iTunes DRM-Free Files Contain Personal Info

r2k writes "Apple's iTunes Plus files are DRM-free, but sharing the files on P2P networks may be an extremely bad idea. A report published by CNet highlights the fact that the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download. I checked, and I found I couldn't access the information using an ID3 tag editor, but using Notepad I found my email address stored inside the audio file itself."

Seriously...

[fyngyrz (762201)]

I don't see the problem. I didn't want them to remove DRM so I could ignore the copyright on the music, I wanted them to remove it so I could use it on any device I wanted to listen to it on. They did that; now I can, as far as I'm concerned, we're all good now.

If you interpret the lack of DRM as permission to ignore copyright, and you end up in trouble because you did so...

Nope, don't see the problem.

....sharing the files on P2P networks may be an extremely bad idea

Good grief. "Sharing" copyrighted music files on a P2P network was always an extremely bad idea. If you ever had any fraction of an excuse for doing it (and frankly, I don't really think you did, but...) it is gone now, at least as far as iTunes purchases go. What has changed is it is now reasonable to purchase music, because you'll actually get to own it, use it on *all* your gear, back it up, etc.

The only thing I can think of that is really affected by this is your ability to legitimately resell recording of a tune you own, because you bought it. And for that issue, I give it.... maybe an hour before someone comes up with a tool to ZOT that name and email address right out of there. Maybe it'll even put the new one in. Pride of ownership and all that.

Re:Seriously...

[Tubal-Cain (1289912)]

Agreed. This is a fairly reasonable compromise on Apple's part.

Re:Seriously...

[erroneus (253617)]

While I agree with you, here is the problem I have with it:

Person A is the target
Person B is the attacker
RIAA is the litigious groups of assholes

Person B decides to harm Person A. Person B knows Person A's email address. Person B modifies a bunch of MP3s to contain Person A's email address and then posts them to every torrent site imaginable. RIAA is famous for ignoring what "reasonable doubt" might suggest or imply and immediate goes into litigation. Even if it is later revealed that Person A was a victim in this scenario and is completely innocent of wrong doing, Person A just spend a LOT of money in the process. (It can be reasonably assumed that Person A spent a lot of money because without having spent money, a defendant most likely will lose.)

Re:Seriously...

[zachdms (265636)]

Couldn't you correlate your purchase record, or lack thereof, to validate or disprove the claims against you in that scenario?

It seems like a quick comparative analysis there would pretty quickly mitigate *most* of that concern.

Not everywhere in the world has the same laws

[Rix (54095)]

In many places, it's perfectly legal to share you music collection. Here in Canada we pay a tax on recordable media for that right.

Re:Seriously...

[myxiplx (906307)]

Exactly. My first thought on reading this was "sweet, somebody's finally gone about it the sensible way".

I mean seriously, I've been waiting for somebody to implement this for nearly 10 years now. It's an obvious way to combat piracy since you can identify the source of the leak, and it's a massive benefit that digital distribution offers the record labels. Users get cheaper tracks and can download them instantly from the comfort of their own home. Record labels get to discourage piracy and have an easy way to track down the source when it happens.

Honestly, it's such a simple solution I thought there must have been something I was missing for the record companies to not implement this. It's win win as far as I can see.

Re:Seriously...

[paul248 (536459)]

Well, Apple could sign the file with their private key after adding your user ID. It wouldn't stop people from blanking it out, but it would securely prevent impersonation.

Re:Seriously...

[quarrel (194077)]

Oh please, if you're the copyright holder are you really paying Apple and downloading it off itunes?

No. You're not.

GP is correct.

--Q

Re:Seriously...

[NNKK (218503)]

AAC ( http://en.wikipedia.org/wiki/Advanced_Audio_Coding [wikipedia.org] ) is an industry standard, and even if it weren't, iTunes helpfully provides a "Convert to MP3" item in the context menu of non-DRM'd AAC files that does exactly what it says.

Re:Seriously...

[amake (673443)]

Converting from AAC to MP3 is lossy.

Re:Seriously...

[mosschops (413617)]

Converting to MP3 is lossy, regardless of the source format.

Re:Seriously...

[lisaparratt (752068)]

Of course there's loss, but to imply a lack of transcoding loss is a prerequisite before anyone can use it anywhere is absolute madness.

No one who lives outside of their mum's basement cares. Really. Your average MP3 player is not hifi, and your average consumer doesn't give two shits about the quality loss.

Also, last I checked, Steve Jobs didn't repeatedly smash your face into a MacBook keyboard whilst pointing a shotgun at your head with his free hand until you bought music from iTunes. If you don't want it, don't buy it.

Re:Seriously...

[martinX (672498)]

I'd whip you with my Pear Anjou cables [pearcable.com], but I've just finished burning them in and aligning the natural resonance using my interocitor.

Re:Seriously...

[DA-MAN (17442)]

i seriously doubt that an email which can be easily changed in a file can be used as the sole grounds for pressing charges. It ma however bolster a case where a user has been tracked by IP and the files have his email too.

As we're talking about purchased music, all Apple would have to do is lookup the record of the credit card used to purchase the song.

So unless you always use iTunes redeemable gift cards, it's probably fairly easy to track a user definitively.

Re:Seriously...

[asc99c (938635)]

The English is fine, just not the information!

Like many places, Spanish law has exemptions for private use, which probably makes removing DRM completely legal. However the owners are allowed to make copies only for private usage, with collective and lucrative uses not allowed. Sharing on P2P would definitely constitute a collective use.

Although as with almost everywhere else, P2P itself is not illegal.

hmmm

[JimboFBX (1097277)]

so what happens when you send it to someone else in a "hey check out this song" kind of way, then that person is stupid and sticks it in their lime wire folder?

Re:hmmm

[ozphx (1061292)]

Seriously, you're not expecting the iTunes police to come crashing through the window with guns blazing are you?

As a member of the iTunes Police, I take strong exception to this. Firearms safety has always been a core tenet of iTP training. An iTP officer will only open fire if a copyright violation is in progress, or the officer has reasonable belief that lethal force is the only way to prevent a copyright violation.

iTunes Police would never "come crashing through a window with guns blazing". The very thought of it!

No worries

[Thanshin (1188877)]

Never again buy anything related to music and you'll be safe.

Alternatively, you can buy music in small stores, in cash. In that case, it's better to wear sunglasses and a hat. You wouldn't want anyone to discover you're one of those people who actually are paying clients of the music industry.

You can see the info in iTunes

[by Anonymous Coward]

You can see the info within iTunes.

Get Info on the Song/Video/Etc

Then go to the Summary Tab, Second column.

Old news

[AmaranthineNight (1005185)]

This has been the case for AGES

http://business.timesonline.co.uk/tol/business/industry_sectors/media/article1871173.ece [timesonline.co.uk]

Or at least for about a year and a half, I think slashdot reported on it then, too.

Hidden?

[1729 (581437)]

the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download

How is this "hidden"? If you select an audio file purchased from the iTunes Store (with or without DRM), and go to File->Get Info, you'll see the following fields in the summary:

Purchased by:
Account Name:
Purchase Date:

Apple's not trying to hide anything here.

Old News

[Star_Gazer (25473)]

http://yro.slashdot.org/article.pl?sid=07/05/30/2014222 [slashdot.org]

I think it's OK. Even if I really buy from iTunes to burn a cd as gift, at that point the account info will be gone, so what's the matter?

Old story

[rduke15 (721841)]

This is an almost 2 year old story: Apple's DRM Whack-a-Mole [slashdot.org] (Posted by CmdrTaco on 10.06.2007 17:08)

If it bothers you to have an identifying tag in your music files, well remove it or overwrite it.
As far as I understand, it's stored in a standard MP4 atom.

And if you don't know how to do it, ask Google [google.com], or try this suggestion [tech-recipes.com] which explains how to use AtomicParsley for windows [sourceforge.net] or mac [sourceforge.net].

Old news

[phooka.de (302970)]

This came up when they introduced iTunes plus ages ago. It's been discussed back then. Yes, the info is there. You can simply look it up, no problem. Your ID3-Tag-Editor might not be able to chanxge it since we're not talking MP3 here. That's it.

Just use a different editor, clean out the information and start the copyrightinfringement-frenzy you seem to have been waiting for for so long. Oh no, you already do that, I guess.

Or, if you don't like finding an editor that can delete the info, just go to a record store and steal the CD.

Keep your private stuff private: keep your privacy

[HumanEmulator (1062440)]

So... if I keep the music I purchased for private use private, I have no privacy violation? Right?

Also, despite the summary's between the lines implication that Apple is hiding the info from ID3 tag editors, the audio files are MPEG4. This means they don't contain ID3 tags. Since MPEG4 is based on QuickTime, a QuickTime atom editor will happily show you the tags and let you remove them.

You could also have guessed the purchaser info was in these files based on the fact that iTunes shows it to you if you get info on a song.