January 12, 2006 | By Jason Schultz

iTunes MiniStore "phone home" feature part of a dangerous trend in data collection

This week at MacWorld, Apple unveiled version 6.0.2 of iTunes, which it simply claimed "includes stability and performance improvements over iTunes 6.0.1." Among these so-called improvements is the Apple iTunes MiniStore -- a localized "recommendation" engine that would look at what you listen to and then suggest additional songs and artists you might like. The MiniStore arrives turned on by default without asking a user's permission first.

However, as news reports have revealed this week, it appears that the MiniStore also automatically transmits your listening information over the Internet back to the Apple Mothership. What Apple does with this information is unknown, although Apple has represented that they are not collecting data on its users -- yet. Nor has Apple disclosed the steps they take to prevent disclosure or leakage of the information to third parties.

Ironically, this news comes on the heels of the recent Sony BMG DRM fiasco, a part of which included an undisclosed "phone home" feature of its own. Is the Apple MiniStore a rootkit DRM? Not from what we can tell, but it is part of a dangerous trend EFF has been witnessing in the digital music space market. When the music players on our computers start monitoring our listening habits, we've crossed a major privacy line. After all, my Sony stereo and my Panasonic boombox don't shouldersurf my listening habits when I turn them on, so where does Apple get off suddenly doing it on my computer? In addition, this is a first step down a road that can too easily lead to mechanisms to condition and control our behavior. All it takes is an enforcement protocol to turn recommendations into restrictions overnight.

If companies like Apple are truly about user empowerment, they must watch this trend closely and remain on the right side of it. Allowing users to upload information voluntarily and expressly with adequate privacy protections is pro-user; surreptitiously siphoning it into a remote database without any privacy guarantees is not. It's time for Apple to pick a side of the line and walk it.

Note: You can turn off the Apple MiniStore by hitting Shift-Command-M, or choose Edit: Hide MiniStore. EFF recommends that iTunes users do so until Apple at least comes clean about its MiniStore data practices.

Update: Apple has made some encouraging changes to the MiniStore feature. See entry above.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

The clock is ticking on Section 215 sunset, but the Senate is in stalemate on NSA spying powers: https://eff.org/r.tpwa

May 22 @ 10:58pm

BREAKING: At the behest of @SenateMajLdr, the Senate will meet Sunday, May 31st in the afternoon, mere hours before Section 215 expires.

May 22 @ 10:20pm

BREAKING: Senator Rand Paul objecting to even one more day of extending Section 215.

May 22 @ 10:08pm
JavaScript license information