Privacy.org reports on the buzz regarding a new iTunes feature recently added in version 6.0.2 may be communicating information on the song you are listening to Apple, raising privacy concerns.
A “Mini Store” pane has been added to the main iTunes window that provides more information on the song being played, as well as additional available tracks from the artist, and a list of other songs that users who own the track have bought. To do this, iTunes must pass to Apple’s servers information about what song your are currently listening to. You can turn off the MiniStore at the click of a button, but it’s not clear whether turning off the MiniStore is the same as turning off the flow of information.
Here’s part of Cory Doctorow’s reaction:
I love iTunes because it’s a clean music player. But no amount of clean UI is worth surrendering my privacy for — I wouldn’t buy a stereo that phoned home to Panasonic and told it what I was listening to; I wouldn’t buy a shower radio that delivered my tuning preferences to Blaupunkt. I certainly am not comfortable with Apple shoulder-surfing me while I listen to digital music, particularly if they’re doing so without my meaningful, informed consent and without disclosing what they intend on doing with that data.
UPDATE: Cory has an update:
“An Apple spokesman (reliable word has it that it was Steve Jobs himself) told MacWorld that Apple discards the personal information that the iTunes Ministore transmits to Apple while you use iTunes.”
Apple also has a knowledge base article explaining the MiniStore behavior and how to disable it. It does acknowledge that if you disable the MiniStore, no information is sent to Apple
iTunes sends data about the song selected in your library to the iTunes Music Store to provide relevant recommendations. When the MiniStore is hidden, this data is not sent to the iTunes Music Store.
This helps, but still fails to provide any official statement as to what happens to the data Apple does collect.
UPDATE: EFF chimes in:
If companies like Apple are truly about user empowerment, they must watch this trend closely and remain on the right side of it. Allowing users to upload information voluntarily and expressly with adequate privacy protections is pro-user; surreptitiously siphoning it into a remote database without any privacy guarantees is not. It’s time for Apple to pick a side of the line and walk it.