Slashdot Mirror
Will Your CD Player Tell on You?
An anonymous reader writes "Ever feel like not being a marketing statistic? Well just by playing certain store-bought compact discs in your home or office computer, your new music disc may be transmitting your listening habits in real time to the respective record company...." Charming. Read on for more...
Anonymous Continues: "A company by the name of Bandlink is providing technology to record companies that allows a cd played in a personal computer to contact their server and relate statistics such as what track you're listening to and when you're listening to them. This information is then compiled into customizable reports that allow the record company to develop "User Profiles". There are benefits listed for the consumer such as cd-specific chatrooms, concert information, etc but the question remains: What's your price for privacy? The only indication that the cd you're purchasing is Bandlink "enabled/disabled" is a small logo on the packaging. There is no mention of a opt in/opt out agreement when the cd is inserted on the website and none was displayed in a personal demonstration.
Favorite quote from their website: "Virtually any information you want to know about your fan or the quality of your release can be obtained.""
What sort of idiot has their firewall configured to let their CD player send packets out?
You know what? I think the law should start considering my computer desktop and my network connection as my personal property. Want to display a popup on my desktop? Sure, $5 a time. Want to send some bits on my behalf? Sure, $1 million a time. If you try and steal advertising space on my desktop, or steal some of the bits that I own, then you go to jail.
...from all those players (including WinAmp) that analyze your CD and download the songlist for you? And this applies to 99% of retail CDs, not only those that are enabled by this technology.
this may not be all bad.. "Virtually any information you want to know about your fan or the quality of your release can be obtained." maybe they'll finally realize that everyone knows that the quality of their releases is mostly TERRIBLE... and that most people buy cd's for more than 1 song... this may actually lead to entire CD's being quality once again...
So does this info go to the DOD to see if you're a terrorist? God help me if they know that I like Avril Lavigne!
I use Tiny Personal Firewall 2.0 to stop this sort of crap under Windows. It'll block any application from 'reporting' back home via the internet. It's a pro at keeping apps like Real Player or guys like this from tattling. It's not open source, but the 2.0 version was freeware. I'm not sure about the 4.0 version.
I strongly suspect that this won't even be an issue for most Linux users.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Buy a Mac? Use Linux?
:)
Uh... disable autoplay? Come on, not tricky, this one.
Is this USA only, or are these for sale in Canada or in Europe? Because if they are, Canada's PIPEDA and the EU DPD mean wake up and smell the lawsuits.
MHO. YMMV. Any resemblance between this post and real persons, or reality in general, was accidental.
Does it transmit data when you rip a CD?
Or better yet. Use Linux which doesn't understand autoplay 'features'. Personally, CDs stay in my PC just long enough to turn into MP3s. The CD is then retired to a dusty bookshelf.
Bandlink Support
Bandlink is designed to be run simply by inserting the CD into a Windows Compatible PC. The first time you insert the CD you will need to agree to the Bandlink User License and download the remaining program files. Bandlink should do the rest from then on.
As you can see, there's a consumer agreement component here. It's not an unimpeded, unstoppable invasion of privacy, like what TiVO was doing. You have to agree as well. In which case, if you don't really care about your privacy (and you like push content, which some people do) it might actually be seen as pretty cool.
Statistically speaking, there's a 99.998% chance that my IQ is higher than yours. Get over it.
I can't wait to get this technology with a "copy-protected" cd that won't play in computers. Unless they would do it to try to get information from the people who break the copy protection by using a sharpie...
I think my principles are reachin' an all time low
...if it can make your CD 'phone home' when playing it in a regular CD player (as mentioned in the article) that's not 'net connected!
In any case, this is seriously scary. While I don't think most Slashdotites (being technically literate) will be affected, think of your mom, little sister or brother (if any), peers at school (if any) - all those people who click "OK" mindlessly whenever a dialog box pops up. It's THOSE people that this kind of stuff targets - because those people don't know better. The only way to stop it is to TELL THEM ABOUT IT. Get the word out. Post flyers. Put it in your sig. Whenever you fix someone's computer, tell them about the new 'spy' CDs while you're digging around inside their case or (more likely) plugging in their eithernet cable.
I'm sure someone will come up with an anti-spy software for this soon, so give out as many copies (assuming the antispy software is freeware) as you can.
Look how well it worked for CD copy protection, at least for the first wave. We can do this.
This
With CD copy protection preventing people from listening to cds on their PCs, this shouldn't be a problem.
The fundamental principle underlying current privacy practices in the United States is: "It is perfectly acceptable for a company to violate your privacy so long as it is for the purpose of selling you things."
Obviously companies believe this, and on present evidence I'd say that most consumers believe this, too.
"How to Do Nothing," kids activities, back in print!
You would think that if they use slashdot in order to find software and techniques that crack their attempts at 'protecting investments,' that by now they would understand that 'user profiling' is not generally liked or condoned by informed users.. in my humble opinion the modern day equivalent of 'racial profiling'.. the initsself modern term for a commonly rampant tendency for humans to generalize and profit of those generalization and the fears that follow. In this case, push technology is their answer to piracy finance losses. When I say loss I say it loosely and in a 'predicted forecasted maybe finacial gains report' kinda way. So, Why can't they get a grip and let customers come to them (with their supposedly superior product)? Why must they collect info on already paying customers when its been written as a disliked idea in popular science fiction (and general fiction/ some nonfiction) forever?
I give up.. I'll never rant again
HEY IN ANYONE HERE IS THINKING OF STARTING A COMPANY..
respect privacy..
nevermind.. I'm wasting my breathe.
pm
** "It's not my job to stand between the people talking to me, and the ones listening to me." -- Pego the Jerk
There are few technical details on their web site, but it appears to just be a mixed mode (data and audio) CD, which when played using Bandlink's CD player software, will give the "benefits" described. Since I don't have any intention of using their software, it's not a problem. Until, of course, people start producing music that can only be played with their player. So far, record companies haven't been brave enough to test such a tactic in the market, although with copy protected CDs, they're getting awfully close to the line. The depressing thing is, I suspect the general public would just meekly go along with it :-(
"The invisible and the non-existent look very much alike." -- Delos B. McKown
Wow. How did this line of thinking go?
RIAA Exec #1: "Let's start spying on people. It's not like they have a real reason to steal music anyways."
RIAA Exec #2:"Yeah! And we can have pop-ups that tell them Big Brother is watching!"
RIAA Exec #1:"No... That would be stupid... right?"
RIAA Exec #2:"Perhaps... But surely this will make people want to buy music as opposed to downloading it. Right? Right?"
RIAA Exec #1:"..."
RIAA Exec #2:"RIGHT?!"
RIAA Exec #1:"Oops..."
Me: "Thanks guys. Now I have a morally sound reason to download Britney's newest album! MERRY CHRISTMAS!"
Seal the device in several layers of shielding metals. No data's getting out then. And nobody's going to steal your new, portable, 500lb cd player.
;)
Yeah, the next phase will consist of the RIAA hiring people to drive vans everywhere to pick up stray transmissions emitting from the headphone jack straight to your headphones
Join the TWIT army now!
So it's nothing more than some Auto-Run software. Which makes sense, I can't imagine any other way a CD would just magically contact a remote host.
Solution? Disable auto-run (which I do anyway), or in this particular case, don't accept the license agreement...
They also mention this a lot:
My first thought was that they could easily combine so-called "copy protection" with phoning-home, but at least with Bandlink this is not the case.
NGWave - Fast Sound Editor for Windows
CD Player listens to you!
(At least people in Soviet Russia can grin on this)
Every time you use a credit card, grocery store discount card, write a check they put through a reader, login to something, and so on and so you're are being profiled. I used to work for the second largest ISP, and everything you connected all your connection attempts and other info was beening uploaded during the connection. Many of the major corporation now run software that monitors your calls, and internet activity. We are being monitored, counted, tracked, profiled, and categoried so much does it even matter. All this is just business, if get into all the tracking the goverment does, and you'll really feel like a specimen under a microscope.
Actually in many way I feel there is safety in numbers. If they were only monitoring a we few people I would be nervous, but when the amount of data being collected we are people just numbers in a statisitc somewhere. Just another brick in the wall.
Although I use the free ZoneAlarm.. I'm also pretty restrictive about what programs I allow access, i.e. why oh bloody why does WMP require internet access when playing a media file when all the required codecs are installed (pile of crap it is).
But, the cynic in me keeps shouting out this idea... what is to stop the disc (well apart from disabling autoplay, unless MS has some other "backdoor" auto execution of something on new media) from opening up a browser window with a heavily customised piece of url every now and then? The default access permissions will allow any web browser to do it's stuff?
Just food for thought.
Are you local? There's nothing for you here!
IN SOVIET RUSSIA "IN SOVIET RUSSIA" comments are lame
/. comments
Join the fight aganist lame
Can someone with one of these CD's report the addresses they try to write to, and we add a map to 127.0.0.0 in the HOSTS file? That works with all kinds of spyware (e.g., doubleclick, redsherriff).
Better yet, can someone distribute a universal HOSTS file of all known spyware and update often? I'd pay for the privilege. AdAware may be a good vehicle.
Do you play all the music that you want to listen to? Or did you just stop listening to music pretty much period.
(This isn't meant to sound arrogant, I'm just curious)
As someone else had posted earlier, it's not likely iptables would notice. It would probably look like a web page request on the client computer, which would be legitamate as far as the firewall is concerned.
If this IS the case, thats cool because you could log the packets while the app runs after inserting the CD, and see how they talk to the server. Then using the logged data as a model, you could seed the database with misinformation, or "support" certain bands that you are partial to.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
...a Snow White DVD that ruins your computer.
What's sick is that people will do this. Mostly because they don't know otherwise. It's like the people who install Kazaa WITH the spyware, even though there's a little box that you can UNcheck to not install the garbage (Kazaalite is another story). They just don't know the difference.
"Oo oo! Who wants to know what I'm listening too?! Oh, wait, you already do..."
Remember when certain vocal entities claimed that WORD would inventory your system and phone home to Redmond?
How can anyone be surprised when the topic of profiling via PC usage comes up?
Worrying about it gives offending parties too much cred. I doubt there is any real efficiency in how the data (if collected) is used, much less harvested.
This is not a big deal now -- you have to install their software for the "feature" to work, etc. Therefore some of the people on this site are not concerned. After all, we listen to our cds on real cd players, and don't use their program, etc.
The problem arrives when you must install this software to listen to the cd on your computer. Remember, copy protected cds are out there, and adding this layer wouldn't be very hard.
The next step means loss of fair use. Maybe not for you or your friend who thought Napster was the greatest thing since a windows network on a university campus, but definitely for a lot of people.
Over the last couple of years the fire has seemed to have burned out. We used to get pissed about this shit, and now the highest rated comments don't seem to care about it all. We're letting our guard down.
The vast majority of people I deal with (in the real world) are idiots. And no, I'm not in tech support/customer service.
It's a good thing none of their CDs play on PCs or this might be bad.
The global economy is a great thing until you feel it locally.
If a company wants to collect this kind of information I'd support it as long as it was purely entirely 100% anonymous. But what guarantee do I have that just the CD, track, and time of playing are sent?
How do you know that they aren't sending your IP address when they say they aren't? How do you know they aren't sending info about files in 'My Documents' or what files are listed in the 'add/remove' section of the registry? And don't tell me the privacy policy says they aren't so they aren't-privacy policies are changed more often than my underwear, and I change that everyday!
I don't mean to get all Mulder here, but I am so tired of companies trying to sneek things past me in a 10 page licence agreement for free software that exceeds the length of my deed if I buy a $300000 house!
What's your price for privacy?
With a price point in the 15-17 dollar range, you'd be a sucker not to! Folks, you haven't seen deals like this since the 50s!
Keep your packets off my GNU/Girlfriend!
Very nice analysis! An "A-"
... The appearance of scholarship is as important as its fact.
It would have been an A+ had you included some gratuitous footnotes or hyperlinks
Also, this Yakov shtick was dead a long, long time ago. I thought we'd deported Yakov to Russia in exchange for dismantling some nukes. But if you look at his personal site, it looks as though he is actually nailing some gigs.
In Soviet Russia, GIGS nail YOU! Har-har-har.
Another one of the many benefits of listening to vinyl :)
I'm getting closer and closer to just taking my system off the net. Reading slashdot, penny arcade and looking up movie showtimes is really not worth the hassle of every tom dick and harry knowing all there is to know about me. No, I don't have anything to hide. But, its my decision who I let know things about me. If that means get off the net, then fine.
-
to download Britney's newest album.
"All animals are created equal, but some animals are more equal than others." - George Orwell
The cd is a mixed mode cd, 2 sessions.
The first is standard cd-da format.
The second has the bandlink software - 2 mb.
There's an autorun that pops up saying "You must agree to this to listen to this cd"
However... when I open windows media player 8, select Play > Cd-audio, then the cd plays just like any other.
-- You can't give it, you can't even buy it, and you just don't get it!
Whilst that's something that iptables/chains just can't cope with (sadly) I have Norton Internet Firewall, for my remaining Windows PC, which is application based. ie, you can accept/deny any connection for each application.
:-) )
I believe you refer to process name matching, which was added to iptables-1.2.7.
Of course, iptables doesn't have a pretty GUI interface like NIF, but there are plenty of people that have made front ends for it.
I don't like the approach much, as there are lots of ways for a programmer to get around it -- I mean, process name/(application name under Windows) is not some immutable thing, and worst case, the program copies itself to a file of a different name and executes itself.
I suppose if the OS's loader SHA-fingerprinted binaries at load time (expensive, but secure) and granted rights based on said SHAsum, you might manage to securely pull something off like this. Then said application couldn't support "components" or plugins, as MSIE unfortunately relies upon rather heavily. However, in general the "security" provided by NIF/ZA is pretty much an illusion, though it makes end users feel good. You really need lower-level OS support to build a "secure" environment like this.
Mostly, the point of NIF/ZA is to make the sort of people that read Maximum PC and impress people with their framerates in FPSes feel that their system is "secure".
No insult intended...(see "mostly"
May we never see th
Yakov's whole act pretty much fell apart after the Iron Curtain came crashing down...
--sdem
They can tell who you call on the phone, where you travel (and with a bit of deduction who you might be visiting and what you might be doing there).
So what?
Time for a new job. Are they going to hire you? Better check you out first.
You like (insert anything-but-vanilla-heterosexual-paraphilia here). Strike one. You go to the wrong church. Tsk Tsk. You enjoy wilderness snowboarding - risky sport that, might result in you being injured and not able to work. Uh oh. You take prescription X - an indication of icky chronic disease. Hmmmm Your grocery card indicates you eat too much unhealthy food. Hmmm again. Your grocery card indicates you drink too much alcohol. Snort. Your email indicates an affinity for the Republican party. Democrats only welcome here You seem to be a linux user. We're a microsoft shop here. Looks like travel to Rainbow Gathering here. No hippies wanted. Gnutella usage indicated. We support the RIAA in every possible way.
Maybe some of the information is about things that are protected (religion, say). But someone can always point to something else in the list and say that that was the crucial bit of information.
Or it might not even be your possible new boss, but the health insurance providers who are going to set wonderfully high rates for you (that broken leg after climbing in the 'Gunks cost a whole lot of money remember).
Small pieces of information might by themselves indicate little, but aggregate them and focus your attention on one or a few people and all kinds of information can be deduced. Accurately. Or Not So Accurately. That may not matter after the fact. This is (I'd bet) the basis for that DARPA Information Awareness Thinggummy.
The most important thing to bear in mind concerning idiots is this. Consider how dumb the median idiot is. Half of them are dumber than that.
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
But I'm all for tracking people's CD usage. That allows companies to market more targetable CD's. Instead of producing CD's that people buy because they "heard" they were good, and then listened to only a few times before getting disgusted with it, it lets them find out what music people listen to over and over again.
-BrentI pop the CD in my box and play it. The CD is a "dead" media, it's not something that magically comes to life and starts transmitting information.
Seriously, how stupid can people be? Ok, so the CD will buffer-overflow my player, and figure out how to access the outside world by executing it's malicious (processor and OS independent) code... You know what? No it won't!
Shit like that doesn't just happen.
So maybe *some* people run a player that facilitates said information gathering and transmission - that's their problem. Get a life, get a real player, get a real OS.
But CD's magically coming to life and transmitting my listening habits (which I guess it stored in the big secret database facility on the moon, which is by the way run by aliens under contract with the government - which is again why they had to fake the moon landing, but that's another story) - no, please, just forget about it...
I use Linux at home and Solaris at work. Will this affect me? It sounds like it is entirely dependant on which CD-playing program you use. If that's right, then surely it won't affect many people?
Follow me
This software, if it is decently written, looks like it isn't nearly as bad as the article says it is. First, as many have pointed out, you don't have to install it. But notice what it does in addition to sending out your personal information: it lets artists give you access to bonus tracks, artwork related to the music, tour info (and discounts), contests etc etc. It lets you chat (and synch music) with people listening to the same thing, which, although I wouldn't do it, would be considered a perk by a lot of listeners out there.
Furthermore, their privacy policy says they will not hand out required personal info, but only aggregate info. They do say that they will use your personal info to "contact you about services in which you have expressed interest," which may or may not mean spam. Really, "expressed" should mean a check box, but you never know. It looks like a loophole though. And of course, the artists can require your personal info to log in to their sites, but you can just refuse to give it and not log in if you think that's a problem.
All in all, I the article is bullshit. If this system is what it says it is, it's just an above-average media player that comes with the CD (although possibly at the cost of, say, a quarter to the buyer). Nothing to bitch about, invoking "privacy" and all that. If you're a privacy zealot, firewall it. If not, there are still a zillion other programs that are more likely to spy on you.
I hereby place the above post in the public domain.
Good thing I turn my cds in to MP3s. I assume this removes the threat entirely.
Some drink at the fountain of knowledge. Others just gargle.
I am tired of my email address being whored out
I am tired of companies thinking my phone number is necessary for a cash purchase
I am tired of marketers
I am tired of all the invasions that happen by companies
You know if my governemnt wants to know something about me that's one thing, I can vote those pricks out, but when fucking Radio Shack does that pisses me off. Sometimes I need a tralfaz emulator!
This
...enough said.
-- Slashdot: When Public Access TV Says "No"
against unauthorized access. Perhaps if the "average Joe" started to insist they apply to *his* computer as well the corporate server things would get, ummmmmmm, interesting.
Of course if your computer software comes attached with an offensive EULA in which you "agree" to have no rights to your own system/network you might well be hosed. I'd like to see someone challange this in court *on the basis that you can't be coerced into signing away a basic property right, even by contract.*
To my knowledge this hasn't been tried yet in America ( in some other countries the EULA is already considered invalid prima facie). All it takes is someone devoted to the cause with $50,000 American and five years of their life to devote to it.
Of course there's another option. *Don't use EULAed software.*
In that case the assumption of having to give some sort of explicit permission to enter your system ought to hold just as much for the personally computer as it does for the corporate/government computer.
Hacking is a crime. Do your homework, secure your system, and then insist on *prosocuting* any "hacking" of you system, no matter who the "hacker" is.
Laws are double edged swords that can cut the person who "bought" the law just as well as those it was intended to be a weapon against if the intended victim learns how to use the "weapon."
KFG
NT
(Applies only to windows users)
:
:
v ic es\CDRom
The scumware installer appearing when you insert the CD is located on the first partition of the disc, which contains CD-rom data with win32 code. This partition has an autorun.inf file with a link to the installer.
So far I've not encountered any installers actually installing anything without first prompting for permission to do so (legal mumbo jumbo as mentioned in the discussed scheme nothing more than chaff to confuse and dissuade sheeple from clicking the 'No - I disagree with these terms. Do not install' button, which should be the preferred choice.)
However, following trends from the ever more aggressive piranha feeding frenzy world of ruthless cyber marketeers, it's a matter of certainty that we shall soon see automatically running installers delivering their nasty payloads with cunning stealth, pausing neither to seek permission or to announce that such an installation actually took place. Perhaps this has already happened. How would you know?
Stealth deployment of viral spyware is commonplace with the parasitic ridealong schemes seen infecting the installers of "free" ad-supported software such as KaZaa, and many others. This is the crack in the floorboards from where things like the Bonzi Buddy creep out at night.
To prevent exposing yourself to the risk of CD-deployed malware installation, either hold down the shift key each time you insert such a potentially infected hybrid music CD, or simply disable the autorun feature entirely - much safer, easy to do and fully reversible
Locate this key in your windows Registry - use regedit
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Ser
Set value of Autorun parameter to zero. Then reboot. In the future when you insert software installer CDs you will then have to hunt down and manually execute the installer yourself; if the location and name of the installer is not obvious, examine the now disregarded autorun.inf file at the CD-Rom drive root.
By the way, if you have one such infected CD in your collection, and you have already ripped the tracks and burned them to a 'clean' CD for listening to sans spyware and data partitions, why not mail the original disc to Mr. Ralsky at 6747 MINNOW POND DR, WEST BLOOMFIELD, MI 48322
Hey Mister CEO, how 'bout you invite me to your house?
When you guide me to the door at the end of my visit do you mind if I leave wireless web cams scattered thoughout your house? Like say in your living room and kitchen? Or how about your bedrooms and bathrooms? It would really help me to understand you better.
Honestly (and sarcasm aside now) - I would just like to know where these people come up with these ideas. Do they not realize it's invasive? Then again thay probably have the same undertsnading impairment of Mr. Ralsky
***Blackholes are where the gods divided by zero.***
one of your points, ZoneAlarm (at least) does checksum all the apps and compares them when they request a connection.
Wow, I would have thought that that would have been prohibitively expensive performancewise, which is why I would assume that only a "trusted OS" would do that. Interesting. So I'd assume (since Google fails to turn up a detailed whitepaper on the first few hits) that ZA MD5s the binary at the first socket access the app tries during an invocation (it certainly can't be every time the app tries to do something, or performance would be completely unbearable).
But you really don't have to go to all this work. Copy (or contain) a copy of a trusted binary. Drop it into a directory somewhere. Drop a modified msvcrt.dll in the same directory, and let the program link to said DLL, and you've easily got untrusted code running within your "trusted" application.
Frankly, as long as the OS doesn't have pretty low level support for this, you're going to be able to bypass it.
I wonder what ZA could do to fix this? MD5summing linked to DLLs would be kind of expensive, and wouldn't work at all if there was application-initiated (rather than load-time OS-initiated) dynamic linking going on. I guess you could do that, take the performance hit...then ZA could hook LoadLibrary() and handle application-initiated linking....
Still, as you and I mentioned, the monolithic design of IE, providing application-level services and using components left and right, is pretty much an unstoppable impediment to securing a Windows-based system.
May we never see th
This is even dumber because if record companies wanted me to send them the play counts from my MP3 program so that they could make more of the kind of music I like, I would gladly do it. Just use an open source program so that we know exactly what it's doing, and make sure users are asked if they want to participate.
"Reality is just a convenient measure of complexity" -Alvy Ray Smith
The company's privacy policy is listed on their site. From a quick read, the only thing that upsets me is that they pass along your info to the recording groups. It appears that only basic contact info is gathered and there is a fairly easy opt out approach. Of course, they can publish a rosy policy and blatantly ignore it.
From what I can tell, they are trying to impress recording labels with an avenue to add value to the CD. I read a lot of ranting about how the music industry is clueless and could leverage the Internet better. Maybe this is a positive more in that direction. It is hard to tell.
I'm a bit paranoid about it as well, but since I use Mac OS X I'll let the Windows people cut their teeth on this one.
-- Solaris Central - http://w
I can imagine a few bored hacker types writing something to flood Bandlink with bogus data. "Wow, a million people a day are playing 'Baby Got Back' every hour on the hour!"
I can imagine really, really bored hackers writing a virus to have infected computers spoof data. A new world-wide phenonmena: Polka Love songs!
I bought Santana's Shaman last month and it has the wonderful tracking technology built in. I was curious as to what the "Bandlink" thing did when I bought the cd (never heard of it before). Luckily, I went to their website first and saw the usage statistics crap and decided against installing it.
... but I don't want to have to give up personal privacy for those extras. If I just had to install and register I wouldn't mind, tracking is going too far IMHO.
... for text file!.
I read part way through the EULA (which is apparently available on their website but I couldn't find it) but I didn't see anything about allowing them access to all information.
I support the idea of adding content to cd's to make them more attractive to purchase
Since I couldn't find the EULA online (as promised) i've taken the liberty of posting it online (hopefully its not illegal but oh well).
Its available here
It weighs in at a hefty 12.8kB
Hmmm...
wonder how careful they were in programming the server app that listens for these "tattle-tale" CDs.
Just a thought
Tim
The best way to stop this kind of thing is to figure out what it is sending and then to generate reports about things we are not listening to. It will make the marketing reports useless.
I wouldn't mind this software - though a bit extended - running in music shops. If I would want to buy a cd and listen to it before I buy, I would like to have a touch screen with a 1-10 score for each song. That way I - the customer can express what I feel for each song so the Record Companies may actually see that they publish Bad Stuff (tm). Include two buttons on the screen saying "good music, will buy" and "crap again, will download favourite songs from P2P though" and they can get a legit sense of the consumers' viewpoints. This will be perfectly anonymous (yeehaw for paranoia) and optional.
They can use this scheme for the downloaded software too, and privacy issues aside, both the consumer and the industry may benefit from this.
The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness.
The CD player watches YOU
Oh wait... that's whats happening here.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
This country has only existed for a little over two hundred years, afterall. Time will tell how it will at play out. Let's just hope that we don't end up like SOVIET RUSSIA.
This may have merit, but as a nerd, I shudder at the entire nauseating concept of such an invasion.
I just don't like how they don't ask. If they said it clearly, released two versions, and/or popped up a dialog requester with a simple "May I," it wouldn't be a problem. But the fact that it's so subtle and silent indicates to me that this company knows that this misfeature is not going to make it popular.
On the flip side, it will show artists what music is popular, and what we like to hear, so more of it will be made.
On the flip side's flip side, said artists will just create the same type of music, remixed a bit, and rereleased- it's the new stuff that I like, the odd and offbeat. If it's cloned, it sort of loses that.
It's sort of like a survey about your music preferences. Except they don't ask if you want to take it.
I can also see a DDoS attack on the system myseriously slowing down your comptuer (if you don't know this is happening) if their server gets overloaded by a whole bunch of music listeners, or just a good old ping flood, as your system tries again and again to send. I bet this could cause a good bit of net.congestion, too.
Not to mention that modem users will hate its guts.
Warning: Poster of this comment is a nerd. Just like everybody else here.
I care about privacy, but when somebody else asks me about it, I don't know how to respond. How do you reply to people who say, "But I have nothing to hide!"
BD Phone Home!
Shameless plug. Like you weren't expecting it.
This list came from PeerGuardian's blocking list. I'm guessing the BSA IP block at the end. If you really want to keep from reporting data to said parties, just add these (and whatever other beneficiaries of your private data) to your iptables, ipfilter, ZoneAlarm, Tiny, etc. blocked zones. Note that, if for any reason, you want to go to these parties' websites, you won't be able to; your firewall will block access.
...but it just feels so good!
. 160.127.255
R anger:204.92.244.0-204.92.244.2551 92.0.0-65.192.0.255. 255.255e fender:66.79.0.0-66.79.255.255- 208.225.90.255
MPAA:63.199.57.96-63.199.57.1281 28-64.166.187.1925 51 28.0-207.155.255.2555 5.2552 7 .155.128.0-207.155.255.2559 .0-64.94.89.2553 5.247.255. 255I AA:208.192.0.0-208.192.255.2556 .32.50
Or, to be perfectly safe, you could borrow a page from our current administration's sex ed book and abstain from downloading.
OverPeer:65.174.255.255
OverPeer:65.160.0.0-65
Ranger:216.122.0.0-216.122.255.255
MediaForce:65.
MediaForce:65.223.0.0-65.223
MediaForce:4.43.96.0-4.43.96.255
MediaD
RIAA:208.225.90.0
RIAA:12.150.191.0-12.150.191.255
MPAA:64.166.187.
MPAA:198.70.114.0-198.70.114.2
MPAA:209.67.0.0-209.67.255.255
NetPD:207.155.
NetPD:128.241.0.0-128.241.2
UnknownC&DCop:64.106.170.128-64.106.170.19
BayTSP:209.204.128.0-209.204.191.255
Vidius:20
GAIN(spyware):64.94.8
GAINCME(spyware):66.35.247.0-66.
GAINCME(spyware):66.35.229.0-66.35.229
MediaDefender:64.225.292.0-64.225.292.127
R
Xupiter.com:63.23
Xupiter.com(mirror):63.208.235.30
BSA (?) 208.121.215.0-208.121.215.255 (Not sure)
Many DVD disks include "InterActual" (previously known as "PC Friendly") software which is autorun upon DVD insertion on Windows machines. To the typical home consumer, the message presented appears as if it originated from the PC itself, prompting the user to install the software in order to view the DVD content.
There are several issues with this, and relavent to the topic of "illegitimacy of spyware":
1. "InterActual" doesn't actually install an MPEG2 decoder filter, it merely uses the existing filter provided with a new PC
2. "InterActual" software attempts to redirect the user to whatever content is available online relating (or not) to the title being viewed - spam essentially
3. "InterActual" assigns itself as the default DVD playback application in Windows, and thus the user is subjected to the inferior quality of the DVD navigation software
4. "InterActual", if the user performs the standard "click-thru" agreement to watch their DVD content, broadcasts information about what DVD content the user views
Suffice to say, these points are easily discovered with a Google search, so I'll refrain from excessive linking and leave further research to the reader.
Now, for the more-than-capable user (read: most of you reading this), an explanation for preventing/disabling/uninstalling this spyware is obviated. But as the initiated, it's our duty to explain this to those who may not understand (read: friends, neighbors, family) what happens with spyware such as "InterActual" software.
On a personal note: After purchasing my last PC from Dell (please no "Dude" jokes) and inserting a DVD disk, it presented me with a dialog informing me that "InterActual" software was attempting to install and overwrite my settings, and gave me the option to block "InterActual" from installing on my machine. As expected, content is played through the standard DVD software provided by the OEM and I don't have to see that annoying banner anymore when I insert an "InterActual" or "PC Friendly Enabled!" disk.
Cheers!
J. Esterhaus
If you're got problems with pop-ups or advertising on your desktop, you don't own it. Microsoft or Apple owns it and they leased it to you.
So, quit your bitching and download an operating system of your very own already. As long as you're borrowing someone elses' why should you expect to control what it does?
If tits were wings it'd be flying around.
Won't my Microsoft Windows "Palladium" PC stop my 13 year old son from installing garbage like this on the home PC, saving our household from having our privacy viloated.
I believe it originated with the Russian-turned-American comedian Yakov Smirnoff, who also gave us the famous quote "What a country!".
Besides, I don't take any of that garbage. Both of my home networks, which are physically separated for paranoia purposes, must pass through a two-stage firewall system powered by four separate OpenBSD boxen (two for each network's firewall). The configuration of these firewalls has evolved over three years' time, but suffice it to say that I feel relatively comfortable knowing that any site that is not specifically white-listed will NOT get accessed by any of my machines, nor will any whitelisted machines get accessed for protocols which I have not specifically allowed. The advantage here is that NO software is going to report JACK SCHITT about my behavior to NO marketer.
One final note: I am a marketer by profession. B2B, specifically. And I refuse to employ any big-brother techniques in my work. This may be more difficult when marketing to enormous herds of stupid, technologically illiterate masses of IDIOTS, where you need to be stupid like that to make any sales. But I don't give a damn. I'm doing my part to avoid world-wide slavery by not doing that garbage myself.
WAR IS PEACE.
FREEDOM IS SLAVERY.
IGNORANCE IS STRENGTH.
Go to Options - Preferences - Setup. The last checkbox is "Allow Winamp to report basic, anonymous program usage information".
Most mp3 players have something like this, to a greater or lesser extent.
I'm also amazed that the allegedly technical slashdot audience has not yet figured out that in order for these "bandlink" CDs to work, the user would need to install special software on their machine. I mean, read the fucking site. These "bandlink" CDs don't do squat unless the user specially and deliberately installs the software.
It is very clear that this is not some sort of behind the seems privacy invasion but an above board trading of information for privacy. (Which, indeed, has issues of its own, but...) Other companies (Real, Musicmatch, etc.) do worse right now.
The cake is a pie
Receantly, they have rather changed teh focus of their firewall,a nd I feel the new versions aren't as good as the old ones. However another company, Kerio, is now making Kerio Personal Firewall which seems ot be just like the old Tiny. www.kerio.com.
"Geez, how many times can one guy listen to CowboyNeal Sings Manilow?"
<Troy McClure Voice>Shhhh! Let's just let that one be our little secret, shall we?</Troy McClure Voice>
A feeling of having made the same mistake before: Deja Foobar
"Microsoft legally can do this because they own the software but not my hardware. Very cleaver workaround. My guess is the this company has a similiar saying claiming that its their software and god given right to do whatever they want because of it. If you do not like then don't use it!"
You'll find that this was my point, *and* my solution. Don't use windows. Don't use Palladium. Resist.
Of course you are the only one that can determine the extent to which you consider *your* system your property, and to what extent you are willing to accept certain *percieved* deprivations for forsaking Windows.
Me, I consider freedom and functional ownership of my own system and data a *feature.* One which MS cannot, and will not, match.
If this means I can't play the latest game with latest invasive EULA, well, there *are* other games.
For that matter Linux can do nearly anything Windows can ( And the odd holes are being filled with amazing rapidity),BUT - you have to be willing to make the step of being willing to realize that Linux does so *differently.*
This is the step that many are not willing to make. In fact, many are so tied to the Windows way of doing things that they believe that if Linux doesn't accomplish the *same end* in the *same way* it doesn't do it at all.
There really is a "Windows way" and a "Unix philosophy." When in Rome you'll get along better if you do as the Romans. Life really is just as livable in other cultures, even computer cultures.
KFG
the CD player knows too much...
Oh god it's corporate support troll!!! Which corporation do you work for volkris? Or maybe you are just a marketing major?
... errr scratch that, they might actually come up with something decent to take away my privacy if start putting intelligent people at the top of corporate america.
The reason it's bad is simple, IT'S MY LIFE AND MY CHOICE!, no I'm not choosing to be watched when I buy the cd, I'm choosing to listen to the music on that cd, not to send information about my listening habits.
It's real simple, you and every other idiot in the entire world, all the billions on earth can all universally agree you want the record companies to know what music you are listening to. And I can be the sole voice in the world that does not. And I will still have every right to not just expect that choice left to me, but to have it. Majority doesn't rule, the majority of people out there have less than a 150 IQ for gods sake! And most of the rest have been bought out. True IQ is arguably meaningless for a number of reasons, but by any measure the average joe who is for some god aweful reason given a say in how the world runs is an idiot.
Maybe the real answer is to require IQ (or something similar) tests to vote, run for election, perform any function from management on up
--OOOOh! i'm being FUCKED by the recording industry -- atleast i'm still loosened up thanks to the motion picture biz.
\\vectorhead\\
The CD is a "dead" media, it's not something that magically comes to life and starts transmitting information.
You know, that's just what I used to tell people about email. Remember the Good Times "virus"? I don't know how many emails I sent to people in the mid-nineties explaining to them that emails were just text and weren't "executed" in any way and thus were incapable of harming your computer. Just like (as my example went at the time) no audio CD, no matter how malicious, could contain instructions that could break your CD player.
Well, guess what? Now everyone* uses an email client that defaults to executing, without notification, code embedded in received emails. By changing the rules, they made a liar out of me in less than six years (the "Good Times" hoax first appeared in December of 1994; the "Love Letter" email worm appeared in May of 2000).
And in five or ten years, who knows? Maybe everyone* will be running CD player applications that default to "facilitating said information gathering and transmission".
You and I know better, and this doesn't personally affect us. But that doesn't change the fact that the estimated economic impact of the Love Bug was over $8 billion. Mind you, this is from something I thought was patently impossible a few years earlier.
Never say never.
* not everyone
Graham "Teach" Mitchell, computer science teacher, Leander HS
okay, so I was bored tonight...
It appears this software is from: Javakitty Media Inc. in Atlanta, GA.
The terms of usage clearly state the aggregation of information including machine specs, etc.
The 'blink.exe' program appears to use libexpat.dll for XML parse functionality and for chatting with users using Jabber.
Oddly enough, when the program starts it first tries port 80 (HTTP) on www.microsoft.com and if that fails, it tried www.amazon.com. I guess to verify a valid HTTP connection.
Then it sends XML info back to uma.javakitty.com:8080 with various user content and song info. It logs in with username 'jared' and a trivially encrypted passwd.
Finally, there appears to be some funky access with an MFC42 (ordinal 0x0219) call with a file 'C:\temp.dat' first with www.chironexsoftware.com and then with www.google.com.
But wait there's more...
the final twist is that chironexsoftware.com is registered to the author of this software...
Registrant:
jared allen
65 Koola st , wishart
Brisbane NA 4122
Brisbane, NA 4122
AU
33432174
I wonder if he's using this software to pump hits to google for his own website? Hmmm
Now, time to remove this crap from my computer....
This in particular I have no problem with, although it could be made a little more obvious, perhaps a popup screen that gives a couple options like... "listen to music" and "Install spyware that searches your pc for any marketing data it can find, most definately attaches YOUR name to it so it is in no way anonymous, waits in the background, from time to time checks to see if you are viewing p0rn because this tells us if more sexual music should be pushed or not, and checks to see if you have mp3's on your computer because god knows they have to be stolen music"
Claim copyright on your playlist and then prosecute 'em for piracy of your IP.
What really cracks me up is how this "holier-than-thou" sentiment is lavashed in a forum where we think it is important to be the bigger nerd but what I'd really like to know is how many of you tell your grandma/mother/aunt/girlfriend/whatever that they're an idiot for not keeping up with PC security, or for not patching their OS (what?!?! your grandma doesn't use Linux! What a fucking moron! I'm glad she's not related to me...). Gimme a break folks. How many of you immediately turned around and issued a security bulletin to your family about this horrid new CD technology. I can see it now..."I repeat, DO NOT INSERT THE CD INTO YOUR COMPUTER'S CD DRIVE!!! If you feel unsafe or unsure whether or not you are using one of these new CDs, please contact my secretary, er answering machine and schedule an appoint, er leave a message and I'll set a time for me to do a security visit with you to ensure you are not in any DANGER. I repeat you morons, DO NOT INSERT THE CD INTO YOUR COMPUTER'S CD DRIVE!!!! (yes grandma, this means you too)." Get real guys.
Perhaps. But on the other hand, it could just be that most people are incompetent at their jobs, driving, and whatever else.
To wit: the left lane on a road is for passing. Most states have laws that restrict the distance that a driver can drive in the left lane before moving over. If you've ever driven long-distance, you know that there are those who insist on indefinately going limit plus 5 (or worse yet: limit) in the left lane. And no, I'm not breaking the law if I try to pass, I live in a prima facie state.
Second: Examine for a moment a Motorola v60c. The earlier versions are the best example of this. The antenna easily bends in one's pocket. (They've fixed this with new antenna revs.) Worse, when extended, the antenna acts as a lever for the (bulky) antenna tip to use to exert massive force against the rest of the antenna. Net result: three antenna breaks in 6 months, two in-pocket.
Third: Went to a fast food place looking for food and directions to a gas station. Someone (A) is trying to help me out by asking someone else (B). A: "you familiar with (cityname)?" B: "yeah, kinda" A: "are there any gas stations near here?" B: "whatcha looking for?" A: "gas"
There's far, far more. These are the easy examples. But if you can honestly say you have not run across any stupidity in the past week, good for you! You're a far more patient being than I.
Incidentally, I don't mean to disparage those who can't use computers. I can't perform brain surgery; just because others have no expertise in my area doesn't make them idiots. But when people cannot do their jobs or comprehend basic English (where English is their native language)...
Wait wait!
It's ok for them to do that because they are big corporations. Hence they can make you work for them and turn your computer into a market reporting slave. And if the mass decide against it they will just blame you for allege pirating of mp3s and make it all ok.
Next step, requirement of CDkeys to activate your CD. Then, charge per CD per song per play through your creditcard or bank account
Didn't anybody read the link ?? (Now *that* was a stupid question !!!)
There is a small data partition on the CD and MS Windows will "autorun" a program on it. This program will present the user with the Bandlink license and the install the monitoring software on the user's PC. (Windows only).
Now take a look at the Slashdot story : your new music disc may be transmitting your listening habits in real time to the respective record company.
Bullshit !
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
While I agree the music industry is out of control, I really don't see what the issure is here. If I understand correctly it tracks, 1) what cd/tracks you listen to, and 2) when you listen to them. And I would assume it does this by IP, platform, etc.
How is this any diffrent than when I log onto netscape or google, they track when I log on, and various other information? Such CD tracking seems only a natural progression in information networking.
And to say nothing about the massive amounts of information a credit card or 'preffered buyer' card can track, knowing what I buy when, and my age. And music CD's are no less optional to consume than a credit card.
I don't see why this is a problem. If the program accesses data asside from my IP, or information I directly give it, there is a problem.
But if the company knows my name and what CD I listen to when... I don't care. Such information cannot be used against me, it only shows that my computer was indeed playing the CD, and not that I was. And hey if they can verify it was indeed you it would make a great aliby in court...
Copy protection blocking access to my files to make MP3s is wrong, but I really don't see how this is. It would seem to be part of the information age.
Anyone up for packet-sniffing the protocol and sending me the results? I'd be more than happy to write a Python and/or Ocaml client to spout random statistics back. Maybe we could set up a website with teams and stuff, keeping track of the total number of fake listening hours reported. (Of course, there'd be lots of cheating on those stats, but what do you expect when you're trying to keep track of self-reported cheating stats?)
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
Well,
"Half of them are dumber than that."
actally, some of that half could be equally dumb.
But i agree on using the median and not the average.
(because of the uneaqual distribution.)
Why are other peoples sig's always more witty ???
Why is this a bad thing? First, you as an individual lose any control over the information that is being passed on *and* the correlations/conclusions that may be drawn. Listening to gangsta rap a lot and suddenly finding your credit rating plummet (stereotypical criminal) and being subject to more frequent "stop and search" orders by the police is one possibility. Developing a taste for Middle Eastern music and ending up on a profile as a "suspected terrorist" is another (and with Total Information Awareness steamrolling onwards this should be a real concern). On the other hand, would you fancy being deluged with dozens of ultra-short-lifespan CD-samplers through the post based on what the labels *think* you may like? (for an example of product tie-in gone really bad, check this out.
As for there being no hope for reversing this, well there are a couple of possibilities. Preventing any data being collected is one (either through aggressive use of security measures such as filters/firewalls or by not purchasing invasive products in the first place). Producing false/irrelevant data to "poison" the data pool is another.
The 10 page license agreement is a product of the flawed and money-oriented law(yer) system of the US. That made it necessary, because americans believe they have a "right" to sue anyone over anything. It is only a matter of self-protection.
:)
Companies only use that to their advantage to sneak in extra stuff, since they need those ten pages anyways. Now this is bad, but the license preceeds this abuse, just as the lawsuit abuse preceeds the licenses.
Hell, it is almost impossible to make heads or tails out of even the simplest of the free licenses, because they need to cover all possible holes.
Can't someone come up with a "Common sense license", or even better a "Common sense law". Of course, that would imply that there is such a thing as "Common sense", which I am starting to seriously doubt.
Send them messages as executables/javascript. They have to click OK to read your messages to them.
Have fun thinking up EULAs.
I think FreeBSD's ipfw can do that too.
Actually, InterActual has bettered its ways a lot with 2.04 (maybe earlier, haven't seen 2.01 to 2.03 myself) -- it is perfectly clear to anyone with half a brain now that the InterActual player is _only_ for the additional features.
It no longer by default takes over as your standard DVD player, and the uninstall now cleans up all its mess.
A huge step up from IAplayer 2.0 and PC Friendly.
Of course there's another option. *Don't use EULAed software.*
good idea, but that rules out the bigger of the linux distros then.
redhat- HAS EULA on the cd pouch when you buy it.
SuSe - EULA
Lindows - well it really isnt a big distro.. slackware users outnumber this one 5 to 1.
licoris - well yeah... same as above....
Basicaly as linux users we should have a ZERO tolerance to Eula's on anything that is linux. and yes that meant taking a direct shot at redhat.
REDHAT makers... why do you have a eula? why did I have to return the package to the store? I wanted to buy it, but I refused to agree to your eula printed on the install discs envelope..
I loved redhat very much, it's great for the newbie and corperate... but the Eula makes me want to stay away from it.
Do not look at laser with remaining good eye.
Of course there's another option. *Don't use EULAed software.*
Hey Taco, how about a Im/practical subject mod?
That way I could mod the above post, +5 Impractical
"Teachers leave us kids alone
Fair enough -- I haven't used ZA.
Try this, though.
Modify PATH to be prefixed with directory foo, owned by you. Drop that modified msvcrt.dll into said directory. Execute a trusted app, which uses the original binary. One way or another, it's going to be possible to force ZA to deal with libraries. This is actually easier than the first thing I suggested.
May we never see th
MSDN says that PATH is searched well after the others.
There is a quite possible exploit, though...we just need an unregistered library that's been dumped in the system or windows dir that a trusted app links against.
The linking search order for unregistered libraries is:
1) executable dir. This is safe -- we assume that the admin set up this system so that the user doesn't have write perms here.
2) The current directory -- that's going to tear things. All we have to do is leave a modified unregistered dll in the current dir, and execute a trusted app using its full path from there. *That* will link against the evil code and get full network access unless the ZA people are doing a lot more loader-level crap that I'd suspect they are.
3, 4, 5)...
Who at Microsoft came up with the idea of using the *current directory* before the system dir and windows dir, anyway? I can't think if any scenerio where that would be particularly justified...
May we never see th
Most people I know leave their computers on all the time, whether they have broadband or not. I leave mine on standby when I am away, and up until 2 months ago I didn't have a modem.
I don't know if it is precisely true, but the old adage "The worst thing you can do to your car (or computer?) is turn it on", referring to the stresses on the hardware due to powering on and off over and over. Whether standby is any better I have no idea...
The issue is not whether we can unplug our modems from the wall, it is whether or not we should HAVE to and whether this company should be able to force us into making this decision.
Forgive me for being cynical, but I think the recording industry's concern with what happens to music CDs that wind up in computers has nothing to do with listening habits. Given that most CDs are probably not played in computers, and that a particular sort of customer listens to CDs in their computer, you will probably not get valid marketing information from such a technology.
If you want to catch someone ripping MP3z, however, this is a pretty good way to do it.
Yeah, but it's very unlikely that you will be able to *legally* view DVD content using Linux.
== Jez ==
Do you miss Firefox? Try Pale Moon.
Given 10 IQs:
80, 90, 90, 120, 130, 140, 150, 160, 170, 180
The median is 90, and only one person has a lower IQ.
The mean is 131, and in this case exactly half are below that and half are above.
Nope, the mode is 90. The median is 135.
This is my World Wide Web of Whatever
Without any data to collect, no processing can be done and no inferences can be drawn.
It's in the best intrests (sic) of the analysts not to err, and by giving them (allowing them to take) more information you allow them to be more accurate.
Yes, but *why* should you need to give information in the first place. Should you not be "innocent until charged guilty"? And with regards to analysts' interests, they are there to produce results - if the criteria are set to value quantity rather than quality then mistakes below a certain level will be acceptable. How often, for example, does a Wall Street analyst successfully predict market movements? With a lot of the correlation and even conclusions on data being supplied by data-mining software, there is going to be less of the "obvious mistakes" being corrected. Finally, bear in mind that their best interest is not yours. In the case of marketing, the goal is not to "know the customer" or "develop a relationship" (to quote some cuddly marketspeak) it is to get you to spend more money on their products and services. Unless you are wealthy enough not to care about money (is that your butler reading Slashdot? Hi Mr Smithers!) this is probably contrary to your best interests.
Sadly, this is more true for US residents - Europe has stricter laws on computer data (you can demand a copy of information held on you and have it corrected if wrong). Nevertheless, when you supply information you usually have an expectation in which you see it being used (eg using a supermarket loyalty card gives the retailer an idea of your purchasing pattern). However, if that information was sold on to, for example, a debt-collection agency to whom you owed money, they may use it to determine how much you were spending on luxury goods (chocolate biscuits, fruit cake) rather than essentials and therefore be used as leverage to demand a higher payment level from you - or even to increase their interest rate *just enough* to stay within the bounds of affordability. In other words, limiting personal data transfer between companies allows you to better predict the consequences of divulging personal data.
Filming someone in a public place (where the expectation of privacy is low) is not as serious a problem (until this is coordinated on a nationwide basis to the extent that everyone is filmed doing everything). However, filming someone in their home should be a very different situation - and similarly what you watch, what you listen to and what you do within your home should be off-limits unless you specifically state otherwise.
If we sit down and accept it as part of our lives we will gain the benefits from it...
Err...ever read George Orwell's 1984? Information gathered on such a global basis has *far* more opportunity for misuse than benefit. Do you think you are going to hear about corrupt Congressman X if his contacts in the TIA-Stasi are able to blackmail every journalist with personal information? What about if a community leader/trade union official/ordinary Joe takes a stand against the State on some issue and then sees all their personal details bared to public view? "Knowledge is power" is something that could be applied like never seen before - and all in the supposed "Land of the Free".
I'm not talking about (stateful) firewalls; I wouldn't expect my family, friends, or other average users to understand those concepts. I was talking in a somewhat more general sense (the thread was about "average idiots", no?).
What I was referring to is the sheer number of people who routinely do stupid things. Be it work-related, traffic, personal (social), or other; people do not think things through. People who use hair dryers in the shower, who apply make-up, eat, read a newspaper, use their laptop, etc. while driving 100KM/h on the freeway, or those who can't understand that smoking while filling their car's gas tank isn't a terribly good idea, and that creating personal rocket projection systems to propell themselves into their cottage lake is probably inadviseable, or that standing in the middle of a doorway, contemplating life and their surroundings in a busy hallway isn't quite considerate or practical, or that speaking loudly on a cell phone in a movie theatre, exclaiming things like "Sorry, the sound is too loud, I can't hear you!" will probably incite rage in the other movie goers, or all the ladies (term used loosely, if you'll pardon the pun) who get surprised that, after having unprotected sex with several men and find themselves either sporting a child or an STD (nb; it's entirely common that the surprise child will be the second, third, or fourth), or the people who don't 'get' that drinking a pair of 40oz bottles of [insert favourite alcoholic beverage here] will quite possibly find them in the hospital spitting up blood and fragments of their stomach.
There are, of course, infinitely more examples, but I think they limit the upper size of these comments somewhere (and $DEITY forbid I should create a database size overflow or something. ;) )
But to get back to this thread - people who do not understand [cars|computers|electronics|mechanical devices] yet who insist upon taking them apart and/or servicing themselves, then blaming the manufacturer/retailer for selling them defective equipment. Or worse - people who don't understand these things and go against the advise of a trained professional and cause serious detriment for themselves and/or others around them.
As to the above references to my parents/grandparents; I do tell them what I think when they try to crack their computers and/or administer the installed software. It took me about five years, but my family finally understands that when they do something to the computer, it generally goes wrong and they need my help to fix it. When I do something to the computer, it works, because I do this for a living and know what I'm doing. Generally they feed me and keep my [coffee|beer] [cup|glass] full for my trouble, and everybody's happy.
The difference being, of course, my family smartened up - other people don't.
One of the higher standards I try to hold people to, and I realize it sounds horribly cliche, is to know one's limitations. For example, I know that I can change my oil (and filter), top up my fluids, and perform other small routine maintainance tasks on my car. I probably could figure my way through brakes or other aspects, but I don't. Instead, I leave it up to the trained mechanics who have years of experience and industry certifications that say they can do the job properly.
Another standard I hold people to, for those who are definately literate, is to read atleast the basic instructions before desperately phoning for help. I can't count the times I've had to help people (or been asked and refused) because they wouldn't open the fold-out "Step By Step" instruction set that came with their new purchase. The fact that many of the installations I've performed were insultingly simple is beside the point; the instructions spelled it out so clearly that a child could figure it out. This excuse adults use that technology is so complex that only the younger generations have a chance is complete rhetoric, and complete nonsense. If a University educated individual can't figure out how to connect something with colour-coded, size-differentiated connectors that are labelled at both ends and comes with a step-by-step instruction manual; something's wrong.
So no, I don't expect that people will understand stateful packet inspection, ingres/egres filtering, bogon filters, application versus network versus physical layer differentiation, or any of the other industry specific jargon I could name; but I do expect people to be able to perform in real life without their hands being held, lest they should manage to kill or maim themselves or someone around them in the process.
BD Phone Home!
Shameless plug. Like you weren't expecting it.
It seems to me that Windows, especially in the consumer domain, is becoming much more like TV. That is, television isn't a service provided to the viewers, it's a service provided to the marketers. The viewer's attention is the actual product which is being sold. The content on the television is not the primary business of television networks, selling advertisments is.
It seems like Windows is becoming the same way. The fact that a Windows computer can actually do useful things for the owner is becoming secondary to it's use as a vehicle for advertising and gathering marketing information. I think it's one of the things that turns me off the most about Windows, that constant feeling that you can't trust "your" computer at all, because you really can't. Every other program is co-opting "your" computer for the purpose of advertising to you. And it's not even just "free as in beer" software that does it, even stuff you paid good money for feels the need to steal your attention for advertisements. And they all, uniformly, require you to agree to EULA's.
It's one of the main reasons why I hope Linux never takes off on the desktop, because I don't want to have to deal with all that crap. Fortunately, one of Linux's strengths is that even if some distro does take over the desktop from Microsoft and inherits all the spy-ware and ad-ware, I can just run some other distro that doesn't suck. Not an option with Windows: they all suck.
So, if it's a separate application, why not just look at the task monitor in Windows and kill it?
Unless, of course, this is a "protected" CD which has its own built-in player and which wouldn't work with any other CD playing app. In which case it's going right back to the store for a refund...
The point is that personal privacy depends upon personal data being restricted and given out as sparingly as possible. What information you give out today will be used in unanticipated ways in the future. Witholding information is therefore your best defense.
Their best intrest (sic) IS mine. If they can sell me something then we BOTH win
*You* only win if the item being sold was (a) something you wanted/needed and (b) at the best price. As anyone living in a modern society should have figured out by now, the most heavily-advertised products are invariably the most expensive (the prices include the cost of advertising) and price is never a guarantee of quality. Saying that a corporation's interest aligns with yours is high-order naivety - did those buyers of Ford Pintos who ended up horribly disfigured in accidents due to the car's design flaws have their interests served by Ford?
Laws cannot protect privacy. Intrusions of privacy can be too undetectable these days, the only way to protect someone's privacy would be to destroy everyone else's.
Rubbish, rubbish and more rubbish. European countries like Norway have strong and effective legislation. Breaches on an individual scale can be stopped by using encryption and auditing all database accesses. Breaches on a company scale will tend to show up more easily due to the scale involved but can be countered by offering rewards to employees who reveal company lawbreaking, along with having a properly empowered regulator. The last point you made about having to destroy everyone else's privacy is ridiculous - can you provide an example?
1984 is probably the most miscited book ever. Analysis after analysis has shown...
Examples of this analysis please? Links? The point about the 1984 reference was the issue of an all-powerful state determining every aspect of its citizen's lives. With the increasing amount of personal information floating around and the US Government's desire to access and integrate it, this scenario is becoming more likely. And yes, control *can* be maintained with a good enough security apparatus and contempt for human rights (look at Iraq, China, Burma for good examples).
Here are your options for the future. These are the only two.
No they are not. A third option is to have regulation of computer data (as in most European countries), but with extra restrictions on data transfer between companies. Strong one-way encryption of databases can be used to prevent illegal or illicit transfers (as covered here). And those politicians coming up with uber-databases and big-brother style legislation should be voted out of office.
This of course, requires active monitoring of the legal system and lobbying by the people of companies and legislatures. And it will be the sheep like you that rely on the activists to protect your rights.
The technology is out and there's no way to stop it. But... why would you want to stop it anyway? Just because you have a little irrational hangup on privacy....
If you want to live in a house with webcams everywhere making sure that you are not brewing bombs for Al'Qaeda in your bathroom, that's your choice. If you want every little action to be subject to public scrutiny and challenge then that is also your choice. It is however not mine, nor is it likely to be that of most of the people browsing this site. If you want to dismiss privacy as an "irrational hangup" then you deserve all the junk mail, intrusive advertising, conmen selling you penis expanders and "get rich quick" scams and other personal invasions that you are going to get.
Hell, do one better: Don't buy the CD with the stupid privacy idiocy on it, wait a day, and download the songs you want from P2P networks. The sooner the major music publishers go under, the sooner one of them will be forced to figure out a workable economic model that doesn't rely on legal strongarming and gives customers what they want instead of what the major labels think they SHOULD want.
Hey, we're the smart crowd. Why don't WE think up a good model, and sell it to them?
My idea is a rights-based model, where we buy a lifetime right to own a copy of a Copyrighted Work (for a bit less than the current going rate) and we're more or less left to our own devices to get that copy. If we want to brave P2P, great. If we want to pay the CD-press $5 for the CD, even better.
Sure, it's a potential loss of privacy--but I think we, as humans, can stand for a business to know who its customers are.
But you're missing the point... As technology becomes ever more integrated with our lives, the option of "just turn it off" becomes increasingly less possible. No, not from a technical perspective, but from a *social* perspective.
I think you're correct, this is not really a technological issue, it's a social one. A lot of the "privacy" and anonymity we imagine we have is an artifact of years of impersonal service and crude automation.
Three or four decades ago, all of the functions you name were handled by people. If you wanted to make a long-distance phone call you talked to an operator who took your information and connected you with the remote number. If you bought something, you usually dealt with a person across the counter, and if you lived in a small town or frequented the same shops that person probably recognized you, knew your family, your social standing, and what you liked to buy.
Now things are swinging back in that direction again. That kind of personal knowledge, since lost in the underflow of automation, is being extracted again by the current providers of those services. Is this a bad thing? Maybe, not not necessarily. I can't help but think that part of the reason that most people don't get too upset about losing thier pseudo-anonymity is because they never really cared that much to begin with.
Strange... my RedHat discs didn't have a EULA. Of course, I know how to download isos and burn them to disc (with my iBook, no less). There wasn't any EULA on the redhat ftp mirror I used.
"There is no mention of a opt in/opt out agreement when the cd is inserted on the website and none was displayed in a personal demonstration."
Then what do you call this:
Installation:
1. Insert you Bandlink CD into your Internet
Connected PC. (Bandlink should autostart on Windows).
2. Agree to the Bandlink License and
select "Connect" to install Bandlink.
3. Bandlink should detect your CD, begin CD
playback, and display artist content.
Vote for Pedro
What chance does an unaugmented human have against such an apparatus?
Scientists restrict study to entire physical universe; creationist
Everyone thinks of themselves, and their own social groupings, as above average.
...Also, I didn't know Buggalo could fly.
Once families are prevented from copying or "pirating" copies of ms os/applications through product activation and other methods, everyone will be running Gnu/Linux, and therefore, everyone will not be able to legally view DVDs on their Gnu/Linux systems, or something will change. Care to guess which?
Actually, I beg to differ on your first point. I don't think the fact that they have to pay for 2 copies of Windows instead of 1 (actually many families only have 1 computer so nothing will change, and Windows/Office usually comes pre-installed on a 'joe sixpack' computer) will cause people to suddenly 'jump ship' to GNU/Linux. Most people don't even know what Linux is!!! They'll grumble but pay up, and MS knows that. I really don't think they'd be dumb enough to do something which would lose them their OS monopoly.
== Jez ==
Do you miss Firefox? Try Pale Moon.
Elitism of one form or another is completely natural in any forum. Mechanics scoff at those who can't flush a radiator before their morning coffee, accountants laugh at people who can't balance their cheque books (letalone balance a company's budget), etc.. The geek community happens to harbour intelectual elitism.
It's a natural progression, too, since those attracted to the 'geeky' IT type professions tend to be of above average intellect (and quite often that results in sub-par social prowess; hence the stereotypes us hellishly cool geeks have to tolerate {cough} ), and many geeks take that for granted, some even get quite high and mighty over it. Hell, sometimes I've even been guilty of it. I doubt any of us are completely immune.
Now, as to whether the "Slashdot Community" is any form a representation of the true geek, or are somehow in a remarkable intellectual or career bracket; that's highly debateable. Slashdot has a definite reputation in the real (and even the uber-geek) world, and to a great extent it deserves it. This is an inflammatory forum frequented by many hot-tempered, lightening-tongue types who are quick to Google and use the dictionary and thesaurus in order to scald their opponants, and it puts forth a lot of arrogance. You'll never get an argument from me on that front. That's one reason for my philosophy of taking online forums with a very large particle of NaCl; Slashdot especially.
I tend to judge people on an independant basis; their Slashdot user ID is probably the furthest thing from my mind when doing so, let me assure you.
If they do stupid things, yes. Thankfully they don't often do stupid things (thanks in part to years of goading and conditioning, but I digress) so I don't have to.
Case in point; a friend of mine (who, incidentally, has about a decade more IT experience than I) recently was solicited by his father for some ISP advise. His father, upon hearing his advice, promptly went his own way. Havnig been a somewhat ongoing trend, he confronted his father about it, who had no response other than one to the effect of a shrug. See, my friend is the one who'll have to deal with his parents when their new ISP ("They're cheaper" was the justification) starts having technical difficulties - or worse - shuts down.
Much like mechanics will toss you a jug of water and a bag of cat litter, it's our job to educate those around us with the basic skillset that will help keep them safe out here in our turf. I try to keep my family abreast of the things they should watch out for, and as a result they no longer reply to "unsubscribe@spamemail.com" addresses, delete mail they know to be SPAM, don't forward chain letters or virus warnings, etc.
I don't teach them the OSI model or the structure of a TCP packet, I teach them the safeguards they should watch out for, and teach them the skills they need to answer questions they have on their own so they can broaden their knowledge and be more effective technologians.
</CORN>
BD Phone Home!
Shameless plug. Like you weren't expecting it.