Slashdot Mirror
RealNetworks' RealJukeBox Monitors User Habits
kbrown1 was the first one to write to us with the story at the NY Times that RealNetworks' has confirmed that they do monitor some user habits. RealJukeBox is the offending program, and apparently "surreptitiously monitors the listening habits and certain
other activities of people who use it and continually reports this
information, along with the user's identity, to RealNetworks." RealNetworks' has said that they do gather the information, but "the practice did not
violate consumer privacy
because the information was not
being stored by RealNetworks
nor distributed to other
companies," according to their VP of consumer products. Other networks are picking up the news - more details should be coming.
Augh. They're not talking about a web page JukeBox. They're talking about a piece of software you purchase from RealMedia that allows you to make and listen to music databases.
This is definitely a trend. Close-source apps will ALL eventually do something like this - look for Win2k and the AOL browsers to do this type of thing as well - gotta check up on the customers.
What vendors do YOU trust?
I fail to see the issue. If you dial an 800 number, the company is footing the bill for you to call. I think that if they're paying for your call, you can expect them to want to know who you are.
As for non-800 numbers, you can generally (in parts of US and Canada anyway) block the information from being sent on a per-call basis by dialing *67 before the number.
Businesses have a hard time understanding that the ability to do something does not justify the validity of doing something.
YEAH. RIGHT...
This is from a company who spewed ads from their servers and is so far still on the MAPS RBL for doing it. It's already been proven that Real Networks will gather and spew out anything and everything. Real Networks has a security problem on the scale of the Goths invading Rome durring it's downfall.
Love the technology. Don't love the problems tacked onto it.
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
A)Automatically trust him to be telling the truth and
B)Say "ah, that's all right then" and wander away without even wondering WHY they were practicing, and more importantly, why on you?
I would do neither. I'd investigate, certainly, but I'd hold short of trying to beat the crap out of him or call my local legislature and ask them to pass laws that forbids people from taking photographs of me in public. If I asked him and he said he was a photographer for the Daily News, and was just out checking how popular the new restaurant that just opened was, I'd believe him, certainly.
we have something at the same level as MS's "UID" namestamp from Office97, and most people agree that that was beyond the allowable.
I guess this is just a difference of opinion here. I agree that this is somewhat similar to the Office GUID thing, but I disagree that either issue merits the attention.
Companies keep clients by keeping the client's trust. If they abuse that trust, or do something pretty stupid (as seems to be the case here), they lose clients. It's not good business sense to act in a way that alienates your very clients, and it *certainly* doesn't pay to do so with evil motives, because things like this always get exposed in the long run (by faithful privacy "activists"). THIS is why I give companies the benefit of the doubt in these cases. Yes, I agree that RealNetworks should have somehow disclosed the fact that this data were being sent back for the purposes of aggregation and analysis, but I do NOT agree that RealNetworks was acting with malicious intent. It was probably just a communications problem or poor decision-making between their various departments.
There isn't some dark room back in the basement of the RealNetworks headquarters with a dozen executives sitting at a table saying to themselves, "Drats! Foiled again by the privacy activists! We must find another way to invade the privacy of our 'loyal' customers so we can continue to be an evil company!" More likely, people are being scolded for not having mentioned this "feature" of the software to consumers. It's a PR mess, certainly, and I can only hope that RealNetworks and similar companies will learn from their mistake.
So it seems to me that if you guys want this issue resolved, inform RealNetworks of your opinion (though I imagine they're already aware of it), and wait for RealNetworks to respond.
Secrecy?
There is a difference between failing to mention something and keeping something a secret. Unfortunately, most privacy activists fail to realize this difference, and so it becomes the custom to assume that whenever somebody fails to mention something, it automatically means they are attempting to keep it a secret.
I'm not saying this isn't the case here, but it just seems like everyone reads the headlines and immediately jumps on the anti-RealNetworks bandwagon without really doing much investigation on their own...
but you don't normally expect him to ask you questions about who you are and where you have just come from, and you definitely don't expect the manufacturer of the jukebox to have the right to do so....
Everyone is making the dangerous assumption here that RealNetworks is *combining* this information for their evil spying practices. Most all major products I download from the Internet ask me for my name, and bits of other information. Most (if not all) give me the option to decline sending this information in.
SEPARATELY, RealNetworks is allegedly collecting information about your listening habits (tied to a userID not necessarily tied to your contact information). I'm not going to try and defend this, since I lack information one way or the other, but it seems like a great many of you are just assuming that RealNetworks uses this information together somehow.
Further extending the music store analogy, let's say you get one of those FrequentListener discount cards there. You give them your name, address, phone number, etc., and shop there every week or so. Now, the clerks know you by face, but that does NOT mean remotely that they automatically know your name and are linking every purchase in their head with your address and phone number. Yes, they collect the information, but that doesn't mean they're using it together.
Again, I'm not trying to defend RealNetworks here, but I do think many of you are taking this to an unfair level...
egregiously does NOT mention the fact that they log every CD and mp3 you play from your own computer--we can pretty easily conclude that this is a deliberate secret.
Did you ever stop to consider that this isn't listed on their privacy notice because they DO NOT, IN FACT, DO THIS?
This whole bit about logging every CD and MP3 played was MADE UP BY UNINFORMED SLASHDOT KIDDIES in this thread. There is absolutely no basis in fact for this assumption that I have read. In fact, RealNetworks goes so far as to point out that this information is NOT stored. It is simply sent, analyzed, and whatever aggregate information (genre, for instance) is gleamed from it.
What possible motive would they have for logging every single CD and MP3 you download and listen to? It doesn't serve them a single bit, except to waste VOLUMES of hard disk space. The only thing useful out of this information is the aggregate information such as the type/genre of music people listen to, which is most likely what they use it for. Now, whether or not this in itself is a violation of privacy is an entirely different debate, and one I'm not going to get into.
if you do not want them to do it, you do not register on their site. real networks chose to HIDE the fact that they are collectitng this information from users of their software.
No, they chose not to DISCLOSE the information to the public. There's a difference between not mentioning something and deliberately trying to keep it a secret. Let's not jump the gun here.
I'm not trying to defend RealNetworks here, as I disagree with what they're doing, but I'm getting kind of annoyed at everyone's assertions that they're doing this maliciously. Let's wait until we hear a few more *unbiased* takes at the situation before we start spreading misinformation about their intentions.
What a legal tightrope - we're not storing your info for very long. Yeah, not storing my personal info, but I'm sure you're saving the results of what CD's are listened to, how often, and whom by just getting rid of my GUID and replacing it with a demographic.
A more likely scenario is that they're storing information in an aggregate fashion, perhaps numerical values corresponding to the music genres you tend to like.
I can think of zero reason whatsoever that they would actually be interested in the actual titles and artists you listen to. It does make sense for them to want to know what *types* of music you listen to, which can be pretty easily gleamed from data like bands/albums that doesn't require it to be stored.
Just an idea, but it does seem logical...
Doubtful.
RealNetworks asserts that this data isn't being stored. The likely scenario is that they're taking the information, finding the genres associated with it, and storing aggregate information about those genres in an attempt to find your approximate music interest. This is still quite useful information, but suddenly RealNetworks doesn't look so evil, so the people that read these YRO pieces are less likely to mention it.
I can't think of any reason they'd be interested in storing all of the artists and songs you listen to. Do you have any idea how large a database would need to be to store this information? Aggregate trends, however, can be represented with a few small numbers and fits RealNetwork's likely needs perfectly.
Now, again, I'm not defending RealNetwork's practices here, but I feel I do need to step in since so many people like you keep spreading this misinformation.
Something like RealPlayer, web pages, checkout counters, etc. No. I don't believe there is any "right to privacy" either implied or expressed.
Agreed. If you're that concerned with your privacy, it's up to you to protect it. Don't give private or confidential information to people you do not trust. Period.
I'm choosing conciously to use their product.
I think the crux of the issue is that you are choosing to use the product, yes, but you aren't making the concious choice to consent to their "monitoring".
What people fail to realize is that, in all likelyhood, this "monitoring" only ends up adjusting small numerical values that represent your aggregate interest in the various musical genres. The specifics about what albums and artists you listen to are likely forgotten immediately.
The point? I'm convinced that the whole "privacy" issue is getting blown way out of proportion especially in areas where it shouldn't really apply. YRO articles like this add to media congestion and hype, and only cloud the real issues: things like encryption laws, misuse of wiretaps and warrants, things that truly matter.
Exactly. These YRO pieces are frequented by privacy "activists" (a.k.a. whackos), and the authors themselves tend to throw in an IMMSENSELY heavy bias in their introductory description of the issue, so it is only natural to expect that the entire tone of the comments will follow that bias to a T.
Unfortunately, this has made my life a bit harder, as I am compelled by some unknown forces to try and keep things rational, based on the unbiased facts and not on the rabid reactions of people without knowledge of actual facts. It's tough work in YRO articles.
Nope. Everyone is pissed because the information is being gathered without your consent!
I'm not disputing this, and it doesn't have anything to do with the message I was responding to.
I totally agree with you that RealNetworks should have provided more disclosure about what it's collecting from you, but I'm seeing posts that are unfairly bashing RealNetworks because they are assuming that this information is automatically being stored in its full, verbose complete form and tied directly to your name and address, which isn't necessarily the case at all.
I'm not saying RealNetworks isn't the bad guy in this case, but they aren't acting quite as evilly as some people are saying, and it distresses me when people jump on the anti-something slashdot issue-of-the-week without doing any research on their own.
Good point.
I meant to refer to the "free beer" model - there's plenty of high-quality free and commercial software, and there's commercial software that's open out there too. And plenty of people create "Free Software" without asking for anything in return, but commercial software will take something from you as payment - even indirectly. That's the nature of the game. It's OK if they tell you up front, and even the model of "give away the sucky version and charge for the slick version" is OK by me. Caveat Emptor.
Sendmail's not as good an example because they give away and still maintain/enhance their core product which is still open. They are an example of doing the Right Thing. Good old Sendmail, despite it's hairyness, is good enough for most users. The "Pro" version gets you extra goodies and a slick GUI, but the core is the same. Real (or Apple's QuickTime) are better examples of crippleware. Apple, though, just makes you see an irritating banner ad. They don't (as far as I know) send my personal information to Apple without my consent every time I play an MP3 or video. But they do generally ask permission to do such things first.
Giving up privacy without consent is Wrong. Period. But be prepared to have it made an up-front condition for using more and more "free" commercial programs. They have to make money from something to pay the bills...
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
...they only stated up front what data they were collecting, and why. Real is a company that needs to make a profit (despite being a player in the Internet space, where profits are pretty much just baggage!), and isn't going to when they don't charge for software. Sure, you pay for their "plus" packages, but I think most users stick to the free stuff - remember, very few things in life are free, and commercial software is not one of them. Ultimately, Real needs to be able to sell demographic and targeted advertising information to companies if they want to make money - I sympathize with that need and don't have an issue with selling demographics at all. Most companies (Real included) aren't run as charities and need to make money somehow.
Anyhow, Real is entitled to the data so long as they ask for it, and make it clear that they are collecting it. If a user doesn't like it, they're welcome to not use RealJukebox or RealPlayer, there's plenty of alternatives out there. But collecting data without informing the user is the Wrong Thing.
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
I can't believe that no one is getting upset about this -- if microsoft was doing this you'd all be shitting your pants!
I find it absolutely unbelieveable that RealNetworks has the gall to send information that ISN'T authorized (this is NOT the checkbox for sending your registration information) wihtout any notification or ability to opt out whatsoever.
There is a BIIIIIG difference between sending an email address and constantly tracking what a person is doing. this software tells RealNetworks how many audio files you have on your system, how frequently you listen to them, etc, etc -- this is not some innocent marketing crap!
This is nothing like watching people's online activity, where you know your packets are being sent all over for anyone to grab. This is you, sitting at your personal computer that you paid for, providing Real with all the information they could ever dream of without them ever telling you about it. This is spying, and I sure as hell hope someone DOES sue the idiots as the attorney in the article suggested miught be possible.
Recursive: Adj. See Recursive.
I wonder if YRO and the whole "privacy online" thing isn't starting to get blown out of proportion... at least to the degree where we're missing real issues and turning any "violation" into an issue.
On a public mononpoly, or a service intended for personal communications, (i.e. the net, the phone company, cellphones, postal mail, etc) I wholly agree. Privacy is a "right" that is implied (note, not contracted, but only implied) by use of that system.
Something like RealPlayer, web pages, checkout counters, etc. No. I don't believe there is any "right to privacy" either implied or expressed.
Simple examples: I monitor my box and my web server. I use caller ID to see who's calling me. I look through the peephole in my front door.
Is monitoring the issue here? Ok, it's not "necessary" for use of the system, it's strictly for their marketing departments own good, but then again... I'm choosing conciously to use their product. There are alternatives, I could use them. If I were a better programmer, I could write one.
The point? I'm convinced that the whole "privacy" issue is getting blown way out of proportion especially in areas where it shouldn't really apply. YRO articles like this add to media congestion and hype, and only cloud the real issues: things like encryption laws, misuse of wiretaps and warrants, things that truly matter.
mindslip
Also, with the CDDB thing, it sounds like they are doing the right thing to protect peoples' privacy. i.e. they aren't allowing CDDB to rob the privacy of the Jukebox users. As long as they aren't abusing the info (which should be independantly confirmed), there is no problem.
Okay, firstly, Real lied about CDDB.
When you request data from the CDDB server, you send info about the CD you are looking up. That's it. No e-mail address gets sent at all in any way when looking up a CD, and Real damn well knows it. You do send an e-mail address to CDDB when you make an update or an addition of a CD. Naturally. The whole CD info is just e-mailed to the CDDB system so of course they have your e-mail... That's for an addition or update only, however.
Real was obviously caught with their pants down on this one.
Face it, this information that was being sent is EXTREMELY valuable. The whole damn world is wanting to go to digital distribution of music, and anyone with actual good stats on music tastes, music preferences, digital listening habits, etc, stands to make one hell of a lot of $$$... Later, no doubt, Real would introduce a system where they would e-mail the users of the RealJukebox suggestions based on their listening habits and, of course, based on how much the record companies pay them...
Actually, I have no problem with this. It's a damn good idea. But, it should have been:
a) told to the users...
b) optional
c) defaulted to off, like any privacy reducing feature...
If they'd couched it in nice language, hell, I might even have gone for it (excepting the fact that RealJukebox is a bloated POS program, along with everything else Real still makes)...
Well, that definitely ends my association with Real. MPeg is the only way to go from now on...
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
- The establishment where jukebox is located doesn't know what songs you played there on past occasions (unless they recognize you and feel like noting what your selections were...unlikely).
- The jukebox manufacturer has no idea who has requested the songs, or what your playlist history is, or what your e-mail address is or your name, etc. etc. They can't build a marketing profile on you.
I like the analogy another respondant to this thread used: according to your view, it's ok if every time you browse in a shop, buying something or not, they require you to fill out a registration card and they follow you around, making notes about what things you're looking at.Plus, your "they should be allowed to monitor you" attitude brings up this scenario: would you find it acceptable if, everytime you called a store to get information, a price quote, directions to their store, etc, they asked you your name, address and phone number? People's desire for some anonymity and privacy is not silly, like you seem to paint it, and interacting in society does not demand that we surrender our privacy. Some things strangers have no right to know about us.
No, I see this as a violation of privacy.
Because I live in a house you built does not mean that you get to want what I do in it.
If they provided the content, then yes, they would have a right to see who accesses it. They don't provide the content, however, they provide the music player/manager.
-- I can't think of anything witty to put here. Sorry.
A few weeks ago they tried that. They sent email to customers telling them about the new version of their program. Look at the bottom of the source of the email and you see a URL for a transparent pixel image, with a key being sent to info.turbotax.com.
Because you used to use their program, they provided you with new information about it, and you tried to read the mail, do you think they are entitled to know that? Would it have been okay if they used an email Return-Receipt instead?
CDDB has been doing this quite openly - their web page has top ten list (top 100 also) based on what people are playing and accessing CDDB's servers for.
I don't see the harm in this type of "aggregated" information. Where it does become intrusive is where individuals/organizations are identified, such as in amazon.com's short lived "aggregated" data that identified corporate book sales.
If they are not storing the info then why is it being sent to them in the first place. Does someone just look it over and then delete the message. Come on Real Networks people aren't dumb. Maybe they are storing it with some other company is that just as illegal?
Good is never enough, when you dream of being great!
But I'm sure this has been going on for a while. MS, Intel, and others have all been suspected of such activities (all the technology was in place) but have never admitted it.
I don't mind if a company tracks my music listening habits or internet traffic etc, but they should tell me it's happening and reward me for the data that I am providing them. A nice stereo for the music survey, or a top of the line PC for the net info or something like that. If they are going to profit from my information then I deserve a piece of the action (Hmmm, stock options maybe?)
v2k
really, so what? i wish slashdot would stop banging on about this. IMO if you have a "right" to view information on someones web page, the owners have a "right" to maintain a profile of visitors and visitors haibits.
anyone who visits a "jukebox" site and thinks that his/her listening habits is being not being monitored is naive. i mean, what happens when you listen to a real jukebox?
if you dont want your privacy "violated" then dont browse the net, shop, venture outside your house or pretty much anything.
Doesn't RealPlayer's install program actually ask you if you want to send information to Real.com?
I know for a fact that there's an option to send "connection statistics" to the content provider. Isn't this what the hoo-ha is all about? Seems a bit silly that people are consenting to send in information about what they're watching/listening and then bitch about it happening.
This post is offtopic, guys. This story is not about RealPlayer. It is about RealJukebox. I realize lots of you are confused because they only thing Real makes for Linux is RealPlayer, but that's not what we're talking about.
RealJukebox is an mp3/CD player/ripper for Windows. That is, it's like Winamp (but it also rips). It is not used to play content from the internet, and there is no reason for it to compile "connection statistics" or any such thing. The big deal here is, it is sending information on mp3s you are playing off of your own hard drive, CD's you are playing from your own CD drive, and, presumably, mp3s you are making from your own CD's. The information they are taking from you is of absolutely no use in improving their product; the most benign possible interpretation of it is that they are using it to market information in aggregate. However, the fact that their privacy policy and EULA (neither of which mention this logging) have been revealed to be blatant lies tends to make me not believe the most benign interpretation.
In any case, in absolutely no way is the user asked or informed about this. The best they can do is refuse to register (which they are not informed is an option) so that the information logged on them can only be tied to an IP address, not an email address and name. Oh wait--no, that's not true either, as you have to input an email address and name before you download the software.
This is scary, folks. If you don't think it is, it's because you don't know the facts.
The best part of this whole problem is that record companies are dying to buy this kind of info to make 'artists' like Mariah Carey and Britney Spears that much more accessible and profitable.
After years of study we have realized, "Teenagers like crap."
Well, it's offtopic as it relates to the story, but it's not offtopic with regards to this thread of conversation (sort of). Honestly, what's with damn near every post on this article having been moderated? Sure, I've got moderator access right now, but you know, I don't think everything everyone has to say is worthy of 2 - 5 points of being ``insightful'', ``informative'', and ``interesting''. I thought the moderation system was meant to find the few, rare gems. If every post gets moderated, it's the same as if none of them had gotten moderated. That is, it's counterproductive. Perhaps a little more thought and care should be put into this procedure? Urk.
~ Kish
Your information is worth money to firms who want to sell you things. So, ANY way this information can be gathered is 'a good thing' as far as the companies are concerned.
In the case of programs, the only way to go is with Open Source. Think of it...a trojan is all about allowing others to see your data. Be it the whole system, or just other misc. bits. With Open Source, you can see what is going on. And if you WANT information to be sent back to somewhere, you know it.
There is no such thing as a free lunch.
If it was said on slashdot, it MUST be true!
What is the purpose of this "un-docummented feature" if all they do with the info is monitor it?
How could they achive any valuble info without actually saving and analyzing all of this data? this looks weird to me...
If its only for "consumer-tendencies", its pretty stupid...
Anyone got some more info on what specific details are we talking about here?
To the fool, he who speaks wisdom will sound foolish. ---Euripides
I just unisinstalled it, and I'll keep uninstalling software that reports, collects and analyzes what I eat, where I am, what I listen to, what I watch, what I buy and when I go to the water closet. Analyze that!
... and I say yeah and they were selling them, well I would be calling Johnny Cochran and Sony would be selling stock and to pay for that one!!! (I by the way love SOny products, and I have no knowledge that they are doing something like this)
/or a fine. blabh blah blah".
I refuse to use the Kroger (grocery store) discount card, and have not shopped there since their stores adopted it. A friend went in to buy soem stuff at a store near here. The cashier didn't know what to do when he didn't present the card. After calling the manager, she said it was ok to buy the stuff, but that he REALLY SHOULD sign up. I pay cash yes CASH for stuff I need at other places. I fear the day when we don't have the option buy without being recorded.
I read a few weeks ago about safeway threatening to use the fact the a customer bought alcohol against him in a suit. They got it off his "customer card". I heard about a Cal. woman who was suing her husband for custody of the kids and after a search of his grocery habits pointed out that he fed them to much junk food. I don't want my insurance comapny, or anyone else to know a bout the herbs I buy, the red meat I eat, the fact the I like matzo ball soup, the fact that I like tacos, tha fact that I (may) use rogaine, that fact that I haave allergies, have dandruff and wear depends undergarments.
I'm sick of being marketed and pitched to.
Now back to real player.
I read somewhere ( and wish I could remember so I could give credit to this person) that "if I buy a Sony cam-corder and took it home, and then i found out that camcorder sent pictures back to Sony and they were looking at them"
The point is this. The food we eat, the groceries we buy, the movies we watch, the tv we listen to, the music we listen to, where we go, what we do are all things that however small, MAKE UP OUR LIVES. When someone takes the pleasure out of them by making us wonder who is wathcing us, what are they going to do with this information, it ties us down, it makes us less free. Where is the line drawn? What line?
I have suggestion. I want to know if we can copyright our personal information. Why not? We created it. We wrote it. Do we not have ownership of the things that make up as indiviuals? Why not license your info out. Perhaps then I can attach a message that sys something like :
"Use of my personal information and storeage thereof means that you accept this license agreement. This license allows you to use and store my personal information for one month subject to a $1 charge per copy. You can renew the license on a monthly basis by sending me another $1. You may copy and/or transfer my personal information to another entity by acquiring written approval 30 days in advance. Failure to comply with this agreement will result in criminal charges and
How unreasonable is that? Microsoft does it everyday! WE'RE paying THEM to collect all this stuff on us. I think it's time for some payback. And I don't mean 5 cents off some tofu burgers, I want cold hard cash for being subjescted to all this interrogation. So to you real player, If you don't want to pay, I'll get another MP3 player. (The software sucked anyway.)
IANAL, but it seems to me that Real have made just themselves wide open to an injunction to forbid any distribution of Jukebox in Europe. Failure to comply with such an injunction would lead to them being sued big time if Real have any corporate presence anywhere in the EU.
Doesn't RealPlayer's install program actually ask you if you want to send information to Real.com?
I know for a fact that there's an option to send "connection statistics" to the content provider. Isn't this what the hoo-ha is all about? Seems a bit silly that people are consenting to send in information about what they're watching/listening and then bitch about it happening.
Just my two pennies.
It's "free". That about says it all.
There's a free version, but there's also an enhanced version (RealJukeBox Plus) that costs $29.99.
Whats wrong with the provider of a service/good/program knowing what you do with it.
I do have a problem with the "provider" of a program knowing exactly what I do with it. What makes this worse is that the user is never informed that the "provider" is harvesting data on what they are doing, as well as what interesing files they have on their system (the article says it actually collects data on all the realmedia and mp3 audio files on the user's drive) If I chose to use Visual C++ , would Microsoft be entitled to grab a copy of my source code, or even of the names of my source files without telling me? Maybe they could better serve the market if they had some idea of exactly what every single copy of their software product was being used for. No thanks.
joe
I think this is to be expected as software becomes more intelligent. In many ways this is quite a useful function, a site tailored to my needs is better than a general purpose site. The only request I make is that sites make it clear what data is collected, who the data is seen by and how it is used. How dose this fit in with the various laws (for example if I use the site from the UK does the site need to be registered under the Data Protection Act)?
Has anyone ever noticed that Realplayer G2 always starts at startup...
Now I wonder what that little blue speech bubble icon is doing
Slashdot poll perhaps?
What is the Realplayer G2 really doing while it's not running?
a) Watching what we listen to
b) Boosting a Real.com attempt at cracking RSA (or SETI depending on what you want)
c) Watching us (only valid if you have a camera)
d) Waiting for us to use it, so that it'll "Load" quicker than anything else.
e) Rob/Iain/Everyone sucks.
f) Dead writeins.
News.Com has just posted a story on this also.
m l?tag=st.ne.1002.thed.1005-200-1425866
http://news.cnet.com/news/0-1005-200-1425866.ht
I agree to an extent. Personal information is a valuable commodity as is software. It is fair to exchange one for the other and unreasonable to expect that all organizations will produce free software without something directly in exchange for it.
The problem here is that Real was not informing anyone of the monitoring. The actual terms of the exchange were never stated anywhere. That prevents the user from being able to make an informed decision as to whether the exchange is fair to them and whether they wish to enter in to the deal.
If I sell you a nice car for $10 I can't sneak into your house later to collect more money on the basis that the car was worth more and you really owe it to me. Those terms must be stated up front and at the time of the initial transaction. The only reason this isn't treated as theft is that our archane laws still don't treat personal information as property. All sorts of other data is, after our data is compiled into someone's database it is, but while we're in possession of it, nope! Not poperty, available to anyone for free.
People need to be made at least marginally aware of how their information is being used. HTTP is an open standard, so we can accept the fact that any tracking being done via that protocol is known to the user since they have the same access to the RFC's that anyone else does. In this case, Real is enticing users to install a trojan on their system which is not open source code, but required the efforts of a hacker to determine just what it was doing.
It doesn't sound like RealNetworks is actually doing anything bad... just moronic.
Adjusting the program to users based upon their data is a Good Thing(tm), it allows more knowledgable people to access more features. As they use the app more (aquiring more files) more features. Should this be server driven? No, that should be kept internal. I'm assuming it is, otherwise it is moronic, not dangerous.
As far as aggregate users, that's fine. It lets them store information on people and figure out what people are doing with their software.
It sounds like they are doing things fine, but that their press handling flubbed up. Before we jump on them, we should learn if they are actually storing this information about people and making it available, or if they store the information so the ads are tailored towards people. We can't have it both ways. We can't demand that everything be free (free beer), ad driven, and then demand that they not store information.
In the real world, information like this is always available. The problem is that online we can store it all. In a CD store, people can see you buying CDs... In the online world, logging is automatic.
Also, with the CDDB thing, it sounds like they are doing the right thing to protect peoples' privacy. i.e. they aren't allowing CDDB to rob the privacy of the Jukebox users. As long as they aren't abusing the info (which should be independantly confirmed), there is no problem.
I'm assuming that there are consumer advocates who certify privacy issues. They should be brought in to independantly confirm that everything is Kosher.
Alex