April 05, 2004

TuneCircle: Glaring Omissions in its Privacy Policy?

Heard about TuneCircle over at Fred Wilson's VC blog. I've been trying it out and have two concerns.

First, in a nutshell, what TuneCircle is, or wants to be, based on what I can figure out so far: a social network built each members' MP3 collection. To do anything in TuneCircle after you've joined, you pretty much have to download and run their embedded Java app, which searches your hard drive, identifies your MP3 files, reads the ID3 tags, and reports it all back to TuneCircle.

Still with me? Haven't run for the hills yet?

  • Invalid Java Certificates? The first time I did the "Scan Your Library" activity, a rather intimidating dialog box appeared, warning me that the certificate was bad, unsafe, and all kinds of other gloomy adjectives. Of course, there was a message saying someone's name at TuneCircle assures users that this Java code is safe. There's a button to continue. Since I was using Safari in MacOS X, and know that Safari is very flaky with certificates which are interpreted as fine everywhere else, I decided to continue. Thousands of MP3 files later, TuneCircle was listing my songs on their site, with pre-set star ratings for each artist...

  • Who is TuneCircle and What Is Their Relationship to RIAA? Nuff said.

  • Privacy Policy issues galore: TuneCircle's privacy policy incredibly makes no mention of the fact that the company INSTALLS JAVA ON YOUR COMPUTER, SCANS DIRECTORIES, FINDS MP3 FILES, READS THEIR ID3 TAGS, AND THEN 'PHONES HOME', REPORTING IT ALL BACK TO A CENTRALIZED DATABASE. No explicit mention in the privacy policy that I could find, that explains how the company uses your MP3 library information, what third parties have access to it, etc. The policy states this:
    Protection of TuneCircle and Others: We may release Personal Information when we believe in good faith that release is necessary to comply with that law; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of TuneCircle, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

    Also, the privacy policy's language on "we own everything you do or say" is about as bad as Orkut's.

  • Errors in the data The whole experience reminds me of MP3.com's My.MP3.com service and the Beam-IT software. Only now, it's not "tell us everything that's in your CD collection", it's "tell us everything that's in your MP3 collection". And their Java code does a poor job generally of identifying stuff and resolving numerous duplicates. Also, since my music library is within iTunes on a Mac, it seems to have trouble with that (and other TuneCircle users have reported similar problems).

  • Three-star ratings I think the three-star ratings is the wrong number of stars. Especially since TuneCircle explains that 3 stars = "I LOVE this artist", two means "I LIKE this artist", one means "I HATE this artist", and none means "Not rated yet". I wish the ratings were done pretty much like Netflilx (five stars plus an extra button for "Not Interested".)

TuneCircle needs to do a lot more to be interesting. For instance, forget the artist, focus on the song and the album. Forget lists and lists and lists, and focus on CD album covers. These social network experiences all work best on a visual basis, and TuneCircle could be a far more visual experience and far less of an experience of lists of this and that.

But first and foremost, TuneCircle has some explaining to do with regard to their Java app and privacy of the MP3 libraries. Who knows what else the Java app looks for on your hard disk?

Posted by brian at April 5, 2004 09:45 PM


Nice post... I find the TuneCircle experience inconsistent at best for now. I think it like all of the social circle experiments will fade out as people get tired of it.

I would like to see better handling of data from existing sources... As I just posted on my site - http://www.atmasphere.net/wp/archives/2004/04/06/tune-count-discrepancy The counting is off for some very strange reason.

I'd also like to see the star counts equal to amazon (since that is their commerce partner) and similar to iTunes which both support more than 3. It would have nice for this info to have been imported as well, but I guess since they scan your directory structure and not your iTunes XML, this does not happen... at least for now.

Posted by: Jonathan Greene at April 6, 2004 07:29 AM

Fair comments, we're just two guys so hence we haven't paid for the certificate yet. As for the connection to the RIAA, none here. You have a good point about our privacy policy, it needs to be more complete. I have the legal beagles on it. Finally, as for the hard drive scan, we're just scanning your MP3s. Heck, we haven't even gotten it to read AAC files yet, so if we scan anything else it'll be that. Thanks for the feedback.

Posted by: Robert von Goeben at April 8, 2004 04:24 PM

brianstorms is Brian Dear's weblog. Non-spam email:

Be sure to take a look at these other fine websites:

Copyright 2002-2003 Birdrock Ventures. brianstorms is a trademark of Birdrock Ventures.