Slashdot Mirror
Will Your CD Player Tell on You?
An anonymous reader writes "Ever feel like not being a marketing statistic? Well just by playing certain store-bought compact discs in your home or office computer, your new music disc may be transmitting your listening habits in real time to the respective record company...." Charming. Read on for more...
Anonymous Continues: "A company by the name of Bandlink is providing technology to record companies that allows a cd played in a personal computer to contact their server and relate statistics such as what track you're listening to and when you're listening to them. This information is then compiled into customizable reports that allow the record company to develop "User Profiles". There are benefits listed for the consumer such as cd-specific chatrooms, concert information, etc but the question remains: What's your price for privacy? The only indication that the cd you're purchasing is Bandlink "enabled/disabled" is a small logo on the packaging. There is no mention of a opt in/opt out agreement when the cd is inserted on the website and none was displayed in a personal demonstration.
Favorite quote from their website: "Virtually any information you want to know about your fan or the quality of your release can be obtained.""
The Average Idiot.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
The kind who uses a CDDB, or who doesn't have a firewall.
BlackGriffen
...from all those players (including WinAmp) that analyze your CD and download the songlist for you? And this applies to 99% of retail CDs, not only those that are enabled by this technology.
this may not be all bad.. "Virtually any information you want to know about your fan or the quality of your release can be obtained." maybe they'll finally realize that everyone knows that the quality of their releases is mostly TERRIBLE... and that most people buy cd's for more than 1 song... this may actually lead to entire CD's being quality once again...
Buy a Mac? Use Linux?
:)
Uh... disable autoplay? Come on, not tricky, this one.
And how do you configure your firewall to stop your CD player from sending packets out? For all you know it could be using HTTP. Do you have to configure your firewall to allow you to browse every website you go to? I suppose you mean those toy host-based ones that say some app is trying to use the Internet. Those are EASY to a skilled programmer to bypass. I will not mention any more so idiot programmers don't get any ideas on how to do it.
Does it transmit data when you rip a CD?
Or better yet. Use Linux which doesn't understand autoplay 'features'. Personally, CDs stay in my PC just long enough to turn into MP3s. The CD is then retired to a dusty bookshelf.
The obvious possibility is information on copying being reported. I can see it now... "Customer A burnt 6 copies and ripped to MP3." And one assumes a burnt copy will also report back to the data leaches...
...if it can make your CD 'phone home' when playing it in a regular CD player (as mentioned in the article) that's not 'net connected!
In any case, this is seriously scary. While I don't think most Slashdotites (being technically literate) will be affected, think of your mom, little sister or brother (if any), peers at school (if any) - all those people who click "OK" mindlessly whenever a dialog box pops up. It's THOSE people that this kind of stuff targets - because those people don't know better. The only way to stop it is to TELL THEM ABOUT IT. Get the word out. Post flyers. Put it in your sig. Whenever you fix someone's computer, tell them about the new 'spy' CDs while you're digging around inside their case or (more likely) plugging in their eithernet cable.
I'm sure someone will come up with an anti-spy software for this soon, so give out as many copies (assuming the antispy software is freeware) as you can.
Look how well it worked for CD copy protection, at least for the first wave. We can do this.
This
The fundamental principle underlying current privacy practices in the United States is: "It is perfectly acceptable for a company to violate your privacy so long as it is for the purpose of selling you things."
Obviously companies believe this, and on present evidence I'd say that most consumers believe this, too.
"How to Do Nothing," kids activities, back in print!
You would think that if they use slashdot in order to find software and techniques that crack their attempts at 'protecting investments,' that by now they would understand that 'user profiling' is not generally liked or condoned by informed users.. in my humble opinion the modern day equivalent of 'racial profiling'.. the initsself modern term for a commonly rampant tendency for humans to generalize and profit of those generalization and the fears that follow. In this case, push technology is their answer to piracy finance losses. When I say loss I say it loosely and in a 'predicted forecasted maybe finacial gains report' kinda way. So, Why can't they get a grip and let customers come to them (with their supposedly superior product)? Why must they collect info on already paying customers when its been written as a disliked idea in popular science fiction (and general fiction/ some nonfiction) forever?
I give up.. I'll never rant again
HEY IN ANYONE HERE IS THINKING OF STARTING A COMPANY..
respect privacy..
nevermind.. I'm wasting my breathe.
pm
** "It's not my job to stand between the people talking to me, and the ones listening to me." -- Pego the Jerk
a) CDDB is now evil
b) CDDB has a known IP, which can be allowed.
There are few technical details on their web site, but it appears to just be a mixed mode (data and audio) CD, which when played using Bandlink's CD player software, will give the "benefits" described. Since I don't have any intention of using their software, it's not a problem. Until, of course, people start producing music that can only be played with their player. So far, record companies haven't been brave enough to test such a tactic in the market, although with copy protected CDs, they're getting awfully close to the line. The depressing thing is, I suspect the general public would just meekly go along with it :-(
"The invisible and the non-existent look very much alike." -- Delos B. McKown
Misleading language is possible. If you don't agree to their license, I find it difficult if not impossible that you couldn't play the CD. If it works in a consumer CD player, I'd be willing to bet that it'll work in your PC regardless of you saying yes or not to the software.
Statistically speaking, there's a 99.998% chance that my IQ is higher than yours. Get over it.
On the other hand, you DO control your computer, and can and SHOULD be careful about what you run on it. In this case, simply turning off the ridiculously stupid autorun when you put in CDs is enough to foil whatever the cd does when you insert it.
Same goes with javascript and ad popups - just turn them off! It's your computer!
Sure, there are conveniences that you lose in doing that, but many conveniences come with security risks and other annoyances. It's just like the security problems with Outlook autorunning attachments and scripts all the time - it's a ridiculous way of writing software, and never should have been included, and anyone with a clue either turns it all off or gets a different mail program. For some reason, people don't see javascript and autorun and similar things in the same way. I do.
...a Snow White DVD that ruins your computer.
What's sick is that people will do this. Mostly because they don't know otherwise. It's like the people who install Kazaa WITH the spyware, even though there's a little box that you can UNcheck to not install the garbage (Kazaalite is another story). They just don't know the difference.
"Oo oo! Who wants to know what I'm listening too?! Oh, wait, you already do..."
This is not a big deal now -- you have to install their software for the "feature" to work, etc. Therefore some of the people on this site are not concerned. After all, we listen to our cds on real cd players, and don't use their program, etc.
The problem arrives when you must install this software to listen to the cd on your computer. Remember, copy protected cds are out there, and adding this layer wouldn't be very hard.
The next step means loss of fair use. Maybe not for you or your friend who thought Napster was the greatest thing since a windows network on a university campus, but definitely for a lot of people.
Over the last couple of years the fire has seemed to have burned out. We used to get pissed about this shit, and now the highest rated comments don't seem to care about it all. We're letting our guard down.
It's not an unimpeded, unstoppable invasion of privacy, like what TiVO was doing.
TiVo sends aggregate information. How is that an invasion of privacy?
"And like that
It's a good thing none of their CDs play on PCs or this might be bad.
The global economy is a great thing until you feel it locally.
If a company wants to collect this kind of information I'd support it as long as it was purely entirely 100% anonymous. But what guarantee do I have that just the CD, track, and time of playing are sent?
How do you know that they aren't sending your IP address when they say they aren't? How do you know they aren't sending info about files in 'My Documents' or what files are listed in the 'add/remove' section of the registry? And don't tell me the privacy policy says they aren't so they aren't-privacy policies are changed more often than my underwear, and I change that everyday!
I don't mean to get all Mulder here, but I am so tired of companies trying to sneek things past me in a 10 page licence agreement for free software that exceeds the length of my deed if I buy a $300000 house!
This is true so long as you're not an outlier. Consider some examples of things that could make you an outlier:
I'm sure with minimal effort, others can come up with even more chilling examples. When the government of our corporate republic can legally trawl everything looking for outliers, safety in numbers doesn't make me so comfortable.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Another one of the many benefits of listening to vinyl :)
perhaps you are just full of yourself and have a narrow view of the world where you are king shit and everyone else "just doesn't get it"? 99% of the time thats the case - especially with nerds.
The same damn person that is running iMesh, or KaZaA. Both of which are INFINITELY worse about privacy.
I disagree. The previous poster stated that it's HIS computer. If he wants autorun on, then so be it. That does'nt make it right for a third party to send or receive any information from that PC. Turning things on & off on your computer does not absolve others from hacking or viewing your system. Whether or not it's stupid to do so is irrelevent. I know it's knaive, but hey....whatever.
[SIG] Remember Mattel handheld games?
against unauthorized access. Perhaps if the "average Joe" started to insist they apply to *his* computer as well the corporate server things would get, ummmmmmm, interesting.
Of course if your computer software comes attached with an offensive EULA in which you "agree" to have no rights to your own system/network you might well be hosed. I'd like to see someone challange this in court *on the basis that you can't be coerced into signing away a basic property right, even by contract.*
To my knowledge this hasn't been tried yet in America ( in some other countries the EULA is already considered invalid prima facie). All it takes is someone devoted to the cause with $50,000 American and five years of their life to devote to it.
Of course there's another option. *Don't use EULAed software.*
In that case the assumption of having to give some sort of explicit permission to enter your system ought to hold just as much for the personally computer as it does for the corporate/government computer.
Hacking is a crime. Do your homework, secure your system, and then insist on *prosocuting* any "hacking" of you system, no matter who the "hacker" is.
Laws are double edged swords that can cut the person who "bought" the law just as well as those it was intended to be a weapon against if the intended victim learns how to use the "weapon."
KFG
But you're missing the point... As technology becomes ever more integrated with our lives, the option of "just turn it off" becomes increasingly less possible. No, not from a technical perspective, but from a *social* perspective.
Sure, you could turn your cell phone off when you're not making a call so that telco's and gov can't triangulate your position, but do you?
Sure, you could pay for everything in cash instead of credit to avoid an electronic trail, but do you?
Sure, you could wait 10 minutes at the bridge instead of using a new electronic toll payment system, but do you?
Smart agents and networked technologies like this erode our privacy. But do we get enough in return?
How much would you sell *your* privacy for?
Hey Mister CEO, how 'bout you invite me to your house?
When you guide me to the door at the end of my visit do you mind if I leave wireless web cams scattered thoughout your house? Like say in your living room and kitchen? Or how about your bedrooms and bathrooms? It would really help me to understand you better.
Honestly (and sarcasm aside now) - I would just like to know where these people come up with these ideas. Do they not realize it's invasive? Then again thay probably have the same undertsnading impairment of Mr. Ralsky
***Blackholes are where the gods divided by zero.***
Creating a profile of your customers isnt really anything wrong and its advisable for those companies interested in providing good services. If I owned a record company I would like to have my customers profiled. The problem arises when you dont have the choice wheter to be profiled or not. So far bandlink asks for your permission. So the only thing that can be done is to expect that this information turns back to us in the form of better music. At least, i think, we should try not to think that record companies are evil by nature.
I wouldn't mind this software - though a bit extended - running in music shops. If I would want to buy a cd and listen to it before I buy, I would like to have a touch screen with a 1-10 score for each song. That way I - the customer can express what I feel for each song so the Record Companies may actually see that they publish Bad Stuff (tm). Include two buttons on the screen saying "good music, will buy" and "crap again, will download favourite songs from P2P though" and they can get a legit sense of the consumers' viewpoints. This will be perfectly anonymous (yeehaw for paranoia) and optional.
They can use this scheme for the downloaded software too, and privacy issues aside, both the consumer and the industry may benefit from this.
The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness.
Can someone work out EXACTLY what this software does, so we can fake it and pollute their data.
:-)
Once the record companies see that the service they are buying from these people is compromised.
What we need is a distributed DOS tool that we can all run and make Greensleeves the most popular tune of the millenium. Or better yet, Britney (you didn't really believe that she was that popular did you ?).
If you're got problems with pop-ups or advertising on your desktop, you don't own it. Microsoft or Apple owns it and they leased it to you.
So, quit your bitching and download an operating system of your very own already. As long as you're borrowing someone elses' why should you expect to control what it does?
If tits were wings it'd be flying around.
I'd suggest that a very large chunk of those who find slashdot interesting enough to read are above average at the least. First they read, this alone indicates they are probably above the low set as average. Second they are interested in technological innovations, science, physics, mathmatical puzzles, computer programming, and free speech. True there are those who just hang around to see what the newest mp3 player is. But for the most part there is a reason that the opinions you see on slashdot tend to differ from what you see mainstream, mainstream is in very large part those average and below average intelligences at work.
What really cracks me up is how this "holier-than-thou" sentiment is lavashed in a forum where we think it is important to be the bigger nerd but what I'd really like to know is how many of you tell your grandma/mother/aunt/girlfriend/whatever that they're an idiot for not keeping up with PC security, or for not patching their OS (what?!?! your grandma doesn't use Linux! What a fucking moron! I'm glad she's not related to me...). Gimme a break folks. How many of you immediately turned around and issued a security bulletin to your family about this horrid new CD technology. I can see it now..."I repeat, DO NOT INSERT THE CD INTO YOUR COMPUTER'S CD DRIVE!!! If you feel unsafe or unsure whether or not you are using one of these new CDs, please contact my secretary, er answering machine and schedule an appoint, er leave a message and I'll set a time for me to do a security visit with you to ensure you are not in any DANGER. I repeat you morons, DO NOT INSERT THE CD INTO YOUR COMPUTER'S CD DRIVE!!!! (yes grandma, this means you too)." Get real guys.
Perhaps. But on the other hand, it could just be that most people are incompetent at their jobs, driving, and whatever else.
To wit: the left lane on a road is for passing. Most states have laws that restrict the distance that a driver can drive in the left lane before moving over. If you've ever driven long-distance, you know that there are those who insist on indefinately going limit plus 5 (or worse yet: limit) in the left lane. And no, I'm not breaking the law if I try to pass, I live in a prima facie state.
Second: Examine for a moment a Motorola v60c. The earlier versions are the best example of this. The antenna easily bends in one's pocket. (They've fixed this with new antenna revs.) Worse, when extended, the antenna acts as a lever for the (bulky) antenna tip to use to exert massive force against the rest of the antenna. Net result: three antenna breaks in 6 months, two in-pocket.
Third: Went to a fast food place looking for food and directions to a gas station. Someone (A) is trying to help me out by asking someone else (B). A: "you familiar with (cityname)?" B: "yeah, kinda" A: "are there any gas stations near here?" B: "whatcha looking for?" A: "gas"
There's far, far more. These are the easy examples. But if you can honestly say you have not run across any stupidity in the past week, good for you! You're a far more patient being than I.
Incidentally, I don't mean to disparage those who can't use computers. I can't perform brain surgery; just because others have no expertise in my area doesn't make them idiots. But when people cannot do their jobs or comprehend basic English (where English is their native language)...
Lightbulbs aren't calibrated to maximize lifetime, but to make it as short as the market will bear.
Timeo idiotikOS et dona ferentes
While I agree the music industry is out of control, I really don't see what the issure is here. If I understand correctly it tracks, 1) what cd/tracks you listen to, and 2) when you listen to them. And I would assume it does this by IP, platform, etc.
How is this any diffrent than when I log onto netscape or google, they track when I log on, and various other information? Such CD tracking seems only a natural progression in information networking.
And to say nothing about the massive amounts of information a credit card or 'preffered buyer' card can track, knowing what I buy when, and my age. And music CD's are no less optional to consume than a credit card.
I don't see why this is a problem. If the program accesses data asside from my IP, or information I directly give it, there is a problem.
But if the company knows my name and what CD I listen to when... I don't care. Such information cannot be used against me, it only shows that my computer was indeed playing the CD, and not that I was. And hey if they can verify it was indeed you it would make a great aliby in court...
Copy protection blocking access to my files to make MP3s is wrong, but I really don't see how this is. It would seem to be part of the information age.
A com object call requires the target program (like IE) to be running and if it's not, will launch it. It's like a remote-control of the external app and hence I believe that app (IE in this case) would be the one grabbing the page and returning the results. It's not like a library call. The process should be identified as IE to zone alarm (and hence a good guy).
If I'm wrong, I'd love for someone who knows how COM works to tell me. But I'm betting I'm right...
Most people I know leave their computers on all the time, whether they have broadband or not. I leave mine on standby when I am away, and up until 2 months ago I didn't have a modem.
I don't know if it is precisely true, but the old adage "The worst thing you can do to your car (or computer?) is turn it on", referring to the stresses on the hardware due to powering on and off over and over. Whether standby is any better I have no idea...
The issue is not whether we can unplug our modems from the wall, it is whether or not we should HAVE to and whether this company should be able to force us into making this decision.
Yeah, but it's very unlikely that you will be able to *legally* view DVD content using Linux.
== Jez ==
Do you miss Firefox? Try Pale Moon.
I'm not talking about (stateful) firewalls; I wouldn't expect my family, friends, or other average users to understand those concepts. I was talking in a somewhat more general sense (the thread was about "average idiots", no?).
What I was referring to is the sheer number of people who routinely do stupid things. Be it work-related, traffic, personal (social), or other; people do not think things through. People who use hair dryers in the shower, who apply make-up, eat, read a newspaper, use their laptop, etc. while driving 100KM/h on the freeway, or those who can't understand that smoking while filling their car's gas tank isn't a terribly good idea, and that creating personal rocket projection systems to propell themselves into their cottage lake is probably inadviseable, or that standing in the middle of a doorway, contemplating life and their surroundings in a busy hallway isn't quite considerate or practical, or that speaking loudly on a cell phone in a movie theatre, exclaiming things like "Sorry, the sound is too loud, I can't hear you!" will probably incite rage in the other movie goers, or all the ladies (term used loosely, if you'll pardon the pun) who get surprised that, after having unprotected sex with several men and find themselves either sporting a child or an STD (nb; it's entirely common that the surprise child will be the second, third, or fourth), or the people who don't 'get' that drinking a pair of 40oz bottles of [insert favourite alcoholic beverage here] will quite possibly find them in the hospital spitting up blood and fragments of their stomach.
There are, of course, infinitely more examples, but I think they limit the upper size of these comments somewhere (and $DEITY forbid I should create a database size overflow or something. ;) )
But to get back to this thread - people who do not understand [cars|computers|electronics|mechanical devices] yet who insist upon taking them apart and/or servicing themselves, then blaming the manufacturer/retailer for selling them defective equipment. Or worse - people who don't understand these things and go against the advise of a trained professional and cause serious detriment for themselves and/or others around them.
As to the above references to my parents/grandparents; I do tell them what I think when they try to crack their computers and/or administer the installed software. It took me about five years, but my family finally understands that when they do something to the computer, it generally goes wrong and they need my help to fix it. When I do something to the computer, it works, because I do this for a living and know what I'm doing. Generally they feed me and keep my [coffee|beer] [cup|glass] full for my trouble, and everybody's happy.
The difference being, of course, my family smartened up - other people don't.
One of the higher standards I try to hold people to, and I realize it sounds horribly cliche, is to know one's limitations. For example, I know that I can change my oil (and filter), top up my fluids, and perform other small routine maintainance tasks on my car. I probably could figure my way through brakes or other aspects, but I don't. Instead, I leave it up to the trained mechanics who have years of experience and industry certifications that say they can do the job properly.
Another standard I hold people to, for those who are definately literate, is to read atleast the basic instructions before desperately phoning for help. I can't count the times I've had to help people (or been asked and refused) because they wouldn't open the fold-out "Step By Step" instruction set that came with their new purchase. The fact that many of the installations I've performed were insultingly simple is beside the point; the instructions spelled it out so clearly that a child could figure it out. This excuse adults use that technology is so complex that only the younger generations have a chance is complete rhetoric, and complete nonsense. If a University educated individual can't figure out how to connect something with colour-coded, size-differentiated connectors that are labelled at both ends and comes with a step-by-step instruction manual; something's wrong.
So no, I don't expect that people will understand stateful packet inspection, ingres/egres filtering, bogon filters, application versus network versus physical layer differentiation, or any of the other industry specific jargon I could name; but I do expect people to be able to perform in real life without their hands being held, lest they should manage to kill or maim themselves or someone around them in the process.
BD Phone Home!
Shameless plug. Like you weren't expecting it.