Following up on the earlier story about the new Apple iTunes MiniStore feature that collects and sends user data to Apple, Cory Doctorow reports that iTunes now asks for explicit user consent before activating this feature:
The MiniStore was switched on by default, without any notice that this service was collecting your information, nor which information was being collected, nor what Apple did with this information.
The new version of the iTunes 6.0.2 installer pops up this screen before turning on the MiniStore:
The iTunes MiniStore allows you to discover new music and videos right from your iTunes Library. As you select items in your Library, information about that item is sent to Apple and the MiniStore will send you related songs or videos. Apple does not keep any information related to the contents of your music Library.
Would you like to turn on the MiniStore now?
That’s pretty good news, but I’d still like to know why Apple is transmitting my Apple ID number with the data collected.
Cory’s closing remark about the transmission of the user’s Apple ID is something I hadn’t realized was occurring. In its simplest form, the MiniStore only needs to collect and send data about what songs this particular iTunes player has been playing – that’s all that is necessary to help provide “you might be interested in this” kind of information. But by sending my Apple ID account number along with the data, this data can now be aggregated to my credit card, mother’s maiden name and other personal information in my Apple user account. The more information about you a particular set of databases contains, the greater the danger.