January 12, 2006 | By Jason Schultz

iTunes MiniStore "phone home" feature part of a dangerous trend in data collection

This week at MacWorld, Apple unveiled version 6.0.2 of iTunes, which it simply claimed "includes stability and performance improvements over iTunes 6.0.1." Among these so-called improvements is the Apple iTunes MiniStore -- a localized "recommendation" engine that would look at what you listen to and then suggest additional songs and artists you might like. The MiniStore arrives turned on by default without asking a user's permission first.

However, as news reports have revealed this week, it appears that the MiniStore also automatically transmits your listening information over the Internet back to the Apple Mothership. What Apple does with this information is unknown, although Apple has represented that they are not collecting data on its users -- yet. Nor has Apple disclosed the steps they take to prevent disclosure or leakage of the information to third parties.

Ironically, this news comes on the heels of the recent Sony BMG DRM fiasco, a part of which included an undisclosed "phone home" feature of its own. Is the Apple MiniStore a rootkit DRM? Not from what we can tell, but it is part of a dangerous trend EFF has been witnessing in the digital music space market. When the music players on our computers start monitoring our listening habits, we've crossed a major privacy line. After all, my Sony stereo and my Panasonic boombox don't shouldersurf my listening habits when I turn them on, so where does Apple get off suddenly doing it on my computer? In addition, this is a first step down a road that can too easily lead to mechanisms to condition and control our behavior. All it takes is an enforcement protocol to turn recommendations into restrictions overnight.

If companies like Apple are truly about user empowerment, they must watch this trend closely and remain on the right side of it. Allowing users to upload information voluntarily and expressly with adequate privacy protections is pro-user; surreptitiously siphoning it into a remote database without any privacy guarantees is not. It's time for Apple to pick a side of the line and walk it.

Note: You can turn off the Apple MiniStore by hitting Shift-Command-M, or choose Edit: Hide MiniStore. EFF recommends that iTunes users do so until Apple at least comes clean about its MiniStore data practices.

Update: Apple has made some encouraging changes to the MiniStore feature. See entry above.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

The British are coming! One, if by land, two, if by a mandated backdoor in end-to-end crypto. https://eff.org/r.xwry

May 28 @ 2:40pm

EFF strongly objects to the US proposed Wassenaar implementation. We're drafting comments and you should too! https://eff.org/r.sg5g

May 28 @ 12:21pm

There's just 3 days, 9 hours, and 45 minutes until Section 215 of the Patriot Act sunsets. Time to call Congress: https://eff.org/r.88yz 

May 28 @ 11:14am
JavaScript license information