iSpy: Still More on the iTunes MiniStore and Privacy

Some things just go on getting worse. If it wasn’t enough that iTunes 6.0.2 contains spyware and adware, now it turns out that the program not only sends information about the song you have selected to Apple’s servers, but also sends your Apple ID, or, at least, its numerical equivalent. (If you’ve missed an installment, the story begins with the link just above, then continues here.Michael Griffin first noticed this, as reported on Boing Boing, and I had trouble reproducing it at first. But I quickly found out that he was right, with the exception that his Apple ID is six digits and mine is eight. (See the updates to the Boing Boing story for more on how I discovered this.)

So, after Apple claimed that they were not “collecting” information, it now turns out that the information they send is directly linked to a user’s account identifier, if, of course, the user has an Apple ID. If you have never logged into your iTunes Music Store account, you won’t have this ID, and Apple can’t track you. But if you have, even once, this ID is stored in a preference file on your computer, and sent with each iTunes MiniStore request.

Here is an example of the raw data that is sent, taken from tcpdump output. What is being transmitted is, first of all, song info: the name of the song, the artist and the genre. Then it sends the Apple ID, shown as ######## below. (Note: I’ve inserted link breaks for readability.)


....GET./WebObjects/MZSearch.woa/wa/ministoreMatch?an=Brian%20Eno&gn=Alternative 
&kind=song&pn=Another%20Day%20On%20Earth.HTTP/1.1..X-Dsid:.########..
X-Apple-Tz: .3600..X-Apple-Store-Front:.143441..Referer:.http://
ax.phobos.apple.com.edgesuit e.net/WebObjects/MZStore.woa/wa/ministore?
a=38124&kind=song&p=21770107..User-Agent:.iTunes/6.0.2.
(Macintosh;.U;.PPC.Mac.OS.X.10.4.4)..Accept-Language:.en-us,.en ;q=0.50..X-Apple-
Validation:.2EE9F6C3-D8415CAF7FE49AF74A1B7CF92DDDC842..
Accept-E ncoding:.gzip,.x-aes-cbc..Connection:.close..
Host:.ax.phobos.apple.com.edgesuite .net.... 

You can also see such things as the version of iTunes, the language, and some other cookie stuff (after Apple-Validation).

It then sends this, which is more of the same (without the Apple ID), but with some more stuff from the iTunes cookies files:



c6..HTTP/1.1.200.OK..Last-Modified:.Thu,.12.Jan.2006.12:46:27.GMT..Content-
Type: .text/xml;.charset=UTF-8..x-apple-lok-response-date:.Thu.Jan.12.04:46:27.PST.200 6..
Vary:.Accept-Encoding..x-webobjects-loadaverage:.0..x-apple-lok-filelastmodif ied-date:.
Tue.Jan.10.21:14:37.PST.2006..x-apple-lok-path:./opt/itms_lokamai/Loka mai/MZSearch/
ministore/12/57/wa_ministoreMatch?an=Brian%20Eno&gn=Alternative&
kin d=song&pn=Another%20Day%20On%20Earth-143441-Ak..x-apple-date-
generated:.Wed,.11. Jan.2006.05:14:36.GMT..x-apple-request-store-front:.
143441..x-apple-max-age:.360 0..x-apple-max-age:.64800..x-apple-application-instance:.
150..x-apple-asset-vers ion:.14571..x-apple-lok-filesize:.1693..x-apple-lok-current-
stor efront:.143441.. Content-Encoding:.gzip..Expires:.Thu,.12.Jan.
2006.12:46:27.GMT..Cache-Control:.m ax-age=0,.no-cache..Pragma:.no-cache..Date:.Thu,.
12.Jan.2006.12:46:27.GMT..Content-Length:.551..Connection:.close 

Here’s more (with my Apple ID hidden again):



HTTP/1.1..X-Dsid:.########..X-Apple-Tz:.
3600..Cookie:.asbid=sKUKC49DKFC7T4CHC;.s _vi=
[CS]v1|53C501E3-85ACC277[CE];.s_vi_jx7Bx7Bgnbx7Ffxxej=
[CS]v4|53C58647-6EC2D2 32|0[CE];.s_vi_jx7Bx7Bgnbx7Ffxxx7Exx=
[CS]v4|53C58647-6EC2D232|0[CE];.s_vi_ox7Ex7 Ebkx7Bx7Dyyygzcx7D=
[CS]v4|53C58647-6EC2D232|0[CE] 

Most of what is in this part I have found in my iTunes cookies (in the com.apple.itunes.plist file).

And for a minute, I was thinking that this would all blow over quickly…


See other articles about the iTunes MiniStore:

iTunes: Apple’s New Spyware and Adware Application?

The iTunes MiniStore Debacle: What Apple Did Wrong

iSpy: Still More on the iTunes MiniStore and Privacy

The iTunes MiniStore: Fact and Fiction

The iTunes MiniStore Debacle: What Apple Did Wrong

As reported here yesterday (an article that got picked up on Slashdot which, of course, killed my web server–sorry Nico), Apple introduced a new feature in the latest version of iTunes: the MiniStore. Several articles have been making waves about this, beginning with a post on since1968, then Boing Boing, and this editorial on the Macworld web site by Rob Griffiths, and the comments to this and other stories have been quite vehement. After Rob Griffiths posted his article, he was contacted by a high-level Apple official who stated that “the iTunes MiniStore feature does not collect any information from users”. Also, Apple yesterday published a knowledge base article explaining how to disable the MiniStore (which I reported in my article as well).

In this article, I would like to examine why this hit the fan, what Apple did wrong, but also address some of the most frequently made comments to this story that have appeared on various web sites. I think that there was a failure of adequate communication by Apple, and a misunderstanding of some of the issues by many users. First, Apple is remiss in not providing appropriate information about this new feature to users. While the iTunes download page includes this grammatically ambiguous sentence, “Discover new music as you enjoy your collection or import new CDs with MiniStore–right from your iTunes library,” Mac users who used Software Update to get the latest version of iTunes saw only this uninformative information: “iTunes 6.0.2 includes stability and performance improvements over iTunes 6.0.1.” Therefore, they did not see the presentation of this new function on the Apple web site. (Windows users don’t have the same functionality, and, when iTunes detects a new version of the software, they click a button to go to the web site where they would have read the above description of this feature.) Apple should therefore have required users to opt in (that is, approve this feature by clicking a button or checking a box) rather than requiring them to opt out (hide the pane) to turn it off.

Apple should have been more forthcoming about what this feature does, and how it works. For those who missed the first episode, here’s what the MiniStore does. By default, the MiniStore displays at the bottom of the iTunes window when you look at your Library or a playlist. (It does not display when you click the Party Shuffle icon, your iPod, the Radio icon, or others.) If you click a song–and if you have an active Internet connection–iTunes sends the song name, along with some other data, to the iTunes Music Store to provide “recommendations” for music that you can buy.

Now, some people have criticized the use of the terms “spyware” and “adware”. Spyware, by definition, harvests data from your computer and sends it to another server. QED. Adware displays ads (recommendations?) on your computer. QED.

So the problem here is two-fold: first, Apple added a feature (which many people may appreciate) designed to increase their revenue stream. However, they did not tell users what type of information is being sent and where (at least the song name and artist are being sent when you click on a song, but there is also a cookie being sent, and no one has yet explained the purpose and content of this cookie). A simple warning dialog at first launch might have resolved this problem. (And, since the license does not even grant Apple the right to “obtain” this information from users’ computers, there may be legal issues that should have been addressed.)

Second, this information is being processed by another company, Omniture, which is a marketing company, and no one knows what they do with it. While Apple claims to not “collect” any information, what does Omniture do with this information, and why is some information sent to metrics.apple.com?

Perhaps this is all benign, and the song information is simply being processed then tossed in the bit bucket. But perhaps not. Apple should have been more forthright and explained this–if not in the iTunes help, where there is no mention of the MiniStore, at least in its knowledge base article–so users would not have to worry. (I find it astounding that, of all the people at Apple who are involved in a product like iTunes, that the question of privacy was not raised; or, if it was, remained ignored.)

Again, there may be nothing nefarious about this, but in a time when much software tracks users’ habits with impunity, when librarians are asked to record and report readers’ book selections, when the US government wire-taps people without court orders, and when cellphone records are available for sale on the Internet, it is no surprise that some people get worried about tiny encroachments to privacy.

Yet the comments to articles on various web sites mention some things that surprise me. While many people feel Apple was remiss in not being up-front about this feature, many people have posted comments such as the following (and I paraphrase, rather than directly quote anyone):

– But every computer company does this or all the media players do this. Well, is that any reason for Apple to do so? Does the fact that other companies harvest personal data mean that it is legal and moral to do so?

– This happens all the time on Windows. Well, get a Mac.

– It’s the same thing as the Just For You section of the iTunes Music Store. This is incorrect. The Just For You section of the iTMS is based on your purchases, not the contents of your music library and the songs you click. I think many people did not understand the difference between the MiniStore and the Music Store itself. (More about that below.)

– It’s the same thing as using your web browser and clicking links, since web sites can record your browsing history. No, that’s not true. When you use a web browser, you know you are clicking on a link to go to another page. Here, you don’t know that clicking on a song (that you own; that is on your computer) is sending information to a server.

– But Amazon makes recommendations to me too. What’s the difference? The difference is very important. When you go to the Amazon web site, you are entering a (virtual) store, with the full knowledge that you are on a company’s web site. iTunes, with this new feature, has blurred the lines between the part of the software that acts as a portal to the iTunes Music Store and the part that you use to manage your music library. And, again, these suggestions are not made according to your previous purchases, but rather the result of just clicking on a song in your library.

– What about the Gracenote CDDB that looks up your CDs when you rip them? This is clearly addressed in the iTunes license, and a dialog displays when iTunes connects to the Gracenote CDDB.

– Only totally naive computer users wouldn’t understand that iTunes is sending data to a server to display information in the MiniStore pane. Well, the vast majority of computer users are technically un-savvy, so this is a moot point.

What is astounding is how many people rationalize data collection; how this practice is now considered to be acceptable. This said, many of the people posting the above comments did not understand the technical aspects of this issue.

But a broader issue has appeared in this discussion: the blurring between software applications and the web. Most people do not realize that iTunes is a combination music management program and web browser. Yes, that’s right; the iTunes Music Store is simply a bunch of web pages that display in the iTunes interface. Users are very aware when they use a browser that they are accessing web sites, and many people are aware of the security issues involved, such as cookies and browsing history being recorded. Modern browsers offer security settings that control these breadcrumbs, but iTunes, part of which is a browser, does not offer any such security settings. You cannot, for example, check or delete cookies used by iTunes, nor can you ensure that your your browsing history in the iTunes Music Store is not recorded. (Yes, you can sign out from your iTMS account, but could there still be a cookie trail as you browse?) I admit that, too me, these are non-issues, but the conflation of the web browser with other programs means that many users do not realize that security issues that affect the former may also affect the latter.

(An aside: some time ago, iTunes had an option that allowed you to decide whether iTunes could connect to the Internet automatically for Gracenote CDDB lookups or whether it would ask you first. This option is gone, and one effect the MiniStore will have, at least for those who have dialup connections, is that iTunes will attempt to open an Internet connection. This can be very annoying.)

Aside from viruses, it turns out that the music industry is the biggest source of security problems on computers in recent times. With Sony’s rootkit (a number of recent Sony CDs installed nefarious software on Windows computers, without user approval, opening these computers to possible intrusion), many companies have banned the used of music CDs in the workplace. Interestingly, if the recording industry wants to sell more CDs, this action is counter-productive. Now, with iTunes sending information to other servers–and regardless of what information is being sent, some network administrators will see this as a security risk–is the next step for companies to ban the use of iTunes, for those employees who are able to listen to music at work?

Apple blew it here, as mentioned above, by not being forthcoming about what this feature was doing, and lost some of the credibility that the company had developed over the years. It would not have taken much to correctly present this feature and reassure users as to the type of information that it transmits to Apple and other companies. In the meantime, until Apple is totally clear about what this feature does and what information it harvests, one can only assume that it is indeed collecting information, or that, at a minimum, the potential to do so exists.


See other articles about the iTunes MiniStore:

iTunes: Apple’s New Spyware and Adware Application?

The iTunes MiniStore Debacle: What Apple Did Wrong

iSpy: Still More on the iTunes MiniStore and Privacy

The iTunes MiniStore: Fact and Fiction

iTunes: Apple’s New Spyware and Adware Application?

Yesterday’s update to iTunes 6.0.2 comes with a surprise: it’s spyware and adware.

Since Apple launched the iTunes Music Store, iTunes has been a compromise: both a music management program and sales portal, it clearly separated the two, offering separate icons for your Library and the Music Store in its Source list. But the latest update adds something new that I find invading: when you go to your library, you see a “MiniStore” at the bottom of the window. This is easily removed (either by clicking the MiniStore button in the bottom-right section of the iTunes window, or by selecting Edit > Hide MiniStore), but it’s not just its presence that’s a problem.Cory Doctorow, writing on BoingBoing today, pointed out that this MiniStore displays songs that are similar to those you are playing, if you listen to music with iTunes. (If not, you see a generic display with New Releases, Top Songs and Top Albums.) Cory’s comments are very clear:

I love iTunes because it’s a clean music player. But no amount of clean UI is worth surrendering my privacy for — I wouldn’t buy a stereo that phoned home to Panasonic and told it what I was listening to; I wouldn’t buy a shower radio that delivered my tuning preferences to Blaupunkt. I certainly am not comfortable with Apple shoulder-surfing me while I listen to digital music, particularly if they’re doing so without my meaningful, informed consent and without disclosing what they intend on doing with that data.

I stand firmly beside Cory’s comments. Apple has overstepped its limits, and this spyware (because it sends information to a server) and adware (because it displays information to attempt to sell you products) is a very serious breach of the trust I have long had in Apple’s products.

In order to examine this further, I used the trusty tcpdump command (a Terminal command that examines every packet of data that leaves a computer), and checked its output while playing music both with the MiniStore visible and with it hidden. In the former case, when the MiniStore is displayed, iTunes sends queries to the iTunes Music Store (this domain: ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/ministore) and to an Apple metrics server (metrics.apple.com). It also send some cookie information, which I have not yet been able to decipher. (And this is not limited to music–when I started playing an audiobook, the MiniStore changed accordingly as well.)

However, when the MiniStore is hidden, iTunes does not send these requests. You can therefore protect yourself from Apple’s prying eyes by simply hiding the MiniStore. Nevertheless, the fact that Apple is both sending information from your copy of iTunes, along with cookie information that may identify you, as well as sending song information to a metrics server, seems to be a serious breach of trust. (And their end-user license agreement, or EULA, contains no language that suggests they will do so.) Also, playing music via the Party Shuffle does not display the MiniStore, nor does it cause the MiniStore’s display to change when you shift to your Library.

[Edit: after more analysis, this does not send info to Apple when you are playing music, but rather when you click on a song. So if you start playing a song by double-clicking, it will send info to the iTunes Music Store and retrieve suggestions. But if the song is in a playlist, the MiniStore display will not change when the next song begins.]

So, for now, if you don’t want iTunes phoning home–and you may not want Apple to record the music you listen to–you can simply hide the MiniStore. I find Apple remiss for not being forthright about this feature, both in its EULA and other information in iTunes. But I have a feeling that this issue will be making some waves in the immediate future.

[Edit: Rob Griffiths, writing in an editorial for Macworld, writes, “… an Apple official told Macworld that the iTunes MiniStore feature does not collect any information from users.” I’m a bit unsure about the use of the term “collect”; I’ll read it as “store and save”. However, this does not change the fact that Apple is sending information to a server without warning users, and that neither their license agreement nor their help tell this to users.]


See other articles about the iTunes MiniStore:

iTunes: Apple’s New Spyware and Adware Application?

The iTunes MiniStore Debacle: What Apple Did Wrong

iSpy: Still More on the iTunes MiniStore and Privacy

The iTunes MiniStore: Fact and Fiction

iWish: Multiple iTunes Libraries

The success of the iPod is creating new problems for many iPod and iTunes users. If you are a multi-iPod family, which is becoming increasingly common, you can no longer simply connect an iPod to your computer and sync your music automatically. If you have multiple iPods, you need to jump through some hoops to manage them. You can either create separate user accounts, each with its unique iTunes library, but end up with duplicate songs and waste space, or you can set one iPod to sync automatically, and the other(s) manually, which requires you to choose which music you want to put on the manually-synced iPods.

There is, of course, a solution to this, and Apple would be wise to introduce such a feature in iTunes: multiple libraries.With multiple libraries, iTunes would be able to manage different selections of music from the same set of song files. Say, for example, I want to have my 40 GB iPod copy all of my music. (Well, in my case it’s not all my music, since I have enough to put on three iPods…) I create one library, containing only the music I want to put on that iPod, and link the iPod to that library. iTunes should allow the creation of separate, named libraries, and the iTunes preferences should allow you to choose which library gets synced to each iPod.

I have one 40 GB iPod for classical music, and another for the rest of my music (jazz, rock, audiobooks, jam bands, etc.). So I’d create one library for my classical music and another for all the rest; when connecting each iPod, iTunes would be able to sync its music easily.

And if I then want to sync music to my iPod shuffle, without the Autofill feature or creating a special playlist for my shuffle, I’d simply switch to the library I set up for that iPod, and let it sync automatically.

Now, this scenario is rare – not that many people have several iPods for themselves, but it is common to have multiple iPods in a family. So each family member could create a library in iTunes, without having a separate user account (which most families don’t use anyway), allowing them to easily manage all the music they want. Husbands and wives could have their own libraries, each using only the music they like. And kids could also have their own libraries, syncing easily when they want to.

There are two advantages to this: the first is obviously the easier syncing of music from a single computer to multiple iPods. But the second is just as important: using a single set of music makes it much easier to back up all the music at once, and avoids having doubles in different user accounts.

Apple is always striving to make their software easier to use and more practical, and this is a feature that would be a boon to many iPod users. Let’s hope we see it soon.

The Trouble with Newspapers

Not long ago, I posted an article about online newspapers here on my site. My complaints were more about form and functionality than content, but I did suggest that newspapers have an important role to play.

Joseph Epstein has written an interesting article in Commentary called Are Newspapers Doomed?, which examines the more serious questions of the content of newspapers as they are faced with increasing competition from audiovisual media and the Internet. I heartily agree with Epstein, especially with his conclusion:

My own preference would be for a few serious newspapers to take the high road: to smarten up instead of dumbing down, to honor the principles of integrity and impartiality in their coverage, and to become institutions that even those who disagreed with them would have to respect for the reasoned cogency of their editorial positions. I imagine such papers directed by editors who could choose for me—as neither the Internet nor I on my own can do—the serious issues, questions, and problems of the day and, with the aid of intelligence born of concern, give each the emphasis it deserves.

Beyond that, I wonder about a world where people consider that even attempting to understand the world around them, and voting for their leaders based on little more than beauty contests. I wonder how people feel that they are part of a society that they shun at every opportunity, yet get flustered when things go wrong. How they could elect an American president who is so averse to telling the truth about anything, yet continue to accept new lies on almost a daily basis.

This won’t change. Not overnight, at least. It would take much more than a few good newspapers to turn passive couch potatoes into interested voters and citizens. But one can always hope, right?