Apple's DRM Whack-a-Mole

Mateo_LeFou writes "Gulf News has a nice piece exposing the last couple generations of Apple's DRM strategy (you didn't really think they were abandoning DRM, did you?). Article focuses on how quickly the tactics are worked around, and how nasty the latest one is: purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."

Couldn't be more ranty, or wrong

[daveschroeder]

I'm just going to ignore the DRM circumvention garbage that comprises the first half of the article, considering Steve Jobs is by far the most influential person in music, media, and computing to call DRM out for what it is.

The first half of the article is nothing but an anti-Apple rant, actually insinuating that Apple is on a mission to not let their users burn music to CD, which is completely and utterly false.

Then, the article drops this gem:

Turns out that Apple has been embedding its files with user information. iTunes customers have been downloading files that contain both their names and their email address.

"Turns out"? Let's continue...

How long this has been going on and just why Apple has felt compelled to do so is still a mystery - the company so far has refused to comment

A mystery? This has been going on since day one, and has never been a mystery. And even if it is a "mystery" on the non-DRM files, it was never a mystery on the DRM files, was never hidden, and was never secret. This has been known, never obfuscated, and obvious to anyone who clicked "Get Info" on anything purchased from the iTunes Store, ever.

but the reason seems obvious.

Oh, please. Do tell.

The embedded data won't prevent anyone from listening to their music files ...which is what I thought the purpose of calling for no-DRM was. You know, so we could all use our files we legitimately own on any device.

but it might deter them from uploading them to a file-sharing server.

O, the humanity! Really??? It might deter people from that?

Well, let's take a look at the logic, here. It was never secret on the DRM files, and it's not secret on the no-DRM files. But, Apple also never overtly publicized it. So, if it's not even talked about, how is it a deterrent, exactly?

But the message is clear: take our songs public, and we'll take you public.

Oh, that's the message, is it? So we've been calling for no DRM for ages, so we can legitimately and legally use our music files, and now people have problems with not being able to do things with them that are strictly illegal? If you want to bash copyright or the fact that you can't legally share anything and everything with anyone with no repercussions, do that. But don't blame Apple because an incidental name and email address is in a file that you shouldn't be uploading anyway.

And to all the idiots who think this could be somehow "used against them" without their knowledge, it would be easily, easily provable that someone never made such a purchase from the iTunes store. But that's a different argument entirely. All these fringe examples of how something MIGHT be able to abused that makes all sorts of suppositions that aren't necessarily even true - that Apple put the information there for this purpose, or that it would ever even be used that way, by anyone, or that falsifying no-DRM tracks from iTunes and then uploading them to P2P networks will suddenly become routine harassment - are starting to get old.

Sure, encrypt the data. But you know what? if it was encrypted, do you really think all the people howling about this wouldn't be complaining even more? After all, it's still identifying information, and now it's encrypted! Maybe the RIAA has the key, and they're all going to come after you! Why is Apple hiding this information??? Does anyone really think that wouldn't happen?

My favorite quote of all this was from an EFF attorney; to paraphrase: if someone steals your iPod, the thief would have the name and email address of the rightful owner!

Oh, yes, I agree: what a nightmare scenario that would be!

Re:Couldn't be more ranty, or wrong

[Dasher42]

Hear hear! I nominate "Area man oppressed, end to freedom to swing his fist where neighbor's nose begins" as the new title for this presumptuous, trifling article. People fighting the good fight for fair use hardly need the company of the no-social-contract crowd. So the file has been branded as yours. That steps on your legal rights how? And while laws may be right or wrong, the ones governing uploading of someone else's copyrighted work without permission are wrong... how?

Thanks for ripping this article a new one. Comments like this make Slashdot valuable, rather than the way the social anarchist whining seems to get a free pass to the postings.

Re:Couldn't be more ranty, or wrong

[Blondie-Wan]

"Found"? It was never hidden. It was plainly visible, clearly intentionally, from day one. I'm absolutely flabbergasted people think this is some insidious new development or that it's been sneaked in in hopes people won't see it.

Have the people expressing shock and outrage never used iTunes, or what? Seriously, the purchaser info is RIGHT THERE in the same tab in the "Get Info" window that displays the track length, play count, file format, bitrate, and other data that's clearly, readily, deliberately accessible to users, and IT HAS BEEN EVER SINCE THE STORE OPENED IN 2003.

Re:Couldn't be more ranty, or wrong

[Belacgod]

IAWTC. Filesharing is illegal, and any DRM that doesn't reduce legal functionality is alright in my book. I can put these files on my ipod, computer, other computers...that's all I need. Anyone who complains about this has revealed themselves as no advocate for freedom, but an advocate for theft.

Re:Couldn't be more ranty, or wrong

[vux984]

A mystery? This has been going on since day one, and has never been a mystery. And even if it is a "mystery" on the non-DRM files, it was never a mystery on the DRM files, was never hidden, and was never secret. This has been known, never obfuscated, and obvious to anyone who clicked "Get Info" on anything purchased from the iTunes Store, ever.

EXACTLY.

This is about as 'evil' as the time I bought a book on special order. The staff had put a paper insert inside the front cover with my name and phonenumber, presumably so that they knew who had ordered it. But they didn't tell me!! And it was personally identifying!!... why if I had started committing crimes with that book the police would have had my name and number!! I'm never buying a book from that company again! /sarcasm

My favorite quote of all this was from an EFF attorney; to paraphrase: if someone steals your iPod, the thief would have the name and email address of the rightful owner!

Heaven help the poor sap if someone were to steal his cellphone. or his wallet. or his briefcase. or his laptop.

Well it's clear..

[Rytr23]

That Mateo_LeFou is an utter moron if he/she can be describe this as a "nice piece". And Taco is just trying to get people all up in arms for posting it.. I beleive the first post perfectly illustrates the innaccuracy and trollish nature of the "article". Nothing to see here..move along

Re:So...

[daveschroeder]

Remove said personal information from the ID3 equivalent before uploading said file. Or is this information in some weird watermarking system I don't know about?

No. There is no weird watermarking system (though some people do suspect Apple of using hidden watermarks or steganography).

The information is stored in international standard MPEG-4 "atoms". In fact, they're even preexisting atoms for the purpose of storing name and email address. They're not secret, and not hidden.

If people are hell bent on uploading their files after they've purchased them, there's a number of ways the identifying information can be removed.

Plenty of people around who say, "But what if I then change the name and email to that of my most hated enemy and upload those??" though. Yeah. Okay.

Re:Right click, Convert to AAC/MP3/etc.

[Mix+Master+Nixon]

Why would re-encoding even be required? In the absence of DRM, couldn't you just pass the AAC stream unchanged into a new MP4 container with no personally identifying information or even just delete that information from the existing MP4 file?

Re:Nasty?

[RalphBNumbers]

It's not even a watermark, it's just a couple of plain text metadata atoms (the MPEG-4 equivalent of ID3 tags).

This is basically the digital equivalent of printing your name on the receipt and putting it in the bag when you buy a CD. No one's forcing you to keep the receipt if you don't want to, and no one's going to read it but you anyway unless you choose to staple it to a public bulletin board for some odd reason.

I'm incredibly disgusted with the negative spin many people online have managed to put on Apple's move to sell DRM-free music. If you ever wonder why so many companies screw their customers, I think this illustrates one of the reasons. There's no upside in *not* screwing your customers; a lot of people can't or won't even recognize it when they're given everything they wanted.

File sharing is NOT illegal

It may be illegal to share some files, but the practice of file sharing by itself is NOT illegal. Don't go around claiming otherwise.

Re:So...

[daveschroeder]

Hmm. Let's think about this a minute. How long until the first illegal music files watermarked to Dave Schroeder (das@doit.wisc.edu) turn up in P2P?

Running a little fast and loose with the term "watermarked", eh?

So a name and email address in a standard MPEG-4 atom intended for such purpose is now a "watermark"?

Since Apple maintains the authoritative purchase history of all transactions with the iTunes store for all users (and is also user-accessible), it would be ridiculously easy to prove that purchase was never made.

Still nice to know that there is such hatred of Apple that you'd insinuate that someone disseminating correct information about Apple should be targeted for online harassment, though!

Re:Nasty?

[Tom]

Apple gives you a no-DRM file, and slaps a watermark on it so that, No, they didn't.

I know this is /. and all, but how about at least getting the basic facts right?

One, it wasn't added, it had been there before.
Two, it's not a watermark, it's some embedded text.
Three, the text is even embedded in plain text format.

Re:Nasty?

[NtroP]

Apple gives you a no-DRM file, and slaps a watermark on it so that, if you're so inclined to share it with wild abandon, they can ID you.

Except there IS NO watermark. There is only your name and email address, unencrypted, in a part of the file that's supposed to contain meta-information. This is no different than Canon deciding to put my name and email address in the EXIF data when I take a picture. Watermarking would mean modifying the actual photo (or music) portion of the file so that the identifying data was intrinsic to the media itself. Apple has done none of this.

All this hand-waving is people showing their true colors. They are pirates at heart and simply want to complain. Most of the music on my iPod is ripped from my CDs. A lot of the music on my iPod is purchased (w/DRM) from iTMS. Some of the tracks on my iPod are from P2P networks, downloaded illegally. Do I feel guilty? No. Should I? Probably. But at the time I acquired those tracks they weren't available on iTMS. I've also discovered new bands through P2P and have since purchased their albums from either their web sites (if they had CDs for sale there) or iTMS when I found them there.

I have no intention of sharing my purchases publicly. I like the fact that music I purchase has my name on it. I put stickers on my CD and DVD cases too, specifically so that when I DO lend them out to friends or co-workers, they know whose it is and can get it back to me. I lend quite a lot of my music and movies to friends and use Delicious Library to track who has it and when it is due back. If they like what they borrow, they know they should purchase it for themselves. My tastes are somewhat esoteric, but I've gotten a lot of people hooked on some under-the-radar, good shows and bands this way. Did some of the borrowers rip my CDs when they got them? Undoubtedly. Did they then share those tracks on P2P? Maybe. But now, when I lend a friend a copy of an iTMS file I can tell them not to share it because it has my name on it and I purchased it legally. The people I lend to won't have a problem with that and neither do I.

The rest of the whiners need to STFU. They are just proving the RIAA right to think that all we want to do is pirate music and so we must be controlled like little children. I don't pirate music unless I'm not given an acceptable alternative. I've found my acceptable alternative and I'm glad it has my name on it. After all, I paid for it. It belongs to me. If I decide to sell it, I suppose I'll have to change the name, but then, If I decided to sell my engraved bracelet, my engraved wedding ring or my headstone, I have to have the name changed as well. Good thing I'm not planning on selling off my music collection any time soon...

Apple's Encoded ID data is reasonable and fair.

[lucius.aemilius.paul]

I agree entirely with this poster. The original article is neither well-reasoned nor well-organized.

As I see it, the Apple encoding lets you do whatever you want with your purchase, as long as you are willing to take responsibility for it. If you believe that music should be free, there's nothing to stop you from standing up for your belief and posting your downloads anywhere you want.

If you do, you will earn public recognition --- and perhaps the admiration of those who don't want to pay for their own downloads --- for sticking by your principles. You may also earn the recognition of the music's copyright owners, and that may be less enjoyable. But if you're not willing to accept the latter recognition, then you don't deserve the first.

Fortunately there's an easy solution; just don't post your downloads. I doubt that anyone will punish you for refraining. You can still enjoy them however else you choose and much more easily than you could before.

Peter

Re:Right click, Convert to AAC/MP3/etc.

[blacklint]

Yes, you could. Quite easily. Heck, I don't even have an application installed for editing the metadata, so I just opened one of my iTunes Plus files in a hex editor, searched for my real and account names, and overwrote them with useless data (Anonymous User and someoneelse - same lengths). Done. That was hard.

Ok, granted, most people aren't going to open a hex editor to do something so simple. Which one wouldn't have to, since editing audio tags is a perfectly valid thing to do, so there are multitudes of programs to do just that. I'm pretty sure you could do it using Atomic Parsley.

I'm really tired of people trying to make an issue out of this. As has been pointed out many times, your account data has been in files from the iTunes store from the very beginning. Your name not DRM. Does having your name in the file prevent you from doing anything? No! And as the tags are not encrypted, they are obviously not intended for tracking files on peer to peer filesharing as I could change them to reference anyone. I find having the data there helpful, as I can tell whether a specific file was purchased by me or my dad. If you don't like it, just get rid of it!

Besides, didn't everyone cheer when some stores introduced audio watermarking which would actually prevent you from putting the original file on peer to peer networks, unlike this?

Re:shame on Apple

[duckbillplatypus]

Yeah right, because, if someone steals my laptop, my biggest concern would be my name and email address embedded in my iTunes music (Tongue-in-cheek). Please!