DRM Free iTunes... Marked Files... Downloads have personal information.

lilB

Yes, DRM free iTunes is great and all, but I noticed something interesting...

Downloads from iTunes are embedded with your name and email address, including the DRM free ones. This information is not stored in the ID3 tag, but it is embedded into the file.

Now there is probably some easy method of stripping this information, but then I began thinking.

There must be hundreds of ways they can embed this information into files, perhaps even in ways that can remain in the file even when transcoded. Something like a serial number or some other unique marker. Maybe even an inaudible sound that can be interpreted into data?

This can be used to track pirated music back to the purchaser.

iTunes may not necessarily do anything like this (yet) but its defiantly a possibility.

Thoughts?

xzzy

I say fair game. The argument against DRM has always been that you are tied to a specific vendor to be able to play your files. As soon as that vendor shuts down their service, say goodbye to everything you purchased.

I got no problems tagging files with purchaser information, because the only reason someone would object to this is if they intended to distribute the files.

ArcSyn

While i have no interest in ever buying music from iTunes ever again (or rebuying it for the mp3 version), I have no quarrel with embedding some user information in there. It doesn't hurt me to have the files on MY computer and MY pmp to have some user information embedded in them. If it helps track down distributors, then all the better.

The problem is going to be when Johnny gives Billy a song he downloaded from iTunes, and then Billy goes and puts it up for sharing, the embedded user is going to be Johnny, who is innocent with 1 exception. Hopefully, IP tracing and so on and such should be sufficient to avoid said situation though.

Mike Danger

This comment from the Slashdot story on this excellently sums up my feelings:

Slashdot Commenter wrote:

I don't see the problem. I didn't want them to remove DRM so I could ignore the copyright on the music, I wanted them to remove it so I could use it on any device I wanted to listen to it on. They did that; now I can, as far as I'm concerned, we're all good now.

If you interpret the lack of DRM as permission to ignore copyright, and you end up in trouble because you did so...

Nope, don't see the problem.

The Slashdot Story wrote:

....sharing the files on P2P networks may be an extremely bad idea

Good grief. "Sharing" copyrighted music files on a P2P network was always an extremely bad idea. If you ever had any fraction of an excuse for doing it (and frankly, I don't really think you did, but...) it is gone now, at least as far as iTunes purchases go. What has changed is it is now reasonable to purchase music, because you'll actually get to own it, use it on *all* your gear, back it up, etc.

The only thing I can think of that is really affected by this is your ability to legitimately resell recording of a tune you own, because you bought it. And for that issue, I give it.... maybe an hour before someone comes up with a tool to ZOT that name and email address right out of there. Maybe it'll even put the new one in. Pride of ownership and all that.

wunderbar

Yea, I don't get what the big deal is, unless you intend to buy it then immediately give it to 10,000 of your closest "friends". You can still do what you wish with the audio. Who cares if your name is embedded in the file if you're not doing anything illegal with it?

iTunesIsEvil

You can remove the metadata from the files if you really want to. AAC audio files use "atoms" as their metadata construct. It's kind of a really advanced ID3 tag. So it is in the tag technically, and not just embedded in the file. It's just not a tag that the iTunes software displays for you to edit.

Take a look at Atomic Parsley to have a look at the structure of the files. Its really pretty neat, and I have no problem with Apple (or any online retailer) marking the content in some specific way. So long as it doesnt stop me from using the file in an acceptable manner we're probably good.

SiliconStew

Don't like it? Strip it out. http://atomicparsley.sourceforge.net/ The information isn't hidden and it's been in these files long before now. It's not in a ID3 tag because iTunes' AAC files are MPEG4-based and only MP3's have ID3 tags.

Besides, the purchase date/time is hashed so it would be difficult to fake by a third party. The only ways you're going to be bit in the ass by this is if you share the file or if you give it to someone and they share it (without removing the tags first). They should have used a hashed user ID in the file instead of the plain email address, though.

It's not a big deal. They should have been doing this kind of thing from the beginning, maybe using stenography to hide the user id. Could have avoided all this DRM crap we've suffered through.


edit: curses!

maximumzero

It's been this way forever, ever since iTunes Plus existed.

Why are you acting like this is a new thing?

iTunesIsEvil

maximumzero wrote: »

It's been this way forever, ever since iTunes Plus existed.

Why are you acting like this is a new thing?

I'm sure there are quite a few people who didn't know that their Apple ID was being embedded into their iTunes purchases.

Buttcleft

Its okay until your MP3 player gets stolen and now whoever has it has your name and whatever else about you is being hidden in the music files.

iTunesIsEvil

Here's a sample output from AtomicParsley showing what's stored in the file:

C:\Users\gkaiser\Desktop\ap-win32>atomicparsley.exe "C:\Users\gkaiser\Music\iTunes\iTunes Music\Herbie Hancock\Maiden Voyage - Single\01 Maiden Voyage (Edited Version).m4a" --textdata
Atom "----" [tool] contains: 2
Atom "----" [iTunNORM] contains:  00000353 00000446 0000563F 000061F6 000000A2 000000A2 00006C23 000076E9 00000038 00000050
Atom "----" [iTunSMPB] contains:  00000000 00000840 000000D3 0000000000C30EED 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Atom "©nam" contains: Maiden Voyage (Edited Version)
Atom "©ART" contains: Herbie Hancock
Atom "aART" contains: Herbie Hancock
Atom "©alb" contains: Maiden Voyage - Single
Atom "gnre" contains: Jazz
Atom "trkn" contains: 1 of 1
Atom "disk" contains: 1 of 1
Atom "©day" contains: 2007-09-25T07:00:00Z
Atom "cpil" contains: false
Atom "pgap" contains: 0
Atom "apID" contains: <redacted>
Atom "cprt" contains: &#8471; 2007 Blue Note Records. All rights reserved. Unauthorized reproduction is a violation of applicable laws.
Atom "cnID" contains: 263377798
Atom "rtng" contains: Inoffensive
Atom "atID" contains: 51639
Atom "plID" contains: 263377795
Atom "geID" contains: 11
Atom "sfID" contains: United States (143441)
Atom "akID" contains: 0
Atom "stik" contains: Normal
Atom "purd" contains: 2007-10-15 21:20:29
Atom "covr" contains: 1 piece of artwork

As you can see, the Apple ID is in there, but that's about it.

xzzy

maximumzero wrote: »

It's been this way forever, ever since iTunes Plus existed.

Why are you acting like this is a new thing?

Because it made it as a slashdot story this morning. So now it's Big News(tm).

Mike Danger

Buttcleft wrote: »

Its okay until your MP3 player gets stolen and now whoever has it has your name and whatever else about you is being hidden in the music files.

IT Security says that it's just your name, your Apple user name, and your email address. Not exactly your credit card info and the addresses of your immediate family members.

ArcSyn

Mike Danger wrote: »

Buttcleft wrote: »

Its okay until your MP3 player gets stolen and now whoever has it has your name and whatever else about you is being hidden in the music files.

IT Security says that it's just your name, your Apple user name, and your email address. Not exactly your credit card info and the addresses of your immediate family members.

And fortunately it's my spam email account which has been sold to just about every company out there by now.. My next step in spam protection is to start blocking anything not in my contact list. I dunno what Yahoo uses as a spam filter, but it's terrible. I recommend 2 e-mail accounts to everyone I know. 1 for family members, and 1 to put on everything you are required to have one for.

TL DR

xzzy wrote: »

I say fair game. The argument against DRM has always been that you are tied to a specific vendor to be able to play your files. As soon as that vendor shuts down their service, say goodbye to everything you purchased.

I got no problems tagging files with purchaser information, because the only reason someone would object to this is if they intended to distribute the files.

I can see someone being pretty upset at receiving a C&D letter from Apple or losing an iTunes account or something because Geek Squad got greedy, or someone penetrated their network security.

PeregrineFalcon

Timothy Leary Come Check Out This Theory wrote: »

xzzy wrote: »

I say fair game. The argument against DRM has always been that you are tied to a specific vendor to be able to play your files. As soon as that vendor shuts down their service, say goodbye to everything you purchased.

I got no problems tagging files with purchaser information, because the only reason someone would object to this is if they intended to distribute the files.

I can see someone being pretty upset at receiving a C&D letter from Apple or losing an iTunes account or something because Geek Squad got greedy, or someone penetrated their network security.

Or being, you know, sued for $Texas by the RIAA for being one of those Evil Music Pirates. I mean, they're going after the uploaders, and since it was your name on the files, you're an Evil Uploader.

ZackSchilling

Timothy Leary Come Check Out This Theory wrote: »

xzzy wrote: »

I say fair game. The argument against DRM has always been that you are tied to a specific vendor to be able to play your files. As soon as that vendor shuts down their service, say goodbye to everything you purchased.

I got no problems tagging files with purchaser information, because the only reason someone would object to this is if they intended to distribute the files.

I can see someone being pretty upset at receiving a C&D letter from Apple or losing an iTunes account or something because Geek Squad got greedy, or someone penetrated their network security.

This is a non-issue. Here are two reasons:

If the music is from the iTMS, that means it is out and in all likelihood, widely available in higher quality. There's no reason for your version of the file to suddenly become widely distributed. It will probably see a very limited distribution.

There are no legal grounds by which anyone could sue you for the crime of an unknown third party. MP3 players are not guns. We do not have laws about keeping them secure and reporting them as stolen. If Apple were to shut down your iTunes account, you could sue them and win just by demonstrating that the distribution was entirely out of your control. No matter what the EULA says, there are certain consumer rights that cannot be taken away under any circumstances. If Apple has the slightest bit of sense, they won't even test the waters here.

ArcSyn

ZackSchilling wrote: »

Timothy Leary Come Check Out This Theory wrote: »

xzzy wrote: »

I say fair game. The argument against DRM has always been that you are tied to a specific vendor to be able to play your files. As soon as that vendor shuts down their service, say goodbye to everything you purchased.

I got no problems tagging files with purchaser information, because the only reason someone would object to this is if they intended to distribute the files.

I can see someone being pretty upset at receiving a C&D letter from Apple or losing an iTunes account or something because Geek Squad got greedy, or someone penetrated their network security.

This is a non-issue. Here are two reasons:

If the music is from the iTMS, that means it is out and in all likelihood, widely available in higher quality. There's no reason for your version of the file to suddenly become widely distributed. It will probably see a very limited distribution.

There are no legal grounds by which anyone could sue you for the crime of an unknown third party. MP3 players are not guns. We do not have laws about keeping them secure and reporting them as stolen. If Apple were to shut down your iTunes account, you could sue them and win just by demonstrating that the distribution was entirely out of your control. No matter what the EULA says, there are certain consumer rights that cannot be taken away under any circumstances. If Apple has the slightest bit of sense, they won't even test the waters here.

But will the RIAA? They depend on people who decide to settle out of court. I could see many lawsuits being filed for individuals who have no idea why they are being sued, but cannot pay the attorney fees to adequately defend themselves.

I still don't care that it's there, but just thinking out loud about the worst case scenarios.

ZackSchilling

ArcSyn wrote: »

ZackSchilling wrote: »

Timothy Leary Come Check Out This Theory wrote: »

xzzy wrote: »

I say fair game. The argument against DRM has always been that you are tied to a specific vendor to be able to play your files. As soon as that vendor shuts down their service, say goodbye to everything you purchased.

I got no problems tagging files with purchaser information, because the only reason someone would object to this is if they intended to distribute the files.

I can see someone being pretty upset at receiving a C&D letter from Apple or losing an iTunes account or something because Geek Squad got greedy, or someone penetrated their network security.

This is a non-issue. Here are two reasons:

If the music is from the iTMS, that means it is out and in all likelihood, widely available in higher quality. There's no reason for your version of the file to suddenly become widely distributed. It will probably see a very limited distribution.

There are no legal grounds by which anyone could sue you for the crime of an unknown third party. MP3 players are not guns. We do not have laws about keeping them secure and reporting them as stolen. If Apple were to shut down your iTunes account, you could sue them and win just by demonstrating that the distribution was entirely out of your control. No matter what the EULA says, there are certain consumer rights that cannot be taken away under any circumstances. If Apple has the slightest bit of sense, they won't even test the waters here.

But will the RIAA? They depend on people who decide to settle out of court. I could see many lawsuits being filed for individuals who have no idea why they are being sued, but cannot pay the attorney fees to adequately defend themselves.

I still don't care that it's there, but just thinking out loud about the worst case scenarios.

The RIAA has thus far been pretty good about dropping suits with zero merit. Grandmas, people with no computers, etc. Their strategy lives and dies on the fact that they catch people red handed. This isn't the smoking gun they normally go for.

That isn't to say that they won't do it though. They are crazy.

Ego

I thought the RIAA had altogether given up on small suits against individuals, pledging to just go after distributors / ask ISPs to shut off IP addresses of continual 'offenders'.

wunderbar

Ego wrote: »

I thought the RIAA had altogether given up on small suits against individuals, pledging to just go after distributors / ask ISPs to shut off IP addresses of continual 'offenders'.

Yes, this is the case.

TL DR

ZackSchilling wrote: »

ArcSyn wrote: »

ZackSchilling wrote: »

Timothy Leary Come Check Out This Theory wrote: »

xzzy wrote: »

I say fair game. The argument against DRM has always been that you are tied to a specific vendor to be able to play your files. As soon as that vendor shuts down their service, say goodbye to everything you purchased.

I got no problems tagging files with purchaser information, because the only reason someone would object to this is if they intended to distribute the files.

I can see someone being pretty upset at receiving a C&D letter from Apple or losing an iTunes account or something because Geek Squad got greedy, or someone penetrated their network security.

This is a non-issue. Here are two reasons:

If the music is from the iTMS, that means it is out and in all likelihood, widely available in higher quality. There's no reason for your version of the file to suddenly become widely distributed. It will probably see a very limited distribution.

There are no legal grounds by which anyone could sue you for the crime of an unknown third party. MP3 players are not guns. We do not have laws about keeping them secure and reporting them as stolen. If Apple were to shut down your iTunes account, you could sue them and win just by demonstrating that the distribution was entirely out of your control. No matter what the EULA says, there are certain consumer rights that cannot be taken away under any circumstances. If Apple has the slightest bit of sense, they won't even test the waters here.

But will the RIAA? They depend on people who decide to settle out of court. I could see many lawsuits being filed for individuals who have no idea why they are being sued, but cannot pay the attorney fees to adequately defend themselves.

I still don't care that it's there, but just thinking out loud about the worst case scenarios.

The RIAA has thus far been pretty good about dropping suits with zero merit. Grandmas, people with no computers, etc. Their strategy lives and dies on the fact that they catch people red handed. This isn't the smoking gun they normally go for.

That isn't to say that they won't do it though. They are crazy.

BAHAHAHAHAHAHAHAHA*gasp*AHAHAHAHA

lilB

What I'm wondering though is if there are other ways to mark files. Something like a watermark or something that could be detectable just by listening to the file, so if for example you play your MP3 in public they could bust you.

It's really not that unbelievable when they have been suing businesses for playing the radio and other crazy stuff like that. Not saying iTunes is doing this but it could happen.

Also, another thing... Don't p2p applications automatically search your PC for music when they install? I can see a lot of people sharing iTunes downloads unintentionally.

Akilae729

[rant]

One of the things that always bothers me in discussions about DRM and music piracy is that people get up in arms about horrible music license laws like they are somehow entitled to recorded music.

[/rant]

If you are using your purchased tracks in accordance with the license agreement that you agreed to upon purchase, then there really isn't anything to worry about. Besides paranoia about your stolen iPod tracks becoming the number one downloaded tracks on limewire of course

bash

lilB wrote: »

What I'm wondering though is if there are other ways to mark files. Something like a watermark or something that could be detectable just by listening to the file, so if for example you play your MP3 in public they could bust you.

It's really not that unbelievable when they have been suing businesses for playing the radio and other crazy stuff like that. Not saying iTunes is doing this but it could happen.

Also, another thing... Don't p2p applications automatically search your PC for music when they install? I can see a lot of people sharing iTunes downloads unintentionally.

If your sharing client is automatically searching your drives for music you're dicked anyhow. Really these apps should only be sharing things you specifically told them to share. Since not all P2P is about breaking copyrights you might want to share perfectly legit things without participating in copyright infringement at the same time. If you're sharing your own content or Free content there's no reason for eMule or LimeWire to automatically share your iTunes library.

JohnDoe

I don't like DRM.

I don't have a problem with this.

FyreWulff

It's that time of year again?

We're also due for the "people find out remnants of their files can exist in non-zero'd out large blob files" like the last time that came to light with Steam. And people thought Valve really wanted their Pikmin fanfics.