What is Gapless Playback on the iPod and in iTunes? (Update)

One of the major announcements that Apple made on September 12 was that the latest video iPod (the 5G model) offers gapless playback, and that this feature is available for previous video iPods when updated with the latest firmware. While those who know what gapless playback means embraced this with a loud “Huzzah!”, others are scratching their heads trying to figure out what this means. Here’s an overview of what gapless playback is, how it works, and why you might want it.

Gapless playback is simply the ability for the iPod to play music with no artificial gaps between tracks. For most music, you’ll never notice the difference, but if you listen to operas, dance mixes, or classic progressive rock albums (the standard examples are Pink Floyd’s Dark Side of the Moon or the Beatles’ Sergeant Pepper’s Lonely Hearts Club Band), you’ll hear a jarring half-second space between tracks that are meant to continue seamlessly. This lurch is the audio equivalent of an elevator dropping a floor suddenly, and ruins the listening experience. Fans of live music (The Grateful Dead, and other jambands) especially hate this, since this type of music often has songs that segue from one to another with no break. Finally, Apple answered the call, making the new iPod the only current portable music player that offers gapless playback. (Note: naysayers will point out that the Rio Karma has gapless playback; I said that no current portable music players offer this feature. The Rio Karma is no longer being sold.)

When I wrote about gapless playback here about a year ago, I offered a workaround that would allow classical music fans to rip their music so it could be gapless. The idea was that you simply join tracks when ripping albums, so instead of multiple tracks with numerous hiccoughs, you’d have a single track for an entire work. This is okay, but it’s a workaround; you wouldn’t be able to find which track you were listening to. Now, with gapless playback, operas can have individual tracks, and you won’t heard the difference.

Of course, there’s a down side to this: now classical music fans who did rip their music with joined tracks will probably want to re-rip these discs; I know I’ll be re-ripping all my operas. Sigh.

So how does gapless playback work? You probably noticed that the first time you launched iTunes, the program took a few minutes to analyze your music for gapless playback. iTunes looked at your tracks to determine if there was no silence at their ends to flag them as tracks that would flow smoothly into the following tracks. This works in iTunes, as well as with all 5G iPods and the new iPod nano. However, this does not work with previous iPod models. Curiously, this process works automatically, though there is a “Part of a gapless album” tag that can be set for individual tracks. It’s not clear if this tag exists to turn on gapless playback or to turn it off. Initial reports say it’s not needed for gapless playback (it certainly isn’t needed with iTunes); I’m awaiting a new iPod to test it there and figure out exactly what it’s for. (Yes, I don’t yet own a video iPod.)

Stay tuned for an update to this article in a week or so when I’ve fully figured out how this tag affects playback on the iPod. For now, be happy (if you find gapless playback useful) or yawn if you don’t. I, for one, applaud the fact that Apple listened to its users and provided this needed feature.

Update: Apple has cleared up the question about the gapless tag. They say this tag only matters if you have crossfade playback turned on in iTunes, and it only affects playback from iTunes. All gapless albums are automatically detected and played as such on 5G iPods (video-capable iPods) and 2G iPod nanos (the latest versions of the nano).

iWish: iTunes “Works”

(Click here to view the above image full size: 108 K.)

I’ve written in the past about the complications of using iTunes and the iPod to store and play back classical music. Well, there’s a simple way that iTunes could improve the user experience for classical music fans, and it’s something that the iTunes Music Store already uses.

[Since I first posted this article in late 2004, nothing has changed. I’m re-posting it now just in case anyone at Apple is reading my blog, and happens to notice this. We classical music listeners need this functionality in iTunes and the iPod.]The iTunes Music Store lets you purchase “works” for many classical albums. While some are simply presented in a list of movements, others have works grouped together. As you can see in the above screen shot, Apple groups multi-movement works together to make it easier to purchase single works rather than entire albums; it enters the name of the work in the Grouping tag. But why doesn’t Apple use this same possibility in iTunes after you buy the music? And why can’t you use this same grouping in iTunes for your own music?

While I point out in this article that it’s easy to join tracks when importing them, this has drawbacks: you can’t see the names of individual parts of a work (which is especially annoying when listening to an opera or other long work with many parts) and you can no longer choose to listen to a specific part or movement.

Clearly, iTunes has this ability; at least for the iTunes Music Store. This would be a great feature to provide in a future version of iTunes, not only for classical music fans, but even for those who want to group their albums together in this way. In fact, you can see this in action on the iTunes Music Store listing for the Complete U2 set. Each album is listed at one level with the contents of the album at the next level.

Writing Conversation: An Analysis of Speech Events in E-mail Mailing Lists

Nearly ten years ago, in what was another life, I completed a Master’s degree in applied linguistics with Aston University in Birmingham, UK. My dissertation was about a subject that was, at the time, relatively new: e-mail.

I’ve had this on my web site ever since, and I have received a great deal of feedback about it over the years. While it probably won’t interest many of my readers, I thought it was worth dusting off and mentioning here on Kirkville. So, if sociolinguistics interests you at all, you can read the entire paper here.


Imprecision in Journalism: How the iTunes MiniStore was Reported

With the recent kerfuffle over the iTunes MiniStore and privacy, I have written several articles about the issue, been interviewed by a number of web and print media, been interviewed for podcasts, and invited on a national business channel to discuss the issue. This issue annoyed me from the beginning: the fact that iTunes was both sending personal data to Apple and other companies without warning users, and the fact that iTunes was displaying “recommendations” (that is, ads) when users were not “in” the iTunes Music Store.

But now that Apple has corrected this problem, what really annoys me is the level of journalism I have seen about the problem. From mistakes to clueless writing, from minor technical errors to stupid comments from writers who clearly no nothing about technology (and probably cannot read very well, since I and others have very clearly written about what the iTunes MiniStore does), these errors are legion.

So, here’s an overview of some of the statements I have found that are incorrect, and, in some cases, border on incompetent. Tell me how journalists can get something so simple so wrong…Nick Farrell, writing for The Inquirer, said the following: “There were claims that you had to be a computer expert to know how to switch the data collection facility off, which many of its users are not.” Nick, show me where anyone said that you need to be a computer expert to click a button or select a menu item… Do you run iTunes at all?

Many articles, including this one in the LA Times, an editorial to boot, said things such as, “Besides, Apple said, it didn’t store any of the information it received.” This comment makes me snicker. My friend Rob Griffiths, who wrote an article about the iTunes MiniStore shortly after I published mine. Griffiths received an email from a high-level Apple official to this effect (that Apple was not storing information), and added the following update to his article: “…an Apple official told Macworld that the iTunes MiniStore feature does not collect any information from users.” But at no time did Apple issue an official statement about the iTunes MiniStore. Media comments, such as those mentioned by the LA Times, suggest that this is the case, but they are simply relying on a comment from a journalist about an email he received. Sigh.

Louisa Hearn, writing for The Age in Australia, explains how the MiniStore displays a warning, but goes on to say “Although the MiniStore is turned on by default for new customers, a pointer at the bottom of the playlist page allows them to switch it on or off.” This one is interesting. The article includes a screen shot which shows the Turn on MiniStore button, but this journalist seems to think that the MiniStore is on regardless of this button? The button turns it on, not off, as the button says.

The CBC (Canadian Broadcasting Company), in an article about the iTunes MiniStore, repeats another fallacy that has spread, showing that their journalist didn’t do any fact-checking. “The software scans a user’s existing downloads and recommends new songs to buy,” the article says, which is blatantly false. The iTunes MiniStore only sends information about songs that users click. This suggests that iTunes is sending information about users’ entire libraries. You get an F, unnamed reporter, for this one.

PC Magazine took a different tack. In this article, they tried to sound like investigative network journalists, using advanced forensic techniques to get to the bottom of the question. Journalist Oliver Kaven says such wondrous things as, “Here at PC Magazine, we began dissecting the issue, one IP packet at a time.” Ooh, like CSI but with computers, right? He goes on to say, “We found that this can be prevented by minimizing the MiniStore application or by playing songs from a play list.” Hmm… He didn’t need a packet analyzer to find that no data was sent, but at least he was checking the facts. I reported this, saying, “However, when the MiniStore is hidden, iTunes does not send these requests. You can therefore protect yourself from Apple’s prying eyes by simply hiding the MiniStore,” as did several other web sites. However, “playing songs from a play list”? That’s not entirely correct. What he should have said was that the MiniStore only sends data when you click on a song. If you double-click a song to play it, iTunes sends information about that song, but not about subsequent songs in playlists or albums. Guilty of over-exaggeration, and of a minor error, PC Magazine tried to turn this into a detective story.

What surprises me in all this is that some of these “major media outlets”, such as the CBC or newspapers, have reported this issue with more errors than most bloggers. Not that I believe in the Easter bunny, especially given recent scandals at top-tier newspapers like the New York Times, but I would have thought that these media had better structures in place for fact-checking, and that the journalists are more qualified. This said, the above examples are only a handful of negative ones; there are many more, but a majority of the stories I read about this issue were correct.

The iTunes MiniStore: Apple Does the Right Thing

It wasn’t so hard after all…

As reported here, in an article entitled iTunes: Apple’s New Spyware and Adware Application?, Apple rolled in a new feature to iTunes 6.02, called the iTunes MiniStore. (Read the above linked article for more about this feature and the security issues it raises.) Apple unofficially told a Macworld journalist that it was not collecting data, but I, and many privacy advocates, felt that this was not enough, and wondered why Apple could not simply have iTunes display a warning that explains what this features does.

But today, Apple did the right thing.Well, checking the MiniStore this morning I saw this warning:

And this shows above the button that hides the MiniStore:

I’m pleased that Apple decided to make this change, and reassured that the company has listened to its critics, and that it has reacted so quickly. (A week is not that long for such a large company to react.) Apple, you have restored my faith. Thanks!

The iTunes MiniStore: Fact and Fiction

As more pixels are being spilled about the potential spyware and adware in the latest version of Apple’s iTunes, a great deal of misunderstanding about this issue is prevalent. I’ve written about this issue several times, beginning with this article, which outlined what the iTunes MiniStore does , followed up by this examination of what Apple did wrong, and how apologists seem to want to forgive every mistake that Apple makes, and, finally, a presentation of the actual data that iTunes sends to the iTunes Music Store, including a unique use ID.

In this article, I would like to examine some of the claims that have been made about what the iTunes Mini Store actually does, and explain what is fact and what is fiction. There is a bit of both in some of the articles on the web, especially in the comments on sites like Slashdot. So read on for a reality check.

  • The iTunes MiniStore sends personal information to Apple’s servers. True, in part. It also sends information to a company called Omniture. The since1968 blog has a great article explaining more about Omniture.
  • The iTunes MiniStore sends personal information to Apple’s servers, and other servers, for every song you play, the contents of your entire library, etc. False. The iTunes MiniStore only sends this information when you click a song. If you double-click a song from an album or playlist, for example, the first song’s information is sent to Apple’s servers, but subsequent songs are not. iTunes also sends information for CDs that you insert into your computer (if iTunes is running) to either play or rip. iTunes also does not send the contents of your entire library or anything else to Apple’s servers.
  • The iTunes MiniStore sends a personal ID to these servers. True. As I explain in this article, the iTunes MiniStore sends your Apple ID (or at least its numerical equivalent) with each request for information. It also sends song information (name, artist, and genre) for music you have ripped yourself, or a unique identifier for songs you have purchased from the iTunes Music Store (iTMS). The Apple ID is used for the iTunes Music Store, for .Mac (if you have a subscription), for Apple’s developer program and other Apple services, including purchase you make from the Apple Store. The Apple ID can therefore be linked to your credit card, your address, and your purchasing habits with Apple.
  • The iTunes MiniStore does not send any information to the iTunes Music store or other servers when it is hidden. True. If you want to be sure that your personal information is protected, just hide the iTunes MiniStore by clicking the fourth button from the right at the bottom of the iTunes window, or by selecting Edit > Hide MiniStore.
  • The iTunes MiniStore sends a personal ID to these servers even if you are not signed in to your iTunes Music Store account. False. If you sign out of your iTunes Music Store account, or if you have never created one, no personal ID is sent.
  • The iTunes MiniStore sends other cookie information to these servers. True. And I have no idea what these cookies contain.
  • The information sent to the iTunes Music Store is used for the Just For You feature (a recommendation section on the iTMS main page). False. Just For You seems to only use either your iTMS purchases, or other albums that you have told the recommendation engine that you own.
  • The iTunes MiniStore display is no different from the Just For You recommendations. False. In my case, it displays albums that I have purchased from the iTMS, so, while information is being sent to the iTMS with a personal ID, it is clearly not (yet) being used to check on your purchases.
  • The iTunes MiniStore display is no different from clicking the arrows in iTunes that take you to the iTMS and show you similar music. False. Clicking an arrow is active; the iTunes MiniStore is passive (it requires you to click a song, but you may be doing this simply to play the song). There is a difference, in my opinion.
  • The iTunes license does not mention anything about personal information being shared via iTunes. True. But…
  • The iTunes license refers back to Apple’s generic privacy license. True. It links to the Apple Customer Privacy Policy. However, this document does not seem to cover the type of information that the iTunes MiniStore is sending to the iTMS. It first discusses information obtained during service calls, when you register your computer, and then says, “We also collect information regarding customer activities on our website, .Mac, the iTunes Music Store, and on related websites.” It is hard to imagine that the use of iTunes on your personal computer fits into the definition of “our website, .Mac, the iTunes Music Store, and on related websites.” Perhaps Apple is stretching it by considering that the iTunes MiniStore is part of the iTunes Music Store, but, in most users’ eyes, this is not the case–users “enter” the iTMS when clicking on the Music Store icon, not when they simply click on a song in their library.
  • Apple has said that they are not collecting any information from the iTunes MiniStore. As of now, Apple has made no official statement regarding this. The author of an article on Macworld was contacted by “an Apple official” who “told Macworld that the iTunes MiniStore feature does not collect any information from users.” However, at the time this article was written, it was not known that users’ unique IDs were being sent. While Apple may not be collecting any information now, this does not mean that they will not do so in the future.
  • Apple’s approach to collecting information is illegal. That’s for the courts to decide, should it get to that point. It is interesting to point out that Real Networks was sued in 1999 for a very similar usage of unique identifiers in its music player software. Note that European privacy laws, more stringent than those in the United States, might see things differently. Since iTunes is available around the world, it has to comply with the laws of the country in which it is provided.
  • If Apple can connect song information to unique user IDs, the RIAA might be able to subpeona this information to track down people who have illegally copied music. Um, maybe. This is stretching things a bit, but let’s look at a hypothetical. Before U2 released their last album, a master was stolen then found its way onto file sharing sites on the Internet. Assuming that this were to occur to another band, the iTunes MiniStore could potentially track users who 1) have the MiniStore displayed, 2) have such songs that are not yet officially released, and 3) click them in iTunes. Even if Apple were to collect song information and link it to user IDs, could a court force them to release this information? I’m not a lawyer, and don’t want to speculate. But the technology clearly exists for such tracking to occur.
  • Apple should have realized that there would be a privacy issue surrounding the introduction of the iTunes MiniStore. True. It astonishes me that, given the number of people involved in a product such as iTunes, from programmers to marketing people, that a red flag did not go up at some point. Or, if it did, that it was ignored. Apple should have been proactive and explained this feature from the get-go, rather than wait for users to sniff packets and find out what it is doing.
  • Apple clearly indicates this new feature on its web page. True. The iTunes web page and download page mention this feature. However, Mac users who used Software Update to update iTunes saw no information regarding this feature, but only this: “iTunes 6.0.2 includes stability and performance improvements over iTunes 6.0.1.” So Mac users were not aware of this feature, unless they went to the iTunes download page to get the update.

See other articles about the iTunes MiniStore:

iTunes: Apple’s New Spyware and Adware Application?

The iTunes MiniStore Debacle: What Apple Did Wrong

iSpy: Still More on the iTunes MiniStore and Privacy

The iTunes MiniStore: Fact and Fiction

iSpy: Still More on the iTunes MiniStore and Privacy

Some things just go on getting worse. If it wasn’t enough that iTunes 6.0.2 contains spyware and adware, now it turns out that the program not only sends information about the song you have selected to Apple’s servers, but also sends your Apple ID, or, at least, its numerical equivalent. (If you’ve missed an installment, the story begins with the link just above, then continues here.Michael Griffin first noticed this, as reported on Boing Boing, and I had trouble reproducing it at first. But I quickly found out that he was right, with the exception that his Apple ID is six digits and mine is eight. (See the updates to the Boing Boing story for more on how I discovered this.)

So, after Apple claimed that they were not “collecting” information, it now turns out that the information they send is directly linked to a user’s account identifier, if, of course, the user has an Apple ID. If you have never logged into your iTunes Music Store account, you won’t have this ID, and Apple can’t track you. But if you have, even once, this ID is stored in a preference file on your computer, and sent with each iTunes MiniStore request.

Here is an example of the raw data that is sent, taken from tcpdump output. What is being transmitted is, first of all, song info: the name of the song, the artist and the genre. Then it sends the Apple ID, shown as ######## below. (Note: I’ve inserted link breaks for readability.)

X-Apple-Tz: .3600..X-Apple-Store-Front:.143441..Referer:.http://
ax.phobos.apple.com.edgesuit e.net/WebObjects/MZStore.woa/wa/ministore?
(Macintosh;.U;.PPC.Mac.OS.X.10.4.4)..Accept-Language:.en-us,.en ;q=0.50..X-Apple-
Accept-E ncoding:.gzip,.x-aes-cbc..Connection:.close..
Host:.ax.phobos.apple.com.edgesuite .net.... 

You can also see such things as the version of iTunes, the language, and some other cookie stuff (after Apple-Validation).

It then sends this, which is more of the same (without the Apple ID), but with some more stuff from the iTunes cookies files:

Type: .text/xml;.charset=UTF-8..x-apple-lok-response-date:.Thu.Jan.12.04:46:27.PST.200 6..
Vary:.Accept-Encoding..x-webobjects-loadaverage:.0..x-apple-lok-filelastmodif ied-date:.
Tue.Jan.10.21:14:37.PST.2006..x-apple-lok-path:./opt/itms_lokamai/Loka mai/MZSearch/
kin d=song&pn=Another%20Day%20On%20Earth-143441-Ak..x-apple-date-
generated:.Wed,.11. Jan.2006.05:14:36.GMT..x-apple-request-store-front:.
143441..x-apple-max-age:.360 0..x-apple-max-age:.64800..x-apple-application-instance:.
150..x-apple-asset-vers ion:.14571..x-apple-lok-filesize:.1693..x-apple-lok-current-
stor efront:.143441.. Content-Encoding:.gzip..Expires:.Thu,.12.Jan.
2006.12:46:27.GMT..Cache-Control:.m ax-age=0,.no-cache..Pragma:.no-cache..Date:.Thu,.

Here’s more (with my Apple ID hidden again):

3600..Cookie:.asbid=sKUKC49DKFC7T4CHC;.s _vi=
[CS]v4|53C58647-6EC2D2 32|0[CE];.s_vi_jx7Bx7Bgnbx7Ffxxx7Exx=
[CS]v4|53C58647-6EC2D232|0[CE];.s_vi_ox7Ex7 Ebkx7Bx7Dyyygzcx7D=

Most of what is in this part I have found in my iTunes cookies (in the com.apple.itunes.plist file).

And for a minute, I was thinking that this would all blow over quickly…

See other articles about the iTunes MiniStore:

iTunes: Apple’s New Spyware and Adware Application?

The iTunes MiniStore Debacle: What Apple Did Wrong

iSpy: Still More on the iTunes MiniStore and Privacy

The iTunes MiniStore: Fact and Fiction

The iTunes MiniStore Debacle: What Apple Did Wrong

As reported here yesterday (an article that got picked up on Slashdot which, of course, killed my web server–sorry Nico), Apple introduced a new feature in the latest version of iTunes: the MiniStore. Several articles have been making waves about this, beginning with a post on since1968, then Boing Boing, and this editorial on the Macworld web site by Rob Griffiths, and the comments to this and other stories have been quite vehement. After Rob Griffiths posted his article, he was contacted by a high-level Apple official who stated that “the iTunes MiniStore feature does not collect any information from users”. Also, Apple yesterday published a knowledge base article explaining how to disable the MiniStore (which I reported in my article as well).

In this article, I would like to examine why this hit the fan, what Apple did wrong, but also address some of the most frequently made comments to this story that have appeared on various web sites. I think that there was a failure of adequate communication by Apple, and a misunderstanding of some of the issues by many users. First, Apple is remiss in not providing appropriate information about this new feature to users. While the iTunes download page includes this grammatically ambiguous sentence, “Discover new music as you enjoy your collection or import new CDs with MiniStore–right from your iTunes library,” Mac users who used Software Update to get the latest version of iTunes saw only this uninformative information: “iTunes 6.0.2 includes stability and performance improvements over iTunes 6.0.1.” Therefore, they did not see the presentation of this new function on the Apple web site. (Windows users don’t have the same functionality, and, when iTunes detects a new version of the software, they click a button to go to the web site where they would have read the above description of this feature.) Apple should therefore have required users to opt in (that is, approve this feature by clicking a button or checking a box) rather than requiring them to opt out (hide the pane) to turn it off.

Apple should have been more forthcoming about what this feature does, and how it works. For those who missed the first episode, here’s what the MiniStore does. By default, the MiniStore displays at the bottom of the iTunes window when you look at your Library or a playlist. (It does not display when you click the Party Shuffle icon, your iPod, the Radio icon, or others.) If you click a song–and if you have an active Internet connection–iTunes sends the song name, along with some other data, to the iTunes Music Store to provide “recommendations” for music that you can buy.

Now, some people have criticized the use of the terms “spyware” and “adware”. Spyware, by definition, harvests data from your computer and sends it to another server. QED. Adware displays ads (recommendations?) on your computer. QED.

So the problem here is two-fold: first, Apple added a feature (which many people may appreciate) designed to increase their revenue stream. However, they did not tell users what type of information is being sent and where (at least the song name and artist are being sent when you click on a song, but there is also a cookie being sent, and no one has yet explained the purpose and content of this cookie). A simple warning dialog at first launch might have resolved this problem. (And, since the license does not even grant Apple the right to “obtain” this information from users’ computers, there may be legal issues that should have been addressed.)

Second, this information is being processed by another company, Omniture, which is a marketing company, and no one knows what they do with it. While Apple claims to not “collect” any information, what does Omniture do with this information, and why is some information sent to metrics.apple.com?

Perhaps this is all benign, and the song information is simply being processed then tossed in the bit bucket. But perhaps not. Apple should have been more forthright and explained this–if not in the iTunes help, where there is no mention of the MiniStore, at least in its knowledge base article–so users would not have to worry. (I find it astounding that, of all the people at Apple who are involved in a product like iTunes, that the question of privacy was not raised; or, if it was, remained ignored.)

Again, there may be nothing nefarious about this, but in a time when much software tracks users’ habits with impunity, when librarians are asked to record and report readers’ book selections, when the US government wire-taps people without court orders, and when cellphone records are available for sale on the Internet, it is no surprise that some people get worried about tiny encroachments to privacy.

Yet the comments to articles on various web sites mention some things that surprise me. While many people feel Apple was remiss in not being up-front about this feature, many people have posted comments such as the following (and I paraphrase, rather than directly quote anyone):

– But every computer company does this or all the media players do this. Well, is that any reason for Apple to do so? Does the fact that other companies harvest personal data mean that it is legal and moral to do so?

– This happens all the time on Windows. Well, get a Mac.

– It’s the same thing as the Just For You section of the iTunes Music Store. This is incorrect. The Just For You section of the iTMS is based on your purchases, not the contents of your music library and the songs you click. I think many people did not understand the difference between the MiniStore and the Music Store itself. (More about that below.)

– It’s the same thing as using your web browser and clicking links, since web sites can record your browsing history. No, that’s not true. When you use a web browser, you know you are clicking on a link to go to another page. Here, you don’t know that clicking on a song (that you own; that is on your computer) is sending information to a server.

– But Amazon makes recommendations to me too. What’s the difference? The difference is very important. When you go to the Amazon web site, you are entering a (virtual) store, with the full knowledge that you are on a company’s web site. iTunes, with this new feature, has blurred the lines between the part of the software that acts as a portal to the iTunes Music Store and the part that you use to manage your music library. And, again, these suggestions are not made according to your previous purchases, but rather the result of just clicking on a song in your library.

– What about the Gracenote CDDB that looks up your CDs when you rip them? This is clearly addressed in the iTunes license, and a dialog displays when iTunes connects to the Gracenote CDDB.

– Only totally naive computer users wouldn’t understand that iTunes is sending data to a server to display information in the MiniStore pane. Well, the vast majority of computer users are technically un-savvy, so this is a moot point.

What is astounding is how many people rationalize data collection; how this practice is now considered to be acceptable. This said, many of the people posting the above comments did not understand the technical aspects of this issue.

But a broader issue has appeared in this discussion: the blurring between software applications and the web. Most people do not realize that iTunes is a combination music management program and web browser. Yes, that’s right; the iTunes Music Store is simply a bunch of web pages that display in the iTunes interface. Users are very aware when they use a browser that they are accessing web sites, and many people are aware of the security issues involved, such as cookies and browsing history being recorded. Modern browsers offer security settings that control these breadcrumbs, but iTunes, part of which is a browser, does not offer any such security settings. You cannot, for example, check or delete cookies used by iTunes, nor can you ensure that your your browsing history in the iTunes Music Store is not recorded. (Yes, you can sign out from your iTMS account, but could there still be a cookie trail as you browse?) I admit that, too me, these are non-issues, but the conflation of the web browser with other programs means that many users do not realize that security issues that affect the former may also affect the latter.

(An aside: some time ago, iTunes had an option that allowed you to decide whether iTunes could connect to the Internet automatically for Gracenote CDDB lookups or whether it would ask you first. This option is gone, and one effect the MiniStore will have, at least for those who have dialup connections, is that iTunes will attempt to open an Internet connection. This can be very annoying.)

Aside from viruses, it turns out that the music industry is the biggest source of security problems on computers in recent times. With Sony’s rootkit (a number of recent Sony CDs installed nefarious software on Windows computers, without user approval, opening these computers to possible intrusion), many companies have banned the used of music CDs in the workplace. Interestingly, if the recording industry wants to sell more CDs, this action is counter-productive. Now, with iTunes sending information to other servers–and regardless of what information is being sent, some network administrators will see this as a security risk–is the next step for companies to ban the use of iTunes, for those employees who are able to listen to music at work?

Apple blew it here, as mentioned above, by not being forthcoming about what this feature was doing, and lost some of the credibility that the company had developed over the years. It would not have taken much to correctly present this feature and reassure users as to the type of information that it transmits to Apple and other companies. In the meantime, until Apple is totally clear about what this feature does and what information it harvests, one can only assume that it is indeed collecting information, or that, at a minimum, the potential to do so exists.

See other articles about the iTunes MiniStore:

iTunes: Apple’s New Spyware and Adware Application?

The iTunes MiniStore Debacle: What Apple Did Wrong

iSpy: Still More on the iTunes MiniStore and Privacy

The iTunes MiniStore: Fact and Fiction

iTunes: Apple’s New Spyware and Adware Application?

Yesterday’s update to iTunes 6.0.2 comes with a surprise: it’s spyware and adware.

Since Apple launched the iTunes Music Store, iTunes has been a compromise: both a music management program and sales portal, it clearly separated the two, offering separate icons for your Library and the Music Store in its Source list. But the latest update adds something new that I find invading: when you go to your library, you see a “MiniStore” at the bottom of the window. This is easily removed (either by clicking the MiniStore button in the bottom-right section of the iTunes window, or by selecting Edit > Hide MiniStore), but it’s not just its presence that’s a problem.Cory Doctorow, writing on BoingBoing today, pointed out that this MiniStore displays songs that are similar to those you are playing, if you listen to music with iTunes. (If not, you see a generic display with New Releases, Top Songs and Top Albums.) Cory’s comments are very clear:

I love iTunes because it’s a clean music player. But no amount of clean UI is worth surrendering my privacy for — I wouldn’t buy a stereo that phoned home to Panasonic and told it what I was listening to; I wouldn’t buy a shower radio that delivered my tuning preferences to Blaupunkt. I certainly am not comfortable with Apple shoulder-surfing me while I listen to digital music, particularly if they’re doing so without my meaningful, informed consent and without disclosing what they intend on doing with that data.

I stand firmly beside Cory’s comments. Apple has overstepped its limits, and this spyware (because it sends information to a server) and adware (because it displays information to attempt to sell you products) is a very serious breach of the trust I have long had in Apple’s products.

In order to examine this further, I used the trusty tcpdump command (a Terminal command that examines every packet of data that leaves a computer), and checked its output while playing music both with the MiniStore visible and with it hidden. In the former case, when the MiniStore is displayed, iTunes sends queries to the iTunes Music Store (this domain: ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/ministore) and to an Apple metrics server (metrics.apple.com). It also send some cookie information, which I have not yet been able to decipher. (And this is not limited to music–when I started playing an audiobook, the MiniStore changed accordingly as well.)

However, when the MiniStore is hidden, iTunes does not send these requests. You can therefore protect yourself from Apple’s prying eyes by simply hiding the MiniStore. Nevertheless, the fact that Apple is both sending information from your copy of iTunes, along with cookie information that may identify you, as well as sending song information to a metrics server, seems to be a serious breach of trust. (And their end-user license agreement, or EULA, contains no language that suggests they will do so.) Also, playing music via the Party Shuffle does not display the MiniStore, nor does it cause the MiniStore’s display to change when you shift to your Library.

[Edit: after more analysis, this does not send info to Apple when you are playing music, but rather when you click on a song. So if you start playing a song by double-clicking, it will send info to the iTunes Music Store and retrieve suggestions. But if the song is in a playlist, the MiniStore display will not change when the next song begins.]

So, for now, if you don’t want iTunes phoning home–and you may not want Apple to record the music you listen to–you can simply hide the MiniStore. I find Apple remiss for not being forthright about this feature, both in its EULA and other information in iTunes. But I have a feeling that this issue will be making some waves in the immediate future.

[Edit: Rob Griffiths, writing in an editorial for Macworld, writes, “… an Apple official told Macworld that the iTunes MiniStore feature does not collect any information from users.” I’m a bit unsure about the use of the term “collect”; I’ll read it as “store and save”. However, this does not change the fact that Apple is sending information to a server without warning users, and that neither their license agreement nor their help tell this to users.]

See other articles about the iTunes MiniStore:

iTunes: Apple’s New Spyware and Adware Application?

The iTunes MiniStore Debacle: What Apple Did Wrong

iSpy: Still More on the iTunes MiniStore and Privacy

The iTunes MiniStore: Fact and Fiction