We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

iTunes feature to avoid duplicate gifts may have privacy risks

Apple could reveal too much by trying to help

Apple's iTunes Store that can reveal what content another person has downloaded, which could be a privacy concern for users of the service, says a research scientist at MIT.

The iTunes Store allows people to gift content such as music to another user. A person can compile a list of up to 100 songs to gift to someone else, and the iTunes Store checks to see if the recipient already owns the content, Andrew McAfee, principal research scientist at the Center for Digital Business at MIT's Sloan School of Management, said in a blog

"This is done with good intentions - to keep users from gifting music that the recipient already has - but the implementation of this feature opens up privacy concerns: if the check reveals duplicates, iTunes tells the gifter about one of them," McAfee said.

The person who is gifting the content only needs to know the recipient's email address, which McAfee argues isn't usually difficult to guess, and have a copy of the iTunes application. Apple also doesn't require givers to sign into their account or present credit card information. The recipients have no idea that their purchases are being scanned by someone else.

"This strikes me as problematic," McAfee said. "Of course, this is nowhere near as big a deal as privacy holes in online health or financial information would be, so we should keep this issue in perspective. But it is an issue, I think."

For music playlists, users are allowed to send up to 100 tracks, so scanning a person's library would take a while, but McAfee writes that the process could likely be automated.

McAfee said that the way the iTunes Store gifting procedure works could be violation of the US Video Privacy and Protection Act, which bans disclosure of customer rental records without consent of the consumer.

The Video Privacy and Protection Act was the basis for a class-action lawsuit filed in April 2008 against the video store Blockbuster, which signed up for Facebook's doomed Beacon ad service. Facebook cancelled Beacon due to privacy concerns. The service would report back what a user did on participating websites back to Facebook.

The class-action suit was later dropped, according to records for the US District Court for the Northern District of Texas.

McAfee contrasted Apple's approach with that of Amazon's digital book marketplace for its Kindle e-book reader.

"As a comparison, I tried to send my Mum an Amazon Kindle book I knew she already had," he said. "Amazon let the purchase go through and told me nothing about her Kindle inventory. She received a message from the company that I'd sent her an e-book she already owned, and giving her a credit for its price. To put it mildly, this seems like a better approach to me."

Apple did not have an immediate comment on the issue.

See also: 5 downloads to fix iTunes' biggest flaws


IDG UK Sites

Windows 9 release date, price, features: Videos leak as Microsoft sets 30 September unveiling

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

IBC 2014 news: video post, CG and VFX news from Adobe, Blackmagic, Eyeon and more

IDG UK Sites

Retina MacBook Air release date rumours and specs: Gold 12in Retina MacBook Air almost 1cm thinner...