Will Your CD Player Tell on You? 862
An anonymous reader writes "Ever feel like not being a marketing statistic? Well just by playing certain store-bought compact discs in your home or office computer, your new music disc may be transmitting your listening habits in real time to the respective record company...." Charming. Read on for more...
Anonymous Continues: "A company by the name of Bandlink is providing technology to record companies that allows a cd played in a personal computer to contact their server and relate statistics such as what track you're listening to and when you're listening to them. This information is then compiled into customizable reports that allow the record company to develop "User Profiles". There are benefits listed for the consumer such as cd-specific chatrooms, concert information, etc but the question remains: What's your price for privacy? The only indication that the cd you're purchasing is Bandlink "enabled/disabled" is a small logo on the packaging. There is no mention of a opt in/opt out agreement when the cd is inserted on the website and none was displayed in a personal demonstration.
Favorite quote from their website: "Virtually any information you want to know about your fan or the quality of your release can be obtained.""
What sort of idiot? (Score:5, Funny)
What sort of idiot has their firewall configured to let their CD player send packets out?
Re:What sort of idiot? (Score:5, Insightful)
Re:What sort of idiot? (Score:5, Funny)
Re:What sort of idiot? (Score:5, Funny)
Re:What sort of idiot? (Score:5, Insightful)
Re:What sort of idiot? (Score:4, Funny)
Re:What sort of idiot? (Score:5, Funny)
Apparently,you and I live in very different worlds (Score:4, Funny)
Re:Apparently,you and I live in very different wor (Score:4, Insightful)
To wit: the left lane on a road is for passing. Most states have laws that restrict the distance that a driver can drive in the left lane before moving over. If you've ever driven long-distance, you know that there are those who insist on indefinately going limit plus 5 (or worse yet: limit) in the left lane. And no, I'm not breaking the law if I try to pass, I live in a prima facie state.
Second: Examine for a moment a Motorola v60c. The earlier versions are the best example of this. The antenna easily bends in one's pocket. (They've fixed this with new antenna revs.) Worse, when extended, the antenna acts as a lever for the (bulky) antenna tip to use to exert massive force against the rest of the antenna. Net result: three antenna breaks in 6 months, two in-pocket.
Third: Went to a fast food place looking for food and directions to a gas station. Someone (A) is trying to help me out by asking someone else (B). A: "you familiar with (cityname)?" B: "yeah, kinda" A: "are there any gas stations near here?" B: "whatcha looking for?" A: "gas"
There's far, far more. These are the easy examples. But if you can honestly say you have not run across any stupidity in the past week, good for you! You're a far more patient being than I.
Incidentally, I don't mean to disparage those who can't use computers. I can't perform brain surgery; just because others have no expertise in my area doesn't make them idiots. But when people cannot do their jobs or comprehend basic English (where English is their native language)...
Re:Apparently,you and I live in very different wor (Score:5, Insightful)
Re:What sort of idiot? (Score:3, Insightful)
Re:What sort of idiot? The most important thing (Score:4, Funny)
Re:What sort of idiot? (Score:3, Informative)
This has been going on for years on DVD disks... (Score:5, Interesting)
There are several issues with this, and relavent to the topic of "illegitimacy of spyware":
1. "InterActual" doesn't actually install an MPEG2 decoder filter, it merely uses the existing filter provided with a new PC
2. "InterActual" software attempts to redirect the user to whatever content is available online relating (or not) to the title being viewed - spam essentially
3. "InterActual" assigns itself as the default DVD playback application in Windows, and thus the user is subjected to the inferior quality of the DVD navigation software
4. "InterActual", if the user performs the standard "click-thru" agreement to watch their DVD content, broadcasts information about what DVD content the user views
Suffice to say, these points are easily discovered with a Google search, so I'll refrain from excessive linking and leave further research to the reader.
Now, for the more-than-capable user (read: most of you reading this), an explanation for preventing/disabling/uninstalling this spyware is obviated. But as the initiated, it's our duty to explain this to those who may not understand (read: friends, neighbors, family) what happens with spyware such as "InterActual" software.
On a personal note: After purchasing my last PC from Dell (please no "Dude" jokes) and inserting a DVD disk, it presented me with a dialog informing me that "InterActual" software was attempting to install and overwrite my settings, and gave me the option to block "InterActual" from installing on my machine. As expected, content is played through the standard DVD software provided by the OEM and I don't have to see that annoying banner anymore when I insert an "InterActual" or "PC Friendly Enabled!" disk.
Cheers!
J. Esterhaus
Re:What sort of idiot? (Score:4, Insightful)
BlackGriffen
Who runs an EXE they weren't expecting? (Score:5, Informative)
Is this USA only, or are these for sale in Canada or in Europe? Because if they are, Canada's PIPEDA and the EU DPD mean wake up and smell the lawsuits.
They're in Canada. (Score:5, Informative)
I read part way through the EULA (which is apparently available on their website but I couldn't find it) but I didn't see anything about allowing them access to all information.
I support the idea of adding content to cd's to make them more attractive to purchase
Since I couldn't find the EULA online (as promised) i've taken the liberty of posting it online (hopefully its not illegal but oh well).
Its available here [www.sfu.ca]
It weighs in at a hefty 12.8kB
Re:What sort of idiot? (Score:4, Funny)
What sort of idiot is using Windows?
Re:What sort of idiot? (Score:5, Interesting)
Still, I wonder what other stuff they're sending apart from the listening habits.. maybe what kind of PC you're running and what software is installed to help determine what socio-economic group you fall into.
Whatever, I listen to my CDs on a real CD player and rip them to MP3 if I want to listen on the PC.
Packet Inspecting Firewalls for Consumers? (Score:3, Interesting)
The problem is that everything uses HTTP, so it's not like you can just filter out a port and be safe. I suppose you could filter out by network name, assuming you knew the likely targets information was to be sent to.
Re:Packet Inspecting Firewalls for Consumers? (Score:4, Funny)
I can't wait until somone writes a cool proxy for this thing and all of a sudden William Shatner Sings makes the top 40.
Re:What sort of idiot? (Score:3, Insightful)
That sort of speculation is pointless.
What I want to know is if Zone Alarm et al catch this. Can someone recommend a particular title for me to try?
Also, would it somehow be illegal for us to all submit 1000 plays of William Shatner's CD without actually owning or listening to the CD? At what point do such actions become a DOS attack? Falsification of this kind of data seems to be the best approach to fixing this problem.
Re:What sort of idiot? (Score:5, Insightful)
I would wager most "idiots", if they have a firewall, have it configured to let their CD player send packets out. Last time I checked, there wasn't a "CD Player Snoop" protocol port that most firewalls are set to block by default.
Any network with user clients playing CDs on their desktops is likely to allow at least port 80 pass outgoing. So if you are going to call administrators idiots for allowing users to talk to external web services, then so be it. (That's a whole other conversation.)
Any personal local firewall product is also likely to be configured to allow at least port 80 pass outgoing. Now, I don't know what protocol/port this alleged nefarious thing uses, but it's a good bet it's something common and likely to pass through a firewall. Last time I looked, there were a plethora of sneaky things using HTTP besides browsers, usually for exactly this type of reason. Besides, why write your own net code when the OS already has it all built-in, ready to use, and unblocked by firewalls?
Re:What sort of idiot? (Score:4, Informative)
Re:What sort of idiot? (Score:4, Interesting)
Having IE open a random URL is amazingly simple - the ShellExecute() or ShellExecuteEx() functions are fully capable of doing that. Heck, you can do it with a plain old batch file that executes "open explorer http://some.site/encoded_registration_information" .
Even simpler would be to simply execute iexporer.exe directly, and then drive it with Win32 calls (or via DDE, if you feel masochistic).Bottom line: you, the user, let your web browser access URLs on your behalf all the time. Once you let someone execute random code on your machine, there are any number of ways they can make use of this capability to get information from your machine to their server, probably without any obvious notification of the event.
Re:What sort of idiot? (Score:3, Informative)
I even have a *dedicted* firewall here at home (kind of overkill but hey..).
Like me, most people don't want to install proxies for every sort of software they use.
And editing my rules just because some program or another wants to play with my ports
(online gaming anyone?) is a waste of time IMO. Not to speak about searching the web on
*which* ports/IPs i have to allow for the programs/games to work.
So what i do is simply allow any traffic out (*in* is a different matter).
And since i dont run Windows i really dont care if program X is calling home.
If it's using port 80/tcp you don't have a chance to block it anyways (proxy or no proxy)
and i bet most programs use 80/tcp.
(Even if i'm not an idiot, english is not my native language. Feel free to correct any typo)
Re:What sort of idiot? (Score:4, Informative)
Whilst that's something that iptables/chains just can't cope with (sadly) I have Norton Internet Firewall, for my remaining Windows PC, which is application based. ie, you can accept/deny any connection for each application. Its a great facility, one which I wish was available on Linux. There's nothing like knowing which applications are spying on you...
Of course, NIF is too complicated for your average Windows user, but ZoneAlarm has similar facilities, and is much easier to get to grips with.
Gawd, never thought that I'd be promoting a windows app...
Re:What sort of idiot? (Score:4, Informative)
Re:Linux functionality (Score:5, Informative)
ZoneAlarm internals? (Score:3, Informative)
Wow, I would have thought that that would have been prohibitively expensive performancewise, which is why I would assume that only a "trusted OS" would do that. Interesting. So I'd assume (since Google fails to turn up a detailed whitepaper on the first few hits) that ZA MD5s the binary at the first socket access the app tries during an invocation (it certainly can't be every time the app tries to do something, or performance would be completely unbearable).
But you really don't have to go to all this work. Copy (or contain) a copy of a trusted binary. Drop it into a directory somewhere. Drop a modified msvcrt.dll in the same directory, and let the program link to said DLL, and you've easily got untrusted code running within your "trusted" application.
Frankly, as long as the OS doesn't have pretty low level support for this, you're going to be able to bypass it.
I wonder what ZA could do to fix this? MD5summing linked to DLLs would be kind of expensive, and wouldn't work at all if there was application-initiated (rather than load-time OS-initiated) dynamic linking going on. I guess you could do that, take the performance hit...then ZA could hook LoadLibrary() and handle application-initiated linking....
Still, as you and I mentioned, the monolithic design of IE, providing application-level services and using components left and right, is pretty much an unstoppable impediment to securing a Windows-based system.
Re:ZoneAlarm internals? (Score:3, Informative)
And while the orginal parent post gets modded up, it would perhaps be more informative if he had actually used ZoneAlarm...
A quick and simple test reveals that clicking on IEXPLORE.exe in the Program Files/Internet Explorer folder, allows internet access, (if ZA has been to set to allow it of course). Copying the exe into another folder - say My Documents, and running it, creates a ZoneAlarm alert asking if you want IEXPLORE.EXE to access the internet. Which reveals that ZA does indeed MD5 the binary PLUS the program path, making the script kiddy hack described above nigh on impossible.
As Zone Alarm themselves say, no firewall is perfect, but IMO ZoneAlarm is pretty damn good. It's simple enough for any one to use, which vital in today's harry home owner DSL world, the basic version is free as in free, which is vital to encourage all Windows users to use it, and it contains decent (but not perfect) protection at application level, vital to stop trivial hacks like the one described above.
Re:What sort of idiot? (Score:5, Insightful)
The sort of idiot who wants to protect themselves from spyware or DDOS bots phoning home.
Can it be non-platform specific? (Score:3, Interesting)
Re:Can it be non-platform specific? (Score:5, Interesting)
How long before it is illegal to "circumvent" this software by running a non-windows OS while playing CDs?
Re:Can it be non-platform specific? (Score:5, Interesting)
What exactly is "software" anyway?
An
So I don't see how I can be charged with failing to run the software on my non-Windows OS if, on said non-Windows OS, your software isn't actually software at all.....
Re:Can it be non-platform specific? (Score:5, Interesting)
Eat *that*, RIAA!!
Re:Can it be non-platform specific? (Score:3, Informative)
Best I can say is, that's an unusual sequence of events. Major Linux APIs rarely get rapidly and completely deprecated like the ALSA
The other thing I don't get is why alsa-.9 required kernel 2.4.19 in your case -- I'm fairly sure it does not. Perhaps Mandrake was distributing a prebuilt version that was built for their 2.4.19 kernel?
Re:Can it be non-platform specific? (Score:3, Informative)
You have never had to recompile your kernel? That is a surprise, if you've been running Linux for any significant amount of time. If you have been, you must have very standard, common hardware and care little for optimizations. Even when I can get all my hardware on a box working with the default kernel, I will recompile when I have the chance to apply processor-specific optimizations and strip out all the miscellaneous cruft I don't need.
HAH! (Score:5, Funny)
Re:HAH! (Score:3, Funny)
Re:HAH! (Score:4, Funny)
Re:HAH! (Score:3, Insightful)
Give it a "play list" of the CDs that you're always listening to and see what that does for their stinkin' demographics. If they squawk, tell them about invasion of privacy laws.
There is an upside to this (Score:3, Insightful)
On second thought, nevermind... that would never happen.
Mordred
There is an DOWNside to this (Score:4, Funny)
*LATER, at some guys door step*
-RIAA- Hi, we're the RIAA and know you have been a big supporter for us. As a token of our thanks, we'd like to offer you...
(Suddenly sees stacks of backup copies of cd's, napster memorabilia, and a very blinky cable modem, etc)
-RIAA- (cont.) life imprisonment.
-GUY- Thanks!
*GRIN*
Re:tell me about it (Score:3, Insightful)
When you go to a show or trade mp3s with someone who digs the same music you do, there's a certain "we're both pretty cool that we know about this" thing going on. It's mutually established that you both have good taste.
hrm..... (Score:3, Funny)
bite me
rainman
My desktop is my property (Score:5, Interesting)
Re:My desktop is my property (Score:5, Insightful)
Same goes with javascript and ad popups - just turn them off! It's your computer!
Sure, there are conveniences that you lose in doing that, but many conveniences come with security risks and other annoyances. It's just like the security problems with Outlook autorunning attachments and scripts all the time - it's a ridiculous way of writing software, and never should have been included, and anyone with a clue either turns it all off or gets a different mail program. For some reason, people don't see javascript and autorun and similar things in the same way. I do.
Re:My desktop is my property (Score:5, Insightful)
Sure, you could turn your cell phone off when you're not making a call so that telco's and gov can't triangulate your position, but do you?
Sure, you could pay for everything in cash instead of credit to avoid an electronic trail, but do you?
Sure, you could wait 10 minutes at the bridge instead of using a new electronic toll payment system, but do you?
Smart agents and networked technologies like this erode our privacy. But do we get enough in return?
How much would you sell *your* privacy for?
Re:My desktop is my property (Score:3, Interesting)
Now, if I don't know that it's running, or it shouldn't be running, (because it's doing so via a security hole, for example) it's a different story. But in this case, the computer owner has configured the computer to run software on CDs when they are inserted, and then he has inserted a CD.
Of course, debates on whether autorun should be ennabled by default are welcome - I know which side I would be on. But calling this "hacking your system" isn't very accurate.
Re:My desktop is my property (Score:3, Interesting)
I've never had anyone else put a pop-up on my desktop. I have to run the javascript/ECMAscript that opens the window. I have to install the program to access the website, I have to (implicitely or explicitely) grant it permission to run Javascripts/ECMAscripts, I have to tell the program to visit the website with the script.
You're trying to fine people for writing a script. Sounds like the DMCA to me. (Note: the DMCA is a bad thing.)
Re:My desktop is my property (Score:5, Funny)
That's what I do. I usually click "YES" in the EULA popup and install the program, but deep down inside I don't agree with it.
There are already laws protecting computers. . . (Score:5, Insightful)
Of course if your computer software comes attached with an offensive EULA in which you "agree" to have no rights to your own system/network you might well be hosed. I'd like to see someone challange this in court *on the basis that you can't be coerced into signing away a basic property right, even by contract.*
To my knowledge this hasn't been tried yet in America ( in some other countries the EULA is already considered invalid prima facie). All it takes is someone devoted to the cause with $50,000 American and five years of their life to devote to it.
Of course there's another option. *Don't use EULAed software.*
In that case the assumption of having to give some sort of explicit permission to enter your system ought to hold just as much for the personally computer as it does for the corporate/government computer.
Hacking is a crime. Do your homework, secure your system, and then insist on *prosocuting* any "hacking" of you system, no matter who the "hacker" is.
Laws are double edged swords that can cut the person who "bought" the law just as well as those it was intended to be a weapon against if the intended victim learns how to use the "weapon."
KFG
And how is this different... (Score:5, Insightful)
maybe they'll discover something important (Score:3, Insightful)
DOD? (Score:4, Funny)
I prefer Tiny Personal Firewall (Score:5, Informative)
I strongly suspect that this won't even be an issue for most Linux users.
Long URL's (or is that URI ;-) )? (Score:5, Interesting)
Although I use the free ZoneAlarm.. I'm also pretty restrictive about what programs I allow access, i.e. why oh bloody why does WMP require internet access when playing a media file when all the required codecs are installed (pile of crap it is).
But, the cynic in me keeps shouting out this idea... what is to stop the disc (well apart from disabling autoplay, unless MS has some other "backdoor" auto execution of something on new media) from opening up a browser window with a heavily customised piece of url every now and then? The default access permissions will allow any web browser to do it's stuff?
Just food for thought.
Re:Long URL's (or is that URI ;-) )? (Score:5, Informative)
As a matter of fact, I've seen a few applications do just this to try to do 'instant' registration by using rundll32.exe to open a url that's a complex URL-encoded string with registration details.
Imagine a URL like:
http://www.company.com/registration.cgi?appname
etc...
The one that comes to mind is PowerDVD. I've seen it do this on a coworkers PC.
The solution to this is to deny your default browser's abilities to access the internet before installing a new app like this and then applying a deny rule against the IP or hostname it tries to access.
Solutions... (Score:5, Insightful)
Uh... disable autoplay? Come on, not tricky, this one.
Re:Solutions... (Score:5, Insightful)
The real problem here is the general public who doesn't know any better, and even worse - doesn't care.
In itself, knowing what CD tracks you listen to is obviously not a serious threat as far as privacy invasion goes but...
Knowing what CD tracks you listen to and when, what groceries you buy and when, and videos you rent and when, who you call and when, where you go and when, and the list goes on and on. The sum of these things is just a bit too much information for corporate america to be keeping detailed track of.
Perhaps you know how to disable most of these tracking systems, do you really want these big corporations watching the every move of your grandmother - who unlike you, doesnt know any better?
Re:Solutions... (Score:3, Interesting)
I think there's an important point here that you missed. Corporate America is not a single entity, and each of these things is not added to a sum. Sure, Safeway knows what kind of food I buy, and Blockbuster knows what videos I rent*, but there's no way to corrolate my food purchasing habits with my video rental habits. Even if Safeway and Blockbuster were both owned by the same parent company, they don't use the same database.
The other important point is, if the only thing this information is being used for is gathering statistics to help the companies market more effectively, I don't care. They're not invading my life.
* Not really; public libraries are wonderful things.
Here's the real question... (Score:5, Insightful)
I read their site a little more closely... (Score:5, Informative)
Bandlink Support
Bandlink is designed to be run simply by inserting the CD into a Windows Compatible PC. The first time you insert the CD you will need to agree to the Bandlink User License and download the remaining program files. Bandlink should do the rest from then on.
As you can see, there's a consumer agreement component here. It's not an unimpeded, unstoppable invasion of privacy, like what TiVO was doing. You have to agree as well. In which case, if you don't really care about your privacy (and you like push content, which some people do) it might actually be seen as pretty cool.
Re:I read their site a little more closely... (Score:4, Interesting)
Re:I read their site a little more closely... (Score:3, Informative)
This is a pretty typical "we'll give you personalized content in exchange for personal data" deal. Hardly new and alarming.
Re:I read their site a little more closely... (Score:3, Interesting)
Very true, but how the hell could you have the data tracks switch between unplayable and playable states based on whether you agree to an EULA?
Re:I read their site a little more closely... (Score:3, Insightful)
TiVo sends aggregate information. How is that an invasion of privacy?
Re:I read their site a little more closely... (Score:3, Informative)
Oh, and for the over paranoid tin-foil hat wearing brigade out there, one call to Tivo and you're off the list.
God it's 3am and I'm responding to some privacy-nut FUD-spreading troll. I need a life.
Moot point (Score:3, Funny)
Yikes. But they must have some amazing tech... (Score:4, Insightful)
In any case, this is seriously scary. While I don't think most Slashdotites (being technically literate) will be affected, think of your mom, little sister or brother (if any), peers at school (if any) - all those people who click "OK" mindlessly whenever a dialog box pops up. It's THOSE people that this kind of stuff targets - because those people don't know better. The only way to stop it is to TELL THEM ABOUT IT. Get the word out. Post flyers. Put it in your sig. Whenever you fix someone's computer, tell them about the new 'spy' CDs while you're digging around inside their case or (more likely) plugging in their eithernet cable.
I'm sure someone will come up with an anti-spy software for this soon, so give out as many copies (assuming the antispy software is freeware) as you can.
Look how well it worked for CD copy protection, at least for the first wave. We can do this.
Re:Yikes. But they must have some amazing tech... (Score:4, Funny)
Supports Ethernet and Token Ring simultaneously?
The Great Privacy Principle (Score:5, Insightful)
Obviously companies believe this, and on present evidence I'd say that most consumers believe this, too.
Sick and twisted minds, those reps (Score:3, Insightful)
I give up.. I'll never rant again
HEY IN ANYONE HERE IS THINKING OF STARTING A COMPANY..
respect privacy..
nevermind.. I'm wasting my breathe.
pm
So how does it work? (Score:5, Insightful)
RIAA Self Destructs Again (Score:5, Funny)
RIAA Exec #1: "Let's start spying on people. It's not like they have a real reason to steal music anyways."
RIAA Exec #2:"Yeah! And we can have pop-ups that tell them Big Brother is watching!"
RIAA Exec #1:"No... That would be stupid... right?"
RIAA Exec #2:"Perhaps... But surely this will make people want to buy music as opposed to downloading it. Right? Right?"
RIAA Exec #1:"..."
RIAA Exec #2:"RIGHT?!"
RIAA Exec #1:"Oops..."
Me: "Thanks guys. Now I have a morally sound reason to download Britney's newest album! MERRY CHRISTMAS!"
A little paranoid? (Score:5, Informative)
So it's nothing more than some Auto-Run software. Which makes sense, I can't imagine any other way a CD would just magically contact a remote host.
Solution? Disable auto-run (which I do anyway), or in this particular case, don't accept the license agreement...
They also mention this a lot:
My first thought was that they could easily combine so-called "copy protection" with phoning-home, but at least with Bandlink this is not the case.
IN UNITED STATES OF AMERICA (Score:5, Funny)
(At least people in Soviet Russia can grin on this)
Everything else you do is being tracked (Score:5, Interesting)
Actually in many way I feel there is safety in numbers. If they were only monitoring a we few people I would be nervous, but when the amount of data being collected we are people just numbers in a statisitc somewhere. Just another brick in the wall.
Re:Everything else you do is being tracked (Score:5, Insightful)
This is true so long as you're not an outlier. Consider some examples of things that could make you an outlier:
I'm sure with minimal effort, others can come up with even more chilling examples. When the government of our corporate republic can legally trawl everything looking for outliers, safety in numbers doesn't make me so comfortable.
Block DNS Call? (Score:3, Interesting)
Better yet, can someone distribute a universal HOSTS file of all known spyware and update often? I'd pay for the privilege. AdAware may be a good vehicle.
slippery slope and the problem with technophiles (Score:4, Insightful)
The problem arrives when you must install this software to listen to the cd on your computer. Remember, copy protected cds are out there, and adding this layer wouldn't be very hard.
The next step means loss of fair use. Maybe not for you or your friend who thought Napster was the greatest thing since a windows network on a university campus, but definitely for a lot of people.
Over the last couple of years the fire has seemed to have burned out. We used to get pissed about this shit, and now the highest rated comments don't seem to care about it all. We're letting our guard down.
What data is being sent? (Score:4, Insightful)
How do you know that they aren't sending your IP address when they say they aren't? How do you know they aren't sending info about files in 'My Documents' or what files are listed in the 'add/remove' section of the registry? And don't tell me the privacy policy says they aren't so they aren't-privacy policies are changed more often than my underwear, and I change that everyday!
I don't mean to get all Mulder here, but I am so tired of companies trying to sneek things past me in a 10 page licence agreement for free software that exceeds the length of my deed if I buy a $300000 house!
There is an opt-in/opt-out agreement. (Score:4, Interesting)
But I'm all for tracking people's CD usage. That allows companies to market more targetable CD's. Instead of producing CD's that people buy because they "heard" they were good, and then listened to only a few times before getting disgusted with it, it lets them find out what music people listen to over and over again.
-BrentRe:There is an opt-in/opt-out agreement. (Score:3, Insightful)
Lightbulbs aren't calibrated to maximize lifetime, but to make it as short as the market will bear.
In short: "No it doesn't" (Score:3, Informative)
Seriously, how stupid can people be? Ok, so the CD will buffer-overflow my player, and figure out how to access the outside world by executing it's malicious (processor and OS independent) code... You know what? No it won't!
Shit like that doesn't just happen.
So maybe *some* people run a player that facilitates said information gathering and transmission - that's their problem. Get a life, get a real player, get a real OS.
But CD's magically coming to life and transmitting my listening habits (which I guess it stored in the big secret database facility on the moon, which is by the way run by aliens under contract with the government - which is again why they had to fake the moon landing, but that's another story) - no, please, just forget about it...
Actually, this software seems pretty cool... (Score:3, Informative)
Furthermore, their privacy policy says they will not hand out required personal info, but only aggregate info. They do say that they will use your personal info to "contact you about services in which you have expressed interest," which may or may not mean spam. Really, "expressed" should mean a check box, but you never know. It looks like a loophole though. And of course, the artists can require your personal info to log in to their sites, but you can just refuse to give it and not log in if you think that's a problem.
All in all, I the article is bullshit. If this system is what it says it is, it's just an above-average media player that comes with the CD (although possibly at the cost of, say, a quarter to the buyer). Nothing to bitch about, invoking "privacy" and all that. If you're a privacy zealot, firewall it. If not, there are still a zillion other programs that are more likely to spy on you.
Buy A Stereo (Score:3, Informative)
privacy policy (Score:3, Informative)
From what I can tell, they are trying to impress recording labels with an avenue to add value to the CD. I read a lot of ranting about how the music industry is clueless and could leverage the Internet better. Maybe this is a positive more in that direction. It is hard to tell.
I'm a bit paranoid about it as well, but since I use Mac OS X I'll let the Windows people cut their teeth on this one.
What about spoofing the data? (Score:3, Funny)
I can imagine really, really bored hackers writing a virus to have infected computers spoof data. A new world-wide phenonmena: Polka Love songs!
Don't complain - instead generate bogus reports (Score:3, Interesting)
IP addresses to avoid... (Score:4, Informative)
Or, to be perfectly safe, you could borrow a page from our current administration's sex ed book and abstain from downloading.
OverPeer:65.174.255.255
OverPeer:65.160.0.0-65
Ranger:216.122.0.0-216.122.255.255
MediaForce:65.
MediaForce:65.223.0.0-65.223
MediaForce:4.43.96.0-4.43.96.255
MediaD
RIAA:208.225.90.0
RIAA:12.150.191.0-12.150.191.255
MPAA:64.166.187.
MPAA:198.70.114.0-198.70.114.2
MPAA:209.67.0.0-209.67.255.255
NetPD:207.155.
NetPD:128.241.0.0-128.241.2
UnknownC&DCop:64.106.170.128-64.106.170.19
BayTSP:209.204.128.0-209.204.191.255
Vidius:20
GAIN(spyware):64.94.8
GAINCME(spyware):66.35.247.0-66.
GAINCME(spyware):66.35.229.0-66.35.229
MediaDefender:64.225.292.0-64.225.292.127
R
Xupiter.com:63.23
Xupiter.com(mirror):63.208.235.30
BSA (?) 208.121.215.0-208.121.215.255 (Not sure)
CDs are SHIT (Score:3, Interesting)
Besides, I don't take any of that garbage. Both of my home networks, which are physically separated for paranoia purposes, must pass through a two-stage firewall system powered by four separate OpenBSD boxen (two for each network's firewall). The configuration of these firewalls has evolved over three years' time, but suffice it to say that I feel relatively comfortable knowing that any site that is not specifically white-listed will NOT get accessed by any of my machines, nor will any whitelisted machines get accessed for protocols which I have not specifically allowed. The advantage here is that NO software is going to report JACK SCHITT about my behavior to NO marketer.
One final note: I am a marketer by profession. B2B, specifically. And I refuse to employ any big-brother techniques in my work. This may be more difficult when marketing to enormous herds of stupid, technologically illiterate masses of IDIOTS, where you need to be stupid like that to make any sales. But I don't give a damn. I'm doing my part to avoid world-wide slavery by not doing that garbage myself.
WAR IS PEACE.
FREEDOM IS SLAVERY.
IGNORANCE IS STRENGTH.
Not new (Score:3, Informative)
Go to Options - Preferences - Setup. The last checkbox is "Allow Winamp to report basic, anonymous program usage information".
Most mp3 players have something like this, to a greater or lesser extent.
I'm also amazed that the allegedly technical slashdot audience has not yet figured out that in order for these "bandlink" CDs to work, the user would need to install special software on their machine. I mean, read the fucking site. These "bandlink" CDs don't do squat unless the user specially and deliberately installs the software.
It is very clear that this is not some sort of behind the seems privacy invasion but an above board trading of information for privacy. (Which, indeed, has issues of its own, but...) Other companies (Real, Musicmatch, etc.) do worse right now.
Note to self: (Score:3, Funny)
Re:How to opt out (Score:5, Informative)
From their pop-up how-to [bandlink.com]:
Q: What is Bandlink?
A: Music Enhancement Software
Q: What ISN'T Bandlink?
A: Anti-Piracy Software.
Installation:
1. Insert you Bandlink CD into your Internet Connected PC. (Bandlink should autostart on Windows).
2. Click "I Agree" to the Bandlink License and select "Connect" to install Bandlink.
3. Bandlink should detect your CD, begin CD playback, and display artist content.
Re:How to opt out - revised (Score:4, Interesting)
A better technique would be to study the data they send, write a small ap to send dummy data, a freely and widely distribute the ap. Your bargan rack CD's are not likely to send anything, and even if they did your just sending them a little extra info about some lame disks that you were at least willing to go out and get. But if an application were available to send the spys information without my actually having to go out and buy overpriced albums, I would be glad to send them a lot of bogus data, and I bet a lot of other people would too. That would make their efforts worthless, and might help bring a stop to it.
Re:IN SOVIET RUSSIA (Score:5, Funny)
Join the fight aganist lame
So what do you do now? (Score:3, Interesting)
(This isn't meant to sound arrogant, I'm just curious)
As someone else had posted earlier, it's not likely iptables would notice. It would probably look like a web page request on the client computer, which would be legitamate as far as the firewall is concerned.
If this IS the case, thats cool because you could log the packets while the app runs after inserting the CD, and see how they talk to the server. Then using the logged data as a model, you could seed the database with misinformation, or "support" certain bands that you are partial to.
Re:good lord (Score:5, Interesting)
PC's are cheap now--run two, one with an Internet connection, and one without. Network internally with IPX/SPX or NetBEUI. Download your entertainment on the Internet connected PC. Play the downloaded content on the disconnected PC. Voila`--the media players, etc. can't call home. For added security, don't do anything sensitive on the Internet connected machine.
This setup isn't airtight, but it's a damn sight better than giving RealMedia, Microsoft, and every other spyware purveyor on the face of the earth unfettered access to the same machine that contains your financial information or files which indicate certain, um, proclivities.