An Apple “spokesman” (reliable word has it that it was Steve Jobs himself) told MacWorld that Apple discards the personal information that the iTunes MiniStore transmits to Apple while you use iTunes.
Yesterday, I blogged about Apple’s latest iTunes update, which, by default, switches on the “MiniStore,” an advertising/recommendation section that uses your current song-selection to recommend other songs that you can buy from Apple. In order to accomplish this, it must transmit your listening habits to Apple.
The problem is that Apple doesn’t inform you when you update your iTunes that you’re also turning on a system that transmits your private information to Apple and third-party partners. There’s no indication (apart from the recommendations) that this is going on, nor is there any information about what Apple will do with that information.
It’s easy enough to turn off the MiniStore (in the Mac version select “Hide MiniStore” from the Edit menu), and doing so deactivates the spyware behavior. The problem is that when you run the update, Apple effectively opts you in to a data-collection process without informing you that the process is taking place, nor obtaining your consent for it.
To opt out, you have to divine that this information-collection process is going on yourself, and figure out that deactivating the store stops the information-collection, and then deactivate the store.
Now we have Apple’s (Jobs’s?) word that Apple is discarding the information that iTunes transmits. That’s a good start. But I still think that Apple should take at least two more steps:
- Change the updater so that it informs you that the MiniStore will collect and transmit your listening habits to Apple, and ask you if you want this feature
- Update its website to promise that the information collected through the MiniStore is discarded after it is used to generate the recommendations
(Thanks, Cyrus and s33kr1t Informant!)
Update: Michael did some protocol analysis of the information that the MiniStore sends to Apple and discovered that every time he clicked a new song, iTunes transmits the song title and artist, as well as his personal, six-digit iTunes identifier. This raises the question: if Apple discards the personally identifying information after receiving the current song, why does it need your personal iTunes account identifier at all?
Another data-point: Others have not been able to repeat Michael’s research. Various parties are discussing this in email; I’ll update the post with whatever they uncover. See Update 4, below, for more on this.
Update 2: Kirk McElhearn has another great snappy answers to silly apologists post that walks through common apologies for Apple’s iTunes (e.g., “Windows does this,” “It’s just like a Web browser,” etc)
Update 3: Dave points out that Apple has posted an official article about the Ministore that discloses the data-collection behavior:
You can show or hide the MiniStore by choosing Show MiniStore or Hide MiniStore in the Edit menu or by clicking the “Show or Hide the MiniStore” button:
iTunes sends data about the song selected in your library to the iTunes Music Store to provide relevant recommendations. When the MiniStore is hidden, this data is not sent to the iTunes Music Store
This explicit disclosure is not made on the official iTunes page (there is an oblique reference to the MiniStore there, but nothing about data-collection). We’re also still awaiting:
- Official published Apple policy on the disposition of the information collected by the MiniStore
- A change in iTunes to turn MiniStore off by default unless a user explicitly consents to data-collection.
Update 4: Kirk McElhearn reports,
There is an 8-digit number that is being sent when the iTunes MiniStore requests information; this can be seen when examining outgoing packets with tcpdump. That number, which follows “X-Dsid” in the request, is found in your com.apple.itunes.plist file. It is stored in one of the cookies keys (if you have the developer tools installed, you can easily find it by checking the different cookie values; if not, open the .plist file with a text editor and search for “DsidX” – it’s the 8-digit number that follows.)
Now, I found this on my iMac, then went over to my iBook where I had not yet launched iTunes 6.0.2. I found the same number in one of the cookies in the .plist file. Since I use the same iTMS account on both computers, that would be the only way that I could have the same identifier on both computers.
I then asked a friend who’s at the MWSF (and who is up early) to check his .plist file. It had no cookies, but he hadn’t yet logged into the iTMS on his PowerBook. He logged into his account, then quit iTunes (to make sure the update was written to the .plist file), and found a cookie with an 8-digit identifier as well, labeled as X-Dsid.
Looking at all this, it seems clear that – at least in my case – the same 8-digit identifier represents me on both of my Macs, since I obviously use the same iTMS account. Since this number is also sent in the data that iTunes sends for the MiniStore requests, one could posit that iTunes is sending this number in order to track individual users. (I’ll be circumspect in the absence of proof…)
Update 5: Michael clarifies:
Click on a song (you don’t need to start playing it, merely to highlight it) and you’ll transmit the Artist’s name, the genre, the kind of media file (song, audiobook, or video), and the album name. The track’s title is never transmitted.
And I should make clear to you that the six digit number is not an iTunes identifier of some sort. It is my Apple ID. Apple ID’s are unique to every individual and are used for all of Apple’s services — iTunes, .Mac, Apple Care, OS X registration, pro application use, the online Apple Store, the Apple Developer Connection, and so on. Between all of the information, Apple knows a lot about me, right down to my Mother’s maiden name.
Update 6: Ethan sez, “The unique identifier is probably sent to sync up the MiniStore with the iTunes Music Store’s collaborative filtering engine, which is what delivers the ‘Just For You’ beta. Since collaborative filtering depends on user history, passing this makes sense, albeit kind of sketchy sense.”
Update 7: Michael adds: “Acting on a hunch, I generated a new Apple ID at the iTMS using a dummy account created for this purpose alone. As I suspected (and mentioned earlier to Kirk), Apple IDs are now nine digits long.”