Slashdot Mirror
iTunes DRM-Free Files Contain Personal Info
r2k writes "Apple's iTunes Plus files are DRM-free, but sharing the files on P2P networks may be an extremely bad idea. A report published by CNet highlights the fact that the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download. I checked, and I found I couldn't access the information using an ID3 tag editor, but using Notepad I found my email address stored inside the audio file itself."
You can see the info within iTunes.
Get Info on the Song/Video/Etc
Then go to the Summary Tab, Second column.
AAC ( http://en.wikipedia.org/wiki/Advanced_Audio_Coding ) is an industry standard, and even if it weren't, iTunes helpfully provides a "Convert to MP3" item in the context menu of non-DRM'd AAC files that does exactly what it says.
This has been the case for AGES
http://business.timesonline.co.uk/tol/business/industry_sectors/media/article1871173.ece
Or at least for about a year and a half, I think slashdot reported on it then, too.
the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download
How is this "hidden"? If you select an audio file purchased from the iTunes Store (with or without DRM), and go to File->Get Info, you'll see the following fields in the summary:
Purchased by:
Account Name:
Purchase Date:
Apple's not trying to hide anything here.
AAC in a a run-of-the-mill MPEG-4 container, with ID3-formatted tags stored in a separate atom (permissible in the MPEG-4 standard).
Anything that uses libavcodec/libavformat as a base (ffmpeg, VLC, mplayer, etc) can read these files. They may not have the code to extract the ID3 tags from the atom and feed the data blob to something like libid3... but as long as the player software can read standard MPEG-4 files with basic AAC... it can play these suckers.
The format just isn't as prevalent as MP3, but that doesn't automatically make it proprietary.
In many places, it's perfectly legal to share you music collection. Here in Canada we pay a tax on recordable media for that right.
I am from Spain and here we have something called "private copy right" that allows people to have copies of copyrighted stuff, and to share it, by P2P or by whatever.
P2P in Spain is not illegal, it's not regulated.
Why Apple has to ignore the privacy of their customers in such way?
P.S.: Excuse me if there is any mistake on my English
I suppose it's pertinent again and all, but seriously, I already know this guys, why are we pretending like this is new?
On some level, I'm not sure why i care if it's repeat news. I mean really, repeat it all you want i guess, my life still goes on, but i dunno, journalistic integrity and all that, i feel like we should at least mention that this is a complete copy of an older story....
-Taylor
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
Converting from AAC to MP3 is lossy.
This came up when they introduced iTunes plus ages ago. It's been discussed back then. Yes, the info is there. You can simply look it up, no problem. Your ID3-Tag-Editor might not be able to chanxge it since we're not talking MP3 here. That's it.
Just use a different editor, clean out the information and start the copyrightinfringement-frenzy you seem to have been waiting for for so long. Oh no, you already do that, I guess.
Or, if you don't like finding an editor that can delete the info, just go to a record store and steal the CD.
The English is fine, just not the information!
Like many places, Spanish law has exemptions for private use, which probably makes removing DRM completely legal. However the owners are allowed to make copies only for private usage, with collective and lucrative uses not allowed. Sharing on P2P would definitely constitute a collective use.
Although as with almost everywhere else, P2P itself is not illegal.
Converting to MP3 is lossy, regardless of the source format.
Way to sensationalize something which has been known for years. Everything that is purchased on iTunes is stamped with user account and a unique transaction ID. Apps, videos, movies, rentals, etc.
It doesn't bother me because I don't share my music on p2p networks and I'm not paranoid like some people. I dislike DRM because I want to easily play my music on whatever device I want, not because of some ideological drive to stick it to THE MAN.
This is a non-issue.
Well up the bitrate and reduce the loss - people talk a lot of shit about hi-fi but in reality a decent MP3 will be indistinguishable from anything else on 99% of gear in 99% of listening situations.
There is no music - home taping killed it.
Just to note, the email address has always been part of iTunes Plus files. This in nothing new.
this sig is useless
Why would you think that you would get fined just because your name is in something?
Nothing is going to happen until it goes to court. The guberment can't give you a fine for this like a speeding ticket or anything. They would have to collect enough evidence and present it and then either hope that the government picks it up or sue you directly. Even then, your lawyer will probably get you off before it costs any money because you won't be the first person it happened to. All it will take is one Virus going around that does something with these files and it would be completely pointless and worthless as evidence.
About the most that can happen is Apple decides not to sell more music to you under that account.
While I agree with you that removing the DRM is a good thing and inserting this information in the file is perfectly reasonable, as long as the music is in a proprietary format it can't be migrated easily. can the files be read by other applications?
I really can't understand why so many people think that AAC is an Apple format... Is it the "A"s in it that makes everyone seem to assume it has something to do with Apple? It's a (patent encumbered) standard, just like MP3. Practically everything made these days supports AAC - it's actually cheaper to license per unit than MP3.
It's clear. A certain percentage of slashdotters act all surprised every time it's repeated though. Of course, most /.'ers also act all surprised every time some wack-job blames video games for violence too. At least some people are pointing out that the account information has been part of iTunes files for forever and isn't news to most people who know how to do a Google search.
I checked, and I found I couldn't access the information using an ID3 tag editor
All iTunes songs are AAC or Apple Lossless. ID3 is used almost exclusively for MP3 and certainly not for any iTunes song.
I know many people incapable of getting music from a CD to a mp3 player but able to transfer from the web to the player.
They must be pretty dumb then. Provided iTunes is running, it starts ripping a CD into the library as soon as a CD is inserted. And as soon as the iPod is connected, the files will get transfered to it. No keyboard or mouse interaction needed.
(These two actions can be disabled with preferences, but I believe that is the default behaviour.)
I diff'd 2 non-DRM iTunes songs a while ago... they just list your e-mail address and purchase date in the metadata. And I suspect that's done client-side to simplify their cache system.
Global symbol "$deity" requires explicit package name at line 2. - If only $scripture started "use strict;"
this is the second or third article about apple putting said info into their music files over the years. It isn't surprising. Apple even states it somewhere in the fine print of the EULA's.
Slashdot suffers from ADD and forgets what it duped yesterday.
i thought once I was found, but it was only a dream.
Sure, so long as they make it abundantly clear that this is what they're up to.
Choose any iTunes plus song, and select "get info" from the main menu. On the left side of the "Summary" pane, you'll see "Purchased By", "Account Name", and "Purchase Date". IIRC, those were there on the DRM versions too.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Actually, there are no hifi mp3 players because mp3 players aren't defined in DIN 45500 at all.
"It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
True. I would imagine there are ways, though, of minimizing the loss going from AAC to MP3. A naive conversion would convert AAC back to uncompressed PCM samples, and then run that through a standard MP3 converter. That strategy would work (and is likely the one employed), but it seems like it would cause the maximum damage.
Another technique transcodes one format to the other. AAC is also a lossy format, and its psychoacoustic model has already decided to discard some information. Transcoding from AAC to MP3 could convert the sound data in the frequency domain (i.e. the MDCT coefficients--the representation that AAC and MP3 use to code the sound once it's been shaped by the psychoacoustic model), throwing away only the sound bands that MP3 doesn't support. You may have to do some additional work to handle the smaller ranges of frame sizes that MP3 supports, but it's tractable.
The main point is that you don't have to apply the full psychoacoustic model again to decide on more things to discard. Since MP3 represents a narrower band of sound than AAC does, most of the conversion can focus on removing the stuff MP3 can't represent, and then just recoding what remains with the greatest fidelity possible.
Something tells me, though, that they're not bothering to do it that way, but I'd be interested to know if they do.
(Note: I'm not an audio format expert, and I have simplified the description above. For example, AAC uses a modified DCT, so it's not as pure a frequency domain representation as, say, an FFT. MP3 apparently uses a hybrid approach that isn't pure MDCT. And so on. Still, capturing the audio data nearer to its encoded form and transcoding it, rather than going all the way back out to audio samples should retain higher fidelity.)
Program Intellivision!
in iTunes: right click the song, select properties, tada! "Account Name: "
(its in the same place as the DRM'd copies)
I find it a little odd that so many people simply expected to get files with no account information, since all that was promised was FairPlay being removed. I'm still a little peeved about having to pay 0.30$ a tune to unlock my current library however.
Which is exactly what the GP seems to have been going for. If they find a pirated track, it has your email address in it, and the signature validates (the file is unmodified), they can delete your account or whatever without having to worry about impersonation.
"Knowledge is the only instrument of production that is not subject to diminishing returns" -Journal of Political Econom
At least some people are pointing out that the account information has been part of iTunes files for forever and isn't news to most people who know how to do a Google search.
You don't even need to do a search. Just select the file in iTunes and press control-i in windows or command-i in Mac OSX. The information on the file is then displayed in all its relative glory.
Correct me if I'm wrong, but didn't this issue come up back when Apple first released DRM-Free songs?
To add to that, the post is misleading, it's not actually hidden unless you are a complete and utter tool. In the info window of iTunes, it clearly shows the information they have "hidden" in the file...
This has always been the case since the iTunes store opened! It's not news, it's several years old. Heck, when Hymn was available (removed FairPlay from purchased music, and this was 5+ years ago), it kept the personal information to prevent people from P2P'ing the newly unlocked music.
So the very first time you used the iTunes store years ago, personal information was attached - it wouldn't have shown up with change bars because that part has not changed. You can probably find the news articles about it from years ago, and again from a couple of years ago when iTunesPlus was started about how the AppleID of the purchaser was embedded in the file.
People are acting like this is completely new, when it's been happening for years now.
And here is the dupe:
http://yro.slashdot.org/article.pl?sid=07/05/30/2014222&from=rss