Slashdot Mirror
Buying DRM-Free Songs From the ITMS
mirko writes "Jon Johansen ("DVD Jon") has published a small program which allows the acquisition of DRM-free file from Apple's iTunes Music Store. He explains that his program works by bypassing iTunes which adds the DRM itself at the end of the transfer. His program, pymusique, is Windows-only compliant but it'd be easy to port it to other platforms."
Did you read the article? Or even its title? This is about BUYING drm files from iTMS, not downloading them for free. It is quite cool, as the DRM makes it a big hassle for purchasers to listen to the music on their own equipment.
RIAA music isn't free
How is this relevant? It is not free if you are buying it by the cassette, the CD, or by iTMS with AND without this DRM-remover.
Don't blame Durga. I voted for Centauri.
It is fascinating that it seems they are only doing it client-side after the transaction - if so it is clearly a massive design flaw (and I'm suprised it took so long to find).
There are ways they could reduce the server load and make it a bit more secure though - eg. blanket encrypt/drm everything on the server and have the client rip that off and apply the personalised drm. Then you'd have to go fishing around in the client for keys etc.
They could also add some form of security handshake to the client & the protocol to identify it as a valid apple client.
By far the biggest problem they have is how to fix this without breaking their massive installed client-base. That is where I think things get interesting.
I'm an iPod owner, who has avoided iTunes since launch due to my hatred of DRM. Tonight, I shall buy my first albums from them.
I'm hoping that when they dissect the log files from iTunes over the next few days they'll see an awful lot of non-iTunes client downloads. Whilst Apple can't condone this, it would be nice if they could go to the record labels and say without DRM we sold x many hundre thousand more tracks.
An other interesting point is this. The argument for DRM is that without it we'll all start copying music amongst ourselves. Surely if this was a case, with Apple leaking de-DRM'd music into the world, P2P and other piracy should immediately ramp up now (and I suspect it won't).
I'm not entirely convinced that legality is the issue (home-taping/burning and modification by the purchased user, if AFAIK "fair-use"). It is more the fear (and in some respects rightly so) of the RIAA and Apple of the said purchased media being deseminated.
Pure and simple, distributing copyrighted material (whether you burn CDs using iTMS tunes or you break the DRM) is illegal. However, what you do with your purchased music in private (e.g. for yourself, on your own computer) is your business, so long as you are not deseminating it to those who didn't buy it, or you are not using the said copyrighted material for public performance. Electronic media, in terms of copyright, does not disallow personal backups, remixing for fun (no profit), or any sort of arbitrary modification. You own that file, albeit, not the media therein (the music in this case).
In the cases of fair-use, home-taping has been defended (likewise photocopying library books for personal/academic/private use). There are certain rights that extend to the public over what they own.
In the case of DVD Jon and others, what they see that they are doing (and arguably they are) is cleverly extending the capabilities of the end-user in lines of usage. When exploited for desemination, profit, and piracy, it is not the process or tool that is wrong, but the use. The tool does have legitamate, legal uses (playing purchased media on your Linux box, for example).
I personally think PyMusique, Hymn, and the FairPlay mechanisms for VLC are legitimate and can (and should) be used for Fair Use. If exploited, like any other tool, for illegal ends, then the people infringing on copyrights should be prosicuted (albeit the RIAA has been in recent years more proactive is fining grandma and various 12-year olds that busting pirating rings).
I have been using Hymn for months now, for fair-use purposes. I buy from iTMS (when you ride the Boston T every morning and evening, your iPod is your best friend) and I frequently get gift cards from family. I and my fiance think it is great, however, if she buys something and I buy something and we want to make a mix CD for our car when we go on a trip, something that allows extended fair-use would be great.
I personally, and I don't think I am alone, think what DVD Jon is doing is great because it is useful to the consumer (although as a side effect, the pirate). The consumer can better enjoy the beniefits of the purchase.
This will probably be corrected by iTMS with a subsequent version of iTunes and I have no problem with that. Apple is there to make money from their sales (so preventing piracy is a good motive) and they have to protect the fidgety record labels who are still uncomfortable with digital media, although CDs themselves are not secure in any regard. Those (like DVD Jon and myself) who see a need as a consumer to modify their legitamately purchased music to use it on all computers/OS they have, should make an effort to archive their media in forms they can use, with the technology at their disposal, and if the DRM system is changed, keep up or enjoy what they already bought.
Somebody mentioned subscription services, and I don't think that subscription services are only legally de-DRMed if you currently subscribe to the service, e.g. it is blantantly illegal to rip and crack a storehouse of music and continue to use them once you no longer subscribe. However, with these models, fair-use would apply to burning CDs for your car, ripping tracks and making MP3s for your iPod or whatever. It is when the use is exploited and people are not being pais is when you have a problem.
A user comment in TFA mentions a potential legal difference.
PyMusique captures the paid for track before the DRM gets put on.
Hymn strips off the DRM after the track is downloaded.
Hymn appears to violate the DMCA to the letter of the law because the DRM is in place at the time Hymn performs it's functions.
PyMistique most likely only violates the TOS because the user isn't using the iTunes application, the client component that puts the DRM on the downloaded file. The file is simply downloaded as iTunes sends it (without DRM).
Either way, the user would have paid for the song. They are simply making a choice to maintain their "fair use" rights.
Hymn appears to violate the DMCA to the letter of the law because the DRM is in place at the time Hymn performs it's functions.
I don't think this is actually true. Hymn does not break any encryption, it merely uses your legally obtained encryption keys to remove the DRM. This is a very fine point, but based upon my reading of portions of the DMCA, Hymn seems to be in the clear if you can explain it properly to a jury.
The simple reason is that, although you can personalise each DRM'ed download on the server, it's expensive to do so.
I haven't researched Apple's solution; however, I have personal experience of implementing a Windows Media-based DRM solution in my previous job. (I don't agree with DRM, and won't purchase any DRM-protected media, but it was nonetheless an interesting assignment, and I discovered a lot about how it works.) With that in mind, here is my tentative analysis.
Apple are probably using one of the edge-cache services like Akamai to reduce server load and bandwidth fees. In order for this to work, the data that each client downloads must be the same - otherwise, it can't be cached.
Although it is possible, and even desirable from a security standpoint, to apply the DRM to each file as it is downloaded, the increased server load and bandwidth probably makes this economically and logistically unviable.
It may be judged as stupid that Apple has not applied even basic, generic encryption to what they send over the wire. However, since they would have to supply the enemy (a.k.a. the customer) with the encrypted content and the means to decrypt it, it would not deter a determined hacker. Then again, nor can DRM.
The parent writes, "The first rule of security is that the client is untrustworthy." The first rule of DRM is, by contrast, "We give the client the encrypted content, the keys, and the decoder, and hope that he won't work out how to use them."
The lesson that you should take away from this is that DRM is snake oil. It can never work. But it is being sold to and bought in gallons by the entertainment oligopoly mastodons who have repeatedly proven that they don't get the internet. It's basically useless for all parties concerned. We get inconvenient restrictions; they think that they are getting copy protection but are actually being sold a river.
As an aside, even if Palladium/NGSCB becomes prevalent and required for downloading DRM content, it seems unlikely that each resource will be custom-encrypted against the customer's Palladium/NGSCB public key. And even if it were, there would be likely be ways to extract the raw data at some point. I doubt that we will see truly uncrackable DRM for a long time to come. In fact, I doubt that we will ever see it.
If your comment title says 'Re: Foo', I'm not likely to read it.
The only online music buying I'm interested in is lossless and DRM free. This is why I continue to buy CDs and not buy music online. I can rip the CDs and encode them with FLAC for a lossless file that I can play on a variety of devices and OSs. I get a physical backup of the music as a bonus. Why would I pay just as much for a DRM laced and lossy file from an online store? When the industy starts offering FLAC compressed WAV files for less than what a CD costs then I'll start buying.
Apple should be praised for its reasonable mesaures
Wrong, what Apple should be praised for is their desire and attempt to sell NON-DRM MUSIC. If you actually check the facts and the history you'll see that Apple wanted, and still wants, to sell non-crippled music. That they battled against the RIAA on this.
What Apple is "guilty" of is caving to the abusive practictices of the RIAA cartel. And you can't really place a heck of a lot of blame on someone who declines to get into an ugly and expensive legal battle. What Apple should have done is sued the RIAA for abusing their copyrights in an attempt to control formats. In fact at the time the RIAA was already on extremely dangerous antitrust ground as they had in effect imposed a Windows only market. The RIAA was accutely aware of just how closely the member companies were skirting antitrust law in conspiring to impose uniform and oppressive terms to control the only market. One of the rather comical aspects of this is that during the negotiation process their lawyers set a rule that no two studio heads were allowed to be in the same room at the same time because any direct agreement between them would have resulted in INSTANT ANTITRUST CONVICTION. No ifs ands or buts about it, their lawyers said they'd be nailed to the wall for what they were doing if there was ever any evidence that the studio heads directly agreed to what they were doing. The RIAA were despesperate to get Apple on board to ward off antitrust prosecution. That is the reason they made an exception to the uniform and oppressive terms they conspired to imposing on the online market. Apple was fighting against any DRM at all, and they were going to just walk out. The RIAA needed Apple and they didn't take the small Apple market seriously, so they offered Apple slightly less oppressive terms than anyone else. Which is exactly why Apple's iTunes has absolutely STOMPED every single other online music service. In a free market a noncrippled product (or merely less crippled product) simply exterminates any attempt by anyone else to sell crippled crap.
Apple does not want to use DRM at all and they have absolutely no objection to removing or defeating it other than the fact that headaches and battles they get for it from the RIAA.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I used to think like this (and sometimes still do). I even cooked up a little analogy:
These DRM-cracking P2P-downloading "freedom fighters" are forgetting that they were the origins of this problem to begin with. It's like an all-you-can-eat buffet at the local restaurant. It charges $10 per person to eat, but you and 10 of your friends come in every day, pay for one plate, and use it to feed everyone. But not only do you expect the restaurant to continue to do business with you, you expect them to lower their restrictions because of your exploits!
But a new analogy has crept into my head (forgive its over-the-top comparison): those black individuals in the US South in the 1950s and '60s. They could have simply not done business with with the city bus system, or the lunch counters that didn't allow their presence. But by confronting the situation, and edging their way just into the place where they were not supposed to be, they ignited a sweep of change that completely altered the situation.
Now, I'm not arguing that the freedom to break copy protection on your music files is on the same moral level as the civil rights movement. I do, however, consider the continued violation of the DCMA in these ways a valid method for fighting it.
Every time a major crack is announced, the public sees yet another example of large corporations trying to control the behavior of their customers, which is something that people inherently don't appreciate. The goal here is to show the publishing houses and such that, unlike the buffet, they cannot continue to do business by simply locking people down even harder, or banning them from the premesis. They will have to innovate a new way of doing business that does not rely on the infringement of its customers' freedoms.
This is, of course, a pretty radical goal, and one which I'm not completely sure I support. But I have moved beyond the stage where I would boycott iTunes because of its DRM. Instead, perhaps cracking it to allow for legal fair use and then making Apple completely aware that your business depends on your ability to do so would be a better solution?
WeRelate.org - wiki-based genealogy