Forgot your password?
typodupeerror
Music Businesses Media Apple

Apple's DRM Whack-a-Mole 352

Posted by CmdrTaco
from the ouch-ouch-ouch-ouch dept.
Mateo_LeFou writes "Gulf News has a nice piece exposing the last couple generations of Apple's DRM strategy (you didn't really think they were abandoning DRM, did you?). Article focuses on how quickly the tactics are worked around, and how nasty the latest one is: purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."
This discussion has been archived. No new comments can be posted.

Apple's DRM Whack-a-Mole

Comments Filter:
  • by daveschroeder (516195) * on Sunday June 10, 2007 @11:11AM (#19458429)
    I'm just going to ignore the DRM circumvention garbage that comprises the first half of the article, considering Steve Jobs is by far the most influential person in music, media, and computing to call DRM out for what it is.

    The first half of the article is nothing but an anti-Apple rant, actually insinuating that Apple is on a mission to not let their users burn music to CD, which is completely and utterly false.

    Then, the article drops this gem:

    Turns out that Apple has been embedding its files with user information. iTunes customers have been downloading files that contain both their names and their email address.

    "Turns out"? Let's continue...

    How long this has been going on and just why Apple has felt compelled to do so is still a mystery - the company so far has refused to comment

    A mystery? This has been going on since day one, and has never been a mystery. And even if it is a "mystery" on the non-DRM files, it was never a mystery on the DRM files, was never hidden, and was never secret. This has been known, never obfuscated, and obvious to anyone who clicked "Get Info" on anything purchased from the iTunes Store, ever.

    but the reason seems obvious.

    Oh, please. Do tell.

    The embedded data won't prevent anyone from listening to their music files ...which is what I thought the purpose of calling for no-DRM was. You know, so we could all use our files we legitimately own on any device.

    but it might deter them from uploading them to a file-sharing server.

    O, the humanity! Really??? It might deter people from that?

    Well, let's take a look at the logic, here. It was never secret on the DRM files, and it's not secret on the no-DRM files. But, Apple also never overtly publicized it. So, if it's not even talked about, how is it a deterrent, exactly?

    But the message is clear: take our songs public, and we'll take you public.

    Oh, that's the message, is it? So we've been calling for no DRM for ages, so we can legitimately and legally use our music files, and now people have problems with not being able to do things with them that are strictly illegal? If you want to bash copyright or the fact that you can't legally share anything and everything with anyone with no repercussions, do that. But don't blame Apple because an incidental name and email address is in a file that you shouldn't be uploading anyway.

    And to all the idiots who think this could be somehow "used against them" without their knowledge, it would be easily, easily provable that someone never made such a purchase from the iTunes store. But that's a different argument entirely. All these fringe examples of how something MIGHT be able to abused that makes all sorts of suppositions that aren't necessarily even true - that Apple put the information there for this purpose, or that it would ever even be used that way, by anyone, or that falsifying no-DRM tracks from iTunes and then uploading them to P2P networks will suddenly become routine harassment - are starting to get old.

    Sure, encrypt the data. But you know what? if it was encrypted, do you really think all the people howling about this wouldn't be complaining even more? After all, it's still identifying information, and now it's encrypted! Maybe the RIAA has the key, and they're all going to come after you! Why is Apple hiding this information??? Does anyone really think that wouldn't happen?

    My favorite quote of all this was from an EFF attorney; to paraphrase: if someone steals your iPod, the thief would have the name and email address of the rightful owner!

    Oh, yes, I agree: what a nightmare scenario that would be!
    • by chasingporsches (659844) on Sunday June 10, 2007 @11:15AM (#19458453)
      and don't forget that you can just right click the non-DRM file now and convert to another format that DOES NOT have your user information embedded in it. it's a very simple, fast process for the paranoid.
      • by Carrot007 (37198)
        It's DRM free, not lossless, why pay more for higher qualiy if you are going to re-encode it?
        • by Mix+Master+Nixon (1018716) on Sunday June 10, 2007 @11:42AM (#19458631)
          Why would re-encoding even be required? In the absence of DRM, couldn't you just pass the AAC stream unchanged into a new MP4 container with no personally identifying information or even just delete that information from the existing MP4 file?
          • by Tickletaint (1088359) on Sunday June 10, 2007 @12:36PM (#19459009) Journal
            Yes. You can. They're fucking ID3 tags (or whatever the m4a equivalent is), nothing more, so you can strip them using your favorite tag editor. Even QuickTime Player will do the job, I believe.
            • Re: (Score:3, Funny)

              by Jah-Wren Ryel (80510)

              They're fucking ID3 tags (or whatever the m4a equivalent is), nothing more, so you can strip them using your favorite tag editor.
              Stripping and fucking ID3 tags?

              Man, you need to get out more.
          • by blacklint (985235) on Sunday June 10, 2007 @12:58PM (#19459145) Homepage
            Yes, you could. Quite easily. Heck, I don't even have an application installed for editing the metadata, so I just opened one of my iTunes Plus files in a hex editor, searched for my real and account names, and overwrote them with useless data (Anonymous User and someoneelse - same lengths). Done. That was hard.

            Ok, granted, most people aren't going to open a hex editor to do something so simple. Which one wouldn't have to, since editing audio tags is a perfectly valid thing to do, so there are multitudes of programs to do just that. I'm pretty sure you could do it using Atomic Parsley [sourceforge.net].

            I'm really tired of people trying to make an issue out of this. As has been pointed out many times, your account data has been in files from the iTunes store from the very beginning. Your name not DRM. Does having your name in the file prevent you from doing anything? No! And as the tags are not encrypted, they are obviously not intended for tracking files on peer to peer filesharing as I could change them to reference anyone. I find having the data there helpful, as I can tell whether a specific file was purchased by me or my dad. If you don't like it, just get rid of it!

            Besides, didn't everyone cheer when some stores introduced audio watermarking which would actually prevent you from putting the original file on peer to peer networks, unlike this?
            • Re: (Score:3, Informative)

              by Mr2001 (90979)

              And as the tags are not encrypted, they are obviously not intended for tracking files on peer to peer filesharing as I could change them to reference anyone.

              They're not encrypted, but they are probably signed [eff.org]. The iTunes Plus files have blocks called "sign" and "chtb" which were not present in the old DRM'd files, and whose contents are unique for each combination of user + track. If you're going to remove your name, make sure you remove those blocks too - otherwise, the file could still be traced back to you by someone who knows what the original personal info might have been (i.e. Apple).

              Besides, didn't everyone cheer when some stores introduced audio watermarking which would actually prevent you from putting the original file on peer to peer networks, unlike this?

              No, I don't remember anyone cheering because of that. Most people here

              • Re: (Score:3, Insightful)

                by NMerriam (15122)
                The EFF has since admitted that the other unknown blocks were just more metadata used by iTunes. The obvious user information is the only identifying information in the files.

                There are a hundred ways to remove that data, and I have no doubt within another week or two someone will create an app whose sole purpose is to make all the files you have look like they were bought by Jack Valanti @RIAA.com.

                I really can't imagine any way Apple could have made this any LESS innocuous while still being able to tell the
              • by gig (78408) on Sunday June 10, 2007 @10:03PM (#19462005)
                > They're not encrypted, but they are probably signed. The iTunes Plus files have blocks called "sign" and "chtb" which were
                > not present in the old DRM'd files

                Sigh ... this is a proof of purchase. It is advantageous to the legitimate purchaser to leave this information in the file so as to future-proof their music investment.

                There were three big announcements with iTunes Plus: 1) no DRM, 2) double the bit-rate for higher quality sound, 3) PREVIOUSLY PURCHASED iTUNES STORE TRACKS CAN BE UPGRADED FOR A TOKEN HANDLING FEE TO THE NEW HIGHER-QUALITY BIT RATE.

                In order to upgrade you now or in the future, iTunes needs to be able to identify "iTunes Store purchases" from "other" in your music collection, which thanks to Apple's progressive and practical user-centric policies may include audio from dozens or hundreds of different sources.

                If a person follows the EFF's advice and strips the unique meta data out of their iTunes Plus purchase, iTunes will not be able to identify those tracks as iTunes Store purchases, and the tracks will never be upgradable to lossless, which is the next bump, within 3-5 years. After that, expect to see higher-than-CD bit rates and sample depths next, that is when you will START to hear the audio as it is recorded in the studio (even in my small project studio we have 24-bits and 192 kHz, but still to publish you have to distill down to 16-bits and 44.1 KHz using arcane and vicious audio hacking, a lot is lost). In other words, if you have anything other than a 24-bit 192 kHz lossless audio file, you are not done upgrading yet. Since there will be 3 or 4 jumps before we get there (and by then the music studio may have moved up ahead) you are looking at a lot of money to stay current if you insist on paying full price for every track every time out.

                A few years ago I heard a record company executive from a big label talk about DVD-Audio. Was he excited that consumers would soon be able to buy much higher quality music? Not really. He could not wait to sell Sgt. Pepper's to baby boomers again for full price, he couldn't wait to sell someone the whole Led Zeppelin catalog for the fifth time, again at full price. What Apple is doing by upgrading your audio quality for a handling fee did not come from the record companies, I can assure you.
      • by slughead (592713)
        and don't forget that you can just right click the non-DRM file now and convert to another format that DOES NOT have your user information embedded in it. it's a very simple, fast process for the paranoid.

        Also, don't forget that you can now legally delete said information from the file legally, since it's not bypassing DRM.
    • Re: (Score:2, Insightful)

      by bombastinator (812664)
      Regardless of political overtones the mere fact that the data has been found means that it will rapidly be changed or stripped out. One more update to playfair, big deal.
      • by Blondie-Wan (559212) on Sunday June 10, 2007 @11:34AM (#19458591) Homepage
        "Found"? It was never hidden. It was plainly visible, clearly intentionally, from day one. I'm absolutely flabbergasted people think this is some insidious new development or that it's been sneaked in in hopes people won't see it.


        Have the people expressing shock and outrage never used iTunes, or what? Seriously, the purchaser info is RIGHT THERE in the same tab in the "Get Info" window that displays the track length, play count, file format, bitrate, and other data that's clearly, readily, deliberately accessible to users, and IT HAS BEEN EVER SINCE THE STORE OPENED IN 2003.

        • Re: (Score:3, Informative)

          by jandrese (485)
          One interesting side effect of that information: In the first few versions of PlayFair the authors of the program made sure to leave your contact information in the file after it was decrypted, just to drive home the point that it wasn't about piracy. However, Apple changed iTunes such that if it saw that information on an unencrypted file, it would reject the file and the PlayFair guys were forced to strip it out.
        • by Doctor_Jest (688315) * on Sunday June 10, 2007 @05:01PM (#19460537)
          There's just no convincing some morons, though. I've been trying to say that for YEARS... there are some people that are CONVINCED the iPod won't play MP3s... EVEN WHEN I SHOW THEM... "oh that's an apple mp3" WTF? Are you TRYING to be stupidest person of the year?

          This is such a non-story, it almost feels like they're SEARCHING for something to piss and moan about.

          For chrissakes, people... BITCH WHEN THERE'S A NEED TO...

    • by Dasher42 (514179) on Sunday June 10, 2007 @11:34AM (#19458585)
      Hear hear! I nominate "Area man oppressed, end to freedom to swing his fist where neighbor's nose begins" as the new title for this presumptuous, trifling article. People fighting the good fight for fair use hardly need the company of the no-social-contract crowd. So the file has been branded as yours. That steps on your legal rights how? And while laws may be right or wrong, the ones governing uploading of someone else's copyrighted work without permission are wrong... how?

      Thanks for ripping this article a new one. Comments like this make Slashdot valuable, rather than the way the social anarchist whining seems to get a free pass to the postings.
      • It almost doesn't seem like Slashdot! This thread is bizarre in its rationality and reasoned response. WTF!

        And, as Daring Fireball stated, the book you buy from 37signals has a name plate in it. The horror!
    • by Belacgod (1103921) on Sunday June 10, 2007 @11:37AM (#19458603)
      IAWTC. Filesharing is illegal, and any DRM that doesn't reduce legal functionality is alright in my book. I can put these files on my ipod, computer, other computers...that's all I need. Anyone who complains about this has revealed themselves as no advocate for freedom, but an advocate for theft.
      • by Anonymous Coward on Sunday June 10, 2007 @11:48AM (#19458677)
        It may be illegal to share some files, but the practice of file sharing by itself is NOT illegal. Don't go around claiming otherwise.
        • Re: (Score:3, Insightful)

          by pasamio (737659)
          I'm pretty certain its illegal to share any of the files one would acquire through this method. This is calling out a specific example (iTunes Store) where sharing the property gained is very much an illegal act. Did you read the posting title? (I'm assuming you didn't actually read the slashdot body heaven forbid the article itself)
        • Re: (Score:3, Informative)

          by gruntled (107194)
          Actually, it's only the process of "sharing" that exposes you to legal action (at least here in the US). Taking a copy of a file off any kind of feed is generally protected under the Fair Use exception to copyright law. However, if you've configured your P2P client to allow *other* people to make a copy of that same file from your copy, you're "distributing" that file to thousands of others, and that's actionable.
      • Re: (Score:3, Funny)

        by suv4x4 (956391)
        IAWTC.

        WHAT..?

        (^ that's not an acronym)
    • by lucius.aemilius.paul (1113721) on Sunday June 10, 2007 @12:05PM (#19458819)
      I agree entirely with this poster. The original article is neither well-reasoned nor well-organized.

      As I see it, the Apple encoding lets you do whatever you want with your purchase, as long as you are willing to take responsibility for it. If you believe that music should be free, there's nothing to stop you from standing up for your belief and posting your downloads anywhere you want.

      If you do, you will earn public recognition --- and perhaps the admiration of those who don't want to pay for their own downloads --- for sticking by your principles. You may also earn the recognition of the music's copyright owners, and that may be less enjoyable. But if you're not willing to accept the latter recognition, then you don't deserve the first.

      Fortunately there's an easy solution; just don't post your downloads. I doubt that anyone will punish you for refraining. You can still enjoy them however else you choose and much more easily than you could before.

      Peter
      • Re: (Score:3, Insightful)

        by h4rm0ny (722443)

        Amen! This is a very good thing that Apple have done. If they can just be persuaded to now open their store to Linux users, then it will be perfect for me. But all round, this is fine. The article writer and editor to accepted this should be ashamed of themselves.
      • Re: (Score:2, Insightful)

        by Bruitist (987735)
        Most definitely. I mean, this doesn't even stop sharing between friends ("This track's pretty cool, have a listen") as it's not like your friends don't know your name and e-mail address anyway. And sharing like that is pretty much only a good thing...
      • If you've ever had your ipod or laptop stolen, you will know that your "easy solution" is not well thought out. You do not want any personal information embedded in music, especially unwittingly. It's one thing to embed a code or whatever into a song, but even that, given the devil may car attitude of the RIAA, puts you at legal risk for getting sued for simply being a victim of a theft or a hack of your computer. Not to mention that if your ipod is stolen, they have your name and email address, which most
        • by MoneyT (548795) on Sunday June 10, 2007 @01:34PM (#19459357) Journal
          Because if your laptop is stolen, the first concern you should have is that the thief might know your name and email address. The ipod being stolen is a bit more reasonable of an argument, but 99% of the people who steal your iPod will erase it and many people already engrave their name and contact info on the iPod anyway. Not to mention your name is usually in the name of the iPod. Honestly, if someone wanted your personal information, routing through your trash would be more effective and safer than swiping your iPod.
    • by vux984 (928602) on Sunday June 10, 2007 @12:06PM (#19458821)
      A mystery? This has been going on since day one, and has never been a mystery. And even if it is a "mystery" on the non-DRM files, it was never a mystery on the DRM files, was never hidden, and was never secret. This has been known, never obfuscated, and obvious to anyone who clicked "Get Info" on anything purchased from the iTunes Store, ever.

      EXACTLY.

      This is about as 'evil' as the time I bought a book on special order. The staff had put a paper insert inside the front cover with my name and phonenumber, presumably so that they knew who had ordered it. But they didn't tell me!! And it was personally identifying!!... why if I had started committing crimes with that book the police would have had my name and number!! I'm never buying a book from that company again! /sarcasm

      My favorite quote of all this was from an EFF attorney; to paraphrase: if someone steals your iPod, the thief would have the name and email address of the rightful owner!

      Heaven help the poor sap if someone were to steal his cellphone. or his wallet. or his briefcase. or his laptop.

      • Heaven help the poor sap if someone were to steal his cellphone. or his wallet. or his briefcase. or his laptop.


        Or his iPod again, if he uses the built-in address book.

    • by tsa (15680) on Sunday June 10, 2007 @12:21PM (#19458917) Homepage
      Yours was the only post this thread needed. And first post too! If I had mod points I would mod you up.

      Oh, and one more thing... Please /. editors, sometimes no news is better than a random rant from a clueless person.
    • Re: (Score:3, Interesting)

      by gruntled (107194)
      I have to say, putting in a name and email address is much less invasive than some other systems designed to deter file sharing. For example, back in 1997, Liquid Audio introduced a system that embedded the credit card number used to purchase the file within the file itself. Obviously, you'd have to be a loon to share a file like that.

      Even so, I don't think it's inappropriate to be concerned about including personally identifying informamation (PII) like a name and an email address. While this sort of thing
  • In English? (Score:3, Funny)

    by jginspace (678908) <jginspace@yahoo. c o m> on Sunday June 10, 2007 @11:12AM (#19458433) Homepage Journal
    Could we have that in English please?
    • by h4rm0ny (722443)


      Somebody who doesn't understand what DRM is, objects to their customer information being embedded in the file that they purchase. There are three responses to the embedded information - one is to say that the information is easily stripped if you want to do that. This does not account for the possibility that a harder to strip version will be introduced later. Two (my own reaction) is to say it's absolutely fine as it doesn't affect my enjoyment in any way at all and I'm quite happy for Apple to watermark f
  • Retards (Score:3, Insightful)

    by Anonymous Coward on Sunday June 10, 2007 @11:12AM (#19458435)
    Personal info has always been there. Didn't anyone notice that Apple is selling DRM-free tunes now? It's not Apple's fault if DRM is there. If it exists, it's because the record company wanted it there. Don't like DRM? Don't buy from those companies. Simple.
  • Nasty? (Score:5, Insightful)

    by Planesdragon (210349) <slashdot@castles ... s ['els' in gap]> on Sunday June 10, 2007 @11:13AM (#19458441) Homepage Journal
    Apple gives you a no-DRM file, and slaps a watermark on it so that, if you're so inclined to share it with wild abandon, they can ID you.

    That's not nasty. That's fair. It's YOUR music file, and there are no technical limitations on what you can do with it. if you do the one thing you're not allowed to do with it, they'll be able to (*gasp!*) track down that you did it.
    • Re:Nasty? (Score:5, Insightful)

      by RalphBNumbers (655475) on Sunday June 10, 2007 @11:45AM (#19458659)
      It's not even a watermark, it's just a couple of plain text metadata atoms (the MPEG-4 equivalent of ID3 tags).

      This is basically the digital equivalent of printing your name on the receipt and putting it in the bag when you buy a CD. No one's forcing you to keep the receipt if you don't want to, and no one's going to read it but you anyway unless you choose to staple it to a public bulletin board for some odd reason.

      I'm incredibly disgusted with the negative spin many people online have managed to put on Apple's move to sell DRM-free music. If you ever wonder why so many companies screw their customers, I think this illustrates one of the reasons. There's no upside in *not* screwing your customers; a lot of people can't or won't even recognize it when they're given everything they wanted.
      • Re: (Score:3, Interesting)

        Off Topic a bit, but I can't resist.

        "If you ever wonder why so many companies screw their customers, I think this illustrates one of the reasons. There's no upside in *not* screwing your customers;"

        Indeed this is true. I worked for a couple of years as a car salesman. I tried for the longest time to be a courteous and helpful salespserson and didn't get anywhere. One day, I was in a fairly pissed off mood, completely not related to selling cars, but just generally pissed off at the world. I was out to scre
    • Re:Nasty? (Score:4, Informative)

      by TheRaven64 (641858) on Sunday June 10, 2007 @11:46AM (#19458665) Journal
      It's not a watermark (there may be a watermark as well, but no one has found one yet). A watermark is something embedded in the actual data, changing it in an identifiable way. The tracks from the iTunes store simply encode the name and email address of the buyer, and the time of purchase in the standard metadata tags. This is fairly trivial to remove, if you want to bother. It's like a receipt; it allows you to prove that you purchased the track if you need to, but doesn't do anything more.
    • Re:Nasty? (Score:5, Informative)

      by Tom (822) on Sunday June 10, 2007 @11:56AM (#19458751) Homepage Journal

      Apple gives you a no-DRM file, and slaps a watermark on it so that,
      No, they didn't.

      I know this is /. and all, but how about at least getting the basic facts right?

      One, it wasn't added, it had been there before.
      Two, it's not a watermark, it's some embedded text.
      Three, the text is even embedded in plain text format.
    • Re:Nasty? (Score:5, Insightful)

      by NtroP (649992) on Sunday June 10, 2007 @11:57AM (#19458763)

      Apple gives you a no-DRM file, and slaps a watermark on it so that, if you're so inclined to share it with wild abandon, they can ID you.

      Except there IS NO watermark. There is only your name and email address, unencrypted, in a part of the file that's supposed to contain meta-information. This is no different than Canon deciding to put my name and email address in the EXIF data when I take a picture. Watermarking would mean modifying the actual photo (or music) portion of the file so that the identifying data was intrinsic to the media itself. Apple has done none of this.

      All this hand-waving is people showing their true colors. They are pirates at heart and simply want to complain. Most of the music on my iPod is ripped from my CDs. A lot of the music on my iPod is purchased (w/DRM) from iTMS. Some of the tracks on my iPod are from P2P networks, downloaded illegally. Do I feel guilty? No. Should I? Probably. But at the time I acquired those tracks they weren't available on iTMS. I've also discovered new bands through P2P and have since purchased their albums from either their web sites (if they had CDs for sale there) or iTMS when I found them there.

      I have no intention of sharing my purchases publicly. I like the fact that music I purchase has my name on it. I put stickers on my CD and DVD cases too, specifically so that when I DO lend them out to friends or co-workers, they know whose it is and can get it back to me. I lend quite a lot of my music and movies to friends and use Delicious Library to track who has it and when it is due back. If they like what they borrow, they know they should purchase it for themselves. My tastes are somewhat esoteric, but I've gotten a lot of people hooked on some under-the-radar, good shows and bands this way. Did some of the borrowers rip my CDs when they got them? Undoubtedly. Did they then share those tracks on P2P? Maybe. But now, when I lend a friend a copy of an iTMS file I can tell them not to share it because it has my name on it and I purchased it legally. The people I lend to won't have a problem with that and neither do I.

      The rest of the whiners need to STFU. They are just proving the RIAA right to think that all we want to do is pirate music and so we must be controlled like little children. I don't pirate music unless I'm not given an acceptable alternative. I've found my acceptable alternative and I'm glad it has my name on it. After all, I paid for it. It belongs to me. If I decide to sell it, I suppose I'll have to change the name, but then, If I decided to sell my engraved bracelet, my engraved wedding ring or my headstone, I have to have the name changed as well. Good thing I'm not planning on selling off my music collection any time soon...

    • by zotz (3951)
      "That's not nasty. That's fair. It's YOUR music file"

      The problem is deeper and your statement point to it.

      I don't want things I buy to be mine in that way.

      I buy a CD. It is my CD. I don't want my name and address embedded in it though.

      If I give it away as a gift, it is now not mine anymore. See the problem?

      all the best,

      drew
  • So? It's not like you're going to upload them are you? It's sure not a concern unless you do.

    However, I do think they should encrypt the watermark, or at the very least use some unique hash to prevent people from placing someone else's name there instead. I mean, things can happen surely.
  • Remove said personal information from the ID3 equivalent before uploading said file. Or is this information in some weird watermarking system I don't know about?
    • Re:So... (Score:5, Informative)

      by daveschroeder (516195) * on Sunday June 10, 2007 @11:19AM (#19458495)
      Remove said personal information from the ID3 equivalent before uploading said file. Or is this information in some weird watermarking system I don't know about?

      No. There is no weird watermarking system (though some people do suspect Apple of using hidden watermarks or steganography).

      The information is stored in international standard MPEG-4 "atoms". In fact, they're even preexisting atoms for the purpose of storing name and email address. They're not secret, and not hidden.

      If people are hell bent on uploading their files after they've purchased them, there's a number of ways the identifying information can be removed.

      Plenty of people around who say, "But what if I then change the name and email to that of my most hated enemy and upload those??" though. Yeah. Okay.
      • by Hao Wu (652581)

        Plenty of people around who say, "But what if I then change the name and email to that of my most hated enemy and upload those??" though. Yeah. Okay.
        Don't underestimate the number of spiteful people from all demographics who will do exactly that. It seems like petty revenge, but it will happen just as commonly as other forms of "internet abuse".

        • Re: (Score:3, Interesting)

          by daveschroeder (516195) *
          Don't underestimate the number of spiteful people from all demographics who will do exactly that. It seems like petty revenge, but it will happen just as commonly as other forms of "internet abuse".

          You're assuming that's why name and email address are even there (e.g., instead of just as incidental purchase metadata that's always been there that simply wasn't removed when Apple started removing DRM. After all, why remove it?).

          Also, you're forgetting that Apple maintains the authoritative records on all iTun
      • Re: (Score:3, Interesting)

        by Kjella (173770)
        No. There is no weird watermarking system (though some people do suspect Apple of using hidden watermarks or steganography).

        Get the same song from two different iTunes accounts. Run it through a binary comparison. Check. Remove atoms with name and e-mail, check again. Steganography is the method for hiding data in other data, but there's absolutely no way to hide unique data in two pieces of data which should be 100% identical. Either this could be dismissed easily or proven easily, so if there's no credibl
        • by Dunbal (464142)
          Better yet - total cost for this research : $1.98
        • Re: (Score:2, Redundant)

          by daveschroeder (516195) *
          People have done that:

          http://www.macrumors.com/2007/06/01/apple-using-st eganography-in-itunes-plus-songs/ [macrumors.com]

          That's why they thought that Apple might be using steganography. It turns out, though, that the AAC data is 100% identical and that the differences were a result in different metadata (modification dates) in the files:

          http://forums.macrumors.com/showpost.php?p=3696625 &postcount=123 [macrumors.com]

          So, Apple is indeed not using steganography or other hidden watermarking on the files.
        • Part of what's fueled the rumors is that some people did that and simply stripped the name/email and ran a checksum, found they were different. However, further investigation showed that the data appeared to be the same between the two files, but there were numerous additional pieces of metadata tags that were different. AFAIK, no one has really parsed all the metadata that Apple uses to know whether anything else in there might serve to identify users, but certainly it's possible that there are valid rea

  • Monetary gain (Score:5, Insightful)

    by Space cowboy (13680) * on Sunday June 10, 2007 @11:15AM (#19458455) Journal
    Let's see now, how to gain cash over the weekend - I know! The hottest topic in the computing sphere right now has to be Apple - with the keynote at their conference tomorrow. Let's do a hack-job on them...

    Strike one - let's paint Apple as stupid - pretend that the company famous for 'rip, mix, burn' don't understand that the code *they* built into iTunes can remove the DRM. [ed - are you sure you're going somewhere here ?]

    Strike two - we'll pretend that the bug [playlistmag.com] in iTunes was put there maliciously. We'll claim that Apple were caught out by their users being too clever [ed - I thought Apple acknowledge [Roy B's post] [apple.com] this as a bug, they *are* human you know]

    Strike three, they're out. They *embed* your email address into these "supposedly DRM-free" tracks! How are you supposed to upload and spread them around the net if they identify who did it ? That's it! Game over for Apple! [ed - but surely the people who *buy* iTunes music are the people who *don't* download free music from the 'net]

    columnist: Trust me, ok, it'll make for loads of ad-hits. $$$ man!
    ed: ok, ok. You know the territory, I'm just the business guy

    Quite apart from the fact that the personal metadata has *always* been embedded, it doesn't prevent the exact same method of protection-removal if you really want to upload your tracks - lay it down to CD as audio, rip it, "share" it.

    Perhaps what we have is simply that Apple didn't *remove* a piece of metadata that was always there, they just delivered on their promise to allow you to migrate your music to wherever you want to play it. But that's not a story that'll deliver ad-revenue...

    Y'all just oughta be glad it's not *me* in charge... I'd have embedded the email address as an easy thing to spot & remove, and *also* embedded the binary user-GUID, spread around in the metadata block. Once you *thought* you'd removed all trace of your name, I'd still be able to track who'd uploaded files - enough files... time to emulate a ton of bricks. Given the pay-for timestamp and the appearance-on-the-network time, I ought to be able to tell who's just "sharing" files as a policy after a while...

    Simon
    • Um ... don't forget ... this is /., where most posters don't even read the summary let alone the article. I'm sure his ad revenue on a Sunday morning will be enough for him to buy an album on iTunes. ;-)
  • Idiocy Alert (Score:5, Insightful)

    by 99BottlesOfBeerInMyF (813746) on Sunday June 10, 2007 @11:18AM (#19458481)

    Article focuses on how quickly the tactics are worked around, and how nasty the latest one is: purchased iTunes now have your personal data in them.

    Holy crap! I haven't seen this poorly of researched or obviously clueless article in a while. Apple isn't suddenly adding your personal data to songs. They've always done that. They just did not remove that when they pulled the DRM.

    Author suspects that this is to prevent you uploading them to a network."

    Well since such behavior would be illegal in almost every country Apple does business, I'm not sure why people should be so concerned about it. If you're obeying the law, this affects you not at all. If you're breaking the law, well, you're probably not paying to buy music in the first place so you won't have any of this music. If for some reason you are buying songs and intentionally republishing them without a license, well hopefully you're not so idiotic that you can't strip this data off. This data is nothing to worry about in my opinion. It is plaintext and easily removable. If you are a criminal you should be worrying about watermarking of files, which Apple may or may not be doing and which all the other music stores may or may not be doing. That is something a lot harder to detect.

    Personally, I'm just not illegally publishing copyrighted works (and not buying from Apple either) so I don't see why I'd care. Note, this is not DRM in any way. DRM stops you from taking actions. This simply might make it easier to discover who took an action after the fact. This is no more DRM than your own upload logs are.

  • Well it's clear.. (Score:5, Insightful)

    by Rytr23 (704409) on Sunday June 10, 2007 @11:19AM (#19458491)
    That Mateo_LeFou is an utter moron if he/she can be describe this as a "nice piece". And Taco is just trying to get people all up in arms for posting it.. I beleive the first post perfectly illustrates the innaccuracy and trollish nature of the "article". Nothing to see here..move along
  • by Timesprout (579035) on Sunday June 10, 2007 @11:19AM (#19458493)
    to insert a new name and email address so Steve, Bill and a couple of RIAA execs can become the biggest uploaders in the history of filesharing.
  • by FFFish (7567) on Sunday June 10, 2007 @11:21AM (#19458509) Homepage
    ...which makes it so damned easy to find and erase that one must conclude that the personalization has *NOTHING* to do with DRM. Honest to god, even the most retarded programmer would encrypt the information so that it isn't easily discovered.
    • Re: (Score:3, Funny)

      by Dunbal (464142)
      So? Overwrite the info, then. Better yet, put Steve Jobs' info in there.
  • by Anonymous Coward
    1. The convert to MP3 menu does not work for these tracks.
    2. They're more expensive
    3. You can't hear the difference, only 1 in 10 could and it was statistical noise.
    4. You can fit fewer tracks on a player because they bigger.
    5. Apple are playing a game here.

    I'm in favour of watermarking tracks with the sale ID, but Apple looks to be playing a game here, I still can't sign up to iTunes and get music for my MP3 players at the same prices as iPod users.

    • 2. They're more expensive

      Well, you're getting a higher-quality, DRM-free song. That's worth more.,

      3. You can't hear the difference, only 1 in 10 could and it was statistical noise.

      I can hear a huge difference. My music player handles unencrypted AAC files, so the new ones sound like music, and the old ones sound like, well, silence.

      4. You can fit fewer tracks on a player because they bigger.

      That's what "higher-bitrate" usually means. Scratch that: always.

      5. Apple are playing a game here.

      Yes. I

  • by Budenny (888916) on Sunday June 10, 2007 @11:30AM (#19458561)
    There is a serious point here. Not particularly about Apple or music. The question really is about electronic media and traceability and reading/viewing/listening habits. To get the potential issue, you have to fast forward a few years. Now most of the press and pamphlets and magazines have migrated online. Some minority book publishing has also. At this point, every book, record or mag anyone buys online has, imagine, a name and address in it that is verified to a credit card.

    Do you really feel completely comfortable about that? Do you for example feel comfortable knowing that that little radical publisher whose mag you subscribed to, and that has just been raided for some good or bad reason, has put your name and address in everything you bought from them? Lets say you live in some country where there had just been a change of regime.

    I don't. It seems that if someone wants to write his name and (email) address in his books, or on his record or DVD covers, fine, he should be free to do it. But I cannot see the vendor writing it in the copy as a default in a way that needs tools to take it out again.

    Its not about Apple - to the extent that this is just repetition of an old story about Apple its silly. But there is a serious question underneath this. To what extent do we want to be buying online exactly the same anonymous stuff we buy physically? This is not a silly question at all.
    • by cdrguru (88047)
      First off, every business values their customer list. It is people that have proven an interest in their products (old and new) and therefore an excellent source of sales. So when you buy your hardcopy book from some radical publisher they likely have your name on their customer list anyway. There is no getting away from that.

      Cash sale? I suppose if you go and actually visit a book dealer that stocks the book and there is no "loyalty discount" program and nothing else that could possibly be used to conn
    • Do you really feel completely comfortable about that? Do you for example feel comfortable knowing that that little radical publisher whose mag you subscribed to, and that has just been raided for some good or bad reason, has put your name and address in everything you bought from them?

      Hey, dude, if they were raided, the feds already got your name from them *already*. They don't need to dig your name out of a file to do that.

      At this point, every book, record or mag anyone buys online has, imagine, a name and
    • At this point, every book, record or mag anyone buys online has, imagine, a name and address in it that is verified to a credit card.

      So long as the data is just some text that I can scrub from these online purchases, it doesn't really bother me enough to think about scrubbing them. Of course, whenever you buy anything with a credit card, there's a record of that, and that record follows you (so to speak). That's not completely comforting, but I wonder if there's a system whereby we can have verifiable o

    • by Jeremy_Bee (1064620) on Sunday June 10, 2007 @12:19PM (#19458909)
      This is indeed a serious point, and one obfuscated by all the hoopla that the author of this article (and others), is creating over other, non-issues.

      It's a basic tenet of any sane, decent, information privacy legislation and (I believe already the law in Europe), that you cannot embed or record people's personal data in a "secret" way. If a person is buying a product that has their personal information embedded in it, they have to *know* this is the case.

      I (like many people), was originally shocked to find out the user name and email is embedded in the file being unaware that this was in fact *always* the case. Despite all the folks here pointing out that it was always the case, how many regular users of iTunes and iPods are aware of that? If it isn't commonly understood, then it's as good as secret.

      It seems to me that if the embedding is not presented to the user at the point of purchase in a clear, obvious, "in your face" EULA type of way, then Apple should be in violation of European law or at the very least going completely against the spirit of personal data protection and privacy laws. Having never purchased on iTunes, I am not aware if this is the case or not, but the large number of people that were not aware of the practice suggests that it is not advertised much at all.

      The point is that a person has to be able to maintain their own privacy if they need or want to. If a corporation is secretly (or even non-obviously) embedding personal data in a file, the user has to know it's in there in order to be able to manage or maintain their private information. Clearly, most users of iTunes had and have no idea that their personal information is being stored and may be at risk and no idea that they should have been protecting it.
  • Just look at the properties of any downloaded iTunes music file (at least on Mac OS X, not sure how Windows Explorer is useful in this regard) and it lists the purchase date along with the name of the person who purchased it.

    This is the case for DRM and non-DRM'd files, it's not something Apple added when they scrapped the DRM it's just something they didn't take out.

    As it's trivial to alter then it's no way of tracking users, it's just extra metadata.
  • The watermark metadata is presumably in the MP4 container, so surely one could simply extract the AAC stream and repackage it in a new MP4 container? Or are they watermarking the actual AAC stream somehow?

    -Stephen
  • Prevents Nothing (Score:4, Insightful)

    by nurb432 (527695) on Sunday June 10, 2007 @11:43AM (#19458643) Homepage Journal
    My files were stolen. Prove me wrong.
    • by Dunbal (464142)
      My files were stolen. Prove me wrong.

      That will be interesting when the RIAA sues Joe Blow for $1 trillion.

      Conversely - if they are putting personal information into the files and hope to retrieve it, then WE can retrieve it too. Be nice to have Joe Blow's address, SSN and/or credit card number. I wonder if Apple would be held liable as an accomplice in cases of identity theft - after all, it's not Joe Blow's fault his files got "stolen", but Apple put that persona
      • Re: (Score:3, Interesting)

        by daveschroeder (516195) *
        That will be interesting when the RIAA sues Joe Blow for $1 trillion.

        How about we wait until that happens? And even then, your problem is with the RIAA, not Apple. The fact that Apple puts name and email address in no-DRM files is irrelevant to any state of affairs involving the disposition of the files (stolen, uploaded tom P2P, etc.). If the information is illegitimate (e.g., bogus tags in files), it's easily provable. If it's not, then yeah, it's right back to, "My files were stolen. Prove me wrong."

        Conv
  • by Kjella (173770) on Sunday June 10, 2007 @11:49AM (#19458683) Homepage
    If I was to name the single most crucial characteristic of a DRM system, it is that it is the system governing my content rather than the courts. A watermark isn't restricting anything, I can reproduce, create derivates, distribute, perform, display, transform, comment, parodize, time-shift, space-shift, format-shift, backup and whatever else as much and as often as I want. If the copyright holders think I'm in violation of the law, we go to court where I might win, they might win but that is determined by law - not the few, if any activities the DRM system chooses to whitelist.
  • I wish I could use my mod points to mod the article -5, Idiotic.
  • Here's a great article exposing a similar practice by Adobe:
    NEWS FLASH! Adobe Hides Customer Information! [wilshipley.com]

    From the article:
    While many people believe that Adobe products are DRM-free, did you know that they, in fact, have a "poison tip?"

  • words... (Score:5, Insightful)

    by Tom (822) on Sunday June 10, 2007 @11:52AM (#19458715) Homepage Journal

    Author suspects that this is to prevent you uploading them to a network.
    Author is an idiot. There's an important difference between discouraging something and preventing something. The important part being that DRM has lots of fallout and innocent bystanders shot (e.g. you not being able to hear your music on a different machine also owned by you), while discouragement has a human-choice element that prevents most of those troubles.

    Besides, embedding personal info is not DRM. Wikipedia sums it up nicely:

    Digital rights management (DRM) is an umbrella term referring to technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device.
  • by PMBjornerud (947233) on Sunday June 10, 2007 @11:52AM (#19458721)
    I encourage everyone to access the firehose and vote this article down.

    Sad to say, but whoever wrote that article is clueless, and it does not deserve to be on slashdot (or anywhere else).

    I can only think that it made the front page because it mentions both Apple and DRM in the title, causing lots of people to flag it up by reflex. It should be buried.
  • Forgive me if I'm wrong, but is the article saying that we should be putting our DRM-free purchased iTunes songs up onto file sharing networks?

    I'm under the impression the whole point of DRM-free content was to allow users to legally use their purchased content to play them or convert them to any device we want. For Apple to put our names and email addresses into the DRM-free content seems okay to me, since I'm not going to be pirating the music out.
    • by toQDuj (806112)
      The article appears to be saying so, but it is indeed in no way intended.

      No-one said: I don't want DRM because I want to share it untraceably on the internet with millions of anonymous users. It is spun in this fashion, however.

      B.
  • Apple is Pro-Apple (Score:2, Insightful)

    by Anonymous Coward

    If you think Apple and or Steve Jobs have any opinion on DRM you are insane. He is a business man and a succesfull one at that. He only cares about what will make him the most money and will use or not use DRM as required by the greatest possible profit stream.

    If he was really for freedom for customers he would have long since forced disney to stop adding such basic stuff as region encoding or even plain impossible to skip commercials.

    He has not.

    At the moment his company is experimenting with a new product

    • by daveschroeder (516195) * on Sunday June 10, 2007 @01:17PM (#19459259)
      Believe it or not, it's possible for corporate leaders to actually have opinions and convictions about things. One mistake people like yourself make is that when you read anything that shows Apple in a positive light, you think that anyone agreeing with that thinks Steve Jobs is a "god" or some kind of savior.

      Wrong.

      It may be a "good business move" for Apple to start going down the no-DRM path. It may also be that everything Steve Jobs said in his anti-DRM "manifesto" of sorts is also correct, and something that he actually believes. The two aren't mutually exclusive. Also, if removing DRM is such an obviously good business decision for the "bottom line" and "profits", then why was Apple the first major entity to actually do it in any meaningful or high-volume way with mainstream music?

      Being "pro-Apple's-bottom-line" is fine. But that doesn't preclude Steve Jobs from having personal opinions and motivations that shape the way he runs the company. This whole "a corporation's only duty is to maximize profits and nothing else" line is garbage. On your region code arguments, you make assumptions that Steve Jobs has single-handed control over how Disney does all distribution of movies. You also ignore the incredibly complex situation with regard to regions for DVDs, which, for better or worse and no matter anyone's own opinion on them, are designed to allow for rollouts at different times in different regions of the world AND support the simply truth that some products can reasonably be sold for more in some markets than others. The owner/creator of the content has at least some say in the fact that they may want to sell something for $30 in the US, but $7 in Asia, do they not? Or are we arguing for globalization after all? I can't keep track.

      The fact of the matter is that Steve Jobs and Apple have now done more than any media, music, or computing industry company to tear down DRM where it counts, i.e., on mainstream content that is encumbered with DRM. I don't care if some indie artist is selling no-DRM music on eMusic. Good for them. We don't need to concentrate on indies who already sell without DRM, do we? We need to concentrate on the big labels who ARE selling with DRM. Apple has done more in the anti-DRM campaign in rhetoric, posturing, words, and now, action, than any other entity to date. Does that make Steve Jobs a "god"? Nope. It's just the simple truth. In the end it doesn't really matter if it's "good for Apple's bottom line", or if Steve Jobs really does believe everything he said about DRM, if it's good for you as a consumer, does it?

      On the subject of iPod, you're arguing that Apple is somehow doing something any differently from any other peer vendor in this industry with regard to manufacturing. Would people pay $1000 or more for an iPod? You over simplify the situation by making everything mutually exclusive: Steve Jobs *could* make the iPod in better conditions, at the same time ignoring the fact that any such move would completely decimate the iPod. As long as a company is abiding by the laws in the countries in which they operate, I don't care where they are based or who they sell to: your problem is with the host nation (China), not with Apple. And sure, some people make the problem with the company instead of the country because they think their "action" will best be spent there. Fine. Good for them. Let them vote with their wallets.

      I don't ever think anyone really said Steve Jobs was a god in all these straw man discussions. But believe it or not, individual opinions, convictions, and intent can shape a corporation just as much as any "concern for the bottom line". If concern for the bottom line was all that mattered, Apple should have been doing great under Gil Amelio. Some might say, "No, that just means Amelio was a bad businessman and Jobs isn't."

      Or could it mean that there's more to the bottom line than these latent (or overt) anti-corporate arguments?
  • Captain Obvious (Score:2, Insightful)

    by WwWonka (545303)
    purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."

    ...author ALSO suspects that the big pretty boat in the movie Titanic will sink in the end.
  • Don't Flame me (Score:2, Interesting)

    by JamesRose (1062530)
    Okay before anyone flames me for this, just as a precursor, I would just like to say I've read the other comments and as far as DRM, or apple trying to trick people or anything like that I agree is just stupid.

    However, I do have the slightest concern that if apple is not using encryption for people's personal files on this sort of thing, I am a little worried where else they may not be encrypting this data, I mean if all this information is storedon itunes user infromation databases, I hope it is full encry
  • I recently purchased a standard from the International Organisation for Standardisation (ISO, www.iso.org) and they too watermark the document. The PDF is encrypted and at the bottom of each page your name and date of purchase is printed in light grey letters. Seems logical considering how expensive their standards are and how easily they would be copied.
  • Its:

    a)Late, this stuff came out weeks ago

    b)Wrong, as many posts have already demonstrated

    c)Pompous, well, 'nuff said on that one

    It's got the holy trifecta that all /. articles seem to want. Best /. article ever!
  • by Tjp($)pjT (266360) on Sunday June 10, 2007 @06:46PM (#19461055)
    Fairplay was intended to allow you to burn playlists to CDs from beginning. It has a limitation on the number of times a given playlist can be burnt (5 I think), but changing the playlist allows it to be burnt again. It is an advertised feature not a "hack" to the DRM. From the beginning Apple has embedded the Apple ID and email address in the songs downloaded from the iTMS (iTunes Mxxxx Store), back to the protected AAC tracks. Nothing new here. And it is well known how to remove this information from the tracks. But why bother unless your intent is to actually upload them to a file server for widespread illegal distribution. It is not like anyone besides yourself will or should have access to the tracks with this data embedded in it... The author of the original cited article needs a clue by four hit and should be better informed.

Old programmers never die, they just hit account block limit.

Working...