Lawsuit accuses Apple of selling iTunes data(9to5mac.com)
9to5mac.com
Lawsuit accuses Apple of selling iTunes data
https://9to5mac.com/2019/05/25/apple-itunes-lawsuit/
7 comments
The specific claim, page 3 of the pdf
> Apple sells, rents, transmits, and/or otherwise discloses, to various third parties, information reflecting the music that its customers purchase from the iTunes Store application that comes pre-installed on their iPhones. The data Apple discloses includes the full names and home addresses of its customers, together with the genres and, in some cases, the specific titles of the digitally-recorded music that its customers have purchased via the iTunes Store and then stored in their devices' Apple Music libraries (collectively "Personal Listening Information").
It goes on to say that after Apple discloses, 3rd parties append personal info -- gender, age, HHI, etc -- and resell.
Later, they basically show the dataset available for $80/M, or $1.5m/full.
As for the api, it seems to want a requestUserToken https://developer.apple.com/documentation/storekit/skcloudse... which seems to be only available to code running on iOS or tvOS.
Unless I'm being dumb, my guess is some advertising middlewares started grabbing these user tokens, scraping data, and reselling. It doesn't seem obvious how you would get a token to get a specific user's data without running on that user's ios or tvos device.
Also, one of the vendors, CDW, says their population is 18,188,721 (presumably unique users?). There has to be way more ios users who've purchased songs than 18m.
> Apple sells, rents, transmits, and/or otherwise discloses, to various third parties, information reflecting the music that its customers purchase from the iTunes Store application that comes pre-installed on their iPhones. The data Apple discloses includes the full names and home addresses of its customers, together with the genres and, in some cases, the specific titles of the digitally-recorded music that its customers have purchased via the iTunes Store and then stored in their devices' Apple Music libraries (collectively "Personal Listening Information").
It goes on to say that after Apple discloses, 3rd parties append personal info -- gender, age, HHI, etc -- and resell.
Later, they basically show the dataset available for $80/M, or $1.5m/full.
As for the api, it seems to want a requestUserToken https://developer.apple.com/documentation/storekit/skcloudse... which seems to be only available to code running on iOS or tvOS.
Unless I'm being dumb, my guess is some advertising middlewares started grabbing these user tokens, scraping data, and reselling. It doesn't seem obvious how you would get a token to get a specific user's data without running on that user's ios or tvos device.
Also, one of the vendors, CDW, says their population is 18,188,721 (presumably unique users?). There has to be way more ios users who've purchased songs than 18m.
I don’t get it either. If that’s the API in question, the user has to give the iOS app permission to access the user’s playlist and it still doesn’t give demographic data.
Also, the story is devoid of any technical information about like most NYT’s articles discussing an Apple controversy.
Also, the story is devoid of any technical information about like most NYT’s articles discussing an Apple controversy.
> For example, any person or entity could rent a list with the names and addresses of all unmarried, college-educated women over the age of 70 with a household income of over $80,000 who purchased country music from Apple via its iTunes Store mobile application,” the customers said. “Such a list is available for sale for approximately $136 per thousand customers listed.
Where do you purchase this list from?
Where do you purchase this list from?
It's an open secret that many of the "anonymized" datasets that the large tech giants pass around are very easy to de-anonymize. I don't know much about how Apple works, but people who work with Google Ad products and analytics regularly violate the anonymity agreement because it's so financially lucrative to do so and just never tell anyone.
We need to stop mining people for profit while putting minimal or zero privacy protections in place.
We need to stop mining people for profit while putting minimal or zero privacy protections in place.
If that was the case I imagine you could ding Apple on false claims. They pretty prominently claim "Differential Privacy" both in their keynotes and on their website. Their claims are also that data is anonymized before they process it. Other companies have been a lot more vague and hand-wavy about "anonymized" in my experience and you're absolutely right that a lot of anonymized datasets can be de-anonymized by correlation.
https://www.apple.com/privacy/approach-to-privacy/
https://www.apple.com/privacy/approach-to-privacy/
From Apple?
API: https://developer.apple.com/documentation/applemusicapi
And it's not that Apple is selling the data. It's that Apple is allowing the data to be made available to developers who are then selling the data.