Do you think it’s a good idea? A bad idea? Or do you not have an opinion either way?
Vote in my poll (look in the left column) and share your opinion.
Do you think it’s a good idea? A bad idea? Or do you not have an opinion either way?
Vote in my poll (look in the left column) and share your opinion.
It wasn’t so hard after all…
As reported here, in an article entitled iTunes: Apple’s New Spyware and Adware Application?, Apple rolled in a new feature to iTunes 6.02, called the iTunes MiniStore. (Read the above linked article for more about this feature and the security issues it raises.) Apple unofficially told a Macworld journalist that it was not collecting data, but I, and many privacy advocates, felt that this was not enough, and wondered why Apple could not simply have iTunes display a warning that explains what this features does.
But today, Apple did the right thing.Well, checking the MiniStore this morning I saw this warning:
And this shows above the button that hides the MiniStore:
I’m pleased that Apple decided to make this change, and reassured that the company has listened to its critics, and that it has reacted so quickly. (A week is not that long for such a large company to react.) Apple, you have restored my faith. Thanks!
As more pixels are being spilled about the potential spyware and adware in the latest version of Apple’s iTunes, a great deal of misunderstanding about this issue is prevalent. I’ve written about this issue several times, beginning with this article, which outlined what the iTunes MiniStore does , followed up by this examination of what Apple did wrong, and how apologists seem to want to forgive every mistake that Apple makes, and, finally, a presentation of the actual data that iTunes sends to the iTunes Music Store, including a unique use ID.
In this article, I would like to examine some of the claims that have been made about what the iTunes Mini Store actually does, and explain what is fact and what is fiction. There is a bit of both in some of the articles on the web, especially in the comments on sites like Slashdot. So read on for a reality check.
See other articles about the iTunes MiniStore:
Some things just go on getting worse. If it wasn’t enough that iTunes 6.0.2 contains spyware and adware, now it turns out that the program not only sends information about the song you have selected to Apple’s servers, but also sends your Apple ID, or, at least, its numerical equivalent. (If you’ve missed an installment, the story begins with the link just above, then continues here.Michael Griffin first noticed this, as reported on Boing Boing, and I had trouble reproducing it at first. But I quickly found out that he was right, with the exception that his Apple ID is six digits and mine is eight. (See the updates to the Boing Boing story for more on how I discovered this.)
So, after Apple claimed that they were not “collecting” information, it now turns out that the information they send is directly linked to a user’s account identifier, if, of course, the user has an Apple ID. If you have never logged into your iTunes Music Store account, you won’t have this ID, and Apple can’t track you. But if you have, even once, this ID is stored in a preference file on your computer, and sent with each iTunes MiniStore request.
Here is an example of the raw data that is sent, taken from tcpdump output. What is being transmitted is, first of all, song info: the name of the song, the artist and the genre. Then it sends the Apple ID, shown as ######## below. (Note: I’ve inserted link breaks for readability.)
....GET./WebObjects/MZSearch.woa/wa/ministoreMatch?an=Brian%20Eno&gn=Alternative &kind=song&pn=Another%20Day%20On%20Earth.HTTP/1.1..X-Dsid:.########.. X-Apple-Tz: .3600..X-Apple-Store-Front:.143441..Referer:.http:// ax.phobos.apple.com.edgesuit e.net/WebObjects/MZStore.woa/wa/ministore? a=38124&kind=song&p=21770107..User-Agent:.iTunes/6.0.2. (Macintosh;.U;.PPC.Mac.OS.X.10.4.4)..Accept-Language:.en-us,.en ;q=0.50..X-Apple- Validation:.2EE9F6C3-D8415CAF7FE49AF74A1B7CF92DDDC842.. Accept-E ncoding:.gzip,.x-aes-cbc..Connection:.close.. Host:.ax.phobos.apple.com.edgesuite .net....
You can also see such things as the version of iTunes, the language, and some other cookie stuff (after Apple-Validation).
It then sends this, which is more of the same (without the Apple ID), but with some more stuff from the iTunes cookies files:
c6..HTTP/1.1.200.OK..Last-Modified:.Thu,.12.Jan.2006.12:46:27.GMT..Content- Type: .text/xml;.charset=UTF-8..x-apple-lok-response-date:.Thu.Jan.12.04:46:27.PST.200 6.. Vary:.Accept-Encoding..x-webobjects-loadaverage:.0..x-apple-lok-filelastmodif ied-date:. Tue.Jan.10.21:14:37.PST.2006..x-apple-lok-path:./opt/itms_lokamai/Loka mai/MZSearch/ ministore/12/57/wa_ministoreMatch?an=Brian%20Eno&gn=Alternative& kin d=song&pn=Another%20Day%20On%20Earth-143441-Ak..x-apple-date- generated:.Wed,.11. Jan.2006.05:14:36.GMT..x-apple-request-store-front:. 143441..x-apple-max-age:.360 0..x-apple-max-age:.64800..x-apple-application-instance:. 150..x-apple-asset-vers ion:.14571..x-apple-lok-filesize:.1693..x-apple-lok-current- stor efront:.143441.. Content-Encoding:.gzip..Expires:.Thu,.12.Jan. 2006.12:46:27.GMT..Cache-Control:.m ax-age=0,.no-cache..Pragma:.no-cache..Date:.Thu,. 12.Jan.2006.12:46:27.GMT..Content-Length:.551..Connection:.close
Here’s more (with my Apple ID hidden again):
HTTP/1.1..X-Dsid:.########..X-Apple-Tz:. 3600..Cookie:.asbid=sKUKC49DKFC7T4CHC;.s _vi= [CS]v1|53C501E3-85ACC277[CE];.s_vi_jx7Bx7Bgnbx7Ffxxej= [CS]v4|53C58647-6EC2D2 32|0[CE];.s_vi_jx7Bx7Bgnbx7Ffxxx7Exx= [CS]v4|53C58647-6EC2D232|0[CE];.s_vi_ox7Ex7 Ebkx7Bx7Dyyygzcx7D= [CS]v4|53C58647-6EC2D232|0[CE]
Most of what is in this part I have found in my iTunes cookies (in the com.apple.itunes.plist file).
And for a minute, I was thinking that this would all blow over quickly…
See other articles about the iTunes MiniStore:
As reported here yesterday (an article that got picked up on Slashdot which, of course, killed my web server–sorry Nico), Apple introduced a new feature in the latest version of iTunes: the MiniStore. Several articles have been making waves about this, beginning with a post on since1968, then Boing Boing, and this editorial on the Macworld web site by Rob Griffiths, and the comments to this and other stories have been quite vehement. After Rob Griffiths posted his article, he was contacted by a high-level Apple official who stated that “the iTunes MiniStore feature does not collect any information from users”. Also, Apple yesterday published a knowledge base article explaining how to disable the MiniStore (which I reported in my article as well).
In this article, I would like to examine why this hit the fan, what Apple did wrong, but also address some of the most frequently made comments to this story that have appeared on various web sites. I think that there was a failure of adequate communication by Apple, and a misunderstanding of some of the issues by many users. First, Apple is remiss in not providing appropriate information about this new feature to users. While the iTunes download page includes this grammatically ambiguous sentence, “Discover new music as you enjoy your collection or import new CDs with MiniStore–right from your iTunes library,” Mac users who used Software Update to get the latest version of iTunes saw only this uninformative information: “iTunes 6.0.2 includes stability and performance improvements over iTunes 6.0.1.” Therefore, they did not see the presentation of this new function on the Apple web site. (Windows users don’t have the same functionality, and, when iTunes detects a new version of the software, they click a button to go to the web site where they would have read the above description of this feature.) Apple should therefore have required users to opt in (that is, approve this feature by clicking a button or checking a box) rather than requiring them to opt out (hide the pane) to turn it off.
Apple should have been more forthcoming about what this feature does, and how it works. For those who missed the first episode, here’s what the MiniStore does. By default, the MiniStore displays at the bottom of the iTunes window when you look at your Library or a playlist. (It does not display when you click the Party Shuffle icon, your iPod, the Radio icon, or others.) If you click a song–and if you have an active Internet connection–iTunes sends the song name, along with some other data, to the iTunes Music Store to provide “recommendations” for music that you can buy.
Now, some people have criticized the use of the terms “spyware” and “adware”. Spyware, by definition, harvests data from your computer and sends it to another server. QED. Adware displays ads (recommendations?) on your computer. QED.
So the problem here is two-fold: first, Apple added a feature (which many people may appreciate) designed to increase their revenue stream. However, they did not tell users what type of information is being sent and where (at least the song name and artist are being sent when you click on a song, but there is also a cookie being sent, and no one has yet explained the purpose and content of this cookie). A simple warning dialog at first launch might have resolved this problem. (And, since the license does not even grant Apple the right to “obtain” this information from users’ computers, there may be legal issues that should have been addressed.)
Second, this information is being processed by another company, Omniture, which is a marketing company, and no one knows what they do with it. While Apple claims to not “collect” any information, what does Omniture do with this information, and why is some information sent to metrics.apple.com?
Perhaps this is all benign, and the song information is simply being processed then tossed in the bit bucket. But perhaps not. Apple should have been more forthright and explained this–if not in the iTunes help, where there is no mention of the MiniStore, at least in its knowledge base article–so users would not have to worry. (I find it astounding that, of all the people at Apple who are involved in a product like iTunes, that the question of privacy was not raised; or, if it was, remained ignored.)
Again, there may be nothing nefarious about this, but in a time when much software tracks users’ habits with impunity, when librarians are asked to record and report readers’ book selections, when the US government wire-taps people without court orders, and when cellphone records are available for sale on the Internet, it is no surprise that some people get worried about tiny encroachments to privacy.
Yet the comments to articles on various web sites mention some things that surprise me. While many people feel Apple was remiss in not being up-front about this feature, many people have posted comments such as the following (and I paraphrase, rather than directly quote anyone):
– But every computer company does this or all the media players do this. Well, is that any reason for Apple to do so? Does the fact that other companies harvest personal data mean that it is legal and moral to do so?
– This happens all the time on Windows. Well, get a Mac.
– It’s the same thing as the Just For You section of the iTunes Music Store. This is incorrect. The Just For You section of the iTMS is based on your purchases, not the contents of your music library and the songs you click. I think many people did not understand the difference between the MiniStore and the Music Store itself. (More about that below.)
– It’s the same thing as using your web browser and clicking links, since web sites can record your browsing history. No, that’s not true. When you use a web browser, you know you are clicking on a link to go to another page. Here, you don’t know that clicking on a song (that you own; that is on your computer) is sending information to a server.
– But Amazon makes recommendations to me too. What’s the difference? The difference is very important. When you go to the Amazon web site, you are entering a (virtual) store, with the full knowledge that you are on a company’s web site. iTunes, with this new feature, has blurred the lines between the part of the software that acts as a portal to the iTunes Music Store and the part that you use to manage your music library. And, again, these suggestions are not made according to your previous purchases, but rather the result of just clicking on a song in your library.
– What about the Gracenote CDDB that looks up your CDs when you rip them? This is clearly addressed in the iTunes license, and a dialog displays when iTunes connects to the Gracenote CDDB.
– Only totally naive computer users wouldn’t understand that iTunes is sending data to a server to display information in the MiniStore pane. Well, the vast majority of computer users are technically un-savvy, so this is a moot point.
What is astounding is how many people rationalize data collection; how this practice is now considered to be acceptable. This said, many of the people posting the above comments did not understand the technical aspects of this issue.
But a broader issue has appeared in this discussion: the blurring between software applications and the web. Most people do not realize that iTunes is a combination music management program and web browser. Yes, that’s right; the iTunes Music Store is simply a bunch of web pages that display in the iTunes interface. Users are very aware when they use a browser that they are accessing web sites, and many people are aware of the security issues involved, such as cookies and browsing history being recorded. Modern browsers offer security settings that control these breadcrumbs, but iTunes, part of which is a browser, does not offer any such security settings. You cannot, for example, check or delete cookies used by iTunes, nor can you ensure that your your browsing history in the iTunes Music Store is not recorded. (Yes, you can sign out from your iTMS account, but could there still be a cookie trail as you browse?) I admit that, too me, these are non-issues, but the conflation of the web browser with other programs means that many users do not realize that security issues that affect the former may also affect the latter.
(An aside: some time ago, iTunes had an option that allowed you to decide whether iTunes could connect to the Internet automatically for Gracenote CDDB lookups or whether it would ask you first. This option is gone, and one effect the MiniStore will have, at least for those who have dialup connections, is that iTunes will attempt to open an Internet connection. This can be very annoying.)
Aside from viruses, it turns out that the music industry is the biggest source of security problems on computers in recent times. With Sony’s rootkit (a number of recent Sony CDs installed nefarious software on Windows computers, without user approval, opening these computers to possible intrusion), many companies have banned the used of music CDs in the workplace. Interestingly, if the recording industry wants to sell more CDs, this action is counter-productive. Now, with iTunes sending information to other servers–and regardless of what information is being sent, some network administrators will see this as a security risk–is the next step for companies to ban the use of iTunes, for those employees who are able to listen to music at work?
Apple blew it here, as mentioned above, by not being forthcoming about what this feature was doing, and lost some of the credibility that the company had developed over the years. It would not have taken much to correctly present this feature and reassure users as to the type of information that it transmits to Apple and other companies. In the meantime, until Apple is totally clear about what this feature does and what information it harvests, one can only assume that it is indeed collecting information, or that, at a minimum, the potential to do so exists.
See other articles about the iTunes MiniStore:
Yesterday’s update to iTunes 6.0.2 comes with a surprise: it’s spyware and adware.
Since Apple launched the iTunes Music Store, iTunes has been a compromise: both a music management program and sales portal, it clearly separated the two, offering separate icons for your Library and the Music Store in its Source list. But the latest update adds something new that I find invading: when you go to your library, you see a “MiniStore” at the bottom of the window. This is easily removed (either by clicking the MiniStore button in the bottom-right section of the iTunes window, or by selecting Edit > Hide MiniStore), but it’s not just its presence that’s a problem.Cory Doctorow, writing on BoingBoing today, pointed out that this MiniStore displays songs that are similar to those you are playing, if you listen to music with iTunes. (If not, you see a generic display with New Releases, Top Songs and Top Albums.) Cory’s comments are very clear:
I love iTunes because it’s a clean music player. But no amount of clean UI is worth surrendering my privacy for — I wouldn’t buy a stereo that phoned home to Panasonic and told it what I was listening to; I wouldn’t buy a shower radio that delivered my tuning preferences to Blaupunkt. I certainly am not comfortable with Apple shoulder-surfing me while I listen to digital music, particularly if they’re doing so without my meaningful, informed consent and without disclosing what they intend on doing with that data.
I stand firmly beside Cory’s comments. Apple has overstepped its limits, and this spyware (because it sends information to a server) and adware (because it displays information to attempt to sell you products) is a very serious breach of the trust I have long had in Apple’s products.
In order to examine this further, I used the trusty tcpdump command (a Terminal command that examines every packet of data that leaves a computer), and checked its output while playing music both with the MiniStore visible and with it hidden. In the former case, when the MiniStore is displayed, iTunes sends queries to the iTunes Music Store (this domain: ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/ministore) and to an Apple metrics server (metrics.apple.com). It also send some cookie information, which I have not yet been able to decipher. (And this is not limited to music–when I started playing an audiobook, the MiniStore changed accordingly as well.)
However, when the MiniStore is hidden, iTunes does not send these requests. You can therefore protect yourself from Apple’s prying eyes by simply hiding the MiniStore. Nevertheless, the fact that Apple is both sending information from your copy of iTunes, along with cookie information that may identify you, as well as sending song information to a metrics server, seems to be a serious breach of trust. (And their end-user license agreement, or EULA, contains no language that suggests they will do so.) Also, playing music via the Party Shuffle does not display the MiniStore, nor does it cause the MiniStore’s display to change when you shift to your Library.
[Edit: after more analysis, this does not send info to Apple when you are playing music, but rather when you click on a song. So if you start playing a song by double-clicking, it will send info to the iTunes Music Store and retrieve suggestions. But if the song is in a playlist, the MiniStore display will not change when the next song begins.]
So, for now, if you don’t want iTunes phoning home–and you may not want Apple to record the music you listen to–you can simply hide the MiniStore. I find Apple remiss for not being forthright about this feature, both in its EULA and other information in iTunes. But I have a feeling that this issue will be making some waves in the immediate future.
[Edit: Rob Griffiths, writing in an editorial for Macworld, writes, “… an Apple official told Macworld that the iTunes MiniStore feature does not collect any information from users.” I’m a bit unsure about the use of the term “collect”; I’ll read it as “store and save”. However, this does not change the fact that Apple is sending information to a server without warning users, and that neither their license agreement nor their help tell this to users.]
See other articles about the iTunes MiniStore:
The success of the iPod is creating new problems for many iPod and iTunes users. If you are a multi-iPod family, which is becoming increasingly common, you can no longer simply connect an iPod to your computer and sync your music automatically. If you have multiple iPods, you need to jump through some hoops to manage them. You can either create separate user accounts, each with its unique iTunes library, but end up with duplicate songs and waste space, or you can set one iPod to sync automatically, and the other(s) manually, which requires you to choose which music you want to put on the manually-synced iPods.
There is, of course, a solution to this, and Apple would be wise to introduce such a feature in iTunes: multiple libraries.With multiple libraries, iTunes would be able to manage different selections of music from the same set of song files. Say, for example, I want to have my 40 GB iPod copy all of my music. (Well, in my case it’s not all my music, since I have enough to put on three iPods…) I create one library, containing only the music I want to put on that iPod, and link the iPod to that library. iTunes should allow the creation of separate, named libraries, and the iTunes preferences should allow you to choose which library gets synced to each iPod.
I have one 40 GB iPod for classical music, and another for the rest of my music (jazz, rock, audiobooks, jam bands, etc.). So I’d create one library for my classical music and another for all the rest; when connecting each iPod, iTunes would be able to sync its music easily.
And if I then want to sync music to my iPod shuffle, without the Autofill feature or creating a special playlist for my shuffle, I’d simply switch to the library I set up for that iPod, and let it sync automatically.
Now, this scenario is rare – not that many people have several iPods for themselves, but it is common to have multiple iPods in a family. So each family member could create a library in iTunes, without having a separate user account (which most families don’t use anyway), allowing them to easily manage all the music they want. Husbands and wives could have their own libraries, each using only the music they like. And kids could also have their own libraries, syncing easily when they want to.
There are two advantages to this: the first is obviously the easier syncing of music from a single computer to multiple iPods. But the second is just as important: using a single set of music makes it much easier to back up all the music at once, and avoids having doubles in different user accounts.
Apple is always striving to make their software easier to use and more practical, and this is a feature that would be a boon to many iPod users. Let’s hope we see it soon.
Not long ago, I posted an article about online newspapers here on my site. My complaints were more about form and functionality than content, but I did suggest that newspapers have an important role to play.
Joseph Epstein has written an interesting article in Commentary called Are Newspapers Doomed?, which examines the more serious questions of the content of newspapers as they are faced with increasing competition from audiovisual media and the Internet. I heartily agree with Epstein, especially with his conclusion:
My own preference would be for a few serious newspapers to take the high road: to smarten up instead of dumbing down, to honor the principles of integrity and impartiality in their coverage, and to become institutions that even those who disagreed with them would have to respect for the reasoned cogency of their editorial positions. I imagine such papers directed by editors who could choose for meâ€”as neither the Internet nor I on my own can doâ€”the serious issues, questions, and problems of the day and, with the aid of intelligence born of concern, give each the emphasis it deserves.
Beyond that, I wonder about a world where people consider that even attempting to understand the world around them, and voting for their leaders based on little more than beauty contests. I wonder how people feel that they are part of a society that they shun at every opportunity, yet get flustered when things go wrong. How they could elect an American president who is so averse to telling the truth about anything, yet continue to accept new lies on almost a daily basis.
This won’t change. Not overnight, at least. It would take much more than a few good newspapers to turn passive couch potatoes into interested voters and citizens. But one can always hope, right?
Pierre Bordage is one of France’s best-selling science fiction writers. With more than 20 novels published in just over a decade, his books often touch on the spiritual aspects of society, in a style that combines the best of classic adventure stories with reflection on the future and the present.
Bordage’s books are best-sellers in France, and have been translated in several European countries, but there still remains the difficulty of getting published in English, especially in the United States. This is not a problem that Pierre alone is confronted with; authors of all sorts meet this relative silence from American publishers.While American authors are translated in countries around the world, this globalization of publishing is a one-way street. Non-English speaking authors are rarely translated into English, partly because of a lack of interest among publishers (no one has asked readers if they are interested), and partly because publishers simply don’t want to spend money on translations.
Yet publishing literature in translation is one of the best ways to transmit cultural ideas from one country to another. Could one say that the United States has become insular, culturally as well as politically, in its ignorance of the world around it?
In presenting an English translation of two chapters of Pierre Bordage’s novel The Warriors of Silence, I am tossing a message in a bottle out into the vast sea of the Internet, hoping that an editor or publisher will stumble on this text and be curious enough to want to find out more. I have translated these two chapters from French, with the collaboration of the author, who has reread them and approved the translation.
The Warriors of Silence, or Les Guerriers du Silence, is a best-selling novel in French. It has sold some 25,000 copies in trade paperback (books are rarely sold in hardcover in France) and more than 65,000 in paperback. This novel is the first volume of a trilogy; all three books together, in all formats, have sold more than 225,000 copies. (These sales figures were valid as of May 2005.)
Books by Pierre Bordage in French from Amazon FR.
If you are interested in learning more about Pierre Bordage’s work, Contact me.
I’ve had my share of Macs over the years, most of them good (fortunately). I’ve never been stung by any of the more serious problems that have resulted from poor design, such as the iBook logic board problems or others. But today I’m writing about what I think is truly a lemon: the Mac mini.The Mac mini is a great idea: for $500, you get a relatively fast computer, one that is, above all, tiny and quiet. Designed probably to attract switchers from the Windows world, the Mac mini offers a limited feature set, but one that is largely sufficient for most users.
The Mac mini, as you know, comes naked in its box: no screen, no mouse, and no keyboard. This, again, allows switchers to simply hook up their existing equipment, or even use a KVM to switch between a PC and a Mac. This means that you have to make sure your existing peripherals work with the Mac mini. For a mouse and keyboard, this is no problem; the Mac mini will work with just about any USB devices (I haven’t heard about any incompatibilities, but it’s likely that any devices, especially mice or trackballs, that require drivers, will only offer basic functions unless there are Mac OS X versions of their drivers.
However, the real problem comes from the display. I guess that, in most cases, your display will work. You probably have a better chance of it working if you have a DVI display, as opposed to a VGA display. In my experience, however, the Mac mini is just not up to par for VGA displays. I have two Sony CRTs, about 2 and 3 years old. The first Mac mini I got gave a very dim display on one of them, and a green display on the other. No amount of adjustments, to either the monitors or the Mac mini’s Display preferences, changed these display problems. (Both these displays work perfectly well on other computers, one connected to an old iMac and PC, and another to a PC.) I was disappointed, especially when I saw all the problems on Apple’s discussions boards about display issues.
At this point, I was ready to just send it back for a refund – which was possible, since I bought it from an on-line dealer here in France who provides a no-questions-asked guarantee. But friends suggested that I try again, thinking that it could be just a bad unit, or a bad DVI-VGA adapter. Alas, when the second unit came, I connected it, and the same problems were present. Not it is entirely possible that my monitors are not “compatible” with the Mac mini; however, they are name-brand CRTs, with no special features that would prevent them from working with other computers (as I see daily at home). It seems that this is not an isolated problem: here’s a page on xlr8yourmac.com showing how common the problem is, and pointing out that the Mac mini simply does not put out enough power to drive many VGA monitors.
So, Apple’s got another lemon, and they’re clearly aware of it, but they don’t seem to be reacting to this widespread problem. Shame on you, Apple; at least you could set up a page saying which monitors you’ve tested the mini with so users can save all these hassles. You do this for some other devices, such as printers that are compatible with the AirPort Express, or CD/DVD drives compatible with iTunes.
Update, February, 2011: It’s worth noting that, since I first wrote this article in 2005, the Mac mini has changed quite a bit. And I also have a DVI display. In fact, as I wrote in this Macworld article, the Mac mini is now my Mac of choice. So the problems I highlight in this article, regarding video display, are no longer an issue.