Slashdot Mirror
iTunes DRM-Free Files Contain Personal Info
r2k writes "Apple's iTunes Plus files are DRM-free, but sharing the files on P2P networks may be an extremely bad idea. A report published by CNet highlights the fact that the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download. I checked, and I found I couldn't access the information using an ID3 tag editor, but using Notepad I found my email address stored inside the audio file itself."
I don't see the problem. I didn't want them to remove DRM so I could ignore the copyright on the music, I wanted them to remove it so I could use it on any device I wanted to listen to it on. They did that; now I can, as far as I'm concerned, we're all good now.
If you interpret the lack of DRM as permission to ignore copyright, and you end up in trouble because you did so...
Nope, don't see the problem.
Good grief. "Sharing" copyrighted music files on a P2P network was always an extremely bad idea. If you ever had any fraction of an excuse for doing it (and frankly, I don't really think you did, but...) it is gone now, at least as far as iTunes purchases go. What has changed is it is now reasonable to purchase music, because you'll actually get to own it, use it on *all* your gear, back it up, etc.
The only thing I can think of that is really affected by this is your ability to legitimately resell recording of a tune you own, because you bought it. And for that issue, I give it.... maybe an hour before someone comes up with a tool to ZOT that name and email address right out of there. Maybe it'll even put the new one in. Pride of ownership and all that.
I've fallen off your lawn, and I can't get up.
so what happens when you send it to someone else in a "hey check out this song" kind of way, then that person is stupid and sticks it in their lime wire folder?
Never again buy anything related to music and you'll be safe.
Alternatively, you can buy music in small stores, in cash. In that case, it's better to wear sunglasses and a hat. You wouldn't want anyone to discover you're one of those people who actually are paying clients of the music industry.
-insert anti-trust suits-
Just so long as the music industry doesn't come back in 10 years with new lawsuits targeting little-old-lady-X because 10 mil. people somehow ended up with 'pirated' copies of music with her name in it.
Since this watermark must be fairly easy to modify, I can't really see how useful it would be in tracking piracy. It could probably have some uses for marketing research. Though, honestly, I can't think of any myself...
You can see the info within iTunes.
Get Info on the Song/Video/Etc
Then go to the Summary Tab, Second column.
I've bought a few songs and checked them. My personal information is only on the itunes files. I converted the m4a files to mp3's using itune's built in file converter and I do not see any of my personal information in them, at least in plain text.
This has been the case for AGES
http://business.timesonline.co.uk/tol/business/industry_sectors/media/article1871173.ece
Or at least for about a year and a half, I think slashdot reported on it then, too.
1. Open mp3 with text editor 2. Find and replace your email with 3. Upload.
the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download
How is this "hidden"? If you select an audio file purchased from the iTunes Store (with or without DRM), and go to File->Get Info, you'll see the following fields in the summary:
Purchased by:
Account Name:
Purchase Date:
Apple's not trying to hide anything here.
to see if they actually did used to for enforcement how would they track someone down and on what basis would they press charges? Yeah your email was in that file. hell anyone could change the email using some tool and upload stuff. The whole thing seems pointless.
http://yro.slashdot.org/article.pl?sid=07/05/30/2014222
I think it's OK. Even if I really buy from iTunes to burn a cd as gift, at that point the account info will be gone, so what's the matter?
If some form of steganography is used to alter a file, then somewhere and in some way the quality of that file will be compromised. Bitmaps lose sharpness, audio files lose certain audio data.
.doc and .xl and other files, that they were willing to hack the software to disable that feature. No doubt there will be people equally pissed off at iTunes for doing a similar thing.
A big part of the problem is that you are not getting the product you ordered. You are getting a product that has been altered in a significant way.
There are people who were pissed enough at Microsoft for embedding personal information in their
I do feel there is room for bitching here. If I order a product, don't make significant alterations to it, especially by putting my personal information in it without my permission! I do not have to have criminal intent to feel that this is an invasion!!!
In many places, it's perfectly legal to share you music collection. Here in Canada we pay a tax on recordable media for that right.
How hard would it be for someone start spreading mp3's with someone elses information in it, and then make RIAA sue them when they find the first one?
Granted that the situation might be solved when Apple checks whether or not this person ("purchased by", "account name", "purchase date") actually bought the song but still it might cause a lot of trouble for someone.
I think this is not a good idea. iTunes should store these separately in some meta-files...
I suppose it's pertinent again and all, but seriously, I already know this guys, why are we pretending like this is new?
On some level, I'm not sure why i care if it's repeat news. I mean really, repeat it all you want i guess, my life still goes on, but i dunno, journalistic integrity and all that, i feel like we should at least mention that this is a complete copy of an older story....
-Taylor
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
Only thing more we could ask for is a warning hwen you download it, but that's not important.
It'll play on anything I put it on, I can share a copy with a friend or burn a few mix CDs.
I'm usually a big Apple critic and I hate DRM, but this is fine by me.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
I can imagine that this is part of the deal with the music industry. They might have said: ok, you may drop the DRM but if we find one of those DRM free files on a file sharing network we want to know who did it. Or maybe Steve offered this as compromise to the industry. Maybe he even exploited the industries apparent lack of understanding new technologies and told them it's a watermark. Well, probably not. But imagining the background stories that might have lead to things like "personal info in DRM-ree files" is fun!
What if someone copies your music without your permission, then those files get onto the net. Let's not get into a tangent on how likely that is, just accept that it can and will happen (friends (or non-friends) borrow songs, hackers get into your computer, etc). Having seen RIAA's questionable legal practices, this could cause alot of grief for the person who legally purchased the songs.
Some independent online stores (like Junodownloads) also say they watermark tracks, but I haven't been able to verify it so far. I don't know what kind of watermarking these stores use (if any) but embedding customers email in the files is clearly a bully move from Apple.
"Wanna leak our files on p2p? How about we leak your personal info? It would be too bad if some spammer found a way to harvest all those valid email addresses from itunes files.... too bad really..."
Guess what? If I buy music, I also want to be able to share it with my friends (friends!=p2p) without being traced on ending up sued.
Buying cds/vinyls and ripping them might still be the way to go in the end... Or are we going to have to pay an ever bigger premium for non-watermarked digital files?
This is an almost 2 year old story: Apple's DRM Whack-a-Mole (Posted by CmdrTaco on 10.06.2007 17:08)
If it bothers you to have an identifying tag in your music files, well remove it or overwrite it.
As far as I understand, it's stored in a standard MP4 atom.
And if you don't know how to do it, ask Google, or try this suggestion which explains how to use AtomicParsley for windows or mac.
This came up when they introduced iTunes plus ages ago. It's been discussed back then. Yes, the info is there. You can simply look it up, no problem. Your ID3-Tag-Editor might not be able to chanxge it since we're not talking MP3 here. That's it.
Just use a different editor, clean out the information and start the copyrightinfringement-frenzy you seem to have been waiting for for so long. Oh no, you already do that, I guess.
Or, if you don't like finding an editor that can delete the info, just go to a record store and steal the CD.
It's not difficult to put a checksum in as well. Even just a string length counter that invalidates the file if it doesn't match would defeat a lot of your more basic "I can open it in Notepad and see my email address, so lets delete it" 'hackers'.
So... if I keep the music I purchased for private use private, I have no privacy violation? Right?
Also, despite the summary's between the lines implication that Apple is hiding the info from ID3 tag editors, the audio files are MPEG4. This means they don't contain ID3 tags. Since MPEG4 is based on QuickTime, a QuickTime atom editor will happily show you the tags and let you remove them.
You could also have guessed the purchaser info was in these files based on the fact that iTunes shows it to you if you get info on a song.
Hush, this is slashdot, truth and reason have NO place here! Where is your sensationalism, where is your "Oh noes, the whole world is out to get me!" type statements. You and your rational arguments should just go and find another home!
Monstar L
Not only is this old, as many have pointed out, but there is even a Perl module (Audio::M4P::QuickTime) which has a dedicated function for that: CleanAppleM4aPersonalData.
I don't see a problem with this. Apple is providing a file without DRM, and you can then load it on any of your personal devices. Heck, you could even share it with a friend.
But, it might make you a little more careful NOT to put music files you purchase from Apple on a P2P network. Sheesh. It might add a little value to those files you downloaded at a buck a piece. It'll be worth it to you to keep those files safe.
And why not? People should be safeguarding their personal data.
And think about it.. if your iPod were stolen, and all of your files had an email address on it. It could help with the recovery of stolen property, hm?
Nothing to do with encryption. Actually:
A is the person being framed
B is the person doing the framing
B puts false evidence on file sharing sites.
RIAA sees them and thinks A is responsible.
RIAA sues A.
Sure, so long as they make it abundantly clear that this is what they're up to.
Is this the case? I assume it isn't, because Slashdot and others are acting all surprised about it.
No sig today...
But the privacy to say;
Me: Hey! I have no idea where that ABBA album comes from!
is gone sine the can say:
friend: Hahaha! but it says right her you bought it last summer.
"Waterloo, finally facing my privacyooo!"
Yeah, those sort of reasonable and balanced statements are disturbing. Where am I going to find my daily dose of "OMG all these evil corporate/government bastards are out to take away all my privacy and sue me to bankrupcy and persecute me for doing innocent stuff what sort of dystopian future is this world coming toooooo" now?
You just got troll'd!
Some people may share files that say:
Purchased by 'Steve Jobs sjobs@apple.com' :)
It's not difficult to put a checksum in as well. Even just a string length counter that invalidates the file if it doesn't match would defeat a lot of your more basic "I can open it in Notepad and see my email address, so lets delete it" 'hackers'.
Except that Apple doesn't do this do deter evil hackers, but so that iTunes can display a playlist "purchased music" and can display your purchase history when you select a file and click on "Info". Should you be taken to court on claims that music with your email address has turned up on the Internet, just post here, and someone will write a tool that allows you to enter the judges name and email address, and which then changes all your purchased music to his name and email address.
Hope you never have your iPod/iTouch/iPhone/computer stolen then...
Or someone steals your iPod. How many iPod's get stolen every year? You can get your bottom dollar that this is a none zero number. Someone willing to steal a iPod is likely to have no compunctions about sharing the songs they find on them with others.
Way to sensationalize something which has been known for years. Everything that is purchased on iTunes is stamped with user account and a unique transaction ID. Apps, videos, movies, rentals, etc.
It doesn't bother me because I don't share my music on p2p networks and I'm not paranoid like some people. I dislike DRM because I want to easily play my music on whatever device I want, not because of some ideological drive to stick it to THE MAN.
This is a non-issue.
i.e., when the first batch of DRM-free 'choons' came out, the purchaser's info was in there; ditto the DRM'd stuff-- the tools to strip the DRM out of the file still left the personal information in the file (as of course, you were stripping the DRM for freedom to play on any device, not for piracy. Of course).
Is this even news? I'm sure I heard this a year ago. And I don't really care. It gives me the freedom I deserve and I don't care about the metadata. Although, being more open about it would have been better.
How long before someone comes out with a little program that does exactly this, replacing all email addresses with sjobs@apple.com?
It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
Of course, since you won't be sharing the files with anyone, it doesn't matter that they contain personal information, does it? Watermarking has always been a far better way of discouraging file-sharing than encumbering files with unwieldy and crippling DRM that restricts your ability to play the files when and where you choose.
Your second attack scenario is interesting but you missed something in your dismissal of the first.
> That scenario still comes under "making available,"
As mentioned above, if RIAA download these files from Person C's computer (C having downloaded it via P2P) and find out during discovery that Person C is not Person A, they might well think they have a case against Person A for distributing to Person C.
It may or may not be illegal, but it's practically impossible to do anything about it even if it is.
Regardless, it'd be perfectly legal for me to let you have a copy of my iTunes library, and what you do with it then is out of my control.
and you can get rid of:
Simply by saying; "We made some music, would you like some? take it, it's free" Eben Moglen
Oh Brother, "When will they ever learn? When will they ever learn?" (Song)
Regards Slasdotgirl
The more I know, the less I know
I'm fine with the basic concept here. I can accept that music isn't generally open source or FOSM. What I wanna know is: if I pay a dollar to buy a digital song, how much of that dollar actually finds its way into the wallet of the artist? If most of that dollar is going into the overly fat wallet of a middleman, I am NOT fine with that.
Whining, bitching and moaning. Another /. day...
I don't usually troll (or try not to) but what kind of numbnuts is surprised or offended by this. And the hypotheticals (what if I lost a HDD with only music, I'd be recognizable) are so moronic that I had to catch my breath before ranting.
What imbeciles.
We have the choice of buying non crippled music with our monogram on super conveniently, buy crippled music conveniently or buy (usually) non-crippled music inconveniently (CDs, mail order or brick and mortar store).
Buy the music in the form that suits you. I'll keep using iTMS because it's convenient and because it's relatively fair.
But then I have this funny feeling that the people bitching the most over this are probably not buying music that much. But may have large music libraries anyway.
Just fucking buy the stuff you really like, ok. Support the artists you feel truly excel.And not another goddamned whine about your purchase having your name printed on it.
Fucking whiners.
Sorry but he would be better going to Las Vegas or perhaps standing under trees on hills in thunderstorms than subscribing to your fear mongering. Get real, first Apple has an inherent desire to ensure they don't do it wrong because as a business if it can be proven in court they did screw up; lets be real here, if they do screw up it won't be one person and it won't be very hush hush on the net; they will be out some money.
Otherwise, if that file you purchased ends on the net and you don't know why then you have to ask yourself, what are your kids, so, roommates, etc, doing with your stuff while your not home? Let me guess, that would not be your responsibility.
I don't care how many stupid never likely to happen scare scenarios you can come up with, it never excuses you. You come across like the type who wants an note handed to them "yes Timmy, you can pirate music because it is a scary world out there and someone might use super secret squirrel technology and upload files from your computer to the interweb without your knowing, while you sleep"
LOL.
Insightful? Damn it makes me worry when I see tripe like yours rated such. (flame on I have the karma to burn)
* Winners compare their achievements to their goals, losers compare theirs to that of others.
That doesn't mean that there are loads of other instances inside crypted... ;)
And people sell old devices without erasing the drives first, how many used ipods or hard drives are on ebay full of mp3 files?
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I checked, and I found I couldn't access the information using an ID3 tag editor
All iTunes songs are AAC or Apple Lossless. ID3 is used almost exclusively for MP3 and certainly not for any iTunes song.
Well, yes, but that's not the part that people get worked up about. I don't have a problem with it storing that data because it can be useful for purchase information (such as which account and when), but everyone seems to be jumping on the "arrrgghhh, now I can be tracked if I share it on BitTorrent" paranoia. I wouldn't be surprised if it had been put in to track people sharing songs to keep the music industry happy, even if it does have a more benign use.
How many people who steal iPods then upload the music on said iPod to a P2P network? How many people who steal iPods know how to get the music off the iPod in the first place?
I'm guessing that number is pretty damn close to zero.
Besides, if you've filed a police report, in the very unlikely event of this sequence of events occuring, and you ending up at the barrel of a lawsuit for it, you can show that the iPod (presumably containing said songs) was stolen.
iTunes Plus is, what, a year and a half old? And this was never any kind of secret. And I'm sure that's not the only tracking info in the file... when you download iTunes Plus it does a heck of a lot of computation on the file after it's downloaded.
You think Amazon's downloader doesn't do the same thing, easily visible or not?
The reason I don't like this is because of First Sale Doctrine. I should be able to sell these files the same way I'd sell a CD (ie, not keeping a copy). So if I sell them, and delete them, and the person I sell them to decides it's a good idea to Pirate Bay them, now what? My email address is all over the place and I did nothing illegal. Great.
So while I support Apple for going DRM free, for the time being I'll continue to buy from Amazon because they do none of this nonsense. See http://blog.wired.com/music/2007/09/some-of-amazons.html "there is no information on the tracks that identifies the customer".
So until I have a very quick and easy way of removing that info from the iTunes tracks, I won't be buying from there.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
Way old news. See http://arstechnica.com/news.ars/post/20070530-apple-hides-account-info-in-drm-free-music-too.html from 2007
With the apparent difference that they are up-front about it.
There is that nightmare scenario of getting your player stolen. Just try to get the cops to stay awake long enough to write out a report, make sure you have a full and complete list, and when the RIAA comes calling for their million dollars, make sure you say, "But my player was stolen!".
And A gets the case dismissed at the first hearing when they produce subpoenaed records from Apple showing they never purchased the songs. End of story.
We saw this before. I'm pretty sure it's the same thing that happened when they released $2 drm free versions of some of their music.
1) Download DRM-free song from iTunes
2) Open in Notepad, Find and replace with RIAA rep's email address, Save
3) Share on p2p network of choice
4) ???
5) Profit !!!
Buwahahah
"A witty saying proves nothing." - Voltaire
Person A has been irreversibly damaged by having to pay a lawyer. It doesn't matter whether or not Person A actually wins in the end or not... Person A *always* loses.
Editing an email address from inside an audio file is dark magic to Joe Sixpack. This won't stop all restricted-music-sharing, but - so long as Joe Sixpack knows - it should still hamper it somewhat without getting in the way of legitimate uses of the music. As a legitimate consumer this is win-win for me.
Now considering that Joe Sixpack will most likely have no bloody idea, this does seem to be RIAA-sue-bait of sorts. At least the RIAA'll have *some* evidence now rather than some magically acquired IP address.
"A witty saying proves nothing." - Voltaire
If you find the iPod of a young student, won't the email address be the "purchaser," i.e., the holder of the credit card used to purchase the songs? Wouldn't that luring email likely go to the parents of the student (and likely get you in trouble)?
This came to light when they first started itunes plus, and was a /. story then.
Do you have ESP?
Seriously? When you upgrade 400 tracks to iTunes Plus and you half to wait a half-hour for the e-mail saying your songs are ready, what do you think it's doing? Duh, watermarking the files with your info before letting you download them.
And if you think the only cases where your info is encoded are the ones you can see with hexdump, I've got a Zune Phone to sell you.
FWIW, I also write books for the Pragmatic Programmers, and this is exactly how their PDF program operates: when there's an updated PDF, you have to have your personal copy generated at their website, with a prominent "Prepared Exclusively for Joe Developer" at the bottom of every page.
It's a perfectly reasonable system that enables all kinds of appropriate uses (using your tunes in personal Final Cut / iMovie projects, for example), and it's not evil just because Apple does it (sorry, Slashtards).
It will be playable, but there's no guarantee that the e-mail information is not encoded in other ways.
.
So the scenario where a fake address is inserted is a very real possibility.
... because maybe your ISP was partially bought out, and the old owner doesn't allow the new owner to use the domain name?
now we need to go OSS in diesel cars
But does it play on Linux with a player such as mplayer ?
now we need to go OSS in diesel cars
Hey, someone must have 'stole' the files from my PC. I didn't share anything, oh, and prove i did.
I know, its not technically theft if the originals are left intact, but since people cant seem to figure out the difference its the word i used.
---- Booth was a patriot ----
Why, hello there embedded infomation. I'd like to introduce you to my friend the hex editor. You two should get on swimmingly!
Esoteric reference.
I mean, seriously, if you want to implement digital right protection, you either do it completely (hint : you can't) or not at all. Partial implementation like this one are completely useless.
I see this mentality all the time, the mentality that "if it isn't perfect, it might as well not be there". This mentality is just wrong.
The idea that writing your name on a piece of paper is a security device is just stupidly silly, yet this concepts is the very foundation of our legal and financial systems. The idea that policing the population with less than 1 active cop for every 10,000 citizens will dramatically reduce crime is just dumb, yet it really works.
I could go on all day with other examples like security checks at airports, but I don't need to - security isn't a situation where you are either secure or not secure, it's a relativistic situation where things are more secure or less secure.
Yes, DRM has always been crackable, there has always been the "security hole" at the speakers and screen, etc. but the truth is that many people don't have the skills to change/remove their email address, wouldn't bother with registering a fake name, and so wouldn't circumvent the security built into the itunes files.
And we have no way of knowing whether or not the obvious email address embedded in the file is all there is, either - there could be any number of ways that this information could be embedded in other, less obvious ways, much like the obscured vehicle ID number that's tapped into your car's frame that protects you right this very second from having your car stolen.
Security doesn't have to be perfect. It just has to be good enough to be effective.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Cool! Apple is using Social DRM on their music files.
---dragoness
Correct me if I'm wrong, but didn't this issue come up back when Apple first released DRM-Free songs?
To add to that, the post is misleading, it's not actually hidden unless you are a complete and utter tool. In the info window of iTunes, it clearly shows the information they have "hidden" in the file...
So... if I keep the music I purchased for private use private, I have no privacy violation? Right?
Well, no. You seem to have fallen hook line and sinker for the RIAA's line and don't seem to even know it.
I suspect much of slashdot is similar, given the responses to this dupe. I guess I am still stuck in the "old days" when I could share my music with my friends. [note: someone you have never met 1200 miles away does not count as your "friend"]. Be it a mix tape, a compilation CD, a usb key, an external hard drive or a darknet, private use is still private use. Somewhere we lost this in the onslaught.
So, yes, possible privacy violation, but that begs the question as to what should truly be considered private use. I believe I should have the ability to hand my friend a compliation and tell them "Hey - check these guys out!"
So I don't believe it is simply a matter of "Don't Share!" (or as your said keep private stuff private) which is the party line of the RIAA and that you are defending.
put on p2p... what happens?
You still have your songs (on your computer).
But they are also out in the wild.
I've lost/had stolen a couple cheap mp3 players over the last 7 years.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
At first we complained that CDs were overpriced and it was too inconvenient to find good music, that's why we were pirating it online. Companies put it online more cheaply and half the people went legit. The rest of us had to fall back on other excuses.
Next we complained that the DRM on these new digital files restricted our legal rights to play the music in the ways we saw fit. "It's not that we want to pirate it," we clamored, "it's just that we don't want to be treated like criminals!" So Amazon and iTunes (eventually) removed the DRM and we could play our music whenever, wherever, and however they wished. Half of the remaining holdouts rejoiced and went legit; the rest have to find new excuses.
Allow me to offer my suggestions for your remaining options:
"I want the ability to temporarily share or permanently sell my music to other people and I don't trust them not to upload the files."
"The identifying information on the files could be used maliciously by a third party to get me in trouble."
"Amazon/iTunes/RIAA is evil and giving them money is supporting evil. I do, however, support independent labels and bands by buying their products. (not just talking about it on slashdot.)"
"The formats provided are too lossy. I only keep files in [favorite format] at [obscene bitrate/lossless]"
"I fundamentally believe that I shouldn't have to pay for music and my other arguments are just rationalizations to lend an air of credibility to my position."
In conclusion, it's been a fun ride but this is my stop. I'm happy: my demands have been met. You guys will have to go the rest of the way on your own and I wish you the best of luck. But I don't hold out much hope. At a certain point it's not worth it for Amazon/iTunes/RIAA to bend over backwards trying to convince the last holdouts. On the positive side, that means you can cling to whatever rationalization you want for as long as you want!
Now considering that Joe Sixpack will most likely have no bloody idea, this does seem to be RIAA-sue-bait of sorts. At least the RIAA'll have *some* evidence now rather than some magically acquired IP address.
The email address, coupled with the IP address, will be much more convincing in court. Of course, either can be manipulated or unreliable, but when combined, it will hold water better than the old method of just the IP address.
I don't have a problem with this. There is so much personal information on my phone or laptop that should it get stolen or lost, having files wind up on a p2p network is the least of my worries.
Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
There is a very simple solution to this. Never, ever, ever, buy music from iTunes. Acquire them from other places and load them into iTunes for syncing. That's it.
Nobody's forcing you to use the iTMS, go back to Amazon if you don't like it.
Um, Canadian Dollars are not legal tender in the U.S., just as U.S. dollars are not legal tender in Australia.
Was there a point to that? Or where you just throwing a tantrum with your keyboard?
Besides, if you've filed a police report, in the very unlikely event of this sequence of events occuring, and you ending up at the barrel of a lawsuit for it, you can show that the iPod (presumably containing said songs) was stolen.
And if they do find your files on the net somewhere, they'll know the IP address of the guy who stole your iPod.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
I only see one issue in this. First its not new, its always been that way. With music that is DRM'ed even if it was shared on a P2P network it couldn't be played with out the password. The issue I see coming up one day, soon perhaps is a lost ipod of a older generation (like the one I own) that has its songs ripped off of it using one of the many tools out there to do so. The person finding the ipod, and ripping the songs off of it could share it out and the original owner would look like he shared it out. This is a valid issue because now the songs can be played by who ever downloads it. Recently about 6 months ago I found a iPod Nano and the library was pretty good so I picked a few songs off of it with a utility. Those songs are now in my library and none of them where ever bought in iTunes, I suspect they where all downloaded songs to begin with but had they been from itunes the users info would be in the songs to and any one I shared it with would have the songs with the info and sooner or later it might have ended up on a P2P. That said I posted a note outside my door saying lost ipod found, email me if its yours. Please include a few songs on it and the color and type of ipod it is so I know its yours. I never got any emails with that up for a week. The good thing about having the info in the songs is if an honest person finds a lost ipod it will make it easier to contact the person to give it back. Because I already have 4 ipods I had no need for a extra ipod and would have been glad to give it back to the poor kid who lost it. So the RIAA will still need to prove in the future a person intestinally made there songs available to the online community in order to get any conviction. Just because a song has a email address or other info does not automatically mean a crime was committed by that person as there has to be intent or proof they did it. Other methods of losing songs - MP3/AAC CD stolen from car, or lost - Unauthorized access and coping from computer hard drive. A pesky brother could do that and share with friends. - Replaced hard drive with the old one not being erased right - Sold used computer and a recovery program used to restore files (ive done this too) - Stolen computer that didn't have a password on it
Yes, there is plenty of other customer information in the file. This should not normally be a problem. If it is, the following is not simple, but generally works:
---------
#!/usr/bin/perl
use Tk;
use Cwd;
use strict;
use warnings;
use Audio::M4P::QuickTime;
my $backup_requested = "yes";
my $win = new MainWindow; .m4a Files",
my $frm = $win->Frame()->pack;
$frm->Label(
-text => "Anonymize Apple iTunes Plus
-font => "Garamond 20 bold",
)->pack;
my $do_backup_choice = $frm->Radiobutton( .old.m4a to old files)",
-text=> "Back Up (append
-value => 'yes',
-variable => \$backup_requested,
-font => "Garamond 14 bold",
)->pack;
my $do_no_backup_choice = $frm->Radiobutton(
-text => "Do Not Back Up (files will be over-written!)",
-value=> 'no',
-variable => \$backup_requested,
-font => "Garamond 14 bold",
)->pack;
my $convert_button = $win->Button(
-text=> "Convert Files",
-command => \&push_button,
-font => "Garamond 17 bold",
)->pack;
my $exit_button = $win->Button(
-text=> "Exit",
-command => sub { exit 0 },
-font => "Garamond 17 bold",
)->pack;
MainLoop;
sub push_button {
my $write_extension = $backup_requested eq 'no' ? '' : '.old.m4a';
my @file_list = $win->getOpenFile(
-defaultextension => ".pl",
-filetypes=> [ [ 'MP4a files', '.m4a', ], [ 'All Files', '*', ], ],
-initialdir => Cwd::cwd(),
-initialfile=> "getopenfile",
-title=> "Choose Purchased Apple iTunes Plus Files to Anonymize",
-multiple => 1,
);
foreach my $filename (@file_list) {
my $qt = Audio::M4P::QuickTime->new( file => $filename );
if ( $qt->FindAtom("mp4a") ) {
$qt->CleanAppleM4aPersonalData();
rename( $filename, $filename . $write_extension );
$qt->WriteFile($filename);
}
else {
$win->messageBox(
-message => "Error: $filename is not a valid m4a file.",
-type=> 'ok',
-icon=> 'error'
);
}
}
}
First, it's old news, they've always done this on DRMed and DRM-Free tracks.
Second... what's wrong with putting your name on things you own? Remember when your mom made wrote your name on the tags of all your clothes? :)
Why, no, I haven't meta-moderated lately. Thanks for asking!
Posted by CmdrTaco on 10.06.2007 17:08
"Gulf News has a nice piece exposing the last couple generations of Apple's DRM strategy (you didn't really think they were abandoning DRM, did you?). Article focuses on how quickly the tactics are worked around, and how nasty the latest one is: purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."
Apple Hides Account Info in DRM-Free Music
Posted by ScuttleMonkey on 30.05.2007 22:17
"Apple launched iTunes Plus earlier today, the fruit of its agreement with EMI to sell DRM-free music. What they didn't say is that all DRM-free tracks have the user's full name and account e-mail embedded in them. Is this to discourage people from throwing the tracks up on their favorite P2P platform? 'It would be trivial for iTunes to report back to Apple, indicating that "Joe User" has M4As on this hard drive belonging to "Jane Userette," or even "two other users." This is not to say that Apple is going to get into the copyright enforcement business. What Apple and indeed the record labels want to watch closely is, will one user buy music for his five close friends?'"
The discussions brought up the same predictions of doom (by the same people sometimes) - and nothing of the kind has happened yet.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
iTunes always has contained your personal info, even if you rip your own mp3 from a CD, it puts all your account info in the mp3. Which is just plain stupid.
This is a GOOD thing. DRM is a hideous disaster for end-users. When I buy music, I expect it to STAY bought, and to be able to use it on any device I have. DRM just guarantees that someone can take away my music with no judge and no jury.
But recording this information in the music file is a reasonable compromise. I can still play the music on any device I have. Yes, it's a bad idea to copy it to the world, but I never had the legal right to do that anyway. And yes, it'd be good if it were made clearer that this was happening... but this is NOT a big secret.
This isn't a perfect solution, of course. Even if someone has a copy of music originally bought by someone else, that does NOT mean the original buyer did anything illegal. Computers and networks get broken into all the time. Files can be modified to remove markings, or create bogus markings. Also, I believe people should continue to have the right to resell music, just like they can resell books (the "first sale" doctrine)... regardless of any nonsense spouted by the seller. But in the DRM system, a company operated as judge, jury, and executioner, and the company tended to act capriciously. At least with markings (or non-markings) in the file, a court can examine the evidence. It's not perfect, but it's better, and I can live with it better than the "everything's DRM'ed" world.
Now - where's my Ogg support in iTunes/iPods/iPhones? I'm not demanding that they only use Ogg, but they should be able to support Ogg formats (specifically Ogg Vorbis, Ogg FLAC, Ogg Speex, and Ogg Theora). Neither MP3 nor AAC (.m4a) files are open standards. Wikipedia, for example, provides audio files in Ogg and not in MP3 or AAC.
Please tell Apple to add support for Ogg; here's more info about why Apple should support Ogg.
- David A. Wheeler (see my Secure Programming HOWTO)
It *may* be illegal to distribute music online (other copyrighted works are a different story), but it hasn't been tested and it's all but impossible to bring a case to court.
Further, it's perfectly for me to allow people to make copies of my iTunes library. I'm pretty sure you're wrong about the media requirement, but that's not the original owners responsibility in any case.
Once someone else has a copy of my iTunes library, what they do with it is not my responsibility.
Copyright reform in Canada isn't going to happen. It's politically radioactive.
The difference is that you can't make infinite copies of stolen cars and you can potentially prove you weren't driving the car at the time, while it would be very difficult to prove that you didn't share a file.
"When information is power, privacy is freedom" - Jah-Wren Ryel
it's too bad apple doesn't seem to care as much about stolen hardware.... if it did then it might have a way to shut down stolen i-pods when they were re attached to i tunes
Looks like I was mistaken about legal aid being mainly for criminal cases. It does still seem though that the chances of the average person getting any assistance from them is pretty slim in the case of an RIAA lawsuit though. More info available here
Some bring out the best in others, some the worst. Some bring out far more.
If I purchased an LP, 8-track, cassette, CD (I'm older), I could give the media away or even sell it (not retaining a copy for myself). Any investment that I made, I could later sell it to recoup it. Can you give or sell what you purchased from iTunes? Or how about transfer the license to someone else? I could with any other form of media and not have it be traceable back to me. Under the current model, you better make sure that you want it in your collection forever because your going to be stuck with it (Traceable back to you).
Can you go a year without DRM?
http://www.yearwithoutdrm.com/
Colin Dean Go a year without DRM