Buying DRM-Free Songs From the ITMS

mirko writes "Jon Johansen ("DVD Jon") has published a small program which allows the acquisition of DRM-free file from Apple's iTunes Music Store. He explains that his program works by bypassing iTunes which adds the DRM itself at the end of the transfer. His program, pymusique, is Windows-only compliant but it'd be easy to port it to other platforms."

It is cool, however

[AtariAmarok]

"This is illegal. It isn't cool or important. RIAA music isn't free, and it isn't anyone's right or obligation to make it free"

Did you read the article? Or even its title? This is about BUYING drm files from iTMS, not downloading them for free. It is quite cool, as the DRM makes it a big hassle for purchasers to listen to the music on their own equipment.

RIAA music isn't free

How is this relevant? It is not free if you are buying it by the cassette, the CD, or by iTMS with AND without this DRM-remover.

Re:3..2..1

[ray-auch]

It is fascinating that it seems they are only doing it client-side after the transaction - if so it is clearly a massive design flaw (and I'm suprised it took so long to find).

There are ways they could reduce the server load and make it a bit more secure though - eg. blanket encrypt/drm everything on the server and have the client rip that off and apply the personalised drm. Then you'd have to go fishing around in the client for keys etc.

They could also add some form of security handshake to the client & the protocol to identify it as a valid apple client.

By far the biggest problem they have is how to fix this without breaking their massive installed client-base. That is where I think things get interesting.

That's precisely what I'll be doing this evening.

[goldcd]

I'm an iPod owner, who has avoided iTunes since launch due to my hatred of DRM. Tonight, I shall buy my first albums from them.
I'm hoping that when they dissect the log files from iTunes over the next few days they'll see an awful lot of non-iTunes client downloads. Whilst Apple can't condone this, it would be nice if they could go to the record labels and say without DRM we sold x many hundre thousand more tracks.
An other interesting point is this. The argument for DRM is that without it we'll all start copying music amongst ourselves. Surely if this was a case, with Apple leaking de-DRM'd music into the world, P2P and other piracy should immediately ramp up now (and I suspect it won't).

Not legality, but implications

[celseven]

I'm not entirely convinced that legality is the issue (home-taping/burning and modification by the purchased user, if AFAIK "fair-use"). It is more the fear (and in some respects rightly so) of the RIAA and Apple of the said purchased media being deseminated.

Pure and simple, distributing copyrighted material (whether you burn CDs using iTMS tunes or you break the DRM) is illegal. However, what you do with your purchased music in private (e.g. for yourself, on your own computer) is your business, so long as you are not deseminating it to those who didn't buy it, or you are not using the said copyrighted material for public performance. Electronic media, in terms of copyright, does not disallow personal backups, remixing for fun (no profit), or any sort of arbitrary modification. You own that file, albeit, not the media therein (the music in this case).

In the cases of fair-use, home-taping has been defended (likewise photocopying library books for personal/academic/private use). There are certain rights that extend to the public over what they own.

In the case of DVD Jon and others, what they see that they are doing (and arguably they are) is cleverly extending the capabilities of the end-user in lines of usage. When exploited for desemination, profit, and piracy, it is not the process or tool that is wrong, but the use. The tool does have legitamate, legal uses (playing purchased media on your Linux box, for example).

I personally think PyMusique, Hymn, and the FairPlay mechanisms for VLC are legitimate and can (and should) be used for Fair Use. If exploited, like any other tool, for illegal ends, then the people infringing on copyrights should be prosicuted (albeit the RIAA has been in recent years more proactive is fining grandma and various 12-year olds that busting pirating rings).

I have been using Hymn for months now, for fair-use purposes. I buy from iTMS (when you ride the Boston T every morning and evening, your iPod is your best friend) and I frequently get gift cards from family. I and my fiance think it is great, however, if she buys something and I buy something and we want to make a mix CD for our car when we go on a trip, something that allows extended fair-use would be great.

I personally, and I don't think I am alone, think what DVD Jon is doing is great because it is useful to the consumer (although as a side effect, the pirate). The consumer can better enjoy the beniefits of the purchase.

This will probably be corrected by iTMS with a subsequent version of iTunes and I have no problem with that. Apple is there to make money from their sales (so preventing piracy is a good motive) and they have to protect the fidgety record labels who are still uncomfortable with digital media, although CDs themselves are not secure in any regard. Those (like DVD Jon and myself) who see a need as a consumer to modify their legitamately purchased music to use it on all computers/OS they have, should make an effort to archive their media in forms they can use, with the technology at their disposal, and if the DRM system is changed, keep up or enjoy what they already bought.

Somebody mentioned subscription services, and I don't think that subscription services are only legally de-DRMed if you currently subscribe to the service, e.g. it is blantantly illegal to rip and crack a storehouse of music and continue to use them once you no longer subscribe. However, with these models, fair-use would apply to burning CDs for your car, ripping tracks and making MP3s for your iPod or whatever. It is when the use is exploited and people are not being pais is when you have a problem.

Re:Wouldn't it be ironic

[SomeoneGotMyNick]

A user comment in TFA mentions a potential legal difference.

PyMusique captures the paid for track before the DRM gets put on.

Hymn strips off the DRM after the track is downloaded.

Hymn appears to violate the DMCA to the letter of the law because the DRM is in place at the time Hymn performs it's functions.

PyMistique most likely only violates the TOS because the user isn't using the iTunes application, the client component that puts the DRM on the downloaded file. The file is simply downloaded as iTunes sends it (without DRM).

Either way, the user would have paid for the song. They are simply making a choice to maintain their "fair use" rights.

Cache and bandwidth considerations

[ThreeDayMonk]

The simple reason is that, although you can personalise each DRM'ed download on the server, it's expensive to do so.

I haven't researched Apple's solution; however, I have personal experience of implementing a Windows Media-based DRM solution in my previous job. (I don't agree with DRM, and won't purchase any DRM-protected media, but it was nonetheless an interesting assignment, and I discovered a lot about how it works.) With that in mind, here is my tentative analysis.

Apple are probably using one of the edge-cache services like Akamai to reduce server load and bandwidth fees. In order for this to work, the data that each client downloads must be the same - otherwise, it can't be cached.

Although it is possible, and even desirable from a security standpoint, to apply the DRM to each file as it is downloaded, the increased server load and bandwidth probably makes this economically and logistically unviable.

It may be judged as stupid that Apple has not applied even basic, generic encryption to what they send over the wire. However, since they would have to supply the enemy (a.k.a. the customer) with the encrypted content and the means to decrypt it, it would not deter a determined hacker. Then again, nor can DRM.

The parent writes, "The first rule of security is that the client is untrustworthy." The first rule of DRM is, by contrast, "We give the client the encrypted content, the keys, and the decoder, and hope that he won't work out how to use them."

The lesson that you should take away from this is that DRM is snake oil. It can never work. But it is being sold to and bought in gallons by the entertainment oligopoly mastodons who have repeatedly proven that they don't get the internet. It's basically useless for all parties concerned. We get inconvenient restrictions; they think that they are getting copy protection but are actually being sold a river.

As an aside, even if Palladium/NGSCB becomes prevalent and required for downloading DRM content, it seems unlikely that each resource will be custom-encrypted against the customer's Palladium/NGSCB public key. And even if it were, there would be likely be ways to extract the raw data at some point. I doubt that we will see truly uncrackable DRM for a long time to come. In fact, I doubt that we will ever see it.

Re:Don't you guys realize...

[BenFranske]

The only online music buying I'm interested in is lossless and DRM free. This is why I continue to buy CDs and not buy music online. I can rip the CDs and encode them with FLAC for a lossless file that I can play on a variety of devices and OSs. I get a physical backup of the music as a bonus. Why would I pay just as much for a DRM laced and lossy file from an online store? When the industy starts offering FLAC compressed WAV files for less than what a CD costs then I'll start buying.