Does steal iTunes Store logins? – Bad coincidence or scary finding?

Some days ago, I decided to give a try. Since the website itself is pretty much useless without the standalone “scrobbing” app, I downloaded and installed it. I had iTunes running while it was installing and running it for the first time. To my surprise,’s Mac client closed iTunes without asking. No matter, I restarted iTunes right away and it was OK. A day later, I decided to quit using and deleted the app. During all that time, I didn’t close iTunes.

Now to the scary part: a few hours later, I wanted to log into my iTunes Store account to redeem a code and here’s what happened:

Obviously the login didn’t work. I tried a wrong password and got a different (more appropriate) error message so it wasn’t an authentication or connectivity issue.

What might not be obvious for everyone is that the red text references a Java exception and a term used in the Java Virtual Machine (the PermGen space). So far so good but the funny thing is that iTunes is not written in Java! Restarting iTunes solved the problem but thinking about it afterwards made me realize what might have been happening here…

I’m not accusing but looking at the facts, there’s a slight possibility that their client intercepts iTunes Store logins! (well I guess I might be accusing them somehow now…)

  • Having used the iTunes API myself (on windows), I know it’s not necessary to restart iTunes in order to get information about the track that’s currently being played. However, since isn’t supposed to do more than that, why in god’s name did it restart iTunes? Not asking for it makes it even more suspect…
  • After uninstalling the software, maybe some of its Java code from within iTunes was trying to gather my login data, throwing an error because it couldn’t reach the software for submitting it?!

I insist that this is total speculation, I know the software is open source and that it claims not being spyware but please, explain to me why some java code has something to do with “FieldName” in the iTunes Store login box?! You’ve got to admit that that’s suspect!! At least suspect enough for me to not use it anymore and to write this article.

Besides, -let’s be really paranoid for a second- even though the “good” source code may be available, nothing prevents them from compiling an “altered” version of their client and providing that for binary download. Most (non-geek) people don’t install from source anyway and, since it’s binary, no one might ever notice any difference. Oh, and did I mention this is still speculation?

Anyhow, the observations are all real and no one has proven the contrary so there is a slight chance I might be right. Now, if anyone has an explanation for this, feel free to reply!

The song I couldn’t get: Josh Harris’ “Too little too late” remix

This is totally killing me! I heard that excellent “Jojo – Too little too late” remix on Energy98 ages ago. I immediately fell in love with the remix (I can’t stand Jojo’s original, it’s too R’n’B’ish for me). Since I want to support artists who make good music, I went to iTunes to buy it. Unfortunately, as all too often, that particular remix wasn’t available on the Belgian iTunes Store. A quick international search indicated that it wasn’t available on iTunes at all.

“Too bad for them” I thought and went to see if I could get it on a p2p network. Unfortunately again, the search results for “too little too late josh harris” were blown up with useless crap MediaDefender style, so I gave up.

Today, months later, I refreshed my search checking Google and Amazon. I had no luck on Amazon, but google brought up this result

Yesss, this is the song I’m talking about. Now I know I could capture that flash’s output to a file blablabla… hey! I’m an audiophile, so don’t even try to sell me flash quality.

No, seriously, WTF is wrong with media? They’re obviously still not getting it… I’m not a pirate, I want to spend my money on music I like, but they’re still riding their old selective distribution horse “If we don’t think it’s worth it, we won’t distribute it”, well at least not in a way the majority of pepole can benefit from. In today’s petabyte era, why don’t they put everything they can in online stores so people can choose to buy a track even if it’s a couple of years old or if it wasn’t, in their opinion, quite good enough to be put on the physical EP?

I guess I’ll never stop blaming the music industry…