Apple's DRM Whack-a-Mole

Mateo_LeFou writes "Gulf News has a nice piece exposing the last couple generations of Apple's DRM strategy (you didn't really think they were abandoning DRM, did you?). Article focuses on how quickly the tactics are worked around, and how nasty the latest one is: purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."

Right click, Convert to AAC/MP3/etc.

[chasingporsches]

and don't forget that you can just right click the non-DRM file now and convert to another format that DOES NOT have your user information embedded in it. it's a very simple, fast process for the paranoid.

Re:Right click, Convert to AAC/MP3/etc.

[Tickletaint]

Yes. You can. They're fucking ID3 tags (or whatever the m4a equivalent is), nothing more, so you can strip them using your favorite tag editor. Even QuickTime Player will do the job, I believe.

Re:Right click, Convert to AAC/MP3/etc.

[gig]

> They're not encrypted, but they are probably signed. The iTunes Plus files have blocks called "sign" and "chtb" which were
> not present in the old DRM'd files

Sigh ... this is a proof of purchase. It is advantageous to the legitimate purchaser to leave this information in the file so as to future-proof their music investment.

There were three big announcements with iTunes Plus: 1) no DRM, 2) double the bit-rate for higher quality sound, 3) PREVIOUSLY PURCHASED iTUNES STORE TRACKS CAN BE UPGRADED FOR A TOKEN HANDLING FEE TO THE NEW HIGHER-QUALITY BIT RATE.

In order to upgrade you now or in the future, iTunes needs to be able to identify "iTunes Store purchases" from "other" in your music collection, which thanks to Apple's progressive and practical user-centric policies may include audio from dozens or hundreds of different sources.

If a person follows the EFF's advice and strips the unique meta data out of their iTunes Plus purchase, iTunes will not be able to identify those tracks as iTunes Store purchases, and the tracks will never be upgradable to lossless, which is the next bump, within 3-5 years. After that, expect to see higher-than-CD bit rates and sample depths next, that is when you will START to hear the audio as it is recorded in the studio (even in my small project studio we have 24-bits and 192 kHz, but still to publish you have to distill down to 16-bits and 44.1 KHz using arcane and vicious audio hacking, a lot is lost). In other words, if you have anything other than a 24-bit 192 kHz lossless audio file, you are not done upgrading yet. Since there will be 3 or 4 jumps before we get there (and by then the music studio may have moved up ahead) you are looking at a lot of money to stay current if you insist on paying full price for every track every time out.

A few years ago I heard a record company executive from a big label talk about DVD-Audio. Was he excited that consumers would soon be able to buy much higher quality music? Not really. He could not wait to sell Sgt. Pepper's to baby boomers again for full price, he couldn't wait to sell someone the whole Led Zeppelin catalog for the fifth time, again at full price. What Apple is doing by upgrading your audio quality for a handling fee did not come from the record companies, I can assure you.

Re:So...

[daveschroeder]

Remove said personal information from the ID3 equivalent before uploading said file. Or is this information in some weird watermarking system I don't know about?

No. There is no weird watermarking system (though some people do suspect Apple of using hidden watermarks or steganography).

The information is stored in international standard MPEG-4 "atoms". In fact, they're even preexisting atoms for the purpose of storing name and email address. They're not secret, and not hidden.

If people are hell bent on uploading their files after they've purchased them, there's a number of ways the identifying information can be removed.

Plenty of people around who say, "But what if I then change the name and email to that of my most hated enemy and upload those??" though. Yeah. Okay.

Re:Couldn't be more ranty, or wrong

[Blondie-Wan]

"Found"? It was never hidden. It was plainly visible, clearly intentionally, from day one. I'm absolutely flabbergasted people think this is some insidious new development or that it's been sneaked in in hopes people won't see it.

Have the people expressing shock and outrage never used iTunes, or what? Seriously, the purchaser info is RIGHT THERE in the same tab in the "Get Info" window that displays the track length, play count, file format, bitrate, and other data that's clearly, readily, deliberately accessible to users, and IT HAS BEEN EVER SINCE THE STORE OPENED IN 2003.

Re:Nasty?

[TheRaven64]

It's not a watermark (there may be a watermark as well, but no one has found one yet). A watermark is something embedded in the actual data, changing it in an identifiable way. The tracks from the iTunes store simply encode the name and email address of the buyer, and the time of purchase in the standard metadata tags. This is fairly trivial to remove, if you want to bother. It's like a receipt; it allows you to prove that you purchased the track if you need to, but doesn't do anything more.

Re:Nasty?

[Tom]

Apple gives you a no-DRM file, and slaps a watermark on it so that, No, they didn't.

I know this is /. and all, but how about at least getting the basic facts right?

One, it wasn't added, it had been there before.
Two, it's not a watermark, it's some embedded text.
Three, the text is even embedded in plain text format.

Re:Couldn't be more ranty, or wrong

[vux984]

A mystery? This has been going on since day one, and has never been a mystery. And even if it is a "mystery" on the non-DRM files, it was never a mystery on the DRM files, was never hidden, and was never secret. This has been known, never obfuscated, and obvious to anyone who clicked "Get Info" on anything purchased from the iTunes Store, ever.

EXACTLY.

This is about as 'evil' as the time I bought a book on special order. The staff had put a paper insert inside the front cover with my name and phonenumber, presumably so that they knew who had ordered it. But they didn't tell me!! And it was personally identifying!!... why if I had started committing crimes with that book the police would have had my name and number!! I'm never buying a book from that company again! /sarcasm

My favorite quote of all this was from an EFF attorney; to paraphrase: if someone steals your iPod, the thief would have the name and email address of the rightful owner!

Heaven help the poor sap if someone were to steal his cellphone. or his wallet. or his briefcase. or his laptop.

Re:Couldn't be more ranty, or wrong

[tsa]

Yours was the only post this thread needed. And first post too! If I had mod points I would mod you up.

Oh, and one more thing... Please /. editors, sometimes no news is better than a random rant from a clueless person.

Re:Nasty?

[daveschroeder]

It's not a watermark (there may be a watermark as well, but no one has found one yet).

Actually, people already have found that Apple isn't using a watermark or steganography technique, either:

http://www.macrumors.com/2007/06/01/apple-using-st eganography-in-itunes-plus-songs/

The file differences are why some originally thought that Apple might be using steganography. It turns out, though, that the AAC data is 100% identical and that the differences were a result in different metadata (modification dates) in the files:

http://forums.macrumors.com/showpost.php?p=3696625 &postcount=123

So, Apple is indeed not using steganography or other hidden watermarking on the files.