Slashdot Mirror
UnBox Calls Home, A Lot
SachiCALaw writes "It turns out that to use UnBox, the user has to download software from Amazon that contains a Windows service (ADVWindowsClientService.exe). Tom Merritt over at C|Net reports that the service tries to connect to the internet quite frequently. Even tweaking msconfig could not prevent it." From the article: "So, in summary, to be allowed the privilege of purchasing a video that I can't burn to DVD and can't watch on my iPod, I have to allow a program to hijack my start-up and force me to login to uninstall it? No way. Sorry, Amazon. I love a lot of what you do, but I will absolutely not recommend this service. Try again."
Check out Unbox's 12 monkeys and the special edition DVD with over 2 hours more video.
An Education is the Font of All Liberty
3. Unbox Video Player
In order to download and view Digital Content using the Service, you will need to install the Unbox Video Player (the "Software") on an Authorized Device and agree to the Microsoft Software Supplemental License Terms set forth as an Addendum below these Terms of Use (the "Software License"). The Software may operate on your Authorized Device continuously for a variety of reasons, including the management of your Digital Content. The Software also will access the Internet in order to perform a number of functions including as described below:
a. Software Upgrades. The Software automatically checks for upgrades, but the Software will not automatically upgrade without your consent, except as provided herein. If you do not consent to an upgrade that we make subject to your consent, the Digital Content may no longer be viewed on your Authorized Device. You must keep the Software on your Authorized Device current in order to continue to use the Service. We may automatically upgrade the Software when we believe such upgrade is appropriate to comply with law, enforce this Agreement, or protect the rights, safety or property of Amazon, our content providers, users, or others.
b. Information Provided. Amazon respects your privacy, and the Software will not access computer files or other information on your computer that are not used by or otherwise related to the Service. Among other things, the Software will provide Amazon with information related to the Digital Content on your Authorized Device and your use of it and information regarding your Authorized Device and its interaction with the Service. This information will enable Amazon to manage rights associated with the Digital Content, allow Amazon to help you use the Service more effectively and otherwise help Amazon to enhance and improve the Service. For example, the Software may provide Amazon with information about the Digital Content from the Service on your Authorized Device, whether it has been deleted and whether it has been viewed. The Software may also provide Amazon with information about your Authorized Device's operating system, software, amount of available disk space and Internet connectivity, such as whether your computer or other device is available online. This information will, among other things, help us deliver Digital Content to you more efficiently and effectively. The Software may also provide Amazon with information about the transfer of Digital Content to portable devices to help us ensure compliance with our rules concerning portable devices.
c. Removal of Software. If you uninstall or otherwise remove the Software, your ability to view all Digital Content you have downloaded to the Authorized Device will immediately and automatically terminate and we reserve the right to delete all Digital Content from that Authorized Device without notice to you.
I am tired of seeing companies, whether it is open source or not, offering services that bury unforseen privacy violations within them. There are responsible programs like (on Windows) Winamp and Windows Media Player and even (on *IX) pine, which inform you that it is going to be sending usage information back to home base, with an option to decline such activity.
Some of the software is so sneaky as to masquerade as a legitimate SSL requirest, so even a network administrator has no clue whether or not the information coming out of their network does or does not contain proprietary information about the network's users--and you are left to the "trust us" language in the EULAs with no proof that the data being sent is benign info.
Where is the EFF on this???
please correct me if I'm wrong but other then the intial authrorization, I think the only phone home that itunes does is to plug things for the mini-store advertisments at the bottom of the page. ANd you can turn that off. I don't think it runs services that phone hope besides the application itself. Perhaps on windows it's different than on macs?
Some drink at the fountain of knowledge. Others just gargle.
Lots of spyware requires a net connection to uninstall. This is just more spyware. It won't be long before Windows itself requires a net connection to run. WGA is mighty close to that. Claria(or whatever they call themselves now) is alive and well. People who buy new machines won't notice and won't care. It's all good news for the phisherman...who will be hanging out at your local landfill where your machine will end up when you get tired of waiting ten minutes for it to finish booting up. For now the best way to protect your system is to use a live CD.
What?
I don't believe that the services that iTunes install phone home (although I could be wrong), but iTunes does indeed install a service that runs all the time (ie whether you're using iTunes or not). This is the "iPodService", that is described as being "iPod hardware management services". If you stop it, iTunes restarts it. If you set it to disabled then run iTunes as an admin, it sets it back to manual and starts it. At install time, it's set to automatic - ie it runs when Windows starts.
I wouldn't mind, but I don't own an iPod and so for me this is just a pointless waste of resources. Imho there ought to be a config option to allow you to specify that you don't have an iPod and so won't be needing the service, but it appears that that was too much to ask for.
It's official. Most of you are morons.
Amazon is clearly catering to a single party -- motion picture copyright holders.
I've outlined my opinions here (warning: web site plug).
But it's pretty simple. Costs too much, doesn't provide value, intentionally confuses customers, and doesn't support the right hardware.
If this software has blatant spyware in it, I wouldn't be surprised a bit.
Well at least the author of the story managed to get the video to play. I downloaded "The Enterprise Incident" and have not successfully been able to playback the episode in its entirety. At the 4:12 mark, the window goes black and the progress bar goes to the beginning. Amazon "support" has not been helpful at all. A Motley fool poster seems to have a simlilar problem. The Progress Bar doesn't work to jump to any point in the video.
The Unbox player may not be necessary to play back videos purchased through Amazon. It might just be a "wrapper" around WMP. I was able to play back the episode directly through Windows Media Player, and it stops at the 4:12 mark as well, but with an error message: "Windows Media Player cannot play the file. The Player might not support the file type or might not support the codec that was used to compress the file." Which is kind of an odd error to get in the middle of playback.
At least I didn't pay for it.
You don't need Congress to persuade you to not choose to run spyware. A little self-discipline will be quite enough.
Say all you want about the inevitability of DRM and the media companies' requirements for it, but one thing is for sure: DRM-compliant software is always (there has never been an exception) intended to serve someone other than the user. You can candycoat this ugly fact all you want, but if you choose to run a proprietary player because you want to watch some DRM content, you accept that you are telling your computer to do things that are contrary to your self-interest. It's just a matter of whether these things are worth it or not. Take responsibility for this choice instead of crying to Congress. JUST SAY NO is just as viable an option for spyware, as it is for cocaine.
If you want to cry to Congress because making choices is too hard for your delicate psyche, then tell them to change copyright law so that protection doesn't extend to DRMed content. Then the media companies, instead of the pathetic users, will have to make a choice: put their trust into the law, or put their trust into technology?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
These companies typically lose money because the consumer realizes that their products aren't worth the price. Also, any bill related to this would have to be far too technical for congress to wrap its head around, resulting in something either ineffective or harmful.
Spyware, adware, DRM tools, exploits, viruses, worms, trojans, rootkits, etc.... I LOVE THEM. Why? Because malware continues to keep the masses informed about the dangers of software and that nobody... not even big companies (e.g. Sony, Microsoft) should be trusted to release "good" software let alone "bug free" software. The more people get burned by malware, the more likely they are too research a piece of software before they install it. Keep the malware coming!
>Imho there ought to be a config option to allow you to specify that you don't have an iPod and so won't be needing the service
funny that you're complaining about a few kb of memory being used for this, WHILE YOU'RE RUNNING FREAKING WINDOWS.
drop cf. ocean.
From the Fine Article:
I noticed that the Amazon player had launched itself. Annoying. I looked in the program for a preference to stop it from launching itself, and there was none. Typical. So I went to msconfig and unchecked Amazon Unbox so that it would definitely not launch itself at start-up. When I rebooted, it was no longer there. However, my firewall warned me that a Windows service (ADVWindowsClientService.exe) was trying to connect to the Net. I clicked More Info in the firewall alert and found it was Amazon Unbox.
As a Debian user, all of the above is so much meaningless mumbo jumbo to me, but the details are unimportant. It did not do what he wanted it to do despite great effort. He finally figured out that it would pretend to uninstall itself if he allowed the still loaded client unrestricted access to the internet. Without a system audit from an independent operating system, there's no telling if it finally did what he wanted but ultimately the service failed him: this is not a good way to watch movies.
It's crap like that that keeps me away from non free software and non free media. I'm not going to give up control of the machine that gives me my mail and news just to hear a song or watch a movie. It's bad enough that the greed heads force me to watch adverts on rented movies when I play them through a set top box, bad enough for me to one day build a mythTV box. But install spyware on my normal computer or gateway? You have to be kidding.
Friends don't help friends install M$ junk.
I did as you suggested, as I am always interested in what is going on with my network connections. I see the iPodService.exe binary running, and the page faults delta field will flash 117 or 119 every 3-5 seconds like clockwork.
What I didn't see was my firewall having an entry for allowed programs. Maybe it backdoored in with the iTunes.exe or iTunesHelper.exe, but I doubt it. In fact, I looked at the active applications, and while the iPodService.exe was flickering, my firewall reported no traffic. Even locking down everything didn't report that this application was trying to "phone home".
So, what are you saying? I don't see the traffic you are implying is there.
Never buy digital restricted media, ever!
re-reading your comment, twitter, I have to reply again...
That's the way non most non free software works. It's non free because the author wants you to do as they say in one way or another
If you consider gnu gpl software to be 'free software', by your reasoning, than you're seriously mistaken. GPL licensed works have very specific license requirements. If I'm to distribute my GPL'd app, you better believe it absolutely has to include the source code. And, if anyone wants to use it for their own purposes, their works have to be covered by the same license. And I have to include an obvious copy of the GPL license. I'd say this certainly falls under your thesis of DRM being bad because the author requires one to "do as they say in one way or another".
In a way, this is a form of DRM. Digital Rights Management. Use our code, and your code from this must be under our (GPL) license. (The analogy is, use our song or video material, and you must have it licensed by our publisher, etc.)
Consider how GPL advocates cry 'code theft' whenever a company sells a product with embedded linux, and doesn't offer up the source code. Have they really stolen anything? Is this not similar to copying a music cd? Why is a restrictive software license much different than a restrictive music or video license?
By contrast, yes, I do prefer BSD-style licenses. And probably LGPL, though I haven't sat down and read it yet.
And also, I much prefer a license that allows for copying (though with restrictions) to one that doesn't.
All iTunesHelper.exe does is sit dormant until an iPod is connected, after which it fires up iTunes and syncs tracks. There's no "phone home" activity as described in the grandparent post.
"Sufferin' succotash."
iTunesHelper isn't a "useless service." It simply waits for an iPod to be plugged in, after which it starts up iTunes and syncs your tracks. There's no "phone home activity," and you shouldn't be surprised it messes things up when you stop it manually. Are you actually surprised that when you messed with an iTunes background service, it affected the app's functionality?
You don't give specifics for any of your other complaints, so I can only assume you're just bitchin' and whinin' about nothin'. Furthermore, you claim your experience with iTunes resembles the Amazon Unbox experience described in the article. So you're saying you weren't able to play a video without messing with the progress bar, iTunes started up automatically, and you had problems uninstalling the application? Or were you just making a meaningless comparison as an excuse to vaguely bitch about iTunes?
"Sufferin' succotash."
My computer was a Christmas present several years ago, and I rely on the bus partly because I lack a driver's license.
In Fort Wayne, Indiana, the Citilink buses are closed Saturday nights, Sundays, and holidays. The 36-hour figure is from 1800 on Saturday to 0600 the next Monday; the 60-hour figure is from 1800 on Saturday to 0600 the next Tuesday. I asked a resident of South Bend, Indiana, whether the public transportation in her town kept better hours, and she told me that they do not.
My point is that if bus fare + time spent riding the bus to and from a Wal-Mart store is worth more than the price of shipping from walmart.com, I'll pay for shipping.
Be aware that the Windows OS provides hooks to run programs when devices are attached, so there's no reason for a device vendor to have a program always running in memory waiting for the device to be attached.
The reason they put "iTunesHelper" in memory at all times is merely to make their program appear to load faster.
The cake is a pie
i didn't own a car for the last 8 months and live in a major metropolitan area. it takes an hour to take a bus or train to the nearest bestbuy. there is no way to reach a target or walmart except for a taxi for the last 1/2 mile stretch. time is money, it got to the point where i didn't go anywhere but to work and ordered everything online. mass transit is seriously crippled in the us that it's only practical to use for work*
if you don't believe me, try not using your car for a week.
* nyc and possibly chicago excluded
Unbox is implemented with .Net 2.0. Mono is your best bet if you want to run it on linux.
Let me be more clear: Using the correct registry entries, you can make any application run when your particular device is connected, regardless of whether or not it is a "mass storage device". I know this, because I have done this for devices my company makes. It's not a "workaround". It's the Windows mechanism for detecting and dealing with devices. Sitting in memory all the time to do the same thing is the hackish workaround.
The issue isn't that a particular program takes "just a little" memory. It's that every goddamn application vendor takes "just a little memory" and "only one tray icon", etc, etc. It's a tragedy of the commons scenario that files up everyone's machine. Still, if you at least give the user control, that's not so bad. When, like unbox, you don't allow the user to say "no, I don't want you to run every time I boot", it sucks.
The cake is a pie
"If it's sending performance stats...'
NO. It is never OK for the software to connect to the internet without informed consent of the OWNER of the computer. That's where security problems start - an app that isn't talking over the internet is very unlikely to get hijacked. An app that is using internet access without the computer owner's knowledge or consent is far,far more likely to be attacked.
Again, NO. It is never OK for someone to use MY computer to analyze the performance of THEIR software, unless they're willing to pay me bucks to do it. Would they let me login an use their bandwidth and one of their computers for free? Don't think so, why should I be expected to let them use mine? Just cuz I'm not a billion dollar bizniz?
Still again, NO. It is not OK to insert software into my boot sequence without my consent. That's another chink in the armor.
A thousand times, no. It should be just as easy to remove the software as it was to install it - and internet access is not a part of file deletion.
This is very, very much "an argument about substance".
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
That should earn it the Badware Logo.
The great thing about StopBadware is that their guidelines define some actions as making software "badware" despite any disclaimers or EULA terms. "Hard to uninstall" software is always "badware", no matter what the EULA says.