Slashdot Mirror
iTunes is Malware?
Moby writes "On the heels of the big Apple love-in that is Macworld comes some interesting but alarming news. Recently a few blogs have started to indicate that iTunes is tracking your music preferences and using that data to recommend other songs from iTMS. The article provides a good overview, with some recommendations of its own. Basically, iTunes is tracking your music and sending the data back to Apple servers. This info is then used to advertise songs that may be to your tastes. A convenient feature, perhaps, but it raises concerns over privacy."
You may remember that Amazon even patented a similar technique. And I've always suspected my local grocery store of profiling me. Afterall, I hand them a little tag on my keychain for my discount, they scan it and suddenly my name is on the reciept. I'd be naive to think they aren't generating statistics about me and secretly making note that I buy far more long grain wild rice than the average consumer.
So what's the problem here? The problem is that I don't like it. I don't want a computer program diagnosing me at a hospital even if it is built on solid Bayesian probability models and I don't want a profile of my musical tastes being generated on a company's database. My taste in music is my business and I don't want other people knowing that my most listened to album is Tom Dooley and Other Hits by The Kingston Trio.
All I've learned from this is that a big company is a big company whether it's Microsoft, Sony, Apple or Google.
From the article: Oh, come now, you're telling me you've trusted Apple? What has Apple done to gain your trust? They're a profitable corporation and that's where their interests lie. How to get the moneys from your hands to theirs as efficiently as possible.
The only thing that makes me sad about this is that local bands still lose out because I doubt they'll ever make recommendations unless tens of thousands of users are showing that association. I wish Apple would make a service called halfTunes that sold songs at 50 or 25 or free for bands that are looking for exposure, not profits.
My work here is dung.
So? BFD. Certainly there are cases where privacy is a concern, and companies are harvesting personal data for ill gains. But is this really one of them? Calling it malware makes it sound like Apple was so sinister. It's no worse than Amazon tracking your purchase habbits and using it to suggest what other shoppers must buy, or the fact that you have to register with CDDB now, so they could potentially track what music you listen to. Of course the article doesn't even offer proof that the data is even retained by Apple, nor that there it is directly associated with your personal information. It could just be using the immediately selected song to suggest similar music, not a full history.
And what exactly sinister use will Apple have for this horribly damaging data, anyway?
Plus, it's so easy to disable. Get over it already.
I'm all for privacy, but this doesn't seem terribly unreasonable. Nobody bitches about Amazon customizing their storefront based on past purchases. Well, maybe they do, but I don't hang around with tinfoil-hat-types.
My point is that every time I go to the iTunes music store, I think, "Gee, wouldn't it be cool if the store knew about my collection and taylored the site to my tastes. I really don't care to see the latest offering from Kelly Clarkson.
I guess the ideal thing would be if I were given a choice. I didn't see any mention of that in the article. To me, that would be one way to satisfy both crowds. I guess I'll have to fire up iTunes and see if I'm being "watched".
"No matter where you go, there you are." -- Buckaroo Banzai
Then it should be disabled by default or you should be asked (in plain English) if you want it enabled when the program starts for the first time after update. If you say no it shouldn't ever ask you again nor should it track your listening preferences.
You don't know that it's "tracking" anything, even now.
On the other hand, we don't know it's not doing that, since Apple doesn't tell us.
No. Absolutely not.
It's never ok for an external entity to attempt to match things to your interests? Okay, possibly a different philosophical outlook on things, here...
Especially when they didn't ask my permission first.
Agreed. But, as I said, it's not exactly a secret that it's doing something to be able to actively change the MiniStore display.
Sure, Apple's trying to sell something. But it can also be argued, correctly, that this improves the user experience with iTunes (aside from the broader privacy argument). I do, however, agree that Apple should have made this clearly known on the first launch, and given an option at the same time to simply disable it.
In all seriousnes I will check the eula when I get home, but I bet there is something in there when you install a new version. On top of that, it only happens when you have the MiniStore open. The whole point of the MiniStore is to offer you music you might like. How else should it work?
Ask Slashdot: Where bad ideas meet poor googling skills.
What happens: iTunes sends a request to the music store if you click on a track in your iTunes Library. It displays the recommendations it received based on the track you clicked in a mini store below the library. If you dislike this, press COMMAND-SHIFT-M ( Edit > Hide MiniStore).
Is this spyware? I think the definition as used in the article is ways to broad:
spyware (because it sends information to a server) and adware (because it displays information to attempt to sell you products)My definition would include "without my consent and without me being able to turn if of". Maybe yours would be "without asking me BEFOREHAND".
The main problem is that we are developing a lot of technology that allows us to personalize any kind of service. This has been impossible in the past, but with the establishment of the web as data infrastructure and database driven applications on web servers accessing data from millions of users at a time, this all changed. I think we have to change the way we think about this and whom to blame.
I'm somewhat paranoid about my data, e.g. I only pay cash to leave no trace. On the other hand I LOVE amazons recommendation system and am very willing to give them informations not only about what I buy, but also about what I might buy. [But I wouldn't search amazon for the "Anarchists handbook" or "DIY pipe bombs" without deleting my cookies first.]
We're just at the beginning of the massive use of personalization. Wait a couple of years and someone will convince you with a service that requires tracking you via GPS 24h/day. The old idea of "minimal data collection" simply will not work. But 1984 wont happen either. We will get used to leaving data tracks everywhere. [One thing that really scared me was AT&Ts patent to read the RFID tags in your trash can to find out about your consumption habits.] It will happen because it is so convenient. Like gene modified fruit or gene therapy. Resistance is (basically) futile, though often worth a try.
Our main focus should be to push society into handling this wisely, if it cannot (or should not) be stopped. So push for privacy laws that do not simply allow or prohibit collecting data, but which clearly define who may access the data, what they may do with it, in which ways they have to inform you about it.
Control what is done with your data, not if it exists at all.
Chriss
--
memomo.net - brush up your German, French, Spanish or Italian - online and free
memomo: free web based language trainer DE-EN-ES-FR-IT
Does WMP do this? Ya know, I don't really know, but it wouldn't surprise me if it did. And my reaction woulndn't be any different. I am by NO means an Apple fanboy, but I just don't find anything outrageous about this. I just assumed software like iTunes would do this sort of thing, but that's not really the main reason I'm not using it. Corporation tracks what music I listen to on their software? I don't really give a shit. But I still don't use iTunes.
I want them to track my music listening habits. Maybe if they notice the bands I listen to, they will make deals to distribute music from Epitaph and Fat Wreck Chords artists. . . 'cause currently iTunes have almost nothing I want to listen to.
According to the definition you linked to, spyware is a subset of malware.
Yea, I'm about as worried about Apple knowing my musical tastes as I am about Amazon knowing my reading preferences. As in... not at all.
If you're the type that's worried about Amazon and Google tracking you with cookies and such, then yea, it's nice to know about this ( and the fact that they don't track you when the mini-store is hidden ). I guess I'm just not that paranoid... I'm actually quite happy to tell everyone what kind of music I like. I'd even tell you, if I thought you wanted to know.
I'm frankly much more paranoid about Google keeping records of my searches and gmail messages, but even that... I mean, if you use credit cards, Apple knowing your music preferences is the least of your worries.
Yes, because Apple's DRM practices are so very very terrible. They have possibly the most lenient and accessible DRM of all that is out there - just enough that they can keep the suits happy and signing papers that make it so they can deliver a product.
Is it a "lesser of evils" case? Sure. I'll take Apple over Sony and/or Microsoft any day of the week, though. I will also continue purchasing music - I don't fear the future enough to completely disregard products of the present.
Still disagree with my stance? Try this on - If you have bought a CD from any major corporation in the last 3 months, and/or if you run Windows Media Player(which does the same thing) - you are a hypocrite.
(I suppose I should mention I'm a recent convert. Got a powerbook abou 5 months ago, and am now in the process of converting all my boxes to Macs.)
From the website (last.fm)
Last.fm is the flagship product from the team that designed the Audioscrobbler system, a music engine based on a massive collection of Music Profiles. Each music profile belongs to one person, and describes their taste in music. Last.fm uses these music profiles to make personalized recommendations, match you up with people who like similar music, and generate custom radio stations for each person.
I personnaly get a lot of good suggestion from this web site,
my user profile: http://www.last.fm/user/Pocaille
Apple screwed up: this is unquestionably spyware, because it's not clear before you install that this is going on, it was slipped into a regular update, etc. I'm definitely a Maccy, but I won't serve as an apologist for this. It's wrong. Period.
That said, it doesn't appear to be malicious. It's very easily turned off and that doesn't seem to disable any function that isn't directly related. They're not hiding what they're doing as they do it.
I'd chalk this up to stupidity and poor communication. It doesn't seem like they were really trying to hide anything, just that they didn't think, "Hey, maybe I should be extra-specially-clear and disclose this." The tech people weren't talking to the marketing people; what a shock.
I'd hope for a quick mea culpa and clarification of the service. Perhaps, when you start the updated iTunes for the first time, a dialogue box could pop up and say, "Hi! Want me to tell the iTMS what song you're playing? Then I can make recommendations for you! [Yes] [No] [Bite me]"
What I say does not represent the views of my employers, my friends, my cats, or myself.
This is a direct quote from the website:
(Flash required)
"This calculator allows you to determine what your data bits are worth on the open market so you can request proper compensation when it is asked from you. For instance, a typical cellular phone company will ask for your address, date of birth, phone number, Social Security number and driver's license to open a new account. Consult our data calculator and that will be $13.75 please!
Refer to this calculator when you interact with all businesses and goverment agencies. Make sure you get a cut of the profits from the reselling of your information. (A downloadable data calculator for Pocket PCs is on the way.)
We used the following sources to determine the worth of your individual data bits: Accurint, Aristotle, ChoicePoint, ChoiceTrust, DocuSearch, Experian, KnowX, Merlin Data, and Pallorium. There are many other commercial data warehouses in the U.S., but these are some of the most popular and represent the general types of information that are for sale."
For those who don't know: The iTunes EULA is outrageously broad, and basically grants permission to Apple and several other companies to do anything they damn well please - including re-writing the entire EULA without notification or consent.
/. foes list) for pointing out that I, personally, am unwilling to enter such an open-ended contract.
That's why my mac has no iTunes. That's why the corporation I work for does not allow versions of Quicktime that include iTunes.
Incidentally, I've been roundly flamed (and even made people's
Perhaps I have blasphemed the mac religion by reading an Apple EULA. I fully expect this post to be modded troll and flamebait, although it is intended as neither.
Grocery stores can, and DO, track individual purchases. Recently, a fire fighter was suspected in an arson because his card had shown as purchasing the accelerant used in the fire. It wasn't until someone else confessed that he was cleared. The DEA has subpoenaed records looking for people purchasing large numbers of baggies. A large grocery store, in the aftermath of 9/11, turned over to the FBI their entire loyalty database of purchases and purchasers, without so much as a subpoena, to "help find and fight terrorists."
The truth about Scientology, Xenu, and you: Operation Clambake
...it will be too late to complain.
Consider: The record industry is looking for ways to justify multi-tier pricing, where some songs cost 75 cents, and other songs cost $2, or $3. What better way to justify that than to say, "People really play <this> song more than <that> song, so we deserve much more money for it!". I would actually be happy to do that, if I thought that the artist would get the extra money, but I'm pretty sure any extra money will magically vaporize somewhere in the record labels. "overhead", or "promotional copies" or something.
Consider: If I understand this right, they are tracking what songs you play. Not what songs you buy from them, but what songs you play from anywhere you obtained it. First off, if the song is not one that you bought from them, then how can they tell what you're playing? From the artist name and song title that you typed in? Geez, people can't even get consistent data into the gracenote database (which is why I still avoid that), so just how accurate is the data going to be when the names are based on what a million different people type in? For that matter, I rename some of the songs I do buy from iTMS, because they even they don't name things completely consistently (although they do better than Gracenote).
Consider: Let's say the RIAA feeds certain songs into the file-sharing networks, which have unique markers in them (either spellings of artist names, or MD5 digests of the song, or something). Then they come knocking on Apple's door saying "Have you noticed anyone playing <this> song? And you can tie that playing to a specific authenticated user? Hey, that's Great!".
Consider: Let's say the government finds out that "terrorists" really like to play "Desert Rose" from Sting. Or they want to know everyone who listens to the podcasts from Al Franken. Gee, maybe Apple would know. Once there is a database, then who knows what "interesting" things someone might want to find out from mining that data...
I don't know if any of these are going to happen, but the thing is that we won't know the downside until we see it. And all of this is for what? So they can recommend more songs for us to buy? They do an awful job with the "Just for You" recommendations as it is. I don't need someone tracking down more songs for me to buy -- particularly not the person who directly profits from me buying stuff. Real live human beings have a tough-enough time agreeing on what which albums are good, even if they agree on an artists they like. Anything the store recommends is still going to be nothing more than a random guess. The "up-side" of this is extremely insignificant. If you want to find more interesting music to listen to, then search for it yourself. You can spend months on amazon reading reviews (both pro and con) from real live people who have bought a variety of albums, and get a much better idea of what music to try than you'll get from database-mining and a 30-second snippet of some song.
disclaimers: a) in general, I like Apple. I like MacOS much more than Windows. I own four ipods. I buy songs from iTMS (not a lot but some). b) I think Sony should be completely boycotted for their recent DRM fiasco. c) I think it's hysterical that Microsoft claims people should hate iPods because they "lock you into" a single vendor. d) I prefer to buy CD's over digital downloads, and my iTunes music collection is about 99% songs ripped from legit CD's that I personally bought.