Privatunes Anonymizes iTunes Plus

njondet writes "French-law.net reports that Ratatium.com, a French website specialized in technology news and software downloads, has just launched Privatunes, a free software that anonymizes DRM-free files bought on iTunes Plus. Last month's revelations that the DRM-free files sold by EMI on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns. Ratatium.com explains (in French) that Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased. However, the claim that this software is perfectly legal will surely be tested."

A little self-important and misguided...

[daveschroeder]

From their site:

5 reasons to erase private information from my legally acquired iTunes Plus library:

Yeah. A name and email address. On an electronic file that you purchased. In name and email address fields in the clear. How...wrong.

1. Am I still a child who needs his pencilcase and schoolbag tagged with my name?

Utterly irrelevant to the discussion.

2. I bought the damn tune, but someday I may want to sell it (hey, how is it more stupid that selling old CDs ?).

It's not "more stupid" than anything. And since Apple is the first entity that's even allowing this possibility at all with mainstream music from mainstream labels on any meaningful scale, I guess I must not recognize your gratitude.

3. I just have a thing for privacy. Is it dirty?

No, but it's dirty when you think everything is automatically an "invasion of privacy".

4. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister???

How do you know the reason the name and email address is there is for tracking file sharers? How do you even know that would stand up in court? Why does everyone assume that's the reason it's there? Has it occurred to you that this might have been a concession to the labels to make them "feel good", or any number of other reasons? Has it occurred to you that since name and email address have always been included in all purchases from the iTunes store that, uh, maybe nothing has changed?

What if the EU mandates a system for returns and refunds someday from the iTunes store? Wouldn't your account name and email be an easy way for normal individuals to return songs? And before anyone says, "Well, it should be encrypted, then," can you honestly look at me with a straight face and tell me you wouldn't be even more upset that Apple was including unknown personal information, encrypted, in each song bought from iTunes? If it's there at all, it's actually preferable that it's plaintext, because then there are simple ways to remove it without anyone being able to claim that you're breaking some law for removing encrypted information or some other ridiculous thing.

"But it shouldn't be there in the first place."

I know, this is the part is a difficult situation since it is mandatory for all persons on earth to purchase from only the iTunes store. If only Apple didn't force you to buy no-DRM songs from iTunes.

Oh, wait...

5. I thought good customer-seller relationship ment something like... how do they say, "trust' ?

Why do you assume that an electronic item you purchased yourself from the iTunes store having your name and email address embedded in internationally standardized MPEG-4 atoms intended exactly for that purpose somehow equates to lack of "trust"? "Trust" to do what?

I thought the main argument against DRM was so that we could use our files anywhere we wished, on any device we wished. Now we can. Sure, it has your name and email address in it. It's not hidden. It's not a secret. It doesn't matter if most normal users don't realize this. It's still not hidden, nor is it a secret. Most "normal users" don't "realize" a lot of things.

And from the summary:

However, the claim that this software is perfectly legal will surely be tested.

Tested by whom or what? For what purpose?

The software is perfectly legal. Why is this even in doubt? It's a file with no DRM, and you're removing text that is IN THE CLEAR, IN PLAINTEXT in the file that YOU BOUGHT. Removing it by ANY MECHANISM is perfectly legal in any jurisdiction I can think of.

No DRM means just that: no DRM. No encryption. No reverse engineering. No DMCA provisions. Etc.

If you want to make an anonomyzing tool, great. But don't puff it up to be more than it is.

Again, my favorite quote that sums up the stupidity of the outrage over a name and email address being in a file you purchased, from a Gartner analyst:

Re:A little self-important and misguided...

[djupedal]

The issue isn't 'what' Apple's process involves, it is 'how' Apple has to date failed to apply an otherwise seemingly transparent privacy policy by telling users about it. Apple states their policy has not been updated since 12.2004 - they need to simply add verbiage explaining that certain basic (personal) information tags are routinely created and embedded withing EVERY song in your iTunes library. Disclosure - transparency - fair...simple. Done.

BTW...if you wish to strip said info for whatever reason, these are the atoms you need to target:

• (apID)
• (cprt)
• (iods)

Unbelievable.

[SatanicPuppy]

This just pisses me off. Who really cares besides people who just want to immediately dump the file straight to a filesharing network? So it's got my name and email embedded in the file? So what? Apparently unlike a lot of people who are interested in this service, I'm not planning on sending the files to anyone, and if I burn someone a mix CD, the info will be stripped when it's converted to CDA anyhow.

So what's the privacy problem? It's like someone stealing my wallet. Hell yea that's a privacy concern! What's the solution? Someone steals my iPod and they'll be able to figure out my name?!? They'll also be able to figure out what my house, wife, car, and kid look like because of the pictures on the damn thing, and don't even get me going about documents I store on the damn thing...They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" engraved on the back.

So do I actually care that my info is in the file header? Hell no! It's my goddamn file, it should have my goddamn name on it! And if I wanted to go breach some copyright, I'd at least have the stones to strip the info myself. How fricking lazy do you have to be?

When I wanted DRM-free music, I wanted it because I fricking hated not being able to listen to my damn music wherever the hell I wanted to without jumping through hoops. I've got that, and that's all I care about. Far as I'm concerned the service is fine (though a bit pricey).

Re:Unbelievable.

[niceone]

They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" engraved on the back.

I have avoided that problem by engraving "Anonymous Coward" on mine.

Re:Unbelievable.

[UbuntuDupe]

My question is, why encode their name and all, like that? Why not put some random number in, and then have some table that only Apple has, that matches that number to their information? Or would that be just as bad from the privacy standpoint? "Hey, someone might steal my iPod, extract the random number from the file, break into Apple's database, look up my information, and then have all the information they need to use my now-canceled credit cards or report me for illegally-shared files."

Re:Unbelievable.

[Telvin_3d]

Why? Because then people would be up in arms about apple tracking them based on some secret hidden number embedded in their songs. hackers woudl make big announcements about having located the secrect customer ID number and everyone would bash them for including it in the first place. And I would be replying to someone on /. who was asking "well, if they wanted to keep track of who had bought what, why didn't they just include the name or e-mail in plain text or something?"

Re:Unbelievable.

[morgan_greywolf]

I have avoided that problem by engraving "Anonymous Coward" on mine.

That's weird. I engraved 'niceone (992278)' on mine.

Non-issues and real issues

[richardtallent]

I write my name in books when I buy them, and I've never considered the "privacy concern" of erasing it when selling the book, because the buyer already knows who I am. We wanted DRM-free music, we got it. The only people complaining are the cheap bastards who want to share the files over P2P.

Can we please start complaining about privacy issues that actually matter, like the fact that iPhone users' only service option is the same monopoly that was and is spying on the majority of all of our Internet traffic, without a court order or Congressional oversight?

This is sure to get us somewhere

[Mikey-San]

Note: The following comments are made without any knowledge of French DRM, privacy, or consumer laws. As a result, this post isn't commentary on legalities. Just idiocy.

Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased.

Apple finally gives nerds what they've been shouting for--higher-quality DRM-free songs--and this is how the community responds? By anonymizing purchased music so people can pirate it? These guys are class-A asshats.

Last month's revelations that the DRM-free files on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns.

How is someone supposed to steal the name and e-mail address from songs you aren't passing around to all of your buddies and the Internet? Oh, wait. Hasn't the Apple ID info been inside iTunes tracks since the beginning of the iTMS, anyway?

So does the Audio:M4P::QuickTime perl module

[vtkstef]

the method name is CleanAppleM4aPersonalData(). Here is an example on how to use it:

#!/usr/bin/perl
##
# A N O N C P . P L
#
# a script that takes the unix cp file specification options
#
# perl anoncp.pl source_file target_file
# perl anoncp.pl source_file ... target_directory
#
# which reads the source file(s) and copies them to the
# destination stripped of all the user identification gunk
# that apple adds on iTunes "DRM free" songs
#
# NB: make sure you install the latest version of the
# most excellent Audio::M4P::QuickTime perl module.
##

use strict;
use warnings;

use Carp;
use File::Basename;

use Audio::M4P::QuickTime;

my $usage = q{
usage:
        perl anoncp.pl source_file target_file
        perl anoncp.pl source_file ... target_directory
};

@ARGV >=2 || croak "not enough files specified", $usage;

my $destDN = pop(@ARGV);
my $destFN = $destDN if (! -d $destDN && @ARGV == 1);

$destDN = dirname($destFN) if( $destFN);

-d $destDN || croak $destDN, ": is not a directory", $usage;
(-r $destDN && -w _) || croak $destDN, ": cannot access ", $usage;

$destDN =~ s{ (?new( file => $m4aFN);
        $qt->FindAtom("mp4a") || croak "$m4aFN: not a mpeg 4 file\n\t";

        $qt->CleanAppleM4aPersonalData();

        $toFN = $destFN ? $destFN : $destDN . basename($m4aFN);
        $qt->WriteFile($toFN);
}

0;