Grepular

Boxee.TV Helps Its Self To Your Viewing Habits

Written 13 years ago by Mike Cardwell

Boxee is an application for streaming video from the Internet and from machines on your local network. I run it on my HTPC. I recently noticed some strange HTTP traffic originating from my HTPC. Whenever you attempt to watch a programme with Boxee, a HTTP POST request is made to http://app.boxee.tv/action/add containing XML in the POSTed data, of the following format:

<message type="watch">
  <timestamp>1306583038</timestamp>
  <object type="tv_show">
    <boxee_id>[Numerical ID Scrubbed]</boxee_id>
    <episode>2</episode>
    <func_ref>new</func_ref>
    <name>Tis Better to Have Loved and Flossed</name>
    <season>1</season>
    <show_id>891118</show_id>
    <show_name>Breaking In</show_name>
    <thumb>http://boxee-proxy.appspot.com/400x0x85/?url=http%3A%2F%2Fthetvdb.com%2Fbanners%2Fepisodes%2F206751%2F4033031.jpg</thumb>
  </object>
</message>

I’m not 100% comfortable with them having a list of everything I watch, and the date/time that I watch it. I emailed privacy@boxee.tv three weeks ago to ask them how they store this data and why they’re collecting it. They ignored me and didn’t reply. Not the sort of behaviour you’d expect from a company that should be concerned with their users privacy. Their privacy policy doesn’t state that they collect this data.

As a temporary fix, I have modified my networks transparent web proxy to block requests to http://app.boxee.tv/action/add and I haven’t noticed any negative impact or loss of functionality in Boxee.

One of the things Boxee does is scan your media and fetch thumbnail images. This also potentially leaks the content of your library, but is unavoidable if you want to fetch images. They don’t provide an option to disable this. I would like Boxee to come out and state that they simply don’t log requests for thumbnail images, or that it at least is anonymised and purged on a very regular basis. I doubt this is the case though.

I think I’m going to give XBMC another try. I don’t need any of the social features of Boxee, and I rarely use it to watch anything other than videos on my NAS anyway. I’m glad I built my own HTPC now, rather than buying a Boxee Box.

Want to leave a tip?BitcoinMoneroZcashPaypalYou can follow this Blog using RSS. To read more, visit my blog index.