iTunes phones home

iTunes phones home

Summary: One of the "improvements" in iTunes 6.0.2 is the MiniStore which looks at what you're listening to and suggests artists and songs that you might like.

SHARE:
TOPICS: Apple
2

little-snitch.jpgApple used the Macworld Expo in San Francisco last week to announce a new version of iTunes, version 6.0.2, that "includes stability and performance improvements over iTunes 6.0.1." One of the "improvements" is the iTunes MiniStore which an interesting little piece of code that looks at what you're listening to and suggests artists and songs that you might like. The main issue with the iTunes MiniStore is that it arrives turned on by default. Didn't Apple pay attention to the whole Sony BMG Music rootkit fiasco?

Don't get me wrong, the iTunes 6.0.2 MiniStore is nowhere near as egregious as the Sony BMG rootkit, but it sets a dangerous data collection trend that seems out of character for a company like Apple. As reported far and wide across the Internet the iTunes 6.0.2 MiniStore automatically transmits your listening information over the Internet back to the Apple Mothership.

According to the Electronic Frontier Foundation (EFF) it's not the fact that Apple's transmitting this data that's scary, it's that they haven't said what they're going to do with it:

What Apple does with this information is unknown, although Apple has represented that it is not collecting data on its users--yet. Nor has Apple disclosed the steps it takes to prevent disclosure or leakage of the information to third parties.

After the Sony BMG Music trojan and subsequent settlement, you'd think that Apple would have given this a little more thought. While iTunes' "phone home" feature is nowhere near as bad as some of the spyware that's out there it's still surprising that Apple would embed such a thing into such a prominent application as iTunes. Didn't they think anyone would notice?

One of the best defenses against unknown and unauthorized data collection is an application from Objective Development called Little Snitch. When any application (like iTunes) tries to establish a network connection, Little Snitch intercepts the attempt and brings up a dialog box telling you all the connection details including the name of the application which initiated the connection. You can either allow the connection, deny it or add a permanent rule for similar future-connections. It's probably the best US$24.95 that you can spend.

According to an Apple statement to Macworld no data is collected. Regardless, the MiniStore recommendation mechanism hidden in iTunes is part of a dangerous trend in digital music. According to the EFF:

When companies like Apple and Sony BMG start adjusting or installing software to micro-monitor our personal and private actions, even under the rubric of convenience, it is just one short stop down the road toward attempting to condition and control our behavior. All it takes is an enforcement protocol to turn recommendations into restrictions overnight.

If companies like Apple are truly about user empowerment, they must watch this trend closely and remain on the right side of it. Allowing users to upload information voluntarily and expressly with adequate privacy protections is pro-user; surreptitiously siphoning it into a remote database without any privacy guarantees is not. It's time for Apple to pick a side of the line and walk it.
You can block the transmission of your personal data with software like Little Snitch and you can turn off the Apple MiniStore by hitting Command-Shift-M or choose Edit > Hide MiniStore. I recommend turning off the MiniStore until Apple comes clean about its MiniStore data and privacy practices.

Read more at BoingBoing.

 

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Apple has said what they do with it

    Apple aready said what they do with any data that goes to Apple.
    Nothing. What makes everyone think any data is sent that says
    anything about the user? Has anyone analyzed it? Couldn't a
    program just send the name of the song, and then the ITMS
    picks the context and transmits that? How does anyone know
    that any user data at all is sent? We do. Apple said none. And the
    hair-on-fire rumor mongers are the ones that have to prove
    otherwise.

    All this hysteria only goes to show the tech media still don't act
    like real journalists. They report rumors and then wait for the
    facts to come stumbling in - if they ever do.

    The only honest tech journalists are the ones who put the word
    "rumor" in their names.
    ewelch
  • yocfqal 24 ogp

    vabmgr,wldygpiq94, ulidq.
    bhomeioy4201-24379008504241097516569853560692