Slashdot Mirror
Will Your CD Player Tell on You?
An anonymous reader writes "Ever feel like not being a marketing statistic? Well just by playing certain store-bought compact discs in your home or office computer, your new music disc may be transmitting your listening habits in real time to the respective record company...." Charming. Read on for more...
Anonymous Continues: "A company by the name of Bandlink is providing technology to record companies that allows a cd played in a personal computer to contact their server and relate statistics such as what track you're listening to and when you're listening to them. This information is then compiled into customizable reports that allow the record company to develop "User Profiles". There are benefits listed for the consumer such as cd-specific chatrooms, concert information, etc but the question remains: What's your price for privacy? The only indication that the cd you're purchasing is Bandlink "enabled/disabled" is a small logo on the packaging. There is no mention of a opt in/opt out agreement when the cd is inserted on the website and none was displayed in a personal demonstration.
Favorite quote from their website: "Virtually any information you want to know about your fan or the quality of your release can be obtained.""
Hey, this is hardly music. Change the CAT to YRO!!!!
You know what? I think the law should start considering my computer desktop and my network connection as my personal property. Want to display a popup on my desktop? Sure, $5 a time. Want to send some bits on my behalf? Sure, $1 million a time. If you try and steal advertising space on my desktop, or steal some of the bits that I own, then you go to jail.
With CD copy protection preventing people from listening to cds on their PCs, this shouldn't be a problem.
So what happens if I dont agree with their license? Do I not get to play the CD, or do they just not collect any information. Or do they use misleading language to trick the consusmer into hitting yes?
The Doormat
If you're not outraged, then you're not paying attention.
At home, my Windows box has no access to Internet (except for Mozilla): the firewall is setup not to let any packet from this particular IP address go through :o)
Mozilla may establish HTTP connections using the proxy.
I'd like to see how these smart guys cope with this situation...
But perhaps, I'm not exactly the kind of person they are looking for...
Every time you use a credit card, grocery store discount card, write a check they put through a reader, login to something, and so on and so you're are being profiled. I used to work for the second largest ISP, and everything you connected all your connection attempts and other info was beening uploaded during the connection. Many of the major corporation now run software that monitors your calls, and internet activity. We are being monitored, counted, tracked, profiled, and categoried so much does it even matter. All this is just business, if get into all the tracking the goverment does, and you'll really feel like a specimen under a microscope.
Actually in many way I feel there is safety in numbers. If they were only monitoring a we few people I would be nervous, but when the amount of data being collected we are people just numbers in a statisitc somewhere. Just another brick in the wall.
Although I use the free ZoneAlarm.. I'm also pretty restrictive about what programs I allow access, i.e. why oh bloody why does WMP require internet access when playing a media file when all the required codecs are installed (pile of crap it is).
But, the cynic in me keeps shouting out this idea... what is to stop the disc (well apart from disabling autoplay, unless MS has some other "backdoor" auto execution of something on new media) from opening up a browser window with a heavily customised piece of url every now and then? The default access permissions will allow any web browser to do it's stuff?
Just food for thought.
Are you local? There's nothing for you here!
Can someone with one of these CD's report the addresses they try to write to, and we add a map to 127.0.0.0 in the HOSTS file? That works with all kinds of spyware (e.g., doubleclick, redsherriff).
Better yet, can someone distribute a universal HOSTS file of all known spyware and update often? I'd pay for the privilege. AdAware may be a good vehicle.
Do you play all the music that you want to listen to? Or did you just stop listening to music pretty much period.
(This isn't meant to sound arrogant, I'm just curious)
As someone else had posted earlier, it's not likely iptables would notice. It would probably look like a web page request on the client computer, which would be legitamate as far as the firewall is concerned.
If this IS the case, thats cool because you could log the packets while the app runs after inserting the CD, and see how they talk to the server. Then using the logged data as a model, you could seed the database with misinformation, or "support" certain bands that you are partial to.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
It's very different. Downloading the track list for a given CD generally happens only once, doesn't involve contacting the record company, and doesn't reveal anything about you other than that your machine has the CD in question inserted at the moment.
What we're looking at here is software that tells the record companies who you are, what your listening habits are like, etc. Essentially, there's a lot more information leaving your computer, and it may not be information that you want to reveal.
PC's are cheap now--run two, one with an Internet connection, and one without. Network internally with IPX/SPX or NetBEUI. Download your entertainment on the Internet connected PC. Play the downloaded content on the disconnected PC. Voila`--the media players, etc. can't call home. For added security, don't do anything sensitive on the Internet connected machine.
This setup isn't airtight, but it's a damn sight better than giving RealMedia, Microsoft, and every other spyware purveyor on the face of the earth unfettered access to the same machine that contains your financial information or files which indicate certain, um, proclivities.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
The cd is a mixed mode cd, 2 sessions.
The first is standard cd-da format.
The second has the bandlink software - 2 mb.
There's an autorun that pops up saying "You must agree to this to listen to this cd"
However... when I open windows media player 8, select Play > Cd-audio, then the cd plays just like any other.
-- You can't give it, you can't even buy it, and you just don't get it!
Network internally with IPX/SPX or NetBEUI.
You know, this is a great idea and I was thinking the same thing a few weeks ago. Since most if not all apps try to phone home using tcpip, this should provide another level of security. Of course Sygate and Zonealarm will notify you if any app tries to make any sort of connection, but if you don't need all of your home computers to be conected to the net, use a different protocol internally.
But I'm all for tracking people's CD usage. That allows companies to market more targetable CD's. Instead of producing CD's that people buy because they "heard" they were good, and then listened to only a few times before getting disgusted with it, it lets them find out what music people listen to over and over again.
-BrentHmmm...
wonder how careful they were in programming the server app that listens for these "tattle-tale" CDs.
Just a thought
Tim
The best way to stop this kind of thing is to figure out what it is sending and then to generate reports about things we are not listening to. It will make the marketing reports useless.
This may have merit, but as a nerd, I shudder at the entire nauseating concept of such an invasion.
I just don't like how they don't ask. If they said it clearly, released two versions, and/or popped up a dialog requester with a simple "May I," it wouldn't be a problem. But the fact that it's so subtle and silent indicates to me that this company knows that this misfeature is not going to make it popular.
On the flip side, it will show artists what music is popular, and what we like to hear, so more of it will be made.
On the flip side's flip side, said artists will just create the same type of music, remixed a bit, and rereleased- it's the new stuff that I like, the odd and offbeat. If it's cloned, it sort of loses that.
It's sort of like a survey about your music preferences. Except they don't ask if you want to take it.
I can also see a DDoS attack on the system myseriously slowing down your comptuer (if you don't know this is happening) if their server gets overloaded by a whole bunch of music listeners, or just a good old ping flood, as your system tries again and again to send. I bet this could cause a good bit of net.congestion, too.
Not to mention that modem users will hate its guts.
Warning: Poster of this comment is a nerd. Just like everybody else here.
Very true, but how the hell could you have the data tracks switch between unplayable and playable states based on whether you agree to an EULA?
I just now figured out some of the recent emails that have come my way from Slashdot.
I speak on behalf of Bandlink so you can please respond to Support@bandlink.com with any questions you have about the software.
Jump to Conclusion:
Essentially, we always get mixed in with the ominous nature of the Recording
Industry in terms of the Napster litigations and other bad press. We don't offer any encryption software and we are not "Spyware".
What is it?
Bandlink is pretty basic in its technology. Designed to make Music "Bigger"
by providing actual CD owners access to Online Bonus content and other extras. The Online content is served
from a webserver which, like all webservers, provide "Webtrends" style
analysis for what files are interacted with or downloaded.
(This makes up the bulk of our reports and all websites from Amazon, to the NY Times does this.)
When users interact, with the bonus content, the "Aggregate" information is
compiled in reports. Also, if the music listener "Ranks" a specific song from the CD or
from the web based Bonus Content section, then that too is added to the reports which go directly to the musician or record label who most needs to know.
In terms of personal information, and like most websites, we don't know who is viewing our web content, we just know that someone is.
All of this information, as most Internet savvy users will know can be obtained via a "Web Server Log". If a user fills out a survey which requests personal information than that is the users choice, and that information will be sent directly to the artists themselves. (Personal info is pretty much limited to mailing lists and other opt-in services.)
Other than that, Bandlink is pretty mundane. I have seen some of the things that the music industry is considering in terms of encryption, and believe me that this is much much better in that it gives the fans extra content, and lets the artists know more about their fans.
Please feel free to ask us any further questions about the software directly.
I have read through most of your posts and you guys are kind of going down a technical path that gives Bandlink waaaaay too much credit. But you are giving some good ideas! (kidding)
Support@bandlink.com
Many DVD disks include "InterActual" (previously known as "PC Friendly") software which is autorun upon DVD insertion on Windows machines. To the typical home consumer, the message presented appears as if it originated from the PC itself, prompting the user to install the software in order to view the DVD content.
There are several issues with this, and relavent to the topic of "illegitimacy of spyware":
1. "InterActual" doesn't actually install an MPEG2 decoder filter, it merely uses the existing filter provided with a new PC
2. "InterActual" software attempts to redirect the user to whatever content is available online relating (or not) to the title being viewed - spam essentially
3. "InterActual" assigns itself as the default DVD playback application in Windows, and thus the user is subjected to the inferior quality of the DVD navigation software
4. "InterActual", if the user performs the standard "click-thru" agreement to watch their DVD content, broadcasts information about what DVD content the user views
Suffice to say, these points are easily discovered with a Google search, so I'll refrain from excessive linking and leave further research to the reader.
Now, for the more-than-capable user (read: most of you reading this), an explanation for preventing/disabling/uninstalling this spyware is obviated. But as the initiated, it's our duty to explain this to those who may not understand (read: friends, neighbors, family) what happens with spyware such as "InterActual" software.
On a personal note: After purchasing my last PC from Dell (please no "Dude" jokes) and inserting a DVD disk, it presented me with a dialog informing me that "InterActual" software was attempting to install and overwrite my settings, and gave me the option to block "InterActual" from installing on my machine. As expected, content is played through the standard DVD software provided by the OEM and I don't have to see that annoying banner anymore when I insert an "InterActual" or "PC Friendly Enabled!" disk.
Cheers!
J. Esterhaus
Won't my Microsoft Windows "Palladium" PC stop my 13 year old son from installing garbage like this on the home PC, saving our household from having our privacy viloated.
Knowing what CD tracks you listen to and when, what groceries you buy and when, and videos you rent and when, who you call and when, where you go and when, and the list goes on and on. The sum of these things is just a bit too much information for corporate america to be keeping detailed track of.
I think there's an important point here that you missed. Corporate America is not a single entity, and each of these things is not added to a sum. Sure, Safeway knows what kind of food I buy, and Blockbuster knows what videos I rent*, but there's no way to corrolate my food purchasing habits with my video rental habits. Even if Safeway and Blockbuster were both owned by the same parent company, they don't use the same database.
The other important point is, if the only thing this information is being used for is gathering statistics to help the companies market more effectively, I don't care. They're not invading my life.
* Not really; public libraries are wonderful things.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Besides, I don't take any of that garbage. Both of my home networks, which are physically separated for paranoia purposes, must pass through a two-stage firewall system powered by four separate OpenBSD boxen (two for each network's firewall). The configuration of these firewalls has evolved over three years' time, but suffice it to say that I feel relatively comfortable knowing that any site that is not specifically white-listed will NOT get accessed by any of my machines, nor will any whitelisted machines get accessed for protocols which I have not specifically allowed. The advantage here is that NO software is going to report JACK SCHITT about my behavior to NO marketer.
One final note: I am a marketer by profession. B2B, specifically. And I refuse to employ any big-brother techniques in my work. This may be more difficult when marketing to enormous herds of stupid, technologically illiterate masses of IDIOTS, where you need to be stupid like that to make any sales. But I don't give a damn. I'm doing my part to avoid world-wide slavery by not doing that garbage myself.
WAR IS PEACE.
FREEDOM IS SLAVERY.
IGNORANCE IS STRENGTH.
Don't like this bandlink crap?
Write a distributed denial of accuracy program (DDOAP) so that anyone who wants to corrupt the bandlink statistics can download and run your program in the background and every hour or so it will send out information to bandlink telling them you are listening to some high-brow band nobody's ever heard of.
Next thing you know, They Might Be Giants will get a record deal for $30M an album...
Wait wait!
It's ok for them to do that because they are big corporations. Hence they can make you work for them and turn your computer into a market reporting slave. And if the mass decide against it they will just blame you for allege pirating of mp3s and make it all ok.
Next step, requirement of CDkeys to activate your CD. Then, charge per CD per song per play through your creditcard or bank account
Of course there's another option. *Don't use EULAed software.*
good idea, but that rules out the bigger of the linux distros then.
redhat- HAS EULA on the cd pouch when you buy it.
SuSe - EULA
Lindows - well it really isnt a big distro.. slackware users outnumber this one 5 to 1.
licoris - well yeah... same as above....
Basicaly as linux users we should have a ZERO tolerance to Eula's on anything that is linux. and yes that meant taking a direct shot at redhat.
REDHAT makers... why do you have a eula? why did I have to return the package to the store? I wanted to buy it, but I refused to agree to your eula printed on the install discs envelope..
I loved redhat very much, it's great for the newbie and corperate... but the Eula makes me want to stay away from it.
Do not look at laser with remaining good eye.
I use Opera as my primary browser but leave IE as the default program for HTML files. I also set ZoneAlarm to query when IE tries to go outside the box. That way, when a com object call tries to start IE, ZA asks me if I want to let it out. Most of the time, I tell it no.
My question is, do all those frustrated calls get queued up somewhere, just waiting for me to let IE hit the net so they can all go tell on me?
--pg
Brandishing Dangerous Logic
It seems to me that Windows, especially in the consumer domain, is becoming much more like TV. That is, television isn't a service provided to the viewers, it's a service provided to the marketers. The viewer's attention is the actual product which is being sold. The content on the television is not the primary business of television networks, selling advertisments is.
It seems like Windows is becoming the same way. The fact that a Windows computer can actually do useful things for the owner is becoming secondary to it's use as a vehicle for advertising and gathering marketing information. I think it's one of the things that turns me off the most about Windows, that constant feeling that you can't trust "your" computer at all, because you really can't. Every other program is co-opting "your" computer for the purpose of advertising to you. And it's not even just "free as in beer" software that does it, even stuff you paid good money for feels the need to steal your attention for advertisements. And they all, uniformly, require you to agree to EULA's.
It's one of the main reasons why I hope Linux never takes off on the desktop, because I don't want to have to deal with all that crap. Fortunately, one of Linux's strengths is that even if some distro does take over the desktop from Microsoft and inherits all the spy-ware and ad-ware, I can just run some other distro that doesn't suck. Not an option with Windows: they all suck.
So, if it's a separate application, why not just look at the task monitor in Windows and kill it?
Unless, of course, this is a "protected" CD which has its own built-in player and which wouldn't work with any other CD playing app. In which case it's going right back to the store for a refund...