Slashdot Mirror

← Back to Stories (view on slashdot.org)

iTunes DRM-Free Files Contain Personal Info

Posted by kdawson on from the musical-steganography dept.

r2k writes "Apple's iTunes Plus files are DRM-free, but sharing the files on P2P networks may be an extremely bad idea. A report published by CNet highlights the fact that the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download. I checked, and I found I couldn't access the information using an ID3 tag editor, but using Notepad I found my email address stored inside the audio file itself."

25 of 693 comments (clear)

  1. Seriously... by fyngyrz · · Score: 5, Insightful

    I don't see the problem. I didn't want them to remove DRM so I could ignore the copyright on the music, I wanted them to remove it so I could use it on any device I wanted to listen to it on. They did that; now I can, as far as I'm concerned, we're all good now.

    If you interpret the lack of DRM as permission to ignore copyright, and you end up in trouble because you did so...

    Nope, don't see the problem.

    ....sharing the files on P2P networks may be an extremely bad idea

    Good grief. "Sharing" copyrighted music files on a P2P network was always an extremely bad idea. If you ever had any fraction of an excuse for doing it (and frankly, I don't really think you did, but...) it is gone now, at least as far as iTunes purchases go. What has changed is it is now reasonable to purchase music, because you'll actually get to own it, use it on *all* your gear, back it up, etc.

    The only thing I can think of that is really affected by this is your ability to legitimately resell recording of a tune you own, because you bought it. And for that issue, I give it.... maybe an hour before someone comes up with a tool to ZOT that name and email address right out of there. Maybe it'll even put the new one in. Pride of ownership and all that.

    --
    I've fallen off your lawn, and I can't get up.
    1. Re:Seriously... by amake · · Score: 5, Informative

      Converting from AAC to MP3 is lossy.

    2. Re:Seriously... by DA-MAN · · Score: 5, Insightful

      i seriously doubt that an email which can be easily changed in a file can be used as the sole grounds for pressing charges. It ma however bolster a case where a user has been tracked by IP and the files have his email too.

      As we're talking about purchased music, all Apple would have to do is lookup the record of the credit card used to purchase the song.

      So unless you always use iTunes redeemable gift cards, it's probably fairly easy to track a user definitively.

      --
      Can I get an eye poke?
      Dog House Forum
    3. Re:Seriously... by lisaparratt · · Score: 5, Insightful

      Of course there's loss, but to imply a lack of transcoding loss is a prerequisite before anyone can use it anywhere is absolute madness.

      No one who lives outside of their mum's basement cares. Really. Your average MP3 player is not hifi, and your average consumer doesn't give two shits about the quality loss.

      Also, last I checked, Steve Jobs didn't repeatedly smash your face into a MacBook keyboard whilst pointing a shotgun at your head with his free hand until you bought music from iTunes. If you don't want it, don't buy it.

    4. Re:Seriously... by asc99c · · Score: 5, Informative

      The English is fine, just not the information!

      Like many places, Spanish law has exemptions for private use, which probably makes removing DRM completely legal. However the owners are allowed to make copies only for private usage, with collective and lucrative uses not allowed. Sharing on P2P would definitely constitute a collective use.

      Although as with almost everywhere else, P2P itself is not illegal.

    5. Re:Seriously... by mosschops · · Score: 5, Informative

      Converting to MP3 is lossy, regardless of the source format.

    6. Re:Seriously... by martinX · · Score: 5, Funny

      I'd whip you with my Pear Anjou cables, but I've just finished burning them in and aligning the natural resonance using my interocitor.

      --
      When they came for the communists, I said "He's next door. Take him away. Goddam commies."
    7. Re:Seriously... by mstroeck · · Score: 5, Insightful

      Please... We've done blind tests with orchestra and studio musicians, and the detection rate of MP3 vs. CD on $500 studio headphones was not statistically significant. Get over it already.

    8. Re:Seriously... by halcyon1234 · · Score: 5, Interesting

      Let me throw you a hypothetical here.

      Suppose I hated you. I see you have a link to your homepage-- many users do. That page, being an expression of personal taste, might have information about music you like. Yours does. Now, yours is a "CD collection", but it could just as easily be a list of songs you bought of iTunes (as many other users do, in a list, in their blog, etc). So I pick something from your list, say A Perfect Circle - Emotive (good choice, BTW). Google tells me your real name is Zach Robinson. One of your email addresses is zachd at microsoft dot com (obfuscated for your benefit). So I whip up a batch of itunes encoded A Perfect Circle with your name and mail address in it. I throw them on all the P2P sites I can find, wait a couple weeks, then drop a dime to the RIAA. It's trivial moments of effort for me.

      Now you have copyrighted music with a label that says "owned by Zach Robinson" floating around, and a group of lawyers looking to extort a couple grand out of you. Sure you could make up a fake name and a fake email address that you use exclusively for purchasing from iTunes-- but why should the onus of not being sued be on you? Or, why couldn't Apple instead have taken a secret internal customer id number, hashed it using the date/time of purchase as a salt, run it through a secret algorithm, and slapped that into the "owned by" field so that I couldn't reproduce it? (Until their method is cracked and we're back to square one, that is)

      Really, it all comes down to normalization. What describes a song? The artist, the album, the year of release, the genre-- all that fun stuff. Does YOUR name and email address describe the song? No. Then it doesn't belong in a song file. It belongs in your iTunes account, along with a list of songs you "own".

      So it only serves to harm the innocent, is a poor method of tracking ownership, and introduces unrelated data to a set. There is NO reason for it to be there.

      --
      UTF-8: There and Back Again
    9. Re:Seriously... by pdbaby · · Score: 5, Interesting

      I've mentioned it elsewhere but songs are also encoded with the purchase timestamp. So if you've no access to someone's files then you've essentially zero chance of getting the purchase timestamp right, even if you get the songs they own right.

      --
      Global symbol "$deity" requires explicit package name at line 2. - If only $scripture started "use strict;"
    10. Re:Seriously... by paanta · · Score: 5, Insightful

      I don't think you really addressed the compromise or reasonableness aspect of this.

      Apple wants DRM free stuff and RIAA doesn't. Apple stuffs personal info in there so there will be some accountability should the file get P2P'd. Sounds like compromise to me.

      As far as reasonableness? Your scenarios sound pretty darn unlikely. Almost as unlikely as someone stealing my iPod with my contact info in it, then deliberately leaving it at the scene of a murder in order to frame me. Or maybe space aliens will steal the music on my iPod and accidentally broadcast it back to Earth. NASA will pick it up, magically determine the email address associated with it, send spooks to pick me and perform experiments on me for the rest of my life.

    11. Re:Seriously... by Schadrach · · Score: 5, Insightful

      How is a digital signature verifying that the file is the original provided by Apple iTunes DRM in any meaningful sense? It places no restrictions on the file in any form, doesn't prevent or limit it's usage, simply acts as verification: "My checksum matches the checksum that this signature says it should, therefore the file has not been changed since purchased from iTunes".

    12. Re:Seriously... by sglewis100 · · Score: 5, Insightful

      If you think $500 headphones are high quality, you're sorely mistaken.

      If you think the intended audience for things like iTunes and the Amazon MP3 store DON'T think $500 are high quality, you might be the mistaken one.

    13. Re:Seriously... by samkass · · Score: 5, Insightful

      I think the concern is the following scenario: 1. Download from iTunes onto an iPod, 2. The iPod is stolen, 3. The tunes on the iPod are uploaded to file sharing networks, 4. I get sued by the RIAA. Of course, I think the CYA thing to do is just make sure you file a report whenever your iPod is stolen, and that should make short work of any lawsuit defense.

      --
      E pluribus unum
    14. Re:Seriously... by shark72 · · Score: 5, Insightful

      "3) Imagine how many iPods are lost at schools. How many scams can you think of that take advantage of the owner's desire to get their iPod back. Worst of all, show me a pedophile that wouldn't love to pretend to be some kid's classmate wanting to return their beloved iPod in order to lure them somewhere private. Lost iPod + email address of owner = "Meet me by the white van with tinted windows""

      Yes, won't somebody please think of the children?

      Pirates: "No good music is available onine! I'll stop pirating when the record labels wake up and embrace online distribution."

      Record industry: "Okay, our entire catalogs are online now."

      Pirates: "But now it's too expensive! Good god, do you think we're rich? I'll stop pirating when music is less than a buck a track. That's a fortune!"

      Record industry: "Okay, you win. Now by shopping around, you can find lots of music for $0.80 a track or less."

      Pirates: "But you still have that DRM which impedes my fair use rights! I'll stop pirating when DRM is dead. Until then, it's off to TPB for me."

      Record industry: "Hey, you know, you were right all along. It took us a while to realize it, but you're right. We've removed the DRM."

      Pirates: "PEDOPHILES! PEDOPHILES! YOU'RE ENCOURAGING AND ASSISTING THE KIDNAPPING OF CHILDREN! Because of this despicable act, I'm going to pirate TWICE as much music now!"

      --
      Sitting in my day care, the art is decopainted.
  2. No worries by Thanshin · · Score: 5, Insightful

    Never again buy anything related to music and you'll be safe.

    Alternatively, you can buy music in small stores, in cash. In that case, it's better to wear sunglasses and a hat. You wouldn't want anyone to discover you're one of those people who actually are paying clients of the music industry.

  3. You can see the info in iTunes by Anonymous Coward · · Score: 5, Informative

    You can see the info within iTunes.

    Get Info on the Song/Video/Etc

    Then go to the Summary Tab, Second column.

  4. Old news by AmaranthineNight · · Score: 5, Informative

    This has been the case for AGES

    http://business.timesonline.co.uk/tol/business/industry_sectors/media/article1871173.ece

    Or at least for about a year and a half, I think slashdot reported on it then, too.

  5. Hidden? by 1729 · · Score: 5, Informative

    the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download

    How is this "hidden"? If you select an audio file purchased from the iTunes Store (with or without DRM), and go to File->Get Info, you'll see the following fields in the summary:

    Purchased by:
    Account Name:
    Purchase Date:

    Apple's not trying to hide anything here.

  6. Old News by Star_Gazer · · Score: 5, Insightful

    http://yro.slashdot.org/article.pl?sid=07/05/30/2014222

    I think it's OK. Even if I really buy from iTunes to burn a cd as gift, at that point the account info will be gone, so what's the matter?

  7. Re:hmmm by ozphx · · Score: 5, Funny

    Seriously, you're not expecting the iTunes police to come crashing through the window with guns blazing are you?

    As a member of the iTunes Police, I take strong exception to this. Firearms safety has always been a core tenet of iTP training. An iTP officer will only open fire if a copyright violation is in progress, or the officer has reasonable belief that lethal force is the only way to prevent a copyright violation.

    iTunes Police would never "come crashing through a window with guns blazing". The very thought of it!

    --
    3laws: No freebies, no backsies, GTFO.
  8. Old story by rduke15 · · Score: 5, Insightful

    This is an almost 2 year old story: Apple's DRM Whack-a-Mole (Posted by CmdrTaco on 10.06.2007 17:08)

    If it bothers you to have an identifying tag in your music files, well remove it or overwrite it.
    As far as I understand, it's stored in a standard MP4 atom.

    And if you don't know how to do it, ask Google, or try this suggestion which explains how to use AtomicParsley for windows or mac.

  9. Old news by phooka.de · · Score: 5, Informative

    This came up when they introduced iTunes plus ages ago. It's been discussed back then. Yes, the info is there. You can simply look it up, no problem. Your ID3-Tag-Editor might not be able to chanxge it since we're not talking MP3 here. That's it.

    Just use a different editor, clean out the information and start the copyrightinfringement-frenzy you seem to have been waiting for for so long. Oh no, you already do that, I guess.

    Or, if you don't like finding an editor that can delete the info, just go to a record store and steal the CD.

  10. Re:Reasonable compromise... by Naturalis+Philosopho · · Score: 5, Informative

    It's clear. A certain percentage of slashdotters act all surprised every time it's repeated though. Of course, most /.'ers also act all surprised every time some wack-job blames video games for violence too. At least some people are pointing out that the account information has been part of iTunes files for forever and isn't news to most people who know how to do a Google search.

  11. Re:Reasonable compromise... by jcr · · Score: 5, Informative

    Sure, so long as they make it abundantly clear that this is what they're up to.

    Choose any iTunes plus song, and select "get info" from the main menu. On the left side of the "Summary" pane, you'll see "Purchased By", "Account Name", and "Purchase Date". IIRC, those were there on the DRM versions too.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."