iTunes DRM Hole Closed

FrYGuY101 writes "As recently covered on Slashdot, there was a hole in iTunes which allowed music to be acquired from the iTunes Music Store without Apple's DRM applied. Well, Apple has just released an update which closes this exploit."

Impressive

[Quasar1999]

I like how they handled that... no horrible punishments, no wagging their finger at the community... just fix the hole, force the update (for obvious legal reasons), and carry on loving your customers... I like...

Too bad napster to go couldn't be so accomodating... :P

Re:Impressive

Only because it was pretty damn embarrassing and very difficult to pursue legally.

Re:Impressive

[GigsVT]

loving your customers

By forcing DRM onto them?

Re:Impressive

[0x461FAB0BD7D2]

I think they've realized that DVD Jon is pretty much untouchable. He walks a fine line, but hasn't yet crossed it.

It's not out of the goodness of their heart, but more because lawsuits are pretty damn expensive.

Re:Impressive

[cyngus]

Yet it remains the most consumer-friendly DRM around. Let's also remember that Apple itself could probably care less what you do with your music, but it has to reach some common ground with the record companies.

Re:Impressive

[2starr]

If you allow anyone to do anything with the music, the record industry won't allow songs to be sold digitally or would require higher fees to make up for the losses. I love getting my music digitally, so I would prefer that a few bad DVD John-like people not ruin it for me. So, yes... they were looking out for me when they made that move.

Re:Impressive

[swv3752]

No compromises are acceptable. It is people like you that accept the encroachment that will mean we rent everything.

And, yes I do not use Itunes, not just because it is not available on my chosen OS.

Re:Impressive

[jbarr]

loving your customers

By forcing DRM onto them?

They are simply "enforcing" a standing policy, not "forcing" DRM. And it is a policy that their customers have already agreed to. Plain and simple, if you don't want DRM, don't use their service.

Re:Impressive

[Satan+Gave+Me+a+Taco]

That's what he is you know, a fucking asshole ...The very simple and easy to live with rules that Apple laid out are just too much for some people ...All the crying people do about the big bad evil DRM screwing up the world and the "1984" type predictions are going to come true but it'll end up happening because the assholes among us will turn their noses up at every reasonable compromise along the way ...it will be in a sense our own fault.

It's wrong to assert that "assholes among us" are the source of the problem. The labels are the ones imposing restrictive DRM. When a person or a entity acts in a reactionary manner, it is their own fault, not the fault of the thing they are reacting to.

If you don't like the rules at iTMS then go buy your music elsewhere and quit screwing with the way the rest of us buy it)

I don't buy at ITMS. I buy CDs, so I can rip to whatever format I want, with no DRM. But I support people like DVD John who are proving that DRM doesn't work. The record labels will have to change their business model to work with human behavior. What you propose is us changing our behavior to work with their business model. I couldn't disagree more.

Re:Impressive

[ElleyKitten]

Except, everyone already can do anything with music. Almost every song you could want you can find through pirating, and when you pirate you don't have to deal with DRM, you can get the music in any format you want and it will play in any player you want. The goal when selling music digitally is not to attempt to make sure your customers don't pirate, but to make sure that what they're paying for is better than what they don't pay for.

Re:Impressive

[Darren+Winsper]

Define "reasonable compromise." Strangely enough, what may be reasonable to you is not reasonable to me. I have enough computers that I would actually hit the limit of the number of computers I could have my music on under the iTunes limits.

Tell me, what's the reason for restricting iTunes' streaming capabilities? It used to be five simultaneous users, now it's 5 per day. w00t.

The reason people won't accept these so-called "reasonable compromises" is because there is no such thing as a reasonable compromise with DRM. By accepting DRM you're saying it's OK for the RIAA to re-define how you listen to your music on a whim. It's not reasonable at all.

Re:Impressive

[Jah-Wren+Ryel]

You sir, are a very reasonable fellow.

"The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore all progress depends on the unreasonable man."
-- George Bernard Shaw

Re:Impressive

[Sanity]

I love getting my music digitally, so I would prefer that a few bad DVD John-like people not ruin it for me.

Yeah, those evil programmers hurting those poor multinational record labels by writing software that allows us to exercise our fair use rights under copyright law.

Your bend over and take it attitude makes me sick.

Re:Impressive

[Hamhock]

His point isn't that he loves DRM, it's that the record companies can pull support for online downloads altogether if they want, thus removing the very conveinent resource that iTMS is. Everytime DVD-John (or someone like him) releases something like this it makes the record companies nervous, and presumably less willing to deal with an online service as open as Apples is (if you think it's not that open, you're wrong, it could be a lot more locked down then it is, and it may get to that point if these 'hacks' keep coming). Record companies ARE evil, but that's irrellevant in the context of iTMS. iTMS is beholden to the record companies. Messing up iTMS as some sort of philisophical 'fuck you' to the record companies only hurts the end user and Apple, not the record companies.

Re:Impressive

[Sanity]

Its the "bend over and take it" approach, no matter how you look at it. The record companies can't pull support for online downloads, those will happen with or without their say-so. All they can do is pull support for legal online downloads, and this can only hurt them in the end.

iTMS is one of a small number of ways that people can conveniently obtain music and pay for it. If the record companies refuse to support it, then all they will do is drive people back to sources of music where they aren't compensated at all.

In short, Apple is in a strong enough negociating position to distribute music that respects their customer's fair use rights. They deserve criticism for not fighting harder on behalf of their customers.

No surprise

[NerdHead]

When holes like this one open, it's only a matter of time before they close.

Rant:
This is no big surprise. Our favorite music is owned and operated by an industry
who cares more about money than music. The artists who write and play this music
have sold their souls to this industry. Until the artists wise up and use the
Internet to distribute their music on their own terms, this cat and mouse game will continue. It's not going away soon since many artists do it for the money anyway.

Re:No surprise

[Golias]

Our favorite music is owned and operated by an industry who cares more about money than music.

I write software for a living, and guess what? I care about money more than software.

You are welcome to work at whatever craft you do for free all you like, but professional musicians (and yes, professional music sales executives) have a right to charge for their work by whatever means they consider to best suit them.

The artists who write and play this music have sold their souls to this industry.

As the leader of a small-time garage band, I would LOVE to have a label come along and "exploit" us with a five-year, multi-million dollar record contract, even if it meant seeing every (crappy) song I ever wrote locked down by eeeeeevil DRM layers. There's no way schmucks like you are ever going to hear my music unless I "sell my soul" to the record industry, because I don't have hundreds of thousands of dollars to spend on marketing and promotion.

g/marketing and promotion/s//payola/

Re:No surprise

[Zeneris]

Only trouble is the label is only giving an advance (i.e. a loan) so in reality you will probably only see a tiny return or even be in debt, even after any nominal royalies, because so much gets sucked up as "expenses"! Wise up, even top 10 artists can be poor!

Re:No surprise

[Short+Circuit]

The best music and software tends to be funded by culture, not money.

Re:No surprise

[Registered+Coward+v2]

The best music and software tends to be funded by culture, not money.

So I guess that leaves Mozart and Handel out of the best category.

Sure, there're artists who never make money and produce great art, but there's alot that's driven by money and recognition that's great as well.

Re:No surprise

[Golias]

Wise up, even top 10 artists can be poor!

iTunes current top 10 downloads:

1. Cry Baby / Piece of My Heart
Melissa Etheridge & Joss Stone
2. Switch
Will Smith
3. Since U Been Gone
Kelly Clarkson
4. Boulevard of Broken Dreams
Green Day
5. Rich Girl
Gwen Stefani & Eve
6. Mr. Brightside
The Killers
7. Candy Shop
50 Cent
8. One, Two Step
Ciara featuring Missy Elliot
9. Obsession (No Es Amor)
Frankie J & Baby Bash
10. Caught Up
Usher

Which of these "artists" are poor? Will Smith? Gwen Stefani? Usher?

Won't somebody do something to help these poor starving artists out of their current plight!?

Believe it or not, Apple's DRM doesn't bother me

[Anita+Coney]

Considering you can burn Apple's song on CD and get rid of the DRM, who cares.

What I'd love is a way to download songs from Apple in a non-lossy format! If DVD Jon could do that, I'd give him a lifetime of gratitude!

So then..

[TheVampire]

..someone just releases a patch to PyMusique so that it looks like version 4.7 of ITunes to Apple's servers...
and the endless game continues....

Not really closed

Of course the only change that Apple has made is to require iTunes 4.7 as the client. How long before someone figures out how to make PyMusique look like iTunes 4.7?

And as long as they are sending un-DRMd songs down to the client they are suceptible to man in the middle attacks (a proxy server which watches for iTMS traffic and saves the song streams to another file), or to someone directly pulling data out of the iTunes app (though the second would arguably violate the DMCA).

Exploit?

How was being able to PURCHASE something in a form that the user actually wanted an exploit? A bug that would allow someone to gain access to Apple's servers, or to steal information, or - for that matter - to steal songs without paying - all of those would be exploits.

You'd be screwed too

[jocknerd]

If you think that you would be signing a big fat contract with the music label, you're just as dumb as most of the artists out there. What you would be signing is a loan. You would be at the record labels mercy. Believe me, you are better off now. At least you don't owe the music labels anything.

Re:Wouldn't that be crossing the line?

Misrepresenting software to get around the DRM could be interesting legally. (Yes, I know browsers can do this -- but not to avoid DRM.)

Comment removed

[account_deleted]

Comment removed based on user account deletion

so hymn no longer works then...

[mzs]

I wonder how happy all the Hymn and J-Hymn users out there are about what DVD Jon did. By releasing PyMusique, he got Apple to force everyone to use 4.7 iTunes if they want to use the iTMS. I believe that 4.7 broke Hymn and unless that has been addressed, now people will no longer be able to remove the DRM from music that they purchased from the iTMS.

What happened was fine, nothing to get your knickers into a knot about. When you buy music with DRM you are agreeing to use it according to the terms set forth. One of those terms is that you agree to how the terms may change in the future. That is why I do not buy music with DRM, the fact that what I can do with that music can change at any time.

It is too bad that the Apple DRM happens to be one of the least onerous and DVD Jon gave Apple a reason to make people move to slightly more restrictive terms with 4.7, but still just the fact that Apple can modify what you can and cannot do with the music from the iTMS is an immediate turn-off for me.

So this is what we come to

[CastrTroy]

So, the music executives have forced DRM on Apple and so they have to provide it in their files. But they aren't really doing anything. Basically the DRM is to prevent files from being just put on Kazaa and spread around the world. Yet, the DRM doesn't really stop this. There's still the burn and re-rip strategy which is quite effective, as well as the "buy a CD method" which is also effective for getting files onto the internet. The only thing this does stop is file which the person has purchased being accidentally leaked on the internet by some hard-drive scanning P2P program. Anybody who still wants to distribute their purchased music can still do so. All it stops is people who don't want to share their purchased music from sharing it unintentionally.

Re:Imagine..

[sh00z]

Sort of. He could only have violated the TOS if he had agreed to them through the iTunes EULA. Since this program wasn't using iTunes, the Terms of Service weren't invoked.

Good for them

[CheeseTroll]

For so long, one of the more legit arguments for downloading music via p2p was that music publishers gave customers no other options other than to purchase an entire, overpriced CD when all a person wanted was one or two songs. Now we have a multitude of options for buying music pretty damn inexpensively online with a very reasonable implementation of DRM, and some people still want to jump through hoops to cheat the system? For god's sakes, write your own music if you're that cheap!

Re:Imagine..

[Marran+Gray]

I'm not speaking strictly from firsthand analysis, but it doesn't look like the hymn developers are violating the ToS. hymn is a tool that performs certain operations on standard data objects (mp4 atoms). Actually using it on music files you bought from iTMS is a ToS violation... by the user. You can maybe make arguments about the "intended purpose" of hymn, but that's a much more complicated issue.

Incidentally, as much as I dislike DRM and will probably never buy any DRM'd music (it just feels unclean), I have to second Quasar's post: Apple could have gotten their legal action on, and they deserve credit for instead doing what they did. You can't even really fault them for trying to "pull the rug" via undocumented software changes; aside from the fact that such is really standard industry practice (laugh), iTunes and iTMS belong to Apple and can be changed at their will. (This lock-in is the cause of my first objection to DRM in general, but that's a separate argument.)

Re:Is it a fix or a patch?

[siriuskase]

It appears that they ask the application to identify itself and if it isn't iTunes 4.7, it won't download. Sort of reminds me of those websites that checked to make sure you were running IE. That led to other browsers acquiring the ability to misidentify themselves. If that's so, it'll only take a week.

Now what we need is for Slashdot to verify that the user isn't someone who's going to run off and tell Apple.

I just don't get it

[Fahrvergnuugen]

Walking into a brick and mortar building and purchasing a good old fashioned CD is still a method for getting music. And it doesn't have a DRM attached to it. So why does everyone insist on attaching a DRM to purchased music files? How are they different than the physical CD? A physical CD takes me less than 3 minutes to either rip into AAC or make a physical copy and pass around to whomever I please. Putting a DRM on things is just like saying, PLEASE, TRY AND HACK ME. Its no different than telling kids that they can't drink until they're 21. If you don't make a big deal out of it, neither will they (look at countries that don't have a drinking age for example). On top of that, we all know that DRM is a useless technology. You give the person an encrypted file AND the keys to open it. Wheres the security? And now for the honer system theory.... If it were made blatantly clear when you purchased a song from the iTMS that YOUR NAME and ACCOUNT NUMBER were embedded into the file (just like a license plate on a car), I would certainly think twice about sharing that file on a P2P network. At the same time I would have an unlocked unrestricted file to do as I please with.

Parent is insightful? The mods are on crack!

[Frodo+Crockett]

I would prefer that a few bad DVD John-like people not ruin it for me.

WTF? Last time I checked, all Jon (there's no 'h' in his name) wants to do is watch dvds and listen to music purchased via iTunes on his Linux box. What Jon has done is indeed illegal in some countries (more extreme /. members would call them corporate states), but I don't think that any honest person can say it's unethical.

It's really quite simple. If you buy something, you can do whatever the hell you want with it, so long as your actions don't harm anyone. Don't give me that "indirect harm" bullshit, either. I'd give you ground if we were talking about releasing the plans for building an antimatter bomb, but not for something so inconsequential as circumventing DRM and copy protection.

Is DVD Jon ruining it for the rest of us?

[razmaspaz]

I'm wondering what the reactionary response to this will be.

In high school (a long long time ago) a friend of mine got a -3 on a question on a test. The girl sitting next to him got a -1 on the same question with a near identical response. He complained and the situation was resolved by giving the girl a -3 instead of a -1.

My point, instead of raising awareness of the stupidity of the law and making it better for the rest of us...will DVD Jon just ruin it for us? Will his escapade just serve to make DMCA laws worse? Will the RIAA use this to show that DMCA laws are not tough enough?