Apple's DRM Whack-a-Mole 352
Mateo_LeFou writes "Gulf News has a nice piece exposing the last couple generations of Apple's DRM strategy (you didn't really think they were abandoning DRM, did you?). Article focuses on how quickly the tactics are worked around, and how nasty the latest one is: purchased iTunes now have your personal data in them. Author suspects that this is to prevent you uploading them to a network."
It's stored in plaintext... (Score:5, Interesting)
Re:Right click, Convert to AAC/MP3/etc. (Score:5, Interesting)
Re:So... (Score:1, Interesting)
Comment removed (Score:2, Interesting)
Re:Nasty? (Score:3, Interesting)
Either way, Apple's never claimed they will do this. The MPAA has strong-armed people into paying their settlements on far less incriminating evidence than a users' name actually being attached to the file. Chances are Apple has included this information to comply with their licensing terms for selling DRM free music.
Re:So... (Score:3, Interesting)
Get the same song from two different iTunes accounts. Run it through a binary comparison. Check. Remove atoms with name and e-mail, check again. Steganography is the method for hiding data in other data, but there's absolutely no way to hide unique data in two pieces of data which should be 100% identical. Either this could be dismissed easily or proven easily, so if there's no credible story I'd say that this is just a crackpot idea.
Re:So... (Score:3, Interesting)
You're assuming that's why name and email address are even there (e.g., instead of just as incidental purchase metadata that's always been there that simply wasn't removed when Apple started removing DRM. After all, why remove it?).
Also, you're forgetting that Apple maintains the authoritative records on all iTunes music store purchases. So unless you're going to say that people will be uploading no-DRM tracks that they know other people have purchased, or that someone will be stealing someone else's music (e.g., boy/girlfriend, friend, etc.) and then uploading to be vindictive, I mean, aren't there a LOT of ways to harass people if you're hell-bent on harassing someone? You're assuming that there is any legal standard that would allow someone who uploads no-DRM songs they legitimately purchased.
And remember, all of the big forces arguing against the inclusion of this information aren't even arguing for it to be removed; they're arguing for it to be *encrypted*. Which means it can still be decrypted. Which means that, whether there's any truth to it or not, people will still be accusing Apple of underhanded tactics, and probably would even suspect Apple was in collusion with the RIAA and is providing music industry groups with the keys to decrypt.
This won't be happening "commonly" at all. This is just another mock-objection by people who'd find problems with Apple no matter what they did. Apple has done more now to advance the no-DRM movement than any other commercial entity involved in music, media, or computing. (Yes, more than any other company or vendor or (mainstream) music provider.)
Is the fact that your name is in a song that you purchased for your own use really that big of a deal? Especially considering this same information has been in all tracks ever purchased from the iTunes store for the last four years?
Don't Flame me (Score:2, Interesting)
However, I do have the slightest concern that if apple is not using encryption for people's personal files on this sort of thing, I am a little worried where else they may not be encrypting this data, I mean if all this information is storedon itunes user infromation databases, I hope it is full encrypted, but it seems a little less likely now.
Re:Nasty? (Score:3, Interesting)
"If you ever wonder why so many companies screw their customers, I think this illustrates one of the reasons. There's no upside in *not* screwing your customers;"
Indeed this is true. I worked for a couple of years as a car salesman. I tried for the longest time to be a courteous and helpful salespserson and didn't get anywhere. One day, I was in a fairly pissed off mood, completely not related to selling cars, but just generally pissed off at the world. I was out to screw the world that day.
I had my best day, selling four cars with the greatest margins of my sales career. Additionally, those customers were the most satisfied, when the process was over.
Suffice it to say, I think most people WANT to be screwed! They want it, and will thank you afterwards for screwing them over.
I quit shortly after that, not able to live life screwing people. I probably could have made a great living had I been able to continue being "pissed at the world".
Re:There's a serious point here (Score:4, Interesting)
It's a basic tenet of any sane, decent, information privacy legislation and (I believe already the law in Europe), that you cannot embed or record people's personal data in a "secret" way. If a person is buying a product that has their personal information embedded in it, they have to *know* this is the case.
I (like many people), was originally shocked to find out the user name and email is embedded in the file being unaware that this was in fact *always* the case. Despite all the folks here pointing out that it was always the case, how many regular users of iTunes and iPods are aware of that? If it isn't commonly understood, then it's as good as secret.
It seems to me that if the embedding is not presented to the user at the point of purchase in a clear, obvious, "in your face" EULA type of way, then Apple should be in violation of European law or at the very least going completely against the spirit of personal data protection and privacy laws. Having never purchased on iTunes, I am not aware if this is the case or not, but the large number of people that were not aware of the practice suggests that it is not advertised much at all.
The point is that a person has to be able to maintain their own privacy if they need or want to. If a corporation is secretly (or even non-obviously) embedding personal data in a file, the user has to know it's in there in order to be able to manage or maintain their private information. Clearly, most users of iTunes had and have no idea that their personal information is being stored and may be at risk and no idea that they should have been protecting it.
Re:Prevents Nothing (Score:3, Interesting)
How about we wait until that happens? And even then, your problem is with the RIAA, not Apple. The fact that Apple puts name and email address in no-DRM files is irrelevant to any state of affairs involving the disposition of the files (stolen, uploaded tom P2P, etc.). If the information is illegitimate (e.g., bogus tags in files), it's easily provable. If it's not, then yeah, it's right back to, "My files were stolen. Prove me wrong."
Conversely - if they are putting personal information into the files and hope to retrieve it, then WE can retrieve it too. Be nice to have Joe Blow's address, SSN and/or credit card number. I wonder if Apple would be held liable as an accomplice in cases of identity theft - after all, it's not Joe Blow's fault his files got "stolen", but Apple put that personal info in them.
Except a name and email address isn't anywhere near any standard at all for "identity theft". So, no, Apple won't be held liable for anything, at all, in any case like this, even if they ever were to happen. A name and email address on a no-DRM music file is not an invasion of privacy and not an identity theft risk.
Man oh man, play with "DRM" and get burned. Companies just can't win - they've been beating the same dead horse for almost 15 years now. When will they learn?
Huh? This isn't DRM (by any understood definition of "DRM"). At all. It's not even clear that it was intended to be a "deterrent" to ANYTHING, since it's obvious, out in the open, and easily removed. Apple is doing more to move against DRM than any major entity in this realm ever has, in rhetoric and actions.
So, yeah, Apple "learned", and is following through.
Re:Couldn't be more ranty, or wrong (Score:3, Interesting)
Even so, I don't think it's inappropriate to be concerned about including personally identifying informamation (PII) like a name and an email address. While this sort of thing wouldn't be of any concern to the vast majority of users, there are a number of examples where such seemingly innocuous information has led to tragedy. As long as users are fully aware of the implications and can accept or reject such techniques, I don't have any problem with it.
Re:Right click, Convert to AAC/MP3/etc. (Score:5, Interesting)
Ok, granted, most people aren't going to open a hex editor to do something so simple. Which one wouldn't have to, since editing audio tags is a perfectly valid thing to do, so there are multitudes of programs to do just that. I'm pretty sure you could do it using Atomic Parsley [sourceforge.net].
I'm really tired of people trying to make an issue out of this. As has been pointed out many times, your account data has been in files from the iTunes store from the very beginning. Your name not DRM. Does having your name in the file prevent you from doing anything? No! And as the tags are not encrypted, they are obviously not intended for tracking files on peer to peer filesharing as I could change them to reference anyone. I find having the data there helpful, as I can tell whether a specific file was purchased by me or my dad. If you don't like it, just get rid of it!
Besides, didn't everyone cheer when some stores introduced audio watermarking which would actually prevent you from putting the original file on peer to peer networks, unlike this?
Re:Couldn't be more ranty, or wrong (Score:2, Interesting)
Is there any reason at all that you feel your SSN and mother's maiden name shouldn't be printed clearly on every item in your home? It will all be printed on items that should remain in your home. There's no reason at all that you should object, and in fact if you do object, you're a thief and should pay the consequences.
Re:Couldn't be more ranty, or wrong (Score:2, Interesting)
Re:Right click, Convert to AAC/MP3/etc. (Score:2, Interesting)