RealNetworks may be watching you

RealJukebox monitoring of users' habits may contravene European Law

Online multimedia company RealNetworks has been caught out monitoring users' habits by employing its RealJukebox software. RealJukebox monitors the user listening habits and some other activities and reports the information and the user's identity to the company, the New York Times said.

A security expert intercepted and examined information generated from the programme, and company officials acknowledged that RealJukebox gathers information on what users are playing and recording, the Times said.

RealJukebox is used to play compact disks on computers and can copy music to a user's hard drive and download music from the Internet.

Dave Richards, RealNetworks' vice president for consumer products, told the Times the company gathered the information to customise service for individual users. He and other company officials said the practice did not violate consumer privacy because the data was not stored by the company or released to other companies, the Times said.

But privacy advocates and security experts agreed that it was a violation of the privacy of the 13.5 million registered users of RealJukebox, the Times said, particularly because RealNetworks has not informed consumers they are being identified and monitored.

Richard Smith, a Massachusetts-based independent security consultant, said the numbers of songs stored on a user's hard drive, the kind of file formats in which the songs are stored, the user's preferred genre of music, and the type of portable music player, if any, the user has connected to the computer are sent to the company, the Times said.

In addition, a personal serial number known as a globally unique identifier, or GUID, is also sent to RealNetworks, the paper said. The fact that RealNetworks gathers the information is not mentioned in the privacy policy posted on its Web site, the Times said, or the licensing agreement users must approve when installing RealJukebox.

E-commerce adviser for British civil rights organisation Cyber-Rights & Cyber-Liberties Nicholas Bohm, takes a cynical view of Real's practice and points out that it may contravene European Law. He says, "European Union law says that you mustn't export personal data outside Europe to regimes where they don't have adequate data protection, such as the United States."

The fact that RealNetworks neglects to inform its users of any monitoring facility on The RealJukebox makes the situation worse says Bohm. "There are no rules saying that you can't collect information, but there are rules saying that this has to be above board. Personally I find it deeply objectionable to collect information surreptitiously."

Bohm also questions whether RealNetworks would really go to all the trouble of organising this hidden practice without doing anything with it adding, "I don't know what they want to do with it if they're not going to collect or distribute it. I wouldn't be convinced that they're going to collect it just to throw it away."

Will Knight contributed to this story

What do you think of RealNetworks' practice? Tell the Mailroom

They can see you... Read about how and why in Surveillance , a ZDNet News Special