TiVoCommunity.com
(c)opyright 1995-2005 All rights reserved
indexcheckTC
This area is a static history of posts in the TiVo Community Forum Archive.
This archive history was made for the simple indexing of search sites like Google.



Pages:1


TIVO DeskTop - SpyWare?

(Click here to view the original thread with full colors/images)


Posted by: PBS_Rocks

OK, this is going to get interesting...

The HMO option is going to require that you install software on your PC in order to get the MP3/Pictures features. It's called Tivo Desktop:

http://www.tivo.com/4.9.1.asp#9

Since we all know that TiVo sells your viewing data from the shows you watch, do you seriously think they won't sell your MP3 playlists if the RIAA offer them $$$$ to do so? Their software could even be reporting back what software is or is not installed on your computer via this link.

If you have not done so already, it's time to seriously think about turning off the privacy invasion that TiVo brings inside our homes:

Call TiVo's service number @ 1-877-367-8486, and tell the phone operator that you want "opt out of data collection". You want your customer record to be set to "Share nothing, Opt Out". Be sure to get a case number that confirms that this change got made and is confirmed. I wrote this case number on the back of My TiVo in case there are future issues that might require "elevated" attention.

Remember, an ounce of prevention is worth a pound of cure.

PBS_Rocks


Posted by: walters

quote:
Originally posted by PBS_Rocks
Since we all know that TiVo sells your viewing data from the shows you watch


We do? :rolleyes:

You might consider correcting your misconceptions about present software before you go off speculating about future software.


Posted by: SuperRob

Wow. I suppose I'm kind of surprised that these sorts of accusations haven't started earlier.

TiVo has always been 100% up-front about how they deal with the information they collect, and what that information is. None of your information ever has your name attached with it unless you specifically tell TiVo to give it. TiVo only has ONE partner that they've ever even given NAMES to, and that was Hotline2Hollywood. So you're wrong on that account, TiVo doesn't sell YOUR data, or anything that can be attached back to you. All viewing data is sold in AGGREGATE, and can't be tracked back to you at all.

Seriously, pull the paranoia back a notch. Quite frankly, if you possess the CD's for the music that you have stored on your computer (like I do), you have very little to be concerned about even if TiVo DID share that information.

Regardless, you have absolutely ZERO information to base your "spyware" accusation on. You're spreading the FUD a little early.


Posted by: JPriller

quote:
Originally posted by PBS_Rocks
Remember, an ounce of prevention is worth a pound of cure.
And an ounce of common sense is worth a ton of paranoia. :rolleyes:

How long do you think they could keep that sort of underhanded back-door spying a secret? Once it got out the backlash would be catastrophic. I don't think TiVo is nearly that dim.


Posted by: PBS_Rocks

quote:
Originally posted by walters
We do? :rolleyes:



Well...Those who bother to read do:

In Tivo's FTC brief on privacy issues:

Ref:

http://a423.g.akamai.net/7/423/1788.../ftc_letter.pdf

They write:

"We disclose aggregated account information and aggregated anonymous viewing information and any reports or analyses derrived therefrom, to third parties including advertisers, broadcasters, consumer and market research organizations, movie producers, and other entertainment producers."

One might believe that "aggregate data" means anonymity, but I can show you many ways to aggregate data that produces results that are most certainly not anonymous.

Read ..... and learn.

PBS_Rocks


Posted by: dgh

quote:
Originally posted by PBS_Rocks
Since we all know that TiVo sells your viewing data from the shows you watch, do you seriously think they won't sell your MP3 playlists if the RIAA offer them $$$$ to do so?


If that convinces them to produce more music that I like, then the HMO might be worth it for that reason alone.


Posted by: JPriller

quote:
Originally posted by PBS_Rocks
One might believe that "aggregate data" means anonymity, but I can show you many ways to aggregate data that produces results that are most certainly not anonymous
And the part where they say "anonymous" doesn't mean anonymity either?

So, what you're saying is that with access to a couple different databases and some intensive data mining TiVo could figure out that I, me, here's-my-address, like Junkyard Wars and thumbs-downed "Survivor"?

I got a lot more important things to worry about than that. Like why the Crunchberries in Captain Crunch taste different lately.


Posted by: PBS_Rocks

quote:
Originally posted by JPriller
How long do you think they could keep that sort of underhanded back-door spying a secret? Once it got out the backlash would be catastrophic. I don't think TiVo is nearly that dim.


You know people use to say that when it was first pointed out that Web-tracking was possible. Now, today, hundreds of software packages have spyware doors placed in them. It's so common that it barely made a splash when RealPlayer JukeBox was recently found to be doing an inventory of your software and reporting that back thru the net.

We now live in an age where privacy is all but gone. With the Homeland Security act of last year, law enforecement no longer needs warrants to go into any commercial databases for information. (This would include your TIVO viewing records.)

Call it paranoia if you will, but I have a constitution that guarantees me a right to privacy. And I for one take it seriously enough to make a phone call to defend that right. You may not give it a second thought and that's ok. But to go on the offensive when we live in the era we do is ... well ... rather Lemming like.


Posted by: mtmra70

i would LOVE to have TiVo give/sell my viewing habbits if it kept the programs on the air longer. heck, ill even be bold and say i dont care if they sell it even if it doesnt help them, as long as they dont force programing on me then im fine with it :)


Posted by: JPriller

quote:
Originally posted by PBS_Rocks
It's so common that it barely made a splash when RealPlayer JukeBox was found to be doing an inventory of your software and reporting that back thru the net.
Was that this from 1999 (backlash, apology), or something more recent? Got a URL, if so? I find it hard to believe something doing a software inventory and reporting back wouldn't cause a firestorm of outrage.


Posted by: maharg18

quote:
Originally posted by PBS_Rocks
We now live in an age where privace is all but gone. With the Homeland Security act of last year, law enforecement no longer needs warrants to go into any commercial databases for information. (This would include your TIVO viewing records.)


I'm not sure what my Tivo viewing records have to do with Homeland Security, but "ok" !?


Posted by: shady

quote:
Originally posted by JPriller

I got a lot more important things to worry about than that. Like why the Crunchberries in Captain Crunch taste different lately.


:D That's funny :D


Posted by: dgh

quote:
Originally posted by PBS_Rocks
rather Lemming like.


In the first post in this thread, you told everyone to call TiVo and make a precise set of demands, so I assume you don't mean anything bad by "Lemming like".


Posted by: walters

quote:
Originally posted by PBS_Rocks
One might believe that "aggregate data" means anonymity


In fact that's exactly what it means. It's anonymous before it even leaves your box, and then it's aggregated with other anonymous data before it's given to third parties.

Yes, I've bothered to read a lot on this subject. The privacy policy. The Privacy Foundation Report. TiVo's response to the FTC you cited. Reports of multple hackers who've watched their TiVos report back anonymous data. Mindless drivel from tin-foil hat nuts like you. Yes, I've read it all. I'm still not bothered enough to opt-out.


Posted by: MighTiVo

I want TiVo to collect data on my viewing habits and provide that data to networks and advertisers. Keep up the good work!

Any speculation as to the function of the desktop software required should be left to those in the beta but generalized aggregate data would be fine with me there as well.

Maybe on day the content owners will realize that people actually use MP3s and they might start selling them on-line or providing them free with the purchase of a CD.....


Posted by: JasonS

quote:
Originally posted by PBS_Rocks
Call it paranoia if you will, but I have a constitution that guarantees me a right to privacy. And I for one take it seriously enough to make a phone call to defend that right.


Really? I haven't read the Constitution lately, but I don't seem to remember this popping up anywhere. I think the best the Bill of Rights does is to protect you from unreasonable search and seizure, and I don't think you're arguing that this qualifies for that, are you? There are some Supreme Court decisions that recognize a limited right to privacy in certain areas (like Roe v. Wade, for example), but I'm consistently amazed by how pervasive the notion has become that there is some general right to keep every aspect of one's life private. It's simply not the case. There may be state laws that address this kind of thing, but the federal Constitution does not.

Anyway, chalk me up as another lemming that doesn't care if TiVo wants to know which ABBA song is my favorite. :rolleyes:


Posted by: MighTiVo

quote:
Originally posted by maharg18
I'm not sure what my Tivo viewing records have to do with Homeland Security, but "ok" !?


They could subpoena TiVo to provide data which could identify viewing habits that they think would help build a profile of a terrorist and TiVo could not reveal that they had to provide that information. Trouble is there is no way to relate that to a person anyway.

As I understand it, basically anybody that collects information has to provide it to the government when asked and they can't say they had to.

Read this:
http://www.motherjones.com/news/qa/.../we_268_01.html

Personally I don't really care, but I can understand why people are upset about it.


Posted by: SuperRob

quote:
Call it paranoia if you will, but I have a constitution that guarantees me a right to privacy.


There is NO CONSTITUTIONAL RIGHT TO PRIVACY. That's a common myth, but a myth nonetheless. The "right to privacy" is an accepted "implied" right, but it is not granted by the constitution. And there are a myriad ways that you give up that right.

Quite frankly, a legal argument could be made that simply by being on the internet at all, you've given up a certain amount of privacy. By tracking your IP address, I can find out who your ISP is, and possibly even track you right back to your front door. If you're THAT concerned about your privacy, what the heck are you doing HERE?


Posted by: MighTiVo

Although a right to privacy is not specifically set forth in the Bill of Rights, the Supreme Court has ruled that sources for a right to privacy exist in the First, Third, Fourth, Fifth and Ninth Amendments.


Posted by: SuperRob

Thus, my statement about it being an implied right.


Posted by: phone1

quote:
Originally posted by PBS_Rocks
One might believe that "aggregate data" means anonymity, but I can show you many ways to aggregate data that produces results that are most certainly not anonymous.

Read ..... and learn.

PBS_Rocks
Oh, I've read it. Did you? Conveniently you didn't mention this part:
quote:
TiVo does collect Anonymous Viewing Information; that is, information about viewing choices made while using your DVR, but that does not identify you as an individual or household. In other words, there is no personally identifiable information associated with the viewing information that could identify the viewing information as coming from you or your household.
I don't care how good you think you are, but anonymous data is just that. There's no user name or service number reported, so no way to link existing data back to a specific unit.

So please, share with us mere mortals some of the "many" ways of doing this if the service number or any other personal information was never collected in the first place?


Posted by: tornado

Explain to me why someone paranoid enough to think TiVo is selling their specific, name-linked info is gullible enough to believe a phone call will change that.

All I ask is a little consistency. ;)

EDIT: spelling fix


Posted by: Moebius

quote:
Originally posted by tornado
Explain to me why someone paranoid enough to think TiVo is selling their specific, name-linked info is gullible enough to believe a phone call will change that.

All I ask is a little consistancy. ;)


Actually, I was more wondering why someone quite so paranoid about privacy would be using a product of which a major feature is to track viewing habbits and create suggestions based upon them.

Reminds me of my days managing a video store (which shall remain nameless except to say that we loved renting big blockbuster movies). I often had customers complain about the information we wanted on rental applications. My favorite however, (that this guy reminds me so much of) handed me an application with his name on it. Nothing else. He refused to give his address, phone, DL #, SSN, or a Credit Card as security, yet wanted me to let him take home 6 movies that cost me $65 each (before the days of DVD when very few movies came out at sell thru prices immediately) on simply his name. I'm a pretty big proponent of privacy, but c'mon.

If you want privacy, that's fine. However, if you want to take advantage of new technologies, you're going to have to give up a bit of that privacy.


Posted by: Justin526

Continued silence from PBS Rocks. Chirp Chirp Chirp. (those are crickets if you were wondering) :D


Posted by: island1

SpyWare?
PBS_Rocks(in yor head)


I just wiped my hard drive, now where is that foil and duct tape. I hope they don't find out about my Andy of Mayberry season pass.


Posted by: aciurczak

The black helicopters must have found him and taken him to the secret world government headquarters.


Posted by: Moebius

That, or after reading the post about his IP being logged, he's offline and busy on the phone with his ISP trying to Opt Out of having an IP address so his privacy is not invaded.

Ya know, flames are great therapy for bad days at work.


Posted by: adventurelarry

As the CEO of Sun once said "You have no privacy, get used to it"


Posted by: JPriller

Come on, folks, give the guy a break. Some people have work to do during the day rather than hanging out here. Strange as that may seem, I'm sure there's one or two. :)


Posted by: Moebius

quote:
Originally posted by JPriller
Some people have work to do during the day rather than hanging out here. Strange as that may seem, I'm sure there's one or two. :)


Work??? What is this work?? Oh, wait. That's what this cubicle I sit in is supposed to be used for, right? I knew I was here for some reason.


Posted by: dgh

quote:
Originally posted by JPriller
Come on, folks, give the guy a break. Some people have work to do during the day rather than hanging out here. Strange as that may seem, I'm sure there's one or two. :)


It seems to me that most Internet forums are most active (by far) during the typical work hours ;)


Posted by: mdupont_2000

Anyone else think he is just a troll?


Posted by: phone1

quote:
Originally posted by mdupont_2000
Anyone else think he is just a troll?
Not based on his other posts - just paranoid.


Posted by: phone1

quote:
Originally posted by MuscleNerd
This entire thread is speculation. I'll wait until I see the software in action before I make a judgement either way.
Well of course it is - hence the somewhat lighthearted responses. However, TiVo's written privacy policy is not speculation - it's there in black and white.


Posted by: phone1

About privacy or just in general? Do you really think TiVo will report you to the RIAA for all those pirated MP3's? ;)


Posted by: Hunter Green

Here's what puzzles me. If you don't trust TiVo to release a non-spyware desktop program, why would you trust them to do what they say when you ask to "opt out"?

If a moment's realism is worth considering here, consider this. The point of the desktop software is explicitly this: so that your TiVo can get information from your PC. If you don't want that information to go beyond your house, set up your network that way. There's nothing about an exchange between your PC and your TiVo that should require anything to go out past your router.

When you've done that, check the logs. I bet you don't find anything leaking out of that desktop program. But if you do, congratulations. You've blocked it in the only way you ever could have anyway.

That is, unless the folks who make the security software are in on the conspiracy, too...


Posted by: SteakMan

quote:
Originally posted by Hunter Green
Here's what puzzles me. If you don't trust TiVo to release a non-spyware desktop program, why would you trust them to do what they say when you ask to "opt out"?

If a moment's realism is worth considering here, consider this. The point of the desktop software is explicitly this: so that your TiVo can get information from your PC. If you don't want that information to go beyond your house, set up your network that way. There's nothing about an exchange between your PC and your TiVo that should require anything to go out past your router.

When you've done that, check the logs. I bet you don't find anything leaking out of that desktop program. But if you do, congratulations. You've blocked it in the only way you ever could have anyway.

That is, unless the folks who make the security software are in on the conspiracy, too...
TiVo could easily package up a list of all your MP3's, encrypt it, and send it during a daily call. Your firewall or monitoring software wouldn't detect a thing. TiVo could also easily attach your name and address to this data and sell it to the highest bidder.

The only thing stopping them is that they say they won't. I, for one, believe them. Of course, they haven't said what they will or won't do with the HMO, but I bet they will follow what they have done already.

-SteakMan-


Posted by: Hunter Green

While we're on the subject, TiVo (once hooked to your home network) could be right now sniffing your TCP/IP traffic and network shares, snooping IP packets to collect URLs you're surfing to, etc. and sending those on to Master Control Central by the same means. No need for a desktop application.

This reductio ad absurdem is intentionally absurd, because it is built on exactly the same premise as the original post: they could do this, from a technical perspective. That's kinda the point I was driving at. As long as you're ready to suspect that TiVo is secretly sneaking off with your information, the only defense is to personally use router security, packet sniffers, etc. There is no defense that involves calling TiVo to "opt out". You either trust them to do what they say they do, or you don't. The "opt out" option does not, and is not meant to, protect you against either of these possibilities.


Posted by: BrettStah

I'm in agreement with walters... PBS_Rocks needs one of these if he doesn't already have one:
http://zapatopi.net/afdb.html


Posted by: Mr. Laser Beam

quote:
Originally posted by PBS_Rocks

Call it paranoia if you will, but I have a constitution that guarantees me a right to privacy.


No, you don't. There is no such guarantee anywhere in the Constitution.


Posted by: Crrink

Out of curiosity, how do you guys know there is NO way that TiVo can ever link the collected information to you, your service number, account information, etc.?


Posted by: TiVoOpsMgr

Your ISP *could* send a list of the URLs you visited yesterday to the New York Times. Your mobile phone company *could* send a map of everywhere you drove last month to your boss. Your credit card company *could* send a list of everything you bought last year to your mom. And TiVo *could* write very sneaky software and then lie to you about what our software does and doesn't do. But you trust your ISP not to do that, and you trust your phone company not to do that, and you trust your bank not to do that, and we ask you to trust TiVo in the same way.

A lot of us work very hard to make sure that we always adhere to the terms of our Privacy Policy. We take it EXTREMELY seriously, and we have constant code review and practices review to make sure we're keeping your data safe. Folks on the Underground have confirmed what data is collected and how it is anonymized. Around the corner from me are a bunch of guys in the audience measurement group who beat their heads against the wall each day because their job is a million times harder than it would be if we didn't care about your privacy.

You can count on the TiVo Desktop software having the same level of disclosure as the TiVo DVR; you're most likely to see a new version of the privacy policy when 4.0 is released that covers the data that is and is not collected. And I'm confident an army of folks on the Underground will keep us honest on that score too.


Posted by: aciurczak

When this same hubbub came up years ago (for the first of many times, everytime a paranoid newbie figures out how to use google and comes to the board we seem to rehash this discussion) the underground folks did quite a bit of work logging every bit going back and forth between a tivo and the mothership. They analyzed the type of files and the content of files to confirm what TiVo was telling us in terms of what information got sent back.

There is an immense amount of information sent back, for one thing, every single keypress on the remote is logged and sent back. But there is no identifying information in terms of service ID going back. They don't capture service ID. On their end, they use separate FTP servers that do not have access to a service ID db. And they intentionally allow the time on the ftp server to skew so that even if folks wanted to track back an IP address, it would be challenging to find out which IP address belonged to which tivo at which time. The underground folks (some of the most paranoid, as well as the most technical) were satisfied that tivo was doing exactly what they say they are doing. And in retrospect, it makes sense. Tivo has way too much at risk to muck around with data that will not help them in any way, and they are intentionally overly protective about what is and isn't collected.


Posted by: flyersfan

What an awesome response from an official representative. Seriously. Thank you, Stephen, for chiming in on a paranoid post.

I agree with an earlier poster that it's a slight disappointment that we need software on the PC at all. I have my server sharing out all of my mp3s with 'Everyone' access, so it's a pity that Tivo can't take advantage of it. Granted, I don't know how well it would work cross-platform... we're strictly running Win2k in the house. And perhaps the software on the PC will take care of stuff like indexing, id3-tag cross-referencing, etc. so the Tivo doesn't have to...


Posted by: dwvninety

Who cares about what Tivo software does on your PC? As long as its not destructive, does not introduce pop-ups, no virus or Trojan, and no spam, I don't care. I use Windows XP and when you look at all the spy-ware installed on your HD it probably makes TIVO collecting viewing habits seem trivial. Just my 2 cents.


Posted by: phone1

Thanks TiVoOpsMgr for your reassuring response. I expect 99% of companies follow their policies stringently as I'm sure TiVo does. Unfortunately, in an era where you see the likes of Enron, Arthur Anderson and MCI lying to their employees and stockholders, you've got to expect some level of paranoia. Personally I'm not concerned about TiVo, but we just have to live with the fact that in some corporate board rooms honesty may not be viewed as the best policy.

Which also means we're going to keep having to deal with FUD threads like this one. :(


Posted by: pv

The original poster is the usual come-from-nowhere troll or FUD monger, but it does have a point. I mentioned recently that I've been using a HMO-type program for my PS2, called BroadQ. While tinkering with it, I discovered that it held open two connections to the mothership, and a little sniffing revealed that it was sending at least the file type and size, and occasionally the filename, back to broadq every time I played a file.

After veryifying that the program still works with the mothership domain null-routed, I ranted about it a bit on their forum, and they promised to take it out in the next release (or at least provide a button that turns it on and off). So I decided not to go all slashdot on their asses. For now.

Just to be totally clear - any software on my computer caught doing this is considered evil, and it will not be tolerated. Tivo take note. PV


Posted by: pv

quote:
Originally posted by Hunter Green
Here's what puzzles me. If you don't trust TiVo to release a non-spyware desktop program, why would you trust them to do what they say when you ask to "opt out"?


Because I and other tivo hackers have verified that the opt-out works? The call triggers a simple MFS transaction which axes the backhaul files.

In any event, there's no way to do this without someone figuring it out. PV


Posted by: Hunter Green

pv, I think you missed the whole point of the bits you snipped from the quote. But no matter, it's already been said a few times, there's little need to have it said once more.




vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Limited.
vB Easy Archive Final ©2000 - 2009 - Created by Stefan "Xenon" Kaeser Modified by Adam J. de Jaray