iTunes DRM-Free Files Contain Personal Info 693
r2k writes "Apple's iTunes Plus files are DRM-free, but sharing the files on P2P networks may be an extremely bad idea. A report published by CNet highlights the fact that the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download. I checked, and I found I couldn't access the information using an ID3 tag editor, but using Notepad I found my email address stored inside the audio file itself."
Seriously... (Score:5, Insightful)
I don't see the problem. I didn't want them to remove DRM so I could ignore the copyright on the music, I wanted them to remove it so I could use it on any device I wanted to listen to it on. They did that; now I can, as far as I'm concerned, we're all good now.
If you interpret the lack of DRM as permission to ignore copyright, and you end up in trouble because you did so...
Nope, don't see the problem.
Good grief. "Sharing" copyrighted music files on a P2P network was always an extremely bad idea. If you ever had any fraction of an excuse for doing it (and frankly, I don't really think you did, but...) it is gone now, at least as far as iTunes purchases go. What has changed is it is now reasonable to purchase music, because you'll actually get to own it, use it on *all* your gear, back it up, etc.
The only thing I can think of that is really affected by this is your ability to legitimately resell recording of a tune you own, because you bought it. And for that issue, I give it.... maybe an hour before someone comes up with a tool to ZOT that name and email address right out of there. Maybe it'll even put the new one in. Pride of ownership and all that.
Re:Seriously... (Score:5, Insightful)
hmmm (Score:5, Insightful)
No worries (Score:5, Insightful)
Never again buy anything related to music and you'll be safe.
Alternatively, you can buy music in small stores, in cash. In that case, it's better to wear sunglasses and a hat. You wouldn't want anyone to discover you're one of those people who actually are paying clients of the music industry.
Re:Seriously... (Score:3, Insightful)
Re:Seriously... (Score:5, Insightful)
Oh please, if you're the copyright holder are you really paying Apple and downloading it off itunes?
No. You're not.
GP is correct.
--Q
Seems reasonable enough (Score:2, Insightful)
Just so long as the music industry doesn't come back in 10 years with new lawsuits targeting little-old-lady-X because 10 mil. people somehow ended up with 'pirated' copies of music with her name in it.
Since this watermark must be fairly easy to modify, I can't really see how useful it would be in tracking piracy. It could probably have some uses for marketing research. Though, honestly, I can't think of any myself...
Re:Seriously... (Score:3, Insightful)
So if tomorrow a file with your personal information is shared on the web and you simply don't know how is it possible, so you're fined a couple thousand bucks, I guess you won't mind?
Or you're so sure of the infalibility of Apple's system that you're willing to bet a couple thousand bucks, in exchange for... Nothing?
Great odds.
P.S.: Avoid casinos.
Re:Seriously... (Score:5, Insightful)
While I agree with you, here is the problem I have with it:
Person A is the target
Person B is the attacker
RIAA is the litigious groups of assholes
Person B decides to harm Person A. Person B knows Person A's email address. Person B modifies a bunch of MP3s to contain Person A's email address and then posts them to every torrent site imaginable. RIAA is famous for ignoring what "reasonable doubt" might suggest or imply and immediate goes into litigation. Even if it is later revealed that Person A was a victim in this scenario and is completely innocent of wrong doing, Person A just spend a LOT of money in the process. (It can be reasonably assumed that Person A spent a lot of money because without having spent money, a defendant most likely will lose.)
Old News (Score:5, Insightful)
http://yro.slashdot.org/article.pl?sid=07/05/30/2014222 [slashdot.org]
I think it's OK. Even if I really buy from iTunes to burn a cd as gift, at that point the account info will be gone, so what's the matter?
Re:Seriously... (Score:2, Insightful)
Re:Seriously... (Score:3, Insightful)
Well that's good then, because it's not in a proprietry format! AAC is not Apple Audio Codec â" it's Advanced Audio Codec â" to go with Advanced Video Codec, aka MPEG 4's high quality audio and video codecs.
What could possibly go wrong? (Score:1, Insightful)
How hard would it be for someone start spreading mp3's with someone elses information in it, and then make RIAA sue them when they find the first one?
Granted that the situation might be solved when Apple checks whether or not this person ("purchased by", "account name", "purchase date") actually bought the song but still it might cause a lot of trouble for someone.
I think this is not a good idea. iTunes should store these separately in some meta-files...
Re:Seriously... (Score:5, Insightful)
Couldn't you correlate your purchase record, or lack thereof, to validate or disprove the claims against you in that scenario?
It seems like a quick comparative analysis there would pretty quickly mitigate *most* of that concern.
Deal with music industry (Score:2, Insightful)
Old story (Score:5, Insightful)
This is an almost 2 year old story: Apple's DRM Whack-a-Mole [slashdot.org] (Posted by CmdrTaco on 10.06.2007 17:08)
If it bothers you to have an identifying tag in your music files, well remove it or overwrite it.
As far as I understand, it's stored in a standard MP4 atom.
And if you don't know how to do it, ask Google [google.com], or try this suggestion [tech-recipes.com] which explains how to use AtomicParsley for windows [sourceforge.net] or mac [sourceforge.net].
Re:Seriously... (Score:5, Insightful)
i seriously doubt that an email which can be easily changed in a file can be used as the sole grounds for pressing charges. It ma however bolster a case where a user has been tracked by IP and the files have his email too.
As we're talking about purchased music, all Apple would have to do is lookup the record of the credit card used to purchase the song.
So unless you always use iTunes redeemable gift cards, it's probably fairly easy to track a user definitively.
Comment removed (Score:5, Insightful)
Keep your private stuff private: keep your privacy (Score:5, Insightful)
So... if I keep the music I purchased for private use private, I have no privacy violation? Right?
Also, despite the summary's between the lines implication that Apple is hiding the info from ID3 tag editors, the audio files are MPEG4. This means they don't contain ID3 tags. Since MPEG4 is based on QuickTime, a QuickTime atom editor will happily show you the tags and let you remove them.
You could also have guessed the purchaser info was in these files based on the fact that iTunes shows it to you if you get info on a song.
Re:Seriously... (Score:2, Insightful)
I don't see the problem.
Seriously, you don't? Largely because of the music industry's reluctance to use distribution methods and pricing that makes buying music "legally" attractive, we now have a situation where everything may end up on p2p. If you are happy living with the risk that one of your purchased iTunes Plus files will end up on a file sharing network and you getting sued for it, then you must be on Valium.,.
Reasonable compromise... (Score:4, Insightful)
Sure, so long as they make it abundantly clear that this is what they're up to.
Is this the case? I assume it isn't, because Slashdot and others are acting all surprised about it.
Re:hmmm (Score:4, Insightful)
What if the disk also contained word processed documents? Or a backup of your emails? Or you lost your MP3 player and it had your calendar and address book on? Or even your mobile phone with its list of phone numbers? We put lots of personal data on devices that can be lost, some of which is worse from an identity standpoint than an email address.
Besides, I'd expect most people who pick up a disk and don't hand it in to the police are likely to either a) nuke it and use it or b) look for bank details and other things they can sell, rather than music that they need to use their own bandwidth to share for no profit.
Re:Seriously... (Score:2, Insightful)
Yes, apparently the email address is there in plain text, easily zeroed out, but who knows what else is encoded there less obviously? But if I did plan to "share" such a file, I'd transcode it to MP3, which would lose all that metadata, unless they have done some sneaky audio watermarking. I mention that as a possibility, but I think it very unlikely.
Re:Seriously... (Score:4, Insightful)
I mean, seriously, if you want to implement digital right protection, you either do it completely (hint : you can't) or not at all. Partial implementation like this one are completely useless.
Re:Simple... (Score:3, Insightful)
How long before someone comes out with a little program that does exactly this, replacing all email addresses with sjobs@apple.com?
Re:Old news (Score:4, Insightful)
That'd be
Note to editors: even if it's nearly two years old, it's still a dupe
Re:Seriously... (Score:5, Insightful)
Well, Apple could sign the file with their private key after adding your user ID. It wouldn't stop people from blanking it out, but it would securely prevent impersonation.
Re:Seriously... (Score:5, Insightful)
Please... We've done blind tests with orchestra and studio musicians, and the detection rate of MP3 vs. CD on $500 studio headphones was not statistically significant. Get over it already.
Re:Seriously... (Score:2, Insightful)
But the bigger the playback system, the more the differences become apparent.
Just the same way if you took this web site's logo and blew it up to actual billboard size it would look
quite ugly, pixelated and distorted, the more sound is amplified, the more these artifacts become not
only noticeable, but downright annoying and irritating to the human ear.
Lossy compressed audio is so 1995...
Z.
Re:Seriously... (Score:4, Insightful)
Right, we both saw those possibilities. And then I point out that there's no record of me purchasing those tracks and it's kind of game over and I'm sad that that's an effective use of your time.
As long as there's an actual correlation between those embedded email addresses and the purchase logs at Apple, it should be child's play to disprove "plants" like that.
Granted you have a window of malice here, but I believe it's a lot smaller than is being suggested. Those plants could be checked by Apple without me ever having to know. Your narrow window of malice (hoping to hit a subset and NOT a superset of whatI've purchased) would be even further mitigated by them simply setting "Bar For Kicking In Your Door" to some non-tiny number. So you don't even necessarily get to waste my time. Just your own. ;)
You might with your project succeed with redistributing music files around the net ... but that's kind of where things are now.
Re:Seriously... (Score:3, Insightful)
If you really don't like it, write the two-liner (one line if you know sed and awk) that blows your personal info out of every purchased track automatically.
I fail to see the issue.
Re:Seriously... (Score:3, Insightful)
And noticeable to whom? Audiophiles, and not the average user.
I'd rather have a 160 kbps MP3 that I could put on anything than a restricted AAC with better sound quality.
Comment removed (Score:3, Insightful)
Re:Seriously... (Score:1, Insightful)
Agreed. This is a fairly reasonable compromise on Apple's part.
It is neither compromise nor reasonable.
1) Apple's DRM policy is entirely mandated by the RIAA, who do not know the meaning of the word 'compromise'. No RIAA OK, no iTunes licensing.
2) Consider how many iPods get lost or stolen. Is it reasonable to bury personal info into music files unbeknownst to the user when those files are *known* to end up in the wrong hands? According to Dell, over 12,000 laptops are lost in US airports every week [google.ca]. At least there is the opportunity to secure the information on a laptop. I'm guessing there isn't a single utility to encrypt music files on iPods, much less the personal information embedded within.
3) Imagine how many iPods are lost at schools. How many scams can you think of that take advantage of the owner's desire to get their iPod back. Worst of all, show me a pedophile that wouldn't love to pretend to be some kid's classmate wanting to return their beloved iPod in order to lure them somewhere private. Lost iPod + email address of owner = "Meet me by the white van with tinted windows"
Re:Seriously... (Score:5, Insightful)
Apple wants DRM free stuff and RIAA doesn't. Apple stuffs personal info in there so there will be some accountability should the file get P2P'd. Sounds like compromise to me.
As far as reasonableness? Your scenarios sound pretty darn unlikely. Almost as unlikely as someone stealing my iPod with my contact info in it, then deliberately leaving it at the scene of a murder in order to frame me. Or maybe space aliens will steal the music on my iPod and accidentally broadcast it back to Earth. NASA will pick it up, magically determine the email address associated with it, send spooks to pick me and perform experiments on me for the rest of my life.
Re:Seriously... (Score:5, Insightful)
Re:Seriously... (Score:5, Insightful)
Listening to music on headphones while on the train is lossy but people still do it. We can't all sit in silent rooms with reference quality speakers 6 ft in front of us and £1000 amplifiers. The quality loss is totally irrelevant as it cannot be heard under normal listening conditions by the vast majority of people.
Re:Seriously... (Score:4, Insightful)
Fair enough so long as there is no additional lossiness in the conversion.
Why? Who cares? AAC is a valid format. They should use MP3 because more non-iPods support MP3 then AAC? Maybe they should support Ogg because it's "better" or sell music in a lossless format so that you are closer to the original.
I kind of understood the complaint when it was DRM protected AAC "wahhh... I can't play it on my non-iPod even though that device supports AAC". Now you can. But there's no reason Apple should have to support MP3. To many, these high bitrate AAC files are superior to MP3. Have a non-AAC compatible player? Go to Amazon.com, they have a similar selection.
There will always be a complainer until Apple releases every song ever, including bootlegs, in Ogg, MP3, AAC, Flac, and ten other formats, and change the iPod to support all of the same, and make the iPod a 3G wireless device that has a built in BitTorrent client to grab the files quicker, and they cook you dinner and do your laundry too. Maybe some of the readers here just aren't the iPod's intended audience?
Re:Seriously... (Score:5, Insightful)
If you think $500 headphones are high quality, you're sorely mistaken.
If you think the intended audience for things like iTunes and the Amazon MP3 store DON'T think $500 are high quality, you might be the mistaken one.
Re:Seriously... (Score:3, Insightful)
AAC will play on most portable devices these days. If you have something specific you want to play it on that can't handle an AAC, I'd make an mp3 copy just for that device, and keep the higher quality version for your computer and other devices.
Re:Seriously... (Score:3, Insightful)
I guess I'll stick with CDs then thanks...
I think that's partially the idea.
Re:Seriously... (Score:3, Insightful)
Think of the children!
You know, you're going to give yourself a heart attack far too early if you worry about crap like this. Seriously, an email address is not a piece of personal information that you can hold close to your chest.
Re:Simple... (Score:3, Insightful)
1) Download DRM-free song from iTunes
2) Open in Notepad, Find and replace with RIAA rep's email address, Save
3) Share on p2p network of choice
4) ???
5) Profit !!!
Buwahahah
Re:Seriously... (Score:5, Insightful)
1) Apple does negotiate with the RIAA [slashdot.org] about the terms of the DRM service [slashdot.org] that Apple has to maintain and run. I'm far from an Apple fanboy, but there have been stories over the years going off on how the DRM wasn't Apple's idea and so forth. There are even quotes of Steve Jobs saying that DRM is bad [apple.com], and that guy sure as hell isn't the type to just take it. I seem to remember a Slashdot story telling of how they were forcing the RIAA to accept their terms, but over the years the opposite [slashdot.org] I admit has been more likely.
Of course, the actual music execs have been saying [slashdot.org] for years that DRM is bad [slashdot.org] but the lawyers at the RIAA seem to be running their companies into the ground for them.
2)The private info consists of the email address related to the account that purchased it. I do not believe it actually contains a lot of 'personal information' such as your name, or social security number, or bank account numbers. I don't personally buy DRM'd music (which means I've yet to buy an iTunes track) so I can't be 100% positive, but I'm fairly sure there would of been an article on Slashdot before given this is nothing new to iTunes.
By the way, how is it any different than leaving a card or sticker with your name and phone number on an item in case you lose it so a good Samaritan (in the unlikely event your stuff is found by one) can return it to you? Honestly I think this is a non-argument.
3)You're the kind of person that would put a kid in a bubble to keep him from getting hurt, but not thing of how to feed him aren't you? The 'private info' consists of an e-mail address. Your pedophile argument is no better than the morons who scream "think of the children" in politics, equally pointless and used as an exaggeration of a problem to prove your point.
A pedophile isn't going to go track down someone by their bloody email address when they can just watch the school and pick their target in person. They wouldn't even know its a kids iPod until they found out who owned the email address, it could be a teacher's. Never mind the difficulties in actually associating a face to an email address when all you have to go by is the address itself and the fact they have an iPod.
The scams are equally as bad. Worst case, you have someone use the email address on a few porn sites so they get some XXX spam mail. If you are a mature parent, you can deal with that easy enough and if you are a tech savvy parent it shouldn't be a problem anyways unless you don't supervise your kids online experience (which means ALL online aspects, not just browsing and IRC).
So tell me. What would you do with my email address? How will you track me down with mine if I don't use it on Myspace? What if its only used on iTunes?
I think people are knee-jerking a bit much.
Re:Reasonable compromise... (Score:3, Insightful)
Re:Seriously... (Score:5, Insightful)
I think the concern is the following scenario: 1. Download from iTunes onto an iPod, 2. The iPod is stolen, 3. The tunes on the iPod are uploaded to file sharing networks, 4. I get sued by the RIAA. Of course, I think the CYA thing to do is just make sure you file a report whenever your iPod is stolen, and that should make short work of any lawsuit defense.
Re:Seriously... (Score:1, Insightful)
Can you point to a single case of prosecution or even legal harassment from a stolen iPod?
It's theoretically possible, but most stolen products are quickly blanked and sold on ebay or at a pawn shop.
Watermarking, just seems responsible to me, if there is large scale piracy going on, shouldn't it be investigated responsibly? The whole stolen library argument is really just a stretch to provide some rationalization for piracy. Believe me, when they catch you pirating and prosecute you, they'll have a lot more than your name in some songs. The itunes plus songs can be played on Linux, Windows, your iPod, any AAC supporting device, there is no limit to the CDs you can burn or the number of computers you might own that can play them. The argument against this is the possibility that a pedophile is going to use the email from a song on a stolen ipod to lure a kid? What if they got the email address from a stolen notebook? or phone? Maybe we should just prohibit email addresses for kids.
Re:Seriously... (Score:4, Insightful)
actually.. we are living in the world of ~12th generation mp3 players. I bet a $4 mp3 decoder chip from china sounds better than anything called "hi-fi" when the term was invented
Re:Seriously... (Score:5, Insightful)
"3) Imagine how many iPods are lost at schools. How many scams can you think of that take advantage of the owner's desire to get their iPod back. Worst of all, show me a pedophile that wouldn't love to pretend to be some kid's classmate wanting to return their beloved iPod in order to lure them somewhere private. Lost iPod + email address of owner = "Meet me by the white van with tinted windows""
Yes, won't somebody please think of the children?
Pirates: "No good music is available onine! I'll stop pirating when the record labels wake up and embrace online distribution."
Record industry: "Okay, our entire catalogs are online now."
Pirates: "But now it's too expensive! Good god, do you think we're rich? I'll stop pirating when music is less than a buck a track. That's a fortune!"
Record industry: "Okay, you win. Now by shopping around, you can find lots of music for $0.80 a track or less."
Pirates: "But you still have that DRM which impedes my fair use rights! I'll stop pirating when DRM is dead. Until then, it's off to TPB for me."
Record industry: "Hey, you know, you were right all along. It took us a while to realize it, but you're right. We've removed the DRM."
Pirates: "PEDOPHILES! PEDOPHILES! YOU'RE ENCOURAGING AND ASSISTING THE KIDNAPPING OF CHILDREN! Because of this despicable act, I'm going to pirate TWICE as much music now!"
Re:Seriously... (Score:5, Insightful)
This sort of thing has been a risk for a while. For instance, your car might be stolen, then used as a getaway car for an armed bank robbery. Witnesses make note of the license plate, and the police come to your door.
This doesn't make license plates a bad idea.
Re:Seriously... (Score:5, Insightful)
The email addresses have always been in clear-text. Even in the encrypted song files.
Seriously, am I the only person in the entire world who runs strings or emacs on binary files just to see what might be in them?
They met my demands; I'm happy. (Score:2, Insightful)
At first we complained that CDs were overpriced and it was too inconvenient to find good music, that's why we were pirating it online. Companies put it online more cheaply and half the people went legit. The rest of us had to fall back on other excuses.
Next we complained that the DRM on these new digital files restricted our legal rights to play the music in the ways we saw fit. "It's not that we want to pirate it," we clamored, "it's just that we don't want to be treated like criminals!" So Amazon and iTunes (eventually) removed the DRM and we could play our music whenever, wherever, and however they wished. Half of the remaining holdouts rejoiced and went legit; the rest have to find new excuses.
Allow me to offer my suggestions for your remaining options:
"I want the ability to temporarily share or permanently sell my music to other people and I don't trust them not to upload the files."
"The identifying information on the files could be used maliciously by a third party to get me in trouble."
"Amazon/iTunes/RIAA is evil and giving them money is supporting evil. I do, however, support independent labels and bands by buying their products. (not just talking about it on slashdot.)"
"The formats provided are too lossy. I only keep files in [favorite format] at [obscene bitrate/lossless]"
"I fundamentally believe that I shouldn't have to pay for music and my other arguments are just rationalizations to lend an air of credibility to my position."
In conclusion, it's been a fun ride but this is my stop. I'm happy: my demands have been met. You guys will have to go the rest of the way on your own and I wish you the best of luck. But I don't hold out much hope. At a certain point it's not worth it for Amazon/iTunes/RIAA to bend over backwards trying to convince the last holdouts. On the positive side, that means you can cling to whatever rationalization you want for as long as you want!
Re:Reasonable compromise... (Score:2, Insightful)
Re:Reasonable compromise... (Score:3, Insightful)
Nope, that's my last complaint that I can think of...promise.
No, I buy my music....on CD, or SACD. I use that to listen to on my good home sound system...I rip it to lesser formats for lower quality listening conditions, like the gym or the car. I own pretty much all the music I grew up with, and many of them were album oriented, and the whole album was good...often meant to be listed to as a whole (DSOTM).
I'd prefer to buy today's music song by song tho..as there is a LOT of filler on albums today...
Not that it didn't happen in the past...but, these days, it seem MUCH more prevalent and abused by the 'artists'.
But no..I pay, I'm willing to pay..I want to buy online, but, ONLY when it is of the same quality as I can get at a B&M store.
Re:Seriously... (Score:1, Insightful)
Keep in mind as well that it's not actually the *email address* that's stored in the file, but the iTunes Store *account ID*
It appears to be your e-mail address simply because many people (particularly .Mac/MobileMe members) use their e-mail address *as* their iTunes Store account ID.
However, most of my purchased iTunes tracks do not contain anything that even remotely resembles my e-mail address.
Re:Reasonable compromise... (Score:3, Insightful)
Re:Seriously... (Score:3, Insightful)
I'm... speechless.
I fail to see the issue, again. So do you ever email anyone? I mean, anyone you send an email to could potentially log into your iTunes account and buy all sorts of tracks with your account. Maybe even a movie or a whole album.
Re:Reasonable compromise... (Score:3, Insightful)
...why does everyone get up in arms when just trying to want to buy online what we have bought for YEARS on a CD....
If you are male and of an age where you can afford equipment like that, I suspect that your ears may not be as golden as they used to be when you were poorer, but young, agile and strong and your hearing extended to 20,000Hz.
Most music on CD's even, is unnaturally processed, such as compression to make it sound louder. Often, also equalization is also added which distorts the original performance. This is almost universally true of all the popular music. The one area where this is usually not done nowadays is in classical music involving a full symphony orchestra. So, if you like classical music, your Klipsch speakers will definitely give you a reproduction close to actually being in the second or third row of a concert hall.
I used to do master recordings back in the analog 15 inches-per-second tape recording days for radio broadcasting and live shows on FM Radio. They had some Klipsch and Altec speaker system along with 200lb heavy tube amplifiers in the studio. That was impressive sound that I could back then still actually HEAR. These systems reproduced the sound of that 12 foot Boesendorfer Concert Grand they had amazingly well.
I still have some of the very first stereo LPs ever made in my music collection. There are also still a number of direct to disc LPs, because vinyl CAN have lower noise and less distortion than analog tape.
Unfortunately, music these days is not produced for audiophiles, but the mass market. For that the iTunes sound quality is far better than 90% or more of the reproducing equipment out there. I think you'll be stuck with buying CDs and perhaps even LPs as long as they are still made.