Slashdot Mirror
Will Your CD Player Tell on You?
An anonymous reader writes "Ever feel like not being a marketing statistic? Well just by playing certain store-bought compact discs in your home or office computer, your new music disc may be transmitting your listening habits in real time to the respective record company...." Charming. Read on for more...
Anonymous Continues: "A company by the name of Bandlink is providing technology to record companies that allows a cd played in a personal computer to contact their server and relate statistics such as what track you're listening to and when you're listening to them. This information is then compiled into customizable reports that allow the record company to develop "User Profiles". There are benefits listed for the consumer such as cd-specific chatrooms, concert information, etc but the question remains: What's your price for privacy? The only indication that the cd you're purchasing is Bandlink "enabled/disabled" is a small logo on the packaging. There is no mention of a opt in/opt out agreement when the cd is inserted on the website and none was displayed in a personal demonstration.
Favorite quote from their website: "Virtually any information you want to know about your fan or the quality of your release can be obtained.""
What sort of idiot has their firewall configured to let their CD player send packets out?
You know what? I think the law should start considering my computer desktop and my network connection as my personal property. Want to display a popup on my desktop? Sure, $5 a time. Want to send some bits on my behalf? Sure, $1 million a time. If you try and steal advertising space on my desktop, or steal some of the bits that I own, then you go to jail.
...from all those players (including WinAmp) that analyze your CD and download the songlist for you? And this applies to 99% of retail CDs, not only those that are enabled by this technology.
I use Tiny Personal Firewall 2.0 to stop this sort of crap under Windows. It'll block any application from 'reporting' back home via the internet. It's a pro at keeping apps like Real Player or guys like this from tattling. It's not open source, but the 2.0 version was freeware. I'm not sure about the 4.0 version.
I strongly suspect that this won't even be an issue for most Linux users.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Buy a Mac? Use Linux?
:)
Uh... disable autoplay? Come on, not tricky, this one.
Is this USA only, or are these for sale in Canada or in Europe? Because if they are, Canada's PIPEDA and the EU DPD mean wake up and smell the lawsuits.
MHO. YMMV. Any resemblance between this post and real persons, or reality in general, was accidental.
Does it transmit data when you rip a CD?
Bandlink Support
Bandlink is designed to be run simply by inserting the CD into a Windows Compatible PC. The first time you insert the CD you will need to agree to the Bandlink User License and download the remaining program files. Bandlink should do the rest from then on.
As you can see, there's a consumer agreement component here. It's not an unimpeded, unstoppable invasion of privacy, like what TiVO was doing. You have to agree as well. In which case, if you don't really care about your privacy (and you like push content, which some people do) it might actually be seen as pretty cool.
Statistically speaking, there's a 99.998% chance that my IQ is higher than yours. Get over it.
The fundamental principle underlying current privacy practices in the United States is: "It is perfectly acceptable for a company to violate your privacy so long as it is for the purpose of selling you things."
Obviously companies believe this, and on present evidence I'd say that most consumers believe this, too.
"How to Do Nothing," kids activities, back in print!
There are few technical details on their web site, but it appears to just be a mixed mode (data and audio) CD, which when played using Bandlink's CD player software, will give the "benefits" described. Since I don't have any intention of using their software, it's not a problem. Until, of course, people start producing music that can only be played with their player. So far, record companies haven't been brave enough to test such a tactic in the market, although with copy protected CDs, they're getting awfully close to the line. The depressing thing is, I suspect the general public would just meekly go along with it :-(
"The invisible and the non-existent look very much alike." -- Delos B. McKown
Wow. How did this line of thinking go?
RIAA Exec #1: "Let's start spying on people. It's not like they have a real reason to steal music anyways."
RIAA Exec #2:"Yeah! And we can have pop-ups that tell them Big Brother is watching!"
RIAA Exec #1:"No... That would be stupid... right?"
RIAA Exec #2:"Perhaps... But surely this will make people want to buy music as opposed to downloading it. Right? Right?"
RIAA Exec #1:"..."
RIAA Exec #2:"RIGHT?!"
RIAA Exec #1:"Oops..."
Me: "Thanks guys. Now I have a morally sound reason to download Britney's newest album! MERRY CHRISTMAS!"
So it's nothing more than some Auto-Run software. Which makes sense, I can't imagine any other way a CD would just magically contact a remote host.
Solution? Disable auto-run (which I do anyway), or in this particular case, don't accept the license agreement...
They also mention this a lot:
My first thought was that they could easily combine so-called "copy protection" with phoning-home, but at least with Bandlink this is not the case.
NGWave - Fast Sound Editor for Windows
CD Player listens to you!
(At least people in Soviet Russia can grin on this)
Every time you use a credit card, grocery store discount card, write a check they put through a reader, login to something, and so on and so you're are being profiled. I used to work for the second largest ISP, and everything you connected all your connection attempts and other info was beening uploaded during the connection. Many of the major corporation now run software that monitors your calls, and internet activity. We are being monitored, counted, tracked, profiled, and categoried so much does it even matter. All this is just business, if get into all the tracking the goverment does, and you'll really feel like a specimen under a microscope.
Actually in many way I feel there is safety in numbers. If they were only monitoring a we few people I would be nervous, but when the amount of data being collected we are people just numbers in a statisitc somewhere. Just another brick in the wall.
Although I use the free ZoneAlarm.. I'm also pretty restrictive about what programs I allow access, i.e. why oh bloody why does WMP require internet access when playing a media file when all the required codecs are installed (pile of crap it is).
But, the cynic in me keeps shouting out this idea... what is to stop the disc (well apart from disabling autoplay, unless MS has some other "backdoor" auto execution of something on new media) from opening up a browser window with a heavily customised piece of url every now and then? The default access permissions will allow any web browser to do it's stuff?
Just food for thought.
Are you local? There's nothing for you here!
IN SOVIET RUSSIA "IN SOVIET RUSSIA" comments are lame
/. comments
Join the fight aganist lame
PC's are cheap now--run two, one with an Internet connection, and one without. Network internally with IPX/SPX or NetBEUI. Download your entertainment on the Internet connected PC. Play the downloaded content on the disconnected PC. Voila`--the media players, etc. can't call home. For added security, don't do anything sensitive on the Internet connected machine.
This setup isn't airtight, but it's a damn sight better than giving RealMedia, Microsoft, and every other spyware purveyor on the face of the earth unfettered access to the same machine that contains your financial information or files which indicate certain, um, proclivities.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Just as an FYI re: one of your points, ZoneAlarm (at least) does checksum all the apps and compares them when they request a connection. If they've changed since you granted access, you are warned about it. So a malicous app would have to either magically hash down to the same checksum (unlikely!) or it would have to modify the database (hard, as it's protected) or modify the ZA checksum code (maybe easier). All in all, possible but not easy. I've never seen any mention of any app doing any of those things, the easiest is to simply invoke IE and have it make your connections for you!
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
against unauthorized access. Perhaps if the "average Joe" started to insist they apply to *his* computer as well the corporate server things would get, ummmmmmm, interesting.
Of course if your computer software comes attached with an offensive EULA in which you "agree" to have no rights to your own system/network you might well be hosed. I'd like to see someone challange this in court *on the basis that you can't be coerced into signing away a basic property right, even by contract.*
To my knowledge this hasn't been tried yet in America ( in some other countries the EULA is already considered invalid prima facie). All it takes is someone devoted to the cause with $50,000 American and five years of their life to devote to it.
Of course there's another option. *Don't use EULAed software.*
In that case the assumption of having to give some sort of explicit permission to enter your system ought to hold just as much for the personally computer as it does for the corporate/government computer.
Hacking is a crime. Do your homework, secure your system, and then insist on *prosocuting* any "hacking" of you system, no matter who the "hacker" is.
Laws are double edged swords that can cut the person who "bought" the law just as well as those it was intended to be a weapon against if the intended victim learns how to use the "weapon."
KFG
I bought Santana's Shaman last month and it has the wonderful tracking technology built in. I was curious as to what the "Bandlink" thing did when I bought the cd (never heard of it before). Luckily, I went to their website first and saw the usage statistics crap and decided against installing it.
... but I don't want to have to give up personal privacy for those extras. If I just had to install and register I wouldn't mind, tracking is going too far IMHO.
... for text file!.
I read part way through the EULA (which is apparently available on their website but I couldn't find it) but I didn't see anything about allowing them access to all information.
I support the idea of adding content to cd's to make them more attractive to purchase
Since I couldn't find the EULA online (as promised) i've taken the liberty of posting it online (hopefully its not illegal but oh well).
Its available here
It weighs in at a hefty 12.8kB
Many DVD disks include "InterActual" (previously known as "PC Friendly") software which is autorun upon DVD insertion on Windows machines. To the typical home consumer, the message presented appears as if it originated from the PC itself, prompting the user to install the software in order to view the DVD content.
There are several issues with this, and relavent to the topic of "illegitimacy of spyware":
1. "InterActual" doesn't actually install an MPEG2 decoder filter, it merely uses the existing filter provided with a new PC
2. "InterActual" software attempts to redirect the user to whatever content is available online relating (or not) to the title being viewed - spam essentially
3. "InterActual" assigns itself as the default DVD playback application in Windows, and thus the user is subjected to the inferior quality of the DVD navigation software
4. "InterActual", if the user performs the standard "click-thru" agreement to watch their DVD content, broadcasts information about what DVD content the user views
Suffice to say, these points are easily discovered with a Google search, so I'll refrain from excessive linking and leave further research to the reader.
Now, for the more-than-capable user (read: most of you reading this), an explanation for preventing/disabling/uninstalling this spyware is obviated. But as the initiated, it's our duty to explain this to those who may not understand (read: friends, neighbors, family) what happens with spyware such as "InterActual" software.
On a personal note: After purchasing my last PC from Dell (please no "Dude" jokes) and inserting a DVD disk, it presented me with a dialog informing me that "InterActual" software was attempting to install and overwrite my settings, and gave me the option to block "InterActual" from installing on my machine. As expected, content is played through the standard DVD software provided by the OEM and I don't have to see that annoying banner anymore when I insert an "InterActual" or "PC Friendly Enabled!" disk.
Cheers!
J. Esterhaus
What really cracks me up is how this "holier-than-thou" sentiment is lavashed in a forum where we think it is important to be the bigger nerd but what I'd really like to know is how many of you tell your grandma/mother/aunt/girlfriend/whatever that they're an idiot for not keeping up with PC security, or for not patching their OS (what?!?! your grandma doesn't use Linux! What a fucking moron! I'm glad she's not related to me...). Gimme a break folks. How many of you immediately turned around and issued a security bulletin to your family about this horrid new CD technology. I can see it now..."I repeat, DO NOT INSERT THE CD INTO YOUR COMPUTER'S CD DRIVE!!! If you feel unsafe or unsure whether or not you are using one of these new CDs, please contact my secretary, er answering machine and schedule an appoint, er leave a message and I'll set a time for me to do a security visit with you to ensure you are not in any DANGER. I repeat you morons, DO NOT INSERT THE CD INTO YOUR COMPUTER'S CD DRIVE!!!! (yes grandma, this means you too)." Get real guys.