SpyTunes

by Andrew McAfee on February 18, 2011

A little while back I was putting together an iTunes playlist to give to my Mom as a gift, and found myself frustrated by the application’s user interface. It kept telling me that Mom already had one song after another, and refusing to let me complete the gifting process until I removed the duplicate song from the playlist.

After I did this three or four times I gave up, complaining to my girlfriend how clunky the process was. She replied “That’s not the real problem. The real problem is that iTunes is telling you what music someone else has.”

She’s right. I’ve been doing some poking around, and have found that it’s pretty straightforward for one person (let’s call him George Smiley, after John Le Carré’s master spy) to find out what music, video, and apps someone else (like me) has purchased or had gifted to them on iTunes.

Smiley doesn’t need to spend any money, or even have an iTunes account. He just needs a copy of the iTunes application (which is downloadable and free) and knowledge of the email address associated with my iTunes account. This is often not too hard to figure out; most of us use only a few different addresses, and everything I’ll show below can be repeated over and over with every email address Smiley knows or guesses for me until he hits paydirt. So for now, let’s assume Smiley knows that my iTunes email address is my standard gmail address.

Smiley would assemble a nefarious playlist of music —  the tracks he wants to determine if I own. He then starts the iTunes gifting process (I believe the maximum size for gift playlists is 100 tracks):

After assembling a playlist, this is the first step in the gifting / snooping process.

Smiley clicks ‘Gift’ and is presented with the standard iTunes screen for gifting content. He fills in the requested fields:

The snooper George Smiley tells iTunes to gift me his nefarious playlist

After Smiley clicks ‘Continue,’ iTunes performs a number of checks in the background. One of them is to see if the intended recipient (me, in this case) already has in his library any of the music on the playlist. This is done with good intentions — to keep users from gifting music that the recipient already has — but the implementation of this feature opens up privacy concerns: if the check reveals duplicates,  iTunes tells the gifter about one of them. The application presents this information to Smiley in red ink, before he has to sign in to his account, present credit card information, or take any other steps:

iTunes tells Smiley about one of the songs in my library

If he wants to explore the contents of my music library more, he deletes this song from the nefarious playlist, then resends it. He repeats this fishing expedition as often as he likes. I have no knowledge of these activities and no way to stop them. And the language Apple uses is not quite accurate. In the example above, I might not actually have purchased “Sleepyhead;” it might have been a gift. So Smiley’s learning about music that I didn’t even buy for myself, and might not ever have wanted.

Smiley’s technique also works for video…:

Smiley learns about video I've purchased from iTunes

and iPhone / iPad apps that cost money:

Smiley learns about one app on my iPad

This snooping process is iterative and cumbersome, but I’m pretty sure it could be at least somewhat automated. It’s also a little fluky; to learn what I have, Smiley has to gift media to me in the same form I bought it. For example, if he sent me only a single episode of “Breaking Bad” season 3 iTunes wouldn’t send him a message like the one above. This is because I bought the whole season at once, so Smiley has to gift me the whole season to learn about my purchase. Similar rules appear to hold for music.

Even though Smiley has to work a bit, I’m not thrilled that he (or anyone else) can so easily learn about my media purchases and tastes. If I want to share my iTunes holdings with my friends or broadcast them to the world Apple gives me tools to do so, but if I want to keep them private I can’t.

This strikes me as problematic. A person’s taste in media can be highly personal, yet all of Apple’s more than 10 billion song and 200 million TV and movie downloads are potentially traceable by the George Smileys of the world —  the world’s spies, stalkers, yellow journalists, and opposition researchers. Of course, this is is nowhere near as big a deal as privacy holes in online health or financial information would be, so we should keep this issue in perspective. But it is an issue, I think.

Apple’s legal department will probably be particularly interested in the video example above, thanks in no small part to Robert Bork. During his contentious Supreme Court confirmation hearings in 1987, much attention was focused on Bork’s view that the US Constitution ensures no general right to personal privacy (legal scholars, please forgive me if my language is insufficiently precise here). In a highly personal exploration of his espoused theories, the Washington City Paper obtained and published the list of his rentals from a Chicago video store. Congress then quickly passed a law, the Video Privacy Protection Act, making such publication a federal offense (many states have since passed more restrictive laws in this area).

The VPPA concerns the “wrongful disclosure of video tape rental or sales records” and states that a ““video tape service provider” means any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials.” Apple might well qualify as such a provider; the act has been used as the base of class-action lawsuits against Facebook and Netflix.

As a comparison, I tried to send my Mom an Amazon Kindle book I knew she already had. Amazon let the purchase go through and told me nothing about her Kindle inventory. She received a message from the company that I’d sent her an e-book she already owned, and giving her a credit for its price. To put it mildly, this seems like a better approach to me.

Since taking the screenshots above I’ve changed the email address associated with my iTunes account. I hope that brings me a bit more privacy; I don’t want my fondness for Journey becoming public knowledge…

I’m a big user of Apple products and fan of the iCosystem they’ve built (see posts here, here, and here). But what I’ve described here is a privacy hole they need to plug, fast.

  • http://caddellinsightgroup.com jmcaddell

    Wow, I don’t buy music from iTunes because mp3′s are easier for me to share than AACs. Now I have another reason!

  • http://oliverchua.com Oliver Ortega Chua

    While I was reading your post I immediately thought of the way you described how Amazon does it for the Kindle (at the end of your post). That’s exactly how it should be done!

  • Anonymous

    That’s not how it should be done. With the Kindle way, the gifter is out money on something the recipient already owns and the gifter thinks they got them. If the gifter wanted to get them an iTunes gift card they could.

  • http://www.facebook.com/profile.php?id=570792107 Jay Holtslander

    Someone used this technique to blackmail me! They threatened to tell people I have the complete Ace of Base & Nsync discography.

  • Rand

    This seems like a non-issue…
    - The buyer of the gift (privacy attacker) needs to be logged into iTunes… So if this was automated, would be easy for Apple to detect it
    - Seems the buyer actually has to click purchase to check it, which means if they try to automate an attack to determine which apps the user has installed, they’ll run up a bill doing so (and be noticed)
    - Amazon has a fix, would be easy for Apple to migrate to that model

  • http://oliverchua.com Oliver Ortega Chua

    So, tell us a better way it can be done to maintain privacy. Only allow gift cards with no direct gifting?

    The gifter is not “out money.” It’s money they were willing to spend. (If they were only buying it to introduce the recipient to new music, then they should find out first if they’re already into it…or lend them a CD.)

    The way I see it, it’s like getting a birthday present (like a shirt or toy) that you already have. Instead of needing a gift receipt to return the item, you get the store credit directly. What’s so wrong with that? Thank the gift giver and choose whether to tell them or not that you already have the item. It should be your choice, not Apple’s.

  • http://www.stallman.org/ Richard Stallman

    You’re right in criticizing Apple for this privacy leak, but its existence
    is a symptom of a bigger and deeper privacy flaw in the way iTunes works.

    It is wrong that Apple knows you want to buy specific music and give
    it to a certain person. You can buy a CD in a store and give it to
    anyone without telling the store you are giving it.

    It is wrong that Apple knows what music you bought. You can buy a CD
    in a store without telling the store who you are.

    I will never but any music through e-commerce unless it respects my
    freedom just as well as a CD I buy with cash.

  • Rusty

    That’s how it would work in real life. I send a CD or book to someone who has it already, they can send it back, and I’m out the money but think I got it for them. Perhaps the ideal way would be to give the giftee an option of the duplicate copy or getting credit. Although who would want the same digital item twice?

  • http://litch.livejournal.com/ Litch

    What an inane niggling little complaint. What possible harm could come from someone knowing what music you have?

  • Hellsop

    Either Apple lets you pay for something that someone else already owns and will gain no tangible benefit from, or they “leak” that you didn’t somehow. Choose one that makes *everybody* happy.

  • Chris

    This is the most inane complaint yet. Without even getting into the who cares department, which is certainly huge. It’s clunky, it’s ridiculously random, it doesn’t give anyone any real information except that some email address has the same song as you do OH NOES!

    If you really want to worry about privacy Facebook, Twitter, and Google searches will provide far – FAR more information about someones tastes then this stupid issue will.

    But you know kudo’s for contributing to the twitter storm and fueling other like minded idiots.

  • Mike

    If apple wast so big brother and let you download lets say porn or something that might actually be damaging (other then ur embarrassing collection of show tunes) This is just another example of a non hacker finding a feature and making it bigger then it is with out any understanding of whats going on or how to exploit it.

  • http://taihendaro.cynic.net/ Curt Sampson

    It’s often easy to dismiss issues such as this as being unimportant, or “inane niggling little complaint[s].” But just because you feel that under your circumstances no harm would come from this does not make that true of all potential circumstances. Posting what many would consider an unproblematic holiday photo to a “private” Facebook page got a teacher fired.

    In circumstances like this, where information can be made public, the question is not what you or even the majority of people might think, but what anybody in the world might conceivably think.

  • SilentCry

    First: He does not find out what music I have, only what I did buy via iTMS (which in my case is 1 song, I have better sources)
    And second: To find out which songs/movies I have he has to gift me with every other song or movie available in iTMS. Very well, I probably have to buy a big, big harddisk to hold the 10 billion songs I get as a gift from Smiley. Oh, wait, 10 billion minus the one I have.

    Ridiculous to call this a problem. If you pay 10 billion dollars to the Apple employee who administers the iTMS-Database you can get the list of all iTMS-customers and all songs. Well, that’s a problem!

  • Robert Carnegie

    This is real life, or perhaps regular readers have a special meaning of the words “real life” that I’m not aware of.

    One way that Apple could do this differently is to only allow your friends to use the service, and only to see titles that you want people to know that you have. I mean, the inappropriate gifting angle is particularly scary. Imagine if the manager of a bird sanctuary is given a copy of “Poisoning the Pigeons in the Park” not by their choice and then is blackmailed over that.

    Another way is for a gift card to be generated and sent with a recommendation that it is used for a particular purchase, or maybe even locked to be used only for that title. But it’s up to the recipient to decide how to use it. There would still be a “social engineering” angle where you persuade someone to do something not in their interest – up to and including “grooming” – but it won’t be a feature of the system. (I like Ace of Base also! But maybe I am too old for you hey?)

  • http://twitter.com/BIGELLOW Bob Bigellow

    It’s not about the possible harm that could come from anything… it simply has to do with one’s own expectation of privacy. It also doesn’t “harm” me if someone secretly installs a camera in my home and knows what color boxers I am wearing and, through this iTunes hole, knows what music I like. The expectation of privacy is that they shouldn’t know what color boxers I am wearing unless I expose them to them intentionally… likewise, they shouldn’t know what iTunes music I have unless I have shared this information with them.

    The erosion of privacy in the world has come about by those who confuse privacy with security.

  • Anonymous

    jmcaddell: “mp3′s are easier for me to share…”

    By “share” do you really mean “make unlicensed copies without providing proper remuneration to the artist”?

  • http://taihendaro.cynic.net/ Curt Sampson

    stevenjklein wrote, ‘By “share” do you really mean “make unlicensed copies without providing proper remuneration to the artist”?’

    That’s quite the leading question. He may just as well mean, “reasonable and fair use as has long been defined by by the majority of people in the world, despite the wishes of corporate entities intent on manipulating the monopoly granted to them by corporate entities intent on extracting the maximum rent possible even beyond the purposes of copyright law.”

    Keep in mind, there’s no “natural” monopoly on intellectual property. A few hundred years ago we all, as a society, decided that we would create an artificial monopoly in order to grant some renumeration to creators and their proxies in the hope of encouraging them. Any renumeration to them beyond this minimum necessary amount is a harm to society, not a good.

    Do you attempt to provide “proper renumeration” to Shakespeare’s descendents by sending them they money they don’t get from the publisher every time you buy or read Shakespeare’s works? If not, why not?

  • http://www.tomaschavez.com/ Tomas Chavez

    I won’t really care if they’ll know what songs or videos I have though itunes, it only knows what I have or purchased/gifted from them not all the information in my hard drive.
    Forex trading for Dummies

  • Anonymous

    @TomasChavez:disqus  I do respect your stand on this, but I do care about my privacy and that includes not letting somebody else know what I have may it be a video or a song,etc…Just not comfortable with it..

    Thanks,
    singapore brides

  • Yones

    Ridiculous to call this a problem. If you pay 10 billion dollars to the
    Apple employee who administers the iTMS-Database you can get the list of
    all iTMS-customers and all songs. Well, that’s a problem!
    Premium Generator/a>

Previous post:

Next post: