Slashdot Mirror
Windows Tracks CDs & DVDs You Watch
lcypher writes "The AP is reporting that
there is spyware within Windows Media Player
8(which ships with XP), which records the song
titles and DVD titles that a user listens to or views in WMP8. Microsoft execs claim no marketing use right now, but they won't rule it out. "
This looks like less of a big deal than the article
makes it out to be, but it definitely could be used
for evil.
DVD: "1,000 ways to torture a Billionaire", widescreen format. No region encoding.
...
---
But anyway, fair enough. What I'd like to know is how easy it is to insert my own random data into that playlist before it goes off to Microsoft?
Seems the only way to fight this will be with dis-info
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
If you read the article all this "database" is a copy from the CDDB records (or whatever CDDB is called these days) used for caching. You stick a CD in, it generates a checksum and asks CDDB for the artist/track listing and stores it locally, so it doesn't have to ask again later. As far as I'm aware, there isn't any sending of this database.
It appears they extended to DVDs as well as CDs (just a bigger database I suppose).
The article is a bunch of fluff for a functionality we've used for a long time with numerous programs such as XMCD, AudioCatalyst, etc etc. Microsoft adds it to media player and omg, privacy for getting the disc information for you. I'm pretty sure there's a button to turn it off.
(Gracenote is probably using the CD request data anyway for marketting purposes these days).
/// Zoid.
Several weeks ago when you bought our webcam, we decided that for non-related marketing purposes that we would randomly start recording data and sending it back to the company. We don't intend to sell these pictures to anyone.
"Can't sleep. Clowns will eat me"
Or .. get a firewall that detects and controls net-bound data.
www.zonealarm.com has a great free firewall program that prevents mplayer (and others) from misbehaving.
On the surface it might look like just a CDDB-a-like lookup, but why do they also send a WMP-unique ID? If it was just a lookup, there wouldn't be this much fuss about it. The use of the unique ID has only one purpose: collect user-specific data.
What MediaPlayer is doing is nothing new -- it's equivalent to nearly every other player out there with CDDB (or equiv) capabilities with client-side caching so you don't have to hit the internet database repeatedly for your collection of tunes. BFD. It's not uploading anything back to anyone.
Of course, mainstream media can spoonfeed the word/concept "log" (eg. history, audit, etc.) easier than it can "cache".
It's gotten ridiculous -- WinAmp is bloated spyware, RealPlayer is the same (plus it's a fscking virus that changes all your settings, sticks its shortcuts everywhere, and inserts itself into your Systray).
And when I use the Sony Media Bar software that came with my Vaio, to try to listen to a CD while browsing the web and performing another task (graphics or HTML editing, for example), the damn thing crashes!
The machine has a perfectly good DVD-ROM drive. If I could just run a headphone jack directly out of it, and play CDs with no stupid software layer involved, I'd be happy. But I can't.
So now, sadly, I have to listen to music on a portable CD player sitting on my desk. My perfectly usable computer has been handicapped by its software.
The worst part is, that when I see what's coming down the pipe -- region-coded everything, RIAA/MPAA copy "protection" lockdowns destroying fair use, the death of webcasting, even more media mega-mergers, and spyware in EVERYTHING -- I know that it's going to get a lot worse.
OK, yes WMP from version 7 onwards is a nasty beast.
;).
This article is mostly scare tactics, as ever since the beginning of time there's been a file named CDPLAYER.INI in the windows folder that stores CDDB info. A local cache should actually enhance your privacy as it will reduce calls to central servers when you play your CDs or whatever.
WMP 7+ however doesn't use this file. If you look in your Windows folder again, you'll notice a couple of files named WMSysPrx.prx and another one named similarly that actually stores the song database. That's how the 'media library' feature works, it's all stored in there -- you would expect a program that catalogues songs to store a list of media played somewhere, wouldn't you?
It's true WMP does track how many times you play a song. But discovering the fact isn't aexactly a journalistic coup, it's listed in the program itself. Look in the 'Media Library', this is listed along with all the rest of the ID3 information (at least in WMP 7)... not exactly a huge secret. I have never heard of MS sending this info off to its site before... that sounds a lot like how Real got into trouble a few years back, and also a lot like a very inventive and paranoid reporter. If you're worried, delete those files mentioned above every so often.
The unique ID is more interesting. I really recommend turning this off in your WMP options, as it's only really useful if you're buying proprietry WMA files online... and somehow I don't think many slashdotters will be doing that
The worst part is that it opens up the recently discovered SuperCookie exploit in which websites can embed a player in a page and get it's ID number. Since it's globablly unique and installed on most computers, it's a great way of tracking users who are savvy enough to turn off cookies.
So nuke the ID feature quickly from your player options... even if you use *AMP to play your sounds, you could still be vulnerable to this.
<!-- DHTML / JavaScript menu, popup tooltip, Ajax scripts -->
May I make a few small suggestions?
FACT:
Microsoft has this patent:
System and methods for selecting music on the basis of subjective content.
OPINION:
I bet they'd love to get their hands on these logs/cache/whatever... if what people choose to listen to doesn't count as subjective, I dunno what does!
Draw your own conclusions. I am merely presenting facts and opinions.
What kind of marketing data are they going to get from "user 3453845 watches the hell out of 'tina3.wmv'"?
You laugh now but soon, all your popups will be for Jergens, Vasoline and inflatable girlfriends.
SD
âoeWho knew something as harmless as willful ignorance could end up having real consequences?â
How to disable this feature:
The file, wmplibrary_v_0_12.db, contains in cleartext the name of every movie you've ever watched with media player. The names are in cleartext but each byte is spaced out with a pad byte, so you can't just grep for the names you're looking for.
If you delete the file, WMP regenerates it on use.
But, if you create the file as a zero-byte file, WMP does not fix it and does not store any information about what WMP is playing, ripping, burning, etc.
Tested Today, 2/21/02, with Windows 2000 and WMP 7.1. Oh, they didn't mention it's not just XP? It's not just XP.
--
You're Reading Managed Agreement
Media Player will be used to extort money from users, media companies and advertisers. Microsoft wants to be the asshole in the middle and wants to use that position to make money. They have created their own media formats to break at will, a method to do it, and put it all in their EULA. What more can you ask for? Do you really think that they won't sell your information? Oh, I suppose you forgot how they sold "real estate" on your desktop.
The only way for them to keep themselves in that position is to eliminate every other option. If you continue to use M$, your internet will have three channels and you will never be able to contribute. Your money goes to those who would enslave you.
Let's see, M$ can write files to my computer that I can't delete and can access my computer in ways that I can not. They must be root, and I am not.
Friends don't help friends install M$ junk.