iTunes: An Update About the Update · 1653 words posted 01/11/2006 10:41 AM
An update on my article about iTunes and the information Apple collects: the comments are running overwhelmingly against my position and in favor of Apple’s practices. Honestly, this surprises me, but them’s the breaks. Some of the comments are fatuous (“scandalmongering?”—please) but some are pretty compelling, so I’ve distilled them here.
My position, in summary: iTunes collects data about the music I’m currently playing and sends it to the iTunes Music Store without my knowledge or consent. Apple says nothing about this practice in any of the relevant licenses. Apple should be clear about its information gathering practices.
Arguments in favor of Apple:
- Dude, you should know that Apple is collecting the information because it couldn’t display related songs without it. Err, if the issue are consent and transparency, isn’t this argument the same as “You should know your house was broken into because the lock was broken?” File under: fatuous.
- You should know what information your programs are sending to the Internet. It’s your duty to monitor your outbound traffic. I don’t buy this argument for the typical end user. Most people aren’t l33t and simply want to play music in privacy. But on reflection, I’m a programmer and I should know better. After all, I run Zone Alarm on my Windows box; why not check outbound traffic on my Mac? I’ll be purchasing a license for Little Snitch shortly thanks to the suggestions of several posters. File under: compelling for computer geeks, otherwise not so compelling for regular folk.
- Corollary: You should expect that companies will take your information without asking, and it’s your duty to sniff and counter as desired. Let’s be serious: even if I buy a Club to protect my car from theft, the purchase of the Club does not change the act of theft from aberrant to acceptable. File under: teh lame!
- iTunes doesn’t send the data to iTMS when the MiniStore is closed. If you don’t like the behavior, just close the MiniStore. This appears to be true, and I didn’t bother to test this (as I should have) before my original post. So mea culpa, and I will test before posting next time. But iTMS launches with the MiniStore open by default. And this argument does nothing to address the issue of transparency. File under: toss up.
- The EULA and/or TOS says Apple can collect information. To my reading, the plain meaning of the language in the iTunes TOS indicates that Apple only collects contact and billing data. As pointed out in the original post, Apple’s Privacy Statement (a tertiary [see note below] document referenced in the iTMS TOS) does have a “customer activities” clause, but the meaning of the clause is so ambiguous and poorly worded as to be more obfuscatory than transparent. If Apple wants to collect certain types of information, it should say so clearly in easily accessible documents. To my mind, a Privacy Policy’s stance should be: “By and large we don’t collect information about you, but here are the specific instances of data that we do collect.” File Under: toss up, depending on how you view the role of Privacy Statements.
Note: And when I say “tertiary,” by golly I mean tertiary! You won’t come across the Privacy Statement unless you read the iTMS TOS, and you won’t find the iTMS TOS unless you read the iTunes Software License.
- Stop hyperventilating, iTMS is only collecting the songs you play. Where’s the harm? That’s a fair argument: I admit that this instance of data mining appears to be innocuous. But is it? How hard would it be for Apple to check whether my music comes from an RIAA approved source and, if not, simply disable it within iTMS? Is that really such a paranoid fantasy after the Sony rootkit fiasco? I don’t have an answer, but I know this: the more you push back now against apparently harmless invasions of privacy, the less likely Apple will be to breach your privacy substantively later. File Under: toss up.
- Finally, and feeblest: Windows does it, and Apple isn’t half as bad as Windoze. Why should anyone other than an Apple employee be an apologist for Apple’s bad practices? File Under: Whose tool are you?
The core issues are trust and transparency: I want to do business with companies that respect my privacy; I want them to tell me clearly when they’re collecting my data; and I’d prefer to opt-in to data collection programs rather than opt-out. Is that so much to ask?
UPDATE 1:
A few more arguments have come in and again, some of them are pretty sound. Instead of letting my responses get lost in the comments I’ll continue posting them here.
- How do you think iTunes gets the album and artist data when you rip a CD? Apple is already querying third parties, stupid! On its face, this is a pretty good argument. We all know that Apple uses GraceNote to grab iTunes track info. But this is precisely my point: Apple’s use of GraceNote is transparent. When you rip a new CD, iTunes tells you that it’s querying the GraceNote database. Not only that, Apple had the good sense to be clear about GraceNote in the iTunes EULA.
Here’s the relevant language:
This application contains software from Gracenote, Inc. of Berkeley, California (“Gracenote”). The software from Gracenote (the “Gracenote CDDB Clientȁd;) enables this application to do online disc identification and obtain music-related information, including name, artist, track, and title information (“Gracenote Data”) from online servers (“Gracenote CDDB Servers”) and to perform other functions. You may use Gracenote Data only by means of the intended End User functions of this application software.
As of this writing (01/11/06 3:30pm EST), no publicly available Apple EULA mentions Omniture. According to Google, the only mention of Omniture on Apple’s web site is a couple job openings and a copyright notice for the King Kong trailer. Apple clearly felt bound to include GraceNote in its iTunes EULA. Why not Omniture? Why one standard of transparency for Company A and a different standard for Company B?
- If Apple were only open about this practice, this wouldn’t be any big deal and you wouldn’t have anything to complain about. File Under: Rock solid, air tight, I agree. Transparency makes my issues disappear.
- Aren’t you overreacting by advocating a boycott? Boy-who? Who said anything boycotting Apple? I advocate (a) asking Apple to be clear about the information they collect and share with third parties; and (b) consider holding off upgrading from iTunes 6.0.1 to 6.0.2 until more information is available. Wow, I am really out of control.
- Apple uses FedEx. Why aren’t you up in arms that Apple gives your personal contact information to FedEx? Nobody seriously expects Apple qua Apple to show up at your doorstep with a shiny new MacBook. And when you make the purchase, the third party services are relatively transparent: you receive a FedEx tracking number and a FedEx uniformed person in a truck marked “FedEx” delivers your package. File Under: Close, but no cigar. I wouldn’t have known about Omniture without Little Sniffer.
- Omniture doesn’t do marketing. Please, be serious. Read their own literature.
And saving best for last, my favorite:
- You, sir, or certain persons of your acquaintance, are communists. File Under: WTF?
Bonus irony round: The majority of posters who have argued most vociferously in favor of Apple’s position have done so with fake email addresses. I can appreciate that: we all value our privacy, no?
UPDATE 2:
More reader arguments in bold, followed by my counterarguments:
- Again on the DRM hypothetical: Apple wouldn’t do it because [pick your reason: it’s not technically feasible and/or Apple is too smart to anger its customers]. First, let me back up and say what I have asserted and what I have not asserted on the issue of Apple’s future behavior. I assert that Apple, at some point in the future, could use the information it sends to third parties to tighten control over the music you listen to in iTunes. I do not assert that such action is imminent; I do not assert that Apple even has plans for any such action.
What I do assert is that sending a packet of your information, however innocuous that information may be, to a third party without your consent or knowledge is foot-in-the-door behavior: if customers don’t make it clear that it’s got to be disclosed now, companies will take the lack of opposition as assent. It’s not evil; it’s just what corporations do.
So, back to the argument on technical feasibility: whether one likes it or not, Apple can already change the way DRM is handled in iTunes unilaterally. For example, with the release of iTunes 4.5 Apple changed the number of permissible burns of DRM’ed songs from ten to seven. There is no technical obstacle preventing Apple from changing DRM management again. If Apple wished to update iTunes tomorrow so that it only played DRM’ed music, it could easily do so.
- But Apple wouldn’t ever do something so stupid, right? Who knows? They seem like a very smart company run by very smart people. But if you want to place your privacy on the hopes that smart companies today will be smart companies tomorrow, forgive me, you’re naive. Lest there be any doubt that “smart” companies can shoot themselves in the foot when it comes to consumer privacy, look at Sony and the rootkit.
- Some of the comments other people have posted to your blog are overheated. That’s the breaks. Apple will survive. The comments are running 10-1 in favor of Apple anyway. My positions and recommendations are pretty restrained; if some readers are more concerned than I am about the implications of Apple’s behavior, Apple could have headed this off entirely by making the iTunes/Omniture relationship into a transparent “feature” instead of a hidden puzzle to be resolved by packet sniffers.
* * *
3. On Jan 11, 11:57 AM MrAndrews said:
What I find annoying more than anything is that the thing seems to be horribly stupid at the same time as intrusive. It doesn’t know what other U2 albums I have (so it suggests I buy them again) and it doesn’t appear to be building any kind of profile about me. I mean really, if they’re going to invade my privacy, they should at least do it right! #
4. On Jan 11, 01:08 PM Ethan said:
Its not doing anything dissimilar to how Google Analytics, Omniture livestats, Mint, etc work. What’s the big deal? I can also code a Dashboard widget that uses Applescript to get your current playing track and report that back to anywhere.
Omniture is used by lots of big companies. It is no different than Google Analytics, and is in fact a competitor to them, Webtrends and other live-stats engines. #
5. On Jan 11, 01:31 PM since1968 said:
Ethan, if you wrote a dashboard widget that collected data without telling your users, you’d be slagged (rightly, I think) by the Apple community.
Look at it this way: Macromedia bends over backwards to make sure you see a popup AND consent before the Flash player can access your microphone or camera, and you can’t pull third party data into a flash movie without a crossdomain file. I realize the comparison is inexact, but the point is people want to know what’s being collected from their computers, and they want to be able to trust their software.
Steve, thanks for the note on Omniture. I missed it at first, but Merlin caught it and I’ve addressed the issue of third parties and privacy in a separate post. #
7. On Jan 11, 02:18 PM John said:
How is this any different from clicking on the arrows beside artist/album/etc in your playlist? You have to double click on a song to update the mini store (which is smart as updating each time a new song starts would be pretty annoying).
On another note, it does make sense to enable this feature by default when you consider that few people would discover this new feature if it weren’t. #
8. On Jan 11, 02:34 PM ian said:
I do agree this is somewhat shady and underhanded, and all that, but the comment about “checking to see if they are from RIAA approved sources” is ridiculous and you know it. How would they know if it was a ripped track, or a track your friend ripped and emailed you, or a track some stranger ripped and you got via p2p? That’s not a logical or feasible threat, IMHO.
And was this gem in the BB post from your original one: “And don’t bother looking for a way to turn this “feature” off in the Preference pane: it’s not there.”? Seriously, you should know better. Apparently you didn’t bother to look either.
So in short, I don’t hate you, I don’t think everything Apple does it Pure and Right, I think this move is a Bad Thing, but I think you’re just a little over-paranoid. :-p #
9. On Jan 11, 02:36 PM mark said:
Well, looks like Apple has decided which side of the fence they sit on. The bad side.
Simple solution (for now): Don’t ever, ever, upgrade. Seems that new ‘upgrades’ are actually DRM and similar ‘crippleware’... nice one Apple, you a**holes. [tweaked by the editor]. #
10. On Jan 11, 03:15 PM hedgehog said:
Marc, thanks for getting the word out about this.
I am confused as to why so many people did not agree with you in your original post. (My guess is: It’s was a bunch of Mac Addicts – who can never admit Apple makes mistakes – lashing out. Or, l33t people needing to flex their tech-muscle in a never-ending battle to satisfy their own ego? Anyway…)
You hit on all the key points – meaning – the ones that are most important to the average consumer (like me):
A)I don’t want Apple (or anyone else) recording anything I do, don’t care how “benign” it is.
B)If they insist on collecting information to “better my experience” (allow me translate this for you: “Better our chances of selling you some more garbage you really didn’t need in the first place.”), then at least TELL me about it up front.
Questions:
1) Why is it so hard for companies to make EULA’s that are written in a fashion that the average consumer can actually understand? To me, it doesn’t seem that hard really – surely you can right using “common” language/phrases and still be legally accurate and covered?
2) One poster commented that Microsoft is “doing the same thing right now”… can you clarify what he means? Or, point me in the right direction to understand more about this?
Thanks. #
11. On Jan 11, 03:18 PM Justin said:
I think ALL applications should initially prompt the user before any external communication is attempted. Once the user agrees or disagrees, the program can do whatever the user authorized. Hiding this activity in TOS and licences is a joke. It means nothing to anyone except lawyers. I’m a programmer and I sure use Snitch, but I certainly don’t expect Mom and Pop or Joe Public to know better. #
12. On Jan 11, 03:20 PM revscat said:
Wow. This certainly seems to be much ado about nothing.
Let me get this straight: iTunes sends recommendations based on the song you just clicked on.
It:
– doesn’t send any personal data
– doesn’t scan your library to see if you already own what it is recommending
– can be turned off via a button that is immediately available and apparent to the user
Why am I supposed to care about this again? #
13. On Jan 11, 03:22 PM since1968 said:
ian wrote:
the comment about “checking to see if they are from RIAA approved sources” is ridiculous and you know it. How would they know if it was a ripped track, or a track your friend ripped and emailed you, or a track some stranger ripped and you got via p2p? That’s not a logical or feasible threat, IMHO.
I don’t think it’s ridiculous at all ian. To be clear, I’m not accusing Apple of engaging in this behavior right now; I’m saying this type of nonconsensual “pinging” gets their foot in the door for future abuses of the system. In what way is it not feasible? Their music already contains DRM. #
14. On Jan 11, 03:28 PM since1968 said:
hedgehog, thanks for your feedback. To address your questions:
1) Companies don’t write their EULAs in simple language because they don’t want you to understand or even read them. It’s the same reason they put the most important clauses in all caps.
2) I don’t know if the poster was accusing Microsoft of passing data to third parties via Windows Media Player, or whether he was speaking to the general perception that Microsoft is lax with privacy. You’d have to email him directly (if he provided contact info in the comment). I make no claims for or against MS, but I don’t think “MS is doing it so why can’t Apple” is a solid argument. #
17. On Jan 11, 03:57 PM Peter said:
At the risk of being an Apple apologist, here’s an entertaining question:
“What is Apple doing with this data?”
If Apple is storing this in order to come up with some history of favorite music in order to come up with good suggestions, I have a problem with that. If Apple is merely sending each song and forgetting about it, I have less of a problem with it.
Of course, we don’t know the answer and that’s a big problem.
I’m at the point where I won’t update anything on my Mac sight-unseen. And this is ultimately bad for Apple. #
18. On Jan 11, 04:38 PM Ca said:
Remember the scene in Contact where The Jody is taken on board the billionaire’s jet and shown a complete history of her life as he’s getting ready to fund her? How did the billionaire collect all that info about her? Why from her .mac’s iPhoto and iTMS accounts, of course.. oh yeah, and using an unknown feature which might be called RemoteSpotlight. Apple is also thought to store your Mac’s IP addresses whenever it invokes SoftwareUpdate, QuickTimeUpdate or visits their websites. Their database of mac-to-ipaddresses can then be (and reportedly has been) used to cross-reference your anonymous postings and uploads out on the Web when a matter is of interest to their legal people. That’s reportedly how they busted the university student who released a developer copy of OSX on Bittorrent long before it was available to the public. #
19. On Jan 11, 04:44 PM v-twin said:
Anyone thinking that Apple is working with the RIAA on a system that will detect pirated tunes on your computer should buy themselves a better tinfoil hat…
Ripping your CD’s to MP3’s or unDRMed AAC is perfectly legal.
How can any program know if you own the original CD of a song on your computer?
It’s impossible, unless some kind of robot gets out of your computer, walks around your house to find the original CD…
I hope everyone that says that they wont update iTunes because of that “feature” (that can be turned off) will also stop using Windows, since it sends information about every DVD you play on your PC, and it’s far less easy to turn off this feature.
No the fact that MS is doing it doesn’t make it right, but if you talk about boycotting iTunes, at least be consistent and boycott WMP. #
20. On Jan 11, 04:52 PM since1968 said:
v-twin, who said anything about a boycott?
I think the heaviest suggestions floating around have been a) asking Apple for more transparency, and b) I hesitate to even repeat this one, because it's really vicious and paranoiac—waiting to upgrade from 6.0.1 to 6.0.2 until more information is out.
Tinfoil hats ahoy! #
22. On Jan 11, 05:05 PM Peter da Silva said:
OMG! iScrobbler does this too! In fact, EVERYONE ON THE INTERNET CAN SEE WHAT I’M LISTENING TO! Wait, that’s what it’s supposed to do…
Yah, Apple shouldn’t be doing this without explicitly acknowledging it, say by a line item in the agreement you click on when you run iTunes, so I’m not 100% in favor of Apple’s practices. On the other hand popping up a banner that basically says “WE KNOW WHAT YOU’RE LISTENING TO” isn’t exactly sneaking around behind your back. It’s not “you should know your house is broken into because the lock was broken”, it’s “you should know someone was listening to the music they were playing because they mentioned it”.
On a scale of 1-10, where 1 is John Brunner’s “Hearing Aid” and 10 is “Abu Ghraib”, this is about a “1.01”. The information that’s being gathered is directly relevant to the banner, it’s the minimum amount of information to do the job, and if you’re not displaying the banner it doesn’t send the information. #
23. On Jan 11, 05:28 PM anonie said:
You stopped short; the really relevent language (for both iTunes & iPod) in the iTunes EULA is: “The Gracenote CDDB Service uses a unique identifier to track queries for statistical purposes. The purpose of a randomly assigned numeric identifier is to allow the Gracenote CDDB service to count queries without knowing anything about who you are. For more information, see the web page for the Gracenote Privacy Policy for the Gracenote CDDB Service.” #
25. On Jan 11, 05:55 PM hedgehog said:
I just read something that really complicates the issue.
A critical security flaw is fixed in this update. So, waiting may not be the smartest idea?
More info: here. [hedgehog, I converted your url to a link -- since1968]
Note: Macheads – this applies to you too. #
26. On Jan 11, 06:06 PM since1968 said:
LOL. I read that article hedgehog and it seems that the security update only patches QuickTime. Here’s a direct link to the Apple Security Update page. #
27. On Jan 11, 06:07 PM hedgehog said:
Another question:
Do you think it was deliberate that they do not use the words “Mini Store” anywhere in the interface itself?
(It is only used within the menus at the top.)
I can see some users could be confused by this, or simply unaware that it is an option that can be turned off. (My parents for example, many of my friends, people at work, etc.)
That’s not exactly as out front as everyone says. I have to imagine that was done for a reason guys… specifically so Joe Average won’t be able to find and disable it.
It’s not like there’s an “X” right next to the window pane that I can hit to shut it off. #
28. On Jan 11, 06:11 PM hedgehog said:
“LOL. I read that article hedgehog and it seems that the security update only patches QuickTime. Here’s a direct link to the Apple Security Update page.”
Marc – I saw that after I hit submit. (blush)
Good to know that you can patch it w/out upgrading iTunes! :D #
29. On Jan 11, 06:13 PM felix said:
We are right to question and debate. But in about 5 years we are going to be so paranoid we won’t be able to move :) We are emitting data constantly. We will soon be unable to pause and blog about every new innovation in data mining or extrapolation of that data.
Commercials that know your personality (and weaknesses) will follow you down the aisles.
In this case you could look on it as a great chance to vote for good music. Stop listening to crap, and maybe the sensors will pick that up and tell marketing. (or a&r)
I stream what I’m listening to out to my webpage via last.fm, but that’s my choice.
Transparency and EULA is about as arcane as packet sniffing, no ?
Oh, and BTW we don’t torture people. Honest ! #
30. On Jan 11, 06:15 PM taikoman said:
LET’S ALL GO DUMPSTER-DIVING IN CUPERTINO AND SEE HOW THEY LIKE IT!!!
Hey, I have AppleCare on my Macs, I own Apple stock – therefore I have a right to know what the company’s up to. Never mind issues of privacy.
Even better, let’s all pitch a tent outside Steve Jobs’ house with super-duper telescopes & binoculars and see what he does in the privacy of his own home.
What’s that? That’s illegal & unethical, you say? Well, the man’s got WINDOWS IN THE WALLS OF HIS HOUSE, for Pete’s sake!!
He should know that windows are for people to look THROUGH. If he really cared about privacy, he should have built his house out of solid concrete. We don’t need no stinkin’ windows!
By “agreeing” to live in a house with windows, he has, in effect, granted full visual access to anyone within line-of-sight. I think that’s fair & reasonable. Don’t you? The fact that Steve Jobs never consented to this or negotiated this “agreement” shouldn’t stop us from exercising our right to spy on the man.
On a more serious note, to respond to some of the comments posted here…
On Jan 11, 01:18 PM
John said:
How is this any different from clicking on the arrows beside artist/album/etc in your playlist?
What’s the difference? Simple. By consciously clicking on the arrow, you are not only allowing, but commanding iTunes to go look up the info. No different from searching on Google or Amazon.
On Jan 11, 01:34 PM ian said:
but the comment about “checking to see if they are from RIAA approved sources” is ridiculous and you know it. How would they know if it was a ripped track, or a track your friend ripped and emailed you, or a track some stranger ripped and you got via p2p? That’s not a logical or feasible threat, IMHO.
Is this really a stretch? With “enhanced” CDs, SONY rootkits and such, the content industries would like nothing more than a world where you CAN’T rip even the stuff you own legally – never mind getting it from others. If they have their way, the ONLY “RIAA-approved” digital music files will be DRM-ed ones. In this scenario, it won’t matter if the RIAA can’t pinpoint the source of the non-DRMed files. Just HAVING them will make you guilty of a crime or, at the least, in breach of your EULA.
There are already CDs that won’t allow your computer to play the actual audio files. Instead, the disc has crippled, low-quality DRM-ed versions of the music on said discs which is the only thing you’re allowed to play. #
31. On Jan 11, 06:41 PM anonie said:
I was too subtle, little mouse that I am.
What you posted (or reposted) was indicating that personal use of the metadata is known at the time of ripping. However, I believe the playbacks (not just initial use of metadata)are counted and aggregated, both on & off line (in IPODs tpp—though I couldn’t find a separate IPOD EULA.)
I don’t think that most end users know that or that the language is transparent, at all.
It is trivial to use such a string to query additional third parties to provide related artist info.
My point is that if it is so benign to track playback (same architecture for internet enabled home stereos, too) than just be up front about it. Apple (and Gracenote) could/should be much clearer. #
33. On Jan 11, 09:41 PM i do like privacy said:
One thing: Data theft is not directly analagous to car theft or burglarizing your home. I don’t think that makes it ok, I just think that the difference between property and data is worth preserving, whether it is personal data in question or intellectual ‘property’. #
34. On Jan 11, 11:48 PM omar said:
in the future, applications are going to be increasingly personalized. obviously all these applications should be at least somewhat upfront —certainly they should not turn on these personalized/privacy-eroding features by default.
i think what’s more interesting is the implications for end-users when most applications are extremely personalized. if these applications continue to just provide a binary yes/no on compelling features that share a lot of your information, with little recourse for you to subsequently remove that information, or restrict certain aspects of what’s shared, then at that time you will only have 2 choices: use a really crippled application, or sacrifice significant portions of your private data, to be analyzed and correlated with little recourse. #
35. On Jan 12, 12:17 AM Mister Internet said:
“Most people aren’t l33t and simply want to play music in privacy.”
Oh that’s complete crap. Most people don’t care about privacy and think features like this are a cool idea. Winamp does something similar if you’ve got the music library turned on. It’s turned on by default in the winamp music library, and you have to click a hide button to get it to stop.
People just like those features. It’s kind of neat. It’s like when you buy a cd on amazon and the next time you log in it says “other people who purchased this also purchased this!”
Really, I have no problem with your argument and I’m not necessarily condoning data mining, but don’t start pretending that most people even care about this. In fact, all the people people who i’ve ever heard complaining about anything like this are the more “l33t” kinds of people, as you put it. #
36. On Jan 12, 12:57 AM since1968 said:
Mister Internet, that’s a good point, but I’m not sure which one of us is right. I’ve worked on the internet long enough to remember a time in the late 90s when l33ts didn’t care about cookies but regular people—people like our parents—were completely freaked out by them.
Maybe we’ve come full circle. “Regular people” don’t worry about computer privacy and l33ts do. Although judging from the comments l33ts don’t much care about it either…
#
37. On Jan 12, 01:25 AM v-twin said:
since1968, sorry if it looked like I was talking to you. My comment was addressed at those who do want to boycott Apple because of this.
Yes I’m for transparency, and I don’t like the fact that people are not “warned” about this new feature.
But there is no way this will ever become a way to catch pirates, Apple/Jobs would never accept to be part of such a thing. iTunes has the most liberal cd-burning policy of all the current music DRMs. Once an audio cd is made, the DRM is stripped and it becomes fair use to make a backup of it. This include re-ripping the tunes to MP3.
How would a company be able to prove remotely that you don’t legally own a particular MP3 song on your computer? Because of the filename and length of the song? This data has no legal weight.
Will the RIAA be able to outlaw unDRMed music? Maybe that’s what they want, but they wont be able to pull it off, for many reasons. If Apple never released the iPod and iTMS, MS and Sony would have dominated the market, by now they would have dropped the MP3 support completely on all digital audio players and all audio CD’s would have DRMed WMA on them. We should thank Apple for screwing their plans.
As for Apple apologists (like me I guess) using a fake email address to post here, most of them came from the link on macsurfer.com, they don’t know you and your blog, so they are more hesitant to give their real email. It’s easier to disable the mini-store than it is to avoid giving an email address here.
Sure the real issue is that Apple doesn’t tell us what they do with the information. But that doesn’t mean over-the-top concerns posted here shouldn’t be discussed and debated. #
38. On Jan 12, 03:26 AM Mr. Privacy said:
I was shocked to see that stupid, crass mini store after updating iTunes. I’m more shocked now. I value my privacy and thoroughly dislike anyone, even nice corporations such as Apple, from using spyware to see what I’m doing on my computer or what music I’m playing. So until I can revert to iTunes 6.0.1 (the pre-spyware version), I have disabled the iTMS using the parental controls in iTunes preferences. I’ve started going back to my neighborhood record store anyhow, which has a better selection than iTMS and many times I can find what I want as a used CD at half the price of iTMS. I get an uncompressed CD that serves as a backup after ripping into iTunes, and it has all the artwork, booklets, etc.
I’m also buying a copy of Snitch. Required software, it seems, in this day and age of corporate and government intrusion into our homes, phones, computers, and our lives
Thank you for posting this. Even if Apple wants to play Big Brother, I want no part of it. #
40. On Jan 12, 12:13 PM hedgehog said:
Does anyone actually like the crap-tastic “Mini Store”?
And, what value does it “really” add to you as a consumer?
I want to hear everyone’s responses, but here’s mine:
No.
and
Nothing.
Giving them more ammunition to better “sell” me their products in an effort to line their own pockets – I’m just not hip on that.
As smart consumers – I think you need to draw the line somewhere. Better to do it earlier rather than later. (As Marc says.)
Oh, and that Tivo joke keeps popping into my head when I think about the music recommendations I keep getting:
“I recorded one espisode of Queer Eye for the Straight Guy, and now my Tivo thinks I’m gay.” #
41. On Jan 12, 12:49 PM John said:
Whatever. It seems very intuitive to me that the mini store is being sent information about the highlighted song. Were I apple I would not feel the need to inform users of this as none but the most paranoid would give a damn that some computer processes a string describing a song in my library and then discards it. There’s no personal id in the query so it could come from anywhere unless they matched it with the session info. Since they’re not doing that and just discarding instead of populating some database with personal info they don’t feel the need to warn users.
Also, were I in apple’s shoes I would feel the need to enable this by default without even a checkbox that comes up when you first load the updated version because most users would never discover this useful feature otherwise. It’s a sad fact that us power users have to put up with having to diable or opt-out of stuff, but since we are better able to customize programs to our tastes than others we have to put up with it.
Summary: no one would give shit about this if you hadn’t sensationalized it like you did, shooting your mouth off about something you have no understanding of. “Apple’s Looking Over Your Shoulder” is hyperbole even if they were grabbing your whole library.xml file. #
43. On Jan 12, 01:12 PM Sam said:
Concerning iTunes tracking which of your songs are legal or not:
Modern OSes are starting to store more and more detailed metadata for individual files. It is only a matter of time before metadata is stored on /where/ the file came from (i.e. a “file created by program X” metadata field). Look for it in Longhorn/Vista/whatever they’re calling it now; I won’t be surprised if it is there, somewhere… #
44. On Jan 12, 01:15 PM since1968 said:
Good point Sam—in fact, Safari already captures this type of metadata: when you download an image from Safari to your desktop, control-click the image and select “Get Info.” You’ll see the original URL of the image.
To be clear, I consider this a feature and nothing alarming. But I agree with your larger point that iTunes could easily track a song’s legal status. #
45. On Jan 12, 01:23 PM Mister Internet said:
“Mister Internet, that’s a good point, but I’m not sure which one of us is right. I’ve worked on the internet long enough to remember a time in the late 90s when l33ts didn’t care about cookies but regular people—people like our parents—were completely freaked out by them.”
That’s a fair point, and I do agree that I’ve seen a lot of “regular” users freaking out about cookies. However, I think most of those people were only freaked out because other people gave them some pretty bad misinformation about what the actual privacy concerns about cookies were. The people I’ve seen getting upset about cookies thought that they were being used to hack into their computers or steal their credit card numbers or something silly like that. Had they known that it’s a lot less severe than that, they probably wouldn’t care. #
46. On Jan 12, 05:08 PM You may want to read this... said:
Via MacOSXHints (who broke the story initially):
I have just received confirmation from Apple directly (from a confirmed source I trust implicitly) that absolutely no information is being collected from the MiniStore (though clearly data is sent to make the feature work). Therefore, the following article is now simply a hint about an obvious feature (disabling the MiniStore), which I wouldn’t typically run. However, in the interest of not rewriting history to avoid my mistakes, I have not changed any of the original text, though I did change the hint’s title, and move the rest of the story ‘below the break.’
So I’ll apologize for jumping to conclusions, but not for helping bring the issue to light. And thanks to Apple for clarifying that no data is collected; you didn’t have to contact me directly, yet you did, and I appreciate that.
MacOSXHints #
47. On Jan 12, 05:17 PM since1968 said:
Thanks.
To clarify, I broke the story initially and macosxhints reported it after conversations with me. As far as Apple’s new information, I’ve addressed it in a separate post. #
48. On Jan 12, 05:46 PM private information :) said:
You may or may not find this of interest:
http://docs.info.apple.com/article.html?artnum=303066
Titled “How to show or hide the MiniStore in iTunes”
Relevant excerpt: “iTunes sends data about the song selected in your library to the iTunes Music Store to provide relevant recommendations. When the MiniStore is hidden, this data is not sent to the iTunes Music Store.” #
50. On Jan 12, 07:36 PM homemadeloser said:
Data is evolving. Just how recently the whole “Should you make sure Rover gives blood, in case he or another domestic companion ever needs it? Should pet collars come with an organ donar’s card?” thing was being discussed, were getting into too much detail about what happening. Apple knows what song your playing. OK. Is the point that they didint tell you about it or that their invading your privacy? Well, if they told you about it, would that make it OK? Apple is not going to kill you #
51. On Jan 13, 11:50 AM Sean McManus said:
If Apple fritters away our trust in its software to help push its music sales, it’s going to lose support. How can Apple fight against spyware credibly, for example, if it’s not going to be transparent about the data it collects on its customers itself? #
52. On Jan 13, 02:38 PM Mickey Michelsen said:
For my thoughts on this, see: my blog at. [Mickey, I edited your comment to make your blog URL a hyperlink -- since1968]
“Just because something is possible, does that make it acceptable? Of course not. Apple assures us that the MiniStore feature does not retain any personally-identifiable information. But, of course, it could. If the music industry had its way, it would probably require such information to be collected and transmitted to their servers.” #
53. On Jan 13, 03:04 PM Squirl said:
Because of vague (but undeveloped) suspicions, I have not been updating iTunes for months. I’m not a computer-smart person, but it always seemed a little bizarre that the update box would pop up every week or so. Apple just seemed a little too interested in my computer. Regardless, all my paranoid precautions were for naught when I recently upgraded to Tiger. :( #
54. On Jan 13, 03:46 PM mega said:
I’ve gotten into the habit of archiving older versioins of the software that Apple automatically updates so that if some future version comes out with features that include data-mining or some such thing, at least I can toss out the new version and go back to the old version. Simply naming the older version iTunes_6.0.1 will preserve it without it being overwritten by the new update. Thanks for the research, I appreciate it. -meganano #
55. On Jan 14, 08:17 PM eliot said:
I find it difficult to see past the irony in the fact that you use the Gracenote CDDB as an example of transparency, trust, and honest dealings with customers.
Apple mentions Gracenote prominently because they are contractually bound to do so; Gracenote demands in their licensing terms that any applications using the CDDB must display the Gracenote logo prominently when they are querying the database, and it also has strict requirements for crediting. In addition, they demand that any application which uses the Gracenote CDDB may not support any alternative database.
The true irony is that the Gracenote CDDB began as an extension of an open-source project which relied on voluntary community submission of CD information- but the owners of the database used trickery, obfuscation, and hidden copyright notices to make the database proprietary. Now, Gracenote is making heaps of money and maintaining a stranglehold on the market through its vicious licensing programs, selling information that volunteers submitted for free and will never earn a cent from. This is why truly free and open alternatives such as freedb and Musicbrainz have emerged.
So… just because data submission activities occur in broad daylight doesn’t mean that the interests of the corporation in question are honest and transparent. I don’t know if Gracenote really is mining data in the sense of keeping track of all queries and selling that information… but my guess is that their motives are no darker than those of Omniture, even though the latter is given less attention by Apple lawyers, no doubt due to a less restrictive contract.
For further reading, see Wikipedia’s articles on Gracenote & CDDB and even Gracenote’s own website , where they brag about how many people they have licensed the database to. #
56. On Jan 14, 09:34 PM since1968 said:
eliot, thank you for the background on gracenote. You wrote:
you use the Gracenote CDDB as an example of transparency, trust, and honest dealings with customers.
That wasn’t my intent. My point on Apple’s relationship with GraceNote is a pretty narrow one: we know the relationship exists because Apple discloses it both in the interface and in the EULA.
Maybe Apple disclosed the relationship because it made them feel warm or self-actuated; maybe they disclosed because they were contractually bound to do so. Either way, the disclosure helps customers make more informed decisions about the companies with which they do business.
An interesting twist on disclosing relationships based on contract requirements: InformationWeek quotes Gail Ennis, VP of Marketing at Omniture as saying:
We have a pretty rigorous privacy policy in that we contractually require our customers to inform their Web site visitors what kind of data they’re collecting and how it’s going to be used.
If that’s accurate, Apple’s got even more explaining to do. #
57. On Jan 14, 09:35 PM Hi said:
Anyone that condones this or says that seen x other company does this is kissing the ass of apple, because they cannot see the bad side of apple which is a crooked as microsoft. I like microsoft and i don’t like apple but the fact is i know that they are as bad as eachother when you bring down all the personal opinions. #
58. On Jan 15, 08:15 AM Rambo said:
I found out about omniture a couple of weeks ago by looking at the source code on an apple web page. Here is a snippet:
SiteCatalyst code version: G.6.
Copyright 1997-2004 Omniture, Inc. More info available at
http://www.omniture.com
I followed the link and I really didn’t like what I found. I have since blocked apple from using cookies when I visit their site. Who knows what they use this information for, but the terms database and information selling come to mind. I also found it in Macromedia’s web pages, but you won’t find it in web pages from Adobe’s web site (they recently acquired Macromedia.) Call me paranoid, but I don’t trust anyone who wants to gather so much info on me. Check out Omniture’s site, it’ll surprise you. #
59. On Jan 19, 08:36 PM Eric Blair said:
I’m not sure, do I make any new points on this iTunes Spyware topic?
http://orwellian.org/Apple_010.pdf #
60. On Feb 12, 12:02 AM jp said:
i’ve been reading this site for hours and now i’m starting to go in circles, trying to find the place where i started and maybe post something.
i vaguely remember how and why i came to this website, (i’m sure it started at google), but i’ve been all over finally resting on this one. i’ve read so many posts that have spoken to the issues i have been dealing with and learning.
i was feeling like i was going “crazy” asking question to myself and friends regarding a myriad of topics and issues.
many of my friends have no idea what i’m talking about and they have had their ipods for over a year longer than me. they’ve not been as curious as i have in dealing with the “machine”.
i wanted to see if there were any opinions about installing itunes 6.0.2. well, wow,...i found them.
i know this post/question/comment is going to be “old news” for some, but i’m compelled to write as i’m so impressed, confused, frustrated, overwhelmed…ok..ok..with all that i’ve read. i’m not by any means a computer geek, and find myself continually baffled and frustrated by the easiest of tasks for some, but i do know my way around a computer enough to understand most of what’s been posted.
after a few months of overloading myself and countless hours learning as much as i can with the new ipod i received for my birthday, i’m feeling more “ignorant” the more i learn.
it’s been a daunting task for a guy with over 4000 cds and a new gadget that will hold much of the music i want in an instrument the size of a pack of virginia slims.
while i’ve immersed myself into learning how the files are stored and labeled, named, tracks listed, etc, i’ve also learned about the itunes copyrights, tracking, passwords, etc. this was as a result of friends who eagerly wanted to get me going sending me some of their tunes. some rely completely on itunes for their online music.
as a compulsive music collector and archiving my music files, i want to have complete control of where and how my music is stored. back up files etc, and i found that using itunes could be a joy and a pain in the ….
i know how i want my songs filed and labeled etc. looking into the “properties” of the files from windows folders- (wma,etc) to files that have been ‘taken over/converted” by itunes, i’ve learned the difference in how they label the information.
so many more lessons i’ve learned but no need to continue boring you, but it did bring me to thinking about just how much of “my music”, that i own, and paid for (cds,etc) was going to become part of a data base of information for apple or anybody….and yes as some have mentioned here, that’s already been happening…but i still feel that i should choose who i want to know what is in my library.
not that i have anything i’m ashamed of (honestly)..(well, the tiny tim stuff is collectable…really), but i was more curious about what i would buy from apple and be allowed to “own” with them knowing the rest of my life that it came from them.
again, there are issues regarding rights of music ownership that could be debated unendingly, and i don’t think i want to enter into that, suffice it to say i just believe “they” don’t need to know, nor anyone, that i purchased that music from another website, or it was a gift from someone, or that it came from a CD.
as long as i’m not selling and profiting from some one else’s creative efforts for my financial gain…...nuff said…
i know that when it’s burned to a cd it becomes an audio file and when reinserted, into the computer it will be an mp3 or whatever without restrictions on who i can share it with.
i do appreciate and actually have opinions on several sides of the subject matters discussed on this forum, from “it’s no big deal”, to where i can understand the privacy issue.
moving on to my question and groveling for help section.
presently itunes 6.0.2 is sitting on my desktop and i was going to hold off but thanks to “hedgehog” i see that quicktime had a flaw in it. i have QT 7.0.3. i see that 7.0.4 is the latest. not sure what version had the flaw in it as what i’ve read online didn’t mention a version.
what i’m experiencing is when i go for the QT update it’s setting up to download itunes with it, which would be 6.0.2 i’m not ready for that yet and wondering if there is anyway to update QT without taking the latest itunes update.
and..does anyone know what benefits the new itunes has? i’m familiar with the ministore situation.
i certainly hope this thread is not too old to have anyone view it, and i thank all who have posted and any who have a moment to express their opinions.
mind you, i am not paranoid about this whole thing but mostly curious (i’ve posted my real name, well,.. my real initials but that’s what i go by.. and real email)with at least one eye open to these incredibly fast changing times.
marc, it was a surprise to find out that you had been raised in stone mountain. i live in liburn presently (closer to stone mountain).
you have a great website and i thank you for providing it. look forward to your future endeavors
.. #
1. On Jan 11, 11:31 AM Steve said:
Maybe this hasn’t been touched on yet, but it’s not Apple per se collecting the information – it’s a 3rd party (probably marketing and-or dataminingcompany) called Omniture. I don’t know about you, but any company that has “generally improve the user experience on the Web” as a reason for their existence makes me really question what exactly they are improving with my “web experience” by collecting information about me. #