Slashdot Mirror
Apple's DRM Whack-a-Mole
Mateo_LeFou writes "Gulf News has a nice piece exposing the last couple generations of Apple's DRM strategy (you didn't really think they were abandoning DRM, did you?). Article focuses on how quickly the tactics are worked around, and how nasty the latest one is: purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."
I'm just going to ignore the DRM circumvention garbage that comprises the first half of the article, considering Steve Jobs is by far the most influential person in music, media, and computing to call DRM out for what it is.
...which is what I thought the purpose of calling for no-DRM was. You know, so we could all use our files we legitimately own on any device.
The first half of the article is nothing but an anti-Apple rant, actually insinuating that Apple is on a mission to not let their users burn music to CD, which is completely and utterly false.
Then, the article drops this gem:
Turns out that Apple has been embedding its files with user information. iTunes customers have been downloading files that contain both their names and their email address.
"Turns out"? Let's continue...
How long this has been going on and just why Apple has felt compelled to do so is still a mystery - the company so far has refused to comment
A mystery? This has been going on since day one, and has never been a mystery. And even if it is a "mystery" on the non-DRM files, it was never a mystery on the DRM files, was never hidden, and was never secret. This has been known, never obfuscated, and obvious to anyone who clicked "Get Info" on anything purchased from the iTunes Store, ever.
but the reason seems obvious.
Oh, please. Do tell.
The embedded data won't prevent anyone from listening to their music files
but it might deter them from uploading them to a file-sharing server.
O, the humanity! Really??? It might deter people from that?
Well, let's take a look at the logic, here. It was never secret on the DRM files, and it's not secret on the no-DRM files. But, Apple also never overtly publicized it. So, if it's not even talked about, how is it a deterrent, exactly?
But the message is clear: take our songs public, and we'll take you public.
Oh, that's the message, is it? So we've been calling for no DRM for ages, so we can legitimately and legally use our music files, and now people have problems with not being able to do things with them that are strictly illegal? If you want to bash copyright or the fact that you can't legally share anything and everything with anyone with no repercussions, do that. But don't blame Apple because an incidental name and email address is in a file that you shouldn't be uploading anyway.
And to all the idiots who think this could be somehow "used against them" without their knowledge, it would be easily, easily provable that someone never made such a purchase from the iTunes store. But that's a different argument entirely. All these fringe examples of how something MIGHT be able to abused that makes all sorts of suppositions that aren't necessarily even true - that Apple put the information there for this purpose, or that it would ever even be used that way, by anyone, or that falsifying no-DRM tracks from iTunes and then uploading them to P2P networks will suddenly become routine harassment - are starting to get old.
Sure, encrypt the data. But you know what? if it was encrypted, do you really think all the people howling about this wouldn't be complaining even more? After all, it's still identifying information, and now it's encrypted! Maybe the RIAA has the key, and they're all going to come after you! Why is Apple hiding this information??? Does anyone really think that wouldn't happen?
My favorite quote of all this was from an EFF attorney; to paraphrase: if someone steals your iPod, the thief would have the name and email address of the rightful owner!
Oh, yes, I agree: what a nightmare scenario that would be!
Could we have that in English please?
Personal info has always been there. Didn't anyone notice that Apple is selling DRM-free tunes now? It's not Apple's fault if DRM is there. If it exists, it's because the record company wanted it there. Don't like DRM? Don't buy from those companies. Simple.
Apple gives you a no-DRM file, and slaps a watermark on it so that, if you're so inclined to share it with wild abandon, they can ID you.
That's not nasty. That's fair. It's YOUR music file, and there are no technical limitations on what you can do with it. if you do the one thing you're not allowed to do with it, they'll be able to (*gasp!*) track down that you did it.
So? It's not like you're going to upload them are you? It's sure not a concern unless you do.
However, I do think they should encrypt the watermark, or at the very least use some unique hash to prevent people from placing someone else's name there instead. I mean, things can happen surely.
and don't forget that you can just right click the non-DRM file now and convert to another format that DOES NOT have your user information embedded in it. it's a very simple, fast process for the paranoid.
Let's see now, how to gain cash over the weekend - I know! The hottest topic in the computing sphere right now has to be Apple - with the keynote at their conference tomorrow. Let's do a hack-job on them...
Strike one - let's paint Apple as stupid - pretend that the company famous for 'rip, mix, burn' don't understand that the code *they* built into iTunes can remove the DRM. [ed - are you sure you're going somewhere here ?]
Strike two - we'll pretend that the bug in iTunes was put there maliciously. We'll claim that Apple were caught out by their users being too clever [ed - I thought Apple acknowledge [Roy B's post] this as a bug, they *are* human you know]
Strike three, they're out. They *embed* your email address into these "supposedly DRM-free" tracks! How are you supposed to upload and spread them around the net if they identify who did it ? That's it! Game over for Apple! [ed - but surely the people who *buy* iTunes music are the people who *don't* download free music from the 'net]
columnist: Trust me, ok, it'll make for loads of ad-hits. $$$ man!
ed: ok, ok. You know the territory, I'm just the business guy
Quite apart from the fact that the personal metadata has *always* been embedded, it doesn't prevent the exact same method of protection-removal if you really want to upload your tracks - lay it down to CD as audio, rip it, "share" it.
Perhaps what we have is simply that Apple didn't *remove* a piece of metadata that was always there, they just delivered on their promise to allow you to migrate your music to wherever you want to play it. But that's not a story that'll deliver ad-revenue...
Y'all just oughta be glad it's not *me* in charge... I'd have embedded the email address as an easy thing to spot & remove, and *also* embedded the binary user-GUID, spread around in the metadata block. Once you *thought* you'd removed all trace of your name, I'd still be able to track who'd uploaded files - enough files... time to emulate a ton of bricks. Given the pay-for timestamp and the appearance-on-the-network time, I ought to be able to tell who's just "sharing" files as a policy after a while...
Simon
Physicists get Hadrons!
Holy crap! I haven't seen this poorly of researched or obviously clueless article in a while. Apple isn't suddenly adding your personal data to songs. They've always done that. They just did not remove that when they pulled the DRM.
Author suspects that this is to prevent you uploading them to a network."Well since such behavior would be illegal in almost every country Apple does business, I'm not sure why people should be so concerned about it. If you're obeying the law, this affects you not at all. If you're breaking the law, well, you're probably not paying to buy music in the first place so you won't have any of this music. If for some reason you are buying songs and intentionally republishing them without a license, well hopefully you're not so idiotic that you can't strip this data off. This data is nothing to worry about in my opinion. It is plaintext and easily removable. If you are a criminal you should be worrying about watermarking of files, which Apple may or may not be doing and which all the other music stores may or may not be doing. That is something a lot harder to detect.
Personally, I'm just not illegally publishing copyrighted works (and not buying from Apple either) so I don't see why I'd care. Note, this is not DRM in any way. DRM stops you from taking actions. This simply might make it easier to discover who took an action after the fact. This is no more DRM than your own upload logs are.
That Mateo_LeFou is an utter moron if he/she can be describe this as a "nice piece". And Taco is just trying to get people all up in arms for posting it.. I beleive the first post perfectly illustrates the innaccuracy and trollish nature of the "article". Nothing to see here..move along
So many injustices..so little time..
to insert a new name and email address so Steve, Bill and a couple of RIAA execs can become the biggest uploaders in the history of filesharing.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Remove said personal information from the ID3 equivalent before uploading said file. Or is this information in some weird watermarking system I don't know about?
No. There is no weird watermarking system (though some people do suspect Apple of using hidden watermarks or steganography).
The information is stored in international standard MPEG-4 "atoms". In fact, they're even preexisting atoms for the purpose of storing name and email address. They're not secret, and not hidden.
If people are hell bent on uploading their files after they've purchased them, there's a number of ways the identifying information can be removed.
Plenty of people around who say, "But what if I then change the name and email to that of my most hated enemy and upload those??" though. Yeah. Okay.
...which makes it so damned easy to find and erase that one must conclude that the personalization has *NOTHING* to do with DRM. Honest to god, even the most retarded programmer would encrypt the information so that it isn't easily discovered.
--
Don't like it? Respond with words, not karma.
1. The convert to MP3 menu does not work for these tracks.
2. They're more expensive
3. You can't hear the difference, only 1 in 10 could and it was statistical noise.
4. You can fit fewer tracks on a player because they bigger.
5. Apple are playing a game here.
I'm in favour of watermarking tracks with the sale ID, but Apple looks to be playing a game here, I still can't sign up to iTunes and get music for my MP3 players at the same prices as iPod users.
There is a serious point here. Not particularly about Apple or music. The question really is about electronic media and traceability and reading/viewing/listening habits. To get the potential issue, you have to fast forward a few years. Now most of the press and pamphlets and magazines have migrated online. Some minority book publishing has also. At this point, every book, record or mag anyone buys online has, imagine, a name and address in it that is verified to a credit card.
Do you really feel completely comfortable about that? Do you for example feel comfortable knowing that that little radical publisher whose mag you subscribed to, and that has just been raided for some good or bad reason, has put your name and address in everything you bought from them? Lets say you live in some country where there had just been a change of regime.
I don't. It seems that if someone wants to write his name and (email) address in his books, or on his record or DVD covers, fine, he should be free to do it. But I cannot see the vendor writing it in the copy as a default in a way that needs tools to take it out again.
Its not about Apple - to the extent that this is just repetition of an old story about Apple its silly. But there is a serious question underneath this. To what extent do we want to be buying online exactly the same anonymous stuff we buy physically? This is not a silly question at all.
The watermark metadata is presumably in the MP4 container, so surely one could simply extract the AAC stream and repackage it in a new MP4 container? Or are they watermarking the actual AAC stream somehow?
-Stephen
My files were stolen. Prove me wrong.
---- Booth was a patriot ----
It may be illegal to share some files, but the practice of file sharing by itself is NOT illegal. Don't go around claiming otherwise.
If I was to name the single most crucial characteristic of a DRM system, it is that it is the system governing my content rather than the courts. A watermark isn't restricting anything, I can reproduce, create derivates, distribute, perform, display, transform, comment, parodize, time-shift, space-shift, format-shift, backup and whatever else as much and as often as I want. If the copyright holders think I'm in violation of the law, we go to court where I might win, they might win but that is determined by law - not the few, if any activities the DRM system chooses to whitelist.
Live today, because you never know what tomorrow brings
NEWS FLASH! Adobe Hides Customer Information!
From the article:
While many people believe that Adobe products are DRM-free, did you know that they, in fact, have a "poison tip?"
Besides, embedding personal info is not DRM. Wikipedia sums it up nicely:
Digital rights management (DRM) is an umbrella term referring to technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device.
Assorted stuff I do sometimes: Lemuria.org
I encourage everyone to access the firehose and vote this article down.
Sad to say, but whoever wrote that article is clueless, and it does not deserve to be on slashdot (or anywhere else).
I can only think that it made the front page because it mentions both Apple and DRM in the title, causing lots of people to flag it up by reflex. It should be buried.
I lost my sig.
Hmm. Let's think about this a minute. How long until the first illegal music files watermarked to Dave Schroeder (das@doit.wisc.edu) turn up in P2P?
Running a little fast and loose with the term "watermarked", eh?
So a name and email address in a standard MPEG-4 atom intended for such purpose is now a "watermark"?
Since Apple maintains the authoritative purchase history of all transactions with the iTunes store for all users (and is also user-accessible), it would be ridiculously easy to prove that purchase was never made.
Still nice to know that there is such hatred of Apple that you'd insinuate that someone disseminating correct information about Apple should be targeted for online harassment, though!
If I have nothing to hide, you have no reason to search me
Forgive me if I'm wrong, but is the article saying that we should be putting our DRM-free purchased iTunes songs up onto file sharing networks?
I'm under the impression the whole point of DRM-free content was to allow users to legally use their purchased content to play them or convert them to any device we want. For Apple to put our names and email addresses into the DRM-free content seems okay to me, since I'm not going to be pirating the music out.
No. There is no weird watermarking system (though some people do suspect Apple of using hidden watermarks or steganography).
Get the same song from two different iTunes accounts. Run it through a binary comparison. Check. Remove atoms with name and e-mail, check again. Steganography is the method for hiding data in other data, but there's absolutely no way to hide unique data in two pieces of data which should be 100% identical. Either this could be dismissed easily or proven easily, so if there's no credible story I'd say that this is just a crackpot idea.
Live today, because you never know what tomorrow brings
Do you really feel completely comfortable about that? Do you for example feel comfortable knowing that that little radical publisher whose mag you subscribed to, and that has just been raided for some good or bad reason, has put your name and address in everything you bought from them?
Hey, dude, if they were raided, the feds already got your name from them *already*. They don't need to dig your name out of a file to do that.
At this point, every book, record or mag anyone buys online has, imagine, a name and address in it that is verified to a credit card.
Which is why the untracable debit cards you can get at any grocery store in the US are so useful.
I mean, you're using them when you buy your porn aready, right?
I agree entirely with this poster. The original article is neither well-reasoned nor well-organized.
As I see it, the Apple encoding lets you do whatever you want with your purchase, as long as you are willing to take responsibility for it. If you believe that music should be free, there's nothing to stop you from standing up for your belief and posting your downloads anywhere you want.
If you do, you will earn public recognition --- and perhaps the admiration of those who don't want to pay for their own downloads --- for sticking by your principles. You may also earn the recognition of the music's copyright owners, and that may be less enjoyable. But if you're not willing to accept the latter recognition, then you don't deserve the first.
Fortunately there's an easy solution; just don't post your downloads. I doubt that anyone will punish you for refraining. You can still enjoy them however else you choose and much more easily than you could before.
Peter
If you think Apple and or Steve Jobs have any opinion on DRM you are insane. He is a business man and a succesfull one at that. He only cares about what will make him the most money and will use or not use DRM as required by the greatest possible profit stream.
If he was really for freedom for customers he would have long since forced disney to stop adding such basic stuff as region encoding or even plain impossible to skip commercials.
He has not.
At the moment his company is experimenting with a new product variation that for a premium offers customer an "enhanced" version. If it succeeds, good, the same product for more money at almost no increase in costs. If it doesn't well he tried, got a few headlines and the costs are minimal.
Steve Jobs is NOT anti-DRM or pro-DRM, he is PRO-Apples bottom-line and will say or do anything (legal) that makes that bottom-line look really good.
All you need to know about Steve Jobs is that the iPod line has a ridiculous profit margin yet is made under dismall circumstances in a low wage country with appaling human rights and working conditions that would shock a european. Well main european, mainland western european. Northen part.
He could easily afford to have the iPod produced in more accetapble conditions BUT that would hurt the bottom-line. So he chooses to do the absolute minimum needed to keep the humanrights watchers from having to much ammo and rolls in the profits.
Steve Jobs is NOT god. He is just another businessman, stop trying to pretend he is something else.
Don't underestimate the number of spiteful people from all demographics who will do exactly that. It seems like petty revenge, but it will happen just as commonly as other forms of "internet abuse".
You're assuming that's why name and email address are even there (e.g., instead of just as incidental purchase metadata that's always been there that simply wasn't removed when Apple started removing DRM. After all, why remove it?).
Also, you're forgetting that Apple maintains the authoritative records on all iTunes music store purchases. So unless you're going to say that people will be uploading no-DRM tracks that they know other people have purchased, or that someone will be stealing someone else's music (e.g., boy/girlfriend, friend, etc.) and then uploading to be vindictive, I mean, aren't there a LOT of ways to harass people if you're hell-bent on harassing someone? You're assuming that there is any legal standard that would allow someone who uploads no-DRM songs they legitimately purchased.
And remember, all of the big forces arguing against the inclusion of this information aren't even arguing for it to be removed; they're arguing for it to be *encrypted*. Which means it can still be decrypted. Which means that, whether there's any truth to it or not, people will still be accusing Apple of underhanded tactics, and probably would even suspect Apple was in collusion with the RIAA and is providing music industry groups with the keys to decrypt.
This won't be happening "commonly" at all. This is just another mock-objection by people who'd find problems with Apple no matter what they did. Apple has done more now to advance the no-DRM movement than any other commercial entity involved in music, media, or computing. (Yes, more than any other company or vendor or (mainstream) music provider.)
Is the fact that your name is in a song that you purchased for your own use really that big of a deal? Especially considering this same information has been in all tracks ever purchased from the iTunes store for the last four years?
purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."
...author ALSO suspects that the big pretty boat in the movie Titanic will sink in the end.
Okay before anyone flames me for this, just as a precursor, I would just like to say I've read the other comments and as far as DRM, or apple trying to trick people or anything like that I agree is just stupid.
However, I do have the slightest concern that if apple is not using encryption for people's personal files on this sort of thing, I am a little worried where else they may not be encrypting this data, I mean if all this information is storedon itunes user infromation databases, I hope it is full encrypted, but it seems a little less likely now.
Yeah right, because, if someone steals my laptop, my biggest concern would be my name and email address embedded in my iTunes music (Tongue-in-cheek). Please!
So a name and email address in a standard MPEG-4 atom intended for such purpose is now a "watermark"?
Yes, it's a watermark. It's just not a robust or stealthy one.
-30-
Its:
/. articles seem to want. Best /. article ever!
a)Late, this stuff came out weeks ago
b)Wrong, as many posts have already demonstrated
c)Pompous, well, 'nuff said on that one
It's got the holy trifecta that all
Monstar L
Shame on Apple; this is not the right way of doing DRM.
Not that there's really a right way.
The higher the technology, the sharper that two-edged sword.
But let's put this in perspective: when ITunes first launched, you could authorize 5 computers to play their DRM protected files. Then Apple unilaterally changed this to only 3 authorized computers.
If anything's put into perspective by that part, it's your comment. The limit was originally 3, but it was later on raised to 5, which is also the current limit for DRM'd iTunes content. Please check your facts.If rights aren't being managed digitally, it's not Digital Rights Management. I'm sorry, but defining DRM as "any practice Whuffo doesn't like" is not worth your +4 Insightful.
Your assertion that M4A is an "unusual format" is completely absurd for starters, but let's go down that slope a little more. Are you really saying that it's DRM unless you put your files in the most common format available? That the entire industry ought to be forever locked in to 90's era technology with demonstrably inferior sound quality?
But what really takes the cake is your assertion that the tags (the information isn't "embedded") represent a "restriction" when the only restriction is copyright law. This is an empty and offensive line of reasoning. Next you'll be calling a vinyl LP DRM, because it's hard to extract the music in digital form. Or the plastic wrapper on a CD case will be DRM since it makes it harder to get to the music.
In short, you've created an argument that simply allows you to criticize whatever company you don't like, which today happens to be Apple. By the way, increasing the bitrate on music is a matter of diminishing returns; the difference in quality between 128 and 256 is way greater than the difference between 256 and lossless.
I have seen the future, and it is inconvenient.
Sig links to http://en.wikipedia.org/wiki/Special:Userlogout?re turnto=Have_a_nice_day
Fortunately TinyUrl doesn't redirect transparently anymore (and Firefox shows the non-obfuscated URL on the TinyUrl page...).
But yeah, dick move.
it's a trust thing.. Apple is trusting you with somebody else's music file, they expect you to take care of that data file by putting your personal info inside the file. There's nothing "wrong" going on here. They expect you to protect that info that they sell for you to have the same as your own personal info... it's a CONTRACT you made when you paid money and downloaded the song.. even without DRM. No DRM does not mean no personal responsibility.
Um...I don't know how to put this, but you're an idiot. They have plaintext metadata within the file that can probably be removed or altered with Apple's own QuickTime player, and they use a standard MPEG-4 Audio container with a standard MPEG AAC codec, and this is "an unusual format"?
I smell bullshit! First off, by your argument, CD's were a form of DRM back in the 80's, when you couldn't play them on your tape players. I guess HD-DVD and Blu-Ray, even without AACS, would be DRM by your standard because HD-DVD and Blu-Ray players are still expensive. So what, we don't get to use newly-standardized audio and video formats? We should satisfy ourselves with MP3's from the 90's and 100-pixel-wide AVI's? Also, you're backwards--the restriction was raised from 3 to 5. Also, how the fuck does including your name as metadata mean you can only play it on "your" computers? There's nothing stopping you from putting your iTunes Plus songs on a flash drive and loading them onto somebody else's computer to play.
Actually, Apple always allowed you to burn a song an infinite number of times (you just had to vary the playlist every so often, and you could even change it back), and to load it on an infinite number of iPods. As for the CPU restriction, do you have any fucking idea where you are?
I think you left out a "Netcraft confirms it".
In Repressive Burma, it's not just your connection that dies. slashdot.org/comments.pl?sid=314547&cid=20819199
Fairplay was intended to allow you to burn playlists to CDs from beginning. It has a limitation on the number of times a given playlist can be burnt (5 I think), but changing the playlist allows it to be burnt again. It is an advertised feature not a "hack" to the DRM. From the beginning Apple has embedded the Apple ID and email address in the songs downloaded from the iTMS (iTunes Mxxxx Store), back to the protected AAC tracks. Nothing new here. And it is well known how to remove this information from the tracks. But why bother unless your intent is to actually upload them to a file server for widespread illegal distribution. It is not like anyone besides yourself will or should have access to the tracks with this data embedded in it... The author of the original cited article needs a clue by four hit and should be better informed.
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
Nothing like insulting your readers to generate positive responses. I personally read every EULA I accept.
So in other words, you accept none of them?
Which is why you report the iPod as stolen and get a signed police report. Anyway, since it would be so easy to frame somebody that way, I doubt anyone will get sued if his files turn up on sharing networks. It's probably more of a way for Apple and the record companies to track how many of the sold files make it to sharing networks, and a little incentive for users to not share their files.