iTunes update spies on your listening and sends it to Apple?

Cory Doctorow writes on Boing Boing: “A new version of Apple’s iTunes for Mac appears to communicate information about every song you play to Apple, and it’s not clear if there’s any way to turn this off, nor what Apple’s privacy policy is on this information.

Yesterday, I updated my version of iTunes to 6.0.2, at the recommendation of Apple’s Software Update program. I noticed immediately that iTunes had a new pane in the main window — the “Mini-Store” which showed albums and tracks for sale by the artist whose song was presently playing.

The question is: how does Apple know which version of the Mini-Store to show you unless iTunes first transmits the current song that you’re playing to Apple? I’ve turned off the Mini-Store, but a look at Apple’s site, the iTunes license, and the iTunes documentation does not state whether this turns off this spyware behavior, or whether it merely causes iTunes not to show me things to buy based on the track I’m presently playing.”

Some of his readers have looked at the situation with packet sniffers and confirmed that if you turn off the mini-store function, iTunes does not upload any information, and Steve Jobs says that Apple discards any personal information the Ministore transmits to Apple.

Doctorow gives the credit for breaking this story to Marc at since1968.com, and makes note of this typology of silly apologists for Apple’s behavior:

  • “It’s not spyware if Apple does it.”
  • “Stop hyperventilating, iTMS is only collecting the songs you play. Where’s the harm?”
  • “It’s your duty to monitor your outbound traffic..”
  • “Corollary: You should expect that companies will take your information without asking, and it’s your duty to sniff and counter as desired.”
  • “Privacy is dead, stop acting like companies are immoral for spying on you.”

I often get a version of some of these whenever I raise privacy concern about any sort of corporate behavior — either it is my responsibility to try to protect my privacy, or I should give it up and recognize that the battle is long since lost. I’ll be damned if I roll over and accept the latter; as to the former, I agree that it is my responsibility, when the data is collected transparently. For instance, to avoid their building a consumer database on me, I never sign up for the frequent buyers’ discount programs at large corporate chains at which I am forced to shop, since there are virtually no independent pharmacies, supermarkets, pet shops or stationery stores around anymore. (I am fortunate enough not to be faced with the same dilemma at Barnes and Noble or Borders, since I can frequent one of two wonderful independent bookstores and never shop the chains at all.) Likewise, as Marc’s discussion suggests, if I rip a CD into iTunes, it queries Gracenote for the tags on the tracks, but it tells me it is doing so.

“What I do assert is that sending a packet of your information, however innocuous that information may be, to a third party without your consent or knowledge is foot-in-the-door behavior: if customers don’t make it clear that it’s got to be disclosed now, companies will take the lack of opposition as assent. It’s not evil; it’s just what corporations do.”