Windows Media: Watching you watching DVD
Published: 21 Feb 2002 13:06 GMT
Microsoft on Wednesday amended the privacy policy for its Windows Media Player after a noted computer security expert warned that the software keeps track of the DVD titles people watch.
In a Web advisory, computer privacy and security consultant Richard Smith detailed what he termed "a number of serious privacy problems" with the Windows Media Player for the Windows XP operating system.
The posting flagged a feature that allows Microsoft to log what DVDs play on a particular PC through the use of an electronic tracking file known as a "cookie".
"Each time a new DVD movie is played on a computer, the WMP software contacts a Microsoft Web server to get title and chapter information for the DVD," Smith wrote in his advisory. "When this contact is made, the...server is giving an electronic fingerprint which identifies the DVD movie being watched and a cookie which uniquely identifies a particular (Windows Media Player). With (these) two pieces of information, Microsoft can track what DVD movies are being watched on a particular computer."
In addition, the player creates its own database of all DVD titles watched, Smith wrote.
Smith went on to criticise the Windows Media privacy policy, which as of Tuesday did not disclose the DVD reporting feature.
In response, Microsoft said that it had changed its privacy policy on Wednesday morning.
"It is now amended," said David Caulton, lead product manager for Microsoft's Windows Digital Media division. "As of this morning, we have updated the policy to specifically call out that DVD metadata involves a call to the network and a cookie."
The metadata at issue lets people using WMP and XP navigate through DVDs with more information than simple track numbers. The metadata, including track titles, DVD cover art, and credits, sits on the WindowsMedia.com Web site, from where the player retrieves it.
To keep track of what metadata a particular computer has already downloaded, the WindowsMedia.com server assigns the querying computer a cookie, as do most media and commerce Web sites. But until the privacy policy was amended, Microsoft did not specify how it was connecting the information it was gathering, leaving consumers and privacy and security gadflies such as Smith to spin their own scenarios.
"Microsoft can be (using) DVD title information for direct marketing purposes," Smith speculated in his advisory. "For example, the WMP start-up screen or email offers can be customised to offer new movies to a WMP user based on previous movies they have watched. Microsoft can be keeping aggregate statistics about what DVD movies are the most popular."
Microsoft denied that the information collected would let it target individual users.
"One thing Smith says that's simply wrong is that email offers could be customised," Caulton said. "We don't have any information about who user No. 345216436 is, so there's no way to send them email."
Caulton contended that Microsoft's cookie did not give the company any individually identifying information, that customers concerned about it could disable cookies in their browser, and that the database on the computer hard drive -- which lets people access downloaded DVD metadata when they're offline -- was stored in a proprietary, machine-readable format that could not be easily read by a third party.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
94 out of 146 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
