Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will Your CD Player Tell on You?

Posted by chrisd on from the autorun-away dept.

An anonymous reader writes "Ever feel like not being a marketing statistic? Well just by playing certain store-bought compact discs in your home or office computer, your new music disc may be transmitting your listening habits in real time to the respective record company...." Charming. Read on for more... Anonymous Continues: "A company by the name of Bandlink is providing technology to record companies that allows a cd played in a personal computer to contact their server and relate statistics such as what track you're listening to and when you're listening to them. This information is then compiled into customizable reports that allow the record company to develop "User Profiles". There are benefits listed for the consumer such as cd-specific chatrooms, concert information, etc but the question remains: What's your price for privacy? The only indication that the cd you're purchasing is Bandlink "enabled/disabled" is a small logo on the packaging. There is no mention of a opt in/opt out agreement when the cd is inserted on the website and none was displayed in a personal demonstration.

Favorite quote from their website: "Virtually any information you want to know about your fan or the quality of your release can be obtained.""

10 of 693 comments (clear)

  1. I prefer Tiny Personal Firewall by Bonker · · Score: 5, Informative

    I use Tiny Personal Firewall 2.0 to stop this sort of crap under Windows. It'll block any application from 'reporting' back home via the internet. It's a pro at keeping apps like Real Player or guys like this from tattling. It's not open source, but the 2.0 version was freeware. I'm not sure about the 4.0 version.

    I strongly suspect that this won't even be an issue for most Linux users.

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  2. Who runs an EXE they weren't expecting? by DDX_2002 · · Score: 5, Informative
    Yeah. One more reason why "autoplay" is unchecked on my machine.

    Is this USA only, or are these for sale in Canada or in Europe? Because if they are, Canada's PIPEDA and the EU DPD mean wake up and smell the lawsuits.

    --
    MHO. YMMV. Any resemblance between this post and real persons, or reality in general, was accidental.
  3. I read their site a little more closely... by shylock0 · · Score: 5, Informative
    First of all, my earlier post was right: Only works on Windows-Compatable PCs. Second, the privacy risk here isn't all that great:

    Bandlink Support

    Bandlink is designed to be run simply by inserting the CD into a Windows Compatible PC. The first time you insert the CD you will need to agree to the Bandlink User License and download the remaining program files. Bandlink should do the rest from then on.

    As you can see, there's a consumer agreement component here. It's not an unimpeded, unstoppable invasion of privacy, like what TiVO was doing. You have to agree as well. In which case, if you don't really care about your privacy (and you like push content, which some people do) it might actually be seen as pretty cool.

    --
    Statistically speaking, there's a 99.998% chance that my IQ is higher than yours. Get over it.
  4. Re:What sort of idiot? by rant-mode-on · · Score: 4, Informative
    • And how do you configure your firewall to stop your CD player from sending packets out?

    Whilst that's something that iptables/chains just can't cope with (sadly) I have Norton Internet Firewall, for my remaining Windows PC, which is application based. ie, you can accept/deny any connection for each application. Its a great facility, one which I wish was available on Linux. There's nothing like knowing which applications are spying on you...

    Of course, NIF is too complicated for your average Windows user, but ZoneAlarm has similar facilities, and is much easier to get to grips with.

    Gawd, never thought that I'd be promoting a windows app...
  5. A little paranoid? by sfe_software · · Score: 5, Informative
    From the Bandlink web site:
    Installation:
    1. Insert you Bandlink CD into your Internet Connected PC. (Bandlink should autostart on Windows).

    2. Click "I Agree" to the Bandlink License and select "Connect" to install Bandlink.

    3. Bandlink should detect your CD, begin CD playback, and display artist content.

    So it's nothing more than some Auto-Run software. Which makes sense, I can't imagine any other way a CD would just magically contact a remote host.

    Solution? Disable auto-run (which I do anyway), or in this particular case, don't accept the license agreement...

    They also mention this a lot:
    There is no encryption, anti-piracy, or any other playback prevention capability within the software.

    My first thought was that they could easily combine so-called "copy protection" with phoning-home, but at least with Bandlink this is not the case.
    --
    NGWave - Fast Sound Editor for Windows
  6. Re:What sort of idiot? by windex · · Score: 4, Informative

    grsecurity let's you limit network access to specific uid/gid's. You could in effect make programs setgid 'network' if you want them to be able to access the network and blanket deny the rest of the lot.

  7. Re:Long URL's (or is that URI ;-) )? by Bonker · · Score: 5, Informative

    Absolutely nothing.

    As a matter of fact, I've seen a few applications do just this to try to do 'instant' registration by using rundll32.exe to open a url that's a complex URL-encoded string with registration details.

    Imagine a URL like:

    http://www.company.com/registration.cgi?appname= Fo o&serialno=939848408930$userip=201.101.80.112

    etc...

    The one that comes to mind is PowerDVD. I've seen it do this on a coworkers PC.

    The solution to this is to deny your default browser's abilities to access the internet before installing a new app like this and then applying a deny rule against the IP or hostname it tries to access.

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  8. Re:Linux functionality by radish · · Score: 5, Informative

    Just as an FYI re: one of your points, ZoneAlarm (at least) does checksum all the apps and compares them when they request a connection. If they've changed since you granted access, you are warned about it. So a malicous app would have to either magically hash down to the same checksum (unlikely!) or it would have to modify the database (hard, as it's protected) or modify the ZA checksum code (maybe easier). All in all, possible but not easy. I've never seen any mention of any app doing any of those things, the easiest is to simply invoke IE and have it make your connections for you!

    --

    ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

  9. They're in Canada. by quantumparadox · · Score: 5, Informative

    I bought Santana's Shaman last month and it has the wonderful tracking technology built in. I was curious as to what the "Bandlink" thing did when I bought the cd (never heard of it before). Luckily, I went to their website first and saw the usage statistics crap and decided against installing it.

    I read part way through the EULA (which is apparently available on their website but I couldn't find it) but I didn't see anything about allowing them access to all information.

    I support the idea of adding content to cd's to make them more attractive to purchase ... but I don't want to have to give up personal privacy for those extras. If I just had to install and register I wouldn't mind, tracking is going too far IMHO.

    Since I couldn't find the EULA online (as promised) i've taken the liberty of posting it online (hopefully its not illegal but oh well).
    Its available here
    It weighs in at a hefty 12.8kB ... for text file!.

  10. IP addresses to avoid... by raistphrk · · Score: 4, Informative

    This list came from PeerGuardian's blocking list. I'm guessing the BSA IP block at the end. If you really want to keep from reporting data to said parties, just add these (and whatever other beneficiaries of your private data) to your iptables, ipfilter, ZoneAlarm, Tiny, etc. blocked zones. Note that, if for any reason, you want to go to these parties' websites, you won't be able to; your firewall will block access.

    Or, to be perfectly safe, you could borrow a page from our current administration's sex ed book and abstain from downloading. ...but it just feels so good!

    OverPeer:65.174.255.255
    OverPeer:65.160.0.0-65. 160.127.255
    Ranger:216.122.0.0-216.122.255.255
    R anger:204.92.244.0-204.92.244.255
    MediaForce:65.1 92.0.0-65.192.0.255
    MediaForce:65.223.0.0-65.223. 255.255
    MediaForce:4.43.96.0-4.43.96.255
    MediaDe fender:66.79.0.0-66.79.255.255
    RIAA:208.225.90.0- 208.225.90.255
    RIAA:12.150.191.0-12.150.191.255
    MPAA:63.199.57.96-63.199.57.128
    MPAA:64.166.187.1 28-64.166.187.192
    MPAA:198.70.114.0-198.70.114.25 5
    MPAA:209.67.0.0-209.67.255.255
    NetPD:207.155.1 28.0-207.155.255.255
    NetPD:128.241.0.0-128.241.25 5.255
    UnknownC&DCop:64.106.170.128-64.106.170.192
    BayTSP:209.204.128.0-209.204.191.255
    Vidius:207 .155.128.0-207.155.255.255
    GAIN(spyware):64.94.89 .0-64.94.89.255
    GAINCME(spyware):66.35.247.0-66.3 5.247.255
    GAINCME(spyware):66.35.229.0-66.35.229. 255
    MediaDefender:64.225.292.0-64.225.292.127
    RI AA:208.192.0.0-208.192.255.255
    Xupiter.com:63.236 .32.50
    Xupiter.com(mirror):63.208.235.30
    BSA (?) 208.121.215.0-208.121.215.255 (Not sure)