Hack 45 Fix Windows Media Player's Privacy Problems


Lurking beneath Windows Media Player's slick exterior are potential invasions of your privacy. Here's how to fix them.

XP's Windows Media Player Version 8 poses potentially serious privacy problems that, theoretically, could allow Microsoft to track what DVDs you play and could allow for the creation of a supercookie on your PC that would let web sites exchange information about you. There are things you can do, however, to protect your privacy when you use Windows Media Player.

If you use Windows Media Player to play DVD movies, whenever a new DVD is played, Media Player contacts a Microsoft server and gets the DVD's title and chapter information. The server, in turn, identifies your specific version of Media Player, uses a cookie to identify the DVD you're watching, and then records information about the DVDs you watch on to a database on your hard disk in C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index.

Microsoft claims that the cookie used is an anonymous one that can't personally identify you. The company also says that it does not keep track of what DVDs individuals watch, and that the database created on your PC is never accessed from the Internet. Instead, the company says, it's used only by your own computer; the next time you put a DVD in your drive that you've played before, Media Player will get information from that database instead of getting it from a Microsoft web server.

Still, Microsoft has had its share of problems with privacy before, so you may or may not trust them to keep the information private. There are two solutions to the problem. You can change your cookie controls to the highest level [Hack #34] so that your PC will reject all cookies. That carries with it its own set of problems, however, because then you won't be able to use customization and other features of many web sites. A better solution is to open Media Player and choose File Work Offline. That way, Media Player won't contact a Microsoft server.

As for the so-called supercookie that Windows Media Player creates, it's a unique ID number in the form of a 128-bit GUID (Globally Unique Identifier) assigned to your player and stored in the Registry. You can find it in HKEY_CURRENT_USER\Software\Microsoft\WindowsMedia\WMSDK\General\UniqueID. This ID number can be retrieved by any web site through the use of JavaScript. The ID number is called a supercookie because it can be retrieved by any web site. Normally, web sites can retrieve only cookies that they create and put on your PC, so it becomes difficult for web sites to share information about you. However, this supercookie can be retrieved by any site to track you, and web sites can share this information with each other, allowing them to create a sophisticated profile about your Internet usage. Additionally, cookie blockers can't block its use.

There's an easy way to fix the problem and protect your privacy, though. From Windows Media Player, choose Tools Options Player. In the "Internet settings" section, uncheck the box next to "Allow Internet sites to uniquely identify your Player." That's all it takes; the problem will be fixed.

If you download and install Windows Media Player 9, you can stop these privacy problems before they begin if you pay attention to the installation questions. During the installation, look for the screen asking you for your privacy preferences, as shown in Figure 5-7.

Figure 5-7. Choosing your privacy options when installing Windows Media Player 9

The Enhanced Content Provider and Customer Experience Improvement Program options are the ones that can be problematic. When you check boxes in those areas, Windows Media Player will report on your music and movie use to Microsoft and will also put the supercookie on your PC. So, if privacy is a concern of yours, just say no.

5.5.1 See Also

  • For more information about Windows Media Player privacy issues, read articles about it by privacy expert Richard Smith at www.computerbytesman.com/privacy/supercookie.htm and www.computerbytesman.com/privacy/wmp8dvd.htm.