Security flaw found in RealPlayer

NEWS RealNetworks continues to be dogged by privacy troubles today following allegations that its popular RealPlayer software leaves user data vulnerable to abuse. The streaming media specialist came under the spotlight last week when it admitted its RealJukebox software included a unique identification number which tracked users' listening habits (see http://www.silicon.com/a33784 ). "We made a mistake in not being clear enough to our users about what kinds of data was being generated and transmitted by the use of RealJukebox," admitted chairman and CEO, Rob Glaser, in a statement. "We respect and value the privacy of our users, and we deeply apologise for doing anything that suggests otherwise," he added. According to the company, the data being collected was intended to provide statistics about the aggregate use of RealJukebox - not individual statistics. The company agreed to stop collecting the data until the problem had been sorted out. But now the US security expert who discovered the original problem, Richard Smith, says the popular streaming media software RealPlayer contains the same unique ID number - leaving the data of around 70 million registered users open to misuse. Independent privacy organisation, Truste, which provides a kitemark for the RealNetworks site, is currently investigating the allegations. RealNetworks was unavailable for comment at the time of publishing.