Slashdot Mirror
Buying DRM-Free Songs From the ITMS
mirko writes "Jon Johansen ("DVD Jon") has published a small program which allows the acquisition of DRM-free file from Apple's iTunes Music Store. He explains that his program works by bypassing iTunes which adds the DRM itself at the end of the transfer. His program, pymusique, is Windows-only compliant but it'd be easy to port it to other platforms."
The site is hammered, the Coral Cache is working fine though.
Links for the lazy:
Source Code: pymusique-0.3.tar.gz
Debian Package: pymusique_0.3-1_i386.deb
Windows: pymusique-setup.exe
Wouldn't it be ironic if iTunes downloads increased after this? I'm now tempted to join and buy music through them, because now[1] I can do what I want with it once I've bought it.
[1] Until iTunes closes this loophole
Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
This guy never stops, does he? Long may you run, DVDjon. I salute you.
You see? You see? Your stupid minds! Stupid! Stupid!
Enough with the iTunes... can't this guy hack Napster or Windows Media encryption?
'Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?'
from The Register: iTunes pyMusique.
If anyone can hear me, slap some sense into me But you turn your head, and I end up talking to myself
Did you read the article? Or even its title? This is about BUYING drm files from iTMS, not downloading them for free. It is quite cool, as the DRM makes it a big hassle for purchasers to listen to the music on their own equipment.
RIAA music isn't free
How is this relevant? It is not free if you are buying it by the cassette, the CD, or by iTMS with AND without this DRM-remover.
Don't blame Durga. I voted for Centauri.
I used Hymn to remove DRM from some songs so I could move them to an older model Creative MP3 player. It seemed to work fine for me.
"MIT betrayed all of its basic principles."
So, violating GPL by copying stuff without complying with the license is bad and wrong.
but
Buying songs from iTunes without complying with the ToS is big and clever because music must be free?
Bwaling's Law: Any time there is an article about DRM or downloading music, as soon as someone mentions the word "free", someone will whine about everyone stealing music for free. Even if the word "free" is in an unrelated context (as in: "The songs are free from DRM restrictions" or "I downloaded the Free Willy soundtrack".
Don't blame Durga. I voted for Centauri.
How could Apple do something this stupid?
Whether you like it or not, DRM is the cornerstone of iTunes acceptance among the music industry. Without DRM, there is no way iTunes would even exist.
The first rule of security is that the client is untrustworthy. For Apple to put all of the security of their DRM scheme on the client side is astoundingly dumb. I expected much better of them.
- Old Man of the Mountain ---- "I want to disturb my neighbor"
do not by the music. that's why i buy CDs and not download music because i do not like being limited by the DRM.
by the way, let say i do not like the GPL license. should i:
1. not use GPL software
or
2. use, and violate it because i do not like it.
a lot people find the GPL license "viral" and disagree with it. but we still expect people to respect it and follow it.
It is fascinating that it seems they are only doing it client-side after the transaction - if so it is clearly a massive design flaw (and I'm suprised it took so long to find).
There are ways they could reduce the server load and make it a bit more secure though - eg. blanket encrypt/drm everything on the server and have the client rip that off and apply the personalised drm. Then you'd have to go fishing around in the client for keys etc.
They could also add some form of security handshake to the client & the protocol to identify it as a valid apple client.
By far the biggest problem they have is how to fix this without breaking their massive installed client-base. That is where I think things get interesting.
I'm an iPod owner, who has avoided iTunes since launch due to my hatred of DRM. Tonight, I shall buy my first albums from them.
I'm hoping that when they dissect the log files from iTunes over the next few days they'll see an awful lot of non-iTunes client downloads. Whilst Apple can't condone this, it would be nice if they could go to the record labels and say without DRM we sold x many hundre thousand more tracks.
An other interesting point is this. The argument for DRM is that without it we'll all start copying music amongst ourselves. Surely if this was a case, with Apple leaking de-DRM'd music into the world, P2P and other piracy should immediately ramp up now (and I suspect it won't).
We *were* members of the free napster trial. It ended a couple of years ago when they got they shiiiiiiiiiit sued out of them.
Stemmo
I'm not entirely convinced that legality is the issue (home-taping/burning and modification by the purchased user, if AFAIK "fair-use"). It is more the fear (and in some respects rightly so) of the RIAA and Apple of the said purchased media being deseminated.
Pure and simple, distributing copyrighted material (whether you burn CDs using iTMS tunes or you break the DRM) is illegal. However, what you do with your purchased music in private (e.g. for yourself, on your own computer) is your business, so long as you are not deseminating it to those who didn't buy it, or you are not using the said copyrighted material for public performance. Electronic media, in terms of copyright, does not disallow personal backups, remixing for fun (no profit), or any sort of arbitrary modification. You own that file, albeit, not the media therein (the music in this case).
In the cases of fair-use, home-taping has been defended (likewise photocopying library books for personal/academic/private use). There are certain rights that extend to the public over what they own.
In the case of DVD Jon and others, what they see that they are doing (and arguably they are) is cleverly extending the capabilities of the end-user in lines of usage. When exploited for desemination, profit, and piracy, it is not the process or tool that is wrong, but the use. The tool does have legitamate, legal uses (playing purchased media on your Linux box, for example).
I personally think PyMusique, Hymn, and the FairPlay mechanisms for VLC are legitimate and can (and should) be used for Fair Use. If exploited, like any other tool, for illegal ends, then the people infringing on copyrights should be prosicuted (albeit the RIAA has been in recent years more proactive is fining grandma and various 12-year olds that busting pirating rings).
I have been using Hymn for months now, for fair-use purposes. I buy from iTMS (when you ride the Boston T every morning and evening, your iPod is your best friend) and I frequently get gift cards from family. I and my fiance think it is great, however, if she buys something and I buy something and we want to make a mix CD for our car when we go on a trip, something that allows extended fair-use would be great.
I personally, and I don't think I am alone, think what DVD Jon is doing is great because it is useful to the consumer (although as a side effect, the pirate). The consumer can better enjoy the beniefits of the purchase.
This will probably be corrected by iTMS with a subsequent version of iTunes and I have no problem with that. Apple is there to make money from their sales (so preventing piracy is a good motive) and they have to protect the fidgety record labels who are still uncomfortable with digital media, although CDs themselves are not secure in any regard. Those (like DVD Jon and myself) who see a need as a consumer to modify their legitamately purchased music to use it on all computers/OS they have, should make an effort to archive their media in forms they can use, with the technology at their disposal, and if the DRM system is changed, keep up or enjoy what they already bought.
Somebody mentioned subscription services, and I don't think that subscription services are only legally de-DRMed if you currently subscribe to the service, e.g. it is blantantly illegal to rip and crack a storehouse of music and continue to use them once you no longer subscribe. However, with these models, fair-use would apply to burning CDs for your car, ripping tracks and making MP3s for your iPod or whatever. It is when the use is exploited and people are not being pais is when you have a problem.
Whilst Apple can't condone this, it would be nice if they could go to the record labels and say without DRM we sold x many hundre thousand more tracks.
.01% of total sales. Almost all consumers appear to be happy with the current arrangement. "
If you believe that argument is valid, then you should have no trouble with the much more likely corollary:
Apple goes to the the labels and says "The site sold X songs without DRM. This represents less than
- Tony
Or what happens when your Mac breaks? I can still listen to the Queensryche CDs I bought in junior high (if I wanted to). At the time I had a brand-new Sony DiscMan that took four double-A batteries, lasted a couple hours, had awful sound, and cost about $130 new. My family's computer was a CompuAdd 286.
What happens when Apple goes out of business? Sony is still is business, but CompuAdd went belly-up ages ago. Apple's market share has been shrinking since the mid-1980s (and I say that as someone typing this on a PowerBook).
Assuming you don't have a BMW /w iPod adapter, can you listen to your CDs in your car without burning them in uncompressed, WAV format? What happens when you decide you want to move to Linux? Or what if you decide you'd rather have an MP3 player with a built-in radio?
These days, you can't even stream unencrypted songs to other computers in your household with iTunes. How do you know that Apple won't take away more rights in the future?
What if the artist decides he doesn't want his album distributed (e.g. Beach Boys' original Smile, Prince's Black Album), but you want other people to hear it?
With great power comes great fan noise.
Deep down, secretly, I bet Apple could give a rat's ass about DRM. They have do to it to appease the industry. And they're going to have to close obvious holes pretty quickly. But ripping and re-encoding is a) slightly obscure to the average iTMS user, b) annoying, and c) (at least in theory) degrades the music quality so that it's unappealing to discerning ears and tech/audio-philes for whom (a) is not a factor.
There's also nearly no way to prevent "hacks" like WireTap that just grab the audio stream without completely munging up the way an OS handles the audio stream. They can only do so much and Apple is not stupid enough to know that. They are the best buffer we have right now between the (wanting-to-try-to-be-legal) consumer and the greedy idiots controlling music distribution.
Maybe I'm optimistic, but I feel like something like what Apple is doing now had to happen to break open the digital purchansing flow. There's no turning back now. If "good" DRM gets more and more expensive to develop, implement, manage, and enforce, it might just become a poor(er) business model. Someone will hopefully push the "innovation" and get us beyond this hacked system we have now.
If you're mac breaks, pesumeably you have a backup, or even better, have the file on another computer (you do know you can transfer the files right?). What happens when your Queensryche CD breaks?
As for what happens when Apple goes out of business, well, DRM authorizations are localized, and there are already programs to move your authorization manualy. Presumably, if Apple were to go out of business, they would either open the DRM, issue a universal authorizer program, or someone else would step in.
As for listening to them in your car, sure, you can throw them on to AAC players (like the iPod) and pipe them through AUX inputs or FM transmitters or any of the other methods that people have used to add audio devices to their cars for years.
What happens when you want to move to linux? You use iTunes via WINE or you reencode the music into another format. Yes, you may have to do work to move from system to another, just like I have to do work to get my CDs to MiniDisc or my VHS to DVD.
If you'd rather have an MP3 player, then you need to make them MP3s, what if all of my music is MP3s and I'd rather have an UberCompressedHighQualityFormat player? I have to reencode the music.
As for streaming music, here's a novel idea. If you don't want to use the iTunes encryption, don't use iTunes. I must have missed the point where iTunes was an essential element for streaming music.
If the artist doesn't want his album distributed, what prevents you from playing it for your friends? That's right, nothing.
T Money
World Domination with a plastic spoon since 1984
The simple reason is that, although you can personalise each DRM'ed download on the server, it's expensive to do so.
I haven't researched Apple's solution; however, I have personal experience of implementing a Windows Media-based DRM solution in my previous job. (I don't agree with DRM, and won't purchase any DRM-protected media, but it was nonetheless an interesting assignment, and I discovered a lot about how it works.) With that in mind, here is my tentative analysis.
Apple are probably using one of the edge-cache services like Akamai to reduce server load and bandwidth fees. In order for this to work, the data that each client downloads must be the same - otherwise, it can't be cached.
Although it is possible, and even desirable from a security standpoint, to apply the DRM to each file as it is downloaded, the increased server load and bandwidth probably makes this economically and logistically unviable.
It may be judged as stupid that Apple has not applied even basic, generic encryption to what they send over the wire. However, since they would have to supply the enemy (a.k.a. the customer) with the encrypted content and the means to decrypt it, it would not deter a determined hacker. Then again, nor can DRM.
The parent writes, "The first rule of security is that the client is untrustworthy." The first rule of DRM is, by contrast, "We give the client the encrypted content, the keys, and the decoder, and hope that he won't work out how to use them."
The lesson that you should take away from this is that DRM is snake oil. It can never work. But it is being sold to and bought in gallons by the entertainment oligopoly mastodons who have repeatedly proven that they don't get the internet. It's basically useless for all parties concerned. We get inconvenient restrictions; they think that they are getting copy protection but are actually being sold a river.
As an aside, even if Palladium/NGSCB becomes prevalent and required for downloading DRM content, it seems unlikely that each resource will be custom-encrypted against the customer's Palladium/NGSCB public key. And even if it were, there would be likely be ways to extract the raw data at some point. I doubt that we will see truly uncrackable DRM for a long time to come. In fact, I doubt that we will ever see it.
If your comment title says 'Re: Foo', I'm not likely to read it.
The only online music buying I'm interested in is lossless and DRM free. This is why I continue to buy CDs and not buy music online. I can rip the CDs and encode them with FLAC for a lossless file that I can play on a variety of devices and OSs. I get a physical backup of the music as a bonus. Why would I pay just as much for a DRM laced and lossy file from an online store? When the industy starts offering FLAC compressed WAV files for less than what a CD costs then I'll start buying.
Why are you supporting a music store (iTunes) which that puts DRM on every song they sell? I would imagine that, if you really did not like DRM, you would do everything in your power to discourage its use.
..putting down cluestick and stepping off soapbox
Maybe because there's no feasible alternative at the moment? Maybe because he likes some artists who only distribute on iTMS? Maybe because he wants to play the AAC files he legally obtained on his Linux workstation?
Do you think that Apple's restrictions are really that ridiculous?
Who owns your computer? You or Apple? What right do they or anyone else have to tell you what you're allowed to do with your own personal property? I'm not talking about P2P or anything outside of your own computer. I'm talking about what you do with your personal physical property in the privacy of your home.
2) In addition, you're liable to hurt us people who don't mind the DRM, and in fact appreciate Apple's service, because cracking the encryption will more likely than not cause the RIAA to demand greater restrictions in the future.
DRM doesn't work and there is no way that it even theoretically can work. By necessity, DRM is the equivalent of placing your key under the doormat and expecting that nobody will use it without asking first. So what if the RIAA demands "stronger" DRM schemes than what Apple has implemented. It will only drive away customers. People like you will wake up and begin to care, perhaps. Which is really fine, because we don't need the RIAA anymore anyhow. Ever consider the fact that many iTMS artists are not RIAA member signed?
And incidentally, this does not appear to be a case of any encryption being cracked. In fact, it may not even be considered illegal, even under the bogus DMCA, because the data is merely being intercepted *before* DRM is applied to it. And it's not some form of wiretap because it's your own computer. But IANAL so don't base anything upon that speculation.
You play it off as if fighting DRM is some great act of civil disobiedence which will liberate us all from some fantasy corporate-controlled nightmare world.
If corporations are trying to define what you can legally do with your own personal property, then yes, there is reason to be concerned. And it is not a fantasy that abusive corporate control of the music industry has been detrimental to everyone minus the big-wig execs and a handful of top artists who managed to wrangle the system.
You have to realize that you're in a small minority, and you have to respect the rights of others who don't hold the same views.
Minority? Hardly. Maybe minority among Apple fanboys, but not among the majority of the population. Do you realize why MP3 is so popular? It's not because it's technically the best. It's because it is completely open. The free market has decided that most people don't like DRM. BTW, what "rights" is the original poster disrespecting of people who don't agree with him?
A Call for Open Standards