iTunes hole shows your purchases

Now this is something that I wouldn’t think I’d find.  There’s apparently a hole in Apples iTunes gifting process that allows anyone with your e-mail address to be able to tell what music, videos, movies, apps, etc you have in your library.  Now this is a long and tedious process, but it’s possible to see what you’ve got.

Andrew McAfee has a full write up on the subject over on his blog, Andrew McAfee’s Blog, The business impact of IT.

A little while back I was putting together an iTunes playlist to give to my Mom as a gift, and found myself frustrated by the application’s user interface. It kept telling me that Mom already had one song after another, and refusing to let me complete the gifting process until I removed the duplicate song from the playlist.

After I did this three or four times I gave up, complaining to my girlfriend how clunky the process was. She replied “That’s not the real problem. The real problem is that iTunes is telling you what music someone else has.”

She’s right. I’ve been doing some poking around, and have found that it’s pretty straightforward for one person (let’s call him George Smiley, after John Le Carré’s master spy) to find out what music, video, and apps someone else (like me) has purchased or had gifted to them on iTunes.

My personal opinion is that this is a VERY easy fix to make.  If someone wanted to gift a song, video, etc to someone, simply force the user to sign into a valid iTunes account.  At least I think it should be an easy fix.  Now, that’s not to say that someone wouldn’t steal a credit card number and spend a few hours/days, etc finding out what you’ve got in your iTunes account.  Of course, if someone wanted to go that far, I’m sure they’ve got time, money and possibly some underground connections.


~ by Normanomicon on February 21, 2011.

%d bloggers like this: