Forgot your password?
typodupeerror
Music Businesses Media Privacy Apple Your Rights Online

iTunes DRM-Free Files Contain Personal Info 693

Posted by kdawson
from the musical-steganography dept.
r2k writes "Apple's iTunes Plus files are DRM-free, but sharing the files on P2P networks may be an extremely bad idea. A report published by CNet highlights the fact that the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download. I checked, and I found I couldn't access the information using an ID3 tag editor, but using Notepad I found my email address stored inside the audio file itself."
This discussion has been archived. No new comments can be posted.

iTunes DRM-Free Files Contain Personal Info

Comments Filter:
  • Re:Seriously... (Score:0, Informative)

    by Anonymous Coward on Tuesday January 13, 2009 @03:42AM (#26429259)

    > Good grief. "Sharing" copyrighted music files on a P2P network was always an extremely bad idea.

    Not if you own the copyright or if you have permission to share it (e.g. permissive licensing). I hate it when people think that there is no _free_ music when there is plenty of it.

  • by Anonymous Coward on Tuesday January 13, 2009 @03:50AM (#26429309)

    You can see the info within iTunes.

    Get Info on the Song/Video/Etc

    Then go to the Summary Tab, Second column.

  • Re:Seriously... (Score:5, Informative)

    by NNKK (218503) <nknight@runawaynet.com> on Tuesday January 13, 2009 @03:53AM (#26429337) Homepage

    AAC ( http://en.wikipedia.org/wiki/Advanced_Audio_Coding [wikipedia.org] ) is an industry standard, and even if it weren't, iTunes helpfully provides a "Convert to MP3" item in the context menu of non-DRM'd AAC files that does exactly what it says.

  • Old news (Score:5, Informative)

    by AmaranthineNight (1005185) <amaranthinenight ... m ['il.' in gap]> on Tuesday January 13, 2009 @03:53AM (#26429339)
    This has been the case for AGES

    http://business.timesonline.co.uk/tol/business/industry_sectors/media/article1871173.ece [timesonline.co.uk]

    Or at least for about a year and a half, I think slashdot reported on it then, too.
  • Hidden? (Score:5, Informative)

    by 1729 (581437) <slashdot1729NO@SPAMgmail.com> on Tuesday January 13, 2009 @03:53AM (#26429345)

    the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download

    How is this "hidden"? If you select an audio file purchased from the iTunes Store (with or without DRM), and go to File->Get Info, you'll see the following fields in the summary:

    Purchased by:
    Account Name:
    Purchase Date:

    Apple's not trying to hide anything here.

  • Re:Seriously... (Score:4, Informative)

    by Anonymous Coward on Tuesday January 13, 2009 @03:57AM (#26429375)

    AAC in a a run-of-the-mill MPEG-4 container, with ID3-formatted tags stored in a separate atom (permissible in the MPEG-4 standard).

    Anything that uses libavcodec/libavformat as a base (ffmpeg, VLC, mplayer, etc) can read these files. They may not have the code to extract the ID3 tags from the atom and feed the data blob to something like libid3... but as long as the player software can read standard MPEG-4 files with basic AAC... it can play these suckers.

    The format just isn't as prevalent as MP3, but that doesn't automatically make it proprietary.

  • by Rix (54095) on Tuesday January 13, 2009 @03:59AM (#26429397)
    In many places, it's perfectly legal to share you music collection. Here in Canada we pay a tax on recordable media for that right.
  • Re:Seriously... (Score:2, Informative)

    by Anonymous Coward on Tuesday January 13, 2009 @04:02AM (#26429415)

    I am from Spain and here we have something called "private copy right" that allows people to have copies of copyrighted stuff, and to share it, by P2P or by whatever.
    P2P in Spain is not illegal, it's not regulated.
    Why Apple has to ignore the privacy of their customers in such way?

    P.S.: Excuse me if there is any mistake on my English

  • by Facegarden (967477) on Tuesday January 13, 2009 @04:09AM (#26429473)

    I suppose it's pertinent again and all, but seriously, I already know this guys, why are we pretending like this is new?

    On some level, I'm not sure why i care if it's repeat news. I mean really, repeat it all you want i guess, my life still goes on, but i dunno, journalistic integrity and all that, i feel like we should at least mention that this is a complete copy of an older story....
    -Taylor

  • Re:Seriously... (Score:5, Informative)

    by amake (673443) on Tuesday January 13, 2009 @04:09AM (#26429479) Homepage
    Converting from AAC to MP3 is lossy.
  • by Anonymous Coward on Tuesday January 13, 2009 @04:19AM (#26429557)

    ID3 tags? Hello? These are not MP3s and don't use ID3 tags. They store metadata in MPEG4 "atoms".

    One might be able to view and edit them with Atomic Parsley:

    http://atomicparsley.sourceforge.net/

    However, its tag parsing isn't as good as it might be.

     

  • Old news (Score:5, Informative)

    by phooka.de (302970) on Tuesday January 13, 2009 @04:27AM (#26429607)

    This came up when they introduced iTunes plus ages ago. It's been discussed back then. Yes, the info is there. You can simply look it up, no problem. Your ID3-Tag-Editor might not be able to chanxge it since we're not talking MP3 here. That's it.

    Just use a different editor, clean out the information and start the copyrightinfringement-frenzy you seem to have been waiting for for so long. Oh no, you already do that, I guess.

    Or, if you don't like finding an editor that can delete the info, just go to a record store and steal the CD.

  • Re:Seriously... (Score:5, Informative)

    by asc99c (938635) on Tuesday January 13, 2009 @04:48AM (#26429727) Homepage

    The English is fine, just not the information!

    Like many places, Spanish law has exemptions for private use, which probably makes removing DRM completely legal. However the owners are allowed to make copies only for private usage, with collective and lucrative uses not allowed. Sharing on P2P would definitely constitute a collective use.

    Although as with almost everywhere else, P2P itself is not illegal.

  • Re:Seriously... (Score:5, Informative)

    by mosschops (413617) on Tuesday January 13, 2009 @04:54AM (#26429747)

    Converting to MP3 is lossy, regardless of the source format.

  • Re:Seriously... (Score:1, Informative)

    by Anonymous Coward on Tuesday January 13, 2009 @05:01AM (#26429795)

    I can state for an absolute, personally experienced fact, that a purchased ITunes Plus AAC file can be played as-is by current versions of Winamp, with no processing or extra add ins.

    Yes, they have some extra tag indicating who purchased it (visible doing a get info in iTunes, so it has to be somewhere - so it's somewhat obivious that it will be in there) - but Winamp just ignores it.

    AAC is to MP3 what Divx/MP4 is to MPEG-2 video.

  • by Renderer of Evil (604742) on Tuesday January 13, 2009 @05:37AM (#26429991) Homepage

    Way to sensationalize something which has been known for years. Everything that is purchased on iTunes is stamped with user account and a unique transaction ID. Apps, videos, movies, rentals, etc.

    It doesn't bother me because I don't share my music on p2p networks and I'm not paranoid like some people. I dislike DRM because I want to easily play my music on whatever device I want, not because of some ideological drive to stick it to THE MAN.

    This is a non-issue.

  • Re:Seriously... (Score:4, Informative)

    by FridgeFreezer (1352537) on Tuesday January 13, 2009 @05:56AM (#26430123)
    Well up the bitrate and reduce the loss - people talk a lot of shit about hi-fi but in reality a decent MP3 will be indistinguishable from anything else on 99% of gear in 99% of listening situations.
  • Re:Seriously... (Score:4, Informative)

    by Silas is back (765580) on Tuesday January 13, 2009 @05:57AM (#26430135) Homepage Journal
    Just to note, the email address has always been part of iTunes Plus files. This in nothing new.
  • Re:Seriously... (Score:3, Informative)

    by sumdumass (711423) on Tuesday January 13, 2009 @06:10AM (#26430247) Journal

    Why would you think that you would get fined just because your name is in something?

    Nothing is going to happen until it goes to court. The guberment can't give you a fine for this like a speeding ticket or anything. They would have to collect enough evidence and present it and then either hope that the government picks it up or sue you directly. Even then, your lawyer will probably get you off before it costs any money because you won't be the first person it happened to. All it will take is one Virus going around that does something with these files and it would be completely pointless and worthless as evidence.

    About the most that can happen is Apple decides not to sell more music to you under that account.

  • Re:Seriously... (Score:2, Informative)

    by Anonymous Coward on Tuesday January 13, 2009 @06:17AM (#26430311)

    I wanted them to remove it so I could use it on any device I wanted to listen to it on. They did that; now I can, as far as I'm concerned, we're all good now.

    While I agree with you that removing the DRM is a good thing and inserting this information in the file is perfectly reasonable, as long as the music is in a proprietary format it can't be migrated easily. can the files be read by other applications?

    I really can't understand why so many people think that AAC is an Apple format... Is it the "A"s in it that makes everyone seem to assume it has something to do with Apple? It's a (patent encumbered) standard, just like MP3. Practically everything made these days supports AAC - it's actually cheaper to license per unit than MP3.

  • by Naturalis Philosopho (1160697) on Tuesday January 13, 2009 @06:45AM (#26430489)
    It's clear. A certain percentage of slashdotters act all surprised every time it's repeated though. Of course, most /.'ers also act all surprised every time some wack-job blames video games for violence too. At least some people are pointing out that the account information has been part of iTunes files for forever and isn't news to most people who know how to do a Google search.
  • by SwabTheDeck (1030520) on Tuesday January 13, 2009 @07:05AM (#26430621)
    FTA:

    I checked, and I found I couldn't access the information using an ID3 tag editor

    All iTunes songs are AAC or Apple Lossless. ID3 is used almost exclusively for MP3 and certainly not for any iTunes song.

  • Re:No worries (Score:4, Informative)

    by BasilBrush (643681) on Tuesday January 13, 2009 @07:15AM (#26430675)

    I know many people incapable of getting music from a CD to a mp3 player but able to transfer from the web to the player.

    They must be pretty dumb then. Provided iTunes is running, it starts ripping a CD into the library as soon as a CD is inserted. And as soon as the iPod is connected, the files will get transfered to it. No keyboard or mouse interaction needed.

    (These two actions can be disabled with preferences, but I believe that is the default behaviour.)

  • Re:Seriously... (Score:4, Informative)

    by pdbaby (609052) on Tuesday January 13, 2009 @07:36AM (#26430811)
    I diff'd 2 non-DRM iTunes songs a while ago... they just list your e-mail address and purchase date in the metadata. And I suspect that's done client-side to simplify their cache system.
  • by peragrin (659227) on Tuesday January 13, 2009 @07:59AM (#26430953)

    this is the second or third article about apple putting said info into their music files over the years. It isn't surprising. Apple even states it somewhere in the fine print of the EULA's.

    Slashdot suffers from ADD and forgets what it duped yesterday.

  • by jcr (53032) <jcr@nOSpam.mac.com> on Tuesday January 13, 2009 @08:12AM (#26431045) Journal

    Sure, so long as they make it abundantly clear that this is what they're up to.

    Choose any iTunes plus song, and select "get info" from the main menu. On the left side of the "Summary" pane, you'll see "Purchased By", "Account Name", and "Purchase Date". IIRC, those were there on the DRM versions too.

    -jcr

  • Re:Seriously... (Score:3, Informative)

    by dunkelfalke (91624) on Tuesday January 13, 2009 @08:19AM (#26431087)

    Actually, there are no hifi mp3 players because mp3 players aren't defined in DIN 45500 at all.

  • Re:Seriously... (Score:3, Informative)

    by Mr Z (6791) on Tuesday January 13, 2009 @09:21AM (#26431547) Homepage Journal

    True. I would imagine there are ways, though, of minimizing the loss going from AAC to MP3. A naive conversion would convert AAC back to uncompressed PCM samples, and then run that through a standard MP3 converter. That strategy would work (and is likely the one employed), but it seems like it would cause the maximum damage.

    Another technique transcodes one format to the other. AAC is also a lossy format, and its psychoacoustic model has already decided to discard some information. Transcoding from AAC to MP3 could convert the sound data in the frequency domain (i.e. the MDCT coefficients--the representation that AAC and MP3 use to code the sound once it's been shaped by the psychoacoustic model), throwing away only the sound bands that MP3 doesn't support. You may have to do some additional work to handle the smaller ranges of frame sizes that MP3 supports, but it's tractable.

    The main point is that you don't have to apply the full psychoacoustic model again to decide on more things to discard. Since MP3 represents a narrower band of sound than AAC does, most of the conversion can focus on removing the stuff MP3 can't represent, and then just recoding what remains with the greatest fidelity possible.

    Something tells me, though, that they're not bothering to do it that way, but I'd be interested to know if they do.

    (Note: I'm not an audio format expert, and I have simplified the description above. For example, AAC uses a modified DCT [wikipedia.org], so it's not as pure a frequency domain representation as, say, an FFT. MP3 apparently uses a hybrid approach that isn't pure MDCT. And so on. Still, capturing the audio data nearer to its encoded form and transcoding it, rather than going all the way back out to audio samples should retain higher fidelity.)

  • by CrackerJackz (152930) on Tuesday January 13, 2009 @09:59AM (#26432057) Homepage

    in iTunes: right click the song, select properties, tada! "Account Name: "

    (its in the same place as the DRM'd copies)

    I find it a little odd that so many people simply expected to get files with no account information, since all that was promised was FairPlay being removed. I'm still a little peeved about having to pay 0.30$ a tune to unlock my current library however.

     

  • Re:Seriously... (Score:3, Informative)

    by Locklin (1074657) on Tuesday January 13, 2009 @10:15AM (#26432375) Homepage

    Which is exactly what the GP seems to have been going for. If they find a pirated track, it has your email address in it, and the signature validates (the file is unmodified), they can delete your account or whatever without having to worry about impersonation.

  • Re:Seriously... (Score:1, Informative)

    by Anonymous Coward on Tuesday January 13, 2009 @10:30AM (#26432637)

    AAC will play on most portable devices these days.

    Why do people keep repeating this when it is demonstrably untrue? E.g. go to www.argos.co.uk.
    They have 86 non-apple music players. I looked at a random sample of about 20-30 and only *two* of the more expensive ones had AAC support. *None* of the cheaper players have it (WAV/MP3/WMA only typically).
    This is not a freak result. I've looked at maybe 100 player specs over the last year or two for sub £50 (UK) devices and I've *never* seen AAC support in this price range.
    Now, given that Apple is fully switching to non-DRM AAC, maybe most new cheap players will start to include support. Maybe not. But *they do not include it now*.

  • by Synchis (191050) on Tuesday January 13, 2009 @11:18AM (#26433405) Homepage Journal

    I'm going to raise a red light on this...

    1. We pay a *levy*, not a tax, on recordable media.

    2. This levy does not allow you to distribute your collection online. Distributing copyrighted works online is still infringing activity.

    3. The levy *does* cover you borrowing a CD from the library and making a *personal* copy of it to blank media. But, if you are recording the copyrighted work to a media that the levy is not applied to, it is still infringing activity.

    4. The Canadian gov't has repeatedly made promises to reform copyright laws and eliminate the private copying levy, so don't get too comfortable with it.

  • by Anonymous Coward on Tuesday January 13, 2009 @11:57AM (#26434085)

    At least some people are pointing out that the account information has been part of iTunes files for forever and isn't news to most people who know how to do a Google search.

    You don't even need to do a search. Just select the file in iTunes and press control-i in windows or command-i in Mac OSX. The information on the file is then displayed in all its relative glory.

  • Really old news? (Score:3, Informative)

    by Nabeel_co (1045054) on Tuesday January 13, 2009 @12:03PM (#26434203) Homepage

    Correct me if I'm wrong, but didn't this issue come up back when Apple first released DRM-Free songs?

    To add to that, the post is misleading, it's not actually hidden unless you are a complete and utter tool. In the info window of iTunes, it clearly shows the information they have "hidden" in the file...

  • by tlhIngan (30335) <slashdot@worfMOSCOW.net minus city> on Tuesday January 13, 2009 @12:50PM (#26435053)

    I seem to recall a recent change in terms of service. My guess is that if you actually read the whole thing, it would have told you that personal info is attached to files you download.

    I'm betting 99.9999% of the folks just clicked accept without reading the new terms.

    My only gripe on these sorts of changes in terms of service is that I think they should highlight what has recently changed.

    This has always been the case since the iTunes store opened! It's not news, it's several years old. Heck, when Hymn was available (removed FairPlay from purchased music, and this was 5+ years ago), it kept the personal information to prevent people from P2P'ing the newly unlocked music.

    So the very first time you used the iTunes store years ago, personal information was attached - it wouldn't have shown up with change bars because that part has not changed. You can probably find the news articles about it from years ago, and again from a couple of years ago when iTunesPlus was started about how the AppleID of the purchaser was embedded in the file.

    People are acting like this is completely new, when it's been happening for years now.

  • by againjj (1132651) on Tuesday January 13, 2009 @05:45PM (#26439879)

"Indecision is the basis of flexibility" -- button at a Science Fiction convention.

Working...