing the web and performing another task (graphics or HTML editing, for example), the damn thing crashes!

    The machine has a perfectly good DVD-ROM drive. If I could just run a headphone jack directly out of it, and play CDs with no stupid software layer involved, I'd be happy. But I can't.

    So now, sadly, I have to listen to music on a portable CD player sitting on my desk. My perfectly usable computer has been handicapped by its software.

    The worst part is, that when I see what's coming down the pipe -- region-coded everything, RIAA/MPAA copy "protection" lockdowns destroying fair use, the death of webcasting, even more media mega-mergers, and spyware in EVERYTHING -- I know that it's going to get a lot worse.

  10. Well, actually you can just make this stuff up... by gusnz · · Score: 5, Insightful

    OK, yes WMP from version 7 onwards is a nasty beast.

    This article is mostly scare tactics, as ever since the beginning of time there's been a file named CDPLAYER.INI in the windows folder that stores CDDB info. A local cache should actually enhance your privacy as it will reduce calls to central servers when you play your CDs or whatever.

    WMP 7+ however doesn't use this file. If you look in your Windows folder again, you'll notice a couple of files named WMSysPrx.prx and another one named similarly that actually stores the song database. That's how the 'media library' feature works, it's all stored in there -- you would expect a program that catalogues songs to store a list of media played somewhere, wouldn't you?

    It's true WMP does track how many times you play a song. But discovering the fact isn't aexactly a journalistic coup, it's listed in the program itself. Look in the 'Media Library', this is listed along with all the rest of the ID3 information (at least in WMP 7)... not exactly a huge secret. I have never heard of MS sending this info off to its site before... that sounds a lot like how Real got into trouble a few years back, and also a lot like a very inventive and paranoid reporter. If you're worried, delete those files mentioned above every so often.

    The unique ID is more interesting. I really recommend turning this off in your WMP options, as it's only really useful if you're buying proprietry WMA files online... and somehow I don't think many slashdotters will be doing that ;).

    The worst part is that it opens up the recently discovered SuperCookie exploit in which websites can embed a player in a page and get it's ID number. Since it's globablly unique and installed on most computers, it's a great way of tracking users who are savvy enough to turn off cookies.

    So nuke the ID feature quickly from your player options... even if you use *AMP to play your sounds, you could still be vulnerable to this.

    --
    <!-- DHTML / JavaScript menu, popup tooltip, Ajax scripts -->