Thanks for giving Microsoft the opportunity to conduct a technical review of your draft advisory on DVD metadata and Windows Media Player for Windows XP (MPXP).
We thoroughly reviewed the points you made and do not believe the DVD metadata lookup process in MPXP presents a user privacy concern. However, your feedback has helped a lot in a key area: We realized we needed to provide more specific information about the DVD metadata process within the MPXP privacy statement.
While the MPXP privacy statement discusses cookies in general, we plan to amend it to specifically include DVD lookup. We also will make it clear that we do not associate this cookie with personally identifiable information.
Our design goal in MPXP was to ensure a DVD experience consistent with how consumers use Windows Media Player for other tasks. We aimed take DVD beyond the limited experience possible using a DVD player remote control. To do that, we added DVD chapter title navigation to Windows Media Player. DVDs often do not include chapter information, and when they do there’s no standard way of storing them, so MPXP has to go up to a Web service to get chapters.
When consumers first insert a new DVD (this does not apply to subsequent insertions), Windows Media Player goes up to Windowsmedia.com (WMC) and gets the chapter information. This enables consumers to easily navigate around the DVD.
When the player contacts WMC, it sends a cookie that includes no personal identifying information. This allows WMC to personalize the radio tuner and measure – in general terms – how many users are connecting to it. No personally identifying information is ever transferred to Microsoft as a result of DVD playback, and any information that is transferred cannot be combined with any other sources of information to identify users.
If a user wishes to disable this transaction, they have several options. The user can turn this off by simply setting their privacy level to “block all cookies.” The user can also work offline in Windows Media Player from “file: work offline,” which will prevent the player from performing a DVD lookup.
Another feature of MPXP ensures that once you’ve inserted a DVD, you needn’t be connected to the network to get those chapter titles again. The player “caches” the chapter titles for known DVDs, so (for example) you can use chapter title features while on an airplane. This cache is your private information, and it’s never sent out over the network.
In response to some of your specific points in the draft advisory, which I repeat below, I have provided comments in italics:
· Each time a new DVD movie is played on a computer, the WMP software contacts a Microsoft Web server to get title and chapter information for the DVD. When this contact is made, the Microsoft Web server is giving an electronic fingerprint which identifies the DVD movie being watched and a cookie which uniquely identifies a particular WMP player. With this two pieces of information Microsoft can track what DVD movies are being watched on a particular computer.
Please note: This cookie includes absolutely no personally identifiable information. Users can reset the identifier at any time by clearing cookies from IE.
· The WMP software also builds a small database on the computer hard drive of all DVD movies that have been watched on the computer.
This database is never sent across the network and is kept private to that computer.
Microsoft is updating its privacy statement for Windows Media Player for Windows XP to include a reference to DVD metadata, and is specifying that no tracking of user viewing is taking place.
· There does not appear to be any option in WMP to stop it from phoning home when a DVD movie is viewed. In addition, there does not appear any easy method of clearing out the DVD movie database on the local hard drive.
Not true – if a user wishes to disable this transaction, they have several options. The user can turn this off by simply setting their privacy level in Internet Explorer to “block all cookies.” The user also can work offline in the player from “file: work offline,” which will prevent the player from doing DVD lookup.
Also, later in the advisory you say, “By default, this cookie is anonymous. That is, no person information is associated with the cookie value. However, if a person signs up for the Windows Media newsletter, their email address will be associated with their WindowsMedia.com cookie.”
Please note: The user’s email is never associated with the cookie sent during DVD lookup. Also, the subscription signup cookie is a different cookie/identifier than the DVD cookie/identifier. This means that it’s not even theoretically possible to associate DVD viewing information with the email address.
Finally, near the end of the advisory you make some comments about the potential uses for data. I thought it might be helpful to answer your question. Again, I’ve repeated your text and provided answers in italics.
· Microsoft can be used DVD title information for direct marketing purposes. For example, the WMP start-up screen can be customized to offer new movies to a WMP user based on previous movies they have watched.
We are not doing this.
· Microsoft can be keeping aggregate statistics about what DVD movies are the most popular. This information can be published as weekly or monthly “top ten” lists.
We are not doing this.
· Microsoft currently might be doing nothing with the DVD information.
This is accurate.
Thanks again for giving Microsoft an opportunity to clarify the process. I hope this clarification, together with the additional information we’ll be providing in the Privacy Statement, address your concerns. Please let me know if you have any questions.
Thanks and regards,
Lead Product Manager
Windows Digital Media Division