RealNetworks climbs down and says sorry over CD data

But how many other companies are just a heartbeat from doing the same thing?

RealNetworks has executed an almost instant cave-in following the storm over its surreptitious gathering of data on its customers music listening habits. The company's RealJukebox, it was revealed over the weekend, sends data to RealNetworks on the fly if a CD is being played while the user is connected to the Internet (see story). Company chairman and CEO Rob Glaser issued an apology yesterday, and at the same time RealNetworks posted a patch which can be used to disable the offending features. "We made a mistake in not being clear enough to our users about what kinds of data was being generated and transmitted by the use of RealJukebox," he said in a statement. The software patch is also being integrated into the downloadable version of RealJukebox, and will be available later this week. RealNetworks has most likely been dumb rather than shifty in getting into this mess, but the discontinuation of the process can still be seen as something of a reverse for the company. It has obvious ambitions in the arenas of portals and e-commerce, and therefore the kind of customer data it was gathering had some value to it. But its mistakes were first, not to tell users it was gathering the data, and second to fail to set up systems which obviously separated individual registration data from statistical usage data. Privacy expert Richard Smith spotted this potential association when exposing the RealNetworks system. RealNetworks insists that the data wasn't used in this way, but it clearly could have been, and that's what separates the company from others, Microsoft included, who gather similar kinds of user data. Microsoft's Media Player uses a GUID system, but as there's no need to register the product, the association can't be made. Or more properly, can't be made yet. Microsoft has been working very hard to increase the registration levels of its products, and it's pretty clear that sooner or later these are intended to be 100 per cent. When software companies get to the point where they know who all, or even a substantial proportion of, their users are it will be perfectly feasible for information about individual users to be associated with their registration details. The data that could be derived from this will be intensely valuable, and it seems fairly clear that left to their own devices, plenty of companies will have no scruples about building the data, and using it. ®

Sponsored: Network DDoS protection