Topic: iSpy  (Read 1750 times)

0 Members and 1 Guest are viewing this topic.

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
iSpy
« on: January 11, 2006, 12:18:14 pm »
Quote
iTunes: Apple's New Spyware and Adware Application?
Yesterday's update to iTunes 6.0.2 comes with a surprise: it's spyware and adware.

Since Apple launched the iTunes Music Store, iTunes has been a compromise: both a music management program and sales portal, it clearly separated the two, offering separate icons for your Library and the Music Store in its Source list. But the latest update adds something new that I find invading: when you go to your library, you see a "MiniStore" at the bottom of the window. This is easily removed (either by clicking the MiniStore button in the bottom-right section of the iTunes window, or by selecting Edit > Hide MiniStore), but it's not just its presence that's a problem.

Cory Doctorow, writing on BoingBoing today, pointed out that this MiniStore displays songs that are similar to those you are playing, if you listen to music with iTunes. (If not, you see a generic display with New Releases, Top Songs and Top Albums.) Cory's comments are very clear:

I love iTunes because it's a clean music player. But no amount of clean UI is worth surrendering my privacy for -- I wouldn't buy a stereo that phoned home to Panasonic and told it what I was listening to; I wouldn't buy a shower radio that delivered my tuning preferences to Blaupunkt. I certainly am not comfortable with Apple shoulder-surfing me while I listen to digital music, particularly if they're doing so without my meaningful, informed consent and without disclosing what they intend on doing with that data.

I stand firmly beside Cory's comments. Apple has overstepped its limits, and this spyware (because it sends information to a server) and adware (because it displays information to attempt to sell you products) is a very serious breach of the trust I have long had in Apple's products.

In order to examine this further, I used the trusty tcpdump command (a Terminal command that examines every packet of data that leaves a computer), and checked its output while playing music both with the MiniStore visible and with it hidden. In the former case, when the MiniStore is displayed, iTunes sends queries to the iTunes Music Store (this domain: ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/ministore) and to an Apple metrics server (metrics.apple.com). It also send some cookie information, which I have not yet been able to decipher. (And this is not limited to music--when I started playing an audiobook, the MiniStore changed accordingly as well.)

However, when the MiniStore is hidden, iTunes does not send these requests. You can therefore protect yourself from Apple's prying eyes by simply hiding the MiniStore. Nevertheless, the fact that Apple is both sending information from your copy of iTunes, along with cookie information that may identify you, as well as sending song information to a metrics server, seems to be a serious breach of trust. (And their end-user license agreement, or EULA, contains no language that suggests they will do so.) Also, playing music via the Party Shuffle does not display the MiniStore, nor does it cause the MiniStore's display to change when you shift to your Library.

[Edit: after more analysis, this does not send info to Apple when you are playing music, but rather when you click on a song. So if you start playing a song by double-clicking, it will send info to the iTunes Music Store and retrieve suggestions. But if the song is in a playlist, the MiniStore display will not change when the next song begins.]

So, for now, if you don't want iTunes phoning home--and you may not want Apple to record the music you listen to--you can simply hide the MiniStore. I find Apple remiss for not being forthright about this feature, both in its EULA and other information in iTunes. But I have a feeling that this issue will be making some waves in the immediate future.


http://www.mcelhearn.com/article.php?story=20060111150127268

(the site appears to be under DoS attack at the moment for posting this... ;))

Offline Mr_Tricorder

  • 3D modeler /animator
  • Hot and Spicy
  • Lt. Commander
  • *
  • Posts: 1040
  • Gender: Male
  • Trekkie at Large
    • My myspace page
Re: iSpy
« Reply #1 on: January 11, 2006, 01:06:58 pm »
DoS attack?  I'm not familiar with that one.  Are you referring to the Slashdot Effect?

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: iSpy
« Reply #2 on: January 11, 2006, 01:10:58 pm »
DoS attack?  I'm not familiar with that one.  Are you referring to the Slashdot Effect?

It could be just a flood of hits from publicity (the slashdot effect). But it seems bad enough to me to be a DoS (Denial of Service) attack to me, though it could just be a poorly configured server I guess...

Offline Mr_Tricorder

  • 3D modeler /animator
  • Hot and Spicy
  • Lt. Commander
  • *
  • Posts: 1040
  • Gender: Male
  • Trekkie at Large
    • My myspace page
Re: iSpy
« Reply #3 on: January 11, 2006, 01:28:45 pm »
The story is on Slashdot today, so I figured it was the Slashdot Effect.

Offline Darth Sidious

  • Lt.
  • *
  • Posts: 598
  • One Winged Angel
Re: iSpy
« Reply #4 on: January 11, 2006, 01:38:00 pm »
/.'ed

...realzing how many people follow links from slashdot for the sheer joy of saying "slagged Server!" or whatnot.

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: iSpy
« Reply #5 on: January 11, 2006, 04:27:11 pm »
I get the feeling you think I'm trying to put that site down...that couldn't be farther from the truth. I applaud them for posting what they did. I honestly suspected apple or rabid mac fans of attacking the site for posting it.

I highly doubt that the pig known as SMF on our own site would hold up at all under such load.