RealNetworks' RealJukeBox Monitors User Habits

kbrown1 was the first one to write to us with the story at the NY Times that RealNetworks' has confirmed that they do monitor some user habits. RealJukeBox is the offending program, and apparently "surreptitiously monitors the listening habits and certain other activities of people who use it and continually reports this information, along with the user's identity, to RealNetworks." RealNetworks' has said that they do gather the information, but "the practice did not violate consumer privacy because the information was not being stored by RealNetworks nor distributed to other companies," according to their VP of consumer products. Other networks are picking up the news - more details should be coming.

Re:Why use Jukebox anyways?

Heh, that's not all. You can choose what encoder you want to use in Grip, and it uses CD Paranoia which works hard at reading through the scratches on a CD to provide the best possible recovery of what would otherwise be a lost song. Then it also uses bladeenc, l3enc, or whatever other 'compatible' mp3 encoder you want to put in there. (I believe lame-enc also now works with it; lame-enc is under the GPL and claims to run faster than blade-enc.) And then Grip also has a TON of customization features to decide how you want the cd's ripped - you can decide the naming convention and what directory they'll go under, etc., etc. Grip is an incredibly strong solution, from CD playing to ripping and encoding. Did I also mention that you can encode at ANY kbps?? :) hehe.

What does "not stored by RealNetworks" mean

What does "the information is not stored by RealNetworks" mean? They go through all this trouble to send themselves the information and then do nothing with it?

Re:so what?

Read that again...there is a free version and you might have a point there but if you purchase the registered copy your logic(??) goes out the window...AND I think it is the underhanded manner in which the info is provided that steams my rice...On the other hand I did not provide them a valid email when I registered anyways so the them track me@home.com...boy that guy gets around.

Re:so what?

Actually, for the example you just gave, yes, it would be great if I didn't have to go out and buy new light bulbs every time one blows out. One blew out just this week in the laundry room, and it would be great if there was so much competition that one of the light bulb salesmen who showed up was willing to install it at no additional cost, if I bought his brand. It's a hassle to get up to the light bulb socket in the laundry room.

You need to stop foisting off absurd propositions like "I'll be by to put cameras all over your house" whenever anybody says it's stupid to worry about a 'surveilence' feature in RealJukeBox that is probably really just flooding the receiving end at RealNetworks with useless information they can't keep up with.

Re:so what?

I don't wonder why some little thug has stolen my identity and rung up $$$$ in false credit charges.

I know that it's because of an unregulated out-of-control network that he stole my information off of.

I know that it's because there isn't pretty-good-security protection in place (the Clipper chip was pretty-good-security: enough to keep common thugs from being able to steal credit card info).

I know that there isn't a security infrastructure in place on the net because various academics and "privacy advocates" block any privacy initiatives that they aren't among the few capable of understanding. (i.e. the show-us-the-source bleating heard regularly)

Re:who uses it?

>It only encodes at 96k, for the free one.

Would you run that by me again? Is this a new "misfeature" I just encoded a 150 kbps "Corporate LAN" video stream yesterday on a month old copy of their free encoder... It goes up to 200 kbps for Cable Modem.

My Opinion: RealEncoder does a pretty decent job considering the bandwidth it has to work with. You can't expect them to release a version for every platform in existence, but they _have_ been good enough to release a player for Linux. I bet with time, they will redevelop their older Linux encoder (yes, one DOES exists, audio only) so it supports the new G2 stuff. But, really, and truthfully, Video4Linux simply sucks. There is no other way to put it. Windows is only better because you can actually record a decent .AVI with most of the video cards out there (as long as it is under 5 minutes, then all hell can break loose). If Linux would work properly with my Matrox Rainbow Runner, I'm sure it would have no problem recording for hours on end... But it doesn't (if it does it, decently, with MJPEG recording, on libc 5, please tell me...).

So with a sucky Video4Linux, I think it's gonna be difficult for Real to make up an encoder... They'll have to support every strange quirk of every strange card, whereas Windows at least tries to take care of this. I mean, why does bttv only work on Bt cards when if Video4Linux was truly generic it should display a live picture from a Quickcam...

But hey, that's only my opinion, and it may not be right (please, correct me without flames). Don't take my post as the truth, either, if you are new to Linux. I suggest you make sure about this information for yourself (it may be incorrect/dated).

Re:who uses it?

Yeah, my bad. But in this case, you are lucky you can encode at all for free. The MP3 patent says companies are supposed to pay royalties on encoder sales...

Re:privacy invasion

I'm totally gung ho for this anti-RealNetworks initiative. RealNetwork stuff sucks. Windows Media Player rules. Boycott RealNetworks. Install Windows Media Player. Yay!

Re:I hate those. :)

1) You apparently haven't spent much time honestly looking at the Windows registry. There is a lot of crap in there that just wastes time.
My dad's K6-2 400 takes 7 minutes to search the registry top to bottom. Also, if you look, there are often remains of crappy software you deleted (Like trial software that leaves droppings in the registry to avoid you uninstalling/reinstalling to get around some time limit). The registry is full of shit, and it's really a lame stance to just throw stones at people who won't stand for it.

2) Fuck off. Windows barely crawls with 80 megs of RAM and a 66mhz processor. My Apple IIgs runs excellent on 4 megs of RAM and a 2.8 mhz processor. And Windows crashes within a week of running constantly - Linux and my Apple IIgs can run indefinitely.

3) People don't lie about what Windows does. They don't have to. In all reality, the operating system fails because of poor design. Corners are cut where they shouldn't be, and shit is added where it's not needed. I'm not going to say Linux is perfect because it would fuel your stupid argument. It isn't, but that fact doesn't justify your argument. It aint hard to fix relative to the (grr) registry.

Re:privacy invasion

If anyone knows of any alternative media software for Windows please post their links, thanks.

Here's your link. http://www.microsoft.com.

Download the Windows Media Player.

For MP3 encoding just go to any site where stuff like that is available. www.mp3.com would be a place to start.

What about Shockwave?

Macromedia performs similar data gathering using Shockwave. They seem to be hiding this fact because in their main privacy statement they do not mention it, however it is documented elsewhere on their web site. See the URL
http://www.macromedia.com/shockwave/sw7install/p rivacy/
for details.

M$ exposes you privacy and security, too.

MS does do this. They put 'meta-data' into their Word documents, which when transferred over the Internet reveal personal information about the author's computer.

An MSAC wanted to silence this issue. It's true.

You can read about it on M$'s own site: meta-data

What does M$ call Word inserting user's data from their hard drive into saved documents?

the Office 98 Unwanted Data Issue

Monitoring is the issue.

Something like RealPlayer ... I don't believe there is any "right to privacy" either implied or expressed

Actually, the right to privacy is expressed outright in the RealPlayer licensing agreement which does not disclose the current abuses Real is getting flak for. Microsoft does the same thing with it's products, though. They outright will lie about security/privacy issues until such issues have been fully exposed in the media-at-large.

Re:Cookies harlmless too & never block banner ads!

Actually, they do enhance your life and make it better. They give you something to rant and rave about, and that seems to be an important part of many of your lives.

Without something external to hate and be enraged about, you'd have to look at yourselves and wonder why you're such a loser who spends the entire day poking around on your computer. Then the resulting self-hatred would consume you.

So every evening when you kneel down at your porcelain statues of Linus and Saint Richard, thank the Kernel that you have something to hate.

Re:so what?

Yeah, but all except for 800 numbers (which you can call from a payphone for free) can be blocked with *67 (or whatever is the per-call blocking service in your area). If you don't have *67, you need to protest your phone company louder.

BTW: Nice try America's Most Wanted, but private your conversation is NOT should you phone their 800 number. If you do this, they know where you are calling from, and possibly where you live, and your name. Not too confidential if you ask me...

Re:privacy invasion

Who says they arent collecting it and keeping it? Them?! Haha, if you believe that.... First its all secret, now its "we arent storing it" - if not, then why bl**dly collect it in the first place. Of course its being stored!

Re:Hmm.. just checking, but..

Market studies have probably been performed, and Radio Shack discovered that by filtering out the paranoia freaks who positively quiver with fear about giving out personal information, they root out 75% of the anal-retentive types who are most likely to return the stuff they buy (broken and half used).

Re:so what?

+2, flamebait?

thats like when i was in school i'd get 1 (out of five) for effort and an A for attainment :)

Re:so what?

The jukebox has no clue who played the songs... And look at the difficulty involved with tracking down who played what (with all the info that Real requires):

#1. Install spy camera pointing at jukebox.
#2. Connect computer up to jukebox to record time information and song selection.
#3. Review tape each night, printing out a copy of the pictures of people, and the songs they played (matching the time of the pictures to the time the song was played).
#4. Send the pictures into the police or a PI to find out who they are.
#5. Look in the phone book for their address/phone number.
#6. Phone the person and extract their email address out of them.
#7. Sic a PI on them to check out what they play at other jukeboxes.
#8. Collate all this information into a tight package.

This would take DAYS, even for a single person. It ain't worth the effort, unless they are a known criminal. This is _also_ known as stalking. That is quite illegal in most places. Whereas with Real, it is "as simple as the click of a mouse on the submit button", without the jail time.

RealJukeBox Monitors User Habits

umh.. does anyone have a sniffer trace of these events?

gunderwo@hotmail.com

Re:so what?

my local pizza joint does this. its great. i can come home from the pub, pick up the phone, mumble something barely incoherent about pepperoni, and viola! tomorrows breakfast...

Re:Surprising?

And equivalent open-source clients will all basically wither away because if revenue can't be generated from their use and the bandwidth they consume.... well... there won't be any free bandwidth available to them. That day is coming, mark my word.

Okie dokie then...

That's it. Since it's obvious now that all standards of decency and respect for individual privacy are now just so many amusing concepts from a long-dead past, I no longer feel bound to respect them anymore myself. Since it's also obvious that corporations and the evil minons running them don't give a rodent's rump about anything but making money in whatever way possible, then they must be stopped -- in whatever way possible.

I propose to do this in accordance with my own sense of style, and take over the world. Look, it's obvious that that's what everyone is trying to do already in various sneaky ways like this Real piece of crap. So let's just forget the keeping-it-secret part and fight it out for the big prize: ruling the world. You may all feel free to submit immediately, or fight me (at your peril, of course), as you see fit.

After I take over the world, no one will be able to invade your privacy ever again, and if they do I'll kill them. Well, I'll be able to keep tabs on you, but just to be sure you aren't plotting to overthrow me or anything. I sure as heck won't care what you're listening to or who you're screwing.

I'm sure it will be a much better world. And if someone else defeats me and they rule the world instead, I at least hope they'll have those numnuts at Real be the first against the wall, to get what's coming to them.

(moderators: this is humor... remember that? /. used to have humor -- before you got your tiny bit of power.)

Re:Block REAL and everybody else (OT)

Hey, for us ultraparanoids out here, can you post your list somewhere? Might be amusing! :-)

Re:Hmm.. just checking, but..

A pre-checked checkbox is kind of like a "pre-signed contract", giving you the _option_ to tear it up. I don't think it is right to _assume_ that the person wants to give up their rights, they should be asked if that is the case, ie. A default 'no' checkbox.

It's really all a matter of courtesy. How many people like shopping in Radio Shack / Tandy when they have to give a life history to buy a $2 battery? You could always say no, but then the guy at the counter gets in trouble. You are, by default, assumed that you want to give Radio Shack this information. It's quite uncomfortable, if you ask me. I enjoy looking at their wares, but only occasionally buy things there... I just don't like having to tell them who I am... It's sorta strange... (maybe it's just me and my paranoia, though.).

Re:privacy invasion

That goes for me also. Audio isn't that important to my web browsing anyways. I'm going to uninstall real software.

If anyone knows of any alternative media software for Windows please post their links, thanks.

Thanks Slashdot for helping us out with issues like this. I'd love to find out about any other software distributors who try invasions like this ---then I'll simply stop using their software.

Burn all Real software day?

Re:so what?

>not all of us who read this site are brainless sheep. i am disappointed.

What, you found out that a few of us know something? Sorry to dissapoint you, too...

(I couldn't resist. And no, I'm *not* saying you don't know anything, so don't assume it [please]... And the Flamebait moderation of your post is hopefully out of character with normal slashdot operations.)

Real doesn't give a damn about consumers

1) They've been kissing recording industry ass for a long time. Do you remember how anti-mp3 they were for the longest time? Only after the recording industry failed to defeat Diamond Multimedia in the Rio case and after Winamp became so popular did they reluctantly being to support the format.

2) They have been spamming the world so aggressively that they almost got RBL'd.

They just don't give a damn about you or me. I would stay away from their products and let them go out of business along with the big record companies they are beholden to.

Re:Is anyone shocked to here this?

a=1
b=1
c=1

Re:That's not all...

scattering?

what, like bookmarks in your bookmarks dir, icons on your desktop, and startup items, in wel... err.. startup, perchance?

I've been blocking packets to real.com.

Ever since I installed real audio I knew it was sending something back to real.com, even when I went into real's setup and disabled all that 'send statistics to real' stuff. And since my windows box (the only one with real audio) in connected to the net via te linux gateway on the cablemodem, 'twas easy to have ipchains drop all packets bound for any subnets owned by real audio. The player still ran just fine (I guess it didn't want to visibly complain that it could no longer spy on me.) and sure enough the ipchains logs show that the *.real.com packets are being caught and dumped.

Well, a big "FUCK YOU" Real, and a tip o' the finger to ya! Tracking me ye shant no more.

Re:Is anyone shocked to here this?

There is no such thing as a free lunch.

Agreed.

There's no such thing as a free lunch. There is also no such thing as free bandwidth. Models are still in development for how bandwidth will be paid for. If the net continues to develop along the lines of e-commerce, and proprietary multimedia protocols (RealPlayer, Windows Media Player, etc.) it will remain possible for a revenue stream to exist to pay for all the infrastructure.

Throw it all wide open with free protocols, open interfaces, and an anybody-can-grab-the-content-without-giving-anythi ng-back attitude, and the infrastructure becomes commercially infeasible to support. The real life 'superhighway' is paid for with road taxes. So shall the metaphorical electronic one. Unless people REALLY push for privacy. Then the subsidized model will fall down, commercial investors will disappear from the scene, and we'll all be getting paid accounts on Compuserve Brand I, Compuserve Brand II, or Compuserve Brand III, etc., depending on what we want to pay, and to which owner of which segment of the privatized net we subscribe.

Linux and the free software projects will wither on in a bit-taxed and privatized environment. Nobody will want to subsidize the bandwith needed for people to develop collaboratively, email lists will begin to cost too much to maintain, and Usenet will wither and die. By allowing companies like RealNetworks to mine information to compensate for the cost of things, we allow them to get a return on the money they put into infrastructure. You pay the piper one way or the other. I happen to find it an interesting topic to ponder, but will get by no matter how things go over the next few years. I've already thrown away Linux as a desktop OS (I ran it as my sole desktop at home for about a year- Slackware, thanyouverymuchy) and gone back to Win98 (but am thinking of putting the BeOS 4.5 that I paid for awhile back into use again).

Re:Real Networks and privacy.

RealNetwork should just lock things down a bit more. Require registration with a valid email address, and then require a reply from their query at that address to enable their software. That would do two things:

1. Give them a far more valuable customer list of legitimate people.

2. Get rid of the scofflaws who use their software without giving them anything back in return.

It makes good sense to me.

Re:I hate those. :)

Yep.

1. Dig around in the registry deleting things that appear they might have something to do with whatever you are trying to disable. Translation: delete at random anything you don't understand.

2. Cry like a little kid about how "Unstable" Windows is on your system.

3. Install Linux. Begin telling all your anecdotes about how unstable Windows was, and how it never seemed to work well, and you had to spend so much time futzing around with it, etc. etc.

Kish is a troll (and wears pantyhose)

And here's why, copied straight from his post in the "Spammers Killed" story:

Kish>For once.. (Score:4, Insightful) by Kitsune Sushi (kitsune@darkink.com) on Saturday
October 30, @09:07AM EST (#26) (User Info) http://www.darkink.com/~kitsune/

Kish>..I actually find myself wishing for some more moderation. Honestly, anyone who's doing
some moderation today, please take a moment to read this: I really don't need to hear anyone
making cheap jokes at the expense of a couple of dead people. It's not funny. It's not cute.
They're dead. Those were human lives. No one deserves to be murdered (this becomes an
arguable point when it comes to the legal system and the death penalty, but in those cases the
offenders have committed murder themselves, and as much as we all hate spam, it's not murder),
and all of these tasteless jokes would be appropriately tagged ``flamebait''. Anyone who really cares to read all these sick, tasteless gestures can lower their threshold to 0 or less if they haven't already. I for one did not need this to ``brighten'' up my morning.

You got what you asked for so arrogantly (the moderators here drink too much, you got a 4 for
that bleeding heart PC bullshit). Now you are complaining?

Man, get a life + go to hell! And I can say that without insulting you since this is an AC post, your .sig tells me you will ignore it.

Re:RealPlayer alternative for Linux?

Who pays for all the bandwidth to run live coverage of this party in Finland?

Within a few years the people using the bandwidth for said purposes will, instead of the taxpayer.

Then you can kiss free Linux goodbye.

Re:connected (proxy) host by RealJukebox

>Second, I saw posts talking about different sampling rates (96k max vs 150 and higher): folks, be sure you're talking about the right thing. There's realJukebox (this little flap) and realEncoder (for encoding a/v content only). realJuke (freeware, anyway) has a max encoding rate of 96kbps; realEncoder can be set to do any rate (a/v combined or separate).

Whoops (my bad), I never knew you could encode with realjuke (perhaps I should download it and try it). Although I figure you are lucky you can encode at all. BTW (offtopic): You can do both/either AV with RealEncoder. The free G2 version does limit you severely as to what rates you can use, but over 150 kbps is supported in some different modes.

BTW: If free realjuke can encode MP3 (my guess... I'm not sure) you are lucky you can do it at all considering the $15 a copy patent on MP3...

Plus, why the hell would you want another different CD player for Linux that you had to _pay_ for? Doesn't workman have enough options for you? >;-)

Cookies harlmless too & never block banner ads!

After all us pesky lusers sticking up for our privacy, are making it hard for these poor selfless and altruistic companies to humbly serve us and to just make enough money to feed their starving families. They only have our best interests at heart. They're here to help us and make our lives better. Why do we resist? They wish only to improve quality of life.

Resistance is not futile.

Re:Fake post? + Moderation SUCKS...

Now this is interesting. Due to slashdot screwups (waiting many minutes for submit response pages, or incomplete submit response pages) I posted my article THREE times. But this fourth must be some kind of fake... I never even put in the pantyhose comment in the title.

Now, to get to business, my post was **obvious** flamebait (as all 3 were marked), since it:

a) Debunked the moderation system.
b) Flamed an obvious troll, including the words from the trolls mouth
c) Presented a clear and good argument for the above
d) Made a comment on the insulting signature on Kish's post

Sorry, I'll shut up and keep(censor) my opinion to myself next time.

Re:News.Com Story

Geez; so in a hurry to get first post (and you missed by one) that you couldn't take five seconds to put A HREF tags around that URL?

Re:It's "free"

Remember that tcpdump, lsof, strace, truss, etc. are your friends. You can determine if a program is doing anything funny, and then block that domain with ipchains. Maybe the average user needs capabilities in the OS, to deny software access to the internet that doesn't need it.

I Agree

And if you are concerned you can always spoof user data I guess.

Like if companies didn't monitor customers habits
you would all be driving around in Edsels or something.

Bha, only anti UN militia ppl should be interested in news like this.

Re:I Agree

> Like if companies didn't monitor customers habits you would all be driving around in Edsels or something.

The Cuban government and I'm sure companies for the Cuban government monitor their citizens under a tight lens, and many Cubans drive Edsels (along with sweet '67 Chevs, etc...). It's like taking a break from time when you go on vacation there... :-)

Block REAL at your router.

I've noticed long ago that a disturbing percentage of software packages (like real's players) perform clandestine surveillance on your machine and ship the gathered results back to certain addresses on the Internet. As a result, I've come up with the most hideous monster set of filtering access lists on my network's cisco router and log _everything_ that flunks the filter. You'd be surprised to see which vendors' packages like to do the "ET phones home and reports his whereabouts" thing. One particularly spooky destination site that I trapped in my syslog was an IP address belonging to the US military's Bambergnet. I still haven't tracked down the exact software package that did that one, but it was something running on a big name-brand commercial unix machine with hundreds of users and several commercial database apps.

Go read the RFC!

RFC1889. Read the part about the RTCP control protocol that goes along with RTP (which is the data transport protocol being used).

This is the same info that gets sent when you join an MBONE multicast... quite inconsequential. In the MBONE case it gets sent to all the other viewers as well so that you have a list of who is watching.

Real's client lets you turn it off, too, if you want to, from what I can remember. Dumb dumb dumb.

Re:Please. Constitution Does NOT GRANT rights.

If you read the Declaration of Independence you will see that Jefferson and of course myself believe no one GRANTS you rights. Human rights are inaliable we all have them always. Sometimes other people violate these basic human rights, that is illegal under whatever diety, and immoral.

Re:so what?

Uh, your visit to the Slashdot webmonitoring page shows you need more Depends(tm) - the leakage from your brain is getting all over the rest of us. Get a clue - it's morons like you that are quoted when politicians say "I have not met a taxpayer with privacy concerns." And then you wonder how someone has stolen your identity and rang up $$$$ in fake credit charges in your name. Rest assured, you don't speak for the rest of us.

Re:so what's fair?

I'm seeing posts that are unfairly bashing RealNetworks because they are assuming that this information is automatically being stored in its full, verbose complete form and tied directly to your name and address, which isn't necessarily the case at all.

Mebbe so, but since Real (1) wrote the software to harvest the information and (2) sold it without revealing that it was doing so, it seems just as fair for people to assume the worst and bash them about it. They didn't tell the truth before (yes, "neglecting" to inform purchasers is failing to tell the truth), so why should they be given much benefit of the doubt?

From the article:

"David Banisar, a lawyer...who specializes in internet law, said that RealNetworks' surveilance practices could violate various state and federal statutes..."

That's not lack of courtesy, that's lawbreaking.

Oxford explains it

Isn't Real Networks the company that went
bankrupt because they had shit codecs, did
spying on their users' habits, pissed alot
of people off with their obnoxious Netscape
bundling 'features', and last because most
audio-centric services back in those days
used the free Icecast streaming system? What
year did you say this was?

MS bought alot of progressive codecs lately,
MPEG4, AAC, and rights to use MP3. Ouch.

BULL! It's Criminal Tresspass!

They are gathering user specific information (GUID) and they are monitoring hardware and software that is not or was not created/built by them, and sending detailed reports to themselves, without the user being aware that their security is violated! They are tracking any music you make copies of, from CD-s you own. They are tracking music in file formats that are not their own and reporting them to Real. They are searching your computers Hard drive without permission or Warrant. This is being done over phone lines, so it is also Wire Tapping!

Re:Is monitoring really the issue? I monitor my bo

These YRO pieces are frequented by privacy "activists" (a.k.a. whackos),...

Don't you think you're being a little hard on Hemos? He tries hard, but it's rough sometimes.

Re:TRUSTe

Unfortunately, I agree. TRUSTe has zero integrity. But what do you expect? Since it charges large companies more, they are naturally more valuable to them. They would have no problem ripping apart some small company and kicking them out since the loss to them would be tiny. But for a large company to use the TRUSTe seal is a sign of prestige to TRUSTe so those companies will never be punished. I've already uninstalled the RealNetworks software from my computer and will be doing my best to avoid TRUSTe sites as well. I hope some smart entrepreneur can come up with an alternative private sector policing mechanism for the Internet - otherwise we in the USA will start looking at the European privacy regulations with envy.

B U S T E D !!!!!

[little kiddy mode]
Oooooooh!!! Busteeeeed! Slashdot gonna telllllll! Boy RealNetworks you are soooooooo busted! They gonna gitcha fo' that one!
[/little kiddy mode]

'tis nice to see Big Brother scurrying to escape the light of day yet again! :)

Re:so what?

So if I sell you a car and "fail to mention" that it's been in a wreck and rebuilt from the ground up, it doesn't "automatically" mean that I'm trying to keep it a secret? In most states, that's fraud.

Sheesh!!

Deja-vu

This instance seems very familiar to a little issue a company called Blizzard had a while back. Something about collecting information on their user's to resolve a conflict in a registration key for StarCraft on Battle.net. Now, in that case, there was a class action lawsuit filed against Blizzard for creating what legally was a computer virus (in StarCraft). I remember reading the law, and it's actually surprisingly clear on the issue. Any program which does something potentially damaging without the user's knowledge or consent can be considered a virus in a legal sense, if I recall correctly. (I don't remember the outcome of the case... knowing our legal system, it's probably still pending.) Well, this seems like another clear-cut case. Someone should just sue them for, say, a couple hundred million in a class action suit (on behalf of everyone who's privacy rights were violated). I don't think it'll work as a general message, but we can always hope. And maybe after 10 or so such cases, companies will start thinking twice. :)

MODERATORS!!

Moderate him up, dammit... this is very, very, VERY informative and empowering. I learned a lot more from this post than from everyone else's... *sigh*

You all are a bunch of friggin morons

This is about Real SCANNING your hard drive to see what you have on it.

What I have on my harddrive is none of their business.

If they want to keep logs of who accesses their server, that's fine because that is their property.

My computer, however, is not their property. They have absolutely no right to look at it, scan it or defrag it. In fact, I hope Real faces a big fat class-action lawsuit for trespassing, invasion of privacy and computer hacking/cracking. They installed a trojan on my system to give them information. That sounds like a computer crime if I have ever heard of one.

Also, who's to say what exactly they're scanning for? Maybe it's a way to steal business plans and source code off of competitors. How would you know?

What if this was the government that installed a trojan to "ensure that we can more effectively meet your needs". Would you trust that line?

It basically comes down to unauthorized access. Real does not have my permission to access my computers. Therefore any such access is illegal and should be punished to the greatest extent of the law.

Why use Jukebox anyways?

Go get Grip at http://www.nostatic.org/grip/ instead.

1) It has all the possible features of the best Windows mp3 encoders and CD rippers
2) It's under the GPL
3) It uses freedb.freedb.org as its CDDB source and repository.
4) It's also a CD Player; it has 'gcd' built in. :-)
5) Grip doesn't download music from the net, but interfaces can be designed to this end; mpg123 can download and play mp3's off the net. Gitwiddit.
6) You don't have to register Grip.

Nobody would be complaining about Real Jukebox if they had been using Linux, where there is a real (heh) software solution, made under the GPL. Which isn't to say some of ya don't boot into Windows at times.


PS I'm not anonymous and I don't register. You can contact me as Steve Chaney at gunhed@earthlink.net. Ciao!

Copyrighting our lives...

I want to know if we can copyright our personal information. Why not? We created it. We wrote it. Do we not have ownership of the things that make up as indiviuals? Why not license your info out.

How about insisting that your life is performance art, and thus a product that's copyrightable? I'd cary around a little (C) marker pad if necessary in this case!

I'm very interested in this, but if it is shown that you don't enforce the copyright i certian circumstances, will the copyright become null-and-void?

Re:Copyrighting our lives...

[menudo]

Exactly! And what implications might this have on other things, like cloning? Why can't I be allowed to copyright my DNA. And if you think that's crazy, look at what ppl are getting patents for now.

Re:so what?

Yep.

And if RealNetworks starts selling used cars I'm sure they'll take note of the law.

Re:so what?

>IMO if you have a "right" to view information on someones web page, the owners have a "right" to maintain a profile of visitors and visitors haibits.

Feel free to tell all your book reading history (including the Porn books/mags, and The Anarchist's Cookbook ;-) along with how often you read said publications, plus where and when, along with your name, telephone number, email and real address to the company who printed the next bill (for a lewd comic stripshow) posted up on the next constuction site you accidentally read while daydreaming (this happens all the time when you wait for a bus...) to support your theory then. This is EXACTLY what RealJukebox is doing, getting targeted third party information.

Now THAT'S a sentence! :-)

BTW: I don't assume you read porno mags, or the Anarchists Cookbook, but I'm sure there is something you once read that would embarrass the hell out of you if you had to tell it to the world, so I had to make do with a wild guess... Sorry For The Inconvenience.

The problem is lack of permission

[Bill+Henning]

If the RealPlayer Jukebox put up a dialog stating what information it was going to transmit, how often, and for what purpose AND ASKED THE USERS PERMISSION at least during the install, there would be no problem.

The problem is that they are collecting user data / actions (and who knows what else) WITHOUT THE USERS PERMISSION.

Re:Real Networks and privacy.

[strredwolf]

It's clear that people feel more strongly about pushing RealNetworks into adopting this policy, to the point of using the RBL to declare them spammers, and that's fine. I don't disagree with that stance, and I hope they're successful. But I don't think RealNetworks is particularly evil one way or the other.

I agree with you there, but the MAPS RBL team gave them a timeline to respond back with ideas on how to secure their servers (see the Deja News articles. Nick Nichalous(sp?) is the one to look for). They didn't. Nick ran out of patence and threw their servers in the RBL.

One side point: Real Networks threatened to sue MAPS LLC (owners of the RBL) over the listing. However, like other spammers, they didn't follow through. The tactic wouldn't of worked, from what I read, due to property issues and a few RFC's that are on the spam topic.

---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack

Re:Real Networks and privacy.

[strredwolf]

I realize RealNetworks puts ads out on their various pieces of software, which is perfectly fine (that's the price to pay for free software), and as far as I know, the RBL deals only with spamming-related issues.

When you get it, but not ask for it, it is NOT fine. Period. For example, I asked for mailings from Palm Computing. I did not ask for Real Network mailings of any kind (which it says so many places but one).

A Deja news search gives you the whole story, but just for the heck of it, Wired did a few stories on it: Is RealNetworks a RealSpammer? and RealNetworks Blacklisted Again . I also talked with the author before the last story about the "RealSpams" I got (and I remember not giving concent to 'em).

---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack

Re:registration

[gavinhall]

Posted by cookieman.k:

That's right, a lot of people enter bogus in every registration form. It's not right that they colect information about you. It's like when someone is mumbling through you pockets. Who likes that ? Lets focus on the subject: I think that information that usualy get colected can be used to harm that person. Given the potential we must assume that this will (ocasionaly) happen. That "register-and-gimmi-your-name-and-address" is only an excuse to invade the peoples privacy. There's a conspiracy going on. They could design some local-stored-informacion-colection thing. But they dont want to. I'm sure they are using the data sent to them for some sort of statistical analisys. Who knows ?

1. I'm getting paranoid....

Stroring anonymously

[Chacham]

If a company stores information, who cares? It is only when they identify it as you, or use your email address. Tracking the habits of non-identified users is not too much a problem.

I think the part that makes it offending, is that in the aura of society today, everyone says we're open, and yet we always think conspiracy. Noone ever does anything for altruistic purposes anymore. Everyone is sinister. And therefore everything must be held by contract, or mutual trust.

As mentioned elsewhere in these comments, they did it without telling anybody. And now they telling us not too worry. That makes me worry the most. What boggles the mind, is that Real Networks is a company, but as most companies, they are made up of people. Do these people need to justify it to themselves first? Have these people ever cared? Or do they believe that what you don't know can't hurt you? Without OSS everywhere, I'm glad this guy tracked this down.

Re:RIAA subpoena enroute

[Fastolfe]

Wow, you're right.

And your ISP is probably logging all of your web IP packets so they can compile lists of your favorite porn sites so they can sell that to X-rated marketers, cause that's pretty valuable information..

And your local supermarket is compiling a list of the types of condoms and personal lubricants you buy so they can run it through a neural network processor and figure out which of its customers are gay so they can sell the list to marketers who specialize in homosexual literature and products.

Theoretically these things can happen, but they don't.

BTW, if it wasn't interesting, why would Real bother collecting it? So they could see how many people liked country? Come on...

Yep. I assert this is precisely why the information is useful to RealNetworks. If client #341481234 signs on and requests a new advertisement from RealNetworks to show in that nifty little advertisement banner, RealNetworks looks up client 341481234 and discovered that there's a huge preference for country music, so they're a lot more likely to select a country music-related advertisement than a techno one. This falls totally within the logical framework of RealNetworks and their posted privacy policy, their repeated statements about this entire issue, and their past behavior. The whole storing of personal information stuff was all made up by Slashdot posters and is in no way based on the facts.

Re:RIAA subpoena enroute

[Fastolfe]

Hmmm, perhaps to compute top 10 CD lists by various demographics

You don't need to store the association of a preference for a particular CD with a particular user. When a user plays a certain MP3 or CD, if it's a popular one, it would likely just increment a popularity counter. No sensitive data would need to be stored in this case.

To be able to perform this retroactively when they have a new demographic they want to check.

Perhaps. I won't deny that this is a potential use, but it seems to me that there would have to be a tremendous amount of work building such a database for gain such as this. Plus, it runs counter to their posted privacy policy and is precisely the PR attention they'd rather avoid (see current issue).

Having all the specific data is lots more useful than just having some aggregate numbers.

I disagree in this case, not that it isn't useful, but for 95% of their marketing needs, aggregate statistics suffice perfectly. It doesn't seem logical for them to take such a huge PR risk and devote so much time and money to creating a database so as to squeeze out that last bit of information.

There is every reason to believe that companies will keep as much data as they can, simply because it's cheap and it could come in useful someday. Why not keep it?

Precisely because of the issue this thread is bringing up. People don't like it. Companies like RealNetworks can afford to hire lots of legal and PR folks. If the company is steering towards a policy that, if made public, would make the company look INCREDIBLY bad (as all of the examples you indicate would do), these paid people would step up and say, "Umm, no that's probably not a good idea."

Not only do they have to avoid doing stuff like that, but now they have to worry about the impression everything leaves on people. You can bet the PR folks at RealNetworks are smacking their heads. They simply did not anticipate the public outcry against what they were doing, and don't know how to get the public to understand precisely what it is they were doing with that information without the public saying, "Well, you could be lying! We never trust evil corporations, and if everyone says you're evil, then you must be evil!" The privacy activists have made up their mind that RealNetworks is storing every little detail about the stuff you listen to, are planning on selling that data to people like RIAA and are generally trying to wreck your life like every other company they've shouted "Boycott!" every few weeks at, and RealNetworks is stuck with the burdon of proof. It's truly a sad state of affairs, and it's precisely this sort of knee-jerk reactionism and total faith in the mass media and your fellow privacy activists that causes it.

Re:Is monitoring really the issue? I monitor my bo

[Fastolfe]

I wasn't talking about Hemos at all.. I just meant that the YRO section was frequented by a disproportionately large number of right-wing extremists.

Re:so what?

[Fastolfe]

And if I fail to mention that I use monosodium glutumate in my Gumbo, am I committing fraud?

Am I negligent by not disclosing the fact that the toilet paper in my office restroom is made from less-than-100% recycled material?

Is it illegal for me to forget to mention that there are security cameras in my department store?

Let's keep the analogies sane, please.

Re:so what?

[Fastolfe]

Let's say you have a hypothetical company. This company wishes to distribute free software and collect statistics about the nature of each user so you can target banner advertisements at them and generally give them good music selections when they ask for recommendations. So they come to you, ask you to design the system (disregarding any 'ethical' issues that you may have about collecting this sort of thing). Everyone knows that it'd be a big violation of privacy if they monitored and stored information about each MP3 and CD, and the resulting PR mess would be horrendous indeed, so you're instructed not to save this information and just try to make some associations about the genres and related music.

So you go off and implement it. A while later, somebody discovers that this information is being sent back to your back-end system and starts throwing privacy fits.

1. How would you explain to them in a believable way that you DID make every effort to ensure their privacy?

2. Since they didn't believe your answer in #1, what would you do to try and get your clients' trust back?

3. Would you have done any differently when implementing this system? (The cop-out answer of, "I wouldn't have agreed to do it," is not valid.)

Answers:

1. Try to put out statements and/or press releases that explained exactly how the data was used and how the company has had consumer privacy in perfect mind during the entire design process.

2. Release a software update that would disable the collection of statistics.

3. ?

It's a lose-lose situation. Even if RealNetworks had no evil intentions to begin with, none of you are going to even acknowledge the fact that this might be a possibility. In your mind, they're just another evil corporation, and that's truly sad.

Re:so what?

[Fastolfe]

As the article says, every time RealJukebox is started it sends

Sends, not stores. Please read a bit more carefully. Nowhere did the article state in any sort of factual manner that the data sent by the client was being archived at RealNetworks. According to repeated statements by RealNetworks, this information is analyzed in an aggregate form, which is consistent with all of the information we have.

Again, the entire bit about archiving all of this information was MADE UP by posters on Slashdot, and you bought it like a loyal Slashdot sheep.

For some reason it is custom for posters on Slashdot to automatically assume that just because a technology is available to a company, that company will exploit said technology to its fullest, regardless of the potential PR mess it would cause, regardless of the laws they would be breaking in the process, and regardless of the monetary loss it would incur because it's just not FEASIBLE to do it. This automatic assumption is what I'm trying to combat here, because it truly depresses me. I would really hate to work in PR or in an executive branch of any corporation, simply because of this type of FUD that I would have to regularly combat.

If a company as big as RealNetworks were TRULY doing something as evil as this, don't you think their employees would think of it as evil too? Don't you think one or two of them might step up anonymously and mention that yes, RealNetworks is doing evil things? Or do you just assume that RealNetworks picks loyal employees very carefully?

In fact, they have blatently and I'm sure even you'd agree deliberately denied that they were doing so until they got caught red-handed

In order to deny something, they'd have to have been approached with it. This is the first I've heard of it, and the only response on RealNetworks' part is that the data is being used only in an aggregate fashion. Are they trying to "save face" and lie to everyone (at the risk of being caught by said ethical employees and exposed), or are they trying to desperately clean up their own mess because they weren't expecting the kind of response to something they considered relatively benign?

How you could trust a single word they say after they deliberately left the little bit about the spying out of both their privacy statement and the EULA for RealJukebox boggles the mind.

Probably because I don't think of this as spying in the least. Posted privacy statements tend to talk about how information is collected and stored. The absense of details concerning information that's analyzed "on-the-fly" and discarded (as seems to be the case here) wouldn't necessarily appear in a privacy statement, and it makes no sense at all to have it in the EULA, so I fail to see the cause of your enormous distrust here.

Again (and I thought I had made this clear), I'm not trying to say RealNetworks isn't in the "right" here. I think they should have most certainly informed the users that this information was being analyzed, explained just how it was being used, and given users the option to back out of it (or sign up for it to begin with).

What *I*'m trying to object to is the ENORMOUS anti-corporate bias that exists in these YRO threads. It truly saddens me that whenever a company is "caught" doing something even *potentially* privacy-invading, all of the privacy wackos come out of the Slashdot woodwork and suddenly that corporation is the most evil entity on the planet. Everyone assumes that they're doing the worst and proceeds to bash them on that basis. I am simply trying to point out what is fact here and what is sheer paranoia/conspiracy theory on the part of Slashdot kids.

Contrary to what you may think, there *are* companies out there run by honest folks that DO have quite a lot of integrity, and I pity the day when somebody finds something mildly "interesting" about something they're doing and they end up having to fight an uphill PR battle (with the burdon of proof on them) to explain how benign that thing really is.

Re:so what?

[Fastolfe]

...I'm not trying to say RealNetworks isn't in the "right" here.

Err.. you know what I mean.

Re:so what?

[Fastolfe]

The only made up statement in this thread is the contention that they don't store the data. First, they have to store the data in order to analyze it, unless they are doing it in real-time.

And what's so hard to believe about that? Read the data from the client, figure out aggregates from that data, store said aggregates. It's efficient, and precisely how I'd have designed it. And I'm not trying to speak for RealNetworks by saying they're not storing it, I'm saying the assertion that they *do* store all of this relatively private information *was* made up by Slashdot posters. This simply does not fit the facts in the article or by RealNetworks' statements.

Second, why chance losing valuable customer data to system failure, when they can easily keep a back-up copy.

What does this have to do with anything? I agree, database backups of customer information is probably a good thing.

Third, how almost immeasurably profitable is individualized data on music preferences as a marketing tool?

How much more valuable is a person's name and a list of CD's and MP3's than aggregate statistics about a given user? If it's just marketing reasons you want this data, aggregate statistics will suffice quite nicely, pointing the service to a given user's preferred musical tastes. That's all you need to market to that user effectively.

With RN's history of aggressive product spamming...

Looks like you've been reading Slashdot comments instead of the articles. THIS is precisely what I'm trying to combat here.

RealNetworks was added to the RBL because they refused (or did not act in good faith) to add an authentication layer in their e-mail address collection methods. So people signing up for a RealNetworks product would put in some bogus e-mail address, and leave the checkbox marked "Send me e-mail from RealNetworks and advertisers" checked. Unfortunately, quite a few of those "bogus" e-mail addresses turned out to be in use by real people, who didn't appreciate the e-mail. "Aggressive product spamming" this is not. RealNetworks was simply sending out advertisements to people that had explicitely requested them. It's hardly their fault that other people were putting in somebody else's address, but I do understand the stance that the RBL took because RealNetworks wouldn't implement a method of checking the validity of messages before adding that address to their mailing lists.

Re:Hmm.. just checking, but..

[Fastolfe]

Because if you are in a hurry when you install a software, or are simply not interested in all the bells and whistles, you usually skip the READMEs and trust the (Net)Etiquette of the software you use.

If this is truly the case, then you have absolutely no right to complain. A company can only go so far in giving the user options. NATURALLY, they will have 'yes' automatically selected. If you breeze through the installation, it's your own fault for not paying attention, and it would have made absolutely no difference if Real had omitted the checkbox entirely from its program's installation.

It's not like this is an obscure option. It's pretty plainly visible in the installation wizard. They're not trying to hide the option from you, and I don't feel they're being evil in the slightest by defaulting it to 'yes'.

Not sure..

[Fastolfe]

They may "analyze" it on-the-fly and just modify aggregate statistics about your listening habits. If you regularly listen to rock music, they may have a "likes_rock_music" statistic that goes up as you listen to more rock, etc.

Just an idea..

Re:Hmm.. just checking, but..

[Fastolfe]

A pre-checked checkbox is kind of like a "pre-signed contract", giving you the _option_ to tear it up

By signing said contract, you are explicitely acknowledging its contents in their entirety. This is a horrible analogy to make, since legally, you can't just say, "Well, I signed it, but they shouldn't have had that clause in there from the start!" and try to back out.

I can't believe people are arguing about what the default state of the checkbox should be. They're in no way obligated to provide that checkbox. It's the same as web sites that ask you the same thing. They're doing you a favor in an effort to keep people's trust and avoid bad feelings when people start getting e-mailed crap from them when they never wanted it in the first place. They would certainly like you to check the checkbox, so they leave it checked. If you're too braindead to notice this checkbox, then you deserve what you get.

Re:presigned contract

[Fastolfe]

Yes, you're right.. I missed the phrase "pre-signed" in the original comment.

Re:so what's fair?

[Fastolfe]

You make some fair points, but I feel I should respond to this bit:

"David Banisar, a lawyer...who specializes in internet law, said that RealNetworks' surveilance practices could violate various state and federal statutes..."

That's not lack of courtesy, that's lawbreaking.

No, it's not. It's one lawyer mentioning that there was the *possibility* of a violation of law. That's the job of a lawyer, to find possibilities and to take that to trial. Of course a lawyer's going to say that, especially if he knows his name will be in the papers. For all you know, the conversation could have gone like this:

reporter: So tell us: are they breaking the law?
lawyer: I doubt it, but I don't have all of the facts, so I suppose there's certainly something illegal about what they're doing.
reporter: Gotcha!

I would be quite surprised if this was actually the case here, and I would be very interested in how they came to that conclusion. Companies all-too-frequently collect information like this, without informing consumers, yet they are typically found to be operating within the boundaries of law. I don't see the difference here...

Re:I hate those. :)

[Bishop]

Just my pet peeve. :)

Yours and mine. What I hate equally is trying to turn that kind of behaviour off. Sometimes it it pretty easy: there is a option within the program, or it is in the "StartUp" folder. What I really hate is when you have to hunt throught the registry to disable this "feature."

Then again this is one of the reasons I use Linux :-)

Real = annoying anyway

[nylon66]

I was looking for an excuse to kvetch about Real. RealPlayer is downright *invasive* as far as I'm concerned. Endless registration requests, checking for plug-ins, et cetera. Listening to the Series was like visiting the proctologist (good thing it only went four games).

I hate those. :)

[Booker]

findfast, office startup bar, little blue Real icon... all loading up 10s of megs of DLLs so that their app will load faster... all the while starving the other apps of memory while they sit there idle.

Just my pet peeve. :)

It's off my system NOW

[KlomDark]

If the people from Real are reading: You software just got deleted from my system. Bye...

Re:RealPlayer alternative for Linux?

[szyzyg]

Alternatives?

Icecast.....

I was amazed over the weekend when someone showed me his conversions to icecast to let it stream video.. they were running live coverage of a party in Finland using icecast for the audio and video.

Real Isn't the only one

[szyzyg]

mp3.com - they require an e-mail address before doing anything on their site - they are of course monitoring all the users and selling this information on.

The record companies love to know what artists they can associate with each other - mp3.com probably gets most of it's money from analysing your listening patterns and selling this information.

mp3.com has rubbish music anyway... they are becoming the Microsoft of the online music world with poor service,applications, and generally a bad attitude

Re:RealPlayer alternative for Linux?

[szyzyg]

Interestingly.... it was one of the biggest ISP's in Finland that arranged all this.. they're using Icecast over Real Player.

Icecast has a couple of other big names using it.

Doesn't the NY times monitor people's reading too?

[Bitscape]

Free registration required. Sounds like the pot calling the kettle black.

presigned contract

[chialea]

IMHO, a presigned contract would be something like Microsoft's EULA. you never actually sign the blasted thing... the only choice you have is to tear it up

Lea

Re:presigned contract

[WNight]

No, your other choice is to click 'I Agree' and then do whatever the hell you want.

The EULAs are *not* valid.

For a contract to be valid, both parties have to get something out of it (however minor, hence the cliche of $1...)

If you buy a software package, you have all rights except for those which violate the copyright. You don't have to accept a contract offering you those rights because you already paid for them at the store.

The only way the EULAs could be valid would be if they offered you something truly optional (ie, not affecting your ability to use the program if you decline) such as a free service contract, or something.

Not only that, but changing a program from a 5 user, to a 50 user license by using a binary patch or modifying registry settings, like for a web server or NAT/Firewall, doesn't violate any laws either. If you didn't sign a license agreement saying otherwise in the store before they let you buy it, then you have the right to modify it. Just like you could buy a piece of art and then take an exacto(tm) knife and make make any desired alterations.

This whole thing is a scam. It really should be illegal to use these legal scare tactics.

That's not all...

[benbean]

Real's habit of scattering bookmarks and icons and startup programs around my system without asking bugs me almost as much as this...

Re:That's not all...

[benbean]

The point, my dear coward, is not the locations of the objects, but the "not asking".

RealPlayer alternative for Linux?

[Cid+Highwind]

A little offtopic, I apologize...

I realize this thread is about RealJukebox, not RealPlayer, but what alternatives are there to RealPlayer for Linux streaming video/audio? It seems to me that there are 2 formats for streaming video; Windows media and Real. If we find both Real and MS to be unacceptable for political and/or privacy reasons, what other formats are there?

Also, call me paranoid, but Real and the RIAA have been too close in the past for me to brush this theory aside. What if the real reason behind the collection of all this data is to trace pirated MP3s made with Jukebox back to their source? Scenario: The RIAA downloads an MP3, finds that it was encoded with Jukebox, and "asks" Real to search through their records on that particular song, bitrate, sample freq, file date and track the file back to it's source computer. It could happen, much like the global ID in Word97 documents being used to track down the source of the Melissa virus.

Re:RealPlayer alternative for Linux?

[llornkcor]

There are more than just 2 streaming types. Try streaming mp3 (xmms for linux) realplayer works on linux also, windows media- hehe there is one for unix, but its an old, out of date one. Streaming mp3 is probably the best, unless you need some seriously low-fidelity.

Re:Not storing the info?

[Thagg]

If they are not storing the info then they are definitely not maximizing shareholder value. It is a criminally negligent destruction of shareholder property, and they should be taken to task for it.

Half-kidding.

thad

Re:so what?

[KyleCordes]

** everytime you called a store to get information, a price quote, directions to their store, etc, they asked you your name, address and phone number?


They already can do this - some phone companies offer an extended "Caller ID" service to businesses which not only shows caller ID (or ANI for 800# calls), but also automatically does a phone directory lookup to show them your name, address, etc.

Re:Please. Constitution Does NOT GRANT rights.

[uradu]

Point taken. Your argument however in no way lessens mine, but rather strengthens it.

Please. The most childish argument!

[uradu]

This falls into the same category as "if you don't like this country/city/place why don't you leave?" The point is not the leaving, but the changing of a broken system.

By being born into this world--something I wasn't ask about, take note!--I have been endowed with certain rights that the constitution etc grant me. "Venturing outside my house" as you put it is one of those inalienable rights. The point people are trying to make is precisely that I should be able to "venture outside the house" without any ill effects.

You sound an awful lot like Scott McNealy, a person devoid of any notion of personal privacy.

True Confessional

[A+Big+Gnu+Thrush]

I once read a Piers Anthony book. I even "got" the Xanth pun... and I still enjoyed it. I was only a teenager at the time, but I've never told anyone about it until now. I'm ashamed, but it's all behind me now.

Soon after finishing the book, I went on to more constructive activities, like chronic masturbation.

Re:Hmm.. just checking, but..

[A+Big+Gnu+Thrush]

Why does the default setting matter?

If the deault is "Yes. Please allow RealNetworks to provide me with updated, useful information by monitoring my every move while connected to the Internet." and the cancel choice is "No. I would like to continue to live in a dark age of information technology by hording my personal infrormation and habits." the choice is still there for the user.

If the choice is never offered or hidden in a dialog box the user never sees, then that is another matter.

Re:RIAA subpoena enroute

[BeBoxer]

If you can't think of any reason why they would want to keep individual data, you're not very imaginative. Hmmm, perhaps to compute top 10 CD lists by various demographics. To be able to perform this retroactively when they have a new demographic they want to check. So that they can track the effectiveness of advertising specific albums to specific groups. Having all the specific data is lots more useful than just having some aggregate numbers. It lets you run whatever analysis pops into mind on the data. Ever hear of data-mining? It's just the process of analyzing the huge amounts of random data the companies keep looking for whatever patterns or facts are interesting.


As for how big that database would be, let's make a rough guestimate to see if it's feasable. Let's say that for each CD, we need to save it's 4 byte CDDB ID and a 4 byte counter for how often it's been played by a person. Let's also guess that the personal information is 1KB in size. Let's also assume that our database takes up twice as much room as the raw data it contains. If you are keeping track of 1,000,000 users who each have 1,000 CDs they listen to, your database will be:
1 million 1K personal entries for 2 GB disk space.
1 thousand 8 byte entries for each of those million users, for another 16 GB of drive space.
Let's see, an 18 GB drive is worth what, about $200? Do you think RealNetworks has room in their budget for a $200 dollar hard drive?

I think we all need to keep in mind that we already live in an era where it is quite affordable and feasable to keep significant amounts of data about everyone. There was a time when this wasn't feasable, but it is gone now. There is every reason to believe that companies will keep as much data as they can, simply because it's cheap and it could come in useful someday. Why not keep it?

Re:It's "free"

[earlytime]

The issue is not that they want to have/use this kind of personal information. What is concerning is that they distribute this program, and it *secretly* collects this information and sends it to them. Without your consent, and without warning. That they give this program away free is a misnomer, All the Real programs that I've seen lately are chock full of ads. Granted I'm a linuxhead, and rarely use windows software, but that's just my observation. I've tried Realplayer for linux and its horrible, ( ever get error 1? ) but that's another issue.
I think of this as another argument for open sourceware. If the source for real* was open, we could have seen the offending code/behavior BEFORE using the program. I'm sure that Real is not the only company who does these kinds of things. They are just one of the more obvious ones. Sooner or later, some sw company will collect more sensitive info, and encrypt its trasmission so even if we notice it, we can't figure out what it was. That's what I'm woried about. Not just secretly collected, but intentionally made unreadable.
-earl

Re:Use the /. login account

[Greg+W.]

login: cyberphunks

It's cipherpunks .

Re:This is OT!

[Greg+W.]

The problem with /. moderation (as I currently see it) is the use-it-or-lose-it problem.

I had moderator points yesterday, but I didn't have much time for reading articles. So I used 1 point (well spent, I think). Today, when I'm at "work" and have lots of time for reading, I don't have moderator points. They must have expired.

On those rare occasions when I have points, I always feel like I have to find something, anything to use them on, quickly -- lest the points suddenly vanish, unused. Like they did today.

Moderator points should not expire! If I still have points left when I'm randomly chosen for getting points, then don't give me more (I don't need to stockpile hundreds of them) -- but dammit, at least give me enough time to use them wisely!

New /. moderation slogan: "speed kills".

Weird, isn't it?

[seebs]

Isn't it amazing how often the people who do stuff like this spam?

FWIW, Real is in the RBL for continued spamming and address harvesting.

Info's "Not Being Stored" ???

[billybob]

the practice did not violate consumer privacy because the information was not being stored by RealNetworks

This cant be true. Why would they bother having the program send them info on what the user is listening to if it's not stored somewhere on their computers? What, do they have someone over at realnetworks who watches the info come in? "Hm, this person is listening to nine inch nails. Hm, this person is listening to NOFX."
Real can be so annoying sometimes.

Re:Not storing the info?

[Black+Parrot]

> If they are not storing the info then why is it being sent to them in the first place. ... Come on Real Networks people aren't dumb.

I dunno... Micorsoft got away with claiming that their automated data collection was "a bug".

The big lie is always best.

--
It's October 6th. Where's W2K? Over the horizon again, eh?

The Solution is easy.. Use Free Software

[briam]

There are plenty of good free solutions. The Sajber jukebox is one. There are even packages like mpserv that will allow you to distribute your archive over many machines. There's no reason to involve big business here.

RIAA subpoena enroute

[lythander]

Wouldn't this be a great store of data for the RIAA to mine in their anti-piracy campaigns?

Re:RIAA subpoena enroute

[twixel]

>> can't think of any reason they'd be interested in storing all of the artists and songs you listen to.

I'd think that would be very valuable marketing data. Your listening habits cross-referenced with your credit-card info , your email-address and your real-world address.

BTW, if it wasn't interesting, why would Real bother collecting it? So they could see how many people liked country? Come on...

Re:RIAA subpoena enroute

[anonymous+cowerd]

> And your local supermarket is compiling a list...

My local grocery store (Kash n Karry, Florida, U.S.A.) is compiling a list of my purchases, me specifically and stored by name. The mechanism is, they give you a little card about the size of a credit card with a unique bar code on it, specific to each customer. A bunch of popular items in the store, marked with a special tag, are on deep-discount sale - they even sell some at a loss, I think - but only for shoppers with this "Preferred Shopper Card." When you go through the checkout line, you present your card, the clerk swipes it across the scanner, and you get your one or two dollar discount. You don't have to use the card, if you don't want the discount, of course.

The clerks all subvert the system by using a generic discount card they swipe, to save themselves the trouble of asking you to produce your own card, which gives you the discount without associating your specific bar code with your purchase. I think that's kind of funny.

The kicker is, at least one grocery store I read about in the news (not Kash n Karry) has used the data mined from these "Preferred Shopper" card in a sinister manner in court. A customer sued this store after slipping on a wet floor and suffering an injury. The grocery store's lawyers presented this shopper's data; it showed that she bought a good deal of beer and wine; they attempted to elude liability by sugggesting, on the strength of this buying data, that the customer was a drunk and therefore herself responsible for her injuries.

How do you like that?

Now compared with this Real Networks business, the difference here is all in favor of the grocery store, since they openly ask you for the personal data, and you are aware that you are giving it out. (However, you might not be aware that you give out similar personalized shopping data whenever you use a check or ATM card.)

Yours WDK - WKiernan@concentric.net

Re:RIAA subpoena enroute

[Fastolfe]

Doubtful.

RealNetworks asserts that this data isn't being stored. The likely scenario is that they're taking the information, finding the genres associated with it, and storing aggregate information about those genres in an attempt to find your approximate music interest. This is still quite useful information, but suddenly RealNetworks doesn't look so evil, so the people that read these YRO pieces are less likely to mention it.

I can't think of any reason they'd be interested in storing all of the artists and songs you listen to. Do you have any idea how large a database would need to be to store this information? Aggregate trends, however, can be represented with a few small numbers and fits RealNetwork's likely needs perfectly.

Now, again, I'm not defending RealNetwork's practices here, but I feel I do need to step in since so many people like you keep spreading this misinformation.

Whups

[Coda]

Because I live in a house you built does not mean that you get to want what I do in it.

This should read "Because I live in a house you built does not mean to get to monitor what I do in it."

Remember kids, sleep and/or the Preview button are your friends...

Re:Whups

[FigBug]

It still doesn't make any sense.

TRUSTe

[SSKennel]

I see that RealNetworks's privacy statement has a TRUSTe seal at the bottom. Think TRUSTe will now sanction RealNetworks for failing to fully disclose what information they collect from their users?

Me neither.

-- R.

Re:Hmm.. just checking, but..

[WNight]

Or, maybe Radio Shack just decided to demand personal information, knowing that only a few people wouldn't choose to avoid the confrontation by just buckling in and giving their information.

Then they not only sell the information for mailing lists, but spam it with their own junk.

I personally assume (because they did send junk mail to the fake name I gave them at my address) that they use it for junk mail. No idea though, how all those other companies decided to send that same fake person junk mail. They must have been telepathic.

Re:Ahhh... Windows...

[WNight]

Oh yeah, Quicktime, the proprietary player is just so cool. I mean, who cares about the fact that it's ugly, sucks CPU like a cheap whore, and is no better than mpeg for movies.

Here's a good link about the great Quicktime user interface.

The Real Issue Here

[ConceptJunkie]

Summing up what a lot of people have said, the real issue here is about closed-source software. Since most people are connected to the Internet at least part of the time, any piece of software could take advantage of this to communicate information to anyone.

Before this near-ubiquitous networking, it mostly didn't matter what software you were running did. The worst that would happen is that it didn't work or screwed up your machine... and even then there were fears, mostly unfounded, that people like Microsoft or AOL were gathering data on computers.

Now any piece of code run on your computer can send (or receive) data from anywhere in the world and it is natural to begin distrust anything you run, whether it be the latest installation software from Microsoft, some k3w1 internet utility like Real, or a hidden trojan in that dancing baby program your best friend sent you.

To me, it is becoming more and more important to be able to know everything the software you run might possibly do. It is also becoming easier and easier for someone to release software that could wreak any amount of havoc privacy-wise in your life. And let's face it, law enforcement, if it becomes relevant, can only happen after the damage is done.

Repeating a common slashdot theme, OSS is the only sure way to resolve this distrust.

Re:so what?

[plunge]

To be perfectly callous, the issue isn't just privacy. The difference is the extent of information they can get without my direct consent, and the potential revenue this accrues to them. If they want my personal info they should PAY for it, because they're going to make money off of it one way or another. I have a legal right to my information, and if people want to send me advertisements, or even use my info for statistical purposes, I have a right to demand some sort of compensation. By them covertly secreting info, they are, in effect stealing it. Now, of course, I'm being completely silly here, because currently it's very little info that's available, and they aren't doing anything with it (not to mention that I don't use RealJukebox- I use the much sleeker various AMPs). But these sorts of efforts by software companies are just testing the waters- you can't tell me that they wouldn't LOVE to someday be able to sell my personal info, spy on my activities, or profit off of it some way without my knowledge or paying me for it. Why shouldn't I raise my voice now so to determine how things will go in the future?

Re:so what?

[plunge]

Hey moderators- I'm getting REALLY irritated when I see people with unpopular or uncommon opinions rated as flamebait. And this isn't "offtopic" either- it's a comment on the silly moderation done to the above post.

Re:Use the /. login account

[Nodatadj]

cyberphunks/cyberphunks works for me...

Maybe there's many /. accounts.

Use the /. login account

[Nodatadj]

login: cyberphunks
passwd: cyberphunks

The standard /. login account :)
Or is there some reason why no-one meantions this anymore, like for example, the FBI are investigating the users of this login for Kiddie porn scandels?

Cos if there is, I'd better stop using it, hadn't I.

Re:This is OT!

[PigleT]

Yeah.
The problem with slashdot is that moderators don't know to leave an article alone - if it in any way duplicates another point you get marked down as "redundant" to the extent that you feel you can't even agree with things. It's a permanent state of "must say something more insightful / funny".
If there was more leaving of things alone, neither your problem nor my opposite would happen...

(Also, I wonder exactly how folks approach increasing an individual comment's score - it appears to be a combination of dB of laugh caused or count(#links) in it...!)

Re:Hmm.. just checking, but..

[PigleT]

If that's the case, the thing to ascertain is what the default value of the check-box is.

Me, I don't use realplayer, I use grip for playing CDs and theatres for movies... ;)

Re:privacy invasion

[The+Fonze]

come on man...did you read th article? Each person is assigned an id. The only reason I can think that they would do that would be to insert the info into a db somewhere. And for those who dont think they are doing this for profittable reasons, then why in the f**k would they do it? for shits and grins? I'll never use their stuff ever again. I think this is a giant score for open source.

Re:Fair enough

[The+Fonze]

ya, this goes for malda too.

connected (proxy) host by RealJukebox

[uncleFester]

Appears to be connecting to a cdinfo.real.com (208.147.89.220). Just for laughs, I blocked it at my fw to see if it would kill CDDB; it seemed to access after timeout failure with the cdinfo proxy.

Two other things here: first, the only checkbox to not send info to real is when contacting tech support via the app ("Send configuration information when connecting to Technical Support"). There is no "Send NO information to Real." Second, I saw posts talking about different sampling rates (96k max vs 150 and higher): folks, be sure you're talking about the right thing. There's realJukebox (this little flap) and realEncoder (for encoding a/v content only). realJuke (freeware, anyway) has a max encoding rate of 96kbps; realEncoder can be set to do any rate (a/v combined or separate).

If you're that paranoid (as I sometimes am) and want to fsck with real (as I do) then do two simple things; block them at the firewall (or use a fw product.. what, you don't have a cable modem and no protection do you?) and hack the entries in the registry to send false data*. If their data is invalid, what good is it to anyone?

-fester
* note I take no responsibility if you hose your machine. if you don't know what the registry is (or why it's evil, see this as an example) then go back to your little gates-inspired fantasy world.

Re:connected (proxy) host by RealJukebox

[Spamalope]

Why not reverse engineer the data format Real uses. A Seti type screen saver that feeds bogus info into the Real database would be fun, especially with the /. effect. I don't think it would take too long to screw up their current database.

Re:Doesn't the NY times monitor people's reading t

[twixel]

No, they chose not to DISCLOSE the information to the public. There's a difference between not mentioning something and deliberately trying to keep it a secret. Let's not jump the gun here.

Why is the key that is sent to Real encrypted in the registry? Why does the key include: your name, your email address, OS version, processor, what portable MP3 players you have, how many tracks you encoded....... The key is sent to Real in the HTTP get request. Apparently someone went to an awful lot of trouble "not mentioning" the tracking feature.

And why does the software send an update each day to Real, plus with each track you play? And when you select the sites menu ?

Re:Not new, no harm done.

[SpinyNorman]

I read the story rather sloppily, and on second thoughts would have to agree with you! I think it would be different if RealJukeBox was accessing their server for CDDB type track info, but given that it has no reason to be doing so, it does have a rather unpleasant feel to it.

Real.com IP Names and numbers please?

[Stavr0]

Could someone post the IP numbers and names so we can all add black-hole host and route resolution?

/etc/HOSTS:
127.0.0.1 xyzzy.real.com abcde.real.com byteme.real.com

/etc/ROUTES:
99.99.99.0 255.255.255.0 127.0.0.1 127.0.0.1 1

(will this be enough to block it all?)
---

Re:Not storing the info?

[mgoff]

The privacy implication is that the listening data can be tied back to an individual user. If Real Networks takes your personal listening habit data, abtracts and combines it with other listener data such that your identity is no longer attached to that data, and then destroys the original data, is your privacy still violated? It's no different than taking the average of 1,000 numbers, saving that average, and deleting the original data. I'm not sure that our privacy is really protected in this way, but if so I have no problem if this data is collected-- it's my way of payment for a little free entertainment. I prefer Shoutcast anyway.

registration

[Hard_Code]

That's why I usually enter bogus personal info and email addresses.

Just because you're paranoid don't mean they're not after you ;)

Why we should be worried !

[Manifest]

Real seems to have landed itself into a big mess this time around.
It is not the fact that they are monitoring people's trends/preferences, but it is the fact that they are doing so without the knowledge of the user. A lot of softwares that connect to internet have some form of ID that can be used to track user traffic etc. But they are publicised. Here evrything is done in secrecy.
This brings to mind the case of ICQ rumour (confrmed?) that it gives back to the server a list of all sofwtares that are on the host computer !

Things have to be looked at in bigger picture. Every network based software has the inheretant capability to send info back to the server and every software has the inheretant capability to do alomost anything on your computer. These two conditions when brought together is an explosive mixture ! Where do we draw the line ?
I am sure that with more internet based applications coming up, cases like this may become more common. Things have to be nipped in the bud.

And oh yaah.. ZDNET also carries a article on the Real issu e

Re:so what?

[DaveHowe]

Except RealJukebox doesn't download things from websites. That's RealAudio you're thinking of. RealJukebox plays audio files and CDs on your computer, and therefore has no business sending any kind of data over the Internet.
Hmm. well, according to the website it has downloading capabilities, but you are correct - It is primarily a flatfile player/recorder. This makes things even worse - it is *not* a public-player, as the name "jukebox" implies, but a personal "walkman" player :+)
/me makes mental note to check on products next time....
--

ZDNet

[DaveHowe]

ZDNet have rushed off a piece on Online Privacy In response to the RealNetworks thing - it mentions a new "privacy statement" by RN, that they intend to release a patch to prevent the sending of the data, and bring up the MS GUID and Intel chip-id stories that have dropped out of sight lately...
--

ZDNet

[DaveHowe]

ZDNet have rushed off a piece on Online Privacy In response to the RealNetworks thing - it mentions a new "privacy statement" by RN, that they intend to release a patch to prevent the sending of the data, and bring up the MS GUID and Intel chip-id stories that have dropped out of sight lately...
--

Re:so what?

[DaveHowe]

you mean you've never noticed the option to play "the most popular song" (the most played song of that day/week/whatever) on a jukebox?
Indeed, I have - but it would be unusual for more than one track in six of those played to be directly selected by you; A lot of time will be spent listening to other people's choices, some of which you will disagree with, but none of which stem from your deliberate choice. To match your analogy, you would have to have the WEBSITE report back to RealNetworks what audio streams are being played, not the user agent.

There's plenty of information to keep track of in a jukebox. The artists get paid royalties when their music gets played on a jukebox. The people running the jukebox naturally want to put music in it that people will listen to (more money for them if they do), so wouldn't they want to know what the most played songs/artists/music types are?
Indeed - the website owner is more than entitled to know exactly which streams are most popular, which least; the problem is that RealNetworks aren't really providing these channels, but they are gathering the information anyhow. They state that they aren't vaulting or forwarding the information, but obviously the possibility is there, or why do it?
--

Re:so what?

[DaveHowe]

I'd investigate, certainly, but I'd hold short of trying to beat the crap out of him or call my local legislature and ask them to pass laws that forbids people from taking photographs of me in public. If I asked him and he said he was a photographer for the Daily News, and was just out checking how popular the new restaurant that just opened was, I'd believe him, certainly.
I probably wouldn't be THAT trusting, but then I wouldn't go to either of those extremes either; Assuming the above case, I would probably just ask to see some ID, write a letter to his editor suggesting his people would be better *out* of the bushes, and let the matter drop. we have something at the same level as MS's "UID" namestamp from Office97, and most people agree that that was beyond the allowable.
I guess this is just a difference of opinion here. I agree that this is somewhat similar to the Office GUID thing, but I disagree that either issue merits the attention.
A lot depends on how terrible you think us getting together to bitch about it on /. really is. I'm not suggesting that we should be sending hate-mail and dead cats to RN over this.<grin>

From an unbiased point of view, it could be any one of a dozen things - down to a "debug" switch left on in the full release that shouldn't have been. As you say, it is a PR disaster for them, all the less needed as they could have gathered the same information from the server ends, and not had this monkey on their backs.
--

Re:so what?

[DaveHowe]

but you don't normally expect him to ask you questions about who you are and where you have just come from, and you definitely don't expect the manufacturer of the jukebox to have the right to do so....
Everyone is making the dangerous assumption here that RealNetworks is *combining* this information for their evil spying practices.
No, I am not even assuming they are storing this information - but the mere fact they have built into the client an unannounced "feature" of delivering all this information to them is as worrying as the possible usage of it would be. If if you spotted a total stranger taking photographs of you from concealment, but they said "It's ok, I don't have any film in the camera, it's just for practice" would you
A)Automatically trust him to be telling the truth and
B)Say "ah, that's all right then" and wander away without even wondering WHY they were practicing, and more importantly, why on you?

Most all major products I download from the Internet ask me for my name, and bits of other information. Most (if not all) give me the option to decline sending this information in.
Indeed - and as this is open and aboveboard I tend to fill in such pre-download sheets honestly. I am a lot more tolerant when they ask politely, and give an option to refuse.

SEPARATELY, RealNetworks is allegedly collecting information about your listening habits (tied to a userID not necessarily tied to your contact information). I'm not going to try and defend this, since I lack information one way or the other, but it seems like a great many of you are just assuming that RealNetworks uses this information together somehow.
I can't speak for all of /., but I am not assuming this...

Further extending the music store analogy, let's say you get one of those Frequent Listener discount cards there. You give them your name, address, phone number, etc., and shop there every week or so. Now, the clerks know you by face, but that does NOT mean remotely that they automatically know your name and are linking every purchase in their head with your address and phone number. Yes, they collect the information, but that doesn't mean they're using it together.
Odds are good that they do - somewhere, your purchasing habits (as represented by purchases you have used your card to make) are matched against each other, to make decisions about the sort of products that store will stock next week, and possibly (unless you have said otherwise) what sort of "special offer" targetted mail you will get the week after that. That said, I know quite a few of these schemes are purely loyalty schemes - the ones where you have to save "points" tend to be, anyhow - where they don't really care about tracking the information, just in getting you to visit their store preferentially.

Again, I'm not trying to defend RealNetworks here, but I do think many of you are taking this to an unfair level...
Quite possibly - I notice a trend of /.ers jumping on the accused with both feet, without even considering that a mistake may have been made somewhere down the line (the recent Corel and Chinese Linux stories for example). I don't think this is the case here though - we have something at the same level as MS's "UID" namestamp from Office97, and most people agree that that was beyond the allowable.
--

Re:Overreaction, this is fine

[JohnCub]

No, No, No, No, and NO. I chose the option to NOT send information to Real Networks. I don't want anyone to know anything about me. According to the news.com story,
"The fact that RealNetworks gathers the information is not mentioned in the privacy policy posted on its Web site, the Times said, or the licensing agreement users must approve when installing RealJukebox. "
This is clearly a violation of our right to privacy. And it says in the story that they don't store the information or sell it to any third parties... Being in the business of data, why, then, would they have these streams of data hitting their servers?
I am off to uninstall all Real products. I can live without them. Then I'll run a search on class action suits.

Re:Kish is a troll

[radja]

Last time I checked (today..) moderation points were given automatically, not by people. How else would I ever get to moderate? ;)

And yes, it was posted thrice

//rdj

Re:so what?

[monstar]

>Rest assured, you don't speak for the rest of us.

my sincerest apologies for thinking for myself.

Re:so what?

[monstar]

i see your point - BUT - whoever said anything about people videoing me in my house? i certainly didn't imply this was ok so where did you get it from? you have taken my argument to the most illogical extreme and thrown it back at me - besides, analyzing what products i buy is the job of the store loyalty cards - you know - where you benefit from lower prices/benefits/cheap booze at xmas and they benefit from your purchasing profile. sounds more like symbiosis than big brother to me.

Re:so what?

[monstar]

pardon me guys, but flamebait?

thanks to the people who took my point as a valid one for discussion. sorry for not toe-ing the party line, slashdot.

not all of us who read this site are brainless sheep. i am disappointed.

Re:so what?

[monstar]

i stand corrected and should have read the article better :) either way, my argument remains the same - and can be expanded to cookies, store loyalty cards, surveys, street video cameras etc.

To be brutally frank with you kintanon, i really couldn't give a flying f**k who is interested in the trivial minutae of my life. there are plenty more meaningful things in this world to be bothered about.

Re:so what?

[monstar]

:O) i'm sure you knew what i meant

i'll try again... :)

[monstar]

obviously, as im so naive i need explanation as to what you are actually losing by allowing this mostrosity of privacy invasion to happen... any takers? (and please try not to resort to analogies of being naked in the shower and having the plumber that installed it watching you.)

it is my beleif that collection of such information is wrong when done in an underhand fashion - and also (and this is the most important) that companies are not bothered about the INDIVIDUAL but want to know what their TARGET MARKET is up to. yes, ultimately so they can "serve the customer better" and (translated) "make more money" also.

so come one then!! what are you PERSONALLY losing by this happening?

(NB: not flamebait & apologies for the caps - tags seem to be broken)

Re:i'll try again... :)

[sgs]

Obviously, as im so naive i need explanation as to what you are actually losing by allowing this mostrosity of privacy invasion to happen... any takers?


Well, right now, if you have no MP3s on your system that the recording industry might define (now or in the future) as "pirated", not much. If the list of MP3s on your machine matches the CD list, the recording industry presumably won't care.

If it doesn't match, you may be called upon to demonstrate that all of your MP3s are "legal" copies, in a court of the recording company's choosing. The court will be in New York or Los Angeles, whichever one you're furthest from.

Further down the line, when it gets established that software companies can monotor your computer use, all of the software you use can make very sure that you are really honoring all of those shrink-wrap agreements.

If you're very careful to never do anything that even looks like it might be something that somebody wouldn't like, I suppose you wouldn't care.

Remember, we have a glut of lawyers in this country, all of whom think that the rest of us owe them a good living.

Re:so what?

[Spasemunki]

This issue I have with this is that this device is doing more than record what websight I visited publicly; it is recording what files I access in the privacy of my own home. The article said that it recorded the title, format, quality, and genre of all of the music that you play or record. This is not at all like what happens when you mail-order a CD or visit a store. If I walk down to Tower Records and buy a CD, they don't get to search my house in exchange to see what else I might be interested in. The monitoring on this device is well beyond keeping a track of public actons; it is recording private habits.

Re:Overreaction, this is fine

[Spasemunki]

I have to disagree with the statement that this sort of tailored program is a universal "Good Thing". Yeah, if you are just starting to use a program of a certain type, it is helpful to keep the bels an whistles and power tools out of your way until you know how to use them. However, for more advanced users, I would just as soon not have any "suggestions" piped my way; I am content to use my own judgement. Do you leave the "tip of the day" running on every program you own? I would much rather have a well documented tool that gives me the freedom to do what I will without suggestions or restraint and learn what I want than something that claims that it is going to lead me by the hand until I am up to speed, or offer "helpful hints" when I do something in a less than optimal fashion(thinking of the MS Word assitant here).

Re:so what?

[PurpleBob]

Except RealJukebox doesn't download things from websites. That's RealAudio you're thinking of. RealJukebox plays audio files and CDs on your computer, and therefore has no business sending any kind of data over the Internet.
--

Re:so what?

[ToLu+the+Happy+Furby]

There is a difference between failing to mention something and keeping something a secret. Unfortunately, most privacy activists fail to realize this difference, and so it becomes the custom to assume that whenever somebody fails to mention something, it automatically means they are attempting to keep it a secret.

Yes, there is a difference. However, considering that Real has a privacy statement on their page--a long, legal document which for talks in great detail about how they gather personal information when you resister their products, and the use of GUIDs when you request realvideo content from their servers, but very noticably and egregiously does NOT mention the fact that they log every CD and mp3 you play from your own computer--we can pretty easily conclude that this is a deliberate secret. Now, IANAL, but I'm pretty sure that any time a company puts a legal document like a privacy policy up for public perusal, it can legally be considered to imply that it is reasonably complete. The fact that they ommitted the teensy weensy fact that they log every action you preform every time you use their software seems like a clear cut case of deception to me.

The fact that they ommitted it from the license agreement you need to agree to when installing RealJukebox is even more clearly illegal.

As for anyone wondering why this information could possibly be so dangerous...consider the recording industry's probable response to the mp3 revolution: watermarking. For those who don't know, watermarking is a plan to put a little electronic signature (don't worry; it won't interfere with the music quality *too* much) in every song a record label wants to sell digitally. That way, the story goes, the record labels could track the progress of these songs as they get illegally copied and passed around, and can sue people who put them up for free download, or some such thing. Point is, it was a pretty flimsy story, and it certainly didn't threaten the average user who just played mp3s off his or her local drive...until now.

I'm sure, Fastolfe, this qualifies me as a paranoid delusional, but has anyone considered the possibilities when you combine software which reads watermarks (which future versions of RealJukebox will if they don't already, pretty much by definition), software which compiles registered information (your name, address, and email) and assigns you a GUID, and software which secretly (or maybe it just does it "without telling you about it; there's a difference") sends all pertinent information about the mp3s you're playing...

Yep, that's right: suddenly, if they want to (that is, if they pay Realnetworks enough money), any record label can obtain a list--names, emails, and addresses--of a substantial fraction of those people who have pirated mp3s on their hard drives.

Wow.

Damn. And the fact that their site is signed off by Truste makes it even worse. All of this makes me want to vomit. Oh well; at least I never used the damn thing cause it stayed resident in memory and crashed all the time. In any case, that sucker's uninstalled for good.

-David

Re:Companies like Real could avoid all this flak i

[ToLu+the+Happy+Furby]

very few things in life are free, and commercial software is not one of them

You're not the only person to have expressed this idea, but I figured I'd pick on you to correct it.

The idea that, just because something is closed source, if it's free you have to be giving up something--in this case, giving up a rather disturbing amount of your privacy without your consent--is ludicrous.

The reason RealJukebox is free is because it is a disabled demo. You can only encode mp3s at 96kbps, unlike the $30 RealJukebox Plus, which lets you encode at CD quality. This is, of course, an incredibly common practice in the closed source world, and even in the closed/open hybrid world (eg. Sendmail vs. Sendmail Pro). Essentially, it's an advertisement, a test drive--you get to see how the product behaves, in the hopes that you'll want to pay up for a version which is actually usable. Never once have I seen it used to condone a blatant and unagreed to violation of privacy, just because "you get what you paid for". Just because the majority of people stick with the free version is absolutely no excuse: I'm sure many more buy the plus version than would if there was no free version at all, and I'm sure Real agrees with me.

Besides...the Plus version still illegally violates your privacy without your consent, so the point is null anyways.

Re:so what?

[ToLu+the+Happy+Furby]

This whole bit about logging every CD and MP3 played was MADE UP BY UNINFORMED SLASHDOT KIDDIES in this thread. There is absolutely no basis in fact for this assumption that I have read. In fact, RealNetworks goes so far as to point out that this information is NOT stored. It is simply sent, analyzed, and whatever aggregate information (genre, for instance) is gleamed from it.

Or, rather, those "UNINFORMED SLASHDOT KIDDIES" at the New York Times. As the article says, every time RealJukebox is started it sends "the number of songs stored on the user's hard drive; the kind of file formats -- RealAudio or MP3 -- the songs are stored in; the quality level of the recordings; the user's preferred music genre [emphasis mine--how do you think they determine the genre of the music without also transmitting the titles of songs?], and the type of portable music player, if any, that the user has connected to the computer.... What is more, if RealJukebox is used with its default settings, it automatically loads each time a CD is inserted in the CD-ROM drive, and if the computer is connected to the Internet, the title of the CD is sent, together with the GUID, to RealNetworks." As has been pointed out, the idea that CDDB similarly matches queries to the people making them (which the Real spokesperson claimed) is a complete lie.

And, while even the NY Times gets it wrong sometimes, it's worthwhile to note that their source on this article, Richard Smith, generally knows what he's talking about. An UNINFORMED SLASHDOT KIDDIE, he's very definitely not.

Or, if the point you were trying to make is that the information is sent, but it's just not logged--because Real says so--then you, sir, are a far more trusting soul than I. How you could trust a single word they say after they deliberately left the little bit about the spying out of both their privacy statement and the EULA for RealJukebox boggles the mind. Oh, and after they've accused CDDB of doing the same thing they do. And that whole thing that's landed them on the RBL for the past couple years.

The fact is, a detailed database of a person's individual music preferences, usage data, and CD and mp3 collections, which can be matched to an email address, is worth a whole whole whole whole lot of money. The idea that it wouldn't be worth the disk space used to store it is absurd. Many companies would--and, you can bet, already have--pay millions for this stuff. As for the idea that it's not worth their while to match listening profiles to individual people, that's just plain naive. There are many, many companies out there who believe that the entire promise of e-commerce, databases and the internet is the ability to target people individually based on their known preferences. They would kill for that information which would just sit there "wasting VOLUMES of disk space".

And even if it is aggregate, Real is still stealing information worth millions of dollars to them off of their users' machines without their knowledge or consent. In fact, they have blatently and I'm sure even you'd agree deliberately denied that they were doing so until they got caught red-handed. That is so clearly unethical and illegal that I have no idea what you are doing defending it. "Whether or not this in itself is a violation of privacy" is not worthy of another debate; it is furiously obvious. If that AIWA stereo you just bought had a secret radio transmitter that told AIWA the name of every CD you played on it, and they never mentioned that fact, you'd be pretty pissed too.

And, furthermore, while I seriously doubt it will be implemented now that they've been caught, I have trouble doubting that once watermarking of mp3s became pervasive, Real wouldn't compile statistics on pirated mp3s on their users' computers, possibly (what the hell) to sell to the RIAA. We've just found out that the infrastructure to do so is clearly already in place. We've also discovered that they have no qualms about lying in their privacy policies and EULA's, and trying to surreptitiously change them after the fact when they get caught.

Frankly, I'm guessing that the only reason this story doesn't scare the hell out of you is that, unlike me, you didn't have a copy of RealJukebox lying around on your computer when you read it.

Re:so what?

[sergente]

Helllooo - please read the story prior to making comments - The problem revolves around a piece of software that's installed on the users computers which sends information about the users computer, music tastes etc. to the Real Player people. Sufficive to say I'll be setting the internet settings in my real player waaaay wron

Re:so what?

[lost_packet]

:: anyone who visits a "jukebox" site and thinks that his/her listening habits is being not being monitored is naive. i mean, what happens when you listen to a real jukebox?

: Normally, you walk in, sit down, maybe by $PRODUCT the place sells, and listen. You might expect the owner to recognise you if you have been there before - but you don't normally expect him to ask you questions about who you are and where you have just come from, and you definitely don't expect the manufacturer of the jukebox to have the right to do so....

you mean you've never noticed the option to play "the most popular song" (the most played song of that day/week/whatever) on a jukebox? There's plenty of information to keep track of in a jukebox. The artists get paid royalties when their music gets played on a jukebox. The people running the jukebox naturally want to put music in it that people will listen to (more money for them if they do), so wouldn't they want to know what the most played songs/artists/music types are?

Re:so what?

[spacebum]

All I can say is this:

Imagine that the company collecting this information was Microsoft and not RealNetworks. How many people would believe their intent was innocent then?

Re:so what?

[HBergeron]

This is ridiculous; you have posted almost a dozen times saying the same thing. the FACT is that RealNetworks conducted an egregious invasion of privacy - Egregious = they gather information off of users computers, about data they did not provide, without the users permission, and did not disclose it in a document specifically designed for that purpose (one might even go beyond egregious to say villainous)

The only made up statement in this thread is the contention that they don't store the data. First, they have to store the data in order to analyze it, unless they are doing it in real-time.

Second, why chance losing valuable customer data to system failure, when they can easily keep a back-up copy.

Third, how almost immeasurably profitable is individualized data on music preferences as a marketing tool? With RN's history of aggressive product spamming users should not have to trust that they will not be constantly mailed by cd salesmen because RN picked up on that Jonathan Richman kick they were on.

Apologizing for this kind of behavior encourages it. That is why /. takes this so seriously.

HELP! Please tell me port to block on firewall!

[anonymous+cowerd]

Can anyone here give us suggestions as to what ports and/or IP addresses to block on my firewall? I've installed Netscape 4.7 all over the building in its default configuration, and I would like to stop my entire company from being monitored.

I'll be watching Slashdot and also my eMail, anxiously.

Thanks in advance, WDK - WKiernan@concentric.net

Re:Ahhh... Windows...

[joe52]

Quicktime, the proprietary player is just so cool. I mean, who cares about the fact that it's ugly, sucks CPU like a cheap whore, and is no better than mpeg for movies.

This is kind of offtopic, but I felt a need to comment on this. Quicktime is a proprietary and I don't care for the new interface, but the performance only sucks on Windows. If you're running the Mac OS it pretty much rocks (as in works well and isn't as much of a CPU hog as it is under Windows). That said, I think it says something that Quicktime only exists for two platforms and imho it is less than adequate on one of those platforms.
just my $0.02

joe

It's "free"

[donstenk]

It's "free". That about says it all.

Whats wrong with the provider of a service/good/program knowing what you do with it. Expecially something trivial like music. Who cares.

Re:It's "free"

[beagle]

Can you imagine the backlash if Intuit decided to harvest the account names, numbers, institutions, and other information of users of its popular Quicken program?!

I've never trusted those online options in Quicken, but probably there's no need to distrust that company - you pay for the software. This is also precisely why I refuse to use their online tax submission system.

Anyway, wasn't Microsoft's Windows NT, circa v3.51, sending a UDP packet to Microsoft every several minutes? Anybody ever decode that?

beagle

Re:It's "free"

[joe52]

It's "free". That about says it all.

There's a free version, but there's also an enhanced version (RealJukeBox Plus) that costs $29.99.

Whats wrong with the provider of a service/good/program knowing what you do with it.

I do have a problem with the "provider" of a program knowing exactly what I do with it. What makes this worse is that the user is never informed that the "provider" is harvesting data on what they are doing, as well as what interesing files they have on their system (the article says it actually collects data on all the realmedia and mp3 audio files on the user's drive) If I chose to use Visual C++ , would Microsoft be entitled to grab a copy of my source code, or even of the names of my source files without telling me? Maybe they could better serve the market if they had some idea of exactly what every single copy of their software product was being used for. No thanks.

joe

This is not just online

[Rick+Razzano]

Collecting information about people is far from limited to online. Many supermarket chains have some sort of "discount club card" or some such thing which you have to use to get the better price on a significant number of things in the store. It's free, but now they know every last thing you buy at the supermarket. Your credit card company knows everything you buy with that.

Everyone is collecting every bit of information on people to use to sell stuff. I would doubt that there is any other motive than profit. Now if RealNetworks was bought by the RIAA or something...

Re:so what?

[zantispam]

"Everyone is making the dangerous assumption here that RealNetworks is *combining* this information for their evil spying practices."


Nope. Everyone is pissed because the information is being gathered without your consent! Ok, let's say that I download this product. I pay for it and as I'm unlocking it with the key that they've given me, a dialog box comes up and says, "Hi, were going to gather a bit of information about you to be better able to provide you withe the products and services that fit your lifestyle. We won't keep this information very long and we won't sell it.". I'd be more than happy to give out my particulars.


However


That's not the case. The company says, "here's your product. Enjoy.". Then the product gathers whatever information it wants to and sends it back home. To put it another way, if you put a stereo in your car, you don't expect it to use your antenna to communicate with the stereo manufacturer, do you? Would you feel better about it if you gave consent?


This is more about common courtesy than anything...

Re:Hmm.. just checking, but..

[Sylvain]

Definetly yes it does, i use to be a firewall sysop, and my log files were full of real players connections to the real.com servers.

Hopefully for my users, the firewall didn't let packets pass.

I'm curious about this myself (OT)

[Rares+Marian]

Aside from the privacy issue (my voice/keyboard is hoarse after all the crap that goes on daily.):

It isn't the V4Linux team's fault really. The only way to write a driver in Windows is to play by the rules. So if your card or camera have all kinds of funky features you have to explain those features to Windows or rather rethink those features in terms of Windows' constructs, which, though structure is normally a good thing, means you have to adapt your driver to expect certain information in certain Windows related platform dependent memory ranges.

So at this point Video4Linux is just a collection of video drivers that conform in some ways, but try to be platform independent. (No you'll never see Unix driver work on a Windows box. They're two different Universes.)

Platform independence can get in the way of generic design. Something I've discovered in my own projects. Complexity cannot be created nor destroyed on transformed. (Call me a cynical essentialist if you want.)

I think Video4Linux can mature into Video4Freenix or even Video4Unix. The problem is trying to find a solution that covers the top-down camera end of things and bottom-up video card end of things. Not easy. The risk is that you have to maintain two sets of code one from the Video4Linux camp and one from the Hardware camp. What happens when one camp thinks the video driver interface is more important than the device drivers. But that's the reason the bttv code and the QuickCam code doesn't mesh.

Bttv developers would have to write their code around the quirks of the QuickCam. Which blocks their code from being use with other Cams unless we demand bloat.

There's ways to fix this. It's just not easy.



"Computers should be ... tools... (siglim 120 chars)" Like cars... to the office no more no less.

We as linux/bsd users certainly have no worries

[flyneye]

We dont have Jukebox and that wreched G2
barely works as it is :)

Re:Hmm.. just checking, but..

[Krollekop]

Why does the default setting matter?

Because if you are in a hurry when you install a software, or are simply not interested in all the bells and whistles, you usually skip the READMEs and trust the (Net)Etiquette of the software you use.

You certainly don't want to have to go down a few dialog windows to uncheck things like "BCC: my.privacy@outlook.com" in your mail reader.

K.

Re:privacy invasion

[jamesoutlaw]

QuickTime.... http://www.apple.com/quicktime/

;-)

Re:privacy invasion

[jamesoutlaw]

exactly. this is the end of my use of any software from real.

Re:Doesn't the NY times monitor people's reading t

[jamesoutlaw]

yea, but you know UP FRONT that the NYT is monitoring your reading habits. You make the decision to register and read whatever articles you want and you mke the decision to let the NTY track your reading habits... if you do not want them to do it, you do not register on their site. real networks chose to HIDE the fact that they are collectitng this information from users of their software. they did not give the user a choice on the matter.

practical routing/filtering countermeasures?

[peterw]

Could someone please explain the feedback mechanism and post some sample ipchains/ipfwadm rules to disable it? Mainly I think we need to know what the destination networks/ports and protocol type are. Does it use HTTP through a proxy so that Squid, etc. need to be reconfigured, etc.?

Re:so what?

[AndyL]

>" i mean, what happens when you listen to a real jukebox? "

Generaly I put my $.10/$.25/$.50 (depending on how old the machine is) and I select which music I want to hear. Then that song is added to the queue.
As far as I can remember, I've never had to disclose my name to the JukeBox, nor did I have to tell it which records I own at home.
But I don't use Jukeboxes very often. It's possible I missed something.

headline at MSNBC

[god_of_the_machine]

I have to admit that I love the irony of the headline over at MSNBC... RealNetworks is watching you Ah yes... scaring people away from the competition! (even though the scare is justified in this case) --- "Progress is the God of the Machine"

The value of behavioral data.

[Grabble]

No wonder Real so willingly gives away Real JukeBox in promotions like EMusic's "Buy $50 of MP3s and get a free portable mp3 player and secret behavior watcher" deal.

Re:Not new, no harm done.

[SnowZero]

No, there *is* harm done, and there *is* a difference. If I ask for a service over the network, I'd expect that the server on the other end would be gathering statistics on that service. C'nom, who wouldn't? Same goes for stores that track customers through club cards.

But, if I'm not using a network service or buying from a store, I don't expect them to track me. If the store sends someone to follow me around after I leave their store, ICQ looks at files on my computer that I'm not using or sending, or RealCrapBox decides to send stuff over the network that I'm doing with information stored soley on my own machine -- I'm sorry, but these are unacceptable. Services should be monitored, but are not an invitation to monitor something beyond that service.

Make more sense now?

Re:Overreaction, this is fine

[edward_mc]

The attorney mentioned in the NYT article is from Washington, his name is David Banisar. I paid for the full version, so I'd be real interested in any class-action suit. Please post any info you get here. Thanks.

Paranoia, justified or not...

[lari]

>I think the part that makes it offending, is that in the aura of society today, everyone says we're open, and yet we always think conspiracy.

There are times when I'd really like to become a sociologist. People amaze me... from watching panic at a forward claiming that shampoo or deodorant will cause cancer, to the way that intelligent people tend to bolt from the slightest suggestion of a THEM who might know what they're doing. And yeah, I don't want anyone knowing the details of my life, down to my folk music, without my knowing... but I'm less disturbed about being "stalked" by a corporation than I am about an individual having the same information. (If they're doing it to everyone, I'm not being singled out... they probably aren't obsessed with me for some bizarre reason... real-life stalking is scary, yes.)

Yeah, I'd like to know what they're doing with this information. I'd like to at least have something like the standard ethical disclaimer in a psych experiment ("Your data will be identified by a code number. You may leave at any time.") And I'd like to be able to turn it off. But I don't understand why so many people seem to be reacting with "No! Evil! Diabolical! Out to exploit the innocents!"

There's no need to tell me what I already know, but why this extreme of fear in so many?

Re:Other things that Real might be doing (100% OT)

[gargle]

The funny thing is, despite how we complain about MS software, MS software is often less intrusive than their competitors'.

Take for example the incredibly irritating blue Real icon you mentioned (that keeps blinking until you click on it whenever there's a software update). Or consider Netscape vs IE. Netscape communicator forces you to install the Messenger, Composer, and AOL Instant Messenger even though I absolutely do not want any of that (sure, you can download the standalone Netscape Navigator, but that's an older version).

Re:so what?

[gargle]

SEPARATELY, RealNetworks is allegedly collecting information about your listening habits (tied to a userID not necessarily tied to your contact information). I'm not going to try and defend this, since I lack information one way or the other, but it seems like a great many of you are just assuming that RealNetworks uses this information together somehow.

Let's look at this a little more analytically. (Put aside for a moment the fact the RealNetworks has no right at all to do what they did).

1) This is the same company the sends data about your listening habits, secretly, without your consent, to them. You must be pretty naive to believe any assurances that they give you.

2) Let's look at the facts. Let's look at what the company has said:

Richards of RealNetworks said the reason the program tallied the number of songs a user had recorded was to enable the company to determine whether the user was "naïve" or "sophisticated." This better enables the software to steer sophisticated users toward its advanced features, he said.

How can the company determine whether the user is 'naive' or 'sophisicated' if they do not keep track of each user individually (sure, they use GUIDs, but each GUID is tied uniquely to each user)?

But of course, they contradict themselves a paragraph later:

But this seemed at odds with a statement by Steve Banfield, RealNetworks' general manager of consumer products, who said the company was gathering only "aggregate usage" information about users of the software.

Not the most honest company eh?

3) Yes, they collect the information, but that doesn't mean they're using it together.

er.. Sure. We collect all this information, we take up space on our servers, eat up our bandwidth receiving user info, but no, believe us, we're not going use this information at all! No siree!

Re:so what?

[gargle]

Further extending the music store analogy, let's say you get one of those FrequentListener discount cards there. You give them your name, address, phone number, etc., and shop there every week or so. Now, the clerks know you by face, but that does NOT mean remotely that they automatically know your name and are linking every purchase in their head with your address and phone number. Yes, they collect the information, but that doesn't mean they're using it together.

I apologize, I missed your point somewhat in my previous reply. However, the analogy you give is not valid. The big difference is that in this case, all the information is sitting on a computer database.

Now, all the CEO (or some other head honcho) has to do, is to sit down in front of the database, and say: "Tell me, how many people listened to xxx type of music", or "Tell me, how many people are listening to pirated CDs, and return a list of names", or "Hey, I wonder what my neighbor Steve Jobs is listening to. Get me a list of the last 10 CDs he played." You get the point.

Do you imagine they would have this big, valuable database, and not exploit it in everyway possible? Companies hire people just to do this kind of analysis.

Of course, all this is besides the point. RealNetworks should never have done this in the first place, regardless of how they use the data.

Re:so what?

[gargle]

Try to put out statements and/or press releases that explained exactly how the data was used and how the company has had consumer privacy in perfect mind during the entire design process

Let's just say that a company which has customer information covertly transmited back to them (through a Trojan horse software, no less) does not have consumer privacy as a highest priority. Extrapolate from there.

Even if RealNetworks had no evil intentions to begin with, none of you are going to even acknowledge the fact that this might be a possibility.

Everything is possible, but some are highly unlikely. This is one of them. And if you read the follow up articles (in ZDNet for example), RealNetworks has been monitoring each user individually.

And you're still missing the point. The fundamental issue is, whatever the company does with the data, they had no right at all to obtain the data through these means in the first place!

I don't know man.....

[opedog]

I don't know about you guys, but most of the Real software I've had to download has turned out to be a Real annoyance. I had never downloaded RealJukeBox because it came packaged with RealPlayer, so I had no choice then, but I didn't fool with it because I thought it'd cause the file type problems that realplayer does.

Re:Is anyone shocked to here this?

[leonids]

Well... We trust most open-source programs because we trust the authors. But there is this little thingie called obfuscated code

a=1;a++;b=2;c=b-a;c=c+a;a--;b=b-a;c=a;
delete file no. a;

Of course with the vast number of initial users, someone is bound to figure out what the code is hiding.

Ahhh... Windows...

[Qybix]

All this reminds me why I like Apple... Don't see anything like that in any of their programs... (and Quicktime is better anyways... :)

Re:so what?

[alexhmit01]

Of course they have a right to demand that, and you have a right to laugh at them. Haven't you ever been in a store with voluntary surveys? They could make it mandatory, but the lost sales would cost them.

The problem with the current scheme is the lack of an identity system. Personal information should be stored on your machine in an interchangable format, and you should be able to negotiate the exchange.

The problem is that http was NEVER designed for what we are doing, and provides all sorts of information automatically. The solution is to change the code. We need to design a system by which information isn't traded unnecessarily, perhaps going through random anonymous proxies for our NATed (untracable) IP addresses to hide this information. All information requested of you should be negotiated.

i.e. If the store demanded you fill out the survey to enter, you'd leave. If they instead offered you a 20% discount, you'd probably stay. The problem is that these companies can extract the information secretly for free, so the databases of information are free profit for them. They should "pay" you a fair market value for your information (which might be the free software), and then they are free to do what they please.

The problem is not the exchange, the problem is that it is behind the scenes. We need to develop a scheme that puts the power in the client, not the server.

Alex

Re:who uses it?

[UCSCJeff]

Anonymous Coward wrote:

Would you run that by me again? Is this a new "misfeature" I just encoded a 150 kbps "Corporate LAN" video stream yesterday on a month old copy of their free encoder... It goes up to 200 kbps for Cable Modem.

I think you're probably talking about RealProducer G2, which is for encoding RealAudio and RealVideo content. IIRC, there are no quality restrictions on the free version of RealProducer. RealJukebox is a different product; it's used for MP3s, and the free version will only encode at up to 96 kbps. RealJukebox Plus will do up to 320 kbps.

Re:so what?

[Solon+the+Geek]

if (sic) you dont want your privacy "violated" then dont (sic) browse the net, shop, venture outside your house or pretty much anything. Well, maybe online violations of privacy do not yet warrant this kind of extremism, But it is nice for us to know when are actions are being monitored. Nobody likes being spied on, online or otherwise. As long as we know what's going on, and as long as there are options that preserve our privacy, we should use them instead and be happy.

Have Mercy, Moderators...

[Solon+the+Geek]

C'mon... The AC is saving lots of people a little trouble. He/she posted it as a link to be helpful, not like some people who post something that's already been said just for the hell of it...

Re:so what?

[Solon+the+Geek]

Why would they collect the information if they couldn't use it profitably? Besides, it's the principle of the thing.

Re:so what?

Augh. They're not talking about a web page JukeBox. They're talking about a piece of software you purchase from RealMedia that allows you to make and listen to music databases.

Surprising?

This is definitely a trend. Close-source apps will ALL eventually do something like this - look for Win2k and the AOL browsers to do this type of thing as well - gotta check up on the customers.
What vendors do YOU trust?

Re:so what?

[mosch]

I fail to see the issue. If you dial an 800 number, the company is footing the bill for you to call. I think that if they're paying for your call, you can expect them to want to know who you are.

As for non-800 numbers, you can generally (in parts of US and Canada anyway) block the information from being sent on a per-call basis by dialing *67 before the number.

Businesses have a hard time understanding that the ability to do something does not justify the validity of doing something.

Real Networks and privacy.

[strredwolf]

RealNetworks' has said that they do gather the information, but "the practice did not violate consumer privacy because theinformation was not being stored by RealNetworks nor distributed to other companies," according to their VP of consumer products.

YEAH. RIGHT...

This is from a company who spewed ads from their servers and is so far still on the MAPS RBL for doing it. It's already been proven that Real Networks will gather and spew out anything and everything. Real Networks has a security problem on the scale of the Goths invading Rome durring it's downfall.

Love the technology. Don't love the problems tacked onto it.

---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack

Re:Real Networks and privacy.

[Fastolfe]

This is from a company who spewed ads from their servers and is so far still on the MAPS RBL for doing it.

Do you have more information on this? RealNetworks actively spams people unsolicitedly? What IP blocks are listed under the MAPS RBL? I've never received unsolicited e-mail from RealNetworks (but then I've never checked the checkbox that indicates my desire to have this happen, either)...

I realize RealNetworks puts ads out on their various pieces of software, which is perfectly fine (that's the price to pay for free software), and as far as I know, the RBL deals only with spamming-related issues.

Do you have more information (like, say, proof) of these allegations?

Re:Real Networks and privacy.

[Fastolfe]

When you get it, but not ask for it, it is NOT fine. Period.

I was talking about ads via their software (equivalent to banner ads), not e-mail. "Period."

I did not ask for Real Network mailings of any kind (which it says so many places but one).

Neither did I, and I never get them.

The articles you quote all talk about how people keep putting bogus e-mails in their RealNetworks registration, and real live people that receive mail at those bogus e-mail addresses are complaining. If nothing else, you should be blaming the people that are putting YOUR e-mail address in the box instead of their own. THEY'RE the ones that are signing you up for e-mail from RealNetworks. RealNetworks has a little checkbox that I always uncheck that says "Send me mail about stuff." Rather than uncheck this box, they leave it checked and just put in somebody else's e-mail address.

I'm afraid I'm going to have to side with RealNetworks on this case, though I do think (as the article suggests) that they should adopt a better policy of validating e-mail addresses. I hardly think it's fair to bash them because people are putting in other people's e-mail addresses. It's clear that people feel more strongly about pushing RealNetworks into adopting this policy, to the point of using the RBL to declare them spammers, and that's fine. I don't disagree with that stance, and I hope they're successful. But I don't think RealNetworks is particularly evil one way or the other. It's all about buying into the mass media.

Re:so what?

[Fastolfe]

A)Automatically trust him to be telling the truth and
B)Say "ah, that's all right then" and wander away without even wondering WHY they were practicing, and more importantly, why on you?

I would do neither. I'd investigate, certainly, but I'd hold short of trying to beat the crap out of him or call my local legislature and ask them to pass laws that forbids people from taking photographs of me in public. If I asked him and he said he was a photographer for the Daily News, and was just out checking how popular the new restaurant that just opened was, I'd believe him, certainly.

we have something at the same level as MS's "UID" namestamp from Office97, and most people agree that that was beyond the allowable.

I guess this is just a difference of opinion here. I agree that this is somewhat similar to the Office GUID thing, but I disagree that either issue merits the attention.

Companies keep clients by keeping the client's trust. If they abuse that trust, or do something pretty stupid (as seems to be the case here), they lose clients. It's not good business sense to act in a way that alienates your very clients, and it *certainly* doesn't pay to do so with evil motives, because things like this always get exposed in the long run (by faithful privacy "activists"). THIS is why I give companies the benefit of the doubt in these cases. Yes, I agree that RealNetworks should have somehow disclosed the fact that this data were being sent back for the purposes of aggregation and analysis, but I do NOT agree that RealNetworks was acting with malicious intent. It was probably just a communications problem or poor decision-making between their various departments.

There isn't some dark room back in the basement of the RealNetworks headquarters with a dozen executives sitting at a table saying to themselves, "Drats! Foiled again by the privacy activists! We must find another way to invade the privacy of our 'loyal' customers so we can continue to be an evil company!" More likely, people are being scolded for not having mentioned this "feature" of the software to consumers. It's a PR mess, certainly, and I can only hope that RealNetworks and similar companies will learn from their mistake.

So it seems to me that if you guys want this issue resolved, inform RealNetworks of your opinion (though I imagine they're already aware of it), and wait for RealNetworks to respond.

Re:so what?

[Fastolfe]

Secrecy?

There is a difference between failing to mention something and keeping something a secret. Unfortunately, most privacy activists fail to realize this difference, and so it becomes the custom to assume that whenever somebody fails to mention something, it automatically means they are attempting to keep it a secret.

I'm not saying this isn't the case here, but it just seems like everyone reads the headlines and immediately jumps on the anti-RealNetworks bandwagon without really doing much investigation on their own...

Re:so what?

[Fastolfe]

but you don't normally expect him to ask you questions about who you are and where you have just come from, and you definitely don't expect the manufacturer of the jukebox to have the right to do so....

Everyone is making the dangerous assumption here that RealNetworks is *combining* this information for their evil spying practices. Most all major products I download from the Internet ask me for my name, and bits of other information. Most (if not all) give me the option to decline sending this information in.

SEPARATELY, RealNetworks is allegedly collecting information about your listening habits (tied to a userID not necessarily tied to your contact information). I'm not going to try and defend this, since I lack information one way or the other, but it seems like a great many of you are just assuming that RealNetworks uses this information together somehow.

Further extending the music store analogy, let's say you get one of those FrequentListener discount cards there. You give them your name, address, phone number, etc., and shop there every week or so. Now, the clerks know you by face, but that does NOT mean remotely that they automatically know your name and are linking every purchase in their head with your address and phone number. Yes, they collect the information, but that doesn't mean they're using it together.

Again, I'm not trying to defend RealNetworks here, but I do think many of you are taking this to an unfair level...

Re:so what?

[Fastolfe]

egregiously does NOT mention the fact that they log every CD and mp3 you play from your own computer--we can pretty easily conclude that this is a deliberate secret.

Did you ever stop to consider that this isn't listed on their privacy notice because they DO NOT, IN FACT, DO THIS?

This whole bit about logging every CD and MP3 played was MADE UP BY UNINFORMED SLASHDOT KIDDIES in this thread. There is absolutely no basis in fact for this assumption that I have read. In fact, RealNetworks goes so far as to point out that this information is NOT stored. It is simply sent, analyzed, and whatever aggregate information (genre, for instance) is gleamed from it.

What possible motive would they have for logging every single CD and MP3 you download and listen to? It doesn't serve them a single bit, except to waste VOLUMES of hard disk space. The only thing useful out of this information is the aggregate information such as the type/genre of music people listen to, which is most likely what they use it for. Now, whether or not this in itself is a violation of privacy is an entirely different debate, and one I'm not going to get into.

Re:Doesn't the NY times monitor people's reading t

[Fastolfe]

if you do not want them to do it, you do not register on their site. real networks chose to HIDE the fact that they are collectitng this information from users of their software.

No, they chose not to DISCLOSE the information to the public. There's a difference between not mentioning something and deliberately trying to keep it a secret. Let's not jump the gun here.

I'm not trying to defend RealNetworks here, as I disagree with what they're doing, but I'm getting kind of annoyed at everyone's assertions that they're doing this maliciously. Let's wait until we hear a few more *unbiased* takes at the situation before we start spreading misinformation about their intentions.

Re:Hey, at least we're not storing it.

[Fastolfe]

What a legal tightrope - we're not storing your info for very long. Yeah, not storing my personal info, but I'm sure you're saving the results of what CD's are listened to, how often, and whom by just getting rid of my GUID and replacing it with a demographic.

A more likely scenario is that they're storing information in an aggregate fashion, perhaps numerical values corresponding to the music genres you tend to like.

I can think of zero reason whatsoever that they would actually be interested in the actual titles and artists you listen to. It does make sense for them to want to know what *types* of music you listen to, which can be pretty easily gleamed from data like bands/albums that doesn't require it to be stored.

Just an idea, but it does seem logical...

Re:Is monitoring really the issue? I monitor my bo

[Fastolfe]

Something like RealPlayer, web pages, checkout counters, etc. No. I don't believe there is any "right to privacy" either implied or expressed.

Agreed. If you're that concerned with your privacy, it's up to you to protect it. Don't give private or confidential information to people you do not trust. Period.

I'm choosing conciously to use their product.

I think the crux of the issue is that you are choosing to use the product, yes, but you aren't making the concious choice to consent to their "monitoring".

What people fail to realize is that, in all likelyhood, this "monitoring" only ends up adjusting small numerical values that represent your aggregate interest in the various musical genres. The specifics about what albums and artists you listen to are likely forgotten immediately.

The point? I'm convinced that the whole "privacy" issue is getting blown way out of proportion especially in areas where it shouldn't really apply. YRO articles like this add to media congestion and hype, and only cloud the real issues: things like encryption laws, misuse of wiretaps and warrants, things that truly matter.

Exactly. These YRO pieces are frequented by privacy "activists" (a.k.a. whackos), and the authors themselves tend to throw in an IMMSENSELY heavy bias in their introductory description of the issue, so it is only natural to expect that the entire tone of the comments will follow that bias to a T.

Unfortunately, this has made my life a bit harder, as I am compelled by some unknown forces to try and keep things rational, based on the unbiased facts and not on the rabid reactions of people without knowledge of actual facts. It's tough work in YRO articles.

Re:so what?

[Fastolfe]

Nope. Everyone is pissed because the information is being gathered without your consent!

I'm not disputing this, and it doesn't have anything to do with the message I was responding to.

I totally agree with you that RealNetworks should have provided more disclosure about what it's collecting from you, but I'm seeing posts that are unfairly bashing RealNetworks because they are assuming that this information is automatically being stored in its full, verbose complete form and tied directly to your name and address, which isn't necessarily the case at all.

I'm not saying RealNetworks isn't the bad guy in this case, but they aren't acting quite as evilly as some people are saying, and it distresses me when people jump on the anti-something slashdot issue-of-the-week without doing any research on their own.

Re:Companies like Real could avoid all this flak i

[jht]

Good point.

I meant to refer to the "free beer" model - there's plenty of high-quality free and commercial software, and there's commercial software that's open out there too. And plenty of people create "Free Software" without asking for anything in return, but commercial software will take something from you as payment - even indirectly. That's the nature of the game. It's OK if they tell you up front, and even the model of "give away the sucky version and charge for the slick version" is OK by me. Caveat Emptor.

Sendmail's not as good an example because they give away and still maintain/enhance their core product which is still open. They are an example of doing the Right Thing. Good old Sendmail, despite it's hairyness, is good enough for most users. The "Pro" version gets you extra goodies and a slick GUI, but the core is the same. Real (or Apple's QuickTime) are better examples of crippleware. Apple, though, just makes you see an irritating banner ad. They don't (as far as I know) send my personal information to Apple without my consent every time I play an MP3 or video. But they do generally ask permission to do such things first.

Giving up privacy without consent is Wrong. Period. But be prepared to have it made an up-front condition for using more and more "free" commercial programs. They have to make money from something to pay the bills...

- -Josh Turiel

Companies like Real could avoid all this flak if

[jht]

...they only stated up front what data they were collecting, and why. Real is a company that needs to make a profit (despite being a player in the Internet space, where profits are pretty much just baggage!), and isn't going to when they don't charge for software. Sure, you pay for their "plus" packages, but I think most users stick to the free stuff - remember, very few things in life are free, and commercial software is not one of them. Ultimately, Real needs to be able to sell demographic and targeted advertising information to companies if they want to make money - I sympathize with that need and don't have an issue with selling demographics at all. Most companies (Real included) aren't run as charities and need to make money somehow.

Anyhow, Real is entitled to the data so long as they ask for it, and make it clear that they are collecting it. If a user doesn't like it, they're welcome to not use RealJukebox or RealPlayer, there's plenty of alternatives out there. But collecting data without informing the user is the Wrong Thing.

- -Josh Turiel

Re:News.Com Story

[NMerriam]

I can't believe that no one is getting upset about this -- if microsoft was doing this you'd all be shitting your pants!

I find it absolutely unbelieveable that RealNetworks has the gall to send information that ISN'T authorized (this is NOT the checkbox for sending your registration information) wihtout any notification or ability to opt out whatsoever.

There is a BIIIIIG difference between sending an email address and constantly tracking what a person is doing. this software tells RealNetworks how many audio files you have on your system, how frequently you listen to them, etc, etc -- this is not some innocent marketing crap!

This is nothing like watching people's online activity, where you know your packets are being sent all over for anyone to grab. This is you, sitting at your personal computer that you paid for, providing Real with all the information they could ever dream of without them ever telling you about it. This is spying, and I sure as hell hope someone DOES sue the idiots as the attorney in the article suggested miught be possible.

Is monitoring really the issue? I monitor my box..

[mindslip]

I wonder if YRO and the whole "privacy online" thing isn't starting to get blown out of proportion... at least to the degree where we're missing real issues and turning any "violation" into an issue.

On a public mononpoly, or a service intended for personal communications, (i.e. the net, the phone company, cellphones, postal mail, etc) I wholly agree. Privacy is a "right" that is implied (note, not contracted, but only implied) by use of that system.

Something like RealPlayer, web pages, checkout counters, etc. No. I don't believe there is any "right to privacy" either implied or expressed.

Simple examples: I monitor my box and my web server. I use caller ID to see who's calling me. I look through the peephole in my front door.

Is monitoring the issue here? Ok, it's not "necessary" for use of the system, it's strictly for their marketing departments own good, but then again... I'm choosing conciously to use their product. There are alternatives, I could use them. If I were a better programmer, I could write one.

The point? I'm convinced that the whole "privacy" issue is getting blown way out of proportion especially in areas where it shouldn't really apply. YRO articles like this add to media congestion and hype, and only cloud the real issues: things like encryption laws, misuse of wiretaps and warrants, things that truly matter.

mindslip

Like hell it is...

[Otto]

Also, with the CDDB thing, it sounds like they are doing the right thing to protect peoples' privacy. i.e. they aren't allowing CDDB to rob the privacy of the Jukebox users. As long as they aren't abusing the info (which should be independantly confirmed), there is no problem.

Okay, firstly, Real lied about CDDB.

When you request data from the CDDB server, you send info about the CD you are looking up. That's it. No e-mail address gets sent at all in any way when looking up a CD, and Real damn well knows it. You do send an e-mail address to CDDB when you make an update or an addition of a CD. Naturally. The whole CD info is just e-mailed to the CDDB system so of course they have your e-mail... That's for an addition or update only, however.

Real was obviously caught with their pants down on this one.

Face it, this information that was being sent is EXTREMELY valuable. The whole damn world is wanting to go to digital distribution of music, and anyone with actual good stats on music tastes, music preferences, digital listening habits, etc, stands to make one hell of a lot of $$$... Later, no doubt, Real would introduce a system where they would e-mail the users of the RealJukebox suggestions based on their listening habits and, of course, based on how much the record companies pay them...

Actually, I have no problem with this. It's a damn good idea. But, it should have been:
a) told to the users...
b) optional
c) defaulted to off, like any privacy reducing feature...

If they'd couched it in nice language, hell, I might even have gone for it (excepting the fact that RealJukebox is a bloated POS program, along with everything else Real still makes)...

Well, that definitely ends my association with Real. MPeg is the only way to go from now on...


---

Re:so what?

[stuntpope]

What happens when you listen to a real jukebox? I'll tell you what doesn't happen:

• The establishment where jukebox is located doesn't know what songs you played there on past occasions (unless they recognize you and feel like noting what your selections were...unlikely).
• The jukebox manufacturer has no idea who has requested the songs, or what your playlist history is, or what your e-mail address is or your name, etc. etc. They can't build a marketing profile on you.

I like the analogy another respondant to this thread used: according to your view, it's ok if every time you browse in a shop, buying something or not, they require you to fill out a registration card and they follow you around, making notes about what things you're looking at.

Plus, your "they should be allowed to monitor you" attitude brings up this scenario: would you find it acceptable if, everytime you called a store to get information, a price quote, directions to their store, etc, they asked you your name, address and phone number? People's desire for some anonymity and privacy is not silly, like you seem to paint it, and interacting in society does not demand that we surrender our privacy. Some things strangers have no right to know about us.

Re:so what?

[Coda]

No, I see this as a violation of privacy.

Because I live in a house you built does not mean that you get to want what I do in it.

If they provided the content, then yes, they would have a right to see who accesses it. They don't provide the content, however, they provide the music player/manager.

Re:so what?

[SEWilco]

Do you think because TurboTax sent you email they have the right to know every time you read it, your email address, your current IP address, and the usual stuff sent during an HTTP transfer?

A few weeks ago they tried that. They sent email to customers telling them about the new version of their program. Look at the bottom of the source of the email and you see a URL for a transparent pixel image, with a key being sent to info.turbotax.com.

Because you used to use their program, they provided you with new information about it, and you tried to read the mail, do you think they are entitled to know that? Would it have been okay if they used an email Return-Receipt instead?

Not new, no harm done.

[SpinyNorman]

CDDB has been doing this quite openly - their web page has top ten list (top 100 also) based on what people are playing and accessing CDDB's servers for.

I don't see the harm in this type of "aggregated" information. Where it does become intrusive is where individuals/organizations are identified, such as in amazon.com's short lived "aggregated" data that identified corporate book sales.

Not storing the info?

[BradyB]

If they are not storing the info then why is it being sent to them in the first place. Does someone just look it over and then delete the message. Come on Real Networks people aren't dumb. Maybe they are storing it with some other company is that just as illegal?

They are just the first to be caught...

[vapor2000]

But I'm sure this has been going on for a while. MS, Intel, and others have all been suspected of such activities (all the technology was in place) but have never admitted it.
I don't mind if a company tracks my music listening habits or internet traffic etc, but they should tell me it's happening and reward me for the data that I am providing them. A nice stereo for the music survey, or a top of the line PC for the net info or something like that. If they are going to profit from my information then I deserve a piece of the action (Hmmm, stock options maybe?)
v2k

so what?

[monstar]

really, so what? i wish slashdot would stop banging on about this. IMO if you have a "right" to view information on someones web page, the owners have a "right" to maintain a profile of visitors and visitors haibits.

anyone who visits a "jukebox" site and thinks that his/her listening habits is being not being monitored is naive. i mean, what happens when you listen to a real jukebox?

if you dont want your privacy "violated" then dont browse the net, shop, venture outside your house or pretty much anything.

Re:so what?

[Kintanon]

really, so what? i wish slashdot would stop banging on about this. IMO if you have a "right" to view information on someones web page, the owners have a "right" to maintain a profile of visitors and visitors haibits.

anyone who visits a "jukebox" site and thinks that his/her listening habits is being not being monitored is naive. i mean, what happens when you listen to a real jukebox?

if you dont want your privacy "violated" then dont browse the net, shop, venture outside your house or pretty much anything.


Do you even know what RealJukebox is? It's a program that works like WinAmp and other Mp3/CD playing programs, except that it sends the information about what you are listening to on your computer to the marketroids at the REALnetwork or wherever. Do you REALLY think it's any of their business what you are listening to?

Kintanon

Re:so what?

[Kintanon]

To be brutally frank with you kintanon, i really couldn't give a flying f**k who is interested in the trivial minutae of my life. there are plenty more meaningful things in this world to be bothered about.


Oh, well in that case, mind if I install a couple of cameras in your house? I'm sure you won't mind me analyzing the trivial minutae of your life in order to make sure we can properly advertise the correct brand of toilet paper, condoms, bed sheets, shampoo, orange juice, toasters, etc...
Just imagine, one day a Light Bulb blows in your house and we already have a salesman on your doorstep with your preferred brand, plus 3 behind him offering competing brands. Wouldn't that be GREAT?!

I personally don't think it's anyone elses business what I choose to listen to on MY computer in MY free time. Which is why I don't use RealJukebox.

Kintanon

Re:so what?

[DaveHowe]

really, so what? i wish slashdot would stop banging on about this. IMO if you have a "right" to view information on someones web page,the owners have a "right" to maintain a profile of visitors and visitors habits.
Interesting opinion - so tell me, when you go into shops to look around, do you expect to fill in a card with your name, address, and the names of the last five shops you visited? You don't have a "right" to view people's websites - they have chosen to display them publicly. If they didn't, then they would be password-protected. Most of the arguments about tracking and cookies revolve this idea.

anyone who visits a "jukebox" site and thinks that his/her listening habits is being not being monitored is naive. i mean, what happens when you listen to a real jukebox?
Normally, you walk in, sit down, maybe by $PRODUCT the place sells, and listen. You might expect the owner to recognise you if you have been there before - but you don't normally expect him to ask you questions about who you are and where you have just come from, and you definitely don't expect the manufacturer of the jukebox to have the right to do so....

if you dont want your privacy "violated" then dont browse the net, shop, venture outside your house or pretty much anything.
Why? why should my life be restricted to sitting in a shuttered room just to prevent a private company from gathering Valuable, Resellable market data from me? If they sent someone to folloy you from shop to shop, noting which shops you visited, what you looked at, and what you actually bought, I imagine you would get paranoid in pretty short order. why should this be any different if you are on the internet?
--

Re:so what?

[snopes]

The bigger issue is not the collecting of data, but the secrecy with which it is done. In fact, it would almost seem that Real is deliberately misinforming in their own privacy and license statements. And it's one thing to track IP's or cookie s/n's as a user clicks around your website, I think it's something else entirely when you entice that user to install s/w on their system which then surreptitiously monitors their activities. As one person is quoted as pointing out, that's a damn trojan!

Calling all moderators...

[ToLu+the+Happy+Furby]

Doesn't RealPlayer's install program actually ask you if you want to send information to Real.com?

I know for a fact that there's an option to send "connection statistics" to the content provider. Isn't this what the hoo-ha is all about? Seems a bit silly that people are consenting to send in information about what they're watching/listening and then bitch about it happening.

This post is offtopic, guys. This story is not about RealPlayer. It is about RealJukebox. I realize lots of you are confused because they only thing Real makes for Linux is RealPlayer, but that's not what we're talking about.

RealJukebox is an mp3/CD player/ripper for Windows. That is, it's like Winamp (but it also rips). It is not used to play content from the internet, and there is no reason for it to compile "connection statistics" or any such thing. The big deal here is, it is sending information on mp3s you are playing off of your own hard drive, CD's you are playing from your own CD drive, and, presumably, mp3s you are making from your own CD's. The information they are taking from you is of absolutely no use in improving their product; the most benign possible interpretation of it is that they are using it to market information in aggregate. However, the fact that their privacy policy and EULA (neither of which mention this logging) have been revealed to be blatant lies tends to make me not believe the most benign interpretation.

In any case, in absolutely no way is the user asked or informed about this. The best they can do is refuse to register (which they are not informed is an option) so that the information logged on them can only be tied to an IP address, not an email address and name. Oh wait--no, that's not true either, as you have to input an email address and name before you download the software.

This is scary, folks. If you don't think it is, it's because you don't know the facts.

Hey, at least we're not storing it.

[gad_zuki!]

What a legal tightrope - we're not storing your info for very long. Yeah, not storing my personal info, but I'm sure you're saving the results of what CD's are listened to, how often, and whom by just getting rid of my GUID and replacing it with a demographic.

The best part of this whole problem is that record companies are dying to buy this kind of info to make 'artists' like Mariah Carey and Britney Spears that much more accessible and profitable.

After years of study we have realized, "Teenagers like crap."

This is OT!

[Kitsune+Sushi]

Well, it's offtopic as it relates to the story, but it's not offtopic with regards to this thread of conversation (sort of). Honestly, what's with damn near every post on this article having been moderated? Sure, I've got moderator access right now, but you know, I don't think everything everyone has to say is worthy of 2 - 5 points of being ``insightful'', ``informative'', and ``interesting''. I thought the moderation system was meant to find the few, rare gems. If every post gets moderated, it's the same as if none of them had gotten moderated. That is, it's counterproductive. Perhaps a little more thought and care should be put into this procedure? Urk.

Is anyone shocked to here this?

[mr]

Your information is worth money to firms who want to sell you things. So, ANY way this information can be gathered is 'a good thing' as far as the companies are concerned.

In the case of programs, the only way to go is with Open Source. Think of it...a trojan is all about allowing others to see your data. Be it the whole system, or just other misc. bits. With Open Source, you can see what is going on. And if you WANT information to be sent back to somewhere, you know it.

There is no such thing as a free lunch.

Gather but not Store?

[try67]

What is the purpose of this "un-docummented feature" if all they do with the info is monitor it?
How could they achive any valuble info without actually saving and analyzing all of this data? this looks weird to me...
If its only for "consumer-tendencies", its pretty stupid...

Anyone got some more info on what specific details are we talking about here?

I'm mad as hell and I'm not gonna take it anymore

[menudo]

I just unisinstalled it, and I'll keep uninstalling software that reports, collects and analyzes what I eat, where I am, what I listen to, what I watch, what I buy and when I go to the water closet. Analyze that!

I refuse to use the Kroger (grocery store) discount card, and have not shopped there since their stores adopted it. A friend went in to buy soem stuff at a store near here. The cashier didn't know what to do when he didn't present the card. After calling the manager, she said it was ok to buy the stuff, but that he REALLY SHOULD sign up. I pay cash yes CASH for stuff I need at other places. I fear the day when we don't have the option buy without being recorded.

I read a few weeks ago about safeway threatening to use the fact the a customer bought alcohol against him in a suit. They got it off his "customer card". I heard about a Cal. woman who was suing her husband for custody of the kids and after a search of his grocery habits pointed out that he fed them to much junk food. I don't want my insurance comapny, or anyone else to know a bout the herbs I buy, the red meat I eat, the fact the I like matzo ball soup, the fact that I like tacos, tha fact that I (may) use rogaine, that fact that I haave allergies, have dandruff and wear depends undergarments.

I'm sick of being marketed and pitched to.

Now back to real player.

I read somewhere ( and wish I could remember so I could give credit to this person) that "if I buy a Sony cam-corder and took it home, and then i found out that camcorder sent pictures back to Sony and they were looking at them" ... and I say yeah and they were selling them, well I would be calling Johnny Cochran and Sony would be selling stock and to pay for that one!!! (I by the way love SOny products, and I have no knowledge that they are doing something like this)

The point is this. The food we eat, the groceries we buy, the movies we watch, the tv we listen to, the music we listen to, where we go, what we do are all things that however small, MAKE UP OUR LIVES. When someone takes the pleasure out of them by making us wonder who is wathcing us, what are they going to do with this information, it ties us down, it makes us less free. Where is the line drawn? What line?

I have suggestion. I want to know if we can copyright our personal information. Why not? We created it. We wrote it. Do we not have ownership of the things that make up as indiviuals? Why not license your info out. Perhaps then I can attach a message that sys something like :

"Use of my personal information and storeage thereof means that you accept this license agreement. This license allows you to use and store my personal information for one month subject to a $1 charge per copy. You can renew the license on a monthly basis by sending me another $1. You may copy and/or transfer my personal information to another entity by acquiring written approval 30 days in advance. Failure to comply with this agreement will result in criminal charges and /or a fine. blabh blah blah".

How unreasonable is that? Microsoft does it everyday! WE'RE paying THEM to collect all this stuff on us. I think it's time for some payback. And I don't mean 5 cents off some tofu burgers, I want cold hard cash for being subjescted to all this interrogation. So to you real player, If you don't want to pay, I'll get another MP3 player. (The software sucked anyway.)

Open to injunction in the EU ?

[JPMH]

Unlike the US, the EU has strong laws (the data protection directives) which require informed consent before any computerised data is gathered or analysed.

IANAL, but it seems to me that Real have made just themselves wide open to an injunction to forbid any distribution of Jukebox in Europe. Failure to comply with such an injunction would lead to them being sued big time if Real have any corporate presence anywhere in the EU.

privacy invasion

[cybercuzco]

regardless of what Real says about it not being a privacy invasion due to the fact that they dont keep the information, it still is clearly an invasion because there is the Potential for there to be a privacy invasion. How do we know that real isnt storing all this info in some big database somewhere then giggling gleefully and telling the public"oh we dont keep any of the information" Real has got to be stopped, as do anyone else who does anything like this.

Hmm.. just checking, but..

[Makali]

Doesn't RealPlayer's install program actually ask you if you want to send information to Real.com?

I know for a fact that there's an option to send "connection statistics" to the content provider. Isn't this what the hoo-ha is all about? Seems a bit silly that people are consenting to send in information about what they're watching/listening and then bitch about it happening.

Just my two pennies.

Fair enough

[zero-one]

I think this is to be expected as software becomes more intelligent. In many ways this is quite a useful function, a site tailored to my needs is better than a general purpose site. The only request I make is that sites make it clear what data is collected, who the data is seen by and how it is used. How dose this fit in with the various laws (for example if I use the site from the UK does the site need to be registered under the Data Protection Act)?

Other things that Real might be doing (100% OT)

[Nodatadj]

Has anyone ever noticed that Realplayer G2 always starts at startup...
Now I wonder what that little blue speech bubble icon is doing

Slashdot poll perhaps?
What is the Realplayer G2 really doing while it's not running?
a) Watching what we listen to
b) Boosting a Real.com attempt at cracking RSA (or SETI depending on what you want)
c) Watching us (only valid if you have a camera)
d) Waiting for us to use it, so that it'll "Load" quicker than anything else.
e) Rob/Iain/Everyone sucks.
f) Dead writeins.

News.Com Story

[jcrouthamel]

News.Com has just posted a story on this also.

http://news.cnet.com/news/0-1005-200-1425866.htm l?tag=st.ne.1002.thed.1005-200-1425866

Re:Overreaction, this is fine

[snopes]

I agree to an extent. Personal information is a valuable commodity as is software. It is fair to exchange one for the other and unreasonable to expect that all organizations will produce free software without something directly in exchange for it.

The problem here is that Real was not informing anyone of the monitoring. The actual terms of the exchange were never stated anywhere. That prevents the user from being able to make an informed decision as to whether the exchange is fair to them and whether they wish to enter in to the deal.

If I sell you a nice car for $10 I can't sneak into your house later to collect more money on the basis that the car was worth more and you really owe it to me. Those terms must be stated up front and at the time of the initial transaction. The only reason this isn't treated as theft is that our archane laws still don't treat personal information as property. All sorts of other data is, after our data is compiled into someone's database it is, but while we're in possession of it, nope! Not poperty, available to anyone for free.

People need to be made at least marginally aware of how their information is being used. HTTP is an open standard, so we can accept the fact that any tracking being done via that protocol is known to the user since they have the same access to the RFC's that anyone else does. In this case, Real is enticing users to install a trojan on their system which is not open source code, but required the efforts of a hacker to determine just what it was doing.

Overreaction, this is fine

[alexhmit01]

It doesn't sound like RealNetworks is actually doing anything bad... just moronic.

Adjusting the program to users based upon their data is a Good Thing(tm), it allows more knowledgable people to access more features. As they use the app more (aquiring more files) more features. Should this be server driven? No, that should be kept internal. I'm assuming it is, otherwise it is moronic, not dangerous.

As far as aggregate users, that's fine. It lets them store information on people and figure out what people are doing with their software.

It sounds like they are doing things fine, but that their press handling flubbed up. Before we jump on them, we should learn if they are actually storing this information about people and making it available, or if they store the information so the ads are tailored towards people. We can't have it both ways. We can't demand that everything be free (free beer), ad driven, and then demand that they not store information.

In the real world, information like this is always available. The problem is that online we can store it all. In a CD store, people can see you buying CDs... In the online world, logging is automatic.

Also, with the CDDB thing, it sounds like they are doing the right thing to protect peoples' privacy. i.e. they aren't allowing CDDB to rob the privacy of the Jukebox users. As long as they aren't abusing the info (which should be independantly confirmed), there is no problem.

I'm assuming that there are consumer advocates who certify privacy issues. They should be brought in to independantly confirm that everything is Kosher.


Alex