Yesterday’s update to iTunes 6.0.2 comes with a surprise: it’s spyware and adware.
Since Apple launched the iTunes Music Store, iTunes has been a compromise: both a music management program and sales portal, it clearly separated the two, offering separate icons for your Library and the Music Store in its Source list. But the latest update adds something new that I find invading: when you go to your library, you see a “MiniStore” at the bottom of the window. This is easily removed (either by clicking the MiniStore button in the bottom-right section of the iTunes window, or by selecting Edit > Hide MiniStore), but it’s not just its presence that’s a problem.Cory Doctorow, writing on BoingBoing today, pointed out that this MiniStore displays songs that are similar to those you are playing, if you listen to music with iTunes. (If not, you see a generic display with New Releases, Top Songs and Top Albums.) Cory’s comments are very clear:
I love iTunes because it’s a clean music player. But no amount of clean UI is worth surrendering my privacy for — I wouldn’t buy a stereo that phoned home to Panasonic and told it what I was listening to; I wouldn’t buy a shower radio that delivered my tuning preferences to Blaupunkt. I certainly am not comfortable with Apple shoulder-surfing me while I listen to digital music, particularly if they’re doing so without my meaningful, informed consent and without disclosing what they intend on doing with that data.
I stand firmly beside Cory’s comments. Apple has overstepped its limits, and this spyware (because it sends information to a server) and adware (because it displays information to attempt to sell you products) is a very serious breach of the trust I have long had in Apple’s products.
In order to examine this further, I used the trusty tcpdump command (a Terminal command that examines every packet of data that leaves a computer), and checked its output while playing music both with the MiniStore visible and with it hidden. In the former case, when the MiniStore is displayed, iTunes sends queries to the iTunes Music Store (this domain: ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/ministore) and to an Apple metrics server (metrics.apple.com). It also send some cookie information, which I have not yet been able to decipher. (And this is not limited to music–when I started playing an audiobook, the MiniStore changed accordingly as well.)
However, when the MiniStore is hidden, iTunes does not send these requests. You can therefore protect yourself from Apple’s prying eyes by simply hiding the MiniStore. Nevertheless, the fact that Apple is both sending information from your copy of iTunes, along with cookie information that may identify you, as well as sending song information to a metrics server, seems to be a serious breach of trust. (And their end-user license agreement, or EULA, contains no language that suggests they will do so.) Also, playing music via the Party Shuffle does not display the MiniStore, nor does it cause the MiniStore’s display to change when you shift to your Library.
[Edit: after more analysis, this does not send info to Apple when you are playing music, but rather when you click on a song. So if you start playing a song by double-clicking, it will send info to the iTunes Music Store and retrieve suggestions. But if the song is in a playlist, the MiniStore display will not change when the next song begins.]
So, for now, if you don’t want iTunes phoning home–and you may not want Apple to record the music you listen to–you can simply hide the MiniStore. I find Apple remiss for not being forthright about this feature, both in its EULA and other information in iTunes. But I have a feeling that this issue will be making some waves in the immediate future.
[Edit: Rob Griffiths, writing in an editorial for Macworld, writes, “… an Apple official told Macworld that the iTunes MiniStore feature does not collect any information from users.” I’m a bit unsure about the use of the term “collect”; I’ll read it as “store and save”. However, this does not change the fact that Apple is sending information to a server without warning users, and that neither their license agreement nor their help tell this to users.]
See other articles about the iTunes MiniStore:
iTunes: Apple’s New Spyware and Adware Application?
The iTunes MiniStore Debacle: What Apple Did Wrong
iSpy: Still More on the iTunes MiniStore and Privacy