iTunes phones home

Apple used the Macworld Expo in San Francisco last week to announce a new version of iTunes, version 6.0.2, that "includes stability and performance improvements over iTunes 6.0.1." One of the "improvements" is the iTunes MiniStore which an interesting little piece of code that looks at what you're listening to and suggests artists and songs that you might like. The main issue with the iTunes MiniStore is that it arrives turned on by default. Didn't Apple pay attention to the whole Sony BMG Music rootkit fiasco?

Don't get me wrong, the iTunes 6.0.2 MiniStore is nowhere near as egregious as the Sony BMG rootkit, but it sets a dangerous data collection trend that seems out of character for a company like Apple. As reported far and wide across the Internet the iTunes 6.0.2 MiniStore automatically transmits your listening information over the Internet back to the Apple Mothership.

According to the Electronic Frontier Foundation (EFF) it's not the fact that Apple's transmitting this data that's scary, it's that they haven't said what they're going to do with it:

What Apple does with this information is unknown, although Apple has represented that it is not collecting data on its users--yet. Nor has Apple disclosed the steps it takes to prevent disclosure or leakage of the information to third parties.

After the Sony BMG Music trojan and subsequent settlement, you'd think that Apple would have given this a little more thought. While iTunes' "phone home" feature is nowhere near as bad as some of the spyware that's out there it's still surprising that Apple would embed such a thing into such a prominent application as iTunes. Didn't they think anyone would notice?

One of the best defenses against unknown and unauthorized data collection is an application from Objective Development called Little Snitch. When any application (like iTunes) tries to establish a network connection, Little Snitch intercepts the attempt and brings up a dialog box telling you all the connection details including the name of the application which initiated the connection. You can either allow the connection, deny it or add a permanent rule for similar future-connections. It's probably the best US$24.95 that you can spend.

According to an Apple statement to Macworld no data is collected. Regardless, the MiniStore recommendation mechanism hidden in iTunes is part of a dangerous trend in digital music. According to the EFF:

When companies like Apple and Sony BMG start adjusting or installing software to micro-monitor our personal and private actions, even under the rubric of convenience, it is just one short stop down the road toward attempting to condition and control our behavior. All it takes is an enforcement protocol to turn recommendations into restrictions overnight.

If companies like Apple are truly about user empowerment, they must watch this trend closely and remain on the right side of it. Allowing users to upload information voluntarily and expressly with adequate privacy protections is pro-user; surreptitiously siphoning it into a remote database without any privacy guarantees is not. It's time for Apple to pick a side of the line and walk it.

You can block the transmission of your personal data with software like Little Snitch and you can turn off the Apple MiniStore by hitting Command-Shift-M or choose Edit > Hide MiniStore. I recommend turning off the MiniStore until Apple comes clean about its MiniStore data and privacy practices.

Read more at BoingBoing.