Privatunes Anonymizes iTunes Plus

njondet writes "French-law.net reports that Ratatium.com, a French website specialized in technology news and software downloads, has just launched Privatunes, a free software that anonymizes DRM-free files bought on iTunes Plus. Last month's revelations that the DRM-free files sold by EMI on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns. Ratatium.com explains (in French) that Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased. However, the claim that this software is perfectly legal will surely be tested."

A little self-important and misguided...

[daveschroeder]

From their site:

5 reasons to erase private information from my legally acquired iTunes Plus library:

Yeah. A name and email address. On an electronic file that you purchased. In name and email address fields in the clear. How...wrong.

1. Am I still a child who needs his pencilcase and schoolbag tagged with my name?

Utterly irrelevant to the discussion.

2. I bought the damn tune, but someday I may want to sell it (hey, how is it more stupid that selling old CDs ?).

It's not "more stupid" than anything. And since Apple is the first entity that's even allowing this possibility at all with mainstream music from mainstream labels on any meaningful scale, I guess I must not recognize your gratitude.

3. I just have a thing for privacy. Is it dirty?

No, but it's dirty when you think everything is automatically an "invasion of privacy".

4. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister???

How do you know the reason the name and email address is there is for tracking file sharers? How do you even know that would stand up in court? Why does everyone assume that's the reason it's there? Has it occurred to you that this might have been a concession to the labels to make them "feel good", or any number of other reasons? Has it occurred to you that since name and email address have always been included in all purchases from the iTunes store that, uh, maybe nothing has changed?

What if the EU mandates a system for returns and refunds someday from the iTunes store? Wouldn't your account name and email be an easy way for normal individuals to return songs? And before anyone says, "Well, it should be encrypted, then," can you honestly look at me with a straight face and tell me you wouldn't be even more upset that Apple was including unknown personal information, encrypted, in each song bought from iTunes? If it's there at all, it's actually preferable that it's plaintext, because then there are simple ways to remove it without anyone being able to claim that you're breaking some law for removing encrypted information or some other ridiculous thing.

"But it shouldn't be there in the first place."

I know, this is the part is a difficult situation since it is mandatory for all persons on earth to purchase from only the iTunes store. If only Apple didn't force you to buy no-DRM songs from iTunes.

Oh, wait...

5. I thought good customer-seller relationship ment something like... how do they say, "trust' ?

Why do you assume that an electronic item you purchased yourself from the iTunes store having your name and email address embedded in internationally standardized MPEG-4 atoms intended exactly for that purpose somehow equates to lack of "trust"? "Trust" to do what?

I thought the main argument against DRM was so that we could use our files anywhere we wished, on any device we wished. Now we can. Sure, it has your name and email address in it. It's not hidden. It's not a secret. It doesn't matter if most normal users don't realize this. It's still not hidden, nor is it a secret. Most "normal users" don't "realize" a lot of things.

And from the summary:

However, the claim that this software is perfectly legal will surely be tested.

Tested by whom or what? For what purpose?

The software is perfectly legal. Why is this even in doubt? It's a file with no DRM, and you're removing text that is IN THE CLEAR, IN PLAINTEXT in the file that YOU BOUGHT. Removing it by ANY MECHANISM is perfectly legal in any jurisdiction I can think of.

No DRM means just that: no DRM. No encryption. No reverse engineering. No DMCA provisions. Etc.

If you want to make an anonomyzing tool, great. But don't puff it up to be more than it is.

Again, my favorite quote that sums up the stupidity of the outrage over a name and email address being in a file you purchased, from a Gartner analyst:

Re:A little self-important and misguided...

[sqldr]

Mod parent up. Apple extends a hand of trust to its users, and some idiot comes along and deliberately screws up the one argument I had against DRM:

* I'm not trying to steal/share it, I just want to be in control of it.

I was quite happy to put my name in there if it's enough to keep the music producers happy.

Re:A little self-important and misguided...

[Red+Flayer]

The software is perfectly legal. Why is this even in doubt?

Because US courts have ruled that a service provided for the purpose of breaking copyright is liable for civil damages (see Napster, et al). While anonymization services are theoretically not there to encourage copyright violation, it could be argued that this is exactly the purpose of this software -- a lot would fall to how the software is advertised.

As for this being illegal, note that copyright protection applies to media regardless of whether or not it's DRM'd. Just because it's DRM-free doesn't mean it's in the public domain, and it can certainly be argued that a tool primarily used to evade detection by those breaking the law is illegal.

Regardless of how we feel about it, all the outrage in the world doesn't change the facts of how the US legal system handles those who encourage a clearly illegal action.

Re:A little self-important and misguided...

[paintswithcolour]

"4. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister??? "

But surely this software proves how easy it is to change such details anyway...there's no reasonable way you can use a plain text, easily changed header as evidence for any prosecution...otherwise I could load up a load of songs with people I don't like and stick them on P2P.

Re:A little self-important and misguided...

[djupedal]

The issue isn't 'what' Apple's process involves, it is 'how' Apple has to date failed to apply an otherwise seemingly transparent privacy policy by telling users about it. Apple states their policy has not been updated since 12.2004 - they need to simply add verbiage explaining that certain basic (personal) information tags are routinely created and embedded withing EVERY song in your iTunes library. Disclosure - transparency - fair...simple. Done.

BTW...if you wish to strip said info for whatever reason, these are the atoms you need to target:

• (apID)
• (cprt)
• (iods)

Re:A little self-important and misguided...

. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister??? How do you know the reason the name and email address is there is for tracking file sharers? How do you even know that would stand up in court?

How do you know that you didn't really, really piss me off and I didn't buy iTunes songs, change my name and address to yours, and upload the suckers? It's not like these guys' software is the only tag editor there is.

-mcgrew

Re:A little self-important and misguided...

[Zebedeu]

So how about my list of reasons:
1. Because it's my file and I can do whatever the hell I want with it as long as it's not illegal.

Oh, and this:

It's not "more stupid" than anything. And since Apple is the first entity that's even allowing this possibility at all with mainstream music from mainstream labels on any meaningful scale, I guess I must not recognize your gratitude. I owe nothing to Apple just as they don't owe nothing to me. I already showed my "gratitude" when I traded my money for their product, just as they showed their "gratitude" by supplying me with said product.

Maybe you think Apple is doing the right thing and you want to reward them for it, but understand that for a lot of other people, this is just business as usual, no morals involved.

Re:A little self-important and misguided...

exactly. Apple hands control of music over to the user (a good thing right?) and all people seem to be able to do is to attack them. WTF! How can they win? Why should they bother?

Truth is that the people who criticise them simply don't want to pay for the stuff they get. In other words they are thieves. In other words people who criticise Apple over this kind of thing are (most not all) abusing the internet and see it as an opportunity to steal other peoples work, instead of the opportuties for business and entertainment that everyone thought it could be. If the net loses its freedom then it will be there fault.

Apple have achieved their success by ensuring that there products do the job that there designed to do, and do that job far far better than any other company. Stop attacking them when they do something right, like no drm on tracks!! Grow up.

Re:A little self-important and misguided...

[Blakey+Rat]

When this crap first came out, I saw that Gartner quote. And my first reaction was, "do these morons realize that iTunes syncs your address book by default? And your own address is in your address book?" Why would the thief have to extract the music file from the iPod (something that isn't trivial for the layman) and go through all the effort of finding the ID3 tags and reading the name, when they could just get the *address* from the iTunes interface?

Not to mention, if he's worried about a stolen iPod, imagine how he'd feel about a stolen laptop or cell phone.

Re:A little self-important and misguided...

[Blakey+Rat]

It would be a looong stretch to say that because Apple and/or the RIAA added your name and email address to a file, they now have copyright protection over your name and email address. You're also making the same assumption of the original article that the purpose of adding that information was to prevent copyright infringement... maybe Apple was just filling up the name and email fields that already existed in the file format because they have a thing for completion. No court in the land.

Re:A little self-important and misguided...

[Pofy]

>Because US courts have ruled that a service provided for the purpose
>of breaking copyright is liable for civil damages (see Napster, et al).

And here I thought that the program came from France on a French website talking about French issues for French people and then you bring up US laws... Oh well.

Re:A little self-important and misguided...

[Red+Flayer]

Sure, because a program made in France is impossible to use in the US. And because Slashdot is (like it or not) a US-centric site.

Re:A little self-important and misguided...

But this hasn't changed since 12.2004...what is your point?

Re:A little self-important and misguided...

[Red+Flayer]

I think you misunderstand my point. It's not that Apple/RIAA et al now have copyright on your name, what is relevant is the copyright on the media.

You're also making the same assumption of the original article that the purpose of adding that information was to prevent copyright infringement...

What Apple/RIAA et al intended by adding the user data to the media file is immaterial. What matters is the intent of the company that wrote the software to strip the data. If they intended to facilitate illegal distribution, they can be held liable according to US law -- of course, being a French concern, there are some issues with jurisdiction. Familiarize yourself with the Napster case, and you'll see why this is true.

As to "No court in the land.", see 2. Gershwin Publishing Corp. v. Columbia Artists Management, Inc., 443 F. 2d 1159, 1162 (2d Cir. 1971), which established contributory liability (as used as precedent in the Grokster case):

The standard definition for contributory copyright infringement is when the defendant, "with knowledge of the infringing activity, induces, causes or materially contributes to the infringing conduct of another."

.

Any court in the US could very easily, and would quite likely, find that the publishers of this software induce the infringing conduct of others -- again, depending on how the software is marketed and/or distributed.

Please, do some research before assuming that no court in the land would find against the company. The sad and scary truth is that the media cartels have persuaded the US government to uphold their interests over those of the consumer, with the force of law.

Re:A little self-important and misguided...

[Blakey+Rat]

Fair enough, you obviously know more about the law than I do. But the fact remains that the service this software provides is stupid and pointless, so if they get sued out of existence it doesn't really matter, does it?

Re:A little self-important and misguided...

[mattatwork]

I understand the idea behind taking any trace of yourself out of the music downloaded from iTunes so you can then go on to put it on the latest, greatest P2P site. My question is won't the RIAA notice these high quality (256 kbit/s) files that are the exact same thing as what's available on iTunes and still subpoena the user distributing the music? It may not have your name, but if they can get your ISP to turn over your name from your IP address, you're still busted illegally distributing copyrighted music and they might tag something on for removing the user data in the file. It just doesn't seem like a major advance to me....

Re:A little self-important and misguided...

[Red+Flayer]

Well, two issues that I think are of concern:

1. It's a french company, I'd hate to see American law used as justification for a company overseas to get destroyed.

2. It would further cement the undue influence the media cartels have over the US judicial system. It's a little more tenuous than Grokster, but a suit against Privatunes could be upheld, in which case there is further precedent for anyone connected in any way at all to copyright violations to be held liable.

One little step at a time, that's how we lost the rights to our property -- and how we'll lose the rights to our own sensatory experiences.

Re:A little self-important and misguided...

My name and email does not belong on _things_ in general, electronic or otherwise. Not on my car's bumper, not on a restroom stall, not on things that I purchase. If the GAP tried to stamp them on every shirt I buy, I don't care how "harmless" that is, it is still against my wishes.

And asking "why not?" is outrageously arrogant. It is none of your fucking business why I don't want my email on things. Stop harassing me about that which I consider private.

Re:A little self-important and misguided...

[ScriptedReplay]

To get this out of the way, I'll say that while I don't necessarily approve this program as the answer, I agree that privacy concerns exist with the currently-embedded metadata. Now, to your post.

2. I bought the damn tune, but someday I may want to sell it (hey, how is it more stupid that selling old CDs ?).

It's not "more stupid" than anything. And since Apple is the first entity that's even allowing this possibility at all with mainstream music from mainstream labels on any meaningful scale, I guess I must not recognize your gratitude.

To quote your previous line - utterly irrelevant to the argument. WTF has gratitude to do with privacy here? FWIW I think this is one of the places were his list makes something of a point and by an interesting coincidence you're being disingenuous about it. Perchance it's more difficult to refute than the dumb arguments? [In more detail, in case you were actually honest about trying to refute the point, let's expand on it: second sale doctrine allows resale; DRM made the resale worthless, which is OK with SSD, but no-DRM changed that. Now, assuming I do resell - pennies for a dollar is good enough for some - I no longer have control over what the new owner does with the track. Assume they have the 6yr-old step-sister that puts it on p2p and lawsuit-happy RIAA finds it and sues me. Now, I might prevail if I get to prove that I no longer own the track, but that will be tedious at best. And since the case can be viewed as a honest one, I doubt I'd get them to pay attorney fees. So it makes sense to try and prevent such a development, don't you think? Here's 2 that says you would have had a better argument questioning the legality of selling the anonymized version of the file instead of the original.]

4. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister???

How do you know the reason the name and email address is there is for tracking file sharers? How do you even know that would stand up in court? Why does everyone assume that's the reason it's there? Has it occurred to you that this might have been a concession to the labels to make them "feel good", or any number of other reasons? Has it occurred to you that since name and email address have always been included in all purchases from the iTunes store that, uh, maybe nothing has changed?

Well, you certainly look like you have an agenda here. While I don't agree with this argument from the "she did it, her guardian is responsible for not explaining things to her" perspective I don't see you making a valid argument either. Who cares what the 'official' reason is? could be "so that faerie pixies know where to come and make it sound better when you listen to the file" for all I care. If past behavior shows anything is that a system that can be used for a corporation's profit will be. Any argument that a RIAA lawyer can bring to court will be brought - why, look at what they used so far, something like "metadata says you purchased this song" is positively incriminating by comparison. And again, what changed is that a 'stolen' track now can be actually useful for whoever steals it without any reprocessing (which would have stripped most of metadata anyway) so the risk of your info making it on p2p is higher. And about standing up in court, you seem to conveniently forget that the likes of RIAA don't much care how valid their argument in court is if they can threaten you with an expensive lawsuit that in itself will make you settle. Please wake up to the 21st century paradigm shift in lawsuit strategy - you don't need a valid argument to win, only enough money compared to the other guy. Reminds me of the winning strategy for coin-flipping games, actually.

I won't repeat the argument for your 'rebuttal' to the Gartner analyst quote. You should have gotten the drill by now - and if not it would be pointless repetition anyway. What I would like is some link to back up your claim that no steganography is used - for a guy who revels in placing links all over his posts that one is conspicuously absent. Mind you, I'm not asserting it's untrue, but I will beg to be excused if I won't take only your word for it.

Re:A little self-important and misguided...

[Afecks]

there's no reasonable way you can use a plain text, easily changed header as evidence for any prosecution
Who said prosecutors are reasonable? It seems you are a little too idealistic. The attitude "justice will prevail" is a good one to have but fairly stupid to rely solely on that without protecting yourself.

According to your logic, we should just let the system take it's course. Eventually after we get sued for distributing copyrighted music, spend money on lawyers and miss work to fight a legal battle, justice will prevail.

Now who's being unreasonable?

Re:A little self-important and misguided...

[dthree]

Truth is that the people who criticise them simply don't want to pay for the stuff they get. In other words they are thieves.
Not following your logic here. How is someone wanting to remove personally identifying information from a a file THEY PURCHASED a theif?

Re:A little self-important and misguided...

If people don't want their name on every music file in their library, that's just fine and dandy. Its their files.

Privatunes arguments do make sense. I can visualize someone's iPod getting stolen in a high school, and someone who wants to cause trouble deliberately sharing all the songs residing on it, just to have the RIAA file a copyright violation lawsuit against the victim. Or, people deliberately forging the name and E-mail address fields to make it look like someone is doing this.

Of course, most people out there (who are likely to be empaneled on juries) have zero clue about how music files worked, and presented with an argument by the plaintiff's attorney of "these files have the defendant's name and special ID on them, and given out", they WILL find for the plaintiff.

I don't see why so many people hate Privatunes. You don't have to use it if you don't want, and the only real people that I see hating it are the Apple fanbois.

Re:A little self-important and misguided...

[Original+Replica]

I generally agree with you, the owners name being tagged to the file is a fair compromise between the interests of the labels and the interests of the customer. It's parallel to the serial number on a gun: If you are only ever going to use it legally you can forget that it is there. If you file it off, you are doing so to allow for misuse.

Re:A little self-important and misguided...

[sqldr]

Because by putting this data into the file (which I have no problem conforming to - there's no loss of privacy, because the file is my private data, and I'm not sharing it) is the best compromise we have to stop DRM. It means that the I'm not inconvenienced, while the theives that push up the price of music I buy are made public. Sounds great to me.

Re:A little self-important and misguided...

[MattW]

You're not a lawyer, but you play one on Slashdot?

Give me a break.

Napster facilitated infringement, because it built lists of files people had available for transfer and facilitated connections between users, and made them searchable. Napster HAD a substantial noninfringing use, and that's where intent came in; courts believed that Napster was intended to facilitate infringement.

This file stripping does not facilitate file trading. You can already trade the file just as easily without stripping atoms which would identify you. The fact that stripping atoms anonymizes files, making it harder to hold someone accountable for placing the files on a P2P network is incredibly peripheral compared to Napster, which was a tool specifically built to enable people to index and copy files efficiently.

It's also fairly irrelevent whether these files find their way onto P2P networks; they're almost certainly all there. As long as CDs are sold, their contents will be on P2P networks.

Re:A little self-important and misguided...

[Doctor_Jest]

SO CHANGE IT.

It's not difficult. It's not embedded sneakily... it's THERE. You can EDIT IT OUT. And since you are required to provide the information TO apple to BUY THE SONG IN THE FIRST PLACE, you're not exactly getting broadsided by an underhanded tactic. Really... some people just don't get it...

And putting your email address on a tune you bought that you play on YOUR computer is not the same as PUTTING IT ON A BUMPER STICKER on your car.

Not even close....

It's been said before... but only on /. do morons like you get modded insightful.

If it's against your wishes, DON'T SHOP AT THE ITUNES STORE AND SHUT THE HELL UP.

Re:A little self-important and misguided...

[Red+Flayer]

This file stripping does not facilitate file trading. You can already trade the file just as easily without stripping atoms which would identify you.

Yet it facilitates illegal file trading (i.e., infringement) by making the file all but untraceable -- note how it is marketed specifically for sharing music. This reduces the risk of being caught, hence facilitating infringement. The case CAN be made -- and thus it WILL be made, and I think it has a rather good chance of success.

I wholeheartedly disagree with how the US courts treat contributory infringement, but just as with Napster, there is non-infringing use -- yet the intent can easly be read as facilitating infringement.

Given that both Napster's site and this product result in increased infringement (I know, that has to be proven for this software), how does the mechanism make a difference when the result and the intent are the same in the eyes of the court?

Re:A little self-important and misguided...

How is the data private after your iPod is stollen after you get mugged and raped? How is it private unless you AND ONLY YOU, use that computer... ever? How is it private if your computer is hacked or your backup storage is not encrypted? The private data does not benefit you as there are better means of proving you paid for the song. The data only benefits Apple. Remove it, it is of no benefit to you. The most likely use of the data is of malicious nature towards your person.

Re:A little self-important and misguided...

That's like making the case that Tor's only reason for existence is for Child Porn or that FreeNet facilitates Terrorists. Give me a break. Anything and everything CAN be used for a negative purpose and just because some, maybe most, people will use a product for that us, the problem lies in the users not the tool. It would be different if Privatunes was a Emule plugin that stripped the file and THEN shared it for internet consumption.

Re:A little self-important and misguided...

[Mister+Whirly]

If I was mugged and raped my stupid iPod would be the least of my worries...

Re:A little self-important and misguided...

[Jesus_666]

"Some of the privacy problems, in light of this, is that anyone who steals an iPod that includes purchased iTunes music will now have the name and e-mail address of its rightful owner."

..............

Wow. Just, wow. I don't even know how to respond to that.

You don't see the problem? Okay, let's think through a little scenario here.

Someone steals your iPod. Because of the owner tags, they now have your e-mail address and name. Using Google and Google Maps, they locate your home and plan on breaking in. However, since your last name is Schroeder, which sounds German, they will assume that as a German you are automatically dangerous, so they'll get some guns to shoot back in case you charge at them with a rifle. Now, there's the issue of the German Shepherd - it doesn't have the name for no reason; the assumption that an armed and dangerous German has an equally dangerous guard dog as well is not far-fetched. So they need some fast guns to keep the fast-moving combat-trained canine in check. However, in order to pay for the MAC-10s the gangsters have to indebt themselves to the local mob, which means that now they're desperate. It is worth it, of course, since someone like you who can afford to express his taste with an iPod will obviously have a home full of high-quality A/V equipment and various expensive pieces of art. On the other hand, someone with possessions as prized as yours will invest in state-of-the-art security, possibly including armed and trained security personnel. As some puny machine pistols won't help them in this case and it was you who started this arms race when you gave those overzealous rent-a-cops guns and let them play cowboy on your property it's time to bring out the big guns just to pay you a lesson. So they also go to the Russian mob and acquire some Soviet-era RPG-29s, AK-47s and a T-72 main battle tank, hoping they can breach your defenses before you get to launch that V2 your father hid in the back yard in the 1940s. Just in case, they will also try to bring a General Electric M134 Minigun.

What started as a simple iPod theft has escalated into a full-scale war just because Apple had to tag your music with your name and you think everything's handy-dandy? I wouldn't want to live in your neighbourhood - the smoking, charred remains of it.


Escalation: It's not just for privileges.

Re:A little self-important and misguided...

http://www.macrumors.com/2007/06/01/apple-using-st eganography-in-itunes-plus-songs/

Re:A little self-important and misguided...

At that moment, it would be the RIAA coming after you in a couple years for "sloppy seconds". Bottome line, an Apple music file consists of two portions:

1) music than benefits you and represents a liability to them (small but nonzero chance you upload it to people that would otherwise buy it)
2) data that benefits them and represents a liability to you (small but nonzero chance you get fingered for crime you may or may not have committed)

The data is there because, well - to be blunt, in this instance the corporation is showing 100x the intelligence of the above average, Slashdot consumer. They (Apple, RIAA) understands the numbers and the risks involved. It would seem that many posters here care to ignore the small risk even as they deal with a corporation that refuses to do likewise.

Re:A little self-important and misguided...

[GaryPatterson]

Not every song, just the songs purchased from the iTMS. For the great majority, that's only a tiny fraction of their library.

Re:A little self-important and misguided...

[Pofy]

So a French site that turns to French Speaking French people should make sure all and any of its information is correct and relevant for every country in the world? Just because this is a US site doesn't mean that someone commenting on something in another country and argue about what is said on such a page is correct or not based on US laws which was the point I made. It is quite irrellevant. The Original poster commented on the French information which obviously is about Frnech law, so it is quite irrellevant what ever the law in Uganda, Japan or US says. Sure, you can start discussing what it would be like in the USA but that doesn't invalidate the statement made which you tried to do.

Re:A little self-important and misguided...

[Red+Flayer]

Anything and everything CAN be used for a negative purpose and just because some, maybe most, people will use a product for that us, the problem lies in the users not the tool.

Look, I agree with you -- but the US courts do not. That is my point.

I'll clarify the important part here, which is intent -- when the stated purpose of the tool is to help users do something that is considered illegal in the US (to help them distribute copies to their friends untraceably), then the intent can clearly be interpreted as contributory infringement.

Re:A little self-important and misguided...

[vakuona]

Well, if your iPod is stolen, and you are raped, you could report the crime to the police. That way, when your tunes show up on some P2P networks, you have a very valid defence.

Unbelievable.

[SatanicPuppy]

This just pisses me off. Who really cares besides people who just want to immediately dump the file straight to a filesharing network? So it's got my name and email embedded in the file? So what? Apparently unlike a lot of people who are interested in this service, I'm not planning on sending the files to anyone, and if I burn someone a mix CD, the info will be stripped when it's converted to CDA anyhow.

So what's the privacy problem? It's like someone stealing my wallet. Hell yea that's a privacy concern! What's the solution? Someone steals my iPod and they'll be able to figure out my name?!? They'll also be able to figure out what my house, wife, car, and kid look like because of the pictures on the damn thing, and don't even get me going about documents I store on the damn thing...They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" engraved on the back.

So do I actually care that my info is in the file header? Hell no! It's my goddamn file, it should have my goddamn name on it! And if I wanted to go breach some copyright, I'd at least have the stones to strip the info myself. How fricking lazy do you have to be?

When I wanted DRM-free music, I wanted it because I fricking hated not being able to listen to my damn music wherever the hell I wanted to without jumping through hoops. I've got that, and that's all I care about. Far as I'm concerned the service is fine (though a bit pricey).

Re:Unbelievable.

[niceone]

They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" engraved on the back.

I have avoided that problem by engraving "Anonymous Coward" on mine.

Re:Unbelievable.

[nlitement]

I, on the other hand, am pissed off because when I hear that I'm getting non-DRM music, I expect it to be consumer-friendly, but INSTEAD, they still use the "prove your innocence" approach, because God forbid spreading music brought from iTunes into P2P networks, like it's the only source of music for P2P networks anyway!

Re:Unbelievable.

[UbuntuDupe]

My question is, why encode their name and all, like that? Why not put some random number in, and then have some table that only Apple has, that matches that number to their information? Or would that be just as bad from the privacy standpoint? "Hey, someone might steal my iPod, extract the random number from the file, break into Apple's database, look up my information, and then have all the information they need to use my now-canceled credit cards or report me for illegally-shared files."

Re:Unbelievable.

[Architect_sasyr]

Ok, here's my take on it:

My iPod has no identification markings... if I lose it, I write it off as a loss. It's an expensive habit, but I'm more paranoid than most. The only pictures I have on it are inside a knoppix encrypted disk. This is breakable with enough time (it's only AES-128) but I am comfortable that anyone stealing my iPod either doesn't have the knowledge/power to do this, or is already onto me for whatever I've done and I'm screwed anyway... so all you can see on my iPod at this point is an encrypted image file, and all my music. My music has all my info pushed into it and I have to expend a significant effort to strip this information out (not really a problem for me, because I consider it a good use of time for the sake of that extra level of security), whereas something transparently doing it for me makes it a LOT easier to acheive this level of privacy. Something like jhymn is quite useful, but its one step more than will potentially be needed by the end-user.

I don't advocate piracy of any kind, namely because anyone pirating my software is preventing me from getting paid that little bit extra (and it *is* only a little bit), but its not just piracy that is causing the DRM removal trend.

Re:Unbelievable.

[SatanicPuppy]

Oh please. It's non-DRM music in a standard format; that's as consumer friendly as it gets. So you're name's in it, it's not like they're hiding it. It's right out there in the open, and it's easy to remove. If you were buying in good faith, it wouldn't bother you a bit.

Re:Unbelievable.

[richie2000]

Someone steals my iPod and they'll be able to figure out my name?!? Someone steals your iPod/hacks your computer/whatever and spreads the music on p2p networks, prompting the RIAA to sue you to hell and back (if they have closed Gitmo by then, that is).

Re:Unbelievable.

[ghoti]

Exactly. It's like claiming that having your name and date of birth in your passport is a privacy issue.

This is the kind of reaction that will make the music industry reconsider this whole DRM-free thing, and certainly hurt other companies' moves in that direction. And it shows what's really behind a lot of that anti-DRM rhetoric.

Re:Unbelievable.

[gEvil+(beta)]

Please explain specifically how you have been asked to "prove your innocence".

Re:Unbelievable.

[SatanicPuppy]

If someone steals my wallet I'll be in for far more bother than that. 5 credit cards, my bank account numbers, my drivers license, my insurance card which conveniently contains my SSN, actual money, my big ass list of systems passwords which are "encrypted" but which an intelligent person could read if they put their mind to it because SOME of the passwords were designed by morons.

Hell, if they start sharing my music, I'd have a better chance of catching the bastard!

Re:Unbelievable.

[TheRaven64]

Do you also object to the stupid 'prove you innocence approach' when you're given a receipt for something you purchased at a shop?

Re:Unbelievable.

...my big ass list of systems passwords which are "encrypted" but which an intelligent person could read if they put their mind to it...

So you ROT13 the password list you carry in your wallet?

Re:Unbelievable.

[Bender0x7D1]

This is breakable with enough time (it's only AES-128)

Ummm... While AES-128 is indeed breakable with "enough time", (as are all encryption schemes other than a one-time pad), I don't think you will be around long enough to really care. Even at 2^64 operations a second, It would still take an average of 2^63 seconds to crack, or about 200 billion years.

I would worry more about someone infecting your machine with a key-logger (hardware logger since you use Knoppix) or torturing you until you give it up.

Re:Unbelievable.

[Sandbags]

Well, you're right, it's not the only source. However, it is the only source likely to come with complete file tags, album art, and 256bit high definition encoding. There's not a lot of stuff out there dubbed from high def studio masters. Also, if they're traded an AAC format instead of MP3, the iPod gets better battery life playing them back. Sure, you can encode in AAC to start with, but guess what, then your personal info is in those files ANYWAY.

Oh yea, btw, any file you personally create on a Windows machine gets your personal info inserted into the file anyway. Check the properties on any file, select the summary tab, and click advanced. Any information you entered when installing or activating windows, including your name or user name and your company name (Most people put their full name or family name in the company field and their first name is their login). The headers of most files, including PDFs you create and most Microsoft documents also include this identification.

Now, who really cares if this information is in a file? Well, if you get hacked or infected with a virus, they already have this information. They don't need to strip it from a AAC file. In fact, log into any web server and it can ask Windows for this information and more, including your e-mail, software versions, browser type, IP, and much more sensitive information than a name and apple account e-mail address. The only people who care at all about the existence of this information are people who will give these files to other people, which is against the law. Where the law is concerned, once you break it, anonymity no longer exists.

It's not illegal, or even immoral for apple to tag these files. They're not tracking them or reporting when they're used on other non-authorized computers. They're only giving the RIAA and government organizations a fingerprint to track you by. Get this outlawed and next you'll have courts saying that organizations can't use your fingerprint or other biometric as an access code. Worse, we've got people trying to outlaw DNA tracking by the federal government. You can't have both a free safe society and complete anonymity at the same time. These things are mutually exclusive.

Re:Unbelievable.

[SatanicPuppy]

Not even that sexy. I worked out a polyalphabetic I could do in my head, but it's not sufficient to seriously protect against a determined attempt. Whole lot of security through obscurity, and some of the passwords are vulnerable to a partial dictionary attack; those passwords were not my choice, I'm afraid. Most of my passwords would be hard to decrypt just because they look about the same either way.

Blah blah paranoia.

Re:Unbelievable.

[blake3737]

yet you still post with to /. with your account name and not AC :)

Re:Unbelievable.

[brunascle]

i've got a question though. are the 3 atoms (apID, cprt, iods) visible in iTunes? i'm pretty sure they're not in XMMS and Winamp. if you got to view/edit the details, only a small list of hardcoded atoms are listed. if not, then out in the open is a bit of a stretch, since no one who wasnt looking for them would ever know they're there.

Re:Unbelievable.

[MC+Negro]

Excellent post, BTW.

So what's the privacy problem? It's like someone stealing my wallet. Hell yea that's a privacy concern! What's the solution? Someone steals my iPod and they'll be able to figure out my name?!? They'll also be able to figure out what my house, wife, car, and kid look like because of the pictures on the damn thing, and don't even get me going about documents I store on the damn thing...They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" engraved on the back.

It's really disappointing to me that Apple's efforts as a de facto liaison for legal online music sales are frequently met with criticism by people who seem to want something for nothing. I'm especially annoyed by people who insist on calling this kind of information tracking "DRM" - it really dilutes the term, and IMHO, diminishes from the serious issues associated with real DRM. Digg is rife with idiots whining about how Apple just needs to "trust" their users and how this sort of tracking "violates" their "privacy" (READ: Hinders their ability to indiscriminately share without any consequences).

For a lot of these people, the issue of FairPlay and DRM was never about playing their music under Linux or on their iRiver or whatever other legitimate issues DRM presented. It was about DRM doing exactly what it was designed to do - prevent mass-distribution of copyrighted material to non-licensees. So these people latched onto the anti-DRM movement as a means to an end. I submit to the community that we should NOT let these freeloaders taint the efforts made to solve legitimate issues with DRM. They will never be satisfied with Apple's or anyone elses efforts to address our concerns until iTMS sells all music in lossless FLACs at $.01/Megabyte with a personal liability waiver and distribution rights to 1000 of their closest Internet pals - and even then, they'll still torrent music, "just to see if I like it".

I never - in a million years - thought we'd see major label catalog, DRM-free music. And now some dweebs are giving RIAA execs ammo because they don't want to be held responsible for their actions. To said dweebs, please just go download your music with a torrent. You're ruining this for the rest of us. Oh yeah, and for the love of Christ, come off that "BUT WOT IF MY SISTAR SHAREZ IT ON P2P?? THEN WOTT??!?!" bullshit. Chances are, if you're savvy enough to care about the "privacy" associated with user data embedded into a binary file, you're savvy enough to take the precautions necessary to prevent your sister/roommate/friend from mass-distributing your music library.

Re:Unbelievable.

[Telvin_3d]

Why? Because then people would be up in arms about apple tracking them based on some secret hidden number embedded in their songs. hackers woudl make big announcements about having located the secrect customer ID number and everyone would bash them for including it in the first place. And I would be replying to someone on /. who was asking "well, if they wanted to keep track of who had bought what, why didn't they just include the name or e-mail in plain text or something?"

Re:Unbelievable.

[omega_dk]

The atoms are visible but not editable (in the OSX version at least). So while iTunes isn't exactly helping you change them (and I am in the camp that doesn't really care if my acct info is in the file, as its still DRM free and anyone that disagrees is welcome to buy one of my tracks from me and see if it will play on their computer), it also is not in any way hiding the fact that they are there. And honestly? I'm fine with that.

Re:Unbelievable.

[morgan_greywolf]

I have avoided that problem by engraving "Anonymous Coward" on mine.

That's weird. I engraved 'niceone (992278)' on mine.

Re:Unbelievable.

I have avoided that problem by engraving "Anonymous Coward" on mine.

Hey! niceone stole my ipod! Anonymous Coward's my name!

Re:Unbelievable.

[jweatherley]

The two pieces of sekrit data that people seem to get bothered about are plainly visible if you 'Get Info' on a track.

Re:Unbelievable.

[macheath]

I agree totally. They could have just put in something like a serial number and that would be it. I don't have a problem with that. Track it via a database if need be and be done with it. That's what VIN in cars are used for, for instance. Call me paranoid, but I don't like to have my name and email encoded in some piece of software / music / whatever, especially if it is available on a not necessarily secure WiFi enabled iPod (yeah, I'm thinking a bit into the future).

Re:Unbelievable.

[mulvane]

In my opinion, the header info IS a way to prove your innocence.. "Look, all my music has MY name on them" or "Those songs were not uploaded to p2p by me, look, my name isn't on them". Personally, I think the info should be hashed into the data somehow and only a encryption key owned by copyright holder should be able to extract that data (with benefit to anyone with knowhow to do this on their own). I don't see this as a huge privacy concern unless you are afraid of telemarketers and such having a scheme to steal ipods or whatever music player you use just to figure out what you listen to and or view.

Get over it people, its a name and account info. Hell, sign up with a throw away.

Re:Unbelievable.

You have no concept of what identity theft is about. None.

Re:Unbelievable.

[Jeff+DeMaagd]

Privacy isn't the real concern in itself.

The main concern I've had is that if someone finds my lost iPod or steals it, copies the files off of it and file shares it. Given the RIAA's propensity of suing people with only circumstantial evidence of file sharing, it's not really a risk I want to take, and I don't want them to find files "linking" me to trading that I didn't do.

Re:Unbelievable.

You may be right, but on the other hand I don't quite feel all warm and fuzzy over the idea, and therefore I will never again purchase anything from itunes.

You have every right in the world to come to your own conclusion, and I have the same. (No, I didn't even RTFA, and I don't have to -- I came to this conclusion the second I heard about the new policy.)

Re:Unbelievable.

[TheRaven64]

It depends on the key. In OS X, for instance, File Vault uses AES-128, but it generates the key from a hash of the password. If you use a long pass-phrase, then it's fairly secure. If you use an 8-character alpha-numeric password then you dramatically reduce the search space required to brute-force it.

Re:Unbelievable.

Why? Because then people would be up in arms about apple tracking them based on some secret hidden number embedded in their songs. hackers woudl make big announcements about having located the secrect customer ID number and everyone would bash them for including it in the first place. And I would be replying to someone on /. who was asking "well, if they wanted to keep track of who had bought what, why didn't they just include the name or e-mail in plain text or something?"

Which makes it pretty obvious that people don't want to be tracked.

Re:Unbelievable.

[sl3xd]

My question is, why encode their name and all, like that?

News flash: Putting the name & email of the person who bought it into the iTunes song isn't some bolt from the blue. Apple has always put the name and email address in every iTunes download, from the first day the iTunes Music store opened in 2003. It's not a secret, nor is it something new and/or specific to iTunes Plus songs. It has always been there.

A stolen iPod has the name and email address of its owner on it if that iPod had any song downloaded from iTunes on it, and always has.

Anybody who cared to look at the "song info" could easily see that. And how do you get to the song info? The same way you would edit the song's tag info (I would say ID3, but that's MP3, not AAC).

Identifying who bought what is nothing new. There's a reason why detectives use the phrase "follow the money."

When you buy a license of pretty much any downloadable software, the license has your name on it. Like it or not, this is a standard and accepted practice for purchased downloads, whether they are media (like songs) or software.

Like it or not, music is copyrighted, and infringing on the rights of the copyright owner is illegal. The ??AA has the right to prosecute those who infringe on their copyrights, and the infringer has no more right to conceal evidence and remain anonymous than Microsoft has to hide its monopoly abuse. If you don't like it, get the law changed. "Civil Disobedience" will only get you so far, and frankly, it hasn't been working in the eyes of the law any more than DRM has been working for DVD's.

Re:Unbelievable.

I've heard this moronic argument before... under the guise of "If you are REALLY doing nothing wrong, you don't mind being chipped with a RFID tag under the skin, a camera in every room of your house, your toilet automatically monitoring your urine to see if there are any prohibited substances in it, microphones in every street corner, and body cavity searches every time you leave your premises."

I paid for the iTunes files. I'm not breaking the EULA. As long as I don't violate the law and distribute the downloaded tracks, I can do ANYTHING I want to them, be it zeroing out information, transcoding them to ATRAC3, or whatnot. Show me a law in the US or France that goes against this.

Re:Unbelievable.

[Tazz_ben]

Given the way people are reacting Apple probably should have done that. What really ticks me off is that Apple has pulled off the impossible they convinced a record label to remove DRM, I'm sure it was an impossible sale. And now, nerves as they are, I am possitive that their is some executive who was against the deal going "SEE! SEE! They Just want to Pirate".

Re:Unbelievable.

Oh please. Apple releases DRM-free music to answer all the concerns that users don't have control over their songs. The name bits are a holdover from the DRM systems they use, and Apple likely was pushed into including it by EMI records. If you're not breaking the law, then you shouldn't care.

Sheesh, if Apple removes the name and email atoms, then people will start blaming Apple for not posting the files direct to P2P when you click "Buy," along with a Prostitute sent to your door. Guess you can't please everyone.

Re:Unbelievable.

Exactly. It's like claiming that having your name and date of birth in your passport is a privacy issue.

Your are so wrong it is not even funny. A passport is an obvious and deliberate form of identification. An innocous looking music file is not an obvious form of ID. Putting private information on it without full and open disclosure is a needless security risk.

Re:Unbelievable.

[TheSloth2001ca]

People loose portable devices. This means that it affects more than just pirates.

Re:Unbelievable.

You might care if someone steals your ipod, or retrieves data from an old HD you binned, and dumps 10,000 songs tagged with your name onto a p2p network. It might not stand up in court, but I bet the RIAA could waste a lot of your money on lawyers before you get off the hook.

Re:Unbelievable.

[skulgnome]

Yeah. Smart kids, like me, convert it down to raw PCM audio and re-encode it either into a lossy format (Vorbis) or another lossless format (FLAC), hoping that there's no watermark in the output data...

Because who's to say that Apple restricted themselves to just the headers? Those are obviously replaceable, quicker than you can say "ready-made library for accessing that kind of chunked files".

Re:Unbelievable.

Which makes it pretty obvious that people don't want to be tracked.

You will never be tracked if you don't share your files.

If you are paranoid about your name being on them, then edit the tags on the file.

Re:Unbelievable.

[Architect_sasyr]

I'm not big on cryptography, and I know it would take a while, but what are those computations in terms of CPU ticks? (Dare I say it) Can we beowulf and get them faster? What about the VAtech cluster? Could it do anything with it in time? There are so many variables in this, to tell me its a few billion years is a bit vague, so could I please have some clarification.

Thanks.

Re:Unbelievable.

[Bender0x7D1]

We don't usually discuss the number of CPU ticks since it can vary greatly depending on the type of CPU, so we usually pick a ballpark number of the number of keys that can be tried in a second and do our calculations from that.

Brute-forcing a key is very easy to do in parallel, so the more machines/CPUs you have, the better. Unfortunately, this generally doesn't help as much as you would think. For example, in my previous example, imagining we could try 2^64 keys a second is way too high. If we assume perfect performance from a modern processor, where each cycle could try a key, we only have 2^32 attempts per second (assuming a 4GHz processor). If we assume every machine is a quad core, quad processor, we have 1 machine capable of 2^36 attempts per second. We would need about 250 million machines to reach 2^64 keys per second.

While it is also possible to custom design chips that would be able to attempt multiple keys at the same time, we now have custom hardware, and would hav to make millions of these custom chips that can only be used for this one purpose. it just isn't practical.

In fact, the general term used when discussing the strength of an encryption scheme is that brute-forcing the scheme is "computationally infeasible". Basically, if you used all the computing power on Earth and the heat-death of the universe would occur before you would be finished, it is computationally infeasible to crack. Some people use different measurements, but that is the one I like to use as my rule of infeasible.

Hope that helps.

Interesting how it will go

[hsdpa]

I am really interested in if the site will live a long life...
I guess someone will take it down, because they are modifying purchased material.

Re:Interesting how it will go

have you just invented a new crime? wtf is "modifying purchased material"???

Re:Interesting how it will go

Well.. According to some EULAs you may not decompile, edit and recompile.
This is about the same - extracting the sound and removing the tags.

MOD PARENT UP

[AKAImBatman]

He's not trolling or attempting to incite a flamewar. He's making several perfectly valid points about the knee-jerk reactions to Apple's DRM-less iTunes files.

Re:MOD PARENT UP

[Joe+Snipe]

wow, there must be a TON of kids on your lawn...

Re:MOD PARENT UP

[WilliamSChips]

You didn't listen to him when he said that his karma was almost certainly at the karma cap anyways so he really already had a karma buffer.

It's proof of purchase for future lossless upgrade

[gig]

If you want to upgrade your 256 kbit/s AAC to lossless in a couple of years then leave the proof of purchase IN your iTunes Plus tracks. It enables iTunes to tell that you bought the track from iTunes Store. If you use this app on your iTunes Plus tracks you will be buying lossless for full price like a newbie.

France folks, FRANCE

[rueger]

IANAFL* but here come a 100 comments and criticisms based entirely on sketchy understandings of American copyright law, none of which have any relevance in France.


* I Am Not A French Lawyer

Re:France folks, FRANCE

[Aladrin]

Yes, because software and websites made in France can only be accessed from there, and therefore would only be of interest to the French. Good catch.

How the hell did this get modded 'informative'? 'Interesting' or 'Under-rated' I could grudgingly admit that some people might find it, but 'informative'??

Re:France folks, FRANCE

[aadvancedGIR]

IANAFL either, but from a french perspective, our copyright laws look so close to yours they were probably plagiarized.

Re:France folks, FRANCE

[Keith_Beef]

Absolutely correct.

The Ratiatum explanation http://www.ratiatum.com/news5257_EXCLUSIF_Privatun es_pour_supprimer_les_espions_d_iTunes_Plus.html is more pertinent that those quotes from http://www.privatunes.com/ that Apple Fanboy DaveSchroeder quotes in his first post (though I admit that the Ratiatum text is still less than elegant).

Remembering that this discusses the case of a hypothetical French consumer, the most pertinent facts are:

• if I download for a fee a file from iTunes, then I have bought it and it has now become my property;
• if I decide after some time to sell the file to somebody else, then I have every right to do so;
• if the subsequent owner chooses to distribute numerous copies of this file in violation of some other law, this is not my responsibility.

There are some goods whose possession and sale are strictly regulated, so that at any moment the government can trace who possesses them. The two examples that spring to mind are firearms and motor vehicles.

But these are articles that are either high value and heavily taxed (providing the gov't with a regular revenue), or are considered dangerous, or are both high value and dangerous.

Books, CDs, music files fit into neither category.

The simplest, most elegant way to ensure my right as a private individual to be able to sell surplus books, CDs and other "products of the human mind" (French legal term is something like "oeuvre d'esprit") is to make their possession and occasional trade by private individuals both free and anonymous.

Apple and the recording houses have the choice between these two options:

1. provide a free-of-charge marketplace that allows me to sell a file, replacing my own name in the file with that of the new owner;
2. accept that people will find ways to assert their right to transfer files without being permanently linked to the file by having their names embedded in them.

I find it particularly amusing that the principles of liberal trade and libertarianism supposedly so dear to Americans, should be exemplified by the French and vilified by so many Americans whenever we mention Apple and its restrictive practices.

Beef.

Re:France folks, FRANCE

[Keith_Beef]

Yes, because software and websites made in France can only be accessed from there, and therefore would only be of interest to the French.

Your sarcasm is noted and appreciated for its just value.

But you seem to want the whole world to adopt and enforce US copyright and contract law...

Beef.

Re:France folks, FRANCE

[Pendersempai]

You seem pretty confident about that. I'm not sure, but it seems possible to me that by selling its product in the US, the company establishes sufficient contacts for the US courts to assert jurisdiction.

Re:France folks, FRANCE

[Aladrin]

Want that? Good Lord, no! I want the opposite. I want Copyright Law to be sane everywhere. So far, it's seems to be sane -nowhere-.

I'm not against providing a bit of assurance to creators. But anything more than a few years is absolutely ridiculous. On the other hand, no copyright is just as ridiculous.

Re:France folks, FRANCE

Just because you are French does not mean you are not subject to American copyright laws if you buy American products. Our Constitution applies to ALL human beings across the planet.

Re:France folks, FRANCE

"The simplest, most elegant way to ensure my right as a private individual to be able to sell surplus books, CDs and other "products of the human mind" (French legal term is something like "oeuvre d'esprit") is to make their possession and occasional trade by private individuals both free and anonymous. "

Then do the equivalent for books: cross out the name you or someone else wrote in there on an inside page, and proceed to do whatever you were going to do.

It's no big deal.

Re:France folks, FRANCE

I really, really hate people like you. You've taken the most negative stance possible and decried that it _will_ happen. Then you got modded 5+ for the lack of insightfulness and stupidity.

Your post is on par with the ones saying, "If you submit this as an ask /. question and actually follow the advice, you're an IDIOT!!!1111" all the while people are responding, "It goes something like this and this, but if you do it yourself instead of calling on a contractor, you're being stupid. Your job's not worth that." (That, in response to someone asking a question of high voltages.)

In effect, what is being said is that if you high someone to do dangerous work, you're an 1di0t!!!11!!!

Get off your damn soap box and get some common sense. Read the comments around yours to see what has been modded up -- NONE of them have anything to do with copyright law, in the US or anywhere, and ALL of them are calling this site a piece of shit.

You're the ONLY one that I've seen with a 4+ mod that has bitched about copyright; but you're not just bitching about copyright, you're bitching about people making posts as armchair lawyers.. posts that DON"T EVEN EXIST.

Grow the fuck up. I hate you. People like you make reading the Slashdot comments a mind-numbing experience. Quite similar to people who say, "Go ahead, mod this down, you'll just prove my point." Bullshit. Mod it down, it's flamebait, just as this post is, but I'm sure the parent will read (most of) the comment. That's enough for me.

Re:France folks, FRANCE

[Keith_Beef]

Then do the equivalent for books: cross out the name you or someone else wrote in there on an inside page, and proceed to do whatever you were going to do.

This is precisely what Privatunes proposes to do.

To use the book analogy again, when I buy a book, I can choose to mark my name in it, or paste an "ex libris" in it. If I decide to sell the book, I can obliterate my name.

When I buy a song from iTunes, Apple embeds my name in the file. If I decide to sell the song, I want to be able to remove my name from it.

Beef.

Re:France folks, FRANCE

[noSignal]

I liked it better when I though you meant "I Am Not A F#cking Lawyer"...

Re:France folks, FRANCE

Not quite. Non-citizens are subhumans and none of those basic human rights guarenteed in the 1st 10 amendments apply to them.

Freely share?

[MMC+Monster]

Freely share downloaded music from iTunes? Did they abolish copyright law in France? I had no idea!

Seriously, while this software may be considered legal, there is little reason to use it unless you are planning to share your music or are deathly afraid of someone stealing your iPod or computer.

Of course, if you are afraid of someone stealing your iPod, what security measures do you use against someone stealing your wallet? Are all your credit cards and your photo ID without your name?

Re:Freely share?

[richie2000]

Freely share downloaded music from iTunes? Did they abolish copyright law in France? I had no idea! Well, seeing as the current law stems from an absinthe dream Victor Hugo had... On a more serious note, it's perfectly legal in most European countries to share music with a few friends, the exact number varies from country to country. Now, you mail a friend a copy of a song, he sends it on and suddenly the local version of the RIAA tears you a new, roomy, asshole. It's all fun and games until information gets on the loose, isn't it?

Re:Freely share?

How much cash does your wallet have? $50 maybe. An iTunes could have 1000 songs and if ONE of those personally identifies you, then you might be looking at a $750,000+++ liability. Three ways this could happen:

1) Songs with private info are stolen and traded and YOU are fingered as the culprit. Given positive evidence that identifies you, the burden of establishing a lack of guilt has gotten harder. If it is a civil court, they only need a "preponderance of the evidence". This ID thing should suffice.

2) Songs without your private info but in a collection with your private info, may be tagged at $750 a piece for copyright infringement. This has already happened when a lady admitted to DOWNloading songs in court. I.e., the "I only download" defense fails big time. Lets just say the RIAA starts a program to reward $nitches.

3) Any friend or asshat that borrows your iPod, computer, mp3 player, memorystick, or compromises your computer is suddenly in a position to put you in a world of hurt either deliberated or inadvertenly.

I can't speak for you, but my wallet does not contain blank checks. Certainly not blank checks signed by me and tied to a $750,000 account. OH OH maybe it will only cost $4000 with a RIAA settlement. Do you keep $4000 in your wallet...

Re:Freely share?

what security measures do you use against someone stealing your wallet?

Since you asked, I don't carry a wallet. I mostly use cash, so I just take what I need with me plus a bit extra.

When I got mugged losing all the cards was more hassle than losing the money in my wallet, plus the cunt ripped my trousers as he grabbed my wallet. Now I don't have a wallet to grab and I won't be carrying cards around I don't need just because I happen to keep them in my wallet.

Where is the abuse?

[Have+Blue]

What's not "private" about files stored on your own hard drive? Everyone else's drive is beyond the boundaries of fair use, so they won't ever show up there, right?

Re:Where is the abuse?

[SatanicPuppy]

But what happens when you "accidentally" dump your whole music folder to a p2p network...Why, someone might sue you, just because you infringed on their copyright! Typical Apple! They hate everyone but big business!

Blah blah blah. This shows you who is really in it because they hate the inconvenience of DRM, and who is just too stupid to figure out how to share music with easily cracked DRM on it.

Re:Where is the abuse?

[Dog-Cow]

Either it really is a Powerbook, in which case you wouldn't bother "correcting" anyone, or it's really a Macbook Pro. As the latter is more likely, you are just a fucking asshole that is so married to a fucking marketing term that your life has absolutely no meaning what so ever.

Just remember....

[BigBadBus]

There are only a few letters difference between "privacy" and "piracy"

Re:It's proof of purchase for future lossless upgr

[Frankie70]

  If you use this app on your iTunes Plus tracks you will be buying lossless for full price like a newbie.


Can't you keep a non-modified copy for this purpose?

Re:It's proof of purchase for future lossless upgr

[aadvancedGIR]

Putting back an arbitrary ID in the file can't be much harder than removing the original one, therefore, the simple existence of such tool makes this marking a very weak proof of purchase, so I suspect that Apple will only trust their own server logs.

Head in the sand...

[whisper_jeff]

"Last month's revelations that the DRM-free files sold by EMI on iTunes Plus came with user's full name and account e-mail embedded in them..."

Revelation to whom? People who had their head jammed in the sand for the past few years? That information has been in iTunes purchases for years - it's nothing new. Anyone shocked by this "revelation" needs to change their calendar because they're a bit behind...

Non-issues and real issues

[richardtallent]

I write my name in books when I buy them, and I've never considered the "privacy concern" of erasing it when selling the book, because the buyer already knows who I am. We wanted DRM-free music, we got it. The only people complaining are the cheap bastards who want to share the files over P2P.

Can we please start complaining about privacy issues that actually matter, like the fact that iPhone users' only service option is the same monopoly that was and is spying on the majority of all of our Internet traffic, without a court order or Congressional oversight?

Re:Non-issues and real issues

"The only people complaining are the cheap bastards who want to share the files over P2P"

If they wanted to shave via P2P they'd buy the CD, rip it, share it and then return it. Digital files are a bit harder to sell. I've never seen a service that will buy them for resale.

Re:Non-issues and real issues

[Dog-Cow]

It might not be nice, but it's not illegal for AT&T to peek at traffic going over their network(s). The illegal bit comes with sharing it with the Government, as the Government is supposed to require a warrent for this type of thing. I do agree that it's morally reprehensible in any event.

Re:Non-issues and real issues

[Admiral+Frosty]

Do you right your email address in your books too?

Re:Non-issues and real issues

Removing your name/email from a file that you purchased is not synonymous with piracy.

The only people complaining are the cheap bastards who want to share the files over P2P. So purchasing an mp3 makes someone cheap? Why would someone who spent money on a product be an automatic pirate?

I am a cheap bastard and frankly, fuck itunes, i use emule. At least apple is getting some money from someone.

Re:Non-issues and real issues

[richardtallent]

Uhm, yes, actually. If I lose a book somewhere, the finder has a way to contact me.

My web site URI, home address, email addresses, and phone numbers are all published. I'm not a celebrity, so I don't consider these "private" information.

If iTunes were storing biometric information, passwords, SSN, etc. in the files, that's a problem, but this is equivalent to writing your name on a CD or engraving it on some piece of equipment you might resell someday.

Re:Non-issues and real issues

[eth1]

The difference between having your name in an mp3 that you sell, and having your name in a book that you sell is that with the book, it's rather obvious that it's the original copy. Not so with the mp3. How do you know the guy you sell it to won't put it up for sharing? You'll be the one that gets sued.

Re:Non-issues and real issues

[Dark_Gravity]

I write my name in books when I buy them

You wrote your name in your book when you bought it. The bookstore didn't do it for you, unrequested.

There is quite a significant difference.

Personalizing the file without disclosing that fact to the purchaser is inconsiderate to say the least.

Re:Non-issues and real issues

[gsslay]

Oh God, this is just so ridiculous a line of argument.

Hands up here one person who has sold on an MP3 then deleted the original. Let's not even start worrying about whether it's legal. C'mon. Let's get an idea of the size of this previously unheard of second-hand market in MP3s.

........ Anyone? .....

As I thought. No-one. So this nonsense whining about the dangers of your email address being passed onto some third party and thereafter onto the P2P world is one enormous pile of steaming BS. It's all hoopla designed to disguise the real issue that what people really wanted wasn't DRM free music at a higher quality (which was the previous excuse for pirating) at all, but free music for nothing. Wow. Who could see that coming??

I'm betting that even if Apple did remove these tags, it wouldn't be long before some other 'problem' came to light that stopped people buying their music. Convenient excuses aren't that hard to find if you're really looking for them.

Re:don't bother

[Overzeetop]

Actually, I'd say he's trolling and trying to incite a flamewar by making valid points about the knee jerk reactions to the Apple embedding peronal information in DRM-less files downloaded from their store. This is slashdot, after all.

And, quite honestly, unless the intent is to track the propagation of the files across the internet and be able to identify the source of the propagation, there's no realy reason to include the information - especially in plaintext. My take is that if you care about it, you should be able to remove the data; if you don't, don't remove it. If it burns you so bad, just don't buy from iTMS, though since you can't buy some of thof from anywhere else that's sort of a useless suggestion. It would be better if they didn't put the info in there to begin with, imho. Not that it matters to me - I don't buy digitally compressed tunes.

Surely this breaks.....?

Article 5 of the French 'Code de la Proprietre Intellectualle'?

And what about the 'Paysanne Amburte vs L'Etate (Loire-Dessus}1998?

These should surely be required reading for any slash-dotter who wants to comment on this radical move on the part of French Resistance?

Give me a day or so and I'll see if I can't dig up some translations of the above. But I'm sure you can read French like a native, so you can start checking here: http://www.legifrance.gouv.fr/WAspad/ListeCodes

Re:It's proof of purchase for future lossless upgr

[tinrobot]

I think most companies already keep track of what they sell and to whom. It's called accounting.

This is sure to get us somewhere

[Mikey-San]

Note: The following comments are made without any knowledge of French DRM, privacy, or consumer laws. As a result, this post isn't commentary on legalities. Just idiocy.

Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased.

Apple finally gives nerds what they've been shouting for--higher-quality DRM-free songs--and this is how the community responds? By anonymizing purchased music so people can pirate it? These guys are class-A asshats.

Last month's revelations that the DRM-free files on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns.

How is someone supposed to steal the name and e-mail address from songs you aren't passing around to all of your buddies and the Internet? Oh, wait. Hasn't the Apple ID info been inside iTunes tracks since the beginning of the iTMS, anyway?

Re:This is sure to get us somewhere

[wherrera]

Actually, there are certain MP3/AAC players (Nokia phones an example) that cannot play iTunes Plus files until the personal data atoms are at least changed, if not removed, from the file's mp4a atom. Breaking the Nokia AAC player for those files was likely NOT Apple's intention, but the fact remains, there IS therefore at least one legitimate reason for such apps.

Re:This is sure to get us somewhere

[TubeSteak]

Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased. If that quote didn't include the word "share" would you still have a problem with it?

Because AFAIK, trading digital files is no different than trading pokemon cards or pogs.

Re:This is sure to get us somewhere

[matgorb]

French law allows private copying, à la fair use, and is actually pretty liberal about what it actually means.
You can make copies of music for your own use, providing you have the original CD (or files) at the moment of copying (providing no copy protection has to be broken). This apply to rented CDs, library CDs, friend's CDs etc., Distribution of copy is however totally forbidden.

Re:This is sure to get us somewhere

[jb.hl.com]

trading digital files is no different than trading pokemon cards or pogs.

I'll bite. Trading (copyrighted) movies, games, music etc is different from trading Pokemon and Pogs for the simple reason that Pokemon and Pogs are sold with the explicit intention that they be traded and spread across a wide audience. CDs, DVDs and games generally aren't.

Not to mention, since when did anyone you know "trade" MP3s (as in send someone a music file, then delete their copy)?

Re:This is sure to get us somewhere

Sounds more like a bug with Nokia's phones to me. Why would having a few metadata atoms filled in freak out the player?

Re:This is sure to get us somewhere

[wherrera]

The standard mp4a atom contains some audio relevant information (esds atom) and some version words, little else. I suspect Nokia built a player that assumes everything after position 36 in the mp4a atom is esds atom, and therefore chokes trying to treat personal info as esds data. That would be a Nokia bug that was latent til Apple changed its non-DRM mp4a format.

I have not cared to look deeply enough at the Nokia phone's firmware (though my daughter has one) to really know though. The fact remains that removing the personal info pinf atom from the iTunes Plus file seems to help Nokia's AAC player. Conspiracy theorists should have a field day, what with the iPhone coming out... :).

Re:It's proof of purchase for future lossless upgr

[Odiumjunkie]

> If you want to upgrade your 256 kbit/s AAC to lossless in a couple of years then leave the proof of purchase IN your iTunes Plus
> tracks. It enables iTunes to tell that you bought the track from iTunes Store. If you use this app on your iTunes Plus tracks
> you will be buying lossless for full price like a newbie

Gee, if only there was some way of writing plaintext information to AAC atoms. Unfortunately, consumers don't have access to the supercomputer clusters Apple must use to write a few lines of text to a metadata tag, cementing their bullet-proof proof of purchase scheme.

You fail it. (It is deserving an "Informative" tag.)

Point and laugh

[realinvalidname]

...at whoever thinks this eliminates all traces of your identity from a file. Your info could be encoded 50 different ways in the file, and if this app only scrubs 49 of them before you send the file to your friends on BitTorrent -- and seriously, what other point is there to this? -- then you're still hosed.

Re:Point and laugh

[brunascle]

unlikely. i'm pretty sure in an earlier article, someone posted a link to some guy that compared the media portion of the same file purchased twice, with two accounts, from iTunes plus (anyone have the link?). they were identical, so there's no steganography involved. the only other way is the metadata, and people looking at the metadata will find anything else that's hidden there.

it's pretty easy to check. diff file1 file2. if there was anything else fishy in the files, i'm sure we wouldve heard about it by now.

Re:It's proof of purchase for future lossless upgr

There's no reason to include the information in the file. They already know what they sold to you. Counting on the client to tell Apple what songs the consumer has purchased would be a very stupid decision anyways. That would be easy to spoof.

The way they would handle an upgrade to lossless is the way they already handled the upgrade to 256 kbit. They knew what they sold you so they let you purchase the upgrade and download it again. You didn't even need the file in your library to do this.

So does the Audio:M4P::QuickTime perl module

[vtkstef]

the method name is CleanAppleM4aPersonalData(). Here is an example on how to use it:

#!/usr/bin/perl
##
# A N O N C P . P L
#
# a script that takes the unix cp file specification options
#
# perl anoncp.pl source_file target_file
# perl anoncp.pl source_file ... target_directory
#
# which reads the source file(s) and copies them to the
# destination stripped of all the user identification gunk
# that apple adds on iTunes "DRM free" songs
#
# NB: make sure you install the latest version of the
# most excellent Audio::M4P::QuickTime perl module.
##

use strict;
use warnings;

use Carp;
use File::Basename;

use Audio::M4P::QuickTime;

my $usage = q{
usage:
        perl anoncp.pl source_file target_file
        perl anoncp.pl source_file ... target_directory
};

@ARGV >=2 || croak "not enough files specified", $usage;

my $destDN = pop(@ARGV);
my $destFN = $destDN if (! -d $destDN && @ARGV == 1);

$destDN = dirname($destFN) if( $destFN);

-d $destDN || croak $destDN, ": is not a directory", $usage;
(-r $destDN && -w _) || croak $destDN, ": cannot access ", $usage;

$destDN =~ s{ (?new( file => $m4aFN);
        $qt->FindAtom("mp4a") || croak "$m4aFN: not a mpeg 4 file\n\t";

        $qt->CleanAppleM4aPersonalData();

        $toFN = $destFN ? $destFN : $destDN . basename($m4aFN);
        $qt->WriteFile($toFN);
}

0;

Re:So does the Audio:M4P::QuickTime perl module

[VernardLuxe]

Well, this code looks quite like the one I had on my blog and posted on another slashdot story a couple of days ago. http://vernard-luxe.blogspot.com/2007/06/blind-app les-itunes-user-information.html so this service should be as private as possible and therefore you should run it on your local device, rather tahn using an online service :-)

I want a tool for EMBEDDING my identity into files

[dpbsmith]

...so that when the jackbooted RIAA thugs break down my door at 3 a.m. in the morning I can point to the embedded ID as proof of ownership.

Don't like it? Don't use it.

[norminator]

I'm not sure why it would piss you off that someone has released a free (as in beer, but soon to be released with source code, according to their website) app to clean out a couple of personal details in your music files? You don't have to download it or use it, but some people might want to. Not necessarily so that they can share the files on the Internet or anywhere else, but just for their own piece of mind. Atomic Parsley, which can be used to edit the metadata in mp4/aac files, has already had this ability in a simple command line form. I figured it wouldn't be long before someone slapped a limited GUI on it for just this purpose. Really, it's a good thing for people who want it (and obviously people do, because there has been a fair sized outcry over this whole iTunes Plus situation). For people who aren't concerned, don't bother with it. And stop complaining.

Do things like Tor and TrueCrypt bother you too?

not that I disagree with all of your points...

but let me put it this way: my private information is not under any scope of anyone else's digital rights. These rights belong to me and I reserve the right to manage them how I want.

Although I applaud EMI for freeing their music from DRM, I don't see that as enough reason to meet them halfway and compromise a basic privacy privilege.

Re:Don't like it? Don't use it.

[SatanicPuppy]

Strawman. Obviously I am out to steal your privacy and deny you encryption, because the ridiculous outrage attendant on some easily removed metadata pisses me off. Grow up. I never even suggested it should be shut down, that's just your read on the situation.

What makes me angry are the people who have the sheer audacity to be pissed off that their DRM-free music has their fricking name on it. Not in it, not watermarked to it, no, just on it. It's the single biggest industry concession in the history of commercial online file distribution, and it's a damn good one, a good faith effort.

The group of people who are most likely to hit this site are people who are probably not acting in good faith...the real hardcore privacy junkies can already do this stuff themselves.

So pardon me if I'm not all giddy that copyright infringing 13 year olds now have a nifty tool at their disposal. It wouldn't take much to reverse this DRM-free music experiment, and I'd really rather not see that happen.

A little broken and in pieces.

"Because US courts have ruled that a service provided for the purpose of breaking copyright is liable for civil damages (see Napster, et al)."

And how does this service "break copyright"? Keeping in mind this is a French service even with the Berne convention.

Why it does not matter for Apple

[sebster]

If you really want to share a file, just go buy the CD, rip it, and put it online.

Futhermore I seriously doubt most people who buy music at the iTunes store
1) are going to know that this software exists
2) are going to care that this software exists
3) are going to run this software so they can share their music

Finally, Apple could easily (and might already) use digital watermarking to add personal information to the music file, which is a lot harder to remove (no I did not say impossible).

Basically, if they can make sharing iTunes files a bigger hassle than buying/ripping a physical CD and publishing that, the DRM is still effective.

That said, this software does matter for iTunes users. If you lose your iPod or your machine gets p4wned and your files get shared without you knowing, at least this software can make sure your name is not in the files in an easily readable format anymore.

Uh, what rights?

[dr.badass]

Privatunes is aimed at guaranteeing the privacy of users but also rights as consumers to freely share and trade the songs they have purchased. Lack of DRM doesn't magically give you the right to "freely share and trade". May as well call it Piratunes.

Seriously not Serious

From the summary (with emphasis added):

"Last month's revelations that the DRM-free files sold by EMI on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns."

Serious privacy concerns? You want serious concerns, subscribe to the EFF's mailing list. If Apple was embedding your credit card or social security number in the file, that'd be serious. Or did you perhaps mean to write "raised ridiculous privacy concerns"?

Perhaps it's a red herring?

[TheRealElbadoo]

Just a theory here: Maybe they want you to find and remove the plaintext data. That way you don't notice the watermarking that contains the encrypted form of the same information.

Has anyone verified if two DRM-free downloads of the same song by different people are otherwise identical after having been stripped of the plaintext identifiers?

...is this clear?

[djupedal]

Apple's online Customer Privacy Policy statement* should perhaps include words to the effect of:
"...blahblahblah..."

Apple's CPP, as written in this example, follows the 'who, what, when, where, why' format (more specifically for this case: 'why, what, when, how') of a traditional document designed to provide clear and logical information for the purpose of fulfilling an obligation to the public. The document then goes on to cover protection of the integrity of your info, purpose of cookies & pixel tags and Apple's supposed companywide commitment to user privacy.

The CPP contains 2,084 words and mentions customer service/support, forums, websites, purchases, logons, emails, software updates, market research, data-sharing with law enforcement and third party vendors, people you send gift certificates to and feedback, yet....it does not reveal the simple fact that some of your personal information is embedded in every song you choose to include in your iTunes library. An oversight, I'm sure, but one that in some people's minds casts doubt on the entire CPP. That is a shame, since Apple's legal team seems to have taken such pains as to exhaustively cover as many specific personal use examples as they could come up with. All the price of doing business these days. When they take steps to outline embedded info, not only in songs, but applications, etc., the issue, at least in my thinking, will go away :)

*The linked version I referenced, for those that for whatever reason wish to reverse-assemble my comment/logic, was last modified 12.2004 as noted by Apple. Any version dated otherwise is hereby disqualified in relation to my comment.

Re:...is this clear?

[TheRaven64]

I don't think a privacy policy needs to cover sharing your personal information with you, it seems like something that should be allowed automatically. If you don't know your own name and email address already, then you have problems...

Also, I suspect a lot more people hit 'show info' on a track in iTunes than read the CPP, and this clearly shows the tags including the name, purchase date/time, and email address.

Re:...is this clear?

[djupedal]

As I said, today's business climate pushes transparency. If you are going to take pains to explain to me what you, as a business, are doing with ALL of my personal information, then do it - leaving something (anything, sorry...) out dilutes the promise. Transparency is the keyword here, not privacy.

Re:...is this clear?

[Hijacked+Public]

I admit to skimming privacy policies most of the time, but I have never heard of any business specifically noting that they may indeed, as part of their privacy policy, repeat a person's own name back to them.

That would kind of seem to go without having to be stated. If my bank updates their policy and mails me a copy my name and address are necessary parts of doing that. It seems silly to me that I might open their letter and find that in their policy they took the pains to point out that they might include my name and address on correspondence mailed to me when doing such is required by the post office in in order for them to know where to deliver the aforementioned correspondence.

They might also want to note that sometimes the bank teller might greet me by name, if he or she recognizes me.

If this is the direction business transparency is going we seem to have pushed things to ridiculous lengths.

Re:...is this clear?

[djupedal]

"If this is the direction business transparency is going we seem to have pushed things to ridiculous lengths."

Like most consumers, you've completely missed the basics that drive 'transparency' (disambiguation) by internalizing things - me; me; me. You don't see the point - not my job to hit you over the head with it :)

Re:...is this clear?

[vux984]

If you are going to take pains to explain to me what you, as a business, are doing with ALL of my personal information, then do it - leaving something (anything, sorry...) out dilutes the promise.

So you want the fine print to read ...

Apple hereby notifies you that if you send an email to Apple, Apple may use the 'from' address or, at its option and if present, the 'reply-to' address in order to respond to your message. Please note your email address may be embedded in the headers of any email corresponsance from apple to you. It will be visible to all routers, and mail servers, and other network infrastructure during its delivery, including infrastructure not under the control of apple. For all intents and purposes if we respond to you by email the general public may be able to intercept your email address.

Apple hereby notifies you that if you order any physical goods, your name, address, and other personally identifying information may be printed on the outside of the package where it may be seen by anyone. Additionally, inside the package we may include a 'receipt' that also bears personally indentifying information.

Apple hereby notifies you that if you order an ipod and elect to take advantage of our free engraving offer, the inscription to be engraved may, at your option, contain your name or other personally identifying information, like your birthday or anniversary. That information will be recorded in our systems with your order and shared with the engraver. Additionally, we will engrave the inscription on the rear of your of ipod where it might be visible others during order processing and fulfilment. We also hereby advise you that anyone looking at the rear of your ipod once it has been delivered may also read the inscription.

Apple...

Etc.

I mean seriously. I -agree- the above examples are perhaps 'different' in the sense that the systems can't operate unless those 'privacy' invasions are accepted, but that really isn't the point. You demanded full disclosure of any use or exposure of your personal information.

As for the name/address in apples drm free files. Its a simple case of evolution. When the songs were DRMed they had all this information in the system to bind your account, your computer, and the song together. Did they tell us then? Should they have? In the case of DRM files (like email), personally identifying markers had to be there for the systems to work.

When they stopped the DRM, they just turned off the encryption/signatures, before sending you the file, but all the account information was still added, same as it always was, even though it was no longer needed. I seriously doubt it was even a conscious decision.

As for should they tell us? Yes, they probably should, or even just remove it. But its not like its hidden information, and iTunes itself will display it for you. Do we really need transparency on things that aren't hidden, and are between us and Apple, and not visible to a 3rd party, unless we make it visible.

If you bought a Dresser from apple, and apple stuck a copy of the receipt inside the one of the drawers, would you really be outraged that apple had used your personal information so cavalierly, without even disclosing this use on their privacy policy?

Seriously, that's just absurd.

Re:...is this clear?

[djupedal]

"As for the name/address in apples drm free files."

Stop there, please (nothing else beyond those words has any meaning as you've driven the conversation off the road and into the ditch, sorry).

Apple embeds a minimum of three items relating to you, in EVERY file/song in your iTunes library. Not just the new 'drm free', nor just ones you purchase, but every file/song. Buy a CD at the carwash, import it via iTunes and bingo... Eh? Why? ...simple question, that some feel honor bound to brag about not wanting to ask. Ignorance may be bliss, but paying to have your info fed back to you without knowing or even knowing why is another matter...

And by missing that piece of information and still clinging to the 'doesn't bother me what they do..." mantra, you've once again proven the point why things need to be clear upfront (not half way...either not at all or all), so that such misunderstandings don't arise.

Thanks!

Re:...is this clear?

[vux984]

Apple embeds a minimum of three items relating to you, in EVERY file/song in your iTunes library. Not just the new 'drm free', nor just ones you purchase, but every file/song. Buy a CD at the carwash, import it via iTunes and bingo...

I'm looking at some songs I just ripped from CD last week using the latest version of iTunes, and no there isn't any user or otherwise identifying information in any of them. I'm not saying yours don't, and I'm not saying iTunes never embeds this information, and I'm not saying that if they do we shouldn't ask 'why'.

But it seems clear that iTunes doesn't -always- do it. Indeed until EMI offered its music drm free I didn't even have an iTMS account, and I'm not sure what exactly iTunes would have embedded even if were to embed something.

And even if the information is embedded, I'm not sure that we should be up in arms about malicious or invasive use. A lot of ripping software automatically tags files with all kinds of silly 'needless' information. Even MS Office 'tags' all new documents with all kinds of information, some of which is personally identifying.

Re:...is this clear?

[djupedal]

Ok, now we seem to agree - thanks for the reply :)

Interesting conundrum for EMI

[bflynn]

I can hear it now from EMI - "Hey, under the DMCA, you can't circumvent digital management." "Oh, wait. This wasn't DRM. Never mind."

Re:Interesting conundrum for EMI

[Dunbal]

I can hear it now from EMI - "Hey, under the DMCA

      And I can hear it now from the French - ze DMCA does not apply here, mon ami. Now go away befor I am forzed to taunt you once again.

Re:Interesting conundrum for EMI

[bflynn]

Well, if you remove your name and address from the file, that is circumvention of DRM, right. Now go away before I am forced to fart in your general direction.

This is retarded.

[samwh]

"Anonymize iTunes tracks"? All it does is strip out metadata. You can do this yourself with one basicially any application that either remuxes, converts the stream, or alters tag/meta information. Pretty much any music player out there. Hell, even Apple's own iTunes can do this! I could understand the use if it could do batch processing on your entire iTunes library, but this tool cannot even do that.

Re:Don't like it? Don't use it.

[drinkypoo]

What makes me angry are the people who have the sheer audacity to be pissed off that their DRM-free music has their fricking name on it. Not in it, not watermarked to it, no, just on it. It's the single biggest industry concession in the history of commercial online file distribution, and it's a damn good one, a good faith effort.

I don't patronize iTunes, but I find the labeling offensive, because there is no fucking point. It's easily removed, obviously, so it clearly provides no substantial benefit. In return, there are negative consequences; for example, if someone steals the file off your computer (you fuck up and make anon ftp available to the root, or something) and then distributes it, you are prime lawsuit-fodder.

It's much like DRM. It doesn't actually stop people from doing the things you don't want them to do, so why do it? Why treat your customers like criminals up front? It's almost surely in response to requests from copyright holders, but that doesn't mean I have to be happy about it.

Missing from smart playlist filters

[Greg+Titus]

The only problem with Apple including the name and email address in purchased music is that the iTunes UI won't let me filter on it for smart playlists! It's really useful information, and I want to be able to _use_ it to automatically separate the music that my wife buys from the music that I buy.

Re:It's proof of purchase for future lossless upgr

Or just head over to a used cd store like this one, buy the original album for $5 to $7, archive it to your disk in lossless format, and put it away for storage. Why screw around with itunes when you can have the real deal straight from the get-go -- and be free to do whatever you want with it, including converting to lossy for your portable player -- typically even for less money?

Oops, did I just give away the secret to amassing the ultimate music collection without breaking a single law?

quite possibly the 8th wonder of the world

[mythar]

what a technological marvel! i wonder if these guys have also come up with a toothbrush with only one bristle, and a comb with a single tooth.

In the meantime, Ratiatum has promised an updated version of Privatunes which will be able to anonymize several files at a time and will be available on Mac and Linux. wow, i can't wait to see how many textboxes they'll be able to fit on a screen!

Don't call Privatunes users "pirates..."

[dpbsmith]

...call them "privateers."

Well Fucking Duh, look who posted the story.

It's none other than Fucktard Taco with his ass-fucking buddy brokeback-neil. Chances are, if it's not communist open-sores or ogg/flac/[insert name of communist open-sores format here] they will post a story to attack it, which doesn't surprise me since the shitdot sheeple will gladly take an ass-fucking from either. Fucktard taco & brokeback-neil should both go slit their fucking wrists so the shitdot sheeple will follow his lead.

GO AHEAD, FUCKING FLAME AWAY OR WASTE YOUR GOD-DAMNED MOD POINTS FUCKTARDED SHITDOT SHEEPLE!

only the tip of the iceberg.....

[OutOnARock]

Correct me if I'm wrong, and I know this crowd will, but if a program can be written to REMOVE the name and email address, couldn't one be written to REPLACE it with whatever text you might like??

Now MP3 with the RIAA name and email address flooding P2P networks, that would seem humorous at first, but then i thought.......
It could be any other person or group....so doesn't that really mean that the data in the file would not be permissible as evidence. You'd have to prove that the file came from me, not that my name and email address were in the file.

Stripping out the name and email address out of a file that I own and do not share should not be illegal. Putting someone elses name and email address in it, that should be illegal:)

The posting of the file on a P2P network is a separate issue.

Re:only the tip of the iceberg.....

[DCheesi]

Good point; I wonder how the burden of proof would actually fall?

However, some here have pointed out that there is additional coded info being inserted (and which this program may not remove all of). I wonder if some of those are user-ID codes from some internal Apple database? If so they would be tougher to fake. Then the RIAA (or the defense) could always subpeona Apple to verify the codes against their database entry for the accused.

Do not rely on the current version!!!

[Peter+Eckersley]

The current version of Privatunes blanks out the name and Apple ID/email fields from iTunes Plus files, but it doesn't remove all of the fields that Apple, or a litigant subpoenaing Apple, could use to identify a user. There are two of those, marked sign and chtb, which I posted about here.

There are some other differences between copies of a track purchased by different users, but they're only a byte or three here and there. Probably still worth blanking. vbindiff on *nix (or a similar hexdiff program for other platforms) will show you these fields.

Re:Do not rely on the current version!!!

[Peter+Eckersley]

One other small point...

Privatunes overwrites the name and email fields using blank space characters (0x20), but the field that contains the name is 0x00s. So it's still possible to see the length of the name and email fields.

I don't think they'll be able to fix the email length leak without re-calculating the offsets in the chtb table.

Re:Do not rely on the current version!!!

[Peter+Eckersley]

Ooops... when I said chtb, I meant stco.

Re:I want a tool for EMBEDDING my identity into fi

[obeythefist]

Why is that funny? That seems like a good idea to me.

Re:I want a tool for EMBEDDING my identity into fi

[warrigal]

> at 3 a.m. in the morning

as opposed to at 3 a.m. in the afternoon?

2007 called!

Anonymous called! it wants it's Ipod back!

A version that works. And a question.

[stegre]

As author of the popular GSpot app, I regularly deconstruct and analyze multimedia files. I've just now whipped together a small CLI app called "NIPPIN" that will recursively traverse an M4A file. It can be used for informational purposes only (and I've found that much of the "technical" info in this thread is wrong). Or you can create a "privatized" copy of your iTunes Plus file, that, unlike that "other" app, is "provably correct" (see web page).

Mine does it the right way; it doesn't "blank" any characters, it recalculates all atom lengths, and it recalculates the entire stco table as required. When the input files are the same songs downloaded from different accounts, the resulting output files all have identical MD5 hashes. Hell, even if you're not interested in privacy, it saves a minimum of 32KB per file - which adds up - that's like an extra 75 songs on a 30GB iPod.

And BTW - privacy may not concern some people, but to others it's very "real". Why else would the DMCA, of all things, protect against use of Personally Identifiable Data for copy protection mechanisms? Either the people who wrote the DMCA believe Personally Identifiable Data is a serious and "real" issue, or they put this provision in section 1201 of the DMCA to promote file sharing. Take your pick.