The trouble with the spying thing like that is, at least on windows, hackers
will find a way to use it maliciously. If the labels and apple come into
disagreement about price and Itunes usage, they have a direct stream of
people to sue for the difference, unlike a CD they can change the terms or
make all your stuff no longer playable.
----- Original Message -----
From: "Richard Wells" <[EMAIL PROTECTED]>
To: "General discussions on all topics relating to the use of Mac OS X by
theblind" <[email protected]>
Sent: Friday, January 20, 2006 4:18 PM
Subject: pybot talked about iTunes 6.0.2 concern - spyware or not?
Hi Folks,
Could ITunes be spying on us? Read below:
Spybot (spyware removal app) homepage
source URL: http://www.spybot.info/en/index.html
iTunes 6.0.2 - Spyware or not?
Excerpt: "We tested the Windows version inside out, and found a bunch
of connections, but only to Apple itself and their mirrors at Akamai,
which is legit. We then got the idea to test the Macintosh version, and
indeed found connection to 2o7.net, which belongs to a company named
Omniture. Omniture is a company for Web Analytics and Web site
Statistics. On the one hand, this means that data may be transmitted to
a third party even, which according to the license agreement should not
happen, at least not without clearly expressed users' consent. On the
other hand, why does Apple need an external company for analytics and
statistics if they discard the information right after looking up
related albums?"
Original article from: http://www.spybot.info/en/index.html
A lot of discussions have taken place in the past few days about a new
iTunes feature. When you update to iTunes 6.0.2, it will tell you the
only new features are video preview in the shop and some bug fixes. But
the most visible new feature you see once you have it installed is the
so-called MiniStore - a not-so-small shop frame in the lower third of
the main iTunes window. It displays albums similar to the ones you click
inside your song database. Personally, I would regard a list of similar
music as a good way to broaden my music horizon. But since there were so
many public opinions and comments on this topic, some of our detectives
decided to give it a deeper look.
Let's start with the good news - as soon as you hide the MiniStore
window (there's a button in the lower right corner of the screen - the
fourth from the right), no more data will be submitted. But then, users
probably wouldn't know that data would be submitted at all, so nearly
every user will have sent some.
To find out if this is really harmful, let's take a look at what data
was sent outside. We found both the artist and album name of each
clicked song in the outgoing data stream, unencrypted. Now since this is
the iTunes Music Store, they need to track your identity for valid
purposes in the usual Store you manually open when you want to. If
you've bought a song in the Store before, the iTunes Music Shop knows
you, and it would be easy to associate the data of the currently playing
song with that profile.
You may ask if it really is that bad if Apple knows this. That
depends... Apple didn't mention what they do with that data. We
requested a statement from Apple, but the German PR person was simply
not available for us except for a form letter rejecting any accusations.
Now there are a bunch of websites saying that someone, maybe even Steve
Jobs himself, said that the data would not be used, but discarded. Maybe
that even is right - but they lied to their users in the license
agreement, and there's no proof that those rumors are true. Furthermore,
there's the question where the data was sent to.
So where did it go to? We tested the Windows version inside out, and
found a bunch of connections, but only to Apple itself and their mirrors
at Akamai, which is legit. We then got the idea to test the Macintosh
version, and indeed found connection to 2o7.net, which belongs to a
company named Omniture. Omniture is a company for Web Analytics and Web
site Statistics. On the one hand, this means that data may be
transmitted to a third party even, which according to the license
agreement should not happen, at least not without clearly expressed
users' consent. On the other hand, why does Apple need an external
company for analytics and statistics if they discard the information
right after looking up related albums?
These doubts have caused us to give Apple a few calls, emails and faxes,
expressing our concerns, asking for a statement and offering our help in
getting an insight from an anti-spyware companies perspective. The only
answer we received was a form letter making fun of the fact that we have
no Macintosh version and giving us the clearly wrong standard answer
that no personal data is submitted, and a link to their website showing
how to disable it (you can find it in link list below this article).
Let's summarize it. Should you be paranoid? Unless you have a bunch of
MP3s downloaded from file sharing networks maybe, in which case I guess
you wouldn't want a company working close with music labels to know, you
probably don't need to be. It's a violation of law, and it's a break-in
into your privacy, but it's not yet such a big deal as the recent Sony
story. But you should show Apple your dislike clearly before they take
the next step on the intrusion ladder (by the way, did you know that
Apple forces OS registration on you way harder than even Microsoft?).
And our sign of dislike is the removal of the About iTunes.rtf file from
iTunes, which is the one concealing this new spying feature.
Here's a list of web sites that have dealt with the new iTunes version
and its spyware:
tuaw: New MiniStore in iTunes 6.0.2
Omniture, Apple, iTunes, and Privacy
BoingBoing: iTunes update spies on your listening and sends it to Apple?
Kirkville: iTunes: Apple's New Spyware and Adware Application?
BetaNews: New iTunes Prompts Privacy Concerns
Heise: iTunes will nach Hause telefonieren
arstechnica: MiniStore in iTunes 6.0.2 comes with privacy concerns
MacWorld: Eyeing the iTunes MiniStore
Apple: How to show or hide the MiniStore in iTunes
