Slashdot Mirror
Will Your CD Player Tell on You?
An anonymous reader writes "Ever feel like not being a marketing statistic? Well just by playing certain store-bought compact discs in your home or office computer, your new music disc may be transmitting your listening habits in real time to the respective record company...." Charming. Read on for more...
Anonymous Continues: "A company by the name of Bandlink is providing technology to record companies that allows a cd played in a personal computer to contact their server and relate statistics such as what track you're listening to and when you're listening to them. This information is then compiled into customizable reports that allow the record company to develop "User Profiles". There are benefits listed for the consumer such as cd-specific chatrooms, concert information, etc but the question remains: What's your price for privacy? The only indication that the cd you're purchasing is Bandlink "enabled/disabled" is a small logo on the packaging. There is no mention of a opt in/opt out agreement when the cd is inserted on the website and none was displayed in a personal demonstration.
Favorite quote from their website: "Virtually any information you want to know about your fan or the quality of your release can be obtained.""
The Average Idiot.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
The kind who uses a CDDB, or who doesn't have a firewall.
BlackGriffen
...from all those players (including WinAmp) that analyze your CD and download the songlist for you? And this applies to 99% of retail CDs, not only those that are enabled by this technology.
Buy a Mac? Use Linux?
:)
Uh... disable autoplay? Come on, not tricky, this one.
Does it transmit data when you rip a CD?
...if it can make your CD 'phone home' when playing it in a regular CD player (as mentioned in the article) that's not 'net connected!
In any case, this is seriously scary. While I don't think most Slashdotites (being technically literate) will be affected, think of your mom, little sister or brother (if any), peers at school (if any) - all those people who click "OK" mindlessly whenever a dialog box pops up. It's THOSE people that this kind of stuff targets - because those people don't know better. The only way to stop it is to TELL THEM ABOUT IT. Get the word out. Post flyers. Put it in your sig. Whenever you fix someone's computer, tell them about the new 'spy' CDs while you're digging around inside their case or (more likely) plugging in their eithernet cable.
I'm sure someone will come up with an anti-spy software for this soon, so give out as many copies (assuming the antispy software is freeware) as you can.
Look how well it worked for CD copy protection, at least for the first wave. We can do this.
This
The fundamental principle underlying current privacy practices in the United States is: "It is perfectly acceptable for a company to violate your privacy so long as it is for the purpose of selling you things."
Obviously companies believe this, and on present evidence I'd say that most consumers believe this, too.
"How to Do Nothing," kids activities, back in print!
There are few technical details on their web site, but it appears to just be a mixed mode (data and audio) CD, which when played using Bandlink's CD player software, will give the "benefits" described. Since I don't have any intention of using their software, it's not a problem. Until, of course, people start producing music that can only be played with their player. So far, record companies haven't been brave enough to test such a tactic in the market, although with copy protected CDs, they're getting awfully close to the line. The depressing thing is, I suspect the general public would just meekly go along with it :-(
"The invisible and the non-existent look very much alike." -- Delos B. McKown
On the other hand, you DO control your computer, and can and SHOULD be careful about what you run on it. In this case, simply turning off the ridiculously stupid autorun when you put in CDs is enough to foil whatever the cd does when you insert it.
Same goes with javascript and ad popups - just turn them off! It's your computer!
Sure, there are conveniences that you lose in doing that, but many conveniences come with security risks and other annoyances. It's just like the security problems with Outlook autorunning attachments and scripts all the time - it's a ridiculous way of writing software, and never should have been included, and anyone with a clue either turns it all off or gets a different mail program. For some reason, people don't see javascript and autorun and similar things in the same way. I do.
This is not a big deal now -- you have to install their software for the "feature" to work, etc. Therefore some of the people on this site are not concerned. After all, we listen to our cds on real cd players, and don't use their program, etc.
The problem arrives when you must install this software to listen to the cd on your computer. Remember, copy protected cds are out there, and adding this layer wouldn't be very hard.
The next step means loss of fair use. Maybe not for you or your friend who thought Napster was the greatest thing since a windows network on a university campus, but definitely for a lot of people.
Over the last couple of years the fire has seemed to have burned out. We used to get pissed about this shit, and now the highest rated comments don't seem to care about it all. We're letting our guard down.
If a company wants to collect this kind of information I'd support it as long as it was purely entirely 100% anonymous. But what guarantee do I have that just the CD, track, and time of playing are sent?
How do you know that they aren't sending your IP address when they say they aren't? How do you know they aren't sending info about files in 'My Documents' or what files are listed in the 'add/remove' section of the registry? And don't tell me the privacy policy says they aren't so they aren't-privacy policies are changed more often than my underwear, and I change that everyday!
I don't mean to get all Mulder here, but I am so tired of companies trying to sneek things past me in a 10 page licence agreement for free software that exceeds the length of my deed if I buy a $300000 house!
This is true so long as you're not an outlier. Consider some examples of things that could make you an outlier:
I'm sure with minimal effort, others can come up with even more chilling examples. When the government of our corporate republic can legally trawl everything looking for outliers, safety in numbers doesn't make me so comfortable.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
against unauthorized access. Perhaps if the "average Joe" started to insist they apply to *his* computer as well the corporate server things would get, ummmmmmm, interesting.
Of course if your computer software comes attached with an offensive EULA in which you "agree" to have no rights to your own system/network you might well be hosed. I'd like to see someone challange this in court *on the basis that you can't be coerced into signing away a basic property right, even by contract.*
To my knowledge this hasn't been tried yet in America ( in some other countries the EULA is already considered invalid prima facie). All it takes is someone devoted to the cause with $50,000 American and five years of their life to devote to it.
Of course there's another option. *Don't use EULAed software.*
In that case the assumption of having to give some sort of explicit permission to enter your system ought to hold just as much for the personally computer as it does for the corporate/government computer.
Hacking is a crime. Do your homework, secure your system, and then insist on *prosocuting* any "hacking" of you system, no matter who the "hacker" is.
Laws are double edged swords that can cut the person who "bought" the law just as well as those it was intended to be a weapon against if the intended victim learns how to use the "weapon."
KFG
But you're missing the point... As technology becomes ever more integrated with our lives, the option of "just turn it off" becomes increasingly less possible. No, not from a technical perspective, but from a *social* perspective.
Sure, you could turn your cell phone off when you're not making a call so that telco's and gov can't triangulate your position, but do you?
Sure, you could pay for everything in cash instead of credit to avoid an electronic trail, but do you?
Sure, you could wait 10 minutes at the bridge instead of using a new electronic toll payment system, but do you?
Smart agents and networked technologies like this erode our privacy. But do we get enough in return?
How much would you sell *your* privacy for?
I'd suggest that a very large chunk of those who find slashdot interesting enough to read are above average at the least. First they read, this alone indicates they are probably above the low set as average. Second they are interested in technological innovations, science, physics, mathmatical puzzles, computer programming, and free speech. True there are those who just hang around to see what the newest mp3 player is. But for the most part there is a reason that the opinions you see on slashdot tend to differ from what you see mainstream, mainstream is in very large part those average and below average intelligences at work.
What really cracks me up is how this "holier-than-thou" sentiment is lavashed in a forum where we think it is important to be the bigger nerd but what I'd really like to know is how many of you tell your grandma/mother/aunt/girlfriend/whatever that they're an idiot for not keeping up with PC security, or for not patching their OS (what?!?! your grandma doesn't use Linux! What a fucking moron! I'm glad she's not related to me...). Gimme a break folks. How many of you immediately turned around and issued a security bulletin to your family about this horrid new CD technology. I can see it now..."I repeat, DO NOT INSERT THE CD INTO YOUR COMPUTER'S CD DRIVE!!! If you feel unsafe or unsure whether or not you are using one of these new CDs, please contact my secretary, er answering machine and schedule an appoint, er leave a message and I'll set a time for me to do a security visit with you to ensure you are not in any DANGER. I repeat you morons, DO NOT INSERT THE CD INTO YOUR COMPUTER'S CD DRIVE!!!! (yes grandma, this means you too)." Get real guys.
Perhaps. But on the other hand, it could just be that most people are incompetent at their jobs, driving, and whatever else.
To wit: the left lane on a road is for passing. Most states have laws that restrict the distance that a driver can drive in the left lane before moving over. If you've ever driven long-distance, you know that there are those who insist on indefinately going limit plus 5 (or worse yet: limit) in the left lane. And no, I'm not breaking the law if I try to pass, I live in a prima facie state.
Second: Examine for a moment a Motorola v60c. The earlier versions are the best example of this. The antenna easily bends in one's pocket. (They've fixed this with new antenna revs.) Worse, when extended, the antenna acts as a lever for the (bulky) antenna tip to use to exert massive force against the rest of the antenna. Net result: three antenna breaks in 6 months, two in-pocket.
Third: Went to a fast food place looking for food and directions to a gas station. Someone (A) is trying to help me out by asking someone else (B). A: "you familiar with (cityname)?" B: "yeah, kinda" A: "are there any gas stations near here?" B: "whatcha looking for?" A: "gas"
There's far, far more. These are the easy examples. But if you can honestly say you have not run across any stupidity in the past week, good for you! You're a far more patient being than I.
Incidentally, I don't mean to disparage those who can't use computers. I can't perform brain surgery; just because others have no expertise in my area doesn't make them idiots. But when people cannot do their jobs or comprehend basic English (where English is their native language)...