Will there be a version of 3.4 that doesn't always connect to web?

[videot]

Will there be a version of 3.4 that doesn't always want to connect to the web?

[KrazyIvan]

Will there be a version of 3.4 that doesn't always want to connect to the web?

Since the EULA specifically states:

AUTOMATIC UPDATE FEATURE

>From time to time, SONY may automatically update or otherwise modify the SONY SOFTWARE, for example for purposes of enhancement of security functions, error correction and improvement of updating functions at such time as you interact with SONY's or SONY's designee's server(s). Any such updates/modifications shall be deemed SONY SOFTWARE for purposes of this EULA. You by acceptance of this EULA consent to such update/modification.

Probably not.

[tekdroid]

Will there be a version of 3.4 that doesn't always want to connect to the web?

1) use a software firewall like Sygate Personal Firewall and you'll always get notified each time an application from an anti-consumer company like Sony and Microsoft connects to the net (Microsoft Windows XP connects to the net every time you do a search on your computer, for example, among others). Must be great for them to collect all types of demographics data on their customers without their knowledge.

2) if you install the application manually, you can choose not to install the Connect store part ([ssAddon] is the name of the component) and the application itself will work fine, but you will miss out on CDDB-related CD-ripping things. This is no guarantee SonicStage will not look for updates, though (I really haven't tried it except for a short time). Of course, you can just rip in another application, like CDex, Exact Audio Copy, iTunes, and so on.

Personally I'd install a software-based firewall as a very basic first step. You'd be surprised at how many programs "phone home" without user consent.

[dex Otaku]

1) CDDB and the backup tool require 'net access to work. Without access, you will not be able to restore backups, as the tool checks your rights info against something on the net. If you don't mind having to title all non-CD-Text CDs manually, and not having any means to restore backups of your library, feel free to block SS's traffic, or for that matter unplug your net access, or just don't plug it in in the first place.

2) ...

I know everyone gets all worked up about privacy issues and apps that "phone home" .. but really, if it's either a) checking for updates, or getting CD info, and even if in either case it's recording those accesses .. I simply don't care.

I expect some of the program's functionality to use the net, and the only obvious things it's doing are the two above [other than the backup tool doing rights checks].. Do we really care if Gracenote [not Sony] know every single CD that one installation of SS on our computer has seen inserted? Should we be more or less concerned by the fact that FreeDB works the same way, but is not run by a single corporation?

Do we really think Sony are combing through millions of system configs supposedly reported by SS around the world looking for .. what? Really, what?

Do you honestly think that SS, which is individually keyed by installation [i.e. identifiable as belonging to one customer or rather as being installed on one computer], is reporting anything even remotely useful to Sony? Do you think they actually give a crap about what video card and driver version you have installed? Do you think they even use *any* of the information that could easily be culled from every single one of our systems? And lastly, if they chose to use it, what do you think they would use it for? To blackmail user X because they use the wrong sound card?

There's a fine line between paranoia and stupidity. Further, we said YES to the EULA whether we read it or not.

[tekdroid]

1) CDDB and the backup tool require 'net access to work. Without access, you will not be able to restore backups, as the tool checks your rights info against something on the net. If you don't mind having to title all non-CD-Text CDs manually, and not having any means to restore backups of your library, feel free to block SS's traffic, or for that matter unplug your net access, or just don't plug it in in the first place.

2) ...

I know everyone gets all worked up about privacy issues and apps that "phone home" .. but really, if it's either a) checking for updates, or getting CD info, and even if in either case it's recording those accesses .. I simply don't care.

I expect some of the program's functionality to use the net, and the only obvious things it's doing are the two above [other than the backup tool doing rights checks].. Do we really care if Gracenote [not Sony] know every single CD that one installation of SS on our computer has seen inserted? Should we be more or less concerned by the fact that FreeDB works the same way, but is not run by a single corporation?

Do we really think Sony are combing through millions of system configs supposedly reported by SS around the world looking for .. what? Really, what?

Do you honestly think that SS, which is individually keyed by installation [i.e. identifiable as belonging to one customer or rather as being installed on one computer], is reporting anything even remotely useful to Sony? Do you think they actually give a crap about what video card and driver version you have installed? Do you think they even use *any* of the information that could easily be culled from every single one of our systems? And lastly, if they chose to use it, what do you think they would use it for? To blackmail user X because they use the wrong sound card?

There's a fine line between paranoia and stupidity. Further, we said YES to the EULA whether we read it or not.

Actually, regardless of what they use it for, it's being collected and databases are being kept. And it's of tremendous financial gain to those involved. Microsoft's connections to sa.windows.com, even when doing a basic LOCAL search on your hard drive. Why?

Why indeed.

We don't have to tolerate any of it if we don't want to, regardless of whether or not we (or our kids) read a long-winded EULA that could put insomniacs to sleep.

There are simple steps to stop at least some of those shenanigans and personally I feel we should be the ones making those decisions. It's our data and our computer.

At the very least, people should be aware of them and aware of the track record of companies involved, the financial incentives of detailed demographics data and at the very least take simple precautions to safeguard their data (if they feel uncomfortable with these activities).

Microsoft, for instance, has been busted several times for privacy-invading features. Sending file data back to homebase with Windows Media Player, never actually deleting content from IE and Outlook Express (even after the user - quite rightly - thinks they're gone), among others (which still exists to this day, btw).

Why? Why indeed.

We make the decisions about our data. Not them.

[dex Otaku]

We make the decisions about our data. Not them.

Good examples. [not sarcasm]

Don't get me wrong. I'm not supporting "their side." I'm just saying - there are certain uses for "calling home" which don't imply potential abuse. It would be awfully hard to abuse Gracenote's access info, for instance. It's great for compiling statistics about what gets listened to most frequently on computers with CDDB access, but otherwise?

We don't really know what SS sends out, do we? Does anyone want to invest the time into packet-sniffing all of SS's traffic to see exactly what gets sent out? I'm curious, on one hand. On the other, I expect the information to be so completely innocuous as to make any privacy concerns superfluous.

Even the rootkit scenario worked the same way. The player module would call in for advertising, to check versions, &c. [this has been verified by all an sundry]. Pretty damned innocuous, even if it was "under cover."

But wait - they can match all that info to specific people! Even if the user registers with false information [noting that SS never asks for personal info, though it could cull limited such from Windows itself], their accesses are idendifiable by IP address [assuming they're not using anonimising proxies]! Oh no! What SHALL we do? They can subpoena our ISP's records to check who was on that IP at that time and get our name and address! Oh dear!

Most people don't even realise that basically every web server on the planet logs every access made to it. The standard information collected includes the requesting IP address, browser type, referring URL, time and date, and more. I have been using exactly this system to track who reads my blog for 4 years, and while the information is often ambiguous at best, patterns do pop out that can reveal exact people reading pages from specific locations. That's without using cookies or authentication of any kind. Thing is, I actually read and analyse my logs. Millions of websites don't do so. The information they collect with every single access gets used for statistical and sometimes diagnostic purposes, and that's it. At least.. until the FBI or RCMP or whoever ask them for their server logs.

You want paranoia? How about Google or Yahoo tracking every search you've ever made?

My real point here is not that privacy is unimportant - it's that the situation has already gotten so out of control. The cat's so far out of the bag that the bag doesn't remember having a cat in it.

Our data is out there. Period. Every single place we visit on the web, every service we use with almost any protocol, is logged.

When it comes down to it, the only safe way to use the net is not to use it [to paraphrase Einstein, if I'm not mistaken].

[Christopher]

I agree completely. I don't even get why people were so paranoid that Sony was going to steal all of your computers information and all private data and use it for their evil plans, seriously, a bunch of hype and BS..

[tekdroid]

I agree completely. I don't even get why people were so paranoid that Sony was going to steal all of your computers information and all private data and use it for their evil plans, seriously, a bunch of hype and BS..

Actually, the way I heard it, the 'hype' was centred around the possiblility of third parties making an exploit for their rootkit. Which happened, btw. I can't imagine things much more serious than that so it perplexes me how you can call it hype and BS.

Good examples. [not sarcasm]

Don't get me wrong. I'm not supporting "their side." I'm just saying - there are certain uses for "calling home" which don't imply potential abuse.

Agreed. And of course, to flip the same coin, there are lots that people don't know are being abused because they don't have a software firewall monitoring outgoing connections (same with trojans). I see it all the time. But I know exactly what you're saying. Privacy was eroded long ago (and continues to be). However, the point is there is still potential for the average user to say no.

I was going to mention google, ISPs, IPs, etc but really didn't want to get it into a whole big discussion. Too late

Microsoft makes so many acquisitions each year, and they are in the Search and ISP business, too. The potential for data-sharing among new businesses and acquisitions is high, too. Sony does the same thing. Their purchase of Sonic Foundry's assets a prime example. All their software customers now belong to Sony (something which I expect a certain percentage of their customers dislike). Again, the potential for one arm of the company to market and target users (and share user and content data, monitor trends without your consent to help build new businesses and without your knowledge) is high, too. EULA or not. Anywhere a buck can be made, basically. You may not care, or you may be concerned. Some are and some aren't. Some use anonymous proxies everywhere they surf, too. Is it necessary? It may not be. It may. Depends...

But some don't like making it too easy to be tracked and monitored everywhere they go. And they have every right to be. Doesn't mean they are up to no good. It's basic privacy.

Microsoft have been busted for sending user-identifiable data from machines, and of course "what you're watching/listening to" content-identifiable privacy-invading 'features'. Multiple times. Sony have been busted for rootkits, draconian DRM without regard for the userbase etc., anyway, you know it all.

The potential for Sony (and many other 'anti-consumer' companies) to do the same (again), and change any policies regarding 'privacy' (which are all a farce to appease consumers and get them to hand over their cash anyway) is routine. Hotmail, for instance, once changed their policy to state that they literally OWNED everything going through their system. Your content, OWNED by Microsoft's Hotmail. The outrage over the net 'caused them to backtrack and rewrite their EULA, or whatever they called it. Can you believe that? You better, because it happened.

Similarly, the potential for Sony's SonicStage to do something it didn't originally in the next update can be considered high (or not). The point is, simple precautions are good to take to keep the morsels of data we don't wish to send. And who knows if that was even videot's intent. He probably just got pissed off with the web connection?

If we wanna talk privacy-invasion, we can look almost everywhere.

For instance, who knows what agreement Sony has with Gracenote? We don't know. The point is, we don't know the back-room deals, and we don't know how our data is shared behind closed doors. We will never know the full story in all situations. Some might not like anyone making money off their data, even if not user-identifiable. Even though one person out of millions is statistically insignificant. Good on 'em, I say.

The potential to match this databases with others (for example, marrying fixed IP records with a new ISP acquisition by Microsoft to target and understand potential customers far better. Or to simply sell this data to another organisation (as is done routinely). The potential to share private data that you thought was given in confidence (or not given at all) but is, instead, taken and shared with other parties, is always high, IMO. And personally, I feel it's bloody immoral. There are some valid concerns about privacy invasions (as well as some unfounded), but the point is we should be aware of it and, again, it should be our choice.

Anyway...

Back to this topic, videot simply wanted a version of SonicStage that didn't connect to the web. Easily done (with some penalties that may or may not be relevant to everyday use for some people). Regarding CDDB, who knows if videot was talking about that.

Some might have a preference to deal with another company besides Gracenote for CDDB access simply because of a user's dislike for Sony (or Gracenote) and perhaps even Sony's possible shonky backroom dealings with Gracenote and others. Or hey, it could be just a general distaste and distrust of Sony in general.

Or you can always type your titles in manually. Or you could never even transfer from CDs and do only your own recordings and not need web access at all, or it could be you are relying on the few CD-Text discs you have for automatic CD-Text in other apps. Could be many reasons.

Or it could be just that connecting online was just very annoying. Whatever it is, I don't think it's wise to put too much trust in your 'data being in safe hands'. It has been proven time and time again they will do what they can get away with for as long as they can get away with it. At least that's my opinion on things.

In summary:

There are often valuable reasons for a program to connect online, but it's up to us to decide what's needed and what can (and should) be blocked. Most aren't even aware of their outgoing connections. They probably should be (IMO).

[Christopher]

Actually, the way I heard it, the 'hype' was centred around the possiblility of third parties making an exploit for their rootkit. Which happened, btw. I can't imagine things much more serious than that so it perplexes me how you can call it hype and BS.

You're taking me out of context and going off on a tangent. I was solely referencing Sony's ability to have the program 'call home' and preform maintenance tasks as dex cited, which the inital hype and BS was about. Of course as time progresses it's serious when a third party finds a flaw in something that is exploitable, but if that was there for so long and there wasn't any type of exploit only until after it was hyped to hell via the media then where's the real fault? Is it Sony? I don't believe so, they are just a popular scapegoat and favorite target of anti-Sonyphiles -- I remember numerous people saying they "would never buy anything Sony again." -- who the hell stops buying something from a company completely because of a rootkit issue that was exploited in a way that wasn't even their intent?

Would someone blame an e-mail program for someone using it to spam millions of people? I think that way too many people took that rootkit issue out of perspective and put alot of blame on Sony for reasons that aren't really valid, nor sound. People just automatically assumed that Sony was trying to hurt the consumer.

---------

Nonetheless, we will be releasing an offline installer soon, real soon. Please keep this discussion on topic.

[tekdroid]

You're taking me out of context and going off on a tangent. I was solely referencing Sony's ability to have the program 'call home' and preform maintenance tasks as dex cited, which the inital hype and BS was about.

OK.

I remember numerous people saying they "would never buy anything Sony again." -- who the hell stops buying something from a company completely because of a rootkit issue that was exploited in a way that wasn't even their intent?

Their intentions are a whole 'nother discussion. Who can tell? But...there were numerous issues with their 'uninstaller' too (and the methods used to get it). Anyway, the details are lost to the masses, generally-speaking. As far as the public are concerned (and I don't blame them) Sony (or Sony-BMG) is directly responsible. And they should be. Simple as that. And changing their buying habits is the best way to express outrage to a corporation. I think it's great. I don't care where Sony-BMG sourced the software from. Management made decisions. They released things on the market. It was illegal, quite apart from the risks (or non-risks) the software posed. That's that.

Would someone blame an e-mail program for someone using it to spam millions of people?

They probably would if it was installed illegally and without user consent while they wanted to play some music.

I think that way too many people took that rootkit issue out of perspective and put alot of blame on Sony for reasons that aren't really valid, nor sound. People just automatically assumed that Sony was trying to hurt the consumer.

I think Sony got off real lightly. And their 'compensation' package to those that bought these discs was/is pathetic.

Hopefully that's the end of the off-topicness.

[Christopher]

I think Sony got off real lightly. And their 'compensation' package to those that bought these discs was/is pathetic.

Hopefully that's the end of the off-topicness.

Too late to stop now. What would you have found acceptable in terms of punishment and compensation?

[A440]

If I might jump in here....

First, here's the settlement.

http://www.eff.org/IP/DRM/Sony-BMG/settlement_faq.php

If you bought a CD with this software... You are eligible for...

XCP

1. An identical CD that does not contain DRM

2. A clean MP3 version of the music on that CD.

3. For every CD you return:

* a cash payment of $7.50, plus one free download from a list of approximately 200 album titles in the Sony BMG catalogue;

* OR three free downloads from this list of approximately 200 album titles in the Sony BMG catalogue.

MediaMax 3.0

* A clean MP3 version of the music on that CD

MediaMax 5.0

1. A clean MP3 version of the music on that CD

2. One additional download from this list of approximately 200 album titles in the Sony BMG catalogue.

-------------------------------

The rootkit installed by XCP placed part of a user's computer out of the user's control. I am against that on principle. And no one knows whether there were exploits before the vulnerability was publicized.

I can't believe Sony Music was somehow ignorant of this when their head of technology, Phil Wiser, used to work for Liquid Audio, which was an early (failed) encrypted format. If he didn't know what Sony was buying, he should have. If they didn't test it, they should have.

If you found out about the XCP problem--and Sony initially denied it--you had to send an email to beg for an online uninstaller after about 72 hours. (There's a nice mailing list for Sony.) That online uninstaller opened up a brand new vulnerability via ActiveX. When they admitted that, which also took a while, they gave instructions on how to remove the ActiveX. But it took them a month to provide a real uninstaller--when the guy who discovered it said he could write an uninstaller in a few hours, even without Sony's source code. The real uninstaller was provided ONLY because of the blog and media outcry.

And while Sony publicized its disc recall immediately, it didn't actually recall many discs until attorneys general started suing them.

The MediaMax software from Sunncomm installed garbage without even the token consent of a click-through EULA. That's hacking, whatever else Sony wants to call it.

Whether or not Sony used whatever data it was getting is irrelevant. It deceived its customers and hacked into their computers. It should never have allowed that software onto a disc, much less onto millions of discs. Incompetence or malice, I don't care.

So I get to take my disc back, get a replacement and $7.50 and maybe an extra download. Wow. How generous is that?

Is Sony offering to repair computers that were subject to exploits? Is Sony compensating people for the time they took to track down the uninstaller, run it, fix the ActiveX mess the uninstaller put in their computers, run the new uninstaller and remove any Trojans installed in the meantime? My time is worth more than $7.50.

But hey, I can sue Sony for that if I want. As an individual. Against corporate lawyers. Funny how at the time I just wanted to fix my computer and didn't make a full backup of each of its hacked states to prove a case.

And by the way, what are your bets that the acts on the free-CD and mp3 download lists are getting paid royalties for the new sales? This was all about getting the artists paid, right? Yeah, sure.

The only good that will come of this is if companies realize that DRM is an attack on customers that will only backfire on them.

Unfortunately, the next Windows OS will be rootkitted (or equivalent, I don't know the technical means) right out of the box. Personally, I'm keeping an eye on when Vista (or whatever it's called) is introduced and buying a new XP computer just before.

Yes, privacy is eroding. That doesn't mean Sony's customers shouldn't be angry.

[videot]

I seem to have stired up a lot of discussion with my simple question & that wasn't my intention. The only reason that I asked in the first place is because I have a very slow 28 KBS connection to the web. A 35MB download would take well over 3 hours. The previous versions that didn't require a connection could be handled by my download managment program. I don't think that the version on offer doesn't give you the option of resuming the download if the connection goes down. Thats all.

[Christopher]

I know videot, it's okay. Don't mind us really, we go off on tangents alot but I'm trying to be a little more lax in the way this place is run by encouraging more discussion and not such a tight grip. Look how brilliantly A440, dex and tekdroid have conversed, all due to your topic! An inspiration for sure.

Nonetheless, as I said before, you will see an offline installer from us soon that will be one 30ish MB download for complete installation of Sonicstage 3.4.

[A440]

By the way, videot, Kurisu is being modest.

Except for discs included with new units--I think they were versions 2.0 and 3.0, not exactly classics--and (I think) a 2.3 update, Sony has not provided offline installers for SonicStage. It always demanded that you download the stub and get the rest of it online.

All the previous offline installers were created by and for this site. With computer expertise that I can barely begin to comprehend.

Edited February 14, 2006 by A440