Slashdot Mirror
iTunes is Malware?
Moby writes "On the heels of the big Apple love-in that is Macworld comes some interesting but alarming news. Recently a few blogs have started to indicate that iTunes is tracking your music preferences and using that data to recommend other songs from iTMS. The article provides a good overview, with some recommendations of its own. Basically, iTunes is tracking your music and sending the data back to Apple servers. This info is then used to advertise songs that may be to your tastes. A convenient feature, perhaps, but it raises concerns over privacy."
You may remember that Amazon even patented a similar technique. And I've always suspected my local grocery store of profiling me. Afterall, I hand them a little tag on my keychain for my discount, they scan it and suddenly my name is on the reciept. I'd be naive to think they aren't generating statistics about me and secretly making note that I buy far more long grain wild rice than the average consumer.
So what's the problem here? The problem is that I don't like it. I don't want a computer program diagnosing me at a hospital even if it is built on solid Bayesian probability models and I don't want a profile of my musical tastes being generated on a company's database. My taste in music is my business and I don't want other people knowing that my most listened to album is Tom Dooley and Other Hits by The Kingston Trio.
All I've learned from this is that a big company is a big company whether it's Microsoft, Sony, Apple or Google.
From the article: Oh, come now, you're telling me you've trusted Apple? What has Apple done to gain your trust? They're a profitable corporation and that's where their interests lie. How to get the moneys from your hands to theirs as efficiently as possible.
The only thing that makes me sad about this is that local bands still lose out because I doubt they'll ever make recommendations unless tens of thousands of users are showing that association. I wish Apple would make a service called halfTunes that sold songs at 50 or 25 or free for bands that are looking for exposure, not profits.
My work here is dung.
First of all, I don't know how this qualifies as iTunes suddenly being "malware", but anyway...
Edit -> Hide MiniStore (or shift-command-M)
No information of any kind is sent when the MiniStore is disabled.
What iTunes 6.0.2 is doing:
Sending information about the currently playing track to Apple, and then displaying information related to that track in the iTunes Music Store in the MiniStore pane. It is not broadly "tracking your music preferences".
Further - though we admittedly don't know this since Apple doesn't explain how it is using the data - there is no proof that Apple is doing anything but merely changing the MiniStore display based on what track you are listening to (which is very likely exactly what they're doing); not aggregating or "tracking your music preferences".
iTunes isn't doing this surreptitiously, either: the MiniStore pane clearly actively changes depending on what track you have selected. One would presume this does not happen via magic or the dark arts.
I'd love to have comment from Apple, and a clear presentation that information is being sent to Apple for x purpose, and a clear option to allow - or disallow - such use. I've looked through the iTunes 6.0.2 license and do not see any such guidance.
Granted, the MiniStore pane is present by default, but it can be disabled as easily as is described above.
I realize many people think this represents "going over the line"; but is there ever any instance where datamining to match items you might be interested in to your interests is acceptable? Is there any value to having this be the default state in certain instances where it could be significantly helpful?
While it's been some time since I installed iTunes (to provide support for friends and family -- hard to walk them through an interface I've never seen) it seems to me that the tracking and recommendations is optional. I could be wrong.
That said, even if it were NOT optional, I'm not sure I see the controversy here. People love the iTunes/iPod marriage and the "it just works" philosophy.
Part of that philosophy is the synergy that is the relationship between the user and the product. Apple seems to be good at defining and enhancing that relationship. So, it seems (to me) a logical extension to "observe" the music a user likes and make recommendations therein.
How different and onerous is this compared to the Amazon "people who have purchased this also have purchased ...,"
feature?
iTunes isn't my cup of tea, but for many users, this "malware", in my opinion, is a far different (and more benign) animal than, say, the SONY DRM debacle.
As for the author's opinion about how controversial this should be, quoting the last paragraph from the article:
specifically and especially to his last sentence, I don't (have a feeling this will be making some waves in the immediate future).Furthermore!, it should be pointed out the author "concedes" in the article:
which almost completely renders moot the original thesis.So? BFD. Certainly there are cases where privacy is a concern, and companies are harvesting personal data for ill gains. But is this really one of them? Calling it malware makes it sound like Apple was so sinister. It's no worse than Amazon tracking your purchase habbits and using it to suggest what other shoppers must buy, or the fact that you have to register with CDDB now, so they could potentially track what music you listen to. Of course the article doesn't even offer proof that the data is even retained by Apple, nor that there it is directly associated with your personal information. It could just be using the immediately selected song to suggest similar music, not a full history.
And what exactly sinister use will Apple have for this horribly damaging data, anyway?
Plus, it's so easy to disable. Get over it already.
I found the following links since submitting the story:
Here
and
Here
What is it doing that is malicious?
Spyware, sure, but not malware.
-stefan
//FIXME: Bad
This is incredulous!! The ergonomically designed iTunes interface hides nothing from the user and shows any and all pertinent information at the briefest glance. The stylishly engineered music system and efficient online purchasing system offers only the highest level of quality entertainment with none of the underhanded skullduggery that lesser companies wallow in.
Apple soars above such outrages!! You will feel His Jobnesses' Wrath!!
May the Maths Be with you!
Amazon.com is a malicious website! When I click on a book, they show me other books that people have purchased with it!!!
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
No. It is not.
Malware definition
Perhaps the news submitter ment to use the term spyware?
...and get over it.
The reccommendations feature in iTunes is fantastic. Amazon's Reccommendations page has a "I own it" check box. I use this page frequently to find new music or books or DVDs I would be interested in based on the other things I own (even those I didn't buy from Amazon).
From TFA, it hasn't been determined if the cookie sent back contains your Apple ID. It may not. It may not contain anything traceable or of a privacy concern. How about trying to use iTunes on a clean install without buying anything first and seeing if it does the same?
But one thing is for sure - if you want service of a personalized nature, you have to be willing to let someone know something about you.
Oh shit! Apple knows you listen to too much Britney Spears! Time to get hysterical and post to a bunch of blogs from starbucks on your powerbook.
I'm all for privacy, but this doesn't seem terribly unreasonable. Nobody bitches about Amazon customizing their storefront based on past purchases. Well, maybe they do, but I don't hang around with tinfoil-hat-types.
My point is that every time I go to the iTunes music store, I think, "Gee, wouldn't it be cool if the store knew about my collection and taylored the site to my tastes. I really don't care to see the latest offering from Kelly Clarkson.
I guess the ideal thing would be if I were given a choice. I didn't see any mention of that in the article. To me, that would be one way to satisfy both crowds. I guess I'll have to fire up iTunes and see if I'm being "watched".
"No matter where you go, there you are." -- Buckaroo Banzai
In all seriousnes I will check the eula when I get home, but I bet there is something in there when you install a new version. On top of that, it only happens when you have the MiniStore open. The whole point of the MiniStore is to offer you music you might like. How else should it work?
Ask Slashdot: Where bad ideas meet poor googling skills.
you listen to a lot Anton Webern. Seriously, it turns out that people who bought Anton Webern's Variations for Piano, Op. 27 (all three of us) also bought Jeff Foxworthy--at least according to the ministore. That little gem of demographic goodness has brightened up my day so much I don't care how what info Apple gets from my listening habits.
Ever used an Internet browser? That sends data to various servers, does that constitute a risk to your privacy? Probably, but it doesn't make Firefox, IE & Opera 'malware', in the same way that even if iTunes is sending data to Apple, it's not necessaraly malware.
Kneejerk reactions like this are unsupprising given the current culture of "Oh my god, the've got my name and they know what music I like!". If you are conserned about your privacy with regard to a company or service, I suggest you start with their Terms of Service and Privacy Policy - If you don't like them, you don't have to use their service.
Windows in 6 Bytes (IA-32) : 90 90 90 90 CD 19
What happens: iTunes sends a request to the music store if you click on a track in your iTunes Library. It displays the recommendations it received based on the track you clicked in a mini store below the library. If you dislike this, press COMMAND-SHIFT-M ( Edit > Hide MiniStore).
Is this spyware? I think the definition as used in the article is ways to broad:
spyware (because it sends information to a server) and adware (because it displays information to attempt to sell you products)My definition would include "without my consent and without me being able to turn if of". Maybe yours would be "without asking me BEFOREHAND".
The main problem is that we are developing a lot of technology that allows us to personalize any kind of service. This has been impossible in the past, but with the establishment of the web as data infrastructure and database driven applications on web servers accessing data from millions of users at a time, this all changed. I think we have to change the way we think about this and whom to blame.
I'm somewhat paranoid about my data, e.g. I only pay cash to leave no trace. On the other hand I LOVE amazons recommendation system and am very willing to give them informations not only about what I buy, but also about what I might buy. [But I wouldn't search amazon for the "Anarchists handbook" or "DIY pipe bombs" without deleting my cookies first.]
We're just at the beginning of the massive use of personalization. Wait a couple of years and someone will convince you with a service that requires tracking you via GPS 24h/day. The old idea of "minimal data collection" simply will not work. But 1984 wont happen either. We will get used to leaving data tracks everywhere. [One thing that really scared me was AT&Ts patent to read the RFID tags in your trash can to find out about your consumption habits.] It will happen because it is so convenient. Like gene modified fruit or gene therapy. Resistance is (basically) futile, though often worth a try.
Our main focus should be to push society into handling this wisely, if it cannot (or should not) be stopped. So push for privacy laws that do not simply allow or prohibit collecting data, but which clearly define who may access the data, what they may do with it, in which ways they have to inform you about it.
Control what is done with your data, not if it exists at all.
Chriss
--
memomo.net - brush up your German, French, Spanish or Italian - online and free
memomo: free web based language trainer DE-EN-ES-FR-IT
Uninstall it now, and install Windows Media player or Real player. I hear they are much better.
P.S. I also heard the sky was falling...
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
It would be interesting to re-phrase the question and replace "iTunes" with "Windows Media Player" and see what kinds of responses are generated by the Slashdot crowd.
Sample headline: "It seems the most recent update to Microsoft's bundled media application Windows Media Player is mining the music tracks that a user plays and sending that data back to Microsoft in order to present the user with similar tracks from the MSN Music Store. What Microsoft does with this data after Music Store recommendations are made is unknown."
Will the apologists for Apple and their data mining stand up in this case as well?
Interesting question, anyway.
B
"We must still have chaos within in order to be able to give birth to a dancing star." --Friedrich Nietzsche
I want them to track my music listening habits. Maybe if they notice the bands I listen to, they will make deals to distribute music from Epitaph and Fat Wreck Chords artists. . . 'cause currently iTunes have almost nothing I want to listen to.
Maybe because it can be disabled? Maybe because it doesn't root your computer? Maybe because it just isn't as bad as the stuff Sony and MS pull on a regular basis? Maybe there is no conspiracy?
Those who can, do. Those who can't, sue.
Everyone knows tracking is only bad when it's from "evil" companies like SCO, Microsoft, or Sony. Apple is "good" and "on our side".
/satire In all reality, this would be fine if they had a clearly labeled option/popup when you first ran iTunes. "Hey, we'd like to track the songs you listen to so we can recommend some other songs we think you'll like" and not buried somewhere in a EULA, or not actually brought up at all. Then again, from what I can tell apple doesn't like to give users choice, they like to decide what's right and wrong for you. This truly isn't a flame either... after working back and forth with them extensively for over a year, it's just how they operate. Sometimes it's a good thing, sometimes it's not. In this case, I would say it's not.
You know if this was Sony or Microsoft there would be howls of anger and the pitchforks and torches would already be out. Apple does it and; "hey, they're swell guys but I don't know how comfortable I am about this".
If the crack dealer I see on the corner were to pull a gun out of his pocket, I'd go for cover. If my brother pulled a gun out of his pocket I'd probably say something like, "hey what is that gun you're carrying?" The reason for this is because I know my brother and have some level of trust in him. I might say, "hey put that away" if I felt it was inappropriate. I feel that what Apple has done is inappropriate. They should have issued a privacy policy that explains what they do and don't do with the information they are collecting. They should have had the feature disabled by default (even if they included a big "enable ministore suggestions" button). That said, Sony has a history of doing unethical things, as does MS. Apple has a much better record. Thus, I give them the benefit of the doubt and assume they are probably not data mining. If that proves not to be the case, I'll be more skeptical of them in the future.
I can't believe people are focusing on this, however. I mean sure, this is pseudo-spyware (not malware), but Apple just released machines that implement EFI. I'm much more concerned about the "trusted computing" possibilities of the new firmware than I am about iTunes. One might let them collect data about the songs listened to using freeware they distribute (with an easy option to turn it off). The other might allow them to restrict your actions on the hardware you buy, after the purchase. I'm tentatively giving them the benefit of the doubt there too, but it is certainly a much more pressing concern than iTunes phoning home.
I find ironic the possibility that some of those who would object to this data mining, routinely share their musical preferences with the world via nuclear-powered subwoofers at 2:00am.
Proverbs 21:19
Yea, I'm about as worried about Apple knowing my musical tastes as I am about Amazon knowing my reading preferences. As in... not at all.
If you're the type that's worried about Amazon and Google tracking you with cookies and such, then yea, it's nice to know about this ( and the fact that they don't track you when the mini-store is hidden ). I guess I'm just not that paranoid... I'm actually quite happy to tell everyone what kind of music I like. I'd even tell you, if I thought you wanted to know.
I'm frankly much more paranoid about Google keeping records of my searches and gmail messages, but even that... I mean, if you use credit cards, Apple knowing your music preferences is the least of your worries.
1) "But you can turn it off!" - And here I thought it was about default settings and opt-in. Didn't we (users) already fight these battles with Windows Media Player and Real?
...
2) "But Amazon does it!" - In a browser, while online browsing on *their* servers. A child can see the difference.
3) "But it's useful!" - So, potentially, is any invasion of privacy. If they know everything about you, they can make your shopping experience *really* convenient!
4) "But Apple wouldn't use the info for bad purposes!" - The government wanted to access your bookstore receipts and library checkouts (in addition to monitoring your phonecalls and emails without warrants). I'm sure Apple will fight to the last cent before handing over one iota of info to the government
Every one of these points was made in a +5 moderated post. Think, moderators, think!
Imposing Libertarian views on everyone online since 1992.
Apple screwed up: this is unquestionably spyware, because it's not clear before you install that this is going on, it was slipped into a regular update, etc. I'm definitely a Maccy, but I won't serve as an apologist for this. It's wrong. Period.
That said, it doesn't appear to be malicious. It's very easily turned off and that doesn't seem to disable any function that isn't directly related. They're not hiding what they're doing as they do it.
I'd chalk this up to stupidity and poor communication. It doesn't seem like they were really trying to hide anything, just that they didn't think, "Hey, maybe I should be extra-specially-clear and disclose this." The tech people weren't talking to the marketing people; what a shock.
I'd hope for a quick mea culpa and clarification of the service. Perhaps, when you start the updated iTunes for the first time, a dialogue box could pop up and say, "Hi! Want me to tell the iTMS what song you're playing? Then I can make recommendations for you! [Yes] [No] [Bite me]"
What I say does not represent the views of my employers, my friends, my cats, or myself.
This new feature puts up a little pane in the iTunes window that shows songs related to the song you are currently playing. There is no indication that I can find that the iTunes Music Store is actually storing that information. It's unlikely that Apple could store that kind of volume of information, given that it happens on selection, not on playing.
But I don't think people should worry. You can simply press one button and iTunes stops doing it (the disclosure button on the left side of the bottom button bar). It's pretty simple to verify that your computer isn't sending any data on track selection or play when that window is not added, so in general you only get this information when you ask for it. Further, all it has to go on are the identifying tags in the music, and these can be easily changed, so it's not something that could ever hold up in any sane court if someone came at you with a lawsuit. Then again, sanity doesn't seem to be a prerequisite these days, so our milage may vary.
Don't get me wrong, I am not to happy about this feature because it's effectively embedding ads in iTunes. They're pretty well targeted, but they're ads. Still, the article seemed to overreact to what iTunes is doing.
Slashdot. It's Not For Common Sense
the terms "opt-in" and "opt-out" are way out of proportion here. this isn't some obscure setting or (de-)registration procedure. it's a single click of the mouse to close a window.
if you really want to bitch about nothing then here's a far better one: Firefox has cookies enabled by default and sets your homepage to one of theirs on first run - THEY COULD BE SPYING ON EVERYTHING YOU EVAR DO ON TEH INTERPOWER COMPUTERWEB!
1) "But you can turn it off!" - And here I thought it was about default settings and opt-in. Didn't we (users) already fight these battles with Windows Media Player and Real?
It's not like it scans your entire library the moment you launch iTunes.
The matter is you can turn it off before it DOES ANYTHING.
Does it make you happy you're so strange?
For those of you who didn't RTFA or missed what this is all about, the latest update in iTunes added a 1" advertisizing bar in the playlist windows that is easily closed.
THIS IS NOT THE "RECOMMENDED FOR YOU" WINDOW IN THE MUSIC STORE. This is a new bar which appeared prominently in a playlist window by default after the latest update. THIS IS NOT HIDDEN TRACKING. THIS IS A CLOSABLE AD.
The mini-store bar is very obvious. It is annoying that it appears at all, but can be turned off easily (click the close/hide button) just like the album artwork. The mini-store is not subtle. It very clearly is showing songs in iTMS that match whatever song you just selected in iTunes, like other songs by that artist, and such. It does not appear to suggest songs based on my previous purchases. It looks just like the iTMS store (when you get to actual tracks), but at the bottom of *your* playlist instead of going through the usual iTMS clicks.
According to the reports, sniffing the traffic shows that if you close the mini-store window, it does not bother to send any hits/requests/info back to Apple. Presumably because you wouldn't see the results anyway. If Apple is sending my uniqueid along with my selection clicks, this would be somewhat more of a privacy issue.
I am annoyed by the new "feature" since I hate advertising. But I don't see it as a serious breach of privacy, except that a little popup explaining the new feature and what it does would have been greatly appreciated. It's only a little different from clicking on tracks in the iTMS in that it appears in playlists.
Adware? Sure. Spyware? No. Annoying? Yes, for five seconds, until you click the hide button.
Everyone is entitled to his own opinions, but not his own facts.
Try instaling Windows Media Player. By default, Microsoft does NOT collect any data. You have to "opt in." Apple's approach seem to be that you have to "opt out."
For those who don't know: The iTunes EULA is outrageously broad, and basically grants permission to Apple and several other companies to do anything they damn well please - including re-writing the entire EULA without notification or consent.
/. foes list) for pointing out that I, personally, am unwilling to enter such an open-ended contract.
That's why my mac has no iTunes. That's why the corporation I work for does not allow versions of Quicktime that include iTunes.
Incidentally, I've been roundly flamed (and even made people's
Perhaps I have blasphemed the mac religion by reading an Apple EULA. I fully expect this post to be modded troll and flamebait, although it is intended as neither.
The button is the fourth from the right at the bottom of the iTunes window. It turns off the Mini Store.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Grocery stores can, and DO, track individual purchases. Recently, a fire fighter was suspected in an arson because his card had shown as purchasing the accelerant used in the fire. It wasn't until someone else confessed that he was cleared. The DEA has subpoenaed records looking for people purchasing large numbers of baggies. A large grocery store, in the aftermath of 9/11, turned over to the FBI their entire loyalty database of purchases and purchasers, without so much as a subpoena, to "help find and fight terrorists."
The truth about Scientology, Xenu, and you: Operation Clambake
Telling Apple what I listen to? HEAVEN FORBID IT!
Is it just me or are a lot of people hypersensitive to issues like this? Who cares if Apple knows my playlist? To their servers, I'm just another consumer, they don't have the time/will to sit there and read incoming data, "HEHE, THAT GUY LISTENS TO MICHELLE BRANCH."
Seriously now. There are issues far greater than this that should be stressed.