{"id":799,"date":"2007-06-10T15:33:31","date_gmt":"2007-06-10T23:33:31","guid":{"rendered":"\/?p=799"},"modified":"2007-06-10T15:33:31","modified_gmt":"2007-06-10T23:33:31","slug":"more-on-the-itunes-approach-to-privacy","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=799","title":{"rendered":"More on the iTunes approach to privacy"},"content":{"rendered":"

Reading more about Apple's decision to insert user's names and email addresses<\/a> in the songs they download from iTunes, I came across some related information <\/a>in an excellent Macworld <\/a>article by Rob Griffiths<\/a>:<\/p>\n

Yesterday, Apple\u00e2\u20ac\u2122s iTunes 6.0.2 update was released, and offered these features, according to the Read Me:<\/p>\n

iTunes 6.0.2 includes stability and performance improvements over iTunes 6.0.1.<\/p>\n

What it also offered, but didn\u00e2\u20ac\u2122t bother to disclose, was the addition of a bit of potential spyware to the iTunes interface. As reported originally on since1968.com<\/a>, and then followed-up on boingboing<\/a> and other sites, the new iTunes MiniStore, which appears directly below the song list area in the main iTunes window, watches what you click on in iTunes and sends that information across the Web to a remote server. When you double-click a song to play in your Library or playlists, the display in the mini-store changes to reflect \u00e2\u20ac\u02dcmatches\u00e2\u20ac\u2122 based on what\u00e2\u20ac\u2122s been selected, as seen below.<\/p>\n

<\/p>\n

In order to do this, the music store must obviously know what you\u00e2\u20ac\u2122re listening to. It learns this information via a packet of information sent each time you play a song via a double-click. This data is sent without your explicit permission, and as far as I can tell, there are no Apple privacy policies that cover that transfer of information. It\u00e2\u20ac\u2122s also unclear exactly what data is being sent. (Is it just song and title? Or does it include your Apple music store ID, which would tie the song info directly to your personal data?) And although Apple now assures us that the data is not collected, that information is not made clear to users when they begin using iTunes.<\/p>\n

The MiniStore can be easily disabled\u00e2\u20ac\u201djust hit Shift-Command-M, or choose Edit: Hide MiniStore, and it\u00e2\u20ac\u2122s gone. Once hidden, no more data is transmitted, as confirmed by Kirk McElhearn<\/a> using the Unix program tcpdump<\/code>, which watches traffic sent over your network connection. Disable the MiniStore, and your private listening habits will stay just that\u00e2\u20ac\u201dprivate.<\/p>\n

However, this isn\u00e2\u20ac\u2122t about the MiniStore itself. It\u00e2\u20ac\u2122s about Apple\u00e2\u20ac\u2122s attitude in rolling this change out to the millions of iTunes users, without as much as a peep about what\u00e2\u20ac\u2122s going on behind the scenes. Consider, for example, if Microsoft had done such a thing with a minor Office update\u00e2\u20ac\u201dsay they started collecting data on the names of the files you were editing, in the hopes of selling you preformatted templates to help with future similar projects. If they did this in a minor update, and without telling anyone that the data were being transmitted, there would be universal outrage over this potential attack on our privacy. And now Apple\u00e2\u20ac\u2122s gone and done basically the exact same thing.<\/p>\n

Personally, I am quite upset with Apple\u00e2\u20ac\u2122s decision-making in this case, and I hope others are as well.<\/p>\n

No company, even one I admire as much as Apple (I did spend nearly five years of my life working there), should start transmitting personal data over the Internet without my explicit permission and a clear explanation of how it\u00e2\u20ac\u2122s being used. In addition, if a company is<\/em> collecting this information, I have a right to know exactly what\u00e2\u20ac\u2122s being collected, and what the company plans on doing with my personal information.<\/p>\n

The good news is, Apple tells us that the information is not actually being collected. The data sent is used to update the MiniStore and then discarded. If you think about it, this makes sense\u00e2\u20ac\u201dimagine the size of the data files they would accumulate with millions of users and what must be hundreds of millions of songs played each day. But Apple should tell us as much, so that we can all relax a bit about sharing our listening habits with Apple.<\/p>\n

Apple should amend iTunes to clearly disclose what data the program is transmitting and how it\u00e2\u20ac\u2122s being used. There should be a dialog box that pops up the first time iTunes runs, explaining exactly how the MiniStore works. If Apple had just included that yesterday \u00e2\u20ac\u201d or even some information in the Read Me, then I wouldn\u00e2\u20ac\u2122t have even raised this as an issue. A little transparency and openness can go a long way to easing privacy fears.<\/p>\n

As interesting as the article are the 166 comments on it. About half seem to think it's fine for Apple to collect the information without consent. Oops. I shouldn't have said “collect” – or at least that's Apple's spin on this. It seems that even though the information is sent in (through a third party), Apple doesn't actually “collect” it, since it discards the information after “processing it”. So “collect” seems to mean “retain in raw form.” The iTune supporters make it clear they “don't think” Apple would use the information to create a profile of their tastes. Customer loyalty is a beautiful thing. This is the stuff that great ads are made of.<\/p>\n","protected":false},"excerpt":{"rendered":"

Reading more about Apple's decision to insert user's names and email addresses in the songs they download from iTunes, I came across some related information in an excellent Macworld article by Rob Griffiths: Yesterday, Apple\u00e2\u20ac\u2122s iTunes 6.0.2 update was released, and offered these features, according to the Read Me: iTunes 6.0.2 includes stability and performance … Continue reading More on the iTunes approach to privacy<\/span><\/a><\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/799"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=799"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/799\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}