The Null Device

2009/5/24

Regarding the last post about last.fm: one of last.fm's staff has posted a rebuttal on their web forums, to wit:

* Nobody at Last.fm had any knowledge of our user data being fed to the RIAA (or any labels directly), before or after the alleged incident, or at any other point in the history of the company.
* Last.fm has never given data linking IP addresses and scrobbles to any third party. * Last.fm has never given data linking IP addresses and scrobbles to CBS (who, by the way, we don't consider a third party, but who do have to uphold our privacy policy).
* We've been in communication with CBS and they deny that they gave any third party any of our user data.
If TechCrunch have any evidence which contradicts any of the statements I've made here, I'd love to see it, but I think someone is taking them for a ride. I'm not sure why, though.

Make of that what you will. Assuming the denials are true, last.fm and/or CBS will have no choice but to sue TechCrunch for libel to protect their reputation; it'll be interesting to see how that unfolds.

Nonetheless, even if this isn't true, the possibilities it raises are thought-provoking:

Last.fm's scrobbling software originally sent over only the title, artist and length of tracks as they were played. More recently, it was extended to send a fingerprint of each track. The difference between these two is crucial; it is the difference between hearsay and admissible evidence. In short, when you scrobble a track using the last.fm client, it sends over cryptographic proof of your possession of the recording. You can disable the fingerprinting function in the last.fm client software, assuming that you trust it, of course:
How much you trust last.fm's closed-source client software is another matter. Assuming that last.fm had been compromised by the MAFIAA, what's to say that the software didn't trawl your hard drive for things that looked like MP3s (slowly, as not to arouse suspicion), fingerprint them, and then send the list over to MediaSentry or someone, along with some juicy forensic information about your machine (serial numbers, MAC addresses, &c.)?
Of course, this would be totally illegal and even more unethical. But, then again, so would waiving the EU's privacy laws to send user identifying information to CBS (as is alleged). And it's not like the RIAA haven't been known to use underhanded tactics in their dirty war against music fans.
Even assuming that last.fm are 100% above board and CBS are sufficiently law-abiding to not undermine them, handing over potentially compromising information imples a trust that the information will be kept secure; i.e., that there are no weak links. Given the fact that everybody from TK Maxx to Her Majesty's Government seems to leak personal information left, right and centre, this may not be a safe assumption.

In short, if you're sending over fingerprints of the music on your hard drive, make sure that there is nothing there you wouldn't want to prove possession of to hostile parties.

¶ copyfight last.fm paranoia riaa security 1

Further corroboration of the claim that last.fm handed over user data to the RIAA's enforcement arm, or rather that their parent company requested the data "for internal use only" and then handed it over. Of course, the good folks at last.fm had nothing to say in it, and their denials were sincere, but that doesn't diminish the fact that, if the allegations are true, last.fm (owned by Big Copyright corporation CBS) is now effectively part of the RIAA's intelligence-gathering apparatus:

We provided the data to the RIAA yesterday because we know from experience that they can negatively impact our streaming rates with publishers. Based on the urgency of the request they probably just wanted to learn more about the leak but who knows. Seriously, can you blame them? [______] Our ops team provided the usual reports along with additional log data including user IP addresses. The GM who told them to do it said the data was for internal use only. Well, that was the big mistake. The team in the UK became irate because they had to do it a second time since we were told some of the data was corrupted. This time they transferred the data directly to them and in doing so they discovered who really made the request.

Meanwhile, in this thread, several last.fm staff members swear up and down that this didn't happen, and would not have happened, as it would have been against EU data-protection laws and triggered too many red flags. Which could be true, or it could be a plausible cover story. (The RIAA and their goons aren't above bending the law, after all.)

If you don't like lawsuit-happy copyright extortionists keeping a beady eye on your listening habits, you may want to refrain from sending information to last.fm. Fortunately, someone is coming up with an open-source AudioScrobbler-compatible site named libre.fm, which may well end up taking the place of last.fm.

(via /.) ¶ copyfight evil last.fm mafiaa privacy riaa treachery 0

The Null Device, being a stream of links and commentary on culture, technology, current events and whatever the author finds interesting.

With your host, acb.

This site makes no pretense of being objective and no guarantees of accuracy.

As this blog is produced in a facility that processes sarcasm, individual posts may contain traces of sarcasm.

S	M	T	W	þ	F	Sa
«	May 2009					»
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31