We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

iTunes feature to avoid duplicate gifts may have privacy risks

Apple could reveal too much by trying to help

Apple's iTunes Store that can reveal what content another person has downloaded, which could be a privacy concern for users of the service, says a research scientist at MIT.

The iTunes Store allows people to gift content such as music to another user. A person can compile a list of up to 100 songs to gift to someone else, and the iTunes Store checks to see if the recipient already owns the content, Andrew McAfee, principal research scientist at the Center for Digital Business at MIT's Sloan School of Management, said in a blog

"This is done with good intentions - to keep users from gifting music that the recipient already has - but the implementation of this feature opens up privacy concerns: if the check reveals duplicates, iTunes tells the gifter about one of them," McAfee said.

The person who is gifting the content only needs to know the recipient's email address, which McAfee argues isn't usually difficult to guess, and have a copy of the iTunes application. Apple also doesn't require givers to sign into their account or present credit card information. The recipients have no idea that their purchases are being scanned by someone else.

"This strikes me as problematic," McAfee said. "Of course, this is nowhere near as big a deal as privacy holes in online health or financial information would be, so we should keep this issue in perspective. But it is an issue, I think."

For music playlists, users are allowed to send up to 100 tracks, so scanning a person's library would take a while, but McAfee writes that the process could likely be automated.

McAfee said that the way the iTunes Store gifting procedure works could be violation of the US Video Privacy and Protection Act, which bans disclosure of customer rental records without consent of the consumer.

The Video Privacy and Protection Act was the basis for a class-action lawsuit filed in April 2008 against the video store Blockbuster, which signed up for Facebook's doomed Beacon ad service. Facebook cancelled Beacon due to privacy concerns. The service would report back what a user did on participating websites back to Facebook.

The class-action suit was later dropped, according to records for the US District Court for the Northern District of Texas.

McAfee contrasted Apple's approach with that of Amazon's digital book marketplace for its Kindle e-book reader.

"As a comparison, I tried to send my Mum an Amazon Kindle book I knew she already had," he said. "Amazon let the purchase go through and told me nothing about her Kindle inventory. She received a message from the company that I'd sent her an e-book she already owned, and giving her a credit for its price. To put it mildly, this seems like a better approach to me."

Apple did not have an immediate comment on the issue.

See also: 5 downloads to fix iTunes' biggest flaws


IDG UK Sites

Microsoft smartwatch release date, price and specs rumours: Launching within a few weeks

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Halloween Photoshop tutorials: 13 masterclasses for horrifying art, designs and type

IDG UK Sites

Should I upgrade from Mavericks to OS X 10.10 Yosemite? What you need to know before updating to...