Log in

Media Player Gives Microsoft A Window on DVD Viewers

21 Feb, 2002 By: Holly J. Wagner

Microsoft Corp. is doing some backpedaling since a watchdog discovered that a component of the Windows Media Player 8 program bundled with the Windows XP operating system (WPXP) keeps track of the DVDs and songs users play, creating potential privacy issues for consumers and competitive issues for video rentailers.

The company quietly amended its privacy statement yesterday to make users aware of the data collection, which includes unique user codes that could be used for marketing or legal purposes.

"We thoroughly reviewed the points you made and do not believe the DVD metadata lookup process in MPXP presents a user privacy concern. However, your feedback has helped a lot in a key area," replied David Caulton, lead product manager for Microsoft's Windows Digital Media Division: "We realized we needed to provide more specific information about the DVD metadata process within the MPXP privacy statement."

Privacy expert Richard M. Smith, who makes it his business to ferret out privacy intrusions in software systems and networks, advised Microsoft of the issues in a letter that prompted the policy statement change.

"Each time a new DVD movie is played on a computer, the WMP software contacts a Microsoft Web server to get title and chapter information for the DVD," Smith wrote. "When this contact is made, the Microsoft Web server is giving an electronic fingerprint which identifies the DVD movie being watched and a cookie which uniquely identifies a particular WMP player. With this two pieces of information Microsoft can track what DVD movies are being watched on a particular computer."

The problem goes further, he contended because it is part of the program, though Caulton said users can't disable the tattletale feature.

"The WMP software also builds a small database on the computer hard drive of all DVD movies that have been watched on the computer," Smith continued. "There does not appear to be any option in WMP to stop it from phoning home when a DVD movie is viewed. In addition, there does not appear any easy method of clearing out the DVD movie database on the local hard drive."

Microsoft isn't doing anything with the information it collects and users can thwart it by running their Media Players only when the computer is not connected to the Internet, Caulton said.

"Microsoft is updating its privacy statement for Windows Media Player for Windows XP to include a reference to DVD metadata, and is specifying that no tracking of user viewing is taking place," Caulton wrote. "If a user wishes to disable this transaction, they have several options. The user can turn this off by simply setting their privacy level in Internet Explorer to ‘block all cookies.' The user also can work offline in the player from ‘file: work offline,' which will prevent the player from doing DVD lookup."

Caulton disputed Smith's comment that the feature could give Microsoft a competitive advantage over video rentailers because of a law that prevents them from using the same information for marketing purposes.

"For example, the WMP startup screen or e-mail offers can be customized to offer new movies to a WMP user based on previous movies they have watched," Smith noted, adding "The Video Privacy Protection Act of the United States prevents video rental stores from using movie titles for direct marketing purposes. The letter of this law does not apply to Microsoft because they are not a video rental store. However, clearly the spirit of the law is that companies should not be using movie title information for marketing purposes."

But Caulton said the information is never associated with specific e-mail addresses, even when a user signs up for a Windows Media Player newsletter, Microsoft Passport or other MSN account on the same computer.

"The subscription signup cookie is a different cookie/identifier than the DVD cookie/identifier. This means that it's not even theoretically possible to associate DVD viewing information with the e-mail address," he wrote.

Microsoft could still aggregrate statistics about what DVD movies are the most popular for publication, but Caulton said it isn't doing so.

Add Comment