Mac OS X: iTunes Security Issues (Apple Spyware)
iTunes Security Issues (Apple Spyware)
by lampietheclown - 1/15/06 9:59 PMYou would think Apple could have learned a few things from Sony, but it seems this is not the case.
According to many sources, the latest version of iTunes (6.0.2) phones home every time you double click a song in your iTunes library. Well, not "home" exactly. It phones a company called Omniture.
If you go to the iTunes page at Apple it mentions this new development, but if you get your update from Software Update there is no mention of it. All you get is;
iTunes 6.0.2 includes stability and performance improvements over iTunes 6.0.1.
According to Macworld, http://www.macworld.com/weblogs/editors/2006/01/ministore/index.php
Apple denied actually "collecting" the information it is sent. I didn't buy it when Sony said the same thing. Did anyone else?
Since then it has been proven that one of the bits of information transmitted is your Apple ID number. I can only see one reason for this. To gather personally identifiable information.
You can turn the feature off. It's called ministore.
Funny Steve didn't mention this in his Macworld address. It's also funny that Omniture tries to hide behind a local IP address when Little Snitch catches the transmission.
Anyone know why?
Lampie
iTunes
by mrmacfixit
- 1/16/06 4:19 AM
In reply to: iTunes Security Issues (Apple Spyware) by lampietheclown
How very disappointing that Apple should be doing this and then claiming that it does nothing with the information.
The truly sad part is that they did not seem to feel that it was necessary to tell the user that additional data was being sent to a third party.
I have no great objection to this information being sent but I would like to know that it was, and what it was.
As the article suggests, a simple disclosure in the Read Me or a one-time popup box with a "What's new" and an explanation of how to turn off the mini-store, would have put Apple in a much more favorable position. After all, they told us that the program contacted GraceNote everytime we inserted an Audio CD into iTunes.
This is not quite as bad a piece of software as the Sony Root kit but just as nasty is the veil of secrecy and denial that surrounds the collection.
My mini store is off but Little Snitch seems to have missed the outgoing calls.
P
Apple faithful
by lampietheclown - 1/16/06 5:06 AM In reply to: iTunes by mrmacfixit
Many of the bloggers are confused and amazed that the feedback from this story is so pro Apple. One blogger I read reported 10-1 in favor of Apple. Probably a bit high, but the point is made.
IMO this is trust that Apple has built up over many years of being the "market share underdog" but still not selling out those who were loyal Apple customers. Time is running out on this very expensive good will. If they became transparent a few days ago, this story would be gone by now. The longer they remain silent, the faster that goodwill disappears.
The issue is to hot after Sony for Apple to stonewall at this point. The longer they wait, the guiltier they look. Steve's been on such a great roll that I can't believe he'd let it be derailed over such a rookie move.
Peter, is it possible that you've put an "allow forever" rule into Little Snitch for iTunes? Other than that, I don't know why it wouldn't catch it. Here's a pic of 2o7.net hiding its IP address behind a string that looks like an intranet (local) address.
http://since1968.com/article/155/omniture-itunes
The MiniStore is, as a security problem, nowhere near as bad as Sony. From a PR standpoint, the longer they wait, the closer it gets.
As you can guess, I'm still assuming that there is nothing for Apple to hide but the fact they made a mistake. If there is something else behind this, well...?
Lampie the sad Clown
Little snitch ?
by grimgraphix - 1/16/06 6:57 AM In reply to: Apple faithful by lampietheclownI don't really use my mac for music so what is this little snitch you speak of?
grim
Turn off the MiniStore. Link...
by R. Proffitt - 1/16/06 7:22 AM
In reply to: Little snitch ? by grimgraphix
http://www.macosxhints.com/article.php?story=20060111071001306&lsrc=osxh
Little Snitch
by mrmacfixit - 1/16/06 1:22 PM
In reply to: Little snitch ? by grimgraphix
is a small app that notifies you when a program tries to call out from your machine.
It tell you what that program is and where it is going,
P
Thanks Peter
by grimgraphix - 1/18/06 10:21 AM In reply to: Little Snitch by mrmacfixit
I briefly read the home page for little snitch... interesting app.
grim
How else would ministore show relative songs?
by johnrowe - 1/20/06 7:01 AM In reply to: iTunes by mrmacfixit
Without a little note being sent to Apple (Omniture), how else is the ministore going to show you songs in which you may be interested? If I'm listening to Mozart and Beethoven in iTunes, I probably don't want to see download suggestions for Snoop Dogg and Eminem. It's a simple way to do target marketing. If you turn of the ministore, it stops transmitting.
You knew this
by mrmacfixit - 1/20/06 12:15 PM
In reply to: How else would ministore show relative songs? by johnrowe
and the method of stopping it, before anyone mentioned it?
P
Omniture
by lampietheclown - 1/21/06 4:22 AM In reply to: How else would ministore show relative songs? by johnroweJohnrowe,
Are you implying that Apple owns Omniture? If you go to their site, there is no mention of Apple, or Apple advertising. It would surprise me.
Omniture basically creates logs of web sites by tracking users and their habits, then uses the logs to suggest changes that will increase traffic and sales. You know ... Marketing.
Apple's privacy policy states that they will not share your information with marketers.
Without tracking your computer use, how are spammers going to fill your e-mail with stuff designed to make them money? Spyware is a simple way to do target marketing, so they can suggest adult sites, scams, and If people didn't click the spam, and then spend money, spammers would have to find honest work, but they do click, and they do spend money. Does this prove that spam is a desirable service, and not the scum of the earth everyone thinks it is?
Not in my world.
Apple has yet to state (for the record) that they do not collect data from the MiniStore. They have yet to say what information Omniture collects, or why the MiniStore transmits your Apple ID.
I probably don't want to see advertising on my computer screen, while I listen to music on my LAN.
Lampie
Not equal to Sony's Rootkit.
by R. Proffitt - 1/16/06 6:44 AM
In reply to: iTunes Security Issues (Apple Spyware) by lampietheclown
I've read this one and while it could have been cured with a few more words in the EULA this is not on par with Sony's debacle.
Be sure to post such with the cure. Closing that window in iTunes stops it up.
Bob
Security Issues
by mrmacfixit - 1/18/06 12:24 PM
In reply to: iTunes Security Issues (Apple Spyware) by lampietheclown
Apple have announced an upgrade to the offending iTunes version which will include a warning dialog box telling users about the mini-store and how it gets its information. There is also a convenient switch to turn the store on or off, thus preventing the passing of information up to the store.
P
MIA
by lampietheclown - 1/18/06 1:20 PM In reply to: Security Issues by mrmacfixit
Just went to the Apple site. No mention of it in "hot news" software updates. Went to downloads/Apple, but no sign of it. Headed to the itunes downloads, but it's still on 6.0.2.
Are you plugging your crystal ball up to the 220 mains again?
We only get 120 here, and I have voltage envy.
Lampie
220V
by mrmacfixit - 1/18/06 1:29 PM
In reply to: MIA by lampietheclown
You gotta go with the good stuff, none of this namby pamby 110V rubbish.
This, hot off the press:
Apple's iTunes MiniStore now asks for permission before operating
Wednesday, January 18, 2006 - 01:23 PM EST
"A controversial feature in Apple’s recently updated iTunes v6.0.2 is the iTunes MiniStore, which tries to make suggestions for what to buy from the iTunes Music Store based on you’re listening to. Now the MiniStore will only operate if you give it permission first," Peter Cohen reports for Playlist. "The iTunes MiniStore appears below the song list area in the main iTunes window."
"Users who have the MiniStore pane active in iTunes now see the following: 'The iTunes MiniStore allows you to discover new music and videos right from your iTunes Library. As you select items in your Library, information about that item is sent to Apple and the MiniStore will show you related songs or videos. Apple does not keep any information related to the contents of your music Library. Would you like to turn on the MiniStore now?' A button then provides users with the ability to activate the feature. An arrow also shows users how they can turn the MiniStore on or off whenever they want by clicking a button on the iTunes interface,"
No, I cannot disclose my souces, you would have to kill me before I talked and then I would only mumble!
P
Thanks for the info
by ColoGal2445 - 1/20/06 7:10 AM In reply to: iTunes Security Issues (Apple Spyware) by lampietheclownI just got an IPod for Christmas. I also have the ITunes site too. I didn't know all of that and will definitely look for the ministore and turn it off.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
%20-%20CNET%20Mac%20OS%20X%20Forums&srcUrl=http://forums.cnet.com/5208-6126_102-0.html?threadID%3D150332){kind=small}