Slashdot Mirror
Apple's DRM Whack-a-Mole
Mateo_LeFou writes "Gulf News has a nice piece exposing the last couple generations of Apple's DRM strategy (you didn't really think they were abandoning DRM, did you?). Article focuses on how quickly the tactics are worked around, and how nasty the latest one is: purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."
I'm just going to ignore the DRM circumvention garbage that comprises the first half of the article, considering Steve Jobs is by far the most influential person in music, media, and computing to call DRM out for what it is.
...which is what I thought the purpose of calling for no-DRM was. You know, so we could all use our files we legitimately own on any device.
The first half of the article is nothing but an anti-Apple rant, actually insinuating that Apple is on a mission to not let their users burn music to CD, which is completely and utterly false.
Then, the article drops this gem:
Turns out that Apple has been embedding its files with user information. iTunes customers have been downloading files that contain both their names and their email address.
"Turns out"? Let's continue...
How long this has been going on and just why Apple has felt compelled to do so is still a mystery - the company so far has refused to comment
A mystery? This has been going on since day one, and has never been a mystery. And even if it is a "mystery" on the non-DRM files, it was never a mystery on the DRM files, was never hidden, and was never secret. This has been known, never obfuscated, and obvious to anyone who clicked "Get Info" on anything purchased from the iTunes Store, ever.
but the reason seems obvious.
Oh, please. Do tell.
The embedded data won't prevent anyone from listening to their music files
but it might deter them from uploading them to a file-sharing server.
O, the humanity! Really??? It might deter people from that?
Well, let's take a look at the logic, here. It was never secret on the DRM files, and it's not secret on the no-DRM files. But, Apple also never overtly publicized it. So, if it's not even talked about, how is it a deterrent, exactly?
But the message is clear: take our songs public, and we'll take you public.
Oh, that's the message, is it? So we've been calling for no DRM for ages, so we can legitimately and legally use our music files, and now people have problems with not being able to do things with them that are strictly illegal? If you want to bash copyright or the fact that you can't legally share anything and everything with anyone with no repercussions, do that. But don't blame Apple because an incidental name and email address is in a file that you shouldn't be uploading anyway.
And to all the idiots who think this could be somehow "used against them" without their knowledge, it would be easily, easily provable that someone never made such a purchase from the iTunes store. But that's a different argument entirely. All these fringe examples of how something MIGHT be able to abused that makes all sorts of suppositions that aren't necessarily even true - that Apple put the information there for this purpose, or that it would ever even be used that way, by anyone, or that falsifying no-DRM tracks from iTunes and then uploading them to P2P networks will suddenly become routine harassment - are starting to get old.
Sure, encrypt the data. But you know what? if it was encrypted, do you really think all the people howling about this wouldn't be complaining even more? After all, it's still identifying information, and now it's encrypted! Maybe the RIAA has the key, and they're all going to come after you! Why is Apple hiding this information??? Does anyone really think that wouldn't happen?
My favorite quote of all this was from an EFF attorney; to paraphrase: if someone steals your iPod, the thief would have the name and email address of the rightful owner!
Oh, yes, I agree: what a nightmare scenario that would be!
Personal info has always been there. Didn't anyone notice that Apple is selling DRM-free tunes now? It's not Apple's fault if DRM is there. If it exists, it's because the record company wanted it there. Don't like DRM? Don't buy from those companies. Simple.
Apple gives you a no-DRM file, and slaps a watermark on it so that, if you're so inclined to share it with wild abandon, they can ID you.
That's not nasty. That's fair. It's YOUR music file, and there are no technical limitations on what you can do with it. if you do the one thing you're not allowed to do with it, they'll be able to (*gasp!*) track down that you did it.
and don't forget that you can just right click the non-DRM file now and convert to another format that DOES NOT have your user information embedded in it. it's a very simple, fast process for the paranoid.
Let's see now, how to gain cash over the weekend - I know! The hottest topic in the computing sphere right now has to be Apple - with the keynote at their conference tomorrow. Let's do a hack-job on them...
Strike one - let's paint Apple as stupid - pretend that the company famous for 'rip, mix, burn' don't understand that the code *they* built into iTunes can remove the DRM. [ed - are you sure you're going somewhere here ?]
Strike two - we'll pretend that the bug in iTunes was put there maliciously. We'll claim that Apple were caught out by their users being too clever [ed - I thought Apple acknowledge [Roy B's post] this as a bug, they *are* human you know]
Strike three, they're out. They *embed* your email address into these "supposedly DRM-free" tracks! How are you supposed to upload and spread them around the net if they identify who did it ? That's it! Game over for Apple! [ed - but surely the people who *buy* iTunes music are the people who *don't* download free music from the 'net]
columnist: Trust me, ok, it'll make for loads of ad-hits. $$$ man!
ed: ok, ok. You know the territory, I'm just the business guy
Quite apart from the fact that the personal metadata has *always* been embedded, it doesn't prevent the exact same method of protection-removal if you really want to upload your tracks - lay it down to CD as audio, rip it, "share" it.
Perhaps what we have is simply that Apple didn't *remove* a piece of metadata that was always there, they just delivered on their promise to allow you to migrate your music to wherever you want to play it. But that's not a story that'll deliver ad-revenue...
Y'all just oughta be glad it's not *me* in charge... I'd have embedded the email address as an easy thing to spot & remove, and *also* embedded the binary user-GUID, spread around in the metadata block. Once you *thought* you'd removed all trace of your name, I'd still be able to track who'd uploaded files - enough files... time to emulate a ton of bricks. Given the pay-for timestamp and the appearance-on-the-network time, I ought to be able to tell who's just "sharing" files as a policy after a while...
Simon
Physicists get Hadrons!
Holy crap! I haven't seen this poorly of researched or obviously clueless article in a while. Apple isn't suddenly adding your personal data to songs. They've always done that. They just did not remove that when they pulled the DRM.
Author suspects that this is to prevent you uploading them to a network."Well since such behavior would be illegal in almost every country Apple does business, I'm not sure why people should be so concerned about it. If you're obeying the law, this affects you not at all. If you're breaking the law, well, you're probably not paying to buy music in the first place so you won't have any of this music. If for some reason you are buying songs and intentionally republishing them without a license, well hopefully you're not so idiotic that you can't strip this data off. This data is nothing to worry about in my opinion. It is plaintext and easily removable. If you are a criminal you should be worrying about watermarking of files, which Apple may or may not be doing and which all the other music stores may or may not be doing. That is something a lot harder to detect.
Personally, I'm just not illegally publishing copyrighted works (and not buying from Apple either) so I don't see why I'd care. Note, this is not DRM in any way. DRM stops you from taking actions. This simply might make it easier to discover who took an action after the fact. This is no more DRM than your own upload logs are.
That Mateo_LeFou is an utter moron if he/she can be describe this as a "nice piece". And Taco is just trying to get people all up in arms for posting it.. I beleive the first post perfectly illustrates the innaccuracy and trollish nature of the "article". Nothing to see here..move along
So many injustices..so little time..
Remove said personal information from the ID3 equivalent before uploading said file. Or is this information in some weird watermarking system I don't know about?
No. There is no weird watermarking system (though some people do suspect Apple of using hidden watermarks or steganography).
The information is stored in international standard MPEG-4 "atoms". In fact, they're even preexisting atoms for the purpose of storing name and email address. They're not secret, and not hidden.
If people are hell bent on uploading their files after they've purchased them, there's a number of ways the identifying information can be removed.
Plenty of people around who say, "But what if I then change the name and email to that of my most hated enemy and upload those??" though. Yeah. Okay.
...which makes it so damned easy to find and erase that one must conclude that the personalization has *NOTHING* to do with DRM. Honest to god, even the most retarded programmer would encrypt the information so that it isn't easily discovered.
--
Don't like it? Respond with words, not karma.
There is a serious point here. Not particularly about Apple or music. The question really is about electronic media and traceability and reading/viewing/listening habits. To get the potential issue, you have to fast forward a few years. Now most of the press and pamphlets and magazines have migrated online. Some minority book publishing has also. At this point, every book, record or mag anyone buys online has, imagine, a name and address in it that is verified to a credit card.
Do you really feel completely comfortable about that? Do you for example feel comfortable knowing that that little radical publisher whose mag you subscribed to, and that has just been raided for some good or bad reason, has put your name and address in everything you bought from them? Lets say you live in some country where there had just been a change of regime.
I don't. It seems that if someone wants to write his name and (email) address in his books, or on his record or DVD covers, fine, he should be free to do it. But I cannot see the vendor writing it in the copy as a default in a way that needs tools to take it out again.
Its not about Apple - to the extent that this is just repetition of an old story about Apple its silly. But there is a serious question underneath this. To what extent do we want to be buying online exactly the same anonymous stuff we buy physically? This is not a silly question at all.
My files were stolen. Prove me wrong.
---- Booth was a patriot ----
It may be illegal to share some files, but the practice of file sharing by itself is NOT illegal. Don't go around claiming otherwise.
Besides, embedding personal info is not DRM. Wikipedia sums it up nicely:
Digital rights management (DRM) is an umbrella term referring to technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device.
Assorted stuff I do sometimes: Lemuria.org
I encourage everyone to access the firehose and vote this article down.
Sad to say, but whoever wrote that article is clueless, and it does not deserve to be on slashdot (or anywhere else).
I can only think that it made the front page because it mentions both Apple and DRM in the title, causing lots of people to flag it up by reflex. It should be buried.
I lost my sig.
Hmm. Let's think about this a minute. How long until the first illegal music files watermarked to Dave Schroeder (das@doit.wisc.edu) turn up in P2P?
Running a little fast and loose with the term "watermarked", eh?
So a name and email address in a standard MPEG-4 atom intended for such purpose is now a "watermark"?
Since Apple maintains the authoritative purchase history of all transactions with the iTunes store for all users (and is also user-accessible), it would be ridiculously easy to prove that purchase was never made.
Still nice to know that there is such hatred of Apple that you'd insinuate that someone disseminating correct information about Apple should be targeted for online harassment, though!
If I have nothing to hide, you have no reason to search me
I agree entirely with this poster. The original article is neither well-reasoned nor well-organized.
As I see it, the Apple encoding lets you do whatever you want with your purchase, as long as you are willing to take responsibility for it. If you believe that music should be free, there's nothing to stop you from standing up for your belief and posting your downloads anywhere you want.
If you do, you will earn public recognition --- and perhaps the admiration of those who don't want to pay for their own downloads --- for sticking by your principles. You may also earn the recognition of the music's copyright owners, and that may be less enjoyable. But if you're not willing to accept the latter recognition, then you don't deserve the first.
Fortunately there's an easy solution; just don't post your downloads. I doubt that anyone will punish you for refraining. You can still enjoy them however else you choose and much more easily than you could before.
Peter
Yeah right, because, if someone steals my laptop, my biggest concern would be my name and email address embedded in my iTunes music (Tongue-in-cheek). Please!
Believe it or not, it's possible for corporate leaders to actually have opinions and convictions about things. One mistake people like yourself make is that when you read anything that shows Apple in a positive light, you think that anyone agreeing with that thinks Steve Jobs is a "god" or some kind of savior.
Wrong.
It may be a "good business move" for Apple to start going down the no-DRM path. It may also be that everything Steve Jobs said in his anti-DRM "manifesto" of sorts is also correct, and something that he actually believes. The two aren't mutually exclusive. Also, if removing DRM is such an obviously good business decision for the "bottom line" and "profits", then why was Apple the first major entity to actually do it in any meaningful or high-volume way with mainstream music?
Being "pro-Apple's-bottom-line" is fine. But that doesn't preclude Steve Jobs from having personal opinions and motivations that shape the way he runs the company. This whole "a corporation's only duty is to maximize profits and nothing else" line is garbage. On your region code arguments, you make assumptions that Steve Jobs has single-handed control over how Disney does all distribution of movies. You also ignore the incredibly complex situation with regard to regions for DVDs, which, for better or worse and no matter anyone's own opinion on them, are designed to allow for rollouts at different times in different regions of the world AND support the simply truth that some products can reasonably be sold for more in some markets than others. The owner/creator of the content has at least some say in the fact that they may want to sell something for $30 in the US, but $7 in Asia, do they not? Or are we arguing for globalization after all? I can't keep track.
The fact of the matter is that Steve Jobs and Apple have now done more than any media, music, or computing industry company to tear down DRM where it counts, i.e., on mainstream content that is encumbered with DRM. I don't care if some indie artist is selling no-DRM music on eMusic. Good for them. We don't need to concentrate on indies who already sell without DRM, do we? We need to concentrate on the big labels who ARE selling with DRM. Apple has done more in the anti-DRM campaign in rhetoric, posturing, words, and now, action, than any other entity to date. Does that make Steve Jobs a "god"? Nope. It's just the simple truth. In the end it doesn't really matter if it's "good for Apple's bottom line", or if Steve Jobs really does believe everything he said about DRM, if it's good for you as a consumer, does it?
On the subject of iPod, you're arguing that Apple is somehow doing something any differently from any other peer vendor in this industry with regard to manufacturing. Would people pay $1000 or more for an iPod? You over simplify the situation by making everything mutually exclusive: Steve Jobs *could* make the iPod in better conditions, at the same time ignoring the fact that any such move would completely decimate the iPod. As long as a company is abiding by the laws in the countries in which they operate, I don't care where they are based or who they sell to: your problem is with the host nation (China), not with Apple. And sure, some people make the problem with the company instead of the country because they think their "action" will best be spent there. Fine. Good for them. Let them vote with their wallets.
I don't ever think anyone really said Steve Jobs was a god in all these straw man discussions. But believe it or not, individual opinions, convictions, and intent can shape a corporation just as much as any "concern for the bottom line". If concern for the bottom line was all that mattered, Apple should have been doing great under Gil Amelio. Some might say, "No, that just means Amelio was a bad businessman and Jobs isn't."
Or could it mean that there's more to the bottom line than these latent (or overt) anti-corporate arguments?
Its:
/. articles seem to want. Best /. article ever!
a)Late, this stuff came out weeks ago
b)Wrong, as many posts have already demonstrated
c)Pompous, well, 'nuff said on that one
It's got the holy trifecta that all
Monstar L
If rights aren't being managed digitally, it's not Digital Rights Management. I'm sorry, but defining DRM as "any practice Whuffo doesn't like" is not worth your +4 Insightful.
Your assertion that M4A is an "unusual format" is completely absurd for starters, but let's go down that slope a little more. Are you really saying that it's DRM unless you put your files in the most common format available? That the entire industry ought to be forever locked in to 90's era technology with demonstrably inferior sound quality?
But what really takes the cake is your assertion that the tags (the information isn't "embedded") represent a "restriction" when the only restriction is copyright law. This is an empty and offensive line of reasoning. Next you'll be calling a vinyl LP DRM, because it's hard to extract the music in digital form. Or the plastic wrapper on a CD case will be DRM since it makes it harder to get to the music.
In short, you've created an argument that simply allows you to criticize whatever company you don't like, which today happens to be Apple. By the way, increasing the bitrate on music is a matter of diminishing returns; the difference in quality between 128 and 256 is way greater than the difference between 256 and lossless.
I have seen the future, and it is inconvenient.
it's a trust thing.. Apple is trusting you with somebody else's music file, they expect you to take care of that data file by putting your personal info inside the file. There's nothing "wrong" going on here. They expect you to protect that info that they sell for you to have the same as your own personal info... it's a CONTRACT you made when you paid money and downloaded the song.. even without DRM. No DRM does not mean no personal responsibility.