Privacy advocates say the data stored could be misused.
The newest version of Microsoft's Windows Media Player keeps a log of movies and music played by users, storing the information in a database on users' hard drives, as well as sending data back to Microsoft. Privacy advocates say the data could be misused, but the company says it's merely providing popular features.
The actions occur in Windows Media Player for Microsoft Windows XP. When a user plays a CD or DVD movie, the program first makes a note of what's being watched, writing to a small database stored on the computer's hard drive. The player then contacts a Microsoft Web server to download title information. At that time, the name of the movie being watched, as well as an ID number unique to that user, is stored on the Microsoft server.
Privacy advocates say that data could be used by Microsoft to track users' media habits, creating profiles of individual tastes and interests. "What's stopping a company who knows every CD you've listened to and every DVD you've watched from saying, 'We're going to sell this now?' " says Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center. He also worries that the locally cached version of the log file could be read by other people or even subpoenaed as evidence in court. "Once you've created a database, people start to want it," he says. "It might be your marketing department, it might be the government."
Microsoft denies that the information is being misused in any way or even that it's paying attention to who's watching what, saying it has no idea who's attached to each ID number. The company says that storing the data enables users to receive personalized content and richer features. "Under absolutely no circumstances is personally identifiable information ever transmitted to Microsoft as a result of DVD playback," says David Caulton, lead product manager for Microsoft's Windows digital media division. The data is not used for marketing, he adds, though he didn't rule out the possibility that it could be in the future. On Wednesday, the company revised its privacy statement to explain that the logs were being maintained. Caulton says users who remain concerned about privacy breaches can operate the player in "work offline" mode or can set their privacy level to "block all cookies."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.