Slashdot Mirror
Windows Tracks CDs & DVDs You Watch
lcypher writes "The AP is reporting that
there is spyware within Windows Media Player
8(which ships with XP), which records the song
titles and DVD titles that a user listens to or views in WMP8. Microsoft execs claim no marketing use right now, but they won't rule it out. "
This looks like less of a big deal than the article
makes it out to be, but it definitely could be used
for evil.
The real problem isn't so much what Microsoft will do with the information. I mean really who cares.
But what other 3rd parties could do with it is really disconcerting. Even assuming MS doesn't sell the information, the information is still being collected and deposited somewhere. Somewhere that maybe a detective or the FBI could trace you down. Or your system administrator, wife or mother-in-lawyer.
Just for innocently checking out that warez movie link...or borrowing a DVD that happened to be ripped..
By default Winamp logs "anonymous usage statistics" unless you turn it off during the install.
You can also turn off WMP's unique identifier thing if you're worried about privacy.
Honestly though, set down your tinfoil hats for a second: Why do we really care?
Really?
Maybe it's just me but I honestly don't care if some site logs that I viewed porn from so and so site for so many minutes. Why should I?
I also have very serious doubts that MS would ever sell the information it'd collect from it. The money from that is absolutely tiny and the feedback from the public would be absolutely horrible. What I see instead is a more personalized music service, kind of like Launch.com, where it personalizes and gives you music and movie picks based upon what you watch. Amazon does this too when you're logged in, keeping track of recently viewed items, etc.
Maybe this is MS's attempt at remainng within the DMCA. If they know what you are watching/llistening to, then they can report more accuratly to the DMCA. After, isnt MS Windows just another product that you can pirate movies on ?? Maybe they want to minimise the effect of being sued, if they can say "Hey, lok we are already monitering everyone anyway"
"...no information is collected on Microsoft's servers that would be personally identifiable..."
So, in other words, Microsoft (having engineered the world's most widely used operating system) still hasn't figured out how to pinpoint where data transfer is coming from. Because it seems to me, oddly, that if I'm sending someone data through a system they set up that I don't know about... they must know about it, and also must know how to analyze the results of all their data-grabbing. And see where the crap is coming from. And keep track of what I'm listening to.
I don't use Windows Media player, personally. But if it ever came down to the log files, I'm sure MS could say to someone who ripped the software: "Actually, you have an unauthorized copy of windowsXP, how else would you be transmitting data through our security loophole with the same key as those twenty thousand other people?"
Why does your local supermarket have a discount card? Remember when sale items didn't require you to scan that little keychain barcode[or enter your phone number at Dominicks] before you get the discount? For some reason that I don't understand, IANAMD [I am not a marketing drone], it is good to know what people purchase. And once you scan in your card, you get your entire purchase recorded, not just the sale items you bought. Someone should check out their privacy policies!
adam
Quite frankly, if I wrote a media player, I would include a robust database that recorded play history. I would actually make the database a big feature...you could browse through it, run stats, and delete it if you please.
The deal is, Microsoft puts all of this crap on our 100GB hard drives that we can never figure out what it does. They also never give you decent controls over the inner workings of the machines. It's sad to think that Microsoft might be storing information that could come up in a lawsuit against me. The real kicker is that they haven't provided a decent way for me to view this information.
Just curious. This issue's new to me and I'm curious what the privacy advocates are worried about.
I'm a little concerned that MS might detect that I ripped a DVD so I could use a particular clip as reference footage for an animation I'm working on, perhaps use the DMCA to fine me for it. Other than that I don't really care if they know what I'm watching or not.
Is there a larger problem I should be aware of? Could somebody explain to me what MS or anybody else could do with data about what movies I watch, or what websites I visit, or whether I'm attracted to either T or A that would be bad?
"Derp de derp."
I am really, really glad I decided to block Media Player from the accessing the internet (thank god for ZoneAlarm).
I believe this should nip this problem in the bud. Another reason this is really a non-issue: simply block Media Players access to the internet with some sort of firewall. Not the hardest thing to accomplish.
But not in and of itself. The thing that is bugging me about windows is that there seems to be more and more spilled about spyware/spyware-type things in XP. Possible universal backdoors for encryption, for example. Nothing bad has ever come of any of it, but what bothers me is that as consumers we're getting used to hearing about this kind of shit regularly, and this is the stuff that Microsoft is willing to admit! I mean, lets be frank, if M$ wanted to lie about something evil in there, they'd more than willing. The question on my mind is can we trust Microsoft(or for that matter any proprietary operating system manufacturer)to not spy on us? There are a lot of people out there, Government/Marketing/et. al, who would be thrilled to get a piece of some secret evil.
The files are stored in
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
I also saw a file wmplibrary_v_0_12.lrd that had my hostname in it, and a file called WMPImage_AlbumArtLarge.
Actually I use FreeDB so I dont have to give any info out. M$ Didnt even tell users they were being tracked till this article, at least they are going to let people know with an updated privacy statement. We really shouldnt have to wait for someone to point out privacy concerns that the vendor should disclose.
-
It seems to me, Golan, that the advance of civilization is nothing but an exercise in the limiting of privacy. - Janov Pelorat in Asimov's Foundation's Edge
Although I agree with you that static IP could possibly be used for tracking, I would consider it too much of a longshot. How would Microsoft know if you were static or dynamic? They would have to have a unique ID that they could assign you at XP registration time and then send back when playing a DVD in WMP8. All the analysis I've seen of this so far show that this is in fact not happening.
Beware, Nugget is watching... See?
replied to this on another message board. I'm going to repeat here what I said there, for the main reason that I referenced this place in the original...
*****
Stuff and nonsense. The conclusion you have drawn is wrong; and the article is a typical example of the mainstream press cottoning on years too late and blowing something out of proportion.
WMP is doing nothing more than a CDDB lookup, which is then stored locally. THERE ARE COUNTLESS PROGRAMS WHICH DO THIS; any good audio program or CD ripper does the same.
WMP8 adds a DVD lookup to this, presumably for the purpose of adding a DVD entry to a playlist. I haven't heard of any program which does this before, but it's no more intrusive than the above CDDB lookup.
The information is never sent to Microsoft after it has been collected. The article somehow leaps to this conclusion from the statement that the data is stored locally.
The Washington Post is not the place to go for IT information. Nor are its conclusions to be immediately taken and used as propaganda. While MS are a not-nice company in general, this (10-year-late) online tabloid rant can hardly be taken as an example of their wrongdoings.
This is the kind of thing which tends to get the Linux rabble-rousers on Slashdot worked up, until someone points out the facts of the case. Oh well, false alarm.
*****
Turns out I'm a prophet, it seems.
Do carry on; I so love long debates about non-events and factual inaccuracies here.
- Chris
FACT:
Microsoft has this patent:
System and methods for selecting music on the basis of subjective content.
OPINION:
I bet they'd love to get their hands on these logs/cache/whatever... if what people choose to listen to doesn't count as subjective, I dunno what does!
Draw your own conclusions. I am merely presenting facts and opinions.
It doesn't matter if your IP address is static or dynamic, with XP they have your CD-CODE that you installed with!
You are being MICROattacked, from various angles, in a SOFT manner.
When a CD is played, the player downloads the disc name and titles for each song from a Web site licensed by Microsoft. That information is stored on a small file on each computer in the latest version of the software.
This sounds to me very much like some sort of CDDB cache. XMMS has done this since the first line of code was written.
Actually this was discovered by Richard M. Smith, who has a good record of finding bugs-by-design, security holes and privacy breaches in MS software. Here's his page on the topic, on the topic, and here's Microsoft's response - which is all in the first sentence, really, "we do not believe [this] represents a user privacy concern." All this was in my submission of the story, last night - heh, it's the first time I've submitted a story and someone else's post got there first. Or better.
In reply to those people saying "this is just the same as CDDB, what's the big deal?": this IS a bad thing, for the following reasons:
Think about it: Passport, web services, yuor company's servers, your corporate desktop, your own home PC, all your apps, your phone, set-top box, Palm ripoff, Psion rip-off... apart from washing machines and guided missiles, I can't think of anywhere that software runs which Microsoft doesn't aspire to own. Actually, come to think of it, NT4 at least can allegedly operate as a router; they've been trying to make headway in the embedded market for years, and I fear that "version 3 syndrome" will kick in on their efforts there soon... sheesh, they're even selling firewalls now. When the great day comes that Microsoft own all mass markets for software, they'll buy out some major consulting/services firm and start trying to put independent developers out of business, too. Pray that day never comes...
Microsoft have yet to learn that in privacy and security matters, the correct default is to trsut no-one and nothing. If you prove to your customers or users that you're worthy of trust, you'll get it. Take it for granted, and assume that the user won't MIND if your software starts sending your personal data back to the vendor (or a thrid party) without telling you, and you start getting into people's shitlists. When you're Microsoft, you have to bend over backwards to ensure that not only are you doing the right thing, but that you're SEEN to be doing the right thing. If you give a flying one, that is; if you really are Microsoft, then you couldn't care less, because your Windows monopoly means 99% of users and customers haven't got any choice in the matter.
And what if you're a network security person and spot unauthorised traffic (which is what this is) on your network? You could spend a lot of time & energy investigating. For all I know, this could be a DDoS agent that some kiddie's planted on a cracked XP box, and is now starting to flood windowsmedia.com .
If you really think this is "just like CDDB", ask yourself: why are Microsoft going to the trouble and expense of providing this "service" - given that they don't even tell people they're doing it? What do they hope to gain from it? How does this increase their marketshare or mindshare? Follow the money...
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
maybe M$ is just trying to compile thier own database whitout have to do the work?
http://Lenny.com
Maybe M$ is getting into the ratings biz?
they could sell those statistics
http://Lenny.com
Media Player will be used to extort money from users, media companies and advertisers. Microsoft wants to be the asshole in the middle and wants to use that position to make money. They have created their own media formats to break at will, a method to do it, and put it all in their EULA. What more can you ask for? Do you really think that they won't sell your information? Oh, I suppose you forgot how they sold "real estate" on your desktop.
The only way for them to keep themselves in that position is to eliminate every other option. If you continue to use M$, your internet will have three channels and you will never be able to contribute. Your money goes to those who would enslave you.
Let's see, M$ can write files to my computer that I can't delete and can access my computer in ways that I can not. They must be root, and I am not.
Friends don't help friends install M$ junk.