A perfect example
By Scott Bradner
Network World, 11/15/99
It would have taken a lot of hard work to have created a better
bad example.
RealNetworks' approach to secretly collecting data on its
customers is a perfect example of what Internet users are
convinced that all 'Net companies do. Although RealNetworks
reacted quickly to change its approach, the company's total
obliviousness to the privacy aspects of its behavior is
breathtaking.
On Monday, Nov. 1, The New York Times reported that RealNetworks'
downloadable RealJukebox CD player collected all sorts of data on
its customers and automatically sent it back to servers at
RealNetworks' corporate offices.
Users of the RealJukebox software are required to enter their
names, e-mail addresses and ZIP codes to register. Every time the
program starts up, it sends back to the company the number of
songs the user has stored on his hard drive, their formats and
quality level, what type of music the user likes to listen to and
the type of any portable music player that might be connected to
the user's computer. In addition, every time a CD is inserted
into the computer's CD-ROM drive, the CD title is sent to
RealNetworks.
Spokesmen for RealNetworks said the company was collecting the
information as a way to customize services for its customers and
to be able to offer music selections targeted to users based on
what RealNetworks knew about what users were listening to.
By later the same day that the RealJukebox story broke,
RealNetworks had figured out that there was a flaw somewhere in
its thinking (if thinking had actually been involved in
programming the system this way). In light of this, the company
announced the availability of a downloadable patch to disable the
reporting features.
I can imagine that RealNetworks thought that some of its
customers might even be happy for the pointers to music they
might like. After all, Amazon.com's users seem to like the same
sort of thing. But RealNetworks did this in secret, not even
noting the practice in the license agreement or in the privacy
statement on the company's Web page. The fact that RealNetworks
gathered this information and must have assumed that no one would
notice indicates a reality disconnect that would seriously worry
me if I were an investor.
I will note that RealNetworks has not yet said it will disable
the information-gathering servers or that new versions of the
program will not return any information to RealNetworks. Nor has
the company said that its very popular RealAudio and RealVideo
players do not gather such information. Since few of the 13
million registered RealJukebox users will get around to patching
their software, RealNetworks will keep receiving a lot of
information unless the company shuts down the servers.
So far, RealNetworks is a case study in what not to do if you are
an ISP - I hope that other companies will learn from this.
Disclaimer: Not even the Harvard Business School would use a case
study this dumb, so the above observation is mine alone.