========== # Clementine Clementine - is a music player and library organizer, based on Amarok 1.4, and licensed under the GPL. ## Spyware Level: Possible Spyware ### Clementine is making some http requests on start As Mitmproxy + Proxychains show, Clementine makes requests to "data.clementine-player.org". If we search information about this domain, we can see it's for fetching information about artists, songs and OAuth info.[2] ### Clementine is using Non-Free Web services It's made to give search suggestitions, lyrics, and internet radio and podcast lists. Also, Clementine is using Wikipedia as the main source of information about artists. Wikipedia is logging your IP-adress. Clementine does have the native possibility to run network traffic through a proxy. ========== ========== # RealPlayer RealPlayer, formerly RealAudio Player, RealOne Player and RealPlayer G2, is a cross-platform media player app, developed by RealNetworks. ## Spyware Level: EXTREMELY HIGH RealPlayer is spyware that reports all of the media you consume using it to its developers. It uses information that it obtains through this spyware to build detailed profiles of its users, such as what media they consume and what physical locations they visit, fingerprints of their computers, etc., as well as using information from other spyware services like Facebook and Twitter to build these profiles. Realplayer knows what media you watch, what your physical location is, what computers you use, and it uses this information for advertising. No actual tests of the software were done to write this article since there isn't really a point... RealPlayer doesn't seem to be hiding anything, since the privacy policy is so open about what it does. There probably is more spyware hidden in it, but it's really at such a point where it can't receive a higher rating or a different advisory: Do not use this program. ### RealPlayer records the media you own and consume with it In the same way that a web browser can spy on you by recording all of your internet history and showing it to the developers, RealPlayer spies on you by recording all of media history and showing it to its developers. It is very clearly stated in the privacy policy that RealPlayer collects the following information about you: "Such information can include [...] Information relating to your use of our products and services, for example information relating to photographs or videos you upload to RealPlayer or add to RealTimes, content you download using RealPlayer including domains associated with such content, geo-location information or patterns associated with photographs or videos to enable features in RealTimes, and activities on our websites such as pages visited;" So, because of this vague wording, it can only be assumed that RealPlayer has access to all of the media that you consume using it. ### RealPlayer tracks the physical locations of its users What is especially egregious about this policy is that is designed to create detailed profiles of the user. RealPlayer specifically mentions that when it uses its spyware to access your photos, it will search for "geo-location information", as well as "patterns associated with photographs or videos". This is worded in a (somewhat) innocent way but it tells a lot about what this spyware is for. "Patterns" associated with media implies that RealPlayer is using the information it collects on its users for facial recognition. RealPlayer also fingerprints the hardware you use: "Such information can include [...] Information about your computer or mobile device such as your unique device ID (persistent/ non-persistent, MAC or IMEI), hardware, software, platform, and Internet Protocol (IP) address." Since we also know that RealPlayer scrapes the geolocation information from your images, this is more information that RealPlayer can use to collect information about your physical location. And this is only further confirmed by this statement later in the privacy policy: "we sometimes receive information from third parties such as [...] Service providers that help us determine your device’s location based on its IP address to customize certain products to your location" So, this is proof that RealPlayer is designed to track your physical location. ### RealPlayer colludes information with other spyware services to profile its users RealPlayer uses all of the information it collects in combination with information that other spyware platforms and services used to build a more accurate profile of its users. It clearly states in its privacy policy that it colludes information with: * "Social networks (like Facebook and Twitter) and similar third party services, that make users’ information available to others;" * "Partners with which we offer co-branded services or engage in joint marketing activities" * "Advertisers about your experiences or interactions with their offerings." ### RealPlayer uses the information it collects to advertise to its users RealPlayer uses the information that it collects to sell to advertisers and to advertise to its users itself. The privacy policy makes no secret of this: * "RealNetworks uses information to [...] Provide personalized content recommendations, language and location customization, and/or personalized help and instructions" * "RealNetworks uses information to [...] Communicate with you, such as sending you messages concerning your account and customer service issues; asking you to participate in surveys; and delivering news, updates, targeted advertising, promotions, and special offers." ### RealPlayer sells the information it collects to third parties RealPlayer clearly states that all of the information that it collects about its users are sold to advertisers: "When you visit our website or use our products or services, certain third-party companies can collect information as part of serving ads, providing analytics services, or delivering content or plug-ins." The quotes that have been shown here are really only the tip of the iceberg and for more information the actual privacy policy itself should be read since there is so much more information on it. ========== ========== # iTunes iTunes is a media player, media library, Internet radio broadcaster, and mobile device management application developed by Apple Inc. ## Spyware Level: EXTREMELY HIGH iTunes is a spyware music player developed by Apple that collects an enormous amount of information about its users. iTunes is riddled with numerous spyware features and types of information collection, and is integrated with Apple's spyware platforms. Apple is not subtle about its spyware- it explains what it does plainly and clearly, so there is no deception about the scope and level of privacy violations committed by its software. ### iTunes is integrated into the Apple ID spyware platform iTunes is integrated with the "Apple ID" spyware platform, which it requires for you to use certain features of the app. This spyware platform collects the following information from you: * Name * Mailing address * Phone Number * E-Mail address * Credit card information ### Phoning Home Whenever you open iTunes, these two requests are immediately made So, whenever you start up iTunes, you are immediately checked into the botnet. It's not clarified exactly what iTunes is connected to for what reason. The only hint we have comes from this passage in the privacy policy: "We may collect information such as occupation, language, zip code, area code, unique device identifier, referrer URL, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising." So, we can only assume that iTunes is collecting all of this information, or at least as much of it as it can get, from you and sending it back to apple. ### Apple sells your personal information Apple is very up-front about this in its privacy policy: "Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys." So, there can be no illusion or mistake about what happens to the information you provide to iTunes — it will be sold to datamining companies. ========== ========== # VLC Media Player VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols. ## Spyware Level: Not Spyware VLC Media Player is not spyware, but it does have notable features in it that could be possible forms of spyware. However, all of these features are opt-in, and the software explicitly informs the user about the risks associated with these features. VLC is a model program that has convenience features in it that could compromise privacy, while still respecting user privacy. ### VLC Media Player has been distributed with spyware programs by third parties While VLC's creators do not distribute their player with spyware, it has been distributed with spyware by other parties. If you download VLC Media Player, make sure you download it from VideoLAN's website. ### VLC Media Player contains some opt-in spyware features VLC Media player searches through online databases to find complete album covers / metadata for songs. This implicitly means that it sends requests to external servers, and those servers could log information about specific users' music libraries. VLC Media player also has a self-updater, however this does not update without the user's consent, and while there is no precedent for the developers to add spyware in its updates, it's still notable. This is the notice that users are presented with when first installing VLC, which adequately explains the implications of these features. The only improvement would be to not have them checked off by default. ==========