Hi Folks,
Could ITunes be spying on us? Read below:
Spybot (spyware removal app) homepage
source URL: http://www.spybot.info/en/index.html
iTunes 6.0.2 - Spyware or not?
Excerpt: "We tested the Windows version inside out, and found a
bunch of connections, but only to Apple itself and their mirrors at
Akamai, which is legit. We then got the idea to test the Macintosh
version, and indeed found connection to 2o7.net, which belongs to a
company named Omniture. Omniture is a company for Web Analytics and
Web site Statistics. On the one hand, this means that data may be
transmitted to a third party even, which according to the license
agreement should not happen, at least not without clearly expressed
users' consent. On the other hand, why does Apple need an external
company for analytics and statistics if they discard the
information right after looking up related albums?"
Original article from: http://www.spybot.info/en/index.html
A lot of discussions have taken place in the past few days about a
new iTunes feature. When you update to iTunes 6.0.2, it will tell
you the only new features are video preview in the shop and some
bug fixes. But the most visible new feature you see once you have
it installed is the so-called MiniStore - a not-so-small shop frame
in the lower third of the main iTunes window. It displays albums
similar to the ones you click inside your song database.
Personally, I would regard a list of similar music as a good way to
broaden my music horizon. But since there were so many public
opinions and comments on this topic, some of our detectives decided
to give it a deeper look.
Let's start with the good news - as soon as you hide the MiniStore
window (there's a button in the lower right corner of the screen -
the fourth from the right), no more data will be submitted. But
then, users probably wouldn't know that data would be submitted at
all, so nearly every user will have sent some.
To find out if this is really harmful, let's take a look at what
data was sent outside. We found both the artist and album name of
each clicked song in the outgoing data stream, unencrypted. Now
since this is the iTunes Music Store, they need to track your
identity for valid purposes in the usual Store you manually open
when you want to. If you've bought a song in the Store before, the
iTunes Music Shop knows you, and it would be easy to associate the
data of the currently playing song with that profile.
You may ask if it really is that bad if Apple knows this. That
depends... Apple didn't mention what they do with that data. We
requested a statement from Apple, but the German PR person was
simply not available for us except for a form letter rejecting any
accusations. Now there are a bunch of websites saying that someone,
maybe even Steve Jobs himself, said that the data would not be
used, but discarded. Maybe that even is right - but they lied to
their users in the license agreement, and there's no proof that
those rumors are true. Furthermore, there's the question where the
data was sent to.
So where did it go to? We tested the Windows version inside out,
and found a bunch of connections, but only to Apple itself and
their mirrors at Akamai, which is legit. We then got the idea to
test the Macintosh version, and indeed found connection to 2o7.net,
which belongs to a company named Omniture. Omniture is a company
for Web Analytics and Web site Statistics. On the one hand, this
means that data may be transmitted to a third party even, which
according to the license agreement should not happen, at least not
without clearly expressed users' consent. On the other hand, why
does Apple need an external company for analytics and statistics if
they discard the information right after looking up related albums?
These doubts have caused us to give Apple a few calls, emails and
faxes, expressing our concerns, asking for a statement and offering
our help in getting an insight from an anti-spyware companies
perspective. The only answer we received was a form letter making
fun of the fact that we have no Macintosh version and giving us the
clearly wrong standard answer that no personal data is submitted,
and a link to their website showing how to disable it (you can find
it in link list below this article).
Let's summarize it. Should you be paranoid? Unless you have a bunch
of MP3s downloaded from file sharing networks maybe, in which case
I guess you wouldn't want a company working close with music labels
to know, you probably don't need to be. It's a violation of law,
and it's a break-in into your privacy, but it's not yet such a big
deal as the recent Sony story. But you should show Apple your
dislike clearly before they take the next step on the intrusion
ladder (by the way, did you know that Apple forces OS registration
on you way harder than even Microsoft?). And our sign of dislike is
the removal of the About iTunes.rtf file from iTunes, which is the
one concealing this new spying feature.
Here's a list of web sites that have dealt with the new iTunes
version and its spyware:
tuaw: New MiniStore in iTunes 6.0.2
Omniture, Apple, iTunes, and Privacy
BoingBoing: iTunes update spies on your listening and sends it to
Apple?
Kirkville: iTunes: Apple's New Spyware and Adware Application?
BetaNews: New iTunes Prompts Privacy Concerns
Heise: iTunes will nach Hause telefonieren
arstechnica: MiniStore in iTunes 6.0.2 comes with privacy concerns
MacWorld: Eyeing the iTunes MiniStore
Apple: How to show or hide the MiniStore in iTunes
