Slashdot Mirror
Will Your CD Player Tell on You?
An anonymous reader writes "Ever feel like not being a marketing statistic? Well just by playing certain store-bought compact discs in your home or office computer, your new music disc may be transmitting your listening habits in real time to the respective record company...." Charming. Read on for more...
Anonymous Continues: "A company by the name of Bandlink is providing technology to record companies that allows a cd played in a personal computer to contact their server and relate statistics such as what track you're listening to and when you're listening to them. This information is then compiled into customizable reports that allow the record company to develop "User Profiles". There are benefits listed for the consumer such as cd-specific chatrooms, concert information, etc but the question remains: What's your price for privacy? The only indication that the cd you're purchasing is Bandlink "enabled/disabled" is a small logo on the packaging. There is no mention of a opt in/opt out agreement when the cd is inserted on the website and none was displayed in a personal demonstration.
Favorite quote from their website: "Virtually any information you want to know about your fan or the quality of your release can be obtained.""
The Average Idiot.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
The kind who uses a CDDB, or who doesn't have a firewall.
BlackGriffen
...from all those players (including WinAmp) that analyze your CD and download the songlist for you? And this applies to 99% of retail CDs, not only those that are enabled by this technology.
this may not be all bad.. "Virtually any information you want to know about your fan or the quality of your release can be obtained." maybe they'll finally realize that everyone knows that the quality of their releases is mostly TERRIBLE... and that most people buy cd's for more than 1 song... this may actually lead to entire CD's being quality once again...
Buy a Mac? Use Linux?
:)
Uh... disable autoplay? Come on, not tricky, this one.
Does it transmit data when you rip a CD?
...if it can make your CD 'phone home' when playing it in a regular CD player (as mentioned in the article) that's not 'net connected!
In any case, this is seriously scary. While I don't think most Slashdotites (being technically literate) will be affected, think of your mom, little sister or brother (if any), peers at school (if any) - all those people who click "OK" mindlessly whenever a dialog box pops up. It's THOSE people that this kind of stuff targets - because those people don't know better. The only way to stop it is to TELL THEM ABOUT IT. Get the word out. Post flyers. Put it in your sig. Whenever you fix someone's computer, tell them about the new 'spy' CDs while you're digging around inside their case or (more likely) plugging in their eithernet cable.
I'm sure someone will come up with an anti-spy software for this soon, so give out as many copies (assuming the antispy software is freeware) as you can.
Look how well it worked for CD copy protection, at least for the first wave. We can do this.
This
The fundamental principle underlying current privacy practices in the United States is: "It is perfectly acceptable for a company to violate your privacy so long as it is for the purpose of selling you things."
Obviously companies believe this, and on present evidence I'd say that most consumers believe this, too.
"How to Do Nothing," kids activities, back in print!
You would think that if they use slashdot in order to find software and techniques that crack their attempts at 'protecting investments,' that by now they would understand that 'user profiling' is not generally liked or condoned by informed users.. in my humble opinion the modern day equivalent of 'racial profiling'.. the initsself modern term for a commonly rampant tendency for humans to generalize and profit of those generalization and the fears that follow. In this case, push technology is their answer to piracy finance losses. When I say loss I say it loosely and in a 'predicted forecasted maybe finacial gains report' kinda way. So, Why can't they get a grip and let customers come to them (with their supposedly superior product)? Why must they collect info on already paying customers when its been written as a disliked idea in popular science fiction (and general fiction/ some nonfiction) forever?
I give up.. I'll never rant again
HEY IN ANYONE HERE IS THINKING OF STARTING A COMPANY..
respect privacy..
nevermind.. I'm wasting my breathe.
pm
** "It's not my job to stand between the people talking to me, and the ones listening to me." -- Pego the Jerk
There are few technical details on their web site, but it appears to just be a mixed mode (data and audio) CD, which when played using Bandlink's CD player software, will give the "benefits" described. Since I don't have any intention of using their software, it's not a problem. Until, of course, people start producing music that can only be played with their player. So far, record companies haven't been brave enough to test such a tactic in the market, although with copy protected CDs, they're getting awfully close to the line. The depressing thing is, I suspect the general public would just meekly go along with it :-(
"The invisible and the non-existent look very much alike." -- Delos B. McKown
On the other hand, you DO control your computer, and can and SHOULD be careful about what you run on it. In this case, simply turning off the ridiculously stupid autorun when you put in CDs is enough to foil whatever the cd does when you insert it.
Same goes with javascript and ad popups - just turn them off! It's your computer!
Sure, there are conveniences that you lose in doing that, but many conveniences come with security risks and other annoyances. It's just like the security problems with Outlook autorunning attachments and scripts all the time - it's a ridiculous way of writing software, and never should have been included, and anyone with a clue either turns it all off or gets a different mail program. For some reason, people don't see javascript and autorun and similar things in the same way. I do.
This is not a big deal now -- you have to install their software for the "feature" to work, etc. Therefore some of the people on this site are not concerned. After all, we listen to our cds on real cd players, and don't use their program, etc.
The problem arrives when you must install this software to listen to the cd on your computer. Remember, copy protected cds are out there, and adding this layer wouldn't be very hard.
The next step means loss of fair use. Maybe not for you or your friend who thought Napster was the greatest thing since a windows network on a university campus, but definitely for a lot of people.
Over the last couple of years the fire has seemed to have burned out. We used to get pissed about this shit, and now the highest rated comments don't seem to care about it all. We're letting our guard down.
It's not an unimpeded, unstoppable invasion of privacy, like what TiVO was doing.
TiVo sends aggregate information. How is that an invasion of privacy?
"And like that
If a company wants to collect this kind of information I'd support it as long as it was purely entirely 100% anonymous. But what guarantee do I have that just the CD, track, and time of playing are sent?
How do you know that they aren't sending your IP address when they say they aren't? How do you know they aren't sending info about files in 'My Documents' or what files are listed in the 'add/remove' section of the registry? And don't tell me the privacy policy says they aren't so they aren't-privacy policies are changed more often than my underwear, and I change that everyday!
I don't mean to get all Mulder here, but I am so tired of companies trying to sneek things past me in a 10 page licence agreement for free software that exceeds the length of my deed if I buy a $300000 house!
This is true so long as you're not an outlier. Consider some examples of things that could make you an outlier:
I'm sure with minimal effort, others can come up with even more chilling examples. When the government of our corporate republic can legally trawl everything looking for outliers, safety in numbers doesn't make me so comfortable.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
The same damn person that is running iMesh, or KaZaA. Both of which are INFINITELY worse about privacy.
against unauthorized access. Perhaps if the "average Joe" started to insist they apply to *his* computer as well the corporate server things would get, ummmmmmm, interesting.
Of course if your computer software comes attached with an offensive EULA in which you "agree" to have no rights to your own system/network you might well be hosed. I'd like to see someone challange this in court *on the basis that you can't be coerced into signing away a basic property right, even by contract.*
To my knowledge this hasn't been tried yet in America ( in some other countries the EULA is already considered invalid prima facie). All it takes is someone devoted to the cause with $50,000 American and five years of their life to devote to it.
Of course there's another option. *Don't use EULAed software.*
In that case the assumption of having to give some sort of explicit permission to enter your system ought to hold just as much for the personally computer as it does for the corporate/government computer.
Hacking is a crime. Do your homework, secure your system, and then insist on *prosocuting* any "hacking" of you system, no matter who the "hacker" is.
Laws are double edged swords that can cut the person who "bought" the law just as well as those it was intended to be a weapon against if the intended victim learns how to use the "weapon."
KFG
But you're missing the point... As technology becomes ever more integrated with our lives, the option of "just turn it off" becomes increasingly less possible. No, not from a technical perspective, but from a *social* perspective.
Sure, you could turn your cell phone off when you're not making a call so that telco's and gov can't triangulate your position, but do you?
Sure, you could pay for everything in cash instead of credit to avoid an electronic trail, but do you?
Sure, you could wait 10 minutes at the bridge instead of using a new electronic toll payment system, but do you?
Smart agents and networked technologies like this erode our privacy. But do we get enough in return?
How much would you sell *your* privacy for?
I'd suggest that a very large chunk of those who find slashdot interesting enough to read are above average at the least. First they read, this alone indicates they are probably above the low set as average. Second they are interested in technological innovations, science, physics, mathmatical puzzles, computer programming, and free speech. True there are those who just hang around to see what the newest mp3 player is. But for the most part there is a reason that the opinions you see on slashdot tend to differ from what you see mainstream, mainstream is in very large part those average and below average intelligences at work.
What really cracks me up is how this "holier-than-thou" sentiment is lavashed in a forum where we think it is important to be the bigger nerd but what I'd really like to know is how many of you tell your grandma/mother/aunt/girlfriend/whatever that they're an idiot for not keeping up with PC security, or for not patching their OS (what?!?! your grandma doesn't use Linux! What a fucking moron! I'm glad she's not related to me...). Gimme a break folks. How many of you immediately turned around and issued a security bulletin to your family about this horrid new CD technology. I can see it now..."I repeat, DO NOT INSERT THE CD INTO YOUR COMPUTER'S CD DRIVE!!! If you feel unsafe or unsure whether or not you are using one of these new CDs, please contact my secretary, er answering machine and schedule an appoint, er leave a message and I'll set a time for me to do a security visit with you to ensure you are not in any DANGER. I repeat you morons, DO NOT INSERT THE CD INTO YOUR COMPUTER'S CD DRIVE!!!! (yes grandma, this means you too)." Get real guys.
Perhaps. But on the other hand, it could just be that most people are incompetent at their jobs, driving, and whatever else.
To wit: the left lane on a road is for passing. Most states have laws that restrict the distance that a driver can drive in the left lane before moving over. If you've ever driven long-distance, you know that there are those who insist on indefinately going limit plus 5 (or worse yet: limit) in the left lane. And no, I'm not breaking the law if I try to pass, I live in a prima facie state.
Second: Examine for a moment a Motorola v60c. The earlier versions are the best example of this. The antenna easily bends in one's pocket. (They've fixed this with new antenna revs.) Worse, when extended, the antenna acts as a lever for the (bulky) antenna tip to use to exert massive force against the rest of the antenna. Net result: three antenna breaks in 6 months, two in-pocket.
Third: Went to a fast food place looking for food and directions to a gas station. Someone (A) is trying to help me out by asking someone else (B). A: "you familiar with (cityname)?" B: "yeah, kinda" A: "are there any gas stations near here?" B: "whatcha looking for?" A: "gas"
There's far, far more. These are the easy examples. But if you can honestly say you have not run across any stupidity in the past week, good for you! You're a far more patient being than I.
Incidentally, I don't mean to disparage those who can't use computers. I can't perform brain surgery; just because others have no expertise in my area doesn't make them idiots. But when people cannot do their jobs or comprehend basic English (where English is their native language)...
Lightbulbs aren't calibrated to maximize lifetime, but to make it as short as the market will bear.
Timeo idiotikOS et dona ferentes
A com object call requires the target program (like IE) to be running and if it's not, will launch it. It's like a remote-control of the external app and hence I believe that app (IE in this case) would be the one grabbing the page and returning the results. It's not like a library call. The process should be identified as IE to zone alarm (and hence a good guy).
If I'm wrong, I'd love for someone who knows how COM works to tell me. But I'm betting I'm right...
I'm not talking about (stateful) firewalls; I wouldn't expect my family, friends, or other average users to understand those concepts. I was talking in a somewhat more general sense (the thread was about "average idiots", no?).
What I was referring to is the sheer number of people who routinely do stupid things. Be it work-related, traffic, personal (social), or other; people do not think things through. People who use hair dryers in the shower, who apply make-up, eat, read a newspaper, use their laptop, etc. while driving 100KM/h on the freeway, or those who can't understand that smoking while filling their car's gas tank isn't a terribly good idea, and that creating personal rocket projection systems to propell themselves into their cottage lake is probably inadviseable, or that standing in the middle of a doorway, contemplating life and their surroundings in a busy hallway isn't quite considerate or practical, or that speaking loudly on a cell phone in a movie theatre, exclaiming things like "Sorry, the sound is too loud, I can't hear you!" will probably incite rage in the other movie goers, or all the ladies (term used loosely, if you'll pardon the pun) who get surprised that, after having unprotected sex with several men and find themselves either sporting a child or an STD (nb; it's entirely common that the surprise child will be the second, third, or fourth), or the people who don't 'get' that drinking a pair of 40oz bottles of [insert favourite alcoholic beverage here] will quite possibly find them in the hospital spitting up blood and fragments of their stomach.
There are, of course, infinitely more examples, but I think they limit the upper size of these comments somewhere (and $DEITY forbid I should create a database size overflow or something. ;) )
But to get back to this thread - people who do not understand [cars|computers|electronics|mechanical devices] yet who insist upon taking them apart and/or servicing themselves, then blaming the manufacturer/retailer for selling them defective equipment. Or worse - people who don't understand these things and go against the advise of a trained professional and cause serious detriment for themselves and/or others around them.
As to the above references to my parents/grandparents; I do tell them what I think when they try to crack their computers and/or administer the installed software. It took me about five years, but my family finally understands that when they do something to the computer, it generally goes wrong and they need my help to fix it. When I do something to the computer, it works, because I do this for a living and know what I'm doing. Generally they feed me and keep my [coffee|beer] [cup|glass] full for my trouble, and everybody's happy.
The difference being, of course, my family smartened up - other people don't.
One of the higher standards I try to hold people to, and I realize it sounds horribly cliche, is to know one's limitations. For example, I know that I can change my oil (and filter), top up my fluids, and perform other small routine maintainance tasks on my car. I probably could figure my way through brakes or other aspects, but I don't. Instead, I leave it up to the trained mechanics who have years of experience and industry certifications that say they can do the job properly.
Another standard I hold people to, for those who are definately literate, is to read atleast the basic instructions before desperately phoning for help. I can't count the times I've had to help people (or been asked and refused) because they wouldn't open the fold-out "Step By Step" instruction set that came with their new purchase. The fact that many of the installations I've performed were insultingly simple is beside the point; the instructions spelled it out so clearly that a child could figure it out. This excuse adults use that technology is so complex that only the younger generations have a chance is complete rhetoric, and complete nonsense. If a University educated individual can't figure out how to connect something with colour-coded, size-differentiated connectors that are labelled at both ends and comes with a step-by-step instruction manual; something's wrong.
So no, I don't expect that people will understand stateful packet inspection, ingres/egres filtering, bogon filters, application versus network versus physical layer differentiation, or any of the other industry specific jargon I could name; but I do expect people to be able to perform in real life without their hands being held, lest they should manage to kill or maim themselves or someone around them in the process.
BD Phone Home!
Shameless plug. Like you weren't expecting it.