|
Originally Posted by The Null Device What if last.fm were evil?
Regarding the last post about last.fm: one of last.fm's staff has posted a rebuttal on their web forums, to wit:
* Nobody at Last.fm had any knowledge of our user data being fed to the RIAA (or any labels directly), before or after the alleged incident, or at any other point in the history of the company.
* Last.fm has never given data linking IP addresses and scrobbles to any third party. * Last.fm has never given data linking IP addresses and scrobbles to CBS (who, by the way, we don't consider a third party, but who do have to uphold our privacy policy).
* We've been in communication with CBS and they deny that they gave any third party any of our user data.
If TechCrunch have any evidence which contradicts any of the statements I've made here, I'd love to see it, but I think someone is taking them for a ride. I'm not sure why, though.
Make of that what you will. Assuming the denials are true, last.fm and/or CBS will have no choice but to sue TechCrunch for libel to protect their reputation; it'll be interesting to see how that unfolds.
Nonetheless, even if this isn't true, the possibilities it raises are thought-provoking:
Last.fm's scrobbling software originally sent over only the title, artist and length of tracks as they were played. More recently, it was extended to send a fingerprint of each track. The difference between these two is crucial; it is the difference between hearsay and admissible evidence. In short, when you scrobble a track using the last.fm client, it sends over cryptographic proof of your possession of the recording. You can disable the fingerprinting function in the last.fm client software, assuming that you trust it, of course:
How much you trust last.fm's closed-source client software is another matter. Assuming that last.fm had been compromised by the MAFIAA, what's to say that the software didn't trawl your hard drive for things that looked like MP3s (slowly, as not to arouse suspicion), fingerprint them, and then send the list over to MediaSentry or someone, along with some juicy forensic information about your machine (serial numbers, MAC addresses, &c.)?
Of course, this would be totally illegal and even more unethical. But, then again, so would waiving the EU's privacy laws to send user identifying information to CBS (as is alleged). And it's not like the RIAA haven't been known to use underhanded tactics in their dirty war against music fans.
Even assuming that last.fm are 100% above board and CBS are sufficiently law-abiding to not undermine them, handing over potentially compromising information imples a trust that the information will be kept secure; i.e., that there are no weak links. Given the fact that everybody from TK Maxx to Her Majesty's Government seems to leak personal information left, right and centre, this may not be a safe assumption.
In short, if you're sending over fingerprints of the music on your hard drive, make sure that there is nothing there you wouldn't want to prove possession of to hostile parties. |