Slashdot Log In
Apple's DRM Whack-a-Mole
Posted by
CmdrTaco
on Sun Jun 10, 2007 12:08 PM
from the ouch-ouch-ouch-ouch dept.
from the ouch-ouch-ouch-ouch dept.
Mateo_LeFou writes "Gulf News has a nice piece exposing the last couple generations of Apple's DRM strategy (you didn't really think they were abandoning DRM, did you?). Article focuses on how quickly the tactics are worked around, and how nasty the latest one is: purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Couldn't be more ranty, or wrong (Score:5, Insightful)
The first half of the article is nothing but an anti-Apple rant, actually insinuating that Apple is on a mission to not let their users burn music to CD, which is completely and utterly false.
Then, the article drops this gem:
Turns out that Apple has been embedding its files with user information. iTunes customers have been downloading files that contain both their names and their email address.
"Turns out"? Let's continue...
How long this has been going on and just why Apple has felt compelled to do so is still a mystery - the company so far has refused to comment
A mystery? This has been going on since day one, and has never been a mystery. And even if it is a "mystery" on the non-DRM files, it was never a mystery on the DRM files, was never hidden, and was never secret. This has been known, never obfuscated, and obvious to anyone who clicked "Get Info" on anything purchased from the iTunes Store, ever.
but the reason seems obvious.
Oh, please. Do tell.
The embedded data won't prevent anyone from listening to their music files
but it might deter them from uploading them to a file-sharing server.
O, the humanity! Really??? It might deter people from that?
Well, let's take a look at the logic, here. It was never secret on the DRM files, and it's not secret on the no-DRM files. But, Apple also never overtly publicized it. So, if it's not even talked about, how is it a deterrent, exactly?
But the message is clear: take our songs public, and we'll take you public.
Oh, that's the message, is it? So we've been calling for no DRM for ages, so we can legitimately and legally use our music files, and now people have problems with not being able to do things with them that are strictly illegal? If you want to bash copyright or the fact that you can't legally share anything and everything with anyone with no repercussions, do that. But don't blame Apple because an incidental name and email address is in a file that you shouldn't be uploading anyway.
And to all the idiots who think this could be somehow "used against them" without their knowledge, it would be easily, easily provable that someone never made such a purchase from the iTunes store. But that's a different argument entirely. All these fringe examples of how something MIGHT be able to abused that makes all sorts of suppositions that aren't necessarily even true - that Apple put the information there for this purpose, or that it would ever even be used that way, by anyone, or that falsifying no-DRM tracks from iTunes and then uploading them to P2P networks will suddenly become routine harassment - are starting to get old.
Sure, encrypt the data. But you know what? if it was encrypted, do you really think all the people howling about this wouldn't be complaining even more? After all, it's still identifying information, and now it's encrypted! Maybe the RIAA has the key, and they're all going to come after you! Why is Apple hiding this information??? Does anyone really think that wouldn't happen?
My favorite quote of all this was from an EFF attorney; to paraphrase: if someone steals your iPod, the thief would have the name and email address of the rightful owner!
Oh, yes, I agree: what a nightmare scenario that would be!
Right click, Convert to AAC/MP3/etc. (Score:5, Informative)
Parent
Re:Right click, Convert to AAC/MP3/etc. (Score:5, Interesting)
Parent
Re:Right click, Convert to AAC/MP3/etc. (Score:5, Interesting)
Ok, granted, most people aren't going to open a hex editor to do something so simple. Which one wouldn't have to, since editing audio tags is a perfectly valid thing to do, so there are multitudes of programs to do just that. I'm pretty sure you could do it using Atomic Parsley [sourceforge.net].
I'm really tired of people trying to make an issue out of this. As has been pointed out many times, your account data has been in files from the iTunes store from the very beginning. Your name not DRM. Does having your name in the file prevent you from doing anything? No! And as the tags are not encrypted, they are obviously not intended for tracking files on peer to peer filesharing as I could change them to reference anyone. I find having the data there helpful, as I can tell whether a specific file was purchased by me or my dad. If you don't like it, just get rid of it!
Besides, didn't everyone cheer when some stores introduced audio watermarking which would actually prevent you from putting the original file on peer to peer networks, unlike this?
Parent
Re:Couldn't be more ranty, or wrong (Score:5, Insightful)
Thanks for ripping this article a new one. Comments like this make Slashdot valuable, rather than the way the social anarchist whining seems to get a free pass to the postings.
Parent
Re:Couldn't be more ranty, or wrong (Score:5, Insightful)
Parent
File sharing is NOT illegal (Score:5, Insightful)
Parent
Apple's Encoded ID data is reasonable and fair. (Score:5, Insightful)
As I see it, the Apple encoding lets you do whatever you want with your purchase, as long as you are willing to take responsibility for it. If you believe that music should be free, there's nothing to stop you from standing up for your belief and posting your downloads anywhere you want.
If you do, you will earn public recognition --- and perhaps the admiration of those who don't want to pay for their own downloads --- for sticking by your principles. You may also earn the recognition of the music's copyright owners, and that may be less enjoyable. But if you're not willing to accept the latter recognition, then you don't deserve the first.
Fortunately there's an easy solution; just don't post your downloads. I doubt that anyone will punish you for refraining. You can still enjoy them however else you choose and much more easily than you could before.
Peter
Parent
Re:Couldn't be more ranty, or wrong (Score:5, Informative)
EXACTLY.
This is about as 'evil' as the time I bought a book on special order. The staff had put a paper insert inside the front cover with my name and phonenumber, presumably so that they knew who had ordered it. But they didn't tell me!! And it was personally identifying!!... why if I had started committing crimes with that book the police would have had my name and number!! I'm never buying a book from that company again!
My favorite quote of all this was from an EFF attorney; to paraphrase: if someone steals your iPod, the thief would have the name and email address of the rightful owner!
Heaven help the poor sap if someone were to steal his cellphone. or his wallet. or his briefcase. or his laptop.
Parent
Re:Couldn't be more ranty, or wrong (Score:5, Informative)
Have the people expressing shock and outrage never used iTunes, or what? Seriously, the purchaser info is RIGHT THERE in the same tab in the "Get Info" window that displays the track length, play count, file format, bitrate, and other data that's clearly, readily, deliberately accessible to users, and IT HAS BEEN EVER SINCE THE STORE OPENED IN 2003.
Parent
Re:shame on Apple (Score:5, Funny)
Parent
Nasty? (Score:5, Insightful)
That's not nasty. That's fair. It's YOUR music file, and there are no technical limitations on what you can do with it. if you do the one thing you're not allowed to do with it, they'll be able to (*gasp!*) track down that you did it.
Re:Nasty? (Score:5, Insightful)
This is basically the digital equivalent of printing your name on the receipt and putting it in the bag when you buy a CD. No one's forcing you to keep the receipt if you don't want to, and no one's going to read it but you anyway unless you choose to staple it to a public bulletin board for some odd reason.
I'm incredibly disgusted with the negative spin many people online have managed to put on Apple's move to sell DRM-free music. If you ever wonder why so many companies screw their customers, I think this illustrates one of the reasons. There's no upside in *not* screwing your customers; a lot of people can't or won't even recognize it when they're given everything they wanted.
Parent
Re:Nasty? (Score:5, Informative)
I know this is
One, it wasn't added, it had been there before.
Two, it's not a watermark, it's some embedded text.
Three, the text is even embedded in plain text format.
Parent
Re:Nasty? (Score:5, Insightful)
Except there IS NO watermark. There is only your name and email address, unencrypted, in a part of the file that's supposed to contain meta-information. This is no different than Canon deciding to put my name and email address in the EXIF data when I take a picture. Watermarking would mean modifying the actual photo (or music) portion of the file so that the identifying data was intrinsic to the media itself. Apple has done none of this.
All this hand-waving is people showing their true colors. They are pirates at heart and simply want to complain. Most of the music on my iPod is ripped from my CDs. A lot of the music on my iPod is purchased (w/DRM) from iTMS. Some of the tracks on my iPod are from P2P networks, downloaded illegally. Do I feel guilty? No. Should I? Probably. But at the time I acquired those tracks they weren't available on iTMS. I've also discovered new bands through P2P and have since purchased their albums from either their web sites (if they had CDs for sale there) or iTMS when I found them there.
I have no intention of sharing my purchases publicly. I like the fact that music I purchase has my name on it. I put stickers on my CD and DVD cases too, specifically so that when I DO lend them out to friends or co-workers, they know whose it is and can get it back to me. I lend quite a lot of my music and movies to friends and use Delicious Library to track who has it and when it is due back. If they like what they borrow, they know they should purchase it for themselves. My tastes are somewhat esoteric, but I've gotten a lot of people hooked on some under-the-radar, good shows and bands this way. Did some of the borrowers rip my CDs when they got them? Undoubtedly. Did they then share those tracks on P2P? Maybe. But now, when I lend a friend a copy of an iTMS file I can tell them not to share it because it has my name on it and I purchased it legally. The people I lend to won't have a problem with that and neither do I.
The rest of the whiners need to STFU. They are just proving the RIAA right to think that all we want to do is pirate music and so we must be controlled like little children. I don't pirate music unless I'm not given an acceptable alternative. I've found my acceptable alternative and I'm glad it has my name on it. After all, I paid for it. It belongs to me. If I decide to sell it, I suppose I'll have to change the name, but then, If I decided to sell my engraved bracelet, my engraved wedding ring or my headstone, I have to have the name changed as well. Good thing I'm not planning on selling off my music collection any time soon...
Parent
Re:Nasty? (Score:5, Informative)
Actually, people already have found that Apple isn't using a watermark or steganography technique, either:
http://www.macrumors.com/2007/06/01/apple-using-s
The file differences are why some originally thought that Apple might be using steganography. It turns out, though, that the AAC data is 100% identical and that the differences were a result in different metadata (modification dates) in the files:
http://forums.macrumors.com/showpost.php?p=369662
So, Apple is indeed not using steganography or other hidden watermarking on the files.
Parent
Monetary gain (Score:5, Insightful)
Strike one - let's paint Apple as stupid - pretend that the company famous for 'rip, mix, burn' don't understand that the code *they* built into iTunes can remove the DRM. [ed - are you sure you're going somewhere here ?]
Strike two - we'll pretend that the bug [playlistmag.com] in iTunes was put there maliciously. We'll claim that Apple were caught out by their users being too clever [ed - I thought Apple acknowledge [Roy B's post] [apple.com] this as a bug, they *are* human you know]
Strike three, they're out. They *embed* your email address into these "supposedly DRM-free" tracks! How are you supposed to upload and spread them around the net if they identify who did it ? That's it! Game over for Apple! [ed - but surely the people who *buy* iTunes music are the people who *don't* download free music from the 'net]
columnist: Trust me, ok, it'll make for loads of ad-hits. $$$ man!
ed: ok, ok. You know the territory, I'm just the business guy
Quite apart from the fact that the personal metadata has *always* been embedded, it doesn't prevent the exact same method of protection-removal if you really want to upload your tracks - lay it down to CD as audio, rip it, "share" it.
Perhaps what we have is simply that Apple didn't *remove* a piece of metadata that was always there, they just delivered on their promise to allow you to migrate your music to wherever you want to play it. But that's not a story that'll deliver ad-revenue...
Y'all just oughta be glad it's not *me* in charge... I'd have embedded the email address as an easy thing to spot & remove, and *also* embedded the binary user-GUID, spread around in the metadata block. Once you *thought* you'd removed all trace of your name, I'd still be able to track who'd uploaded files - enough files... time to emulate a ton of bricks. Given the pay-for timestamp and the appearance-on-the-network time, I ought to be able to tell who's just "sharing" files as a policy after a while...
Simon
Idiocy Alert (Score:5, Insightful)
Holy crap! I haven't seen this poorly of researched or obviously clueless article in a while. Apple isn't suddenly adding your personal data to songs. They've always done that. They just did not remove that when they pulled the DRM.
Well since such behavior would be illegal in almost every country Apple does business, I'm not sure why people should be so concerned about it. If you're obeying the law, this affects you not at all. If you're breaking the law, well, you're probably not paying to buy music in the first place so you won't have any of this music. If for some reason you are buying songs and intentionally republishing them without a license, well hopefully you're not so idiotic that you can't strip this data off. This data is nothing to worry about in my opinion. It is plaintext and easily removable. If you are a criminal you should be worrying about watermarking of files, which Apple may or may not be doing and which all the other music stores may or may not be doing. That is something a lot harder to detect.
Personally, I'm just not illegally publishing copyrighted works (and not buying from Apple either) so I don't see why I'd care. Note, this is not DRM in any way. DRM stops you from taking actions. This simply might make it easier to discover who took an action after the fact. This is no more DRM than your own upload logs are.
Well it's clear.. (Score:5, Insightful)
It's stored in plaintext... (Score:5, Interesting)
words... (Score:5, Insightful)
Besides, embedding personal info is not DRM. Wikipedia sums it up nicely:
Digital rights management (DRM) is an umbrella term referring to technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device.
Re:So... (Score:5, Informative)
No. There is no weird watermarking system (though some people do suspect Apple of using hidden watermarks or steganography).
The information is stored in international standard MPEG-4 "atoms". In fact, they're even preexisting atoms for the purpose of storing name and email address. They're not secret, and not hidden.
If people are hell bent on uploading their files after they've purchased them, there's a number of ways the identifying information can be removed.
Plenty of people around who say, "But what if I then change the name and email to that of my most hated enemy and upload those??" though. Yeah. Okay.
Parent
Re:So... (Score:5, Insightful)
Running a little fast and loose with the term "watermarked" [wikipedia.org], eh?
So a name and email address in a standard MPEG-4 atom intended for such purpose is now a "watermark"?
Since Apple maintains the authoritative purchase history of all transactions with the iTunes store for all users (and is also user-accessible), it would be ridiculously easy to prove that purchase was never made.
Still nice to know that there is such hatred of Apple that you'd insinuate that someone disseminating correct information about Apple should be targeted for online harassment, though!
Parent
Re:These guys are a joke (Score:5, Funny)
Parent
Re:Apple is Pro-Apple (Score:5, Insightful)
Wrong.
It may be a "good business move" for Apple to start going down the no-DRM path. It may also be that everything Steve Jobs said in his anti-DRM "manifesto" of sorts is also correct, and something that he actually believes. The two aren't mutually exclusive. Also, if removing DRM is such an obviously good business decision for the "bottom line" and "profits", then why was Apple the first major entity to actually do it in any meaningful or high-volume way with mainstream music?
Being "pro-Apple's-bottom-line" is fine. But that doesn't preclude Steve Jobs from having personal opinions and motivations that shape the way he runs the company. This whole "a corporation's only duty is to maximize profits and nothing else" line is garbage. On your region code arguments, you make assumptions that Steve Jobs has single-handed control over how Disney does all distribution of movies. You also ignore the incredibly complex situation with regard to regions for DVDs, which, for better or worse and no matter anyone's own opinion on them, are designed to allow for rollouts at different times in different regions of the world AND support the simply truth that some products can reasonably be sold for more in some markets than others. The owner/creator of the content has at least some say in the fact that they may want to sell something for $30 in the US, but $7 in Asia, do they not? Or are we arguing for globalization after all? I can't keep track.
The fact of the matter is that Steve Jobs and Apple have now done more than any media, music, or computing industry company to tear down DRM where it counts, i.e., on mainstream content that is encumbered with DRM. I don't care if some indie artist is selling no-DRM music on eMusic. Good for them. We don't need to concentrate on indies who already sell without DRM, do we? We need to concentrate on the big labels who ARE selling with DRM. Apple has done more in the anti-DRM campaign in rhetoric, posturing, words, and now, action, than any other entity to date. Does that make Steve Jobs a "god"? Nope. It's just the simple truth. In the end it doesn't really matter if it's "good for Apple's bottom line", or if Steve Jobs really does believe everything he said about DRM, if it's good for you as a consumer, does it?
On the subject of iPod, you're arguing that Apple is somehow doing something any differently from any other peer vendor in this industry with regard to manufacturing. Would people pay $1000 or more for an iPod? You over simplify the situation by making everything mutually exclusive: Steve Jobs *could* make the iPod in better conditions, at the same time ignoring the fact that any such move would completely decimate the iPod. As long as a company is abiding by the laws in the countries in which they operate, I don't care where they are based or who they sell to: your problem is with the host nation (China), not with Apple. And sure, some people make the problem with the company instead of the country because they think their "action" will best be spent there. Fine. Good for them. Let them vote with their wallets.
I don't ever think anyone really said Steve Jobs was a god in all these straw man discussions. But believe it or not, individual opinions, convictions, and intent can shape a corporation just as much as any "concern for the bottom line". If concern for the bottom line was all that mattered, Apple should have been doing great under Gil Amelio. Some might say, "No, that just means Amelio was a bad businessman and Jobs isn't."
Or could it mean that there's more to the bottom line than these latent (or overt) anti-corporate arguments?
Parent