Thread: Is Apple spying on us through iTunes?
View Single Post
Old 01-16-2006, 06:14 PM   #22
Brian
MobileRead Editor
Brian has learned how to buy an e-book online
 
Brian's Avatar
 
Posts: 447
Karma: 84
Join Date: Mar 2003
Location: Massachusetts
Device: Treo 700p, Zodiac2
Quote:
Originally Posted by since1968
Hi guys,

I'm Marc A. Garrett, the person who originally reported the iTunes privacy issue on since1968.com. I came across your forum when it appeared in my referer logs. Sorry I'm coming a bit late to your discussion.
Thanks for stopping by and sharing your thoughts.

Quote:
Originally Posted by since1968
Brian, I think some of your skepticism is warranted: some of the blog discussion has moved beyond the initial assertions I've made. Still, I'd push back on a few points made you made:

First, your reading of the TOS [there are three documents covering iTunes, iTMS, and Privacy; for the sake of brevity I'll refer to them all as the Terms of Service] is so expansive that I wonder what you think it prohibits?
That's my point. There are enough catch-all phrases that, although it isn't specifically stated, I think the language does cover the type of activity going on in the case of the Mini-Store.

Quote:
Originally Posted by since1968
I would argue that the plain language of the various agreements covering iTunes and iTMS is designed to reassure the user that the type communication going on between iTunes and Omniture is prohibited.
While there is plain language and specific examples of activity cited in the TOS/SLA/PP, again I'd argue that certain catch-all language technically/legally covers them. From Apple's Privacy Policy, for example:

Quote:
There are also times when it may be advantageous for Apple to make certain personal information about you available to companies that Apple has a strategic relationship with or that perform work for Apple to provide products and services to you on our behalf. These companies may help us process information, extend credit, fulfill customer orders, deliver products to you, manage and enhance customer data, provide customer service, assess your interest in our products and services, or conduct customer research or satisfaction surveys. These companies are also obligated to protect your personal information in accordance with Apple’s policies. Without such information being made available, it would be difficult for you to purchase products, have products delivered to you, receive customer service, provide us feedback to improve our products and services, or access certain services, offers, and content on the Apple website.
In my opinion, that covers the Mini-Store sending data to provide a service by "assessing your interest in our products and services" and Overture is bound by Apple's Privacy Policy as a strategic partner.

Quote:
Originally Posted by since1968
Second, if this type of behavior is clearly contemplated in the TOS, why try to obfuscate it? I haven't had one person defending Apple's behavior -- not a single one -- explain to me why an HTTP GET call to 2o7.net should be buried behind a 192.168[etc] prefix that's designed to look like traffic on the local network. I concede there could be a perfectly good explanation, but no one has come up with one.
That is potentially worrisome, but I wouldn't automatically attribute it to an attempt at obfuscation.

Quote:
Originally Posted by since1968
Third, I was restrained in my initial coverage because I couldn't be sure that Apple sent uniquely identifying information to a third party -- what I mean to say is that I knew iTunes was sending data, but I did not want to make public claims about the nature of the data until I could confirm it for myself. But it turns out that the reporting about unique IDs is correct: iTunes sends your X-Dsid to Omniture. This X-Dsid is unique; not unique in the sense of a PHP session variable, but unique in the sense that it is the numeric equivalent of your Apple ID. It is the number that Apple uses to retrieve your contact and billing data, and it is the same number which Apple sends to Omniture in clear text.
You're initial and subsequent coverage and questions are all responsible and valid in raising potential privacy concerns, but not everyone has been as responsible or level headed in their coverage.

Quote:
Originally Posted by since1968
Finally, let's assume Apple is telling the truth about "Apple doesn't collect data." That doesn't address whether Omniture collects that data. No one has answered this to my satisfaction either: why does iTunes send your unique ID to a data analytics firm if that data is not used or stored?
As I mentioned above, as a strategic partner with Apple, they're bound by Apple's privacy policy. You do raise several legitimate questions that should be addressed, but as I pointed out earlier, the way I read their policies they're covered.

Transparency is the best policy, and in this case, I agree that Apple has fallen short.

Quote:
Originally Posted by since1968
I'd be happy to share all of my data and methods with you guys. It looks like you have a good community here and I'm glad I stumbled across it.
Thanks again Marc,
Brian is offline   Reply With Quote