Slashdot Mirror
Buying DRM-Free Songs From the ITMS
mirko writes "Jon Johansen ("DVD Jon") has published a small program which allows the acquisition of DRM-free file from Apple's iTunes Music Store. He explains that his program works by bypassing iTunes which adds the DRM itself at the end of the transfer. His program, pymusique, is Windows-only compliant but it'd be easy to port it to other platforms."
Wouldn't it be ironic if iTunes downloads increased after this? I'm now tempted to join and buy music through them, because now[1] I can do what I want with it once I've bought it.
[1] Until iTunes closes this loophole
Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
I'm afraid that the long history of people breaking DRM controls (especially by this person) can only lead to one logical conclusion...
Content owners must sue every single person in the world. The RIAA and Apple will likely start with engadget.com for writing a story about it then move on to Slashdot for linking to a story about it and then round it out with everyone that read either of the stories or clicked on any of the links.
I'm going to hire an attorney now.
I'm a big tall mofo.
Correct me if im wrong, but you`re only able to download the songs after youve paid for them yes?
at which point the drm is added to stop you doing other things with it.
What will be more interesting is HOW they fix it. If they are passing the files down "clean" at the moment and then the iTunes client applies DRM to the tracks...
Can you imagine the huge amount of processing that would be required to apply DRM server-side instead, which I should imagine is the only way to prevent the use of this method?
DRM-FREE!!! Music NOT!!!! FREE !!! DRM-Music It is my understanding that the DMCA prevents cracking protected material, this is preventing material from being protected before it happes.
Allowing you to put music that you've purchased into the format of your place and play it on the device of your choice is illegal?
You're either an idiot or an employee of Apple or a mole for the RIAA.
It's only illegal because the DMCA is a retarded piece of legislation. You're still BUYING the music, it just isn't encumbered after you buy it. This is basically what people want, the freedom to do as they wish with their music (which DOESN'T necessarily include giving it away over P2P).
With the first link, the chain is forged.
> This is illegal. It isn't cool or important. RIAA music isn't free,
> and it isn't anyone's right or obligation to make it free.
It's not making it free. It is making it so that I can do what I want with the music I bought with my own money.
I buy iTunes music, I can morally do whatever I like with it. it's mine. I own it. I can burn it to CD, listen to it on as many computers as I like, give it to my neighbour, my irc buddies, the world.
Apple has no moral right to stop me doing so, and DRM is an attempt for them to assert what is not theirs.
This simple allows me to do what I should be able to do with MY music.
small distinction: this is still paying for the music, so it is not stealing... it is breaking a user agreement, so it is still "illegal" but not as bad... maybe.
Grey area = nerds think they can do whatever they want.
I don't give a damn for a man that can only spell a word one way.
Mark Twain
So, violating GPL by copying stuff without complying with the license is bad and wrong.
but
Buying songs from iTunes without complying with the ToS is big and clever because music must be free?
AAC is lossy just like MP3 is. Transcoding (which is basically what happens here) hurts the quality A LOT.
Sure they might sound fine on your $5 earbuds or speakers, but for those of us who have quality headphones/speakers the difference is really easy to pick out.
Have you heard of the DMCA? I wouldn't be surprised if John got hauled in on account of this. Now I'm not saying he should be, just that I wouldn't be surprised.
-- Waht? Tehr's a preveiw buottn?
I've been an iTMS user since its inception and I've yet to feel encumbered or feel a lack of freedom. I read the agreement and understand the restrictions. I agreed. Simply put to those who use this sort of software, why do you purchase from iTMS? You know, or should!!, the restrictions imposed.
Correct me if I'm wrong, but isn't the DRM also what tells the iTMS that you own the song? If you strip out the DRM before it even gets attached wouldn't you also be giving up your ability to re-download the song for free if you accidentally kill your library? While I'm not a fan of DRM, one of the only good things about it is that it acts as insurance if you lose your songs. This method of removing it also removes your insurance.
The DMCA doesn't apply to Europe. Should he travel to the USA, he might end up like Dmitri from Elcomsoft, but right now, he's likely safe.
I'm sure Apple couldn't give a crap if music has a DRM or not, but its the RIAA, the monkey on Apple's back, that doesn't want something like this to happen. Its the RIAA that wants control.
-----BEGIN PGP SIGNATURE-----
12345
-----END PGP SIGNATURE-----
How could Apple do something this stupid?
Whether you like it or not, DRM is the cornerstone of iTunes acceptance among the music industry. Without DRM, there is no way iTunes would even exist.
The first rule of security is that the client is untrustworthy. For Apple to put all of the security of their DRM scheme on the client side is astoundingly dumb. I expected much better of them.
- Old Man of the Mountain ---- "I want to disturb my neighbor"
I don't purchase from iTMS. However, I would strongly consider it if it would let me listen the music I bought on my own equipment without file format conversion hassles.
Don't blame Durga. I voted for Centauri.
I celebrate the guys entire catalog.
Did you read the blurb?
He's not getting the music free. It's preventing the DRM from being added to the file.
I think being anti-DRM is very Slashdot. Arbitrary software restrictions on things that prevent *potential* mis-use hinder everyones' rights. It hasn't worked well before (copy protection in the 80s) and it obviously doesn't work well now. More frustrating is the push for legislation to make it illegal to break DRM.
Though I am amused that Apple chose an inherently flawed method of having the client add the DRM, most likely in order to save server resources. Could adding the DRM on the server-side be that problematic?
I started to mod you down but decided to reply instead.
This is not stealing, you are still paying for the music at a rate of about $15.00 US per album.
This is about doing what you want with something you legally purchased and now own.
The media industry is so concerned with losing control of their business that they are pissing people off and driving away business.
Its no different than when Disney fought against vcr's in the 70's now a substantial portion of their revenue comes from video.
Can you immagine trying to encrypt 1 millions songs a day? Its going to take some serious hardware. Noone knew that itunes was going to fly so I'm betting they tried to make it cheaper by having the client encrypt the songs.
Apple seems to not care overly much about the DRM as long as most people are using it.
do not by the music. that's why i buy CDs and not download music because i do not like being limited by the DRM.
by the way, let say i do not like the GPL license. should i:
1. not use GPL software
or
2. use, and violate it because i do not like it.
a lot people find the GPL license "viral" and disagree with it. but we still expect people to respect it and follow it.
Eventually, Apple will probably be able to identify the accounts of everyone who uses this software. If you actually use the iTunes music store on a regular basis, is it really worth risking your account - and possible legal action - just to get a few DRM-free songs?
dont you think there are more important things to hack than stealing music from apple?
they already let you burn the songs you want to a CD, that removes the DRM anyways.
why dont you unlock the DRM on educational
videos?
Posting without reading for comprehension should be illegal, but sadly it isn't. Not so sadly is the fact that this bypassing of DRM is not illegal, at least to my knowledge. Can you show me the law that states that it is illegal to alter data that you paid for because I think I may have to stop using my PC.
I have $90 earbuds because I like bass, but I bet you I can't tell the difference.
That's probably true. Most people who listen to high-SPL, boosted bass through headphones have significant hearing loss.
I don't like bass. I don't like treble. I like music. I like accuracy. Boosting the bass to unnatural levels is like coloring an Ansel Adams photo.
This is DVD Jon we're talking about. He has a lawyer. He already hacked DVD's, got arrested, charged, sued, and won.
For the unfamiliar: His DVD hacking software (DeCSS) was deemed illegal because it allowed you to bypass the protection put onto DVD's (so that you could store the digital content onto a hard drive or make a backup copy). He ultimately won that case. This was HUGE for the rights of YOU AND ME, akin to the original case that allowed us to use VCR's to record TV shows!
When you consider that the thing DVD Jon is best known for wasn't even his own work, it's not surprising that he keeps pecking at the low man on the DRM totem pole.
PS I openly admit to being a thief.
No. Post your name, address and phone number. THEN you will be openly admitting to being a thief.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Don't forget that Apple's approach to DRM (and it's the pragmatic one) is to make it good enough to keep the record industry onside and bad enough to keep the punter onside. If/when Apple manages to make the iTMS strong enough to not fear the wrath of the music industry, they might change their policy on iTunes DRM.
That was classic intercourse!
From TFA "he's done something that will so seriously provoke Apple and the recording industry that he may have to go into hiding" Why? It's no more provocative than DeCSS, both allow you to have access to your own paid for content on the platform of your choice. I expect the same defence will apply.
Being as I don't use iTunes, I have always wondered. Once someone burns a full CD of songs from iTunes, what is to stop them from making copies of *that* CD through normal software (roxio, nero, (insert linux/bsd/OSX software))?
bork bork bork!
Telling people on Slashdot the way they like to listen to music is wrong through bad analogies is like being a pedantic dick. Oh wait I'm reading an Apple story, situation normal, nothing to see here folks.
I laughed at the weak who considered themselves good because they lacked claws.
nothing.
this is just bitching about DRM for the sake of bitching.
no control whatsoever is not going to happen - Apple should be praised for its reasonable mesaures and all effort should be focused on defeating, for example, the retards who make PC games that won't run on PCs with legal CD copying software and/or hardware.
The problem with DRM is that even if it is "innocuous", it still restricts what I can do with something that I purchased. If I spend $0.99 for a song, I want to be able to be able to listen to it from any of the computers I use or in the car (all legal uses) without having to jump through hoops. Now, I have the technical knowledge to work around the DRM, but one shouldn't need to be technically savy just to fairly use a purchase.
Beware of Sleestak
The industry will never suffer acts like this to go on. The industry likes copy protection, and this will only serve to either kill the industry, or force Apple to make encryption server side.
Personally, I have ZERO qualms about the licenses on my iTunes music. So what you had to buy an iPod to use it? I wanted one anyway. My DRMed music plays just happy dandy on my Powerbook, my iPod, and my windows machine at work. I can burn essentially an unlimited number of CDs for the car. What more do I, joe user, need to do with this music that the DRM does not let me?
This
Whilst Apple can't condone this, it would be nice if they could go to the record labels and say without DRM we sold x many hundre thousand more tracks.
.01% of total sales. Almost all consumers appear to be happy with the current arrangement. "
If you believe that argument is valid, then you should have no trouble with the much more likely corollary:
Apple goes to the the labels and says "The site sold X songs without DRM. This represents less than
- Tony
Or what happens when your Mac breaks? I can still listen to the Queensryche CDs I bought in junior high (if I wanted to). At the time I had a brand-new Sony DiscMan that took four double-A batteries, lasted a couple hours, had awful sound, and cost about $130 new. My family's computer was a CompuAdd 286.
What happens when Apple goes out of business? Sony is still is business, but CompuAdd went belly-up ages ago. Apple's market share has been shrinking since the mid-1980s (and I say that as someone typing this on a PowerBook).
Assuming you don't have a BMW /w iPod adapter, can you listen to your CDs in your car without burning them in uncompressed, WAV format? What happens when you decide you want to move to Linux? Or what if you decide you'd rather have an MP3 player with a built-in radio?
These days, you can't even stream unencrypted songs to other computers in your household with iTunes. How do you know that Apple won't take away more rights in the future?
What if the artist decides he doesn't want his album distributed (e.g. Beach Boys' original Smile, Prince's Black Album), but you want other people to hear it?
With great power comes great fan noise.
I am not a fan of DRM but Apple has gone and put themselves on the line to convince the recording industry that there is a happy medium. You can install iTunes on what like 5 computers now. You can burn virtually unlimited CD's, can have it on your iPod etc.
iTunes was one of the first times I have seen what I consider a fair and reasonable DRM. The industry and Apple get their cut. I don't have to buy a full CD if it is one good track with 12 shitty ones. And I can play it in my car, at home on stereo, or on my iPod.
This is only going to make the naysayers in the business world want to clamp down even more.
Jon Johansen is not the hero for open source software as he likes to describe himself lately.
http://www.chscene.ch/ccc/decss/decsstruth.txt
When you buy from iTunes or just about any other online music store that uses some form of DRM, your purchase is bound by a service agreement in which you agree not to bypass the DRM.
If you want to be able to do damn near anything you want with the music you buy, then I suggest going down to the store and buying a non DRMed audio CD and rip it yourself, then you can have it in any format you want and be free of service agreements. On the other hand, if you want the convenience of being able to buy tracks online from a well known and reputable store, then you are going to have to face the facts that you have agreed to play by their rules with regards to DRM.
Help Brendan pay off his student loans
So let's say they fix it with server-side DRMing (which does seem like the most secure method)... where does that leave ALL their customers? Everyone would have to upgrade their iTunes immidiately. Now wouldn't that make for some unhappy customers!
If you're not outraged, you're not paying attention!
What's interesting is that for some reason, the RIAA forces DRM on Digital downloads because they think people will copy the music. Where, in reality, if people really wanted to copy the music, they would shell out for the CD, where they would get much better quality, and are free to do with it as they please. Having DRM in digital music downloads only stops Joe Listener from being able to listen to the music as they want to, and doesn't stop any pirates from distributing the music to the entire world for free.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
They knew from the start that persistent users could remove the DRM by burning and re-ripping anyway, so I'm not surprised they didn't put lots of energy into hampering more complex exploits.
sudo ergo sum
This all started because people were stealing music on Napster. They were downloading songs, not to sample them or get electronic copies of songs they already owned, but because they didn't want to pay for them.
So, the industry freaked out and now we have DRMs on everything.
I'd like to remind you that when you sign up to use iTunes, you agree not to do anything to interfere with the DRM, but of course, those agreements don't really mean anything, do they?
Convoluted process:
1. Burn music to CD.
2. Rip music back.
Absolutely nothing. But if you re-rip them to a computer, you will start noticing a little degradation - it's pretty much inevitable when you take songs originally encoded with a form of lossy compression and then rip them again into another lossy file.
I've been using jHymn on my iTMS purchases since it became available. I don't share my music with others, or do anything against the "rules" with my files - except, of course, for removing the DRM. I just feel better about keeping my purchases around without it.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
RIAA Okay, so you want to actually pay for your music, huh?
Customer Yep! Here's my money $$$
RIAA All right, slap the cuffs on him Officer. He's obviously trying to our steal music, even though he's paying us for it.
Putting DRM on music seems to me as though the RIAA was actively and publicly declaring every customer they have a Thief and a Criminal.
So why does the RIAA treat its customers like Criminals anyway? If you're willing to pay for your music instead of download it for free, the RIAA should be bending over backwards to give you what you want. They should be kissing your feet!!
What if Wal-Mart started accusing each and every customer they had of stealing AFTER they had already purchased their goods and had a receipt. They would go out of business pretty damn fast, is what would happen.
The RIAA needs to learn that a good business is supposed to cater to their customers
... and in the DRM, bind them.
Deep down, secretly, I bet Apple could give a rat's ass about DRM. They have do to it to appease the industry. And they're going to have to close obvious holes pretty quickly. But ripping and re-encoding is a) slightly obscure to the average iTMS user, b) annoying, and c) (at least in theory) degrades the music quality so that it's unappealing to discerning ears and tech/audio-philes for whom (a) is not a factor.
There's also nearly no way to prevent "hacks" like WireTap that just grab the audio stream without completely munging up the way an OS handles the audio stream. They can only do so much and Apple is not stupid enough to know that. They are the best buffer we have right now between the (wanting-to-try-to-be-legal) consumer and the greedy idiots controlling music distribution.
Maybe I'm optimistic, but I feel like something like what Apple is doing now had to happen to break open the digital purchansing flow. There's no turning back now. If "good" DRM gets more and more expensive to develop, implement, manage, and enforce, it might just become a poor(er) business model. Someone will hopefully push the "innovation" and get us beyond this hacked system we have now.
Well, first of all, your music won't magically stop working (you're thinking about when Napster goes out of business).
Sure, eventually you won't be able to get a new version of iTunes that works in Microsoft's new version of Windows that comes out after Apple's dead to play your existing music. But guess what... that version of Photoshop you just bought for your Mac will be worthless, too, and it costs a lot more than a song on iTunes. The "Apple might go out of business, and I won't be able to buy a new Mac after that" argument doesn't really hold water.
What are you going to do with your MP3s if an electro-magnetic pulse wipes out all of your hardware? What if the sun explodes?
I've got your hypothetical argument right here buddy.
Don't blame me; I'm never given mod points.
If you're mac breaks, pesumeably you have a backup, or even better, have the file on another computer (you do know you can transfer the files right?). What happens when your Queensryche CD breaks?
As for what happens when Apple goes out of business, well, DRM authorizations are localized, and there are already programs to move your authorization manualy. Presumably, if Apple were to go out of business, they would either open the DRM, issue a universal authorizer program, or someone else would step in.
As for listening to them in your car, sure, you can throw them on to AAC players (like the iPod) and pipe them through AUX inputs or FM transmitters or any of the other methods that people have used to add audio devices to their cars for years.
What happens when you want to move to linux? You use iTunes via WINE or you reencode the music into another format. Yes, you may have to do work to move from system to another, just like I have to do work to get my CDs to MiniDisc or my VHS to DVD.
If you'd rather have an MP3 player, then you need to make them MP3s, what if all of my music is MP3s and I'd rather have an UberCompressedHighQualityFormat player? I have to reencode the music.
As for streaming music, here's a novel idea. If you don't want to use the iTunes encryption, don't use iTunes. I must have missed the point where iTunes was an essential element for streaming music.
If the artist doesn't want his album distributed, what prevents you from playing it for your friends? That's right, nothing.
T Money
World Domination with a plastic spoon since 1984
Sues them for buying a song from their one of their members?
this is just bitching about ... for the sake of bitching.
Yeah, I mean, the water in that fountain's just as good as the water in this one, so what if they have to use a seperate one to drink from?And they have no reason to complain about living in those ghettos, why can't they just be happy with the housing they've got?
yeah, extreme, incendiary examples, I know, and I do feel shame for having used them. But, for some, all this DRM encroachment is a matter of principle. It wouldn't be bad if there was some sort of choice in the market - if some major labels were willing to sell w/o DRM encumbrance, but the way things are heading, we're looking at all major label electronic releases having some sort of DRM attached.
Even if the bitching and complaining doesn't give us DRM-free music, at least it might help ensure that future DRM is less of a pain in the ass.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
I'd be willing to bet that this guy has never done an even comparison to back up any of the data he just gave. I'll bet he notices that mp3s don't sound as good as his other music because he listens to his other music on a home stereo system, but he listens to his mp3s on earbuds. Scientific Method, people: change only one variable at a time!
This is nice and all, but don't you guys realize you're hurting the chances for the music industry to finally fully adopt online music buying?
It's like you guys bitch when they don't embrace, then they start doing it, and you guys bitch and find ways to break their copy protection. If you don't like the DRM, don't buy the online music. Doing stuff like this just makes legal online music downloading look like it will always fail, because hackers will continue to keep cracking it.
For a long time they have alienated the music consumers. Today almost all music consumers think that RIAA are evil. A lot of the music consumers are using this as a moral justification for copyright infringement: "They are evil, so it isn't that bad if I do something bad to them."
And a lot worse for RIAA is that artists are getting increasingly aware that they are being fucked by the big labels. More and more artists are distributing their music outside the established RIAA channels.
Probably this is what RIAA is most afraid of: If/when a significant number of artists start selling their music outside the traditional music industry, the traditional music industry will collapse as consumers and artists alike find out that they can do better without the outdated distribution and control models of the traditional music industry.
The thing is, as far as Apple having a strong DRM I really don't see how this is any different than Hymn. Just like Hymn, a very small number of people will use this and most people will keep using the store as-is. I don't think it's that much of an issue for them.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I Quote: Do you think that Apple's restrictions are really that ridiculous?"
You are missing some important parts to their TOS. Under 9c:
"Apple reserves the right to modify the Usage Rules at any time."
And later under 13b:"...Apple and its licensors reserve the right to change, suspend, remove, or disable access to any Products, content, or other materials comprising a part of the Service at any time without notice. In no event will Apple be liable for the removal of or disabling of access to any such Products, content or materials under this Agreement. Apple may also impose limits on the use of or access to certain features or portions of the Service, in any case and without notice or liability."
No, I'm not using iTMS, but if I did, I'd be burning backup, DRM-free, MP3s. (Or Oggs for those of you who are cooler than me)
Don't moderate flamebait as Troll. Know the difference or you will be Meta-moderated.
As you say, DRM is inherently snake-oil. It's an attempt to fool the uninformed that there is a way for content owners to give them something without actually giving them full access to it. Without hardware specifically restricting what creative people can and will do very few implementations will give any half way competent attacker any serious issues.
The only way it can be strongly secure is if the hardware protects private keys in a totally controlled manner and at the same time does not allow end user access to the secure store for those keys in any way. That is what NGSCB\Palladium is supposed to do "ideally" but it has to be flawed in an edge only implementation (where there is no centralised control of some keys). Specifically the problem is what happens when the consumer needs to move their content around - either the NGSCB device(s) allow for key export and import (and thereby expose the media access keys to discovery) or a decision is made to deny the user the ability to ever move DRM'ed data between devices. Now the content owners probably could care less about that but the hardware vendors who will want users to regularly upgrade their devices must care (they want users to upgrade regularly) and they are the folks who have to implement NGSCB. Bit of a catch 22 there. It's something that consumers might fall for once but they'll avoid any product that burns them in that way like the plague in the long term - a classic short term business strategy with no future.
The alternative approach is to recognise that the edge only solution is unworkable and that you have to centralise some user identity and key management in conjunction with NGCSB and thus allow devices to be enabled selectively. That is the general approach taken by MS's DRM which relies on a registration process built on their .NET Passport thing with all content encrypted to the user's primary key before it is sent to the user. Apart from the distribution problems this causes (and which perfectly explains iTunes behavior as you explain) the problem there is that MS's cavalier attitude to .Net Passport accounts demonstrates the fundamental problem with this: Users cede their rights to the content to the provider in perpetuity. The astounding thing is that while the best reason for doing DRM this way is to ensure end users can be kept somewhat happy (by giving them some way to continue to have access to material they have purchased in the past) MS have completely botched it by linking it to an "identity management" system where they arbitrarily delete inactive accounts. Users are not generally aware of this or why it's a problem but they are learning slowly as they discover how hard it is to move their content onto new systems when they upgrade. In MS's case their policy of aggressively disabling "inactive" .Net passport accounts effectively denies end users ongoing legitimate access to content they own when they (MS) arbitrarily disable "idle" accounts. If anyone has any doubts about this then purchase some MS DRM'ed content using a newly created .Net account, leave the account inactive for 2 months without touching it then try to gain access to your content on a device that hasn't been registered. The software only implementations of MS-DRM have been cracked a number of times so this isn't too much of a headache for any disgruntled user right now but with a "good" NGSCB platform the MS DRM approach would allow them to regularly steal content from users who's only mistake was to move content to a newer media device. Once again comsumers may agree to get burned by that once through ignorance but once it happens to them they will never use it again - once again a short term self defeating business strategy. Or at least so it
The only way the RIAA will get the picture is for artists to start self-releasing their songs. Until the artists do this there will never be an RIAA-blessed way to purchase downloadable music without DRM involved. Artists need to quit signing contracts with the RIAA companies already!
What does the RIAA provide artists? Promotion and startup costs (among other things). Artists, like people, would rather "get rich quick" than work up to it slowly. The RIAA companies say things to make them sign their rights away to them in exchange for promotion and covering the cost of cutting the CD's etc.
So what needs to happen is more low-cost promotion agencies to pop up and fulfill this function for the artists. The cost of production can be significantly lower if the artist simply chooses to distribute online only...maybe create a few thousand cd's if they want for tours and such.
Once a few big name artists are persuaded to self-release with $onlineSite then the floodgates would be open IMO.
Can't wait 'till there's laws to make loud bass illegal.
Goddamn fuckers can be heard from miles.
I should buy a 50KW tweeter to blast THEIR ears when they pass by me...